wireless-net/trunk/sbin/gen-wlan-files.py
arekm
cvs at pld-linux.org
Thu Mar 23 21:11:01 CET 2006
Author: arekm
Date: Thu Mar 23 21:10:58 2006
New Revision: 7297
Modified:
wireless-net/trunk/sbin/gen-wlan-files.py
Log:
IMQ based limits.
Modified: wireless-net/trunk/sbin/gen-wlan-files.py
==============================================================================
--- wireless-net/trunk/sbin/gen-wlan-files.py (original)
+++ wireless-net/trunk/sbin/gen-wlan-files.py Thu Mar 23 21:10:58 2006
@@ -4,24 +4,34 @@
import string
import os
+import sys
import re
import ConfigParser
import socket
import fcntl
+debug = False
+if len(sys.argv) > 1:
+ debug = True
+
+iface_lup = "imq0"
+iface_ldown = "imq1"
+
SIOCGIWNAME = 0x8B01
def is_wireless(iface):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
- fcntl.ioctl(s.fileno(), SIOCGIWNAME, iface.strip()+(32-len(iface.strip()))*'\0')
+ fcntl.ioctl(s.fileno(), SIOCGIWNAME, iface.strip()+(32-len(iface.strip()))*'\0')
except IOError:
- s.close()
- return False
+ s.close()
+ return False
s.close()
return True
def run(cmd, failcheck=True):
+ if debug:
+ print "Running: [%s]" % (cmd)
ret = os.system(cmd)
if failcheck and ret != 0:
print "WARNING: Command [%s] failed!" % (cmd)
@@ -29,19 +39,19 @@
is_p2p = run("iptables -m p2p --help > /dev/null 2>&1", False)
if is_p2p == 0:
- is_p2p = True
- print "P2P Enabled."
+ is_p2p = True
+ print "P2P Enabled."
else:
- is_p2p = False
- print "WARNING: P2P Disabled."
+ is_p2p = False
+ print "WARNING: P2P Disabled."
is_ipp2p = run("iptables -m ipp2p --help > /dev/null 2>&1", False)
if is_ipp2p == 0:
- is_ipp2p = True
- print "IPP2P Enabled."
+ is_ipp2p = True
+ print "IPP2P Enabled."
else:
- is_ipp2p = False
- print "WARNING: IPP2P Disabled."
+ is_ipp2p = False
+ print "WARNING: IPP2P Disabled."
config = ConfigParser.ConfigParser()
config.read('/etc/wireless-net/wlan.conf')
@@ -50,11 +60,11 @@
mrtg_links_string = config.get('base', 'mrtg_links')
if mrtg_links_string:
- mrtg_links_string = string.split(mrtg_links_string, '|')
+ mrtg_links_string = string.split(mrtg_links_string, '|')
mrtg_links = []
for elem in mrtg_links_string:
mrtg_links.append(string.split(elem, ','))
-
+
pppoe_iface = config.get('base', 'pppoe_iface')
ap_iface = string.split(config.get('base', 'ap_iface'), ',')
@@ -66,21 +76,23 @@
hostname = config.get('base', 'hostname')
use_htb = config.getboolean('base', 'use_htb')
+bandwidth = 32768
ipac = False
use_ipac = False
old_ipac = False
try:
- ipac = config.get('base', 'ipac')
- use_ipac = config.getboolean('base', 'use_ipac')
- old_ipac = config.getboolean('base', 'use_old_ipac')
+ bandwidth = config.getint('base', 'bandwidth')
+ ipac = config.get('base', 'ipac')
+ use_ipac = config.getboolean('base', 'use_ipac')
+ old_ipac = config.getboolean('base', 'use_old_ipac')
except ConfigParser.NoOptionError:
- pass
+ pass
fp = open(r_cfg, "r")
fppap = open(chap_sec, "w")
fppap.write("# login host pass ip\n")
if use_ipac:
- fpipac = open(ipac, "w")
+ fpipac = open(ipac, "w")
fpoid = open(oid_cfg, "w")
fpoid.write("# IP-ADDRESS[/<mask>] USER-NAME SYSTEM-TYPE\n")
fpmrtg = open(mrtg_cfg, "w")
@@ -91,25 +103,25 @@
for elem in ifaces:
print "Writting fetchipac config for %s interface." % elem
if old_ipac:
- fpipac.write("%s_in_all|in|%s|all||\n" % (elem, elem))
- fpipac.write("%s_out_all|out|%s|all||\n" % (elem, elem))
+ fpipac.write("%s_in_all|in|%s|all||\n" % (elem, elem))
+ fpipac.write("%s_out_all|out|%s|all||\n" % (elem, elem))
else:
fpipac.write("%s_in_all|ipac~o|%s|all|||\n" % (elem, elem))
fpipac.write("%s_out_all|ipac~i|%s|all|||\n" % (elem, elem))
if is_wireless(elem):
- run("/sbin/iwspy %s off 2> /dev/null" % elem, False)
+ run("/sbin/iwspy %s off 2> /dev/null" % elem, False)
for elem in mrtg_links:
iface = elem[2]
if is_wireless(iface):
- run("/sbin/iwspy %s off 2> /dev/null" % iface, False)
-
+ run("/sbin/iwspy %s off 2> /dev/null" % iface, False)
+
for elem in mrtg_links:
host = string.strip(elem[0])
mac = string.strip(elem[1])
iface = string.strip(elem[2])
-
+
print "Writting mrtg config for %s link." % host
fpmrtg.write("\n")
@@ -127,17 +139,10 @@
fpmrtg.write("\n")
if is_wireless(iface):
- run("/sbin/iwspy %s + %s" % (iface, mac))
+ run("/sbin/iwspy %s + %s" % (iface, mac))
-for iface in ap_iface:
- print "Preparing root tc queue for %s interface." % iface
-
- run("tc qdisc del root dev %s 2> /dev/null" % iface, False)
- if use_htb:
- run("tc qdisc add dev %s root handle 1:0 htb r2q 1" % iface)
- run("tc class add dev %s parent 1:0 classid 1:1 htb rate 10mbit ceil 10mbit" % iface)
- else:
- run("tc qdisc add dev %s root handle 1:0 cbq bandwidth 10mbit avpkt 1000 mpu 64" % iface)
+run("iptables -t mangle -N customers 2> /dev/null", False)
+run("iptables -t mangle --flush customers")
run("iptables -N peer2peer 2> /dev/null", False)
run("iptables --flush peer2peer")
@@ -151,25 +156,69 @@
run("iptables -t mangle -N apchain 2> /dev/null", False)
run("iptables -t mangle --flush apchain")
+users = []
for line in fp:
c = re.compile("^\d+\s+\w+\s+\w+\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\s+\d{1,6}\s+\d{1,6}\s+[\w-]+\s+[\w:]+")
ret = c.match(line)
if ret == None:
continue
l = re.split("\s+", line)
- nr = string.strip(l[0])
- login = string.strip(l[1])
- passwd = string.strip(l[2])
- ip = string.strip(l[3])
- speed_down = string.strip(l[4])
- speed_up = string.strip(l[5])
- host = string.strip(l[6])
- mac = string.strip(l[7])
+
+ u = { 'nr': string.strip(l[0]), 'login': string.strip(l[1]), 'passwd': string.strip(l[2]),
+ 'ip': string.strip(l[3]), 'speed_down': string.strip(l[4]),
+ 'speed_up': string.strip(l[5]), 'host': string.strip(l[6]), 'mac': string.strip(l[7]) }
+ users.append(u)
+fp.close()
+
+user_bandwidth = int(bandwidth/len(users))
+if user_bandwidth < 1:
+ user_bandwidth = 1
+
+print "Bandwith total: %s, per user %s" % (str(bandwidth), str(user_bandwidth))
+
+for iface in [ iface_lup, iface_ldown ]:
+ print "Preparing root tc queue for %s interface." % iface
+ run("tc qdisc del root dev %s 2> /dev/null" % iface, False)
+ run("tc qdisc add dev %s root handle 1: htb default 2" % iface)
+ run("tc class add dev %s classid 0001:0001 root htb rate 990000kbit ceil 100000kbit quantum 12207750" % (iface))
+ run("tc class add dev %s classid 0001:0005 parent 0001:0001 htb rate %s.00kbit ceil 1400kbit quantum 174250" % (iface, bandwidth))
+
+for u in users:
+
+ nr = u['nr']
+ login = u['login']
+ passwd = u['passwd']
+ ip = u['ip']
+ speed_down = int(u['speed_down'])
+ speed_up = int(u['speed_up'])
+ host = u['host']
+ mac = u['mac']
+
+ nr_htb = "%04d" % (int(nr) + 10)
print "Running configuration for %s (%s, down %s, up %s)" % (login, ip, speed_down, speed_up)
+ # upstream
+ if speed_up > 0:
+ user_up_bandwidth = user_bandwidth
+ if user_up_bandwidth > speed_up:
+ user_up_bandwidth = speed_up
+ run("tc class add dev %s classid 0001:%s parent 0001:0005 htb rate %dkbit ceil %dkbit quantum 1500" % (iface_lup, nr_htb, user_up_bandwidth, speed_up))
+ run("tc filter add dev %s protocol ip preference 1 parent 1:0 u32 match ip src %s flowid 0001:%s" % (iface_lup, ip, nr_htb))
+ run("tc qdisc add dev %s parent 0001:%s sfq perturb 10" % (iface_lup, nr_htb))
+ run("iptables -t mangle -A customers -s %s -j IMQ --todev 0" % (ip))
+ # downstream
+ if speed_down > 0:
+ user_down_bandwidth = user_bandwidth
+ if user_down_bandwidth > speed_down:
+ user_down_bandwidth = speed_down
+ run("tc class add dev %s classid 0001:%s parent 0001:0005 htb rate %dkbit ceil %dkbit quantum 1500" % (iface_ldown, nr_htb, user_down_bandwidth, speed_down))
+ run("tc filter add dev %s protocol ip preference 1 parent 1:0 u32 match ip dst %s flowid 0001:%s" % (iface_ldown, ip, nr_htb))
+ run("tc qdisc add dev %s parent 0001:%s sfq perturb 10" % (iface_ldown, nr_htb))
+ run("iptables -t mangle -A customers -d %s -j IMQ --todev 1" % (ip))
+
if passwd != "apuser":
- fppap.write("%s\t%s\t%s\t%s\n" % (login, "\"*\"", passwd, ip))
+ fppap.write("%s\t%s\t%s\t%s\n" % (login, "\"*\"", passwd, ip))
if use_ipac:
if old_ipac:
@@ -184,8 +233,8 @@
run("iptables --flush packets_%s 2> /dev/null" % (nr), False)
run("iptables -N packets_%s 2> /dev/null" % (nr), False)
run("iptables -A packets_%s -m limit --limit 100/s -j RETURN" % (nr))
-# run("iptables -A packets_%s -p tcp -j REJECT --reject-with tcp-reset" % (nr))
-# run("iptables -A packets_%s -p udp -j REJECT --reject-with icmp-port-unreachable" % (nr))
+ # run("iptables -A packets_%s -p tcp -j REJECT --reject-with tcp-reset" % (nr))
+ # run("iptables -A packets_%s -p udp -j REJECT --reject-with icmp-port-unreachable" % (nr))
run("iptables -A packets_%s -j DROP" % (nr))
run("iptables -A packets -s %s -m mark --mark 10 -j packets_%s" % (ip, nr))
@@ -198,39 +247,24 @@
run("iptables -A packets -d %s -m ipp2p --ipp2p -j packets_%s" % (ip, nr))
if is_p2p:
- run("iptables -A peer2peer -p tcp -s %s -m connlimit --connlimit-above 10 -m p2p --p2p all -j DROP" % (ip))
+ run("iptables -A peer2peer -p tcp -s %s -m connlimit --connlimit-above 10 -m p2p --p2p all -j DROP" % (ip))
if is_ipp2p:
- run("iptables -A peer2peer -p tcp -s %s -m connlimit --connlimit-above 10 -m ipp2p --ipp2p -j DROP" % (ip))
+ run("iptables -A peer2peer -p tcp -s %s -m connlimit --connlimit-above 10 -m ipp2p --ipp2p -j DROP" % (ip))
if passwd == "apuser":
- for iface in ap_iface:
- run("ip neigh del %s dev %s" % (ip, iface))
- if mac != "any":
- run("iptables -A apchain -i %s -s %s -m mac --mac-source %s -j ACCEPT" % (iface, ip, mac))
- run("ip neigh replace %s lladdr %s dev %s" % (ip, mac, iface))
- else:
- run("iptables -A apchain -i %s -s %s -j ACCEPT" % (iface, ip))
- run("iptables -A apchain -o %s -d %s -j ACCEPT" % (iface, ip))
- if speed_down != "0":
- if use_htb:
- run("tc class add dev %s parent 1:1 classid 1:1%s htb rate %skbit ceil %skbit prio 1" % (iface, nr, speed_down, speed_down))
- run("tc qdisc add dev %s parent 1:1%s sfq perturb 10" % (iface, nr))
- else:
- run("tc class add dev %s parent 1:0 classid 1:1%s est 2sec 16sec cbq bandwidth 10mbit rate %skbit allot 1504b weight 1 prio 1 maxburst 10 avpkt 512 bounded" % (iface, nr, speed_down))
- run("tc qdisc add dev %s parent 1:1%s sfq perturb 10" % (iface, nr))
- run("tc filter add dev %s parent 1:0 protocol ip u32 match ip dst %s flowid 1:1%s" % (iface, ip, nr))
- if speed_up != "0":
- # 8 bits, 1500 bytes (average packet size)
- speed_up_sec = int(round(int(speed_up)/(8*1.5)))
- if speed_up_sec < 1:
- speed_up_sec = 1
- run("iptables -t mangle -A apchain -i %s -s %s -m limit --limit %s/s -m length --length 151:1500 -j RETURN" % (iface, ip, speed_up_sec))
- run("iptables -t mangle -A apchain -i %s -s %s -m length --length 151: -j DROP" % (iface, ip))
+ for iface in ap_iface:
+ run("ip neigh del %s dev %s" % (ip, iface))
+ if mac != "any":
+ run("iptables -A apchain -i %s -s %s -m mac --mac-source %s -j ACCEPT" % (iface, ip, mac))
+ run("ip neigh replace %s lladdr %s dev %s" % (ip, mac, iface))
+ else:
+ run("iptables -A apchain -i %s -s %s -j ACCEPT" % (iface, ip))
+ run("iptables -A apchain -o %s -d %s -j ACCEPT" % (iface, ip))
if mac == "any":
- continue
-
+ continue
+
fpmrtg.write("\n")
fpmrtg.write("Target[%s.quality]: `/etc/mrtg/scripts/mrtg-wlan-quality.sh \"%s\"`\n" % (host, mac))
fpmrtg.write("AbsMax[%s.quality]: 92\n" % host)
@@ -247,14 +281,14 @@
fpmrtg.write("\n")
if passwd != "apuser" and is_wireless(pppoe_iface):
- run("/sbin/iwspy %s + %s" % (pppoe_iface, mac))
+ run("/sbin/iwspy %s + %s" % (pppoe_iface, mac))
fpmrtg.close()
fpoid.close()
if use_ipac:
fpipac.close()
fppap.close()
-fp.close()
+run("iptables -A customers -j RETURN")
run("iptables -A packets -j RETURN")
run("iptables -A peer2peer -j RETURN")
run("iptables -A apchain -j RETURN")
More information about the pld-cvs-commit
mailing list