function add_classes($service_id, $dev, $handle) { if ($GLOBALS["TC"] == null) { $unix = new unix(); $GLOBALS["TC"] = $unix->find_program("tc"); } $sql = "SELECT * FROM qos_class WHERE service_id={$service_id} AND enabled=1 ORDER BY prio"; $q = new mysql(); $results = $q->QUERY_SQL($sql, 'artica_backup'); $pri = 0; // kbit //kbps while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) { $pri++; //$ligne["rate"]=$ligne["rate"]/8; //$ligne["ceil"]=$ligne["ceil"]/8; $cmd = "{$GLOBALS["TC"]} class add dev {$dev} parent {$handle}: classid {$handle}:{$ligne["ID"]}0 htb rate {$ligne["rate"]}kbps ceil {$ligne["ceil"]}kbps prio {$pri}"; echo "Starting......: " . date("H:i:s") . " Q.O.S class \"{$ligne["name"]}\"\n"; $GLOBALS["COMMANDS"][] = $cmd; $cmd = "{$GLOBALS["TC"]} qdisc add dev {$dev} parent {$handle}:{$ligne["ID"]}0 handle {$ligne["ID"]}0: sfq perturb 10"; $GLOBALS["COMMANDS"][] = $cmd; $cmd = "{$GLOBALS["TC"]} filter add dev {$dev} parent {$handle}:0 protocol ip handle {$pri}0 fw flowid {$handle}:{$ligne["ID"]}0"; $GLOBALS["COMMANDS"][] = $cmd; iptables_rules($ligne["ID"], "{$handle}:{$ligne["ID"]}0", $dev, "{$pri}0"); } }
function enable_transparent() { $squid = new squidbee(); $unix = new unix(); $sock = new sockets(); $SquidBinIpaddr = trim($sock->GET_INFO("SquidBinIpaddr")); if ($SquidBinIpaddr == null) { $SquidBinIpaddr = "0.0.0.0"; } $UseTProxyMode = $sock->GET_INFO("UseTProxyMode"); if (!is_numeric($UseTProxyMode)) { $UseTProxyMode = 0; } $EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot"); $ssl_port = $squid->get_ssl_port(); if (!is_numeric($squid->listen_port)) { $squid->listen_port = 3128; } $listen_ssl_port = $squid->listen_port + 1; $SSL_BUMP = $squid->SSL_BUMP; $iptables = $unix->find_program("iptables"); $sysctl = $unix->find_program("sysctl"); $ips = $unix->ifconfig_interfaces_list(); $KernelSendRedirects = $sock->GET_INFO("KernelSendRedirects"); if (!is_numeric($KernelSendRedirects)) { $KernelSendRedirects = 1; } if (!is_numeric($EnableArticaHotSpot)) { $EnableArticaHotSpot = 0; } $php = $unix->LOCATE_PHP5_BIN(); $sh[] = script_startfile(); if ($EnableArticaHotSpot == 1) { build_progress("HotSpot is enabled, aborting", 110); $sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: HotSpot system is enabled\""; $sh[] = "{$php} /usr/share/artica-postfix/exec.squid.transparent.delete.php || true"; $sh[] = script_endfile(); @file_put_contents("/etc/init.d/tproxy", @implode("\n", $sh)); script_install(); return; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " ebtables...\n"; } build_progress("Checking ebtables rules", 20); $sh[] = ebtables_rules(); build_progress("Checking ebtables rules {done}", 25); $q = new mysql_squid_builder(); $sql = "SELECT COUNT(*) as tcount FROM transparent_networks WHERE `enabled`=1"; $ligne = mysql_fetch_array($q->QUERY_SQL($sql)); if ($ligne["tcount"] > 0) { build_progress("Checking iptables rules", 30); iptables_rules(); build_progress("Checking iptables rules {done}", 50); return; } build_progress("Building default script...", 35); $sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode:Removing Iptables rules\""; $sh[] = "{$php} /usr/share/artica-postfix/exec.squid.transparent.delete.php || true"; $sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: Patching kernel\""; $sh[] = "{$sysctl} -w net.ipv4.ip_forward=1 2>&1"; $sh[] = "{$sysctl} -w net.ipv4.conf.default.send_redirects={$KernelSendRedirects} 2>&1"; $sh[] = "{$sysctl} -w net.ipv4.conf.all.send_redirects={$KernelSendRedirects} 2>&1"; if (is_file("/proc/sys/net/ipv4/conf/eth0/send_redirects")) { $sh[] = "{$sysctl} -w net.ipv4.conf.eth0.send_redirects={$KernelSendRedirects} 2>&1"; } $sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: Enable rules\""; unset($ips["127.0.0.1"]); unset($ips["lo"]); $sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: enabled in transparent mode in {$squid->listen_port} Port (SSL_BUMP={$SSL_BUMP}) SSL PORT:{$ssl_port}\""; $sh[] = "{$GLOBALS["echobin"]} \"Transparent mode: enable the gateway mode...\""; $sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: KernelSendRedirects = {$KernelSendRedirects}...\""; if ($UseTProxyMode == 1) { $sh[] = "{$GLOBALS["echobin"]} \"Squid Transparent mode: Activate TProxy mode...\""; } $chilli = $unix->find_program("chilli"); $EnableChilli = $sock->GET_INFO("EnableChilli"); if (!is_numeric($EnableChilli)) { $EnableChilli = 0; } if (!is_file($chilli)) { $EnableChilli = 0; } if ($EnableChilli == 1) { return; } if ($SquidBinIpaddr == "0.0.0.0") { $SquidBinIpaddr = null; } if ($SquidBinIpaddr == "127.0.0.1") { $SquidBinIpaddr = null; } if ($SquidBinIpaddr != null) { $ips = array(); $ips["eth0"] = $SquidBinIpaddr; } if ($UseTProxyMode == 1) { $sh[] = "{$iptables} -t mangle -N DIVERT -m comment --comment \"ArticaSquidTransparent\" || true"; $sh[] = "{$iptables} -t mangle -A DIVERT -j MARK --set-mark 1 -m comment --comment \"ArticaSquidTransparent\" || true"; $sh[] = "{$iptables} -t mangle -A DIVERT -j ACCEPT -m comment --comment \"ArticaSquidTransparent\" || true"; $sh[] = "{$iptables} -t mangle -A PREROUTING -p tcp -m socket -j DIVERT -m comment --comment \"ArticaSquidTransparent\" || true"; $sh[] = "{$iptables} -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port {$squid->listen_port} -m comment --comment \"ArticaSquidTransparent\" || true"; return; } $IPTABLES = $iptables; $INPUTINTERFACE = "eth0"; $MARKLOG = "-m comment --comment \"ArticaSquidTransparent\""; $SQUIDPORT = $squid->listen_port; $EnableNatProxy = intval($sock->GET_INFO("EnableNatProxy")); $NatProxyServer = $sock->GET_INFO("NatProxyServer"); $NatProxyPort = intval($sock->GET_INFO("NatProxyPort")); $sh[] = "# " . __LINE__ . " EnableNatProxy = {$EnableNatProxy}"; $JREDIRECT_TEXT = "-j REDIRECT --to-port {$SQUIDPORT}"; $JREDIRECTSSL_TEXT = "-j REDIRECT --to-port {$ssl_port}"; if ($EnableNatProxy == 1) { $JREDIRECT_TEXT = "-j DNAT --to {$NatProxyServer}:{$NatProxyPort}"; $JREDIRECTSSL_TEXT = "-j DNAT --to {$NatProxyServer}:{$NatProxySSLPort}"; } while (list($interface, $ip) = each($ips)) { $SQUIDIP = $ip; if (preg_match("#^ham#", $interface)) { $sh[] = "{$GLOBALS["echobin"]} \"Starting......: " . date("H:i:s") . " Squid Transparent mode: Squid Transparent mode: skipping {$interface} interface\""; continue; } $sh[] = "{$GLOBALS["echobin"]} \"Starting......: " . date("H:i:s") . " Squid Transparent Interface:{$interface} Adding ipTables rules for {$ip}\""; if (!$GLOBALS["EBTABLES"]) { $sh[] = "{$iptables} -t nat -A PREROUTING -s {$SQUIDIP} -p tcp --dport 80 -j ACCEPT {$MARKLOG} || true"; } if (!$GLOBALS["EBTABLES"]) { if ($SSL_BUMP == 1) { $sh[] = "{$iptables} -t nat -A PREROUTING -s {$SQUIDIP} -p tcp --dport 443 -j ACCEPT {$MARKLOG} || true"; } } } $sh[] = "{$iptables} -t nat -A PREROUTING -p tcp --dport 80 {$JREDIRECT_TEXT} {$MARKLOG} || true"; if ($SSL_BUMP == 1) { $sh[] = "{$iptables} -t nat -A PREROUTING -p tcp --dport 443 {$JREDIRECTSSL_TEXT} {$MARKLOG} || true"; } if (!$GLOBALS["EBTABLES"]) { $sh[] = "{$iptables} -t nat -A POSTROUTING -j MASQUERADE {$MARKLOG} || true"; } if (!$GLOBALS["EBTABLES"]) { $sh[] = "{$iptables} -t mangle -A PREROUTING -p tcp --dport {$SQUIDPORT} -j DROP {$MARKLOG} || true"; } if (!$GLOBALS["EBTABLES"]) { if ($SSL_BUMP == 1) { if (!$GLOBALS["EBTABLES"]) { $sh[] = "{$iptables} -t mangle -A PREROUTING -p tcp --dport {$ssl_port} -j DROP {$MARKLOG} || true"; } } } ///iptables -t nat -I POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT --to iptables-box $sh[] = script_endfile(); @file_put_contents("/etc/init.d/tproxy", @implode("\n", $sh)); build_progress("Installing default script...", 40); script_install(); build_progress("Default script...{done}", 50); }