source: system/generators/traffic_shaping.php@ 111

Last change on this file since 111 was 111, checked in by george, 17 years ago
  • Upraveno: Generovací skripty.
  • Property svn:executable set to *
File size: 16.6 KB
Line 
1<?php
2
3$Enabled = 1;
4$ClassesEnabled = 1;
5include_once('/a/www/centrala/global.php');
6include_once('/a/www/centrala/finance/include.php');
7NactiMesicniParametry(0);
8
9// Generate traffic shaping rules
10//$TotalMaxSpeedIn = 4048; //$RealMaxSpeed; //1536;
11//TotalMaxSpeedOut = 3048; //$RealMaxSpeed; //1536;
12//$UsersMaxSpeedIn = 1900; //$MaxSpeed;
13//$UsersMaxSpeedOut = 1900; //$MaxSpeed;
14
15$InDivider = 1;
16$OutDivider = 1;
17$TotalMaxSpeedIn = round($RealMaxSpeed / $InDivider);
18$TotalMaxSpeedOut = round($RealMaxSpeed / $OutDivider);
19$UsersMaxSpeedIn = round($MaxSpeed / $InDivider);
20$UsersMaxSpeedOut = round($MaxSpeed / $OutDivider);
21$VoipMaxSpeedIn = $TotalMaxSpeedIn - 136;
22$VoipMaxSpeedOut = $TotalMaxSpeedOut - 136;
23$VoipSpeedIn = 100; //$SpeedReserve;
24$VoipSpeedOut = 100; //$SpeedReserve;
25$FreeInetSpeed = 64;
26
27
28 $FileClassInfo = fopen('/tmp/ClassInfo.txt', 'w+');
29 $File = fopen('/a/bin/htb.sh', 'w+');
30 fputs($File, "#!/bin/sh\n");
31 exec('/sbin/iptables -t mangle -F FORWARD');
32 exec('/sbin/iptables -t mangle -F INPUT');
33 exec('/sbin/iptables -t mangle -F OUTPUT');
34 exec('/sbin/iptables -t mangle -F PREROUTING');
35 exec('/sbin/iptables -t mangle -F POSTROUTING');
36 if($Enabled)
37 {
38 exec('/sbin/iptables -t mangle -A FORWARD -j MARK --set-mark 0');
39 exec('/sbin/iptables -t mangle -i eth1 -A FORWARD -j MARK --set-mark 1');
40 exec('/sbin/iptables -t mangle -o eth1 -A FORWARD -j MARK --set-mark 1');
41 }
42
43 $FreeInetClass = 2;
44
45 // In going traffic
46 fputs($File, "/sbin/tc qdisc del dev imq0 root\n");
47 if($Enabled)
48 {
49 fputs($File, "/sbin/tc qdisc add dev imq0 root handle 1:0 htb default 2\n");
50 fputs($FileClassInfo, "1:1 Základní\n");
51 fputs($File, "/sbin/tc class add dev imq0 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedIn."kbit quantum 1500\n");
52 fputs($FileClassInfo, "1:2 Internet zdarma\n");
53 fputs($File, "/sbin/tc class add dev imq0 parent 1:1 classid 1:".$FreeInetClass." htb rate ".$FreeInetSpeed."kbit prio 3 quantum 1500\n");
54 fputs($File, "/sbin/tc qdisc add dev imq0 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
55 }
56 // Out going traffic
57 fputs($File, "/sbin/tc qdisc del dev imq1 root\n");
58 if($Enabled)
59 {
60 fputs($File, "/sbin/tc qdisc add dev imq1 root handle 1:0 htb default 2\n");
61 fputs($File, "/sbin/tc class add dev imq1 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedOut."kbit quantum 1500\n");
62 fputs($File, "/sbin/tc class add dev imq1 parent 1:1 classid 1:".$FreeInetClass." htb rate ".$FreeInetSpeed."kbit prio 3 quantum 1500\n");
63 fputs($File, "/sbin/tc qdisc add dev imq1 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
64 }
65
66 if(!$Enabled) die("Traffic shaping disabled\n");
67
68 if($ClassesEnabled)
69 {
70 $ClassId = 3;
71
72 // VoIP
73 $VoipClassId = $ClassId;
74 $ClassId = $ClassId + 1;
75 $Prio = 0; // Highest
76
77 // VoIP in going traffic
78 fputs($File, "/sbin/tc class add dev imq0 parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedIn."kbit ceil ".$VoipMaxSpeedIn."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");
79 fputs($File, "/sbin/tc qdisc add dev imq0 parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");
80 fputs($File, "/sbin/tc filter add dev imq0 parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");
81 // VoIP out going traffic
82 fputs($File, "/sbin/tc class add dev imq1 parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedOut."kbit ceil ".$VoipMaxSpeedOut."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");
83 fputs($File, "/sbin/tc qdisc add dev imq1 parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");
84 fputs($File, "/sbin/tc filter add dev imq1 parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");
85 fputs($FileClassInfo, '1:'.$VoipClassId." VoIP\n");
86
87
88 // Users hosts
89 //DB_Select('users', 'COUNT(*)', 'inet=1');
90 //$Row = DB_Row();
91 //$InetUserCount = $Row[0];
92 //$SpeedIn = round($UsersMaxSpeedIn / $InetUserCount);
93 //$SpeedOut = round($UsersMaxSpeedOut / $InetUserCount);
94 $Prio = 1;
95
96
97 $AllUsersClassId = $ClassId;
98 $ClassId = $ClassId + 1;
99 fputs($File, "/sbin/tc class add dev imq0 parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedIn."kbit prio 1 quantum 1500\n");
100 fputs($File, "/sbin/tc class add dev imq1 parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedOut."kbit prio 1 quantum 1500\n");
101 fputs($FileClassInfo, '1:'.$AllUsersClassId." Všichni uživatelé\n");
102
103 // Torrent sharing
104 $TorrentClassId = $ClassId;
105 $ClassId = $ClassId + 1;
106 $Prio = 2; // Lowest
107 $TorrentSpeedOut = 4;
108
109 // Torrent out going traffic
110 fputs($File, "/sbin/tc class add dev imq1 parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");
111 fputs($File, "/sbin/tc qdisc add dev imq1 parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");
112 fputs($File, "/sbin/tc filter add dev imq1 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
113 fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");
114 // Torrent in going traffic
115 fputs($File, "/sbin/tc class add dev imq0 parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");
116 fputs($File, "/sbin/tc qdisc add dev imq0 parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");
117 fputs($File, "/sbin/tc filter add dev imq0 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
118 fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");
119
120 $DbResult = $Database->select('users', '*, CONCAT(second_name, " ", first_name) as fullname', '(inet=1)');
121 while($User = $DbResult->fetch_array())
122 {
123 $UserClassId = $ClassId;
124 $ClassId = $ClassId + 1;
125 $SpeedIn = round($Tarify[$User['inet_tarif_now']]['min_speed'] / $InDivider);
126 $SpeedOut = round($Tarify[$User['inet_tarif_now']]['min_speed'] / $OutDivider);
127 $UserMaxSpeedIn = round($Tarify[$User['inet_tarif_now']]['max_speed'] / $InDivider);
128 $UserMaxSpeedOut = round($Tarify[$User['inet_tarif_now']]['max_speed'] / $OutDivider);
129 $Quantum = $Tarify[$User['inet_tarif_now']]['speed_factor'] * 1500;
130
131 fputs($File, "# === ".$User['fullname']." ===\n");
132 fputs($File, "/sbin/tc class add dev imq0 parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio 1 quantum ".$Quantum."\n");
133 //fputs($File, "/sbin/tc qdisc add dev imq0 parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");
134 //fputs($File, "/sbin/tc class add dev imq0 parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedIn."bit prio 1\n");
135 fputs($File, "/sbin/tc class add dev imq1 parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio 1 quantum ".$Quantum."\n");
136 //fputs($File, "/sbin/tc qdisc add dev imq1 parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");
137 //fputs($File, "/sbin/tc class add dev imq1 parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedOut."bit prio 1\n");
138 fputs($FileClassInfo, '1:'.$UserClassId.' '.$User['fullname']."\n");
139
140 //echo('User class id: '.$UserClassId."\n");
141
142 $DbResult2 = $Database->select('hosts', 'COUNT(*)', "block=0 AND MAC!='' AND user=".$User['id']);
143 $Row = $DbResult2->fetch_array();
144 $HostCount = $Row[0];
145 $HostSpeedIn = round($SpeedIn / $HostCount);
146 $HostSpeedOut = round($SpeedOut / $HostCount);
147
148 $DbResult2 = $Database->select('hosts','*',"block=0 AND MAC!='' AND user=".$User['id']);
149 while($Host = $DbResult2->fetch_array())
150 //if($Row['name'] != 'WOW')
151 {
152 $HostClassId = $ClassId;
153 $ClassId = $ClassId + 1;
154 fputs($File, "# ".$Host['name']."\n");
155 fputs($FileClassInfo, '1:'.$HostClassId.' '.$Host['name']."\n");
156 //echo(' Host class id: '.$HostClassId."\n");
157 //if($User['inet'] == 1)
158 {
159 $Prio = 1;
160 if($Host['vpn'] == 1)
161 {
162 if($Host['external_ip'] != '') $Host['IP'] = $Host['external_ip'];
163 else $Host['IP'] = ToVpnIp($Host);
164 }
165
166 //if($Host['name'] == 'TERMINAL') $SpeedDivider = 0.5;
167 //else
168 $SpeedDivider = 1;
169
170 if($Host['name'] == 'CENTRALA')
171 {
172 $Host['IP'] = $Host['external_ip'];
173 $TableOut = 'OUTPUT';
174 $TableIn = 'INPUT';
175 } else
176 {
177 $TableOut = 'FORWARD';
178 $TableIn = 'FORWARD';
179 }
180 //if($Row['name'] == 'TERMINAL2') $Prio = 0;
181 // if($Row['name'] = 'TERMINAL2') $Prio = 0;
182 if($Host['name'] == 'VOIP-HAJDA') $Protocol = ' -p tcp';
183 else $Protocol = '';
184 // if($Host['name'] == 'KARLOS') $UserMaxSpeedIn = 128000;
185 if($Host['name'] == 'GAME')
186 {
187 exec('/sbin/iptables -t mangle -F game-server');
188 $TableOut = 'game-server';
189 $TableIn = 'game-server';
190 }
191 if($Host['name'] == 'TBC') continue;
192
193 // In going traffic
194 exec('/sbin/iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
195 fputs($File, "/sbin/tc class add dev imq0 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio ".$Prio." quantum ".$Quantum."\n");
196 fputs($File, "/sbin/tc qdisc add dev imq0 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
197 //fputs($File, "/sbin/tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
198 fputs($File, "/sbin/tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$HostClassId."\n");
199
200 // Out going traffic
201 exec('/sbin/iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
202 fputs($File, "/sbin/tc class add dev imq1 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio ".$Prio." quantum ".$Quantum."\n");
203 fputs($File, "/sbin/tc qdisc add dev imq1 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
204 //fputs($File, "/sbin/tc filter add dev imq1 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
205 fputs($File, "/sbin/tc filter add dev imq1 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$HostClassId."\n");
206 //echo($Row['id'].',');
207 }
208 // Free inet
209 if($Tarify[$User['inet_tarif_now']]['group_id'] == 3)
210 {
211 //exec('/sbin/iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
212 //exec('/sbin/iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
213 }
214 // VoIP devices
215 if(($Host['name'] == 'HAJDA-VOIP') || ($Host['name'] == 'NAVRATIL-VOIP'))
216 {
217 exec('/sbin/iptables -t mangle -A '.$TableIn." -i eth1 -d ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);
218 exec('/sbin/iptables -t mangle -A '.$TableOut." -o eth1 -s ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);
219 } else
220 if($Host['name'] == 'GAME')
221 {
222 exec('/sbin/iptables -t mangle -A FORWARD -o eth1 -s '.$Host['IP']." -j game-server");
223 exec('/sbin/iptables -t mangle -A FORWARD -i eth1 -d '.$Host['IP']." -j game-server");
224
225 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
226 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
227 //exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 10886 -j MARK --set-mark ".$TorrentClassId);
228 // default torrents
229 //exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 10886 -j MARK --set-mark ".$TorrentClassId);
230
231 // Local services
232 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId); // ICMP
233 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId);
234 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 6969 -j MARK --set-mark ".$HostClassId); // web torrent
235 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 6969 -j MARK --set-mark ".$HostClassId);
236 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId); // web
237 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId);
238 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 21 -j MARK --set-mark ".$HostClassId); // FTP
239 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 21 -j MARK --set-mark ".$HostClassId);
240 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8085 -j MARK --set-mark ".$HostClassId); // wow game server
241 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 8085 -j MARK --set-mark ".$HostClassId);
242 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3724 -j MARK --set-mark ".$HostClassId); // wow login server
243 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3724 -j MARK --set-mark ".$HostClassId);
244 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 22 -j MARK --set-mark ".$HostClassId); // wow game server
245 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 22 -j MARK --set-mark ".$HostClassId);
246 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId); // https
247 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId);
248 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 27015 -j MARK --set-mark ".$HostClassId); // Counter Strike
249 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 27015 -j MARK --set-mark ".$HostClassId);
250 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5905 -j MARK --set-mark ".$HostClassId); // VNC
251 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5905 -j MARK --set-mark ".$HostClassId);
252 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5906 -j MARK --set-mark ".$HostClassId); // VNC
253 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5906 -j MARK --set-mark ".$HostClassId);
254
255 // Remote services
256 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId); // https
257 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId);
258 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId); // http
259 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId);
260
261 }
262
263
264 }
265 }
266 //echo($Row['id'].',');
267
268 }
269
270 // In going traffic
271 // exec('/sbin/iptables -t mangle -A FORWARD -m mark --mark 1 -j LOG --log-prefix "TRAFFIC " --log-level info');
272 exec('/sbin/iptables -t mangle -A FORWARD -i eth1 -j IMQ --todev 0');
273 exec('/sbin/iptables -t mangle -A INPUT -i eth1 -j IMQ --todev 0');
274 // Out going traffic
275 exec('/sbin/iptables -t mangle -A FORWARD -o eth1 -j IMQ --todev 1');
276 exec('/sbin/iptables -t mangle -A OUTPUT -o eth1 -j IMQ --todev 1');
277 exec('/sbin/iptables-save >/etc/sysconfig/iptables');
278 fclose($File);
279 fclose($FileClassInfo);
280
281?>
Note: See TracBrowser for help on using the repository browser.