Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 1593

Přidáno uživatelem Ondřej Fibich před více než 12 roky(ů)

Vydani:

Zobrazit rozdíly:

freenetis/branches/testing/application/vendors/qos/freenetis-qos.init.sh
#! /bin/bash
### BEGIN INIT INFO
# Provides: freenetis
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start: $network $syslog
# Should-Stop: $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start and stop freenetis QoS daemon
# Description: FreenetIS initialization QoS synchronization script.
### END INIT INFO
################################################################################
# #
# This script serves for initialization of QoS of IS FreenetIS #
# #
# Author Sevcik Roman 2011 #
# Email sevcik.roman@slfree.net #
# #
# Name freenetis-qos.init.sh #
# Version 0.9.0 #
# #
################################################################################
#Local variable contains path to iptables - mandatory
IPTABLES=/sbin/iptables
#Load variables from config file
CONFIG=/etc/freenetis/freenetis-qos.conf
# Path to QoS synchronization file
QOS_SYNCFILE=/usr/local/sbin/freenetis-qos-sync
#Path to QoS pid file
QOS_PIDFILE=/var/run/freenetis-qos-sync.pid
#Load variables
if [ -f ${CONFIG} ]; then
. $CONFIG;
else
echo "Config file is missing at path $CONFIG."
echo "Terminating...";
exit 0
fi
start_qos ()
{
cat /dev/null > "$LOG_FILE"
if [ -f ${QOS_PIDFILE} ]; then
echo "Already started"
return 0
fi
echo "Starting process."
nohup $QOS_SYNCFILE update >> "$LOG_FILE" 2> /dev/null &
#Parse PID a save to file
ps aux | grep $QOS_SYNCFILE | grep -v grep | awk '{print $2}' > $QOS_PIDFILE
return 0
}
stop_qos ()
{
if [ ! -f ${QOS_PIDFILE} ]; then
echo "Already stopped"
return 0
fi
#Killing of process by sigterm
echo "Killing process."
kill -9 `cat $QOS_PIDFILE`
rm -f $QOS_PIDFILE
$QOS_SYNCFILE stop > /dev/null 2>&1 &
return 0
}
status_qos ()
{
if [ -f ${QOS_PIDFILE} ]; then
echo "Freenetis QoS is running with PID `cat $QOS_PIDFILE`"
return 0
else
echo "Freenetis QoS is not running"
return 0
fi
}
usage_qos ()
{
echo "usage : `echo $0` (start|stop|restart|status|help)"
}
help_qos ()
{
echo " start - initialization of firewall rules and settings for QoS"
echo " stop - clears firewall rules and settings for QoS"
echo " restart - restarts firewall rules and settings for QoS"
echo " status - returns actual status of QoS"
echo " help - prints help for QoS"
}
# Is parameter #1 zero length?
if [ -z "$1" ]; then
usage_qos
exit 0
fi;
case "$1" in
start)
start_qos
exit 0
;;
restart)
stop_qos
start_qos
exit 0
;;
stop)
stop_qos
exit 0
;;
status)
status_qos
exit 0
;;
help)
usage_qos
help_qos
exit 0
;;
*)
usage_qos
exit 0
;;
esac
exit 0
freenetis/branches/testing/application/vendors/qos/freenetis-qos-sync.sh
#!/bin/bash
################################################################################
# #
# This script serves for QoS synchronization of IS FreenetIS #
# #
# author Sevcik Roman 2011 #
# email sevcik.roman@slfree.net #
# #
# name freenetis-qos-sync.sh #
# version 1.9 #
# #
################################################################################
#Load variables from config file
CONFIG=/etc/freenetis/freenetis-redir-qos.conf
PATH_QOS_MEMBERS=/tmp/qos_members
PATH_QOS_IP_ADDRESSES=/tmp/qos_ip_addresses
PATH_QOS_IPSETS=/tmp/qos_ipsets
IPTABLES=/sbin/iptables
LOG_PREFIX=`date "+%Y-%m-%d %H:%M"`" QoS: "
ROOT="1:"
#Load variables
if [ -f ${CONFIG} ]; then
. $CONFIG;
else
echo $LOG_PREFIX"No config file - giving up :-(";
exit 0
fi
stop ()
{
# for each current ipsets, list is stored in file
cat $PATH_QOS_IPSETS | while read line
do
ID=`echo $line | awk '{print $1}'`
IPSET=`echo $line | awk '{print $2}'`
# flush ipset
ipset -F $IPSET
echo $LOG_PREFIX"Emptied ipset $IPSET";
# remove its iptables rules
#$IPTABLES -t mangle -D POSTROUTING -o $OUTPUT_INTERFACE -m set --set $IPSET src -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -D POSTROUTING -m set --set $IPSET src -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -D POSTROUTING -m set --set $IPSET src -j RETURN
echo $LOG_PREFIX"Deleted iptables rule for assignment upload tc class $ROOT$ID to ipset $IPSET"
#$IPTABLES -t mangle -D POSTROUTING -o $INPUT_INTERFACE -m set --set $IPSET dst -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -D POSTROUTING -m set --set $IPSET dst -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -D POSTROUTING -m set --set $IPSET dst -j RETURN
echo $LOG_PREFIX"Deleted iptables rule for assignment download tc class $ROOT$ID to ipset $IPSET"
# remove ipset
ipset -X $IPSET
echo $LOG_PREFIX"Removed ipset $IPSET"
done
# clear file with ipset list
cat /dev/null > $PATH_QOS_IPSETS
echo $LOG_PREFIX"Deleting old tc classes"
# deletes all old qdiscs, its remove all children classes, qdisc, etc.
tc qdisc del dev $OUTPUT_INTERFACE root 2> /dev/null
tc qdisc del dev $INPUT_INTERFACE root 2> /dev/null
}
start ()
{
echo $LOG_PREFIX"Downloading data"
wget -q -O $PATH_QOS_MEMBERS $SET_URL_QOS_MEMBERS --no-check-certificate
wget -q -O $PATH_QOS_IP_ADDRESSES $SET_URL_QOS_IP_ADDRESSES --no-check-certificate
# creates default qdiscs (first for upload, second for download)
tc qdisc add dev $OUTPUT_INTERFACE root handle $ROOT htb default 2
echo $LOG_PREFIX"Added root tc qdisc for upload"
tc qdisc add dev $INPUT_INTERFACE root handle $ROOT htb default 2
echo $LOG_PREFIX"Added root tc qdisc for download"
# line number counter
LNR=1
cat $PATH_QOS_MEMBERS | while read line
do
ID=`echo $line | awk '{print $1}'`
UPLOAD_CEIL=`echo $line | awk '{print $2}'`
DOWNLOAD_CEIL=`echo $line | awk '{print $3}'`
UPLOAD_RATE=`echo $line | awk '{print $4}'`
DOWNLOAD_RATE=`echo $line | awk '{print $5}'`
PRIORITY=`echo $line | awk '{print $6}'`
PROTOCOL=`echo $line | awk '{print $7}'`
PARENT=`echo $line | awk '{print $8}'`
IPSET=`echo $line | awk '{print $9}'`
if [ "$UPLOAD_CEIL" != "0M" ]; then
UPLOAD_CEIL=" ceil "$UPLOAD_CEIL"bit"
else
UPLOAD_CEIL=""
fi
if [ "$UPLOAD_RATE" != "0M" ]; then
UPLOAD_RATE=" rate "$UPLOAD_RATE"bit"
else
UPLOAD_RATE=""
fi
if [ "$DOWNLOAD_CEIL" != "0M" ]; then
DOWNLOAD_CEIL=" ceil "$DOWNLOAD_CEIL"bit"
else
DOWNLOAD_CEIL=""
fi
if [ "$DOWNLOAD_RATE" != "0M" ]; then
DOWNLOAD_RATE=" rate "$DOWNLOAD_RATE"bit"
else
DOWNLOAD_RATE=""
fi
# creates classes (first for upload, second for download)
tc class add dev $OUTPUT_INTERFACE parent $ROOT$PARENT classid $ROOT$ID htb $UPLOAD_RATE $UPLOAD_CEIL
echo $LOG_PREFIX"Created tc class $ROOT$ID for upload"
tc class add dev $INPUT_INTERFACE parent $ROOT$PARENT classid $ROOT$ID htb $DOWNLOAD_RATE $DOWNLOAD_CEIL
echo $LOG_PREFIX"Created tc class $ROOT$ID for download"
if [ "$LNR" -gt 1 ]; then
tc qdisc add dev $OUTPUT_INTERFACE parent $ROOT$ID handle $ID: sfq
echo $LOG_PREFIX"Created tc qdisc for upload tc class $ROOT$ID"
tc qdisc add dev $INPUT_INTERFACE parent $ROOT$ID handle $ID: sfq
echo $LOG_PREFIX"Created tc qdisc for download tc class $ROOT$ID"
tc filter add dev $OUTPUT_INTERFACE parent $ID: prio $PRIORITY handle $ID protocol $PROTOCOL flow hash keys nfct-src divisor 1024
echo $LOG_PREFIX"Created filter for upload tc class $ROOT$ID with priority $PRIORITY and protocol $PROTOCOL"
tc filter add dev $INPUT_INTERFACE parent $ID: prio $PRIORITY handle $ID protocol $PROTOCOL flow hash keys dst divisor 1024
echo $LOG_PREFIX"Created filter for download tc class $ROOT$ID with priority $PRIORITY and protocol $PROTOCOL"
fi
if [ "$IPSET" != "" ]; then
ipset -N $IPSET iphash --hashsize 10000 --probes 8 --resize 50
echo $LOG_PREFIX"Created ipset $IPSET for tc class $ROOT$ID"
#$IPTABLES -t mangle -A POSTROUTING -o $OUTPUT_INTERFACE -m set --set $IPSET src -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -A POSTROUTING -m set --set $IPSET src -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -A POSTROUTING -m set --set $IPSET src -j RETURN
echo $LOG_PREFIX"Added iptables rule for assignment upload tc class $ROOT$ID to ipset $IPSET"
#$IPTABLES -t mangle -A POSTROUTING -o $INPUT_INTERFACE -m set --set $IPSET dst -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -A POSTROUTING -m set --set $IPSET dst -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -A POSTROUTING -m set --set $IPSET dst -j RETURN
echo $LOG_PREFIX"Added iptables rule for assignment download tc class $ROOT$ID to ipset $IPSET"
awk '{ if ($1=='$ID') print $2 }' $PATH_QOS_IP_ADDRESSES | while read IP_ADDRESS
do
ipset -A $IPSET $IP_ADDRESS
echo $LOG_PREFIX"Added ip address $IP_ADDRESS to ipset $IPSET"
done
echo "$ID $IPSET" >> $PATH_QOS_IPSETS
fi
LNR=$(($LNR+1))
done
echo $LOG_PREFIX"Sleeping"
sleep $DELAY
}
update()
{
stop
start
}
case "$1" in
update)
while (true);
do
update
done
;;
stop)
stop
;;
esac
freenetis/branches/testing/application/vendors/qos/freenetis-qos.conf
################################################################################
# #
# This script serves for IS FreenetIS (redirection and QoS) #
# #
# author Sevcik Roman, Kliment Michal 2011 #
# email sevcik.roman@slfree.net, kliment@freenetis.org #
# #
# name freenetis-qos.conf #
# version 0.9.0 #
# #
################################################################################
################################################################################
# G E N E R A L S E T T I N G S #
################################################################################
# Base PATH_FN to running FreenetIS instance
PATH_FN=http://localhost/freenetis
# Log file, change to /dev/null to disable logging
LOG_FILE=/var/log/freenetis-redir-qos.log
# Input interface on which redirection rules and QoS download are applicated on
INPUT_INTERFACE=eth0
# Output interface on which QoS upload is applicated on
OUTPUT_INTERFACE=eth0
################################################################################
# Q o S S E T T I N G S #
################################################################################
# Maximum download
DOWNLOAD_CEIL=20M
# Download rate for ordinary members
DOWNLOAD_ORDINARY_RATE=18M
# Download rate for active members
DOWNLOAD_ACTIVE_RATE=2M
# Maximum upload
UPLOAD_CEIL=10M
# Upload rate for ordinary members
UPLOAD_ORDINARY_RATE=9M
# Upload rate for active members
UPLOAD_ACTIVE_RATE=1M
# URL of pages which we need to download from FreenetIS. [DO NOT CHANGE THIS VALUES!!]
SET_URL_QOS_MEMBERS=$PATH_FN/index.php/en/web_interface/members_qos_ceil_rate
SET_URL_QOS_IP_ADDRESSES=$PATH_FN/index.php/en/web_interface/ip_addresses_qos_ceil_rate
freenetis/branches/testing/application/vendors/redirection/freenetis-qos-sync.sh
#!/bin/bash
################################################################################
# #
# This script serves for QoS synchronization of IS FreenetIS #
# #
# author Sevcik Roman 2011 #
# email sevcik.roman@slfree.net #
# #
# name freenetis-qos-sync.sh #
# version 1.9 #
# #
################################################################################
#Load variables from config file
CONFIG=/etc/freenetis/freenetis-redir-qos.conf
PATH_QOS_MEMBERS=/tmp/qos_members
PATH_QOS_IP_ADDRESSES=/tmp/qos_ip_addresses
PATH_QOS_IPSETS=/tmp/qos_ipsets
IPTABLES=/sbin/iptables
LOG_PREFIX=`date "+%Y-%m-%d %H:%M"`" QoS: "
ROOT="1:"
#Load variables
if [ -f ${CONFIG} ]; then
. $CONFIG;
else
echo $LOG_PREFIX"No config file - giving up :-(";
exit 0
fi
stop ()
{
# for each current ipsets, list is stored in file
cat $PATH_QOS_IPSETS | while read line
do
ID=`echo $line | awk '{print $1}'`
IPSET=`echo $line | awk '{print $2}'`
# flush ipset
ipset -F $IPSET
echo $LOG_PREFIX"Emptied ipset $IPSET";
# remove its iptables rules
#$IPTABLES -t mangle -D POSTROUTING -o $OUTPUT_INTERFACE -m set --set $IPSET src -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -D POSTROUTING -m set --set $IPSET src -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -D POSTROUTING -m set --set $IPSET src -j RETURN
echo $LOG_PREFIX"Deleted iptables rule for assignment upload tc class $ROOT$ID to ipset $IPSET"
#$IPTABLES -t mangle -D POSTROUTING -o $INPUT_INTERFACE -m set --set $IPSET dst -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -D POSTROUTING -m set --set $IPSET dst -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -D POSTROUTING -m set --set $IPSET dst -j RETURN
echo $LOG_PREFIX"Deleted iptables rule for assignment download tc class $ROOT$ID to ipset $IPSET"
# remove ipset
ipset -X $IPSET
echo $LOG_PREFIX"Removed ipset $IPSET"
done
# clear file with ipset list
cat /dev/null > $PATH_QOS_IPSETS
echo $LOG_PREFIX"Deleting old tc classes"
# deletes all old qdiscs, its remove all children classes, qdisc, etc.
tc qdisc del dev $OUTPUT_INTERFACE root 2> /dev/null
tc qdisc del dev $INPUT_INTERFACE root 2> /dev/null
}
start ()
{
echo $LOG_PREFIX"Downloading data"
wget -q -O $PATH_QOS_MEMBERS $SET_URL_QOS_MEMBERS --no-check-certificate
wget -q -O $PATH_QOS_IP_ADDRESSES $SET_URL_QOS_IP_ADDRESSES --no-check-certificate
# creates default qdiscs (first for upload, second for download)
tc qdisc add dev $OUTPUT_INTERFACE root handle $ROOT htb default 2
echo $LOG_PREFIX"Added root tc qdisc for upload"
tc qdisc add dev $INPUT_INTERFACE root handle $ROOT htb default 2
echo $LOG_PREFIX"Added root tc qdisc for download"
# line number counter
LNR=1
cat $PATH_QOS_MEMBERS | while read line
do
ID=`echo $line | awk '{print $1}'`
UPLOAD_CEIL=`echo $line | awk '{print $2}'`
DOWNLOAD_CEIL=`echo $line | awk '{print $3}'`
UPLOAD_RATE=`echo $line | awk '{print $4}'`
DOWNLOAD_RATE=`echo $line | awk '{print $5}'`
PRIORITY=`echo $line | awk '{print $6}'`
PROTOCOL=`echo $line | awk '{print $7}'`
PARENT=`echo $line | awk '{print $8}'`
IPSET=`echo $line | awk '{print $9}'`
if [ "$UPLOAD_CEIL" != "0M" ]; then
UPLOAD_CEIL=" ceil "$UPLOAD_CEIL"bit"
else
UPLOAD_CEIL=""
fi
if [ "$UPLOAD_RATE" != "0M" ]; then
UPLOAD_RATE=" rate "$UPLOAD_RATE"bit"
else
UPLOAD_RATE=""
fi
if [ "$DOWNLOAD_CEIL" != "0M" ]; then
DOWNLOAD_CEIL=" ceil "$DOWNLOAD_CEIL"bit"
else
DOWNLOAD_CEIL=""
fi
if [ "$DOWNLOAD_RATE" != "0M" ]; then
DOWNLOAD_RATE=" rate "$DOWNLOAD_RATE"bit"
else
DOWNLOAD_RATE=""
fi
# creates classes (first for upload, second for download)
tc class add dev $OUTPUT_INTERFACE parent $ROOT$PARENT classid $ROOT$ID htb $UPLOAD_RATE $UPLOAD_CEIL
echo $LOG_PREFIX"Created tc class $ROOT$ID for upload"
tc class add dev $INPUT_INTERFACE parent $ROOT$PARENT classid $ROOT$ID htb $DOWNLOAD_RATE $DOWNLOAD_CEIL
echo $LOG_PREFIX"Created tc class $ROOT$ID for download"
if [ "$LNR" -gt 1 ]; then
tc qdisc add dev $OUTPUT_INTERFACE parent $ROOT$ID handle $ID: sfq
echo $LOG_PREFIX"Created tc qdisc for upload tc class $ROOT$ID"
tc qdisc add dev $INPUT_INTERFACE parent $ROOT$ID handle $ID: sfq
echo $LOG_PREFIX"Created tc qdisc for download tc class $ROOT$ID"
tc filter add dev $OUTPUT_INTERFACE parent $ID: prio $PRIORITY handle $ID protocol $PROTOCOL flow hash keys nfct-src divisor 1024
echo $LOG_PREFIX"Created filter for upload tc class $ROOT$ID with priority $PRIORITY and protocol $PROTOCOL"
tc filter add dev $INPUT_INTERFACE parent $ID: prio $PRIORITY handle $ID protocol $PROTOCOL flow hash keys dst divisor 1024
echo $LOG_PREFIX"Created filter for download tc class $ROOT$ID with priority $PRIORITY and protocol $PROTOCOL"
fi
if [ "$IPSET" != "" ]; then
ipset -N $IPSET iphash --hashsize 10000 --probes 8 --resize 50
echo $LOG_PREFIX"Created ipset $IPSET for tc class $ROOT$ID"
#$IPTABLES -t mangle -A POSTROUTING -o $OUTPUT_INTERFACE -m set --set $IPSET src -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -A POSTROUTING -m set --set $IPSET src -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -A POSTROUTING -m set --set $IPSET src -j RETURN
echo $LOG_PREFIX"Added iptables rule for assignment upload tc class $ROOT$ID to ipset $IPSET"
#$IPTABLES -t mangle -A POSTROUTING -o $INPUT_INTERFACE -m set --set $IPSET dst -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -A POSTROUTING -m set --set $IPSET dst -j CLASSIFY --set-class $ROOT$ID
$IPTABLES -t mangle -A POSTROUTING -m set --set $IPSET dst -j RETURN
echo $LOG_PREFIX"Added iptables rule for assignment download tc class $ROOT$ID to ipset $IPSET"
awk '{ if ($1=='$ID') print $2 }' $PATH_QOS_IP_ADDRESSES | while read IP_ADDRESS
do
ipset -A $IPSET $IP_ADDRESS
echo $LOG_PREFIX"Added ip address $IP_ADDRESS to ipset $IPSET"
done
echo "$ID $IPSET" >> $PATH_QOS_IPSETS
fi
LNR=$(($LNR+1))
done
echo $LOG_PREFIX"Sleeping"
sleep $DELAY
}
update()
{
stop
start
}
case "$1" in
update)
while (true);
do
update
done
;;
stop)
stop
;;
esac
freenetis/branches/testing/application/vendors/redirection/freenetis-redir-qos.init.sh
#! /bin/bash
### BEGIN INIT INFO
# Provides: freenetis
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start: $network $syslog
# Should-Stop: $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start and stop freenetis synchronization daemon
# Description: FreenetIS synchronization script.
### END INIT INFO
################################################################################
# #
# This script serves for redirection ip policy and QoS of IS FreenetIS #
# #
# Author Sevcik Roman 2011 #
# Email sevcik.roman@slfree.net #
# #
# Name freenetis-redir-qos.init.sh #
# Version 1.9 #
# #
################################################################################
#Local variable contains path to iptables - mandatory
IPTABLES=/sbin/iptables
#Load variables from config file
CONFIG=/etc/freenetis/freenetis-redir-qos.conf
# Path to redirection synchronization file
REDIRECTION_SYNCFILE=/usr/local/sbin/freenetis-redir-sync.sh
# Path to QoS synchronization file
QOS_SYNCFILE=/usr/local/sbin/freenetis-qos-sync.sh
#Path to redirection pid file
REDIRECTION_PIDFILE=/var/run/freenetis-redir-sync.pid
#Path to QoS pid file
QOS_PIDFILE=/var/run/freenetis-qos-sync.pid
#Load variables
if [ -f ${CONFIG} ]; then
. $CONFIG;
else
echo "No config file - giving up :-(";
exit 0
fi
start_redirection ()
{
if [ -f ${REDIRECTION_PIDFILE} ]; then
echo "Already started"
return 0
fi
echo "Adding sets.";
ipset -N whitelist iphash --hashsize 10000 --probes 4 --resize 50
ipset -N allowed iphash --hashsize 10000 --probes 8 --resize 50
ipset -N self_cancel iphash --hashsize 10000 --probes 8 --resize 50
ipset -N seen iphash --hashsize 10000 --probes 8 --resize 50
ipset -N ranges nethash --hashsize 1024 --probes 4 --resize 50
echo "Adding firewall rules.";
#Rule for allowing access. If come packet to $IP_TARGET then we add souce address do set allowed and to set seen
#Set seen is used for ip synchronization with FreenetIS.
$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --set self_cancel src -d $IP_TARGET -p tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src
#$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --set self_cancel src -d $IP_TARGET -j SET --add-set seen src
#If is IP in set whitelist or allowed then it is not redirected
#$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --set whitelist src -j ACCEPT
$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --set allowed src -j ACCEPT
#Redirect everything trafic what has destination port $PORT_WEB to $PORT_REDIRECT
$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --set ranges src -p tcp --dport $PORT_WEB -j REDIRECT --to-port $PORT_REDIRECT
#If is IP in set whitelist or allowed then it is not redirected
#$IPTABLES -i $INPUT_INTERFACE -I FORWARD 1 -m set --set whitelist src -j ACCEPT
$IPTABLES -i $INPUT_INTERFACE -I FORWARD 2 -m set --set allowed src -j ACCEPT
#Else everything drop
$IPTABLES -i $INPUT_INTERFACE -I FORWARD 3 -m set --set ranges src -j DROP
#Run update script on background
echo "Starting process."
nohup $REDIRECTION_SYNCFILE >> "$LOG_FILE" 2> /dev/null &
#Parse PID a save to file
ps -fe | grep $REDIRECTION_SYNCFILE | head -n1 | cut -d" " -f 6 > $REDIRECTION_PIDFILE
return 0
}
stop_redirection ()
{
#if [ ! -f ${REDIRECTION_PIDFILE} ]; then
# echo "Already stopped."
# return 0
#fi
#Killing of process by sigterm
echo "Killing process."
#cat $PIDFILE | xargs kill -9
#killall -q $REDIRECTION_SYNCFILE
killall freenetis_redirection_synchronization.sh
rm -f $REDIRECTION_PIDFILE
echo "Deleting firewall rules.";
#Rule for allowing access. If come packet to $IP_TARGET then we add souce address do set allowed and to set seen
#Set seen is used for ip synchronization with FreenetIS.
$IPTABLES -i $INPUT_INTERFACE -t nat -D PREROUTING -m set --set self_cancel src -d $IP_TARGET -p tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src
#$IPTABLES -i $INPUT_INTERFACE -t nat -D PREROUTING -m set --set self_cancel src -d $IP_TARGET -j SET --add-set seen src
#If is IP in set whitelist or allowed then it is not redirected
#$IPTABLES -i $INPUT_INTERFACE -t nat -D PREROUTING -m set --set whitelist src -j ACCEPT
$IPTABLES -i $INPUT_INTERFACE -t nat -D PREROUTING -m set --set allowed src -j ACCEPT
#Redirect everything traffic what has destination port $PORT_WEB to $PORT_REDIRECT
$IPTABLES -i $INPUT_INTERFACE -t nat -D PREROUTING -m set --set ranges src -p tcp --dport $PORT_WEB -j REDIRECT --to-port $PORT_REDIRECT
#If is IP in set whitelist or allowed then it is not redirected
#$IPTABLES -i $INPUT_INTERFACE -D FORWARD -m set --set whitelist src -j ACCEPT
$IPTABLES -i $INPUT_INTERFACE -D FORWARD -m set --set allowed src -j ACCEPT
#Else everything drop
$IPTABLES -i $INPUT_INTERFACE -D FORWARD -m set --set ranges src -j DROP
echo "Deleting sets.";
ipset -X whitelist
ipset -X allowed
ipset -X self_cancel
ipset -X seen
ipset -X ranges
return 0
}
status_redirection ()
{
if [ -f ${REDIRECTION_PIDFILE} ]; then
echo "Freenetis redirection is running with PID `cat $REDIRECTION_PIDFILE`"
return 0
else
echo "Freenetis redirection is not running"
return 0
fi
}
start_qos ()
{
if [ -f ${QOS_PIDFILE} ]; then
echo "Already started"
return 0
fi
echo "Starting process."
nohup $QOS_SYNCFILE update >> "$LOG_FILE" 2> /dev/null &
#Parse PID a save to file
ps aux | grep $QOS_SYNCFILE | grep -v grep | awk '{print $2}' > $QOS_PIDFILE
return 0
}
stop_qos ()
{
if [ ! -f ${QOS_PIDFILE} ]; then
echo "Already stopped"
return 0
fi
#Killing of process by sigterm
echo "Killing process."
kill -9 `cat $QOS_PIDFILE`
rm -f $QOS_PIDFILE
$QOS_SYNCFILE stop > /dev/null 2>&1 &
return 0
}
status_qos ()
{
if [ -f ${QOS_PIDFILE} ]; then
echo "Freenetis QoS is running with PID `cat $QOS_PIDFILE`"
return 0
else
echo "Freenetis QoS is not running"
return 0
fi
}
start_all ()
{
cat /dev/null > "$LOG_FILE"
start_redirection
start_qos
return 0
}
stop_all ()
{
stop_redirection
stop_qos
return 0
}
status_all ()
{
status_redirection
status_qos
return 0
}
usage_all ()
{
echo "usage : `echo $0` (start|stop|restart|status|help|qos start|qos stop|qos restart|qos status|qos help|redirection start|redirection stop|redirection restart|redirection status|redirection help)"
}
usage_qos ()
{
echo "usage : `echo $0` qos (start|stop|restart|status|help)"
}
usage_redirection ()
{
echo "usage : `echo $0` redirection (start|stop|restart|status|help)"
}
# Function shows help
help_all ()
{
echo "GENERAL:"
echo " start - initialization of all firewall rules and settings"
echo " stop - clears all firewall rules and settings"
echo " restart - restarts all firewall rules and settings"
echo " status - returns actual status"
echo " help - prints this help"
echo "QOS:"
help_qos
echo "REDIRECTION:"
help_redirection
}
help_qos ()
{
echo " qos start - initialization of firewall rules and settings for QoS"
echo " qos stop - clears firewall rules and settings for QoS"
echo " qos restart - restarts firewall rules and settings for QoS"
echo " qos status - returns actual status of QoS"
echo " qos help - prints help for QoS"
}
help_redirection ()
{
echo " redirection start - initialization of firewall rules and settings for redirection"
echo " redirection stop - clears firewall rules and settings for redirection"
echo " redirection restart - restarts firewall rules and settings for redirection"
echo " redirection status - returns actual status of redirection"
echo " redirection help - prints help for redirection"
}
# Is parameter #1 zero length?
if [ -z "$1" ]; then
usage_all
exit 0
fi;
case "$1" in
start)
start_all
exit 0
;;
restart)
stop_all
start_all
exit 0
;;
stop)
stop_all
exit 0
;;
status)
status_all
exit 0
;;
help)
usage_all
help_all
exit 0
;;
qos)
case "$2" in
start)
start_qos
exit 0
;;
restart)
stop_qos
start_qos
exit 0
;;
stop)
stop_qos
exit 0
;;
status)
status_qos
exit 0
;;
help)
usage_qos
help_qos
exit 0
;;
*)
usage_qos
exit 0
;;
esac
exit 0
;;
redirection)
case "$2" in
start)
start_redirection
exit 0
;;
restart)
stop_redirection
start_redirection
exit 0
;;
stop)
stop_redirection
exit 0
;;
status)
status_redirection
exit 0
;;
help)
usage_redirection
help_redirection
exit 0
;;
*)
usage_redirection
exit 0
;;
esac
exit 0
;;
*)
usage_all
exit 0
;;
esac
exit 0
freenetis/branches/testing/application/vendors/redirection/freenetis-redir-sync.sh
#!/bin/bash
################################################################################
# #
# This script serves for redirection IP policy of IS FreenetIS #
# #
# author Sevcik Roman 2011 #
# email sevcik.roman@slfree.net #
# #
# name freenetis-redir-sync.sh #
# version 1.9 #
# #
################################################################################
#Load variables from config file
CONFIG=/etc/freenetis/freenetis-redir-qos.conf
#Paths where temporary data will be saved.
PATH_RANGES=/tmp/ranges
#PATH_WHITELIST=/tmp/whitelist
PATH_ALLOWED=/tmp/allowed
PATH_SELF_CANCEL=/tmp/self_cancel
LOG_PREFIX=`date "+%Y-%m-%d %H:%M"`" Redirection: "
#Load variables
if [ -f ${CONFIG} ]; then
. $CONFIG;
else
echo $LOG_PREFIX"No config file - giving up :-(";
exit 0
fi
# Function returns 1 if is IP valid
# @param IP address
# return 1 on true or other number on false
valid_ip ()
{
local ip=$1
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
OIFS=$IFS
IFS='.'
ip=($ip)
IFS=$OIFS
[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
stat=$?
fi;
return $stat
}
update ()
{
echo $LOG_PREFIX"Updating..."
#Erase content of all sets
echo $LOG_PREFIX"Cleaning sets...";
#Send data from seen set to server
oount=0
#for i in $(ipset -L seen);
#do
# if valid_ip $i; then
# seen[count]=$i
# ((count++))
# fi
#done
OIFS=$IFS
export IFS=";"
#echo $LOG_PREFIX"Sending seen set data...";
#wget -q -O /dev/null $SET_URL_SEEN --no-check-certificate --post-data "seen=${seen[*]}"
IFS=$OIFS
#unset seen
echo $LOG_PREFIX"Downloading data...";
#wget -q -O $PATH_WHITELIST $SET_URL_WHITELIST --no-check-certificate
wget -q -O $PATH_ALLOWED $SET_URL_ALLOWED --no-check-certificate
wget -q -O $PATH_SELF_CANCEL $SET_URL_SELF_CANCEL --no-check-certificate
wget -q -O $PATH_RANGES $SET_URL_RANGES --no-check-certificate
ipset -F ranges
#ipset -F whitelist
ipset -F allowed
ipset -F self_cancel
#Filling sets
#for i in $(cat $PATH_WHITELIST);
#do
# echo $LOG_PREFIX"$i - added to set whitelist"
# ipset -A whitelist $i
#done
for i in $(cat $PATH_ALLOWED);
do
echo $LOG_PREFIX"$i - added to set allowed"
ipset -A allowed $i
done
for i in $(cat $PATH_SELF_CANCEL);
do
echo $LOG_PREFIX"$i - added to set self_cancel"
ipset -A self_cancel $i
done
for i in $(cat $PATH_RANGES);
do
echo $LOG_PREFIX"$i - added to set ranges"
ipset -A ranges $i
done
#Erase content of seen set
#echo $LOG_PREFIX"Cleaning seen set...";
#ipset -F seen
#Cleaning up...
rm -f $PATH_RANGES
#rm -f $PATH_WHITELIST
rm -f $PATH_ALLOWED
rm -f $PATH_SELF_CANCEL
echo $LOG_PREFIX"Sleeping..."
sleep $DELAY;
}
while (true);
do
update
done
freenetis/branches/testing/application/vendors/redirection/freenetis-redir-qos.conf
################################################################################
# #
# This script serves for IS FreenetIS (redirection and QoS) #
# #
# author Sevcik Roman, Kliment Michal 2011 #
# email sevcik.roman@slfree.net, kliment@freenetis.org #
# #
# name freenetis-redir-qos.conf #
# version 1.9 #
# #
################################################################################
################################################################################
# G E N E R A L S E T T I N G S #
################################################################################
# Log file, change to /dev/null to disable logging
LOG_FILE=/var/log/freenetis-redir-qos.log
# Input interface on which redirection rules and QoS download are applicated on
INPUT_INTERFACE=eth0
# Output interface on which QoS upload is applicated on
OUTPUT_INTERFACE=eth0
# Base PATH_FN to running FreenetIS instance
PATH_FN=http://localhost/freenetis
################################################################################
# R E D I R E C T I O N S E T T I N G S #
################################################################################
# Local variable contains ip address useful for self-canceling. More info in doc
IP_TARGET=
# Local variable contains port number to be redirect from - mandatory
PORT_WEB=80
# Local variable contains port number to be redirect to - mandatory
# DO NOT CHANGE THIS VALUE AFTER INSTALL WITHOUT USING OF DPKG-RECONFIGURE
# AFTER IT'S CHANGING OR REDIRECTION WILL NOT WORK! THIS VALUE SERVE A REFERENCE
# FOR LIGHTTP SERVER, WHICH IS SET IN POSTINST SCRIPT.
PORT_REDIRECT=36000
# Local variable contains port number for canceling of redirection by redirected user - mandatory
# DO NOT CHANGE THIS VALUE AFTER INSTALL WITHOUT USING OF DPKG-RECONFIGURE
# AFTER IT'S CHANGING OR REDIRECTION WILL NOT WORK! THIS VALUE SERVE A REFERENCE
# FOR LIGHTTP SERVER, WHICH IS SET IN POSTINST SCRIPT.
PORT_SELF_CANCEL=36001
# Delay in seconds between next update cycle
DELAY=60
# URL of pages which we need to dowload from freenetis.
# SET_URL_RANGES - contains list of CIDR networks (e.g. 192.160.0/23) which we can redirect
# SET_URL_ALLOWED - contains list of IP allowed adresses will not be redirect
# SET_URL_SELF_CANCEL - contains list of IP adresses which can disable redirection itself
SET_URL_RANGES=$PATH_FN/cs/web_interface/redirected_ranges
SET_URL_ALLOWED=$PATH_FN/cs/web_interface/allowed_ip_addresses
SET_URL_SELF_CANCEL=$PATH_FN/cs/web_interface/self_cancelable_ip_addresses
################################################################################
# Q o S S E T T I N G S #
################################################################################
# Maximum download
DOWNLOAD_CEIL=20M
# Download rate for ordinary members
DOWNLOAD_ORDINARY_RATE=18M
# Download rate for active members
DOWNLOAD_ACTIVE_RATE=2M
# Maximum upload
UPLOAD_CEIL=10M
# Upload rate for ordinary members
UPLOAD_ORDINARY_RATE=9M
# Upload rate for active members
UPLOAD_ACTIVE_RATE=1M
# URL of pages which we need to download from FreenetIS.
# SET_URL_ACTIVE - contains list of ip addresses of active members
SET_URL_QOS_MEMBERS=$PATH_FN/cs/web_interface/members_qos_ceil_rate
SET_URL_QOS_IP_ADDRESSES=$PATH_FN/cs/web_interface/ip_addresses_qos_ceil_rate
freenetis/branches/testing/application/vendors/redirection/freenetis-redirection.init.sh
#! /bin/bash
### BEGIN INIT INFO
# Provides: freenetis
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start: $network $syslog
# Should-Stop: $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start and stop freenetis synchronization daemon
# Description: FreenetIS synchronization script.
### END INIT INFO
################################################################################
# #
# This script serves for redirection ip policy and QoS of IS FreenetIS #
# #
# Author Sevcik Roman 2011 #
# Email sevcik.roman@slfree.net #
# #
# Name freenetis-redir-qos.init.sh #
# Version 1.9 #
# #
################################################################################
#Local variable contains path to iptables - mandatory
IPTABLES=/sbin/iptables
#Load variables from config file
CONFIG=/etc/freenetis/freenetis-redir-qos.conf
# Path to redirection synchronization file
REDIRECTION_SYNCFILE=/usr/local/sbin/freenetis-redir-sync.sh
# Path to QoS synchronization file
QOS_SYNCFILE=/usr/local/sbin/freenetis-qos-sync.sh
#Path to redirection pid file
REDIRECTION_PIDFILE=/var/run/freenetis-redir-sync.pid
#Path to QoS pid file
QOS_PIDFILE=/var/run/freenetis-qos-sync.pid
#Load variables
if [ -f ${CONFIG} ]; then
. $CONFIG;
else
echo "No config file - giving up :-(";
exit 0
fi
start_redirection ()
{
if [ -f ${REDIRECTION_PIDFILE} ]; then
echo "Already started"
return 0
fi
echo "Adding sets.";
ipset -N whitelist iphash --hashsize 10000 --probes 4 --resize 50
ipset -N allowed iphash --hashsize 10000 --probes 8 --resize 50
ipset -N self_cancel iphash --hashsize 10000 --probes 8 --resize 50
ipset -N seen iphash --hashsize 10000 --probes 8 --resize 50
ipset -N ranges nethash --hashsize 1024 --probes 4 --resize 50
echo "Adding firewall rules.";
#Rule for allowing access. If come packet to $IP_TARGET then we add souce address do set allowed and to set seen
#Set seen is used for ip synchronization with FreenetIS.
$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --set self_cancel src -d $IP_TARGET -p tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src
#$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --set self_cancel src -d $IP_TARGET -j SET --add-set seen src
#If is IP in set whitelist or allowed then it is not redirected
#$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --set whitelist src -j ACCEPT
$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --set allowed src -j ACCEPT
#Redirect everything trafic what has destination port $PORT_WEB to $PORT_REDIRECT
$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --set ranges src -p tcp --dport $PORT_WEB -j REDIRECT --to-port $PORT_REDIRECT
#If is IP in set whitelist or allowed then it is not redirected
#$IPTABLES -i $INPUT_INTERFACE -I FORWARD 1 -m set --set whitelist src -j ACCEPT
$IPTABLES -i $INPUT_INTERFACE -I FORWARD 2 -m set --set allowed src -j ACCEPT
#Else everything drop
$IPTABLES -i $INPUT_INTERFACE -I FORWARD 3 -m set --set ranges src -j DROP
#Run update script on background
echo "Starting process."
nohup $REDIRECTION_SYNCFILE >> "$LOG_FILE" 2> /dev/null &
#Parse PID a save to file
ps -fe | grep $REDIRECTION_SYNCFILE | head -n1 | cut -d" " -f 6 > $REDIRECTION_PIDFILE
return 0
}
stop_redirection ()
{
#if [ ! -f ${REDIRECTION_PIDFILE} ]; then
# echo "Already stopped."
# return 0
#fi
#Killing of process by sigterm
echo "Killing process."
#cat $PIDFILE | xargs kill -9
#killall -q $REDIRECTION_SYNCFILE
killall freenetis_redirection_synchronization.sh
rm -f $REDIRECTION_PIDFILE
echo "Deleting firewall rules.";
#Rule for allowing access. If come packet to $IP_TARGET then we add souce address do set allowed and to set seen
#Set seen is used for ip synchronization with FreenetIS.
$IPTABLES -i $INPUT_INTERFACE -t nat -D PREROUTING -m set --set self_cancel src -d $IP_TARGET -p tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src
#$IPTABLES -i $INPUT_INTERFACE -t nat -D PREROUTING -m set --set self_cancel src -d $IP_TARGET -j SET --add-set seen src
#If is IP in set whitelist or allowed then it is not redirected
#$IPTABLES -i $INPUT_INTERFACE -t nat -D PREROUTING -m set --set whitelist src -j ACCEPT
$IPTABLES -i $INPUT_INTERFACE -t nat -D PREROUTING -m set --set allowed src -j ACCEPT
#Redirect everything traffic what has destination port $PORT_WEB to $PORT_REDIRECT
$IPTABLES -i $INPUT_INTERFACE -t nat -D PREROUTING -m set --set ranges src -p tcp --dport $PORT_WEB -j REDIRECT --to-port $PORT_REDIRECT
#If is IP in set whitelist or allowed then it is not redirected
#$IPTABLES -i $INPUT_INTERFACE -D FORWARD -m set --set whitelist src -j ACCEPT
$IPTABLES -i $INPUT_INTERFACE -D FORWARD -m set --set allowed src -j ACCEPT
#Else everything drop
$IPTABLES -i $INPUT_INTERFACE -D FORWARD -m set --set ranges src -j DROP
echo "Deleting sets.";
ipset -X whitelist
ipset -X allowed
ipset -X self_cancel
ipset -X seen
ipset -X ranges
return 0
}
status_redirection ()
{
if [ -f ${REDIRECTION_PIDFILE} ]; then
echo "Freenetis redirection is running with PID `cat $REDIRECTION_PIDFILE`"
return 0
else
echo "Freenetis redirection is not running"
return 0
fi
}
start_qos ()
{
if [ -f ${QOS_PIDFILE} ]; then
echo "Already started"
return 0
fi
echo "Starting process."
nohup $QOS_SYNCFILE update >> "$LOG_FILE" 2> /dev/null &
#Parse PID a save to file
ps aux | grep $QOS_SYNCFILE | grep -v grep | awk '{print $2}' > $QOS_PIDFILE
return 0
}
stop_qos ()
{
if [ ! -f ${QOS_PIDFILE} ]; then
echo "Already stopped"
return 0
fi
#Killing of process by sigterm
echo "Killing process."
kill -9 `cat $QOS_PIDFILE`
rm -f $QOS_PIDFILE
$QOS_SYNCFILE stop > /dev/null 2>&1 &
return 0
}
status_qos ()
{
if [ -f ${QOS_PIDFILE} ]; then
echo "Freenetis QoS is running with PID `cat $QOS_PIDFILE`"
return 0
else
echo "Freenetis QoS is not running"
return 0
fi
}
start_all ()
{
cat /dev/null > "$LOG_FILE"
start_redirection
start_qos
return 0
}
stop_all ()
{
stop_redirection
stop_qos
return 0
}
status_all ()
{
status_redirection
status_qos
return 0
}
usage_all ()
... Rozdílový soubor je zkrácen, protože jeho délka přesahuje max. limit.

Také k dispozici: Unified diff