function add_classes($service_id, $dev, $handle)
{
if ($GLOBALS["TC"] == null) {
$unix = new unix();
$GLOBALS["TC"] = $unix->find_program("tc");
}
$sql = "SELECT * FROM qos_class WHERE service_id={$service_id} AND enabled=1 ORDER BY prio";
$q = new mysql();
$results = $q->QUERY_SQL($sql, 'artica_backup');
$pri = 0;
// kbit //kbps
while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) {
$pri++;
//$ligne["rate"]=$ligne["rate"]/8;
//$ligne["ceil"]=$ligne["ceil"]/8;
$cmd = "{$GLOBALS["TC"]} class add dev {$dev} parent {$handle}: classid {$handle}:{$ligne["ID"]}0 htb rate {$ligne["rate"]}kbps ceil {$ligne["ceil"]}kbps prio {$pri}";
echo "Starting......: " . date("H:i:s") . " Q.O.S class \"{$ligne["name"]}\"\n";
$GLOBALS["COMMANDS"][] = $cmd;
$cmd = "{$GLOBALS["TC"]} qdisc add dev {$dev} parent {$handle}:{$ligne["ID"]}0 handle {$ligne["ID"]}0: sfq perturb 10";
$GLOBALS["COMMANDS"][] = $cmd;
$cmd = "{$GLOBALS["TC"]} filter add dev {$dev} parent {$handle}:0 protocol ip handle {$pri}0 fw flowid {$handle}:{$ligne["ID"]}0";
$GLOBALS["COMMANDS"][] = $cmd;
iptables_rules($ligne["ID"], "{$handle}:{$ligne["ID"]}0", $dev, "{$pri}0");
}
}
function enable_transparent()
{
$squid = new squidbee();
$unix = new unix();
$sock = new sockets();
$SquidBinIpaddr = trim($sock->GET_INFO("SquidBinIpaddr"));
if ($SquidBinIpaddr == null) {
$SquidBinIpaddr = "0.0.0.0";
}
$UseTProxyMode = $sock->GET_INFO("UseTProxyMode");
if (!is_numeric($UseTProxyMode)) {
$UseTProxyMode = 0;
}
$EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot");
$ssl_port = $squid->get_ssl_port();
if (!is_numeric($squid->listen_port)) {
$squid->listen_port = 3128;
}
$listen_ssl_port = $squid->listen_port + 1;
$SSL_BUMP = $squid->SSL_BUMP;
$iptables = $unix->find_program("iptables");
$sysctl = $unix->find_program("sysctl");
$ips = $unix->ifconfig_interfaces_list();
$KernelSendRedirects = $sock->GET_INFO("KernelSendRedirects");
if (!is_numeric($KernelSendRedirects)) {
$KernelSendRedirects = 1;
}
if (!is_numeric($EnableArticaHotSpot)) {
$EnableArticaHotSpot = 0;
}
$php = $unix->LOCATE_PHP5_BIN();
$sh[] = script_startfile();
if ($EnableArticaHotSpot == 1) {
build_progress("HotSpot is enabled, aborting", 110);
$sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: HotSpot system is enabled\"";
$sh[] = "{$php} /usr/share/artica-postfix/exec.squid.transparent.delete.php || true";
$sh[] = script_endfile();
@file_put_contents("/etc/init.d/tproxy", @implode("\n", $sh));
script_install();
return;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " ebtables...\n";
}
build_progress("Checking ebtables rules", 20);
$sh[] = ebtables_rules();
build_progress("Checking ebtables rules {done}", 25);
$q = new mysql_squid_builder();
$sql = "SELECT COUNT(*) as tcount FROM transparent_networks WHERE `enabled`=1";
$ligne = mysql_fetch_array($q->QUERY_SQL($sql));
if ($ligne["tcount"] > 0) {
build_progress("Checking iptables rules", 30);
iptables_rules();
build_progress("Checking iptables rules {done}", 50);
return;
}
build_progress("Building default script...", 35);
$sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode:Removing Iptables rules\"";
$sh[] = "{$php} /usr/share/artica-postfix/exec.squid.transparent.delete.php || true";
$sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: Patching kernel\"";
$sh[] = "{$sysctl} -w net.ipv4.ip_forward=1 2>&1";
$sh[] = "{$sysctl} -w net.ipv4.conf.default.send_redirects={$KernelSendRedirects} 2>&1";
$sh[] = "{$sysctl} -w net.ipv4.conf.all.send_redirects={$KernelSendRedirects} 2>&1";
if (is_file("/proc/sys/net/ipv4/conf/eth0/send_redirects")) {
$sh[] = "{$sysctl} -w net.ipv4.conf.eth0.send_redirects={$KernelSendRedirects} 2>&1";
}
$sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: Enable rules\"";
unset($ips["127.0.0.1"]);
unset($ips["lo"]);
$sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: enabled in transparent mode in {$squid->listen_port} Port (SSL_BUMP={$SSL_BUMP}) SSL PORT:{$ssl_port}\"";
$sh[] = "{$GLOBALS["echobin"]} \"Transparent mode: enable the gateway mode...\"";
$sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: KernelSendRedirects = {$KernelSendRedirects}...\"";
if ($UseTProxyMode == 1) {
$sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: Activate TProxy mode...\"";
}
$chilli = $unix->find_program("chilli");
$EnableChilli = $sock->GET_INFO("EnableChilli");
if (!is_numeric($EnableChilli)) {
$EnableChilli = 0;
}
if (!is_file($chilli)) {
$EnableChilli = 0;
}
if ($EnableChilli == 1) {
return;
}
if ($SquidBinIpaddr == "0.0.0.0") {
$SquidBinIpaddr = null;
}
if ($SquidBinIpaddr == "127.0.0.1") {
$SquidBinIpaddr = null;
}
if ($SquidBinIpaddr != null) {
$ips = array();
$ips["eth0"] = $SquidBinIpaddr;
}
if ($UseTProxyMode == 1) {
$sh[] = "{$iptables} -t mangle -N DIVERT -m comment --comment \"ArticaSquidTransparent\" || true";
$sh[] = "{$iptables} -t mangle -A DIVERT -j MARK --set-mark 1 -m comment --comment \"ArticaSquidTransparent\" || true";
$sh[] = "{$iptables} -t mangle -A DIVERT -j ACCEPT -m comment --comment \"ArticaSquidTransparent\" || true";
$sh[] = "{$iptables} -t mangle -A PREROUTING -p tcp -m socket -j DIVERT -m comment --comment \"ArticaSquidTransparent\" || true";
$sh[] = "{$iptables} -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port {$squid->listen_port} -m comment --comment \"ArticaSquidTransparent\" || true";
return;
}
$IPTABLES = $iptables;
$INPUTINTERFACE = "eth0";
$MARKLOG = "-m comment --comment \"ArticaSquidTransparent\"";
$SQUIDPORT = $squid->listen_port;
$EnableNatProxy = intval($sock->GET_INFO("EnableNatProxy"));
$NatProxyServer = $sock->GET_INFO("NatProxyServer");
$NatProxyPort = intval($sock->GET_INFO("NatProxyPort"));
$sh[] = "# " . __LINE__ . " EnableNatProxy = {$EnableNatProxy}";
$JREDIRECT_TEXT = "-j REDIRECT --to-port {$SQUIDPORT}";
$JREDIRECTSSL_TEXT = "-j REDIRECT --to-port {$ssl_port}";
if ($EnableNatProxy == 1) {
$JREDIRECT_TEXT = "-j DNAT --to {$NatProxyServer}:{$NatProxyPort}";
$JREDIRECTSSL_TEXT = "-j DNAT --to {$NatProxyServer}:{$NatProxySSLPort}";
}
while (list($interface, $ip) = each($ips)) {
$SQUIDIP = $ip;
if (preg_match("#^ham#", $interface)) {
$sh[] = "{$GLOBALS["echobin"]} \"Starting......: " . date("H:i:s") . " Squid Transparent mode: Squid Transparent mode: skipping {$interface} interface\"";
continue;
}
$sh[] = "{$GLOBALS["echobin"]} \"Starting......: " . date("H:i:s") . " Squid Transparent Interface:{$interface} Adding ipTables rules for {$ip}\"";
if (!$GLOBALS["EBTABLES"]) {
$sh[] = "{$iptables} -t nat -A PREROUTING -s {$SQUIDIP} -p tcp --dport 80 -j ACCEPT {$MARKLOG} || true";
}
if (!$GLOBALS["EBTABLES"]) {
if ($SSL_BUMP == 1) {
$sh[] = "{$iptables} -t nat -A PREROUTING -s {$SQUIDIP} -p tcp --dport 443 -j ACCEPT {$MARKLOG} || true";
}
}
}
$sh[] = "{$iptables} -t nat -A PREROUTING -p tcp --dport 80 {$JREDIRECT_TEXT} {$MARKLOG} || true";
if ($SSL_BUMP == 1) {
$sh[] = "{$iptables} -t nat -A PREROUTING -p tcp --dport 443 {$JREDIRECTSSL_TEXT} {$MARKLOG} || true";
}
if (!$GLOBALS["EBTABLES"]) {
$sh[] = "{$iptables} -t nat -A POSTROUTING -j MASQUERADE {$MARKLOG} || true";
}
if (!$GLOBALS["EBTABLES"]) {
$sh[] = "{$iptables} -t mangle -A PREROUTING -p tcp --dport {$SQUIDPORT} -j DROP {$MARKLOG} || true";
}
if (!$GLOBALS["EBTABLES"]) {
if ($SSL_BUMP == 1) {
if (!$GLOBALS["EBTABLES"]) {
$sh[] = "{$iptables} -t mangle -A PREROUTING -p tcp --dport {$ssl_port} -j DROP {$MARKLOG} || true";
}
}
}
///iptables -t nat -I POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT --to iptables-box
$sh[] = script_endfile();
@file_put_contents("/etc/init.d/tproxy", @implode("\n", $sh));
build_progress("Installing default script...", 40);
script_install();
build_progress("Default script...{done}", 50);
}
