У нас в сети стоит шейпер, правила для него написаны с отдельном скрипте. Сказали что там траблы с груповыми pipe-ами. Например для абонентов с пакетом 128 кбит\с выделена ширина канала в 2 мб. для 512 кбит\с выделено 4 мб например. Так вот стоит задача убрать эти разграничения, чтоб все отрезали от общего канала. Проблема в том что скрипт написан на перле, а перл я нифига незнаю (а учить перл ради ради одного скрипта очень долго (!)и непродуктивно). Так вот кто знает как подойти к этой проблеме и как её исправить, буду очень благодарен !!!! Файрвол ipfw2, OC FreeBSD 5.5. Вот скрипт :
Код: Выделить всё
#!/usr/bin/perl
#
# a KoMeHTaPuu B KOI8-R
#
$unit="Kbit/s";
$install_dir="/fw/";
#$install_dir="/home/gh/";
$pidfile = $install_dir . 'fw.pid';
$ext_if='net0';
$int_if='net1';
$type='1';
$deny=1;
$start_pipe_num=2000;
$to_from_table=100;
$group_pipes_step=1000;
# MySQL
$user='fw-april';
$password='fghtkm';
$srv='DBI:mysql:billing_new:172.16.0.1:3306';
#
@mynet=("172.17.",
"172.16.");
#print @mynet;
#exit;
#
#
#
use Getopt::Long;
use DBI;
use User::pwent;
use DynaLoader;
######################################################
#
GetOptions ( "all" => \$all,
"pipe" => \$pipe,
"help" => \$help,
"debug" => \$debug );
######################################################
# for debug
if ($debug)
{
$ipfw="echo ipfw -q";
$add="echo ipfw -q add";
$del="echo ipfw -q delete";
$fwpipe="echo ipfw -q pipe";
$table="echo ipfw -q table";
$fw="/sbin/ipfw -q -f";
} else {
$ipfw="/sbin/ipfw -q";
$add="/sbin/ipfw -q add";
$del="/sbin/ipfw -q delete";
$fwpipe="/sbin/ipfw -q pipe";
$table="/sbin/ipfw -q table";
$fw="/sbin/ipfw -q -f";
}
######################################################
# ?
if (-e $pidfile) {
# PID- ,
unless (open(PIDFILE, $pidfile)) {
# , PID
print ("ERROR: old pid not read! \n");
exit(1);
}
my $oldpid=<PIDFILE>;
close PIDFILE;
# , PID
if ($oldpid > 1 && kill(0,$oldpid)) {
#
print ("ERROR: already running!");
exit(1);
} else {
# , ,
print ("WARNING: $pidfile found but fw.pl already die \n");
}
}
# PID-
open(PID, ">$pidfile") or die;
print PID $$;
close(PID);
######################################################
#
if ($help)
{
@help_text = ("
--all: reload all fw rules
--pipe: reload pipes
--help: this is text
");
print @help_text;
exit
}
######################################################
#
$deny = ($unlim_max_out_pipe - 1);
if ($all or $test)
{
@start_cmd= ("
sysctl -w net.inet.ip.fw.one_pass=0
ipfw -qf flush
ipfw -qf pipe flush
");
@stop_cmd= ("
$add 65534 deny all from any to any
");
system @start_cmd;
system @stop_cmd;
}
######################################################
$dbh = DBI->connect($srv, $user, $password, { RaiseError => 1, AutoCommit => 1}) or die;
#
$sql_groups_count="SELECT COUNT(num) FROM tariff_groups";
$sth_groups_count = $dbh->prepare($sql_groups_count);
$sth_groups_count->execute();
@groups_count=$sth_groups_count->fetchrow_array;
$groups_count=@groups_count[0];
# < >
for ($group_count=1; $group_count<=$groups_count; $group_count++) {
# --all
if ($all) {
@cmd_flush_table=("
$table $group_count flush
");
system @cmd_flush_table;
}
#
if ($all) {
$sql_to_from_net="SELECT net FROM to_from WHERE `group` = '$group_count'";
$sth_to_from_net = $dbh->prepare($sql_to_from_net);
$sth_to_from_net->execute();
$to_from=$to_from_table + $group_count;
# to_from
if ($all) {
@cmd_flush_to_from=("
$table $to_from flush
");
system @cmd_flush_to_from;
}
# < >
while (@row_to_from_net = $sth_to_from_net->fetchrow_array) {
$net=@row_to_from_net[0];
if ($net != "any") {
@cmd_to_from=("
$table $to_from add $net
");
system @cmd_to_from;
} else {
$any_group=$group_count;
}
} # </ >
}
# tariffs
$sql_tariffs="SELECT num, start, stop, pipe1, pipe2, pipe3, pipe4 FROM tariffs WHERE tariff_group = '$group_count'";
$sth_tariffs = $dbh->prepare($sql_tariffs);
$sth_tariffs->execute();
# < >
while (@row_tariffs = $sth_tariffs->fetchrow_array) {
$tariff_num=@row_tariffs[0];
$tariff_start=@row_tariffs[1];
$tariff_stop=@row_tariffs[2];
$tariff_pipe1=@row_tariffs[3];
$tariff_pipe2=@row_tariffs[4];
$tariff_pipe3=@row_tariffs[5];
$tariff_pipe4=@row_tariffs[6];
$sql_packages="SELECT num FROM packages WHERE `$group_count` = '$tariff_num'";
$sth_packages = $dbh->prepare($sql_packages);
$sth_packages->execute();
# < >
while (@row_packages = $sth_packages->fetchrow_array) {
$package_num=@row_packages[0];
#
# < >
$size = @mynet;
for ($n = 0; $n < $size; ++$n) {
if ($pipe) {
$sql_users="SELECT num, ip, old_package, mode FROM users WHERE package = '$package_num' AND con = 'ch' AND ip like '$mynet[$n]%' ORDER BY num ASC";
} else {
$sql_users="SELECT num, ip FROM users WHERE package = '$package_num' AND mode = '1' AND ip like '$mynet[$n]%' ORDER BY num ASC";
}
$sth_users = $dbh->prepare($sql_users);
$sth_users->execute();
# < >
while (@row_users = $sth_users->fetchrow_array) {
$user_num=@row_users[0];
$user_ip=@row_users[1];
if ($pipe) {
$old_package=@row_users[2];
$user_mode=@row_users[3];
if ($work_ip != $user_ip) {
for ($ngroup_count=1; $ngroup_count<=$groups_count; $ngroup_count++) {
#print ("$ngroup_count \n");
#
$sql_old_tariff="SELECT `$ngroup_count` FROM packages WHERE num = '$old_package'";
$sth_old_tariff = $dbh->prepare($sql_old_tariff);
$sth_old_tariff->execute();
@old_tariff = $sth_old_tariff->fetchrow_array;
$old_tariff=@old_tariff[0];
#print ("$old_tariff $sql_old_tariff \n");
if ($old_tariff != 0) {
@cmd_delete_user=("
$table $ngroup_count delete $user_ip
");
system @cmd_delete_user;
$work_ip = $user_ip;
}
}
}
}
if ($all or ($pipe and $user_mode==1)) {
#
@cmd_add_user=("
$table $group_count add $user_ip $tariff_num
");
system @cmd_add_user;
}
} # </ >
} # </ >
} # </ >
#print ("$group_count \n");
if ( $group_count == 1) {
$pipe_num = $start_pipe_num;
$allow_num = $start_pipe_num + ($group_pipes_step * 0.5);
# $done=1;
} else {
$pipe_num = $start_pipe_num + $group_pipes_step * ($group_count - 1);
$allow_num = $pipe_num + ($group_pipes_step * 0.5);
}
$o_pipe_num = $pipe_num + 2 * $tariff_num;
$i_pipe_num = $o_pipe_num - 1;
$o_allow_num = $allow_num + 2 * $tariff_num;
$i_allow_num = $o_allow_num - 1;
($M, $H) = (localtime)[1,2];
# $H = 7;
# $M = 3;
if (($tariff_start == $H and $M <= 5) or ($tariff_stop + 1 == $H and $M <= 5)) {
$pipe_i=$tariff_pipe3;
$pipe_o=$tariff_pipe4;
} else {
$pipe_i=$tariff_pipe1;
$pipe_o=$tariff_pipe1;
}
#print ("$i_pipe_num \n");
#
if ($all and !$pipe) {
print ("$i_pipe_num \n");
if (!$any_group) {
@cmd_add_pipe=("
$add $i_pipe_num pipe $i_pipe_num all from table'($to_from)' to table'($group_count, $tariff_num)' in via $ext_if
$fwpipe $i_pipe_num config mask dst-ip 0x00ffffff bw $pipe_i$unit
$add $i_allow_num allow all from table'($to_from)' to table'($group_count, $tariff_num)' in via $ext_if
$add $o_pipe_num pipe $o_pipe_num all from table'($group_count, $tariff_num)' to table'($to_from)' out via $ext_if
$fwpipe $o_pipe_num config mask src-ip 0x00ffffff bw $pipe_o$unit
$add $o_allow_num allow all from table'($group_count, $tariff_num)' to table'($to_from)' out via $ext_if
"); } else {
@cmd_add_pipe=("
$add $i_pipe_num pipe $i_pipe_num all from any to table'($group_count, $tariff_num)' in via $ext_if
$fwpipe $i_pipe_num config mask dst-ip 0x00ffffff bw $pipe_i$unit
$add $i_allow_num allow all from any to table'($group_count, $tariff_num)' in via $ext_if
$add $o_pipe_num pipe $o_pipe_num all from table'($group_count, $tariff_num)' to any out via $ext_if
$fwpipe $o_pipe_num config mask src-ip 0x00ffffff bw $pipe_o$unit
$add $o_allow_num allow all from table'($group_count, $tariff_num)' to any out via $ext_if
");
}
} elsif ($pipe and !$all) {
if ($tariff_pipe3 and $tariff_pipe4) {
#print ("$tariff_num $pipe_i \n");
if (($tariff_start == $H and $M <= 5) or ($tariff_stop == $H and $M <= 5)) {
#
@cmd_add_pipe=("
$fwpipe $i_pipe_num config mask dst-ip 0x00ffffff bw $pipe_i$unit
$fwpipe $o_pipe_num config mask src-ip 0x00ffffff bw $pipe_o$unit
");
}
}
}
system @cmd_add_pipe;
} # </ >
if ($all) {
$sql_groups_pipe="SELECT pipe1, pipe2, skipto FROM tariff_groups WHERE num = '$group_count'";
print ("!grp $group_count $any_group \n");
$sth_groups_pipe=$dbh->prepare($sql_groups_pipe);
$sth_groups_pipe->execute();
@row_groups_pipe = $sth_groups_pipe->fetchrow_array;
$end_pipe1=@row_groups_pipe[0];
$end_pipe2=@row_groups_pipe[1];
$skipto=@row_groups_pipe[2];
#print ("skipto $skipto \n");
$rule_num_end_skipto = $start_pipe_num + ($group_pipes_step * $group_count) - 1;
if ( $group_count == 1) {
$end_pipe = $start_pipe_num + (($group_pipes_step * 0.5) * $group_count);
} else {
$end_pipe = $end_pipe + $group_pipes_step;
}
$rule_o_num_end_pipe = $end_pipe;
$rule_i_num_end_pipe = $end_pipe - 1;
if (!$any_group) {
@cmd_add_end_pipe=("
$add $rule_o_num_end_pipe pipe $rule_o_num_end_pipe all from table'($group_count)' to table'($to_from)' out via $ext_if
$add $rule_i_num_end_pipe pipe $rule_i_num_end_pipe all from table'($to_from)' to table'($group_count)' in via $ext_if
$fwpipe $rule_i_num_end_pipe config bw $end_pipe1$unit
$fwpipe $rule_o_num_end_pipe config bw $end_pipe2$unit
"); } else {
@cmd_add_end_pipe=("
$add $rule_o_num_end_pipe pipe $rule_o_num_end_pipe all from table'($group_count)' to any out via $ext_if
$add $rule_i_num_end_pipe pipe $rule_i_num_end_pipe all from any to table'($group_count)' in via $ext_if
$fwpipe $rule_i_num_end_pipe config bw $end_pipe1$unit
$fwpipe $rule_o_num_end_pipe config bw $end_pipe2$unit
");
}
# system @cmd_add_end_pipe;
#
print ("skipto $skipto \n");
if ($skipto != 0) {
$end_skipto = $start_pipe_num + ($group_pipes_step * ($skipto - 1));
$rule_end_skipto = $start_pipe_num - 1 + ($group_pipes_step * $group_count);
@cmd_end_skipto=("
$add $rule_end_skipto skipto $end_skipto all from any to any
");
system @cmd_end_skipto;
}
}
} # </ >
# ?
for ($n = 0; $n < $size; ++$n) {
$sql_null_con="UPDATE users SET con = '' WHERE ip like '$mynet[$n]%'";
$sth_null_con=$dbh->prepare($sql_null_con);
$sth_null_con->execute();
}
######################################################
unlink $pidfile;
exit(0);