From 0109427ab8e219444eb74edbec3b820a8dde9b3a Mon Sep 17 00:00:00 2001
From: Jeremie Dimino <dimino@crans.org>
Date: Wed, 10 Sep 2008 01:57:09 +0200
Subject: [PATCH] qos pour le vlan radin

darcs-hash:20080909235709-af139-1ac09c4a975546fcb8a06499139f9ac5927466e5.gz
---
 gestion/config.py             |  3 +++
 gestion/gen_confs/firewall.py | 20 +++++++++++++-------
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/gestion/config.py b/gestion/config.py
index f177b868..a0655117 100644
--- a/gestion/config.py
+++ b/gestion/config.py
@@ -399,6 +399,9 @@ vlans = {
     'radin' : 6
     }
 
+# Debit max sur le vlan radin
+debit_max_radin = 1000000
+
 #######################
 ## Mail de bienvenue ##
 #######################
diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py
index 37674854..eb49b457 100755
--- a/gestion/gen_confs/firewall.py
+++ b/gestion/gen_confs/firewall.py
@@ -35,7 +35,7 @@ from ldap_crans import AssociationCrans, Machine, MachineWifi
 from affich_tools import *
 from commands import getstatusoutput
 from iptools import AddrInNet, NetSubnets, IpSubnet
-from config import NETs, mac_komaz, mac_wifi, mac_titanic, conf_fw, p2p
+from config import NETs, mac_komaz, mac_wifi, mac_titanic, conf_fw, p2p, vlans, debit_max_radin
 syslog.openlog('firewall')
 
 debug = 1
@@ -1181,13 +1181,19 @@ class firewall_sable(firewall_rouge):
                  "-j MARK --set-mark %s" % conf_fw.mark['proxy'])
         iptables("-t mangle -A PREROUTING -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
 
-        # Proxy transparent sur le vlan accueil
-        iptables("-t nat -i eth0.7 -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.51.0.1:3128")
-        iptables("-t nat -i eth0.7 -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT")
+        if_radin = "eth0.%d" % vlans["radin"]
+        if_accueil = "eth0.%d" % vlans["accueil"]
 
-        # Proxy transparent sur le vlan radin
-        iptables("-t nat -i eth0.6 -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.42.0.1:3128")
-        iptables("-t nat -i eth0.6 -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT")
+        # Proxy transparent pour les vlans radin et accueil
+        for interface in [if_radin, if_accueil]:
+            iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.51.0.1:3128" % interface)
+            iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT" % interface)
+            iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 443 -j ACCEPT" % interface)
+
+        # Limite de débit sur le vlan radin
+        tc("qdisc del dev %s root" % if_radin)
+        tc("qdisc add dev %s root htb" % if_radin)
+        tc("class add dev %s root htb rate %d ceil %d" % (if_radin, debit_max_radin, debit_max_radin))
 
     def nat_table(self):
         firewall_rouge.nat_table(self)