Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

TrafficShaping.php

Last change on this file was 873, checked in by chronos, 5 years ago
Modified: Improved code format.
File size: 17.7 KB

Line
1	<?php
2
3	if (isset($_SERVER['REMOTE_ADDR'])) die();
4
5	$Enabled = 1;
6	$ClassesEnabled = 1;
7	include_once('../../../Common/Global.php');
8	NactiMesicniParametry(0);
9
10	// Generate traffic shaping rules
11	//$TotalMaxSpeedIn = 4048; //$RealMaxSpeed; //1536;
12	//TotalMaxSpeedOut = 3048; //$RealMaxSpeed; //1536;
13	//$UsersMaxSpeedIn = 1900; //$MaxSpeed;
14	//$UsersMaxSpeedOut = 1900; //$MaxSpeed;
15
16	$InDivider = 1;
17	$OutDivider = 1;
18	$TotalMaxSpeedIn = round($RealMaxSpeed / $InDivider);
19	$TotalMaxSpeedOut = round($RealMaxSpeed / $OutDivider);
20	$UsersMaxSpeedIn = round($MaxSpeed / $InDivider);
21	$UsersMaxSpeedOut = round($MaxSpeed / $OutDivider);
22	$VoipMaxSpeedIn = $TotalMaxSpeedIn - 136;
23	$VoipMaxSpeedOut = $TotalMaxSpeedOut - 136;
24	$VoipSpeedIn = 100; //$SpeedReserve;
25	$VoipSpeedOut = 100; //$SpeedReserve;
26	$OutInterface = $InetInterface;
27	$InInterface = 'ifb0';
28	$FreeInetSpeed = 64;
29
30
31	$FileClassInfo = fopen('/tmp/ClassInfo.txt', 'w+');
32	$File = fopen('/a/bin/htb.sh', 'w+');
33	fputs($File, "#!/bin/sh\n");
34	exec('/sbin/iptables -t mangle -F FORWARD');
35	exec('/sbin/iptables -t mangle -F INPUT');
36	exec('/sbin/iptables -t mangle -F OUTPUT');
37	exec('/sbin/iptables -t mangle -F PREROUTING');
38	exec('/sbin/iptables -t mangle -F POSTROUTING');
39	if ($Enabled)
40	{
41	//exec('/sbin/iptables -t mangle -A FORWARD -j MARK --set-mark 0');
42	//exec('/sbin/iptables -t mangle -i eth1 -A FORWARD -j MARK --set-mark 1');
43	//exec('/sbin/iptables -t mangle -o eth1 -A FORWARD -j MARK --set-mark 1');
44	}
45
46	$FreeInetClass = 2;
47
48	// In going traffic
49	fputs($File, "/sbin/tc qdisc del dev ".$InInterface." root\n");
50	if ($Enabled)
51	{
52	fputs($File, "/sbin/tc qdisc add dev ".$InInterface." root handle 1:0 htb default 2\n");
53	fputs($FileClassInfo, "1:1 Základní\n");
54	fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedIn."kbit quantum 1500\n");
55	fputs($FileClassInfo, "1:2 Internet zdarma\n");
56	fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:1 classid 1:".$FreeInetClass." htb rate ".$FreeInetSpeed."kbit prio 3 quantum 1500\n");
57	fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
58	}
59	// Out going traffic
60	fputs($File, "/sbin/tc qdisc del dev ".$OutInterface." root\n");
61	if ($Enabled)
62	{
63	fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." root handle 1:0 htb default 2\n");
64	fputs($FileClassInfo, "1:1 Základní\n");
65	fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedOut."kbit quantum 1500\n");
66	fputs($FileClassInfo, "1:2 Internet zdarma\n");
67	fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:1 classid 1:".$FreeInetClass." htb rate ".$FreeInetSpeed."kbit prio 3 quantum 1500\n");
68	fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
69	}
70
71	if (!$Enabled) die("Traffic shaping disabled\n");
72
73	if ($ClassesEnabled)
74	{
75	$ClassId = 3;
76
77	// VoIP
78	$VoipClassId = $ClassId;
79	$ClassId = $ClassId + 1;
80	$Prio = 0; // Highest
81
82	// VoIP in going traffic
83	fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedIn."kbit ceil ".$VoipMaxSpeedIn."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");
84	fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");
85	fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");
86	// VoIP out going traffic
87	fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedOut."kbit ceil ".$VoipMaxSpeedOut."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");
88	fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");
89	fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");
90	fputs($FileClassInfo, '1:'.$VoipClassId." VoIP\n");
91
92
93	// Users hosts
94	//DB_Select('users', 'COUNT(*)', 'inet=1');
95	//$Row = DB_Row();
96	//$InetUserCount = $Row[0];
97	//$SpeedIn = round($UsersMaxSpeedIn / $InetUserCount);
98	//$SpeedOut = round($UsersMaxSpeedOut / $InetUserCount);
99	$Prio = 1;
100
101
102	$AllUsersClassId = $ClassId;
103	$ClassId = $ClassId + 1;
104	fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedIn."kbit prio 1 quantum 1500\n");
105	fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedOut."kbit prio 1 quantum 1500\n");
106	fputs($FileClassInfo, '1:'.$AllUsersClassId." Všichni uivatelé\n");
107
108	// Torrent sharing
109	$TorrentClassId = $ClassId;
110	$ClassId = $ClassId + 1;
111	$Prio = 2; // Lowest
112	$TorrentSpeedOut = 4;
113
114	// Torrent out going traffic
115	fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");
116	fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");
117	fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
118	fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");
119	// Torrent in going traffic
120	fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");
121	fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");
122	fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
123	fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");
124
125	$DbResult = $Database->select('users', '*, CONCAT(second_name, " ", first_name) as fullname', '(inet=1)');
126	while ($User = $DbResult->fetch_array())
127	{
128	$UserClassId = $ClassId;
129	$ClassId = $ClassId + 1;
130	$SpeedIn = round($Tarify[$User['inet_tarif_now']]['InternetSpeedMin'] / $InDivider);
131	$SpeedOut = round($Tarify[$User['inet_tarif_now']]['InternetSpeedMin'] / $OutDivider);
132	$UserMaxSpeedIn = round($Tarify[$User['inet_tarif_now']]['InternetSpeedMax'] / $InDivider);
133	$UserMaxSpeedOut = round($Tarify[$User['inet_tarif_now']]['InternetSpeedMax'] / $OutDivider);
134	$Quantum = $Tarify[$User['inet_tarif_now']]['speed_factor'] * 1500;
135
136	fputs($File, "# === ".$User['fullname']." ===\n");
137	fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio 1 quantum ".$Quantum."\n");
138	//fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");
139	//fputs($File, "/sbin/tc class add dev ".$InInterface." parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedIn."bit prio 1\n");
140	fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio 1 quantum ".$Quantum."\n");
141	//fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");
142	//fputs($File, "/sbin/tc class add dev ".$OutInterface." parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedOut."bit prio 1\n");
143	fputs($FileClassInfo, '1:'.$UserClassId.' '.$User['fullname']."\n");
144
145	//echo('User class id: '.$UserClassId."\n");
146
147	$DbResult2 = $Database->select('hosts', 'COUNT(*)', "block=0 AND MAC!='' AND user=".$User['id']);
148	$Row = $DbResult2->fetch_array();
149	$HostCount = $Row[0];
150	$HostSpeedIn = round($SpeedIn / $HostCount);
151	$HostSpeedOut = round($SpeedOut / $HostCount);
152
153	$DbResult2 = $Database->select('hosts','*',"block=0 AND MAC!='' AND user=".$User['id']);
154	while ($Host = $DbResult2->fetch_array())
155	//if ($Row['name'] != 'WOW')
156	{
157	$HostClassId = $ClassId;
158	$ClassId = $ClassId + 1;
159	fputs($File, "# ".$Host['name']."\n");
160	fputs($FileClassInfo, '1:'.$HostClassId.' '.$Host['name']."\n");
161	//echo(' Host class id: '.$HostClassId."\n");
162	//if ($User['inet'] == 1)
163	{
164	$Prio = 1;
165	if ($Host['vpn'] == 1)
166	{
167	if ($Host['external_ip'] != '') $Host['IP'] = $Host['external_ip'];
168	else $Host['IP'] = ToVpnIp($Host);
169	}
170
171	//if ($Host['name'] == 'TERMINAL') $SpeedDivider = 0.5;
172	//else
173	$SpeedDivider = 1;
174
175	if ($Host['name'] == 'centrala')
176	{
177	$Host['IP'] = $Host['external_ip'];
178	$TableOut = 'OUTPUT';
179	$TableIn = 'INPUT';
180	} else
181	{
182	$TableOut = 'FORWARD';
183	$TableIn = 'FORWARD';
184	}
185	//if ($Row['name'] == 'TERMINAL2') $Prio = 0;
186	// if ($Row['name'] = 'TERMINAL2') $Prio = 0;
187	if ($Host['name'] == 'voip-hajda') $Protocol = ' -p tcp';
188	else $Protocol = '';
189	// if ($Host['name'] == 'KARLOS') $UserMaxSpeedIn = 128000;
190	/*
191	if ($Host['name'] == 'GAME')
192	{
193	exec('/sbin/iptables -t mangle -F game-server');
194	$TableOut = 'game-server';
195	$TableIn = 'game-server';
196	}*/
197	//if ($Host['name'] == 'TBC') continue;
198
199	// In going traffic
200	//exec('/sbin/iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
201	fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio ".$Prio." quantum ".$Quantum."\n");
202	fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
203	//fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
204	fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip prio 1 u32 match ip dst ".$Host['external_ip']."/32 flowid 1:".$HostClassId."\n");
205
206	// Out going traffic
207	//exec('/sbin/iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
208	fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio ".$Prio." quantum ".$Quantum."\n");
209	fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
210	//fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
211	fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip prio 1 u32 match ip src ".$Host['external_ip']."/32 flowid 1:".$HostClassId."\n");
212	//echo($Row['id'].',');
213	}
214	// Free inet
215	if ($Tarify[$User['inet_tarif_now']]['group_id'] == 3)
216	{
217	//exec('/sbin/iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
218	//exec('/sbin/iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
219	}
220	// VoIP devices
221	/*
222	if (($Host['name'] == 'HAJDA-VOIP') \|\| ($Host['name'] == 'NAVRATIL-VOIP'))
223	{
224	exec('/sbin/iptables -t mangle -A '.$TableIn." -i eth1 -d ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);
225	exec('/sbin/iptables -t mangle -A '.$TableOut." -o eth1 -s ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);
226	} else
227	if ($Host['name'] == 'GAME')
228	{
229	exec('/sbin/iptables -t mangle -A FORWARD -o eth1 -s '.$Host['IP']." -j game-server");
230	exec('/sbin/iptables -t mangle -A FORWARD -i eth1 -d '.$Host['IP']." -j game-server");
231
232	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
233	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
234	//exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 10886 -j MARK --set-mark ".$TorrentClassId);
235	// default torrents
236	//exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 10886 -j MARK --set-mark ".$TorrentClassId);
237
238	// Local services
239	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId); // ICMP
240	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId);
241	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 6969 -j MARK --set-mark ".$HostClassId); // web torrent
242	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 6969 -j MARK --set-mark ".$HostClassId);
243	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId); // web
244	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId);
245	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 21 -j MARK --set-mark ".$HostClassId); // FTP
246	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 21 -j MARK --set-mark ".$HostClassId);
247	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8085 -j MARK --set-mark ".$HostClassId); // wow game server
248	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 8085 -j MARK --set-mark ".$HostClassId);
249	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3724 -j MARK --set-mark ".$HostClassId); // wow login server
250	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3724 -j MARK --set-mark ".$HostClassId);
251	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 22 -j MARK --set-mark ".$HostClassId); // wow game server
252	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 22 -j MARK --set-mark ".$HostClassId);
253	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId); // https
254	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId);
255	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 27015 -j MARK --set-mark ".$HostClassId); // Counter Strike
256	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 27015 -j MARK --set-mark ".$HostClassId);
257	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5905 -j MARK --set-mark ".$HostClassId); // VNC
258	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5905 -j MARK --set-mark ".$HostClassId);
259	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5906 -j MARK --set-mark ".$HostClassId); // VNC
260	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5906 -j MARK --set-mark ".$HostClassId);
261
262	// Remote services
263	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId); // https
264	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId);
265	exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId); // http
266	exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId);
267
268	}
269	*/
270
271	}
272	}
273	//echo($Row['id'].',');
274
275	}
276
277	// In going traffic
278	// exec('/sbin/iptables -t mangle -A FORWARD -m mark --mark 1 -j LOG --log-prefix "TRAFFIC " --log-level info');
279	//exec('/sbin/iptables -t mangle -A FORWARD -i eth1 -j IMQ --todev 0');
280	//exec('/sbin/iptables -t mangle -A INPUT -i eth1 -j IMQ --todev 0');
281	// Out going traffic
282	//exec('/sbin/iptables -t mangle -A FORWARD -o eth1 -j IMQ --todev 1');
283	//exec('/sbin/iptables -t mangle -A OUTPUT -o eth1 -j IMQ --todev 1');
284
285	fputs($File, "\n# Interface redirection\n");
286	fputs($File, "/sbin/tc qdisc del dev ".$InetInterface." ingress\n");
287	fputs($File, "/sbin/tc qdisc add dev ".$InetInterface." ingress\n");
288	fputs($File, "/sbin/tc filter add dev ".$InetInterface." parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0\n");
289
290	//fputs($File, "/sbin/tc qdisc del dev ".$InetInterface." root handle 1: htb default 10\n");
291	//fputs($File, "/sbin/tc qdisc add dev ".$InetInterface." root handle 1: htb default 10\n");
292	//fputs($File, "/sbin/tc filter add dev ".$InetInterface." parent 1: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb1\n");
293
294	//exec('/sbin/iptables-save >/etc/sysconfig//sbin/iptables');
295	fclose($File);
296	fclose($FileClassInfo);

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/Modules/NetworkConfigLinux/Generators/TrafficShaping.php

Download in other formats: