[firewall_new] On crée une classe par default de QoS prioritaire au début du chargement du firewall pour limiter le débit total, on ne crée la classe de chaque adhérent qu'à la fin du chargement du firewall. Ajout d'une fonction reload_qos qui ne recharche que la QoS pour le traffic shapping à venir.
Ignore-this: 2db593b54f3732748df879a7eda24d8f darcs-hash:20120216175537-3a55a-1289d6d7ca04ec8aa3892ebfc94aa19f52d16f0d.gz
This commit is contained in:
Valentin Samir
parent
5ab2c96710
commit
ccec4ca67e
1 changed files with 42 additions and 7 deletions
|
|
@ -165,6 +165,10 @@ class firewall_crans :
|
|||
from lock import remove_lock
|
||||
remove_lock('firewall')
|
||||
|
||||
def reload_qos(self):
|
||||
"""Recherche la QoS"""
|
||||
return
|
||||
|
||||
def mangle_table(self) :
|
||||
""" Remplit la table mangle """
|
||||
return
|
||||
|
|
@ -479,7 +483,13 @@ class firewall_komaz(firewall_crans) :
|
|||
self.anim.reinit()
|
||||
print OK
|
||||
|
||||
|
||||
def reload_qos(self):
|
||||
self.mangle_table()
|
||||
self.qos()
|
||||
|
||||
def mangle_table(self):
|
||||
|
||||
self.anim = anim('\tStructure de la table mangle')
|
||||
|
||||
# On vide complètement la table
|
||||
|
|
@ -503,6 +513,7 @@ class firewall_komaz(firewall_crans) :
|
|||
# Parametres pour iptables/tc
|
||||
mark = conf_fw.mark['bittorrent']
|
||||
debit_max = conf_fw.debit_max
|
||||
debit_max_semi=debit_max/2
|
||||
eth_ext = self.eth_ext
|
||||
eth_int = self.eth_int
|
||||
|
||||
|
|
@ -522,6 +533,8 @@ class firewall_komaz(firewall_crans) :
|
|||
|
||||
warn = ''
|
||||
|
||||
# pas de QoS pour la zone ens
|
||||
iptables("-t mangle -A POSTROUTING -d 138.231.0.0/16 -s 138.231.0.0/16 -j RETURN")
|
||||
# Par défaut, on envoit les paquets dans la classe 9998
|
||||
for net in NETs['all']:
|
||||
iptables("-t mangle -A POSTROUTING -o %(eth_int)s -d %(net)s "
|
||||
|
|
@ -544,10 +557,11 @@ class firewall_komaz(firewall_crans) :
|
|||
redirect_chain('mangle', prev_chain, next_chain, subnet)
|
||||
print OK
|
||||
|
||||
adherents = db.search('paiement=ok')['adherent']
|
||||
debit_adh = int(debit_max / float(len(adherents)))
|
||||
|
||||
self.anim = anim('\tGénération des classes de QoS', len(adherents))
|
||||
self.anim = anim('\tLimitation du debit')
|
||||
adherents = db.search('paiement=ok')['adherent']
|
||||
self.adherents=adherents
|
||||
debit_adh = int(debit_max / float(len(adherents)))
|
||||
|
||||
# Création des classes et qdisc
|
||||
for interface in [eth_ext, eth_int]:
|
||||
|
|
@ -567,15 +581,33 @@ class firewall_komaz(firewall_crans) :
|
|||
"handle 9999: sfq perturb 10" % locals())
|
||||
debit_ftp = 1000 # kbps
|
||||
tc("class add dev %(interface)s parent 1:1 classid 1:9997 "
|
||||
"htb rate %(debit_ftp)skbps ceil %(debit_max)skbps" % locals())
|
||||
"htb rate %(debit_ftp)skbps ceil %(debit_max_semi)skbps prio 1" % locals())
|
||||
tc("qdisc add dev %(interface)s parent 1:9997 "
|
||||
"handle 9997: sfq perturb 10" % locals())
|
||||
|
||||
tc("class add dev %(interface)s parent 1:1 classid 1:9998 "
|
||||
"htb rate %(debit_adh)skbps ceil %(debit_max)skbps" % locals())
|
||||
"htb rate %(debit_adh)skbps ceil %(debit_max_semi)skbps prio 0" % locals())
|
||||
tc("qdisc add dev %(interface)s parent 1:9998 "
|
||||
"handle 9998: sfq perturb 10" % locals())
|
||||
print OK
|
||||
|
||||
def qos(self):
|
||||
|
||||
if len(self.adherents) == 0 :
|
||||
self.mangle_table()
|
||||
|
||||
# Parametres pour iptables/tc
|
||||
mark = conf_fw.mark['bittorrent']
|
||||
debit_max = conf_fw.debit_max
|
||||
debit_max_semi=debit_max/2
|
||||
eth_ext = self.eth_ext
|
||||
eth_int = self.eth_int
|
||||
|
||||
adherents = self.adherents
|
||||
debit_adh = int(debit_max / float(len(adherents)))
|
||||
|
||||
|
||||
self.anim = anim('\tGénération des classes de QoS', len(adherents))
|
||||
# On construit ensuite les classes et qdisc pour chaque adhérent
|
||||
for adherent in adherents:
|
||||
self.anim.cycle()
|
||||
|
|
@ -585,7 +617,7 @@ class firewall_komaz(firewall_crans) :
|
|||
qdisc_id = class_id
|
||||
for interface in [self.eth_ext, self.eth_int]:
|
||||
tc("class add dev %(interface)s parent 1:1 classid 1:%(class_id)d "
|
||||
"htb rate %(debit_adh)skbps ceil %(debit_max)skbps" % locals())
|
||||
"htb rate %(debit_adh)skbps ceil %(debit_max)skbps prio 1" % locals())
|
||||
tc("qdisc add dev %(interface)s parent 1:%(class_id)d "
|
||||
"handle %(qdisc_id)d: sfq perturb 10" % locals())
|
||||
|
||||
|
|
@ -637,6 +669,8 @@ class firewall_komaz(firewall_crans) :
|
|||
self.anim = anim('\tStructure de la table filter')
|
||||
for chaine in [ 'TEST_MAC-IP', 'RESEAUX_NON_ROUTABLES_SRC', 'RESEAUX_NON_ROUTABLES_DST' ] :
|
||||
iptables('-t filter -N %s' % chaine)
|
||||
|
||||
|
||||
iptables("-A FORWARD -i lo -j ACCEPT")
|
||||
iptables("-A FORWARD -p icmp -j ACCEPT")
|
||||
iptables("-A FORWARD -i tun-ovh -j ACCEPT")
|
||||
|
|
@ -833,6 +867,7 @@ class firewall_komaz(firewall_crans) :
|
|||
self.exception_catcher(self.ext_vers_crans)
|
||||
self.exception_catcher(self.test_mac_ip)
|
||||
self.exception_catcher(self.filtre_p2p)
|
||||
self.exception_catcher(self.qos)
|
||||
|
||||
def serveurs_maj_list_to_do(self) :
|
||||
self.exception_catcher(self.serveurs_vers_ext)
|
||||
|
|
@ -1418,7 +1453,7 @@ if __name__ == '__main__' :
|
|||
fw = eval('firewall_%s()' % hostname)
|
||||
chaines = []
|
||||
for nom in dir(fw) :
|
||||
if nom in [ 'log_chaines' , 'test_virus_flood', 'reseaux_non_routables', 'test_mac_ip' , 'blacklist' , 'ext_vers_serveurs' , 'serveurs_vers_ext', 'ext_vers_crans', 'crans_vers_ext' , 'filtre_p2p', 'admin_vlan' , 'serv_out_adm', 'mangle_table', 'classes_p2p_maj' ] :
|
||||
if nom in [ 'log_chaines' , 'test_virus_flood', 'reseaux_non_routables', 'test_mac_ip' , 'blacklist' , 'ext_vers_serveurs' , 'serveurs_vers_ext', 'ext_vers_crans', 'crans_vers_ext' , 'filtre_p2p', 'admin_vlan' , 'serv_out_adm', 'mangle_table', 'classes_p2p_maj','reload_qos' ] :
|
||||
chaines.append(nom)
|
||||
|
||||
def __usage(txt=None) :
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue