source: system/generators/traffic_shaping.php@ 37

Last change on this file since 37 was 37, checked in by george, 17 years ago

Upraveno: Přepsán přístup k databázi přes třídu mysqli v systémové složce.
Odstraněno: Staré verze souborů a staré nepoužité soubory.
  • Property svn:executable set to *
File size: 16.0 KB
Line 
1<?php
2
3$Enabled = 1;
4$ClassesEnabled = 1;
5include_once('../../html/global.php');
6include_once('../../html/finance/include.php');
7NactiMesicniParametry(0);
8
9// Generate traffic shaping rules
10//$TotalMaxSpeedIn = 4048; //$RealMaxSpeed; //1536;
11//TotalMaxSpeedOut = 3048; //$RealMaxSpeed; //1536;
12//$UsersMaxSpeedIn = 1900; //$MaxSpeed;
13//$UsersMaxSpeedOut = 1900; //$MaxSpeed;
14
15$InDivider = 1;
16$OutDivider = 1;
17$TotalMaxSpeedIn = round($RealMaxSpeed / $InDivider);
18$TotalMaxSpeedOut = round($RealMaxSpeed / $OutDivider);
19$UsersMaxSpeedIn = round($MaxSpeed / $InDivider);
20$UsersMaxSpeedOut = round($MaxSpeed / $OutDivider);
21$VoipMaxSpeedIn = $TotalMaxSpeedIn - 136;
22$VoipMaxSpeedOut = $TotalMaxSpeedOut - 136;
23$VoipSpeedIn = 100; //$SpeedReserve;
24$VoipSpeedOut = 100; //$SpeedReserve;
25
26
27 $FileClassInfo = fopen('/tmp/ClassInfo.txt', 'w+');
28 $File = fopen('/a/bin/htb.sh', 'w+');
29 fputs($File, "#!/bin/sh\n");
30 exec('iptables -t mangle -F FORWARD');
31 exec('iptables -t mangle -F INPUT');
32 exec('iptables -t mangle -F OUTPUT');
33 exec('iptables -t mangle -F PREROUTING');
34 exec('iptables -t mangle -F POSTROUTING');
35 if($Enabled)
36 {
37 exec('iptables -t mangle -A FORWARD -j MARK --set-mark 0');
38 exec('iptables -t mangle -i eth1 -A FORWARD -j MARK --set-mark 1');
39 exec('iptables -t mangle -o eth1 -A FORWARD -j MARK --set-mark 1');
40 }
41
42 $FreeInetClass = 2;
43
44 // In going traffic
45 fputs($File, "tc qdisc del dev imq0 root\n");
46 if($Enabled)
47 {
48 fputs($File, "tc qdisc add dev imq0 root handle 1:0 htb default 2\n");
49 fputs($FileClassInfo, "1:1 Z�ladn�t�a\n");
50 fputs($File, "tc class add dev imq0 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedIn."kbit quantum 1500\n");
51 fputs($FileClassInfo, "1:2 Internet zdarma\n");
52 fputs($File, "tc class add dev imq0 parent 1:1 classid 1:".$FreeInetClass." htb rate 32kbit prio 3 quantum 1500\n");
53 fputs($File, "tc qdisc add dev imq0 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
54 }
55 // Out going traffic
56 fputs($File, "tc qdisc del dev imq1 root\n");
57 if($Enabled)
58 {
59 fputs($File, "tc qdisc add dev imq1 root handle 1:0 htb default 2\n");
60 fputs($File, "tc class add dev imq1 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedOut."kbit quantum 1500\n");
61 fputs($File, "tc class add dev imq1 parent 1:1 classid 1:".$FreeInetClass." htb rate 32kbit prio 3 quantum 1500\n");
62 fputs($File, "tc qdisc add dev imq1 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
63 }
64
65 if(!$Enabled) die("Traffic shaping disabled\n");
66
67 if($ClassesEnabled)
68 {
69 $ClassId = 3;
70
71 // VoIP
72 $VoipClassId = $ClassId;
73 $ClassId = $ClassId + 1;
74 $Prio = 0; // Highest
75
76 // VoIP in going traffic
77 fputs($File, "tc class add dev imq0 parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedIn."kbit ceil ".$VoipMaxSpeedIn."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");
78 fputs($File, "tc qdisc add dev imq0 parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");
79 fputs($File, "tc filter add dev imq0 parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");
80 // VoIP out going traffic
81 fputs($File, "tc class add dev imq1 parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedOut."kbit ceil ".$VoipMaxSpeedOut."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");
82 fputs($File, "tc qdisc add dev imq1 parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");
83 fputs($File, "tc filter add dev imq1 parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");
84 fputs($FileClassInfo, '1:'.$VoipClassId." VoIP\n");
85
86
87 // Users hosts
88 //DB_Select('users', 'COUNT(*)', 'inet=1');
89 //$Row = DB_Row();
90 //$InetUserCount = $Row[0];
91 //$SpeedIn = round($UsersMaxSpeedIn / $InetUserCount);
92 //$SpeedOut = round($UsersMaxSpeedOut / $InetUserCount);
93 $Prio = 1;
94
95
96 $AllUsersClassId = $ClassId;
97 $ClassId = $ClassId + 1;
98 fputs($File, "tc class add dev imq0 parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedIn."kbit prio 1 quantum 1500\n");
99 fputs($File, "tc class add dev imq1 parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedOut."kbit prio 1 quantum 1500\n");
100 fputs($FileClassInfo, '1:'.$AllUsersClassId." Vichni uivatel�n");
101
102 // Torrent sharing
103 $TorrentClassId = $ClassId;
104 $ClassId = $ClassId + 1;
105 $Prio = 2; // Lowest
106 $TorrentSpeedOut = 4;
107
108 // Torrent out going traffic
109 fputs($File, "tc class add dev imq1 parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");
110 fputs($File, "tc qdisc add dev imq1 parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");
111 fputs($File, "tc filter add dev imq1 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
112 fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");
113 // Torrent in going traffic
114 fputs($File, "tc class add dev imq0 parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");
115 fputs($File, "tc qdisc add dev imq0 parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");
116 fputs($File, "tc filter add dev imq0 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
117 fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");
118
119 $DbResult = $Database->select('users', '*, CONCAT(second_name, " ", first_name) as fullname', '(inet=1)');
120 while($User = $DbResult->fetch_array())
121 {
122 $UserClassId = $ClassId;
123 $ClassId = $ClassId + 1;
124 $SpeedIn = round($Tarify[$User['inet_tarif_now']]['min_speed'] / $InDivider);
125 $SpeedOut = round($Tarify[$User['inet_tarif_now']]['min_speed'] / $OutDivider);
126 $UserMaxSpeedIn = round($Tarify[$User['inet_tarif_now']]['max_speed'] / $InDivider);
127 $UserMaxSpeedOut = round($Tarify[$User['inet_tarif_now']]['max_speed'] / $OutDivider);
128 $Quantum = $Tarify[$User['inet_tarif_now']]['speed_factor'] * 1500;
129
130 fputs($File, "# === ".$User['fullname']." ===\n");
131 fputs($File, "tc class add dev imq0 parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio 1 quantum ".$Quantum."\n");
132 //fputs($File, "tc qdisc add dev imq0 parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");
133 //fputs($File, "tc class add dev imq0 parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedIn."bit prio 1\n");
134 fputs($File, "tc class add dev imq1 parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio 1 quantum ".$Quantum."\n");
135 //fputs($File, "tc qdisc add dev imq1 parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");
136 //fputs($File, "tc class add dev imq1 parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedOut."bit prio 1\n");
137 fputs($FileClassInfo, '1:'.$UserClassId.' '.$User['fullname']."\n");
138
139 //echo('User class id: '.$UserClassId."\n");
140
141 $DbResult2 = $Database->select('hosts', 'COUNT(*)', "block=0 AND MAC!='' AND user=".$User['id']);
142 $Row = $DbResult2->fetch_array();
143 $HostCount = $Row[0];
144 $HostSpeedIn = round($SpeedIn / $HostCount);
145 $HostSpeedOut = round($SpeedOut / $HostCount);
146
147 $DbResult2 = $Database->select('hosts','*',"block=0 AND MAC!='' AND user=".$User['id']);
148 while($Host = $DbResult2->fetch_array())
149 //if($Row['name'] != 'WOW')
150 {
151 $HostClassId = $ClassId;
152 $ClassId = $ClassId + 1;
153 fputs($File, "# ".$Host['name']."\n");
154 fputs($FileClassInfo, '1:'.$HostClassId.' '.$Host['name']."\n");
155 //echo(' Host class id: '.$HostClassId."\n");
156 //if($User['inet'] == 1)
157 {
158 $Prio = 1;
159 if($Host['vpn'] == 1)
160 {
161 if($Host['external_ip'] != '') $Host['IP'] = $Host['external_ip'];
162 else $Host['IP'] = ToVpnIp($Host);
163 }
164
165 //if($Host['name'] == 'TERMINAL') $SpeedDivider = 0.5;
166 //else
167 $SpeedDivider = 1;
168
169 if($Host['name'] == 'CENTRALA')
170 {
171 $Host['IP'] = $Host['external_ip'];
172 $TableOut = 'OUTPUT';
173 $TableIn = 'INPUT';
174 } else
175 {
176 $TableOut = 'FORWARD';
177 $TableIn = 'FORWARD';
178 }
179 //if($Row['name'] == 'TERMINAL2') $Prio = 0;
180 // if($Row['name'] = 'TERMINAL2') $Prio = 0;
181 if($Host['name'] == 'VOIP-HAJDA') $Protocol = ' -p tcp';
182 else $Protocol = '';
183 // if($Host['name'] == 'KARLOS') $UserMaxSpeedIn = 128000;
184 if($Host['name'] == 'GAME')
185 {
186 exec('iptables -t mangle -F game-server');
187 $TableOut = 'game-server';
188 $TableIn = 'game-server';
189 }
190 if($Host['name'] == 'TBC') continue;
191
192 // In going traffic
193 exec('iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
194 fputs($File, "tc class add dev imq0 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio ".$Prio." quantum ".$Quantum."\n");
195 fputs($File, "tc qdisc add dev imq0 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
196 //fputs($File, "tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
197 fputs($File, "tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$HostClassId."\n");
198
199 // Out going traffic
200 exec('iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
201 fputs($File, "tc class add dev imq1 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio ".$Prio." quantum ".$Quantum."\n");
202 fputs($File, "tc qdisc add dev imq1 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
203 //fputs($File, "tc filter add dev imq1 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
204 fputs($File, "tc filter add dev imq1 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$HostClassId."\n");
205 //echo($Row['id'].',');
206 }
207 // Free inet
208 if($Tarify[$User['inet_tarif_now']]['group_id'] == 3)
209 {
210 //exec('iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
211 //exec('iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
212 }
213 // VoIP devices
214 if(($Host['name'] == 'HAJDA-VOIP') || ($Host['name'] == 'NAVRATIL-VOIP'))
215 {
216 exec('iptables -t mangle -A '.$TableIn." -i eth1 -d ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);
217 exec('iptables -t mangle -A '.$TableOut." -o eth1 -s ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);
218 } else
219 if($Host['name'] == 'GAME')
220 {
221 exec('iptables -t mangle -A FORWARD -o eth1 -s '.$Host['IP']." -j game-server");
222 exec('iptables -t mangle -A FORWARD -i eth1 -d '.$Host['IP']." -j game-server");
223
224 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
225 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
226 //exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 10886 -j MARK --set-mark ".$TorrentClassId);
227 // default torrents
228 //exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 10886 -j MARK --set-mark ".$TorrentClassId);
229
230 // Local services
231 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId); // ICMP
232 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId);
233 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 6969 -j MARK --set-mark ".$HostClassId); // web torrent
234 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 6969 -j MARK --set-mark ".$HostClassId);
235 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId); // web
236 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId);
237 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 21 -j MARK --set-mark ".$HostClassId); // FTP
238 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 21 -j MARK --set-mark ".$HostClassId);
239 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8085 -j MARK --set-mark ".$HostClassId); // wow game server
240 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 8085 -j MARK --set-mark ".$HostClassId);
241 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3724 -j MARK --set-mark ".$HostClassId); // wow login server
242 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3724 -j MARK --set-mark ".$HostClassId);
243 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 22 -j MARK --set-mark ".$HostClassId); // wow game server
244 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 22 -j MARK --set-mark ".$HostClassId);
245 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId); // https
246 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId);
247 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 27015 -j MARK --set-mark ".$HostClassId); // Counter Strike
248 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 27015 -j MARK --set-mark ".$HostClassId);
249 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5905 -j MARK --set-mark ".$HostClassId); // VNC
250 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5905 -j MARK --set-mark ".$HostClassId);
251 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5906 -j MARK --set-mark ".$HostClassId); // VNC
252 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5906 -j MARK --set-mark ".$HostClassId);
253
254 // Remote services
255 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId); // https
256 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId);
257 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId); // http
258 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId);
259
260 }
261
262
263 }
264 }
265 //echo($Row['id'].',');
266
267 }
268
269 // In going traffic
270 // exec('iptables -t mangle -A FORWARD -m mark --mark 1 -j LOG --log-prefix "TRAFFIC " --log-level info');
271 exec('iptables -t mangle -A FORWARD -i eth1 -j IMQ --todev 0');
272 exec('iptables -t mangle -A INPUT -i eth1 -j IMQ --todev 0');
273 // Out going traffic
274 exec('iptables -t mangle -A FORWARD -o eth1 -j IMQ --todev 1');
275 exec('iptables -t mangle -A OUTPUT -o eth1 -j IMQ --todev 1');
276 exec('/sbin/iptables-save >/etc/sysconfig/iptables');
277 fclose($File);
278 fclose($FileClassInfo);
279
280?>
Note: See TracBrowser for help on using the repository browser.