Traffic Control

ipcop 1.4.x Traffic Shaping

#!/bin/sh
#
# ipcop 1.4.x Traffic Shaping
#
# execute script from command line
# distributed under GPL License
# author: Allan Kissack 2005
# 
# Based on Coyote QOS init scripts 
#
IF_LOCAL=eth0
IF_INET=eth1
IF_DMZ=eth2
FULLDOWN=2048kbit
FULLUP=256kbit
HIDOWN=2036kbit
HIUP=219kbit
HIDRATE=509kbit
HIURATE=54kbit
MIDDOWN=1100kbit
MIDUP=150kbit
MIDDRATE=256kbit
MIDURATE=40kbit
LOWDOWN=900kbit
LOWUP=90kbit
LOWDRATE=200kbit
LOWURATE=20kbit
SLOWDOWN=750kbit
SLOWUP=45kbit
SLOWDRATE=100kbit
SLOWURATE=11kbit
LANSPEED=100mbit
#
echo "* Deleting old QOS classes and root filters"
/sbin/tc qdisc  del dev $IF_LOCAL root 2>/dev/null
/sbin/tc qdisc  del dev $IF_INET  root 2>/dev/null
/sbin/tc qdisc  del dev $IF_DMZ   root 2>/dev/null
# echo "* Deleting old root filters..."
/sbin/tc filter del dev $IF_LOCAL parent 1:2 pref 100 2>/dev/null
/sbin/tc filter del dev $IF_LOCAL parent 1:1 pref 100 2>/dev/null
/sbin/tc filter del dev $IF_LOCAL parent 1:  pref 100 2>/dev/null
/sbin/tc filter del dev $IF_INET  parent 1:1 pref 100 2>/dev/null
/sbin/tc filter del dev $IF_INET  parent 1:  pref 100 2>/dev/null
/sbin/tc filter del dev $IF_DMZ   parent 1:2 pref 100 2>/dev/null
/sbin/tc filter del dev $IF_DMZ   parent 1:1 pref 100 2>/dev/null
/sbin/tc filter del dev $IF_DMZ   parent 1:  pref 100 2>/dev/null
echo "* Initializing Traffic control"
/sbin/tc qdisc add dev $IF_LOCAL root handle 1: htb default 90 r2q 1
/sbin/tc class add dev $IF_LOCAL parent 1: classid 1:1 htb rate $FULLDOWN burst 16k
/sbin/tc class add dev $IF_LOCAL parent 1: classid 1:2 htb rate $LANSPEED burst 16k
/sbin/tc qdisc add dev $IF_INET  root handle 1: htb default 89 r2q 1
/sbin/tc class add dev $IF_INET  parent 1:0 classid 1:1 htb rate $FULLUP burst 8k
/sbin/tc qdisc add dev $IF_DMZ   root handle 1: htb default 90 r2q 1
/sbin/tc class add dev $IF_DMZ   parent 1: classid 1:1 htb rate $FULLDOWN burst 16k
/sbin/tc class add dev $IF_DMZ   parent 1: classid 1:2 htb rate $LANSPEED burst 16k
echo "* Initializing packet mangling..."
/sbin/iptables -F PREROUTING -t mangle
/sbin/iptables -A PREROUTING -t mangle -s 192.168.0.0/24 -j MARK --set-mark 255
echo "* Building Downstream/Upstream classes..."
echo "* 1:10 = 192.168.0.224/27 (Routers)"
/sbin/tc class add dev $IF_LOCAL parent 1:1 classid 1:10 htb prio 1 rate $HIDRATE ceil $HIDOWN burst 16k
/sbin/tc class add dev $IF_INET  parent 1:1 classid 1:10 htb prio 1 rate $HIURATE ceil $HIUP burst 8k
/sbin/tc filter	 del dev $IF_LOCAL parent 1:10 pref 100  2>/dev/null
/sbin/tc filter	 del dev $IF_INET  parent 1:10 pref 100  2>/dev/null
/sbin/tc filter	 add dev $IF_LOCAL protocol ip parent 1:1 pref 100 u32 match ip dst 192.168.0.224/27 flowid 1:10
/sbin/iptables -A PREROUTING -t mangle -s 192.168.0.224/27 -j MARK --set-mark 10
/sbin/tc filter	 add dev $IF_INET  parent 1: protocol ip handle 10 pref 100 fw classid 1:10
/sbin/tc qdisc	 add dev $IF_LOCAL parent 1:10 handle 10: sfq perturb 10
/sbin/tc qdisc	 add dev $IF_INET  parent 1:10 handle 10: sfq perturb 10
echo "* 1:20 = 192.168.0.192/27 (Servers)"
/sbin/tc class add dev $IF_LOCAL parent 1:1 classid 1:20 htb prio 1 rate $LOWDRATE ceil $LOWDOWN burst 16k
/sbin/tc class add dev $IF_INET  parent 1:1 classid 1:20 htb prio 1 rate $LOWURATE ceil $LOWUP burst 8k
#/sbin/tc class add dev $IF_LOCAL parent 1:1 classid 1:20 htb prio 1 rate $LOWDRATE ceil $LOWDOWN burst 16k
#/sbin/tc class add dev $IF_INET  parent 1:1 classid 1:20 htb prio 1 rate $LOWURATE ceil $LOWUP burst 8k
#
/sbin/tc filter	 del dev $IF_LOCAL parent 1:20 pref 100  2>/dev/null
/sbin/tc filter	 del dev $IF_INET  parent 1:20 pref 100  2>/dev/null
/sbin/tc filter	 add dev $IF_LOCAL protocol ip parent 1:1 pref 100 u32 match ip dst 192.168.0.192/27 flowid 1:20
/sbin/iptables -A PREROUTING -t mangle -s 192.168.0.192/27 -j MARK --set-mark 20
/sbin/tc filter	 add dev $IF_INET  parent 1: protocol ip handle 20 pref 100 fw classid 1:20
/sbin/tc qdisc	 add dev $IF_LOCAL parent 1:20 handle 20: sfq perturb 10
/sbin/tc qdisc	 add dev $IF_INET  parent 1:20 handle 20: sfq perturb 10
echo "* 1:30 = 192.168.0.160/27 (Hi Priority)"
/sbin/tc class add dev $IF_LOCAL parent 1:1 classid 1:30 htb prio 1 rate $HIDRATE ceil $HIDOWN burst 16k
/sbin/tc class add dev $IF_INET  parent 1:1 classid 1:30 htb prio 1 rate $HIURATE ceil $HIUP burst 8k
/sbin/tc filter	 del dev $IF_LOCAL parent 1:30 pref 100  2>/dev/null
/sbin/tc filter del dev $IF_INET  parent 1:30 pref 100  2>/dev/null
/sbin/tc filter	 add dev $IF_LOCAL protocol ip parent 1:1 pref 100 u32 match ip dst 192.168.0.160/27 flowid 1:30
/sbin/iptables -A PREROUTING -t mangle -s 192.168.0.160/27 -j MARK --set-mark 30
/sbin/tc filter	 add dev $IF_INET  parent 1: protocol ip handle 30 pref 100 fw classid 1:30
/sbin/tc qdisc	 add dev $IF_LOCAL parent 1:30 handle 30: sfq perturb 10
/sbin/tc qdisc	 add dev $IF_INET  parent 1:30 handle 30: sfq perturb 10
echo "* 1:40 = 192.168.0.128/27 (Lo Priority)"
/sbin/tc class add dev $IF_LOCAL parent 1:1 classid 1:40 htb prio 1 rate $MIDDRATE ceil $MIDDOWN burst 16k
/sbin/tc class add dev $IF_INET  parent 1:1 classid 1:40 htb prio 1 rate $MIDURATE ceil $MIDUP burst 8k
/sbin/tc filter	 del dev $IF_LOCAL parent 1:40 pref 100  2>/dev/null
/sbin/tc filter	 del dev $IF_INET  parent 1:40 pref 100  2>/dev/null
/sbin/tc filter	 add dev $IF_LOCAL protocol ip parent 1:1 pref 100 u32 match ip dst 192.168.0.128/27 flowid 1:40
/sbin/iptables -A PREROUTING -t mangle -s 192.168.0.128/27 -j MARK --set-mark 40
/sbin/tc filter	 add dev $IF_INET  parent 1: protocol ip handle 40 pref 100 fw classid 1:40
/sbin/tc qdisc	 add dev $IF_LOCAL parent 1:40 handle 40: sfq perturb 10
/sbin/tc qdisc	 add dev $IF_INET  parent 1:40 handle 40: sfq perturb 10
echo "* 1:50 = 192.168.0.0/25 (Other)"
/sbin/tc class add dev $IF_LOCAL parent 1:1 classid 1:50 htb prio 1 rate $SLOWDRATE ceil $SLOWDOWN burst 16k
/sbin/tc class add dev $IF_INET  parent 1:1 classid 1:50 htb prio 1 rate $SLOWURATE ceil $SLOWUP burst 8k
/sbin/tc filter	 del dev $IF_LOCAL parent 1:50 pref 100  2>/dev/null
/sbin/tc filter	 del dev $IF_INET  parent 1:50 pref 100  2>/dev/null
/sbin/tc filter	 add dev $IF_LOCAL protocol ip parent 1:1 pref 100 u32 match ip dst 192.168.0.0/25 flowid 1:50
/sbin/iptables -A PREROUTING -t mangle -s 192.168.0.0/25 -j MARK --set-mark 50
/sbin/tc filter	 add dev $IF_INET  parent 1: protocol ip handle 50 pref 100 fw classid 1:50
/sbin/tc qdisc	 add dev $IF_LOCAL parent 1:50 handle 50: sfq perturb 10
/sbin/tc qdisc	 add dev $IF_INET  parent 1:50 handle 50: sfq perturb 10
echo "* 1:60 = 192.168.4.1 (Orange -> Red)"
/sbin/tc class add dev $IF_LOCAL parent 1:1 classid 1:60 htb prio 1 rate $MIDDRATE ceil $MIDDOWN burst 16k
/sbin/tc class add dev $IF_INET  parent 1:1 classid 1:60 htb prio 1 rate $MIDURATE ceil $MIDUP burst 8k
/sbin/tc filter	 del dev $IF_LOCAL parent 1:60 pref 100  2>/dev/null
/sbin/tc filter	 del dev $IF_INET  parent 1:60 pref 100  2>/dev/null
/sbin/tc filter	 add dev $IF_LOCAL protocol ip parent 1:1 pref 100 u32 match ip dst 192.168.4.1 flowid 1:60
/sbin/iptables -A PREROUTING -t mangle -s 192.168.4.1 -j MARK --set-mark 60
/sbin/tc filter	 add dev $IF_INET  parent 1: protocol ip handle 60 pref 100 fw classid 1:60
/sbin/tc qdisc	 add dev $IF_LOCAL parent 1:60 handle 60: sfq perturb 10
/sbin/tc qdisc	 add dev $IF_INET  parent 1:60 handle 60: sfq perturb 10
echo "* DMZ 1:10 = 192.168.4.0/24 (Red/Green -> Orange)"
/sbin/tc class  add dev $IF_DMZ parent 1:1 classid 1:10 htb prio 1 rate 60kbit ceil 100kbit burst 16k
/sbin/tc filter del dev $IF_DMZ parent 1:10 pref 100  2>/dev/null
/sbin/tc filter add dev $IF_DMZ protocol ip parent 1:1 pref 100 u32 match ip dst 192.168.4.0/24 flowid 1:10
echo " - downstream junk (default) class: 12kbps, ceil: $FULLDOWN, burst: 4k"
/sbin/tc class add dev $IF_LOCAL parent 1:1 classid 1:90 htb prio 2 rate 12kbit ceil $FULLDOWN burst 4k
/sbin/tc qdisc add dev $IF_LOCAL parent 1:90 handle 90: sfq perturb 10
echo " - upstream junk (default) class: 12kbps, ceil: $FULLUP, burst: 2k"
/sbin/tc class add dev $IF_INET  parent 1:1 classid 1:90 htb prio 2 rate 12kbit ceil $FULLUP burst 2k
/sbin/tc qdisc add dev $IF_INET  parent 1:90 handle 90: sfq perturb 10
echo " - direct fw->inet class: 25kbps, ceil: $FULLUP, burst: 4k"
/sbin/tc class add dev $IF_INET parent 1:1  classid 1:89 htb prio 1 rate 25kbit ceil $FULLUP burst 4k
/sbin/tc qdisc add dev $IF_INET parent 1:89 handle 89:   sfq perturb 10
/sbin/tc class add dev $IF_DMZ  parent 1:1  classid 1:90 htb prio 2 rate 12kbit ceil $FULLDOWN burst 4k
/sbin/tc qdisc add dev $IF_DMZ  parent 1:90 handle 90:   sfq perturb 10
echo "* Building new root DOWNSTREAM/UPSTREAM filters ..."
/sbin/tc filter add dev $IF_INET  protocol ip parent 1: handle 255 pref 100 fw classid 1:90
/sbin/tc filter add dev $IF_LOCAL protocol ip parent 1: pref 100 u32 match ip src 192.168.0.0/16 flowid 1:2
/sbin/tc filter add dev $IF_LOCAL protocol ip parent 1: pref 100 u32 match ip dst 192.168.0.0/16 flowid 1:1
/sbin/tc filter add dev $IF_DMZ   protocol ip parent 1: pref 100 u32 match ip src 192.168.0.0/16 flowid 1:2
/sbin/tc filter add dev $IF_DMZ   protocol ip parent 1: pref 100 u32 match ip dst 192.168.0.0/16 flowid 1:1
echo "QOS: init complete"

makegraphs

#!/usr/bin/perl
############################################################################
#                                                                          #
# This file is part of the IPCop Firewall.                                 #
#                                                                          #
# IPCop is free software; you can redistribute it and/or modify            #
# it under the terms of the GNU General Public License as published by     #
# the Free Software Foundation; either version 2 of the License, or        #
# (at your option) any later version.                                      #
#                                                                          #
# IPCop is distributed in the hope that it will be useful,                 #
# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
# GNU General Public License for more details.                             #
#                                                                          #
# You should have received a copy of the GNU General Public License        #
# along with IPCop; if not, write to the Free Software                     #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
#                                                                          #
# Copyright (C) 2004-01-19 Mark Wormgoor <mark@wormgoor.com>.              #
#                                                                          #
############################################################################
#
# $Id: makegraphs,v 1.19.2.19 2006/03/28 17:04:37 eoberlander Exp $
#
use strict;
#use warnings;
use RRDs;
require "/var/ipcop/general-functions.pl";
require "${General::swroot}/lang.pl";
my (%settings, @ipacsum, $iface, $ERROR);
&General::readhash("${General::swroot}/ethernet/settings", \%settings);
# Added for conversion of utf-8 characters
use Encode 'from_to';
my %tr=();
# Force language back to English (ugly hack!)
# Modified to only force if we are unable to convert charset 
# from utf-8
if ((${Lang::language} eq 'el') || 
(${Lang::language} eq 'fa') ||
(${Lang::language} eq 'gu') ||
(${Lang::language} eq 'ja') ||
(${Lang::language} eq 'ru') ||
(${Lang::language} eq 'th') || 
(${Lang::language} eq 'vi') ||
(${Lang::language} eq 'zh') ||
(${Lang::language} eq 'zt')) {
eval `/bin/cat "${General::swroot}/langs/en.pl"`;
} else {
%tr=%Lang::tr;		# use translated version for other languages
}
# Settings
my $rrdlog = "/var/log/rrd";
my $graphs = "/home/httpd/html/graphs";
$ENV{PATH}="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin";
sub gettraffic {
my $interface = $_[0];
my $bytesin=0;
my $bytesout=0;
foreach (@ipacsum)
{
# Incoming...
$bytesin += $1 if (/^[\* ]\s+incoming\s+${interface}.+\:\s+(\d+)/);
# Forwarded Incoming...
$bytesin += $1 if (/^[\* ]\s+forwarded\s+incoming\s+${interface}.+\:\s+(\d+)/);
# Outgoing...
$bytesout += $1 if (/^[* ]\s+outgoing\s+${interface}.+\:\s+(\d+)/);
# Forwarded Outgoing...
$bytesout += $1 if (/^[* ]\s+forwarded\s+outgoing\s+${interface}.+\:\s+(\d+)/);
}
return "$bytesin:$bytesout";
}
sub updatecpugraph {
my $period    = $_[0];
RRDs::graph ("$graphs/cpu-$period.png",
"--start", "-1$period", "-aPNG", "-i", "-z",
"--alt-y-grid", "-w 600", "-h 100", "-l 0", "-u 100", "-r",
"--color", "SHADEA#EAE9EE",
"--color", "SHADEB#EAE9EE",
"--color", "BACK#EAE9EE",
"-t $tr{'cpu usage per'} $tr{$period}",
"DEF:user=$rrdlog/cpu.rrd:user:AVERAGE",
"DEF:system=$rrdlog/cpu.rrd:system:AVERAGE",
"DEF:idle=$rrdlog/cpu.rrd:idle:AVERAGE",
"CDEF:total=user,system,idle,+,+",
"CDEF:userpct=100,user,total,/,*",
"CDEF:systempct=100,system,total,/,*",
"CDEF:idlepct=100,idle,total,/,*",
"AREA:userpct#0000FF:$tr{'user cpu usage'}\\j",
"STACK:systempct#FF0000:$tr{'system cpu usage'}\\j",
"STACK:idlepct#00FF00:$tr{'idle cpu usage'}\\j",
"GPRINT:userpct:MAX:$tr{'maximal'} $tr{'user cpu'}\\:%3.2lf%%",
"GPRINT:userpct:AVERAGE:$tr{'average'} $tr{'user cpu'}\\:%3.2lf%%",
"GPRINT:userpct:LAST:$tr{'current'} $tr{'user cpu'}\\:%3.2lf%%\\j",
"GPRINT:systempct:MAX:$tr{'maximal'} $tr{'system cpu'}\\:%3.2lf%%",
"GPRINT:systempct:AVERAGE:$tr{'average'} $tr{'system cpu'}\\:%3.2lf%%",
"GPRINT:systempct:LAST:$tr{'current'} $tr{'system cpu'}\\:%3.2lf%%\\j",
"GPRINT:idlepct:MAX:$tr{'maximal'} $tr{'idle cpu'}\\:%3.2lf%%",
"GPRINT:idlepct:AVERAGE:$tr{'average'} $tr{'idle cpu'}\\:%3.2lf%%",
"GPRINT:idlepct:LAST:$tr{'current'} $tr{'idle cpu'}\\:%3.2lf%%\\j");
$ERROR = RRDs::error;
print "Error in RRD::graph for cpu: $ERROR\n" if $ERROR;
}
sub updatecpudata {
if ( ! -e "$rrdlog/cpu.rrd") {
RRDs::create ("$rrdlog/cpu.rrd", "--step=300",
"DS:user:COUNTER:600:0:500000000",
"DS:system:COUNTER:600:0:500000000",
"DS:idle:COUNTER:600:0:500000000",
"RRA:AVERAGE:0.5:1:576",
"RRA:AVERAGE:0.5:6:672",
"RRA:AVERAGE:0.5:24:732",
"RRA:AVERAGE:0.5:144:1460");
$ERROR = RRDs::error;
print "Error in RRD::create for cpu: $ERROR\n" if $ERROR;
}
my ($cpu, $user, $nice, $system, $idle);
open STAT, "/proc/stat";
while(<STAT>) {
chomp;
/^cpu\s/ or next;
($cpu, $user, $nice, $system, $idle) = split /\s+/;
last;
}
close STAT;
$user += $nice;
RRDs::update ("$rrdlog/cpu.rrd",
"-t", "user:system:idle", 
"N:$user:$system:$idle");
$ERROR = RRDs::error;
print "Error in RRD::update for cpu: $ERROR\n" if $ERROR;
}
sub updatememgraph {
my $period    = $_[0];
RRDs::graph ("$graphs/memory-$period.png",
"--start", "-1$period", "-aPNG", "-i", "-z",
"--alt-y-grid", "-w 600", "-h 100", "-l 0", "-u 100", "-r",
"--color", "SHADEA#EAE9EE",
"--color", "SHADEB#EAE9EE",
"--color", "BACK#EAE9EE",
"-t $tr{'memory usage per'} $tr{$period}",
"DEF:used=$rrdlog/mem.rrd:memused:AVERAGE",
"DEF:free=$rrdlog/mem.rrd:memfree:AVERAGE",
"DEF:shared=$rrdlog/mem.rrd:memshared:AVERAGE",
"DEF:buffer=$rrdlog/mem.rrd:membuffers:AVERAGE",
"DEF:cache=$rrdlog/mem.rrd:memcache:AVERAGE",
"CDEF:total=used,free,+",
"CDEF:used2=used,buffer,cache,shared,+,+,-",
"CDEF:usedpct=100,used2,total,/,*",
"CDEF:sharedpct=100,shared,total,/,*",
"CDEF:bufferpct=100,buffer,total,/,*",
"CDEF:cachepct=100,cache,total,/,*",
"CDEF:freepct=100,free,total,/,*",
"AREA:usedpct#0000FF:$tr{'used memory'}\\j",
"STACK:sharedpct#FF0000:$tr{'shared memory'}\\j",
"STACK:bufferpct#FF00FF:$tr{'buffered memory'}\\j",
"STACK:cachepct#FFFF00:$tr{'cached memory'}\\j",
"STACK:freepct#00FF00:$tr{'free memory'}\\j",
"GPRINT:usedpct:MAX:$tr{'maximal'} $tr{'used memory'}\\:%3.2lf%%",
"GPRINT:usedpct:AVERAGE:$tr{'average'} $tr{'used memory'}\\:%3.2lf%%",
"GPRINT:usedpct:LAST:$tr{'current'} $tr{'used memory'}\\:%3.2lf%%\\j",
"GPRINT:sharedpct:MAX:$tr{'maximal'} $tr{'shared memory'}\\:%3.2lf%%",
"GPRINT:sharedpct:AVERAGE:$tr{'average'} $tr{'shared memory'}\\:%3.2lf%%",
"GPRINT:sharedpct:LAST:$tr{'current'} $tr{'shared memory'}\\:%3.2lf%%\\j",
"GPRINT:bufferpct:MAX:$tr{'maximal'} $tr{'buffered memory'}\\:%3.2lf%%",
"GPRINT:bufferpct:AVERAGE:$tr{'average'} $tr{'buffered memory'}\\:%3.2lf%%",
"GPRINT:bufferpct:LAST:$tr{'current'} $tr{'buffered memory'}\\:%3.2lf%%\\j",
"GPRINT:cachepct:MAX:$tr{'maximal'} $tr{'cached memory'}\\:%3.2lf%%",
"GPRINT:cachepct:AVERAGE:$tr{'average'} $tr{'cached memory'}\\:%3.2lf%%",
"GPRINT:cachepct:LAST:$tr{'current'} $tr{'cached memory'}\\:%3.2lf%%\\j",
"GPRINT:freepct:MAX:$tr{'maximal'} $tr{'free memory'}\\:%3.2lf%%",
"GPRINT:freepct:AVERAGE:$tr{'average'} $tr{'free memory'}\\:%3.2lf%%",
"GPRINT:freepct:LAST:$tr{'current'} $tr{'free memory'}\\:%3.2lf%%\\j");
$ERROR = RRDs::error;
print "Error in RRD::graph for mem: $ERROR\n" if $ERROR;
RRDs::graph ("$graphs/swap-$period.png",
"--start", "-1$period", "-aPNG", "-i", "-z",
"--alt-y-grid", "-w 600", "-h 100", "-l 0", "-u 100", "-r",
"--color", "SHADEA#EAE9EE",
"--color", "SHADEB#EAE9EE",
"--color", "BACK#EAE9EE",
"-t $tr{'swap usage per'} $tr{$period}",
"DEF:used=$rrdlog/mem.rrd:swapused:AVERAGE",
"DEF:free=$rrdlog/mem.rrd:swapfree:AVERAGE",
"CDEF:total=used,free,+",
"CDEF:usedpct=100,used,total,/,*",
"CDEF:freepct=100,free,total,/,*",
"AREA:usedpct#0000FF:$tr{'used swap'}\\j",
"STACK:freepct#00FF00:$tr{'free swap'}\\j",
"GPRINT:usedpct:MAX:$tr{'maximal'} $tr{'used swap'}\\:%3.2lf%%",
"GPRINT:usedpct:AVERAGE:$tr{'average'} $tr{'used swap'}\\:%3.2lf%%",
"GPRINT:usedpct:LAST:$tr{'current'} $tr{'used swap'}\\:%3.2lf%%\\j",
"GPRINT:freepct:MAX:$tr{'maximal'} $tr{'free swap'}\\:%3.2lf%%",
"GPRINT:freepct:AVERAGE:$tr{'average'} $tr{'free swap'}\\:%3.2lf%%",
"GPRINT:freepct:LAST:$tr{'current'} $tr{'free swap'}\\:%3.2lf%%\\j");
$ERROR = RRDs::error;
print "Error in RRD::graph for swap: $ERROR\n" if $ERROR;
}
sub updatememdata {
my ($memused, $memfree, $memshared, $membuffers, $memcache, $swapused, $swapfree);
if ( ! -e "$rrdlog/mem.rrd") {
RRDs::create ("$rrdlog/mem.rrd", "--step=300",
"DS:memused:ABSOLUTE:600:0:5000000000",
"DS:memfree:ABSOLUTE:600:0:5000000000",
"DS:memshared:ABSOLUTE:600:0:5000000000",
"DS:membuffers:ABSOLUTE:600:0:5000000000",
"DS:memcache:ABSOLUTE:600:0:5000000000",
"DS:swapused:ABSOLUTE:600:0:5000000000",
"DS:swapfree:ABSOLUTE:600:0:5000000000",
"RRA:AVERAGE:0.5:1:576",
"RRA:AVERAGE:0.5:6:672",
"RRA:AVERAGE:0.5:24:732",
"RRA:AVERAGE:0.5:144:1460");
$ERROR = RRDs::error;
print "Error in RRD::create for mem: $ERROR\n" if $ERROR;
}
open MEM, "/proc/meminfo";
while(<MEM>) {
chomp;
if ($_ =~ /^Mem:/) {
my @temp = split (/\s+/, $_);
$memused    = $temp[2];
$memfree    = $temp[3];
$memshared  = $temp[4];
$membuffers = $temp[5];
$memcache   = $temp[6];
} elsif ($_ =~ /^Swap:/) {
my @temp = split (/\s+/, $_);
$swapused = $temp[2];
$swapfree = $temp[3];
}
}
close MEM;
RRDs::update ("$rrdlog/mem.rrd",
"-t", "memused:memfree:memshared:membuffers:memcache:swapused:swapfree",
"N:$memused:$memfree:$memshared:$membuffers:$memcache:$swapused:$swapfree");
$ERROR = RRDs::error;
print "Error in RRD::update for mem: $ERROR\n" if $ERROR;
}
sub updatediskgraph {
my $period    = $_[0];
RRDs::graph ("$graphs/disk-$period.png",
"--start", "-1$period", "-aPNG", "-i", "-z",
"--alt-y-grid", "-w 600", "-h 100", "-l 0", "-r",
"--color", "SHADEA#EAE9EE",
"--color", "SHADEB#EAE9EE",
"--color", "BACK#EAE9EE",
"-t $tr{'disk access per'} $tr{$period}",
"DEF:read=$rrdlog/disk.rrd:readsect:AVERAGE",
"DEF:write=$rrdlog/disk.rrd:writesect:AVERAGE",
"AREA:read#0000FF:$tr{'sectors read from disk per second'}\\j",
"STACK:write#00FF00:$tr{'sectors written to disk per second'}\\j",
"GPRINT:read:MAX:$tr{'maximal'} $tr{'read sectors'}\\:%8.0lf",
"GPRINT:read:AVERAGE:$tr{'average'} $tr{'read sectors'}\\:%8.0lf",
"GPRINT:read:LAST:$tr{'current'} $tr{'read sectors'}\\:%8.0lf\\j",
"GPRINT:write:MAX:$tr{'maximal'} $tr{'written sectors'}\\:%8.0lf",
"GPRINT:write:AVERAGE:$tr{'average'} $tr{'written sectors'}\\:%8.0lf",
"GPRINT:write:LAST:$tr{'current'} $tr{'written sectors'}\\:%8.0lf\\j");
$ERROR = RRDs::error;
print "Error in RRD::graph for disk: $ERROR\n" if $ERROR;
}
sub updatediskdata {
my ($readwritereq, $readreq, $readsect, $writereq, $writesect);
if ( ! -e "$rrdlog/disk.rrd") {
RRDs::create ("$rrdlog/disk.rrd", "--step=300",
"DS:readsect:COUNTER:600:0:5000000000",
"DS:writesect:COUNTER:600:0:5000000000",
"RRA:AVERAGE:0.5:1:576",
"RRA:AVERAGE:0.5:6:672",
"RRA:AVERAGE:0.5:24:732",
"RRA:AVERAGE:0.5:144:1460");
$ERROR = RRDs::error;
print "Error in RRD::create for disk: $ERROR\n" if $ERROR;
}
my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size,
$atime, $mtime, $ctime, $blksize, $blocks) = stat("/dev/harddisk");
my $major = $rdev >> 8;
my $minor = $rdev & 0xFF;
open STAT, "/proc/stat";
my @diskstat = <STAT>;
close (STAT);
foreach my $line (@diskstat)
{
chomp ($line);
my @temp = split(/\:\ /,$line);
if ($temp[1]) {
my @devicestat = split(/\ /,$temp[1]);
foreach my $stats (@devicestat)
{
chomp ($stats);
my @fields = split(/\((\d+),(\d+)\):\((\d+),(\d+),(\d+),(\d+),(\d+)/,$stats);
if ($major eq $fields[1] and $minor eq $fields[2])
{
$readwritereq = $fields[3];
$readreq      = $fields[4];
$readsect     = $fields[5];
$writereq     = $fields[6];
$writesect    = $fields[7];
}
}
}
}
if ($readsect && $writesect) {
RRDs::update ("$rrdlog/disk.rrd",
"-t", "readsect:writesect",
"N:$readsect:$writesect");
$ERROR = RRDs::error;
print "Error in RRD::update for disk: $ERROR\n" if $ERROR;
} else {
print "Error in RRD::update for disk: no data available\n";
}
}
sub updateifdata {
my $interface = $_[0];
if ( ! -e "$rrdlog/$interface.rrd") {
RRDs::create ("$rrdlog/$interface.rrd", "--step=300",
"DS:incoming:ABSOLUTE:600:0:12500000",
"DS:outgoing:ABSOLUTE:600:0:12500000",
"RRA:AVERAGE:0.5:1:576",
"RRA:AVERAGE:0.5:6:672",
"RRA:AVERAGE:0.5:24:732",
"RRA:AVERAGE:0.5:144:1460");
$ERROR = RRDs::error;
print "Error in RRD::create for $interface: $ERROR\n" if $ERROR;
}
my $traffic = gettraffic ($interface);
RRDs::update ("$rrdlog/$interface.rrd",
"-t", "incoming:outgoing", 
"N:$traffic");
$ERROR = RRDs::error;
print "Error in RRD::update for $interface: $ERROR\n" if $ERROR;
}
## Update ipac logs
system ('/usr/sbin/fetchipac');
sleep 8;
###
### Squid Graphs
###
if ( -e "/var/log/squid/access.log") {
system ("/usr/bin/squid-graph -o=/home/httpd/html/sgraph --tcp-only < /var/log/squid/access.log >/dev/null 2>&1");
}
###
### utf8 conversion
###
if ((${Lang::language} eq 'cs') || 
(${Lang::language} eq 'hu') || 
(${Lang::language} eq 'pl') || 
(${Lang::language} eq 'sk')) {
# Czech, Hungarian, Polish and Slovak character set
foreach my $key(keys %Lang::tr) {
from_to($tr{$key}, "utf-8", "iso-8859-2");
}
} elsif (${Lang::language} eq 'tr') {
# Turkish
foreach my $key(keys %Lang::tr) {
from_to($tr{$key}, "utf-8", "iso-8859-9");
}
} else {
foreach my $key(keys %Lang::tr) {
from_to($tr{$key}, "utf-8", "iso-8859-1"); 
}
}
###
### System graphs
###
updatecpudata();
updatecpugraph ("day");
updatecpugraph ("week");
updatecpugraph ("month");
updatecpugraph ("year");
updatememdata();
updatememgraph ("day");
updatememgraph ("week");
updatememgraph ("month");
updatememgraph ("year");
updatediskdata();
updatediskgraph ("day");
updatediskgraph ("week");
updatediskgraph ("month");
updatediskgraph ("year");
###
### Network Graphs
###
@ipacsum = `/usr/sbin/ipacsum --exact -s 5m 2>/dev/null`;
if (@ipacsum) {
updateifdata  ("GREEN");
# EAK - > 
#	Added extra graphing 'graphs'
updateifdata  ("Hi-Pri");
updateifdata  ("Lo-Pri");
updateifdata  ("Servers");
updateifdata  ("Other");
# < - EAK
updateifdata  ("RED");
if ($settings{'CONFIG_TYPE'} =~ /^(1|3|5|7)$/ ) {
updateifdata  ("ORANGE");
}
if ($settings{'CONFIG_TYPE'} =~ /^(4|5|6|7)$/ ) {
updateifdata  ("BLUE");
}
}
if ( -e "$rrdlog/GREEN.rrd") {
updateifgraph ("GREEN", "day");
updateifgraph ("GREEN", "week");
updateifgraph ("GREEN", "month");
updateifgraph ("GREEN", "year");
}
if ( -e "$rrdlog/RED.rrd") {
updateifgraph ("RED", "day");
updateifgraph ("RED", "week");
updateifgraph ("RED", "month");
updateifgraph ("RED", "year");
}
if ($settings{'CONFIG_TYPE'} =~ /^(1|3|5|7)$/ && -e "$rrdlog/ORANGE.rrd") {
updateifgraph ("ORANGE", "day");
updateifgraph ("ORANGE", "week");
updateifgraph ("ORANGE", "month");
updateifgraph ("ORANGE", "year");
}
if ($settings{'CONFIG_TYPE'} =~ /^(4|5|6|7)$/ && -e "$rrdlog/BLUE.rrd") {
updateifgraph ("BLUE", "day");
updateifgraph ("BLUE", "week");
updateifgraph ("BLUE", "month");
updateifgraph ("BLUE", "year");
}
# Added for linkq
# Creates and updates a link quality database
# -------------------------------------------
sub updatelq {
if ( ! -e "$rrdlog/lq.rrd") {
RRDs::create ("$rrdlog/lq.rrd", "--step=300",
"DS:loss:GAUGE:600:0:100",
"DS:roundtrip:GAUGE:600:0:10000",
"RRA:AVERAGE:0.5:1:576",
"RRA:AVERAGE:0.5:6:672",
"RRA:AVERAGE:0.5:24:732",
"RRA:AVERAGE:0.5:144:1460");
$ERROR = RRDs::error;
print "Error in RRD::create for link: $ERROR\n" if $ERROR;
}
my $packetloss=0;
my $roundtrip=0;
my $test=0;
# ------------------------------------------------------------------ #
#	LQ_GATEWAY is the ip of your isp's public ip facing you       #
my $LQ_GATEWAY="195.166.128.64";
# ------------------------------------------------------------------ #
#      Mod by Rob Moore to use dynamic addresses
#      my $LQ_GATEWAY=`netstat -r | grep ^default | awk '{print \$2}'`;
#      or I found better...
#      my $LQ_GATEWAY=`netstat -rn | grep ^0.0.0.0 | awk '{print \$2}'`;
# ------------------------------------------------------------------ #
my $NUMPINGS=10;
#      -- Sample output on ipcp 1.4.6 --
#	root@ipcop:/usr/local/bin # ping -c 10 -q 195.xxx.128.yyy
#	PING 195.xxx.128.yyy (195.xxx.128.yyy): 56 data bytes
#	--- 195.xxx.128.yyy ping statistics ---
#	10 packets transmitted, 10 packets received, 0% packet loss
#	round-trip min/avg/max/stddev = 23.550/33.319/54.759/11.499 ms
my $pingoutput = `ping -c $NUMPINGS -q $LQ_GATEWAY`;
chomp;
my @temp = split (/\/|\%|\s/, $pingoutput);
$packetloss   = $temp[17];
$roundtrip    = $temp[28];
$test    	= $temp[18];
#	print "DEBUG: @temp \n\n";
#	print "DEBUG: $pingoutput \n";
#	print "DEBUG: $packetloss $roundtrip $test \n" ;
RRDs::update ("$rrdlog/lq.rrd", "N:$packetloss:$roundtrip");
$ERROR = RRDs::error;
print "Error in RRD::update for line quality: $ERROR\n" if $ERROR;
} 
sub updatelqgraph {
my $period    = $_[0];
RRDs::graph ("$graphs/lq-$period.png",
"--start", "-1$period", "-aPNG", "-i", "-z",
"--alt-y-grid", "-w 600", "-h 100",  "-u 70",
"-t $tr{'lq'} ($tr{'graph per'} $tr{$period})",
"--lazy", 
"--color", "SHADEA#EAE9EE",
"--color", "SHADEB#EAE9EE",
"--color", "BACK#EAE9EE",
"-v pkt loss % / ms",
"DEF:roundtrip=$rrdlog/lq.rrd:roundtrip:AVERAGE",
"DEF:loss=$rrdlog/lq.rrd:loss:AVERAGE",
"CDEF:roundavg=roundtrip,PREV(roundtrip),+,2,/",
"CDEF:loss10=loss,-1,*",
"CDEF:r0=roundtrip,20,MIN",
"CDEF:r1=roundtrip,50,MIN",
"CDEF:r2=roundtrip,80,MIN",
"CDEF:r3=roundtrip,100,MIN",
"AREA:roundtrip#EE7000:>100 ms",
"AREA:r3#D88E1B:80-100 ms",
"AREA:r2#B9B63F:50-80 ms",
"AREA:r1#99E064:20-50 ms",
"AREA:r0#80FF80:<20 ms",
"AREA:loss#FF0000:Packet loss %",
"LINE1:roundtrip#707070:",
"GPRINT:roundtrip:MAX:$tr{'maximal'} $tr{'linkqrt'}\\:%3.2lf ms",
"GPRINT:roundtrip:AVERAGE:$tr{'average'} $tr{'linkqrt'}\\:%3.2lf ms",
"GPRINT:roundtrip:LAST:$tr{'current'} $tr{'linkqrt'}\\:%3.2lf ms\\j",
"GPRINT:loss:MAX:$tr{'maximal'} $tr{'linkqls'}\\:%3.2lf%%",
"GPRINT:loss:AVERAGE:$tr{'average'} $tr{'linkqls'}\\:%3.2lf%%",
"GPRINT:loss:LAST:$tr{'current'} $tr{'linkqls'}\\:%3.2lf%%\\j"
);
$ERROR = RRDs::error;
print "Error in RRD::graph for Link Quality: $ERROR\n" if $ERROR;
}
# EAK
updatelq();
sleep 2;
updatelqgraph("hour");
updatelqgraph("day");
updatelqgraph("week");
updatelqgraph("month");
updatelqgraph("year");
updatecpugraph("hour");
updatememgraph("hour");
updatediskgraph("hour");
if ( -e "$rrdlog/GREEN.rrd") {
updateifgraph ("GREEN", "hour");
}
if ( -e "$rrdlog/RED.rrd")  {
updateifgraph ("RED", "hour");
}
if ($settings{'CONFIG_TYPE'} =~ /^(1|3|5|7)$/ && -e "$rrdlog/ORANGE.rrd") {
updateifgraph ("ORANGE", "hour");
}
if ($settings{'CONFIG_TYPE'} =~ /^(4|5|6|7)$/ && -e "$rrdlog/BLUE.rrd") {
updateifgraph ("BLUE", "hour");
}
# EAK - > 
# Added extra graphing 'graphs'
if ( -e "$rrdlog/Hi-Pri.rrd") {
updateifgraph ("Hi-Pri", "hour");
updateifgraph ("Hi-Pri", "day");
updateifgraph ("Hi-Pri", "week");
updateifgraph ("Hi-Pri", "month");
updateifgraph ("Hi-Pri", "year");
}
if ( -e "$rrdlog/Lo-Pri.rrd") {
updateifgraph ("Lo-Pri", "hour");
updateifgraph ("Lo-Pri", "day");
updateifgraph ("Lo-Pri", "week");
updateifgraph ("Lo-Pri", "month");
updateifgraph ("Lo-Pri", "year");
}
if ( -e "$rrdlog/Servers.rrd") {
updateifgraph ("Servers", "hour");
updateifgraph ("Servers", "day");
updateifgraph ("Servers", "week");
updateifgraph ("Servers", "month");
updateifgraph ("Servers", "year");
}
if ( -e "$rrdlog/Other.rrd") {
updateifgraph ("Other", "hour");
updateifgraph ("Other", "day");
updateifgraph ("Other", "week");
updateifgraph ("Other", "month");
updateifgraph ("Other", "year");
}
# < - EAK
# End altgraphs
# Added for altgraphs2
sub updateifgraph {
my $interface = $_[0];
my $period    = $_[1];
if ($interface eq "RED") {
RRDs::graph ("$graphs/$interface-$period.png",
"--start", "-1$period", "-aPNG", "-i", "-z",
"-w 600", "-h 100",
"--color", "SHADEA#EAE9EE",
"--color", "SHADEB#EAE9EE",
"--color", "BACK#EAE9EE",
"-t $tr{'traffic on'} $interface ($tr{'graph per'} $tr{$period})",
"-v$tr{'bytes per second'}",
"DEF:incoming=$rrdlog/$interface.rrd:incoming:AVERAGE",
"DEF:outgoing=$rrdlog/$interface.rrd:outgoing:AVERAGE",
"CDEF:out_neg=outgoing,-1,*",
"AREA:incoming#33cc33:$tr{'incoming traffic in bytes per second'}\\j",
"LINE1:incoming#006600",
"AREA:out_neg#ff3333:$tr{'outgoing traffic in bytes per second'}\\j",
"LINE1:out_neg#990000",
"GPRINT:incoming:MAX:$tr{'maximal'} $tr{'in'}\\:%8.3lf %sBps",
"GPRINT:incoming:AVERAGE:$tr{'average'} $tr{'in'}\\:%8.3lf %sBps",
"GPRINT:incoming:LAST:$tr{'current'} $tr{'in'}\\:%8.3lf %sBps\\j",
"GPRINT:outgoing:MAX:$tr{'maximal'} $tr{'out'}\\:%8.3lf %sBps",
"GPRINT:outgoing:AVERAGE:$tr{'average'} $tr{'out'}\\:%8.3lf %sBps",
"GPRINT:outgoing:LAST:$tr{'current'} $tr{'out'}\\:%8.3lf %sBps\\j");
} else {
RRDs::graph ("$graphs/$interface-$period.png",
"--start", "-1$period", "-aPNG", "-i", "-z",
"-w 600", "-h 100",
"--color", "SHADEA#EAE9EE",
"--color", "SHADEB#EAE9EE",
"--color", "BACK#EAE9EE",
"-t $tr{'traffic on'} $interface ($tr{'graph per'} $tr{$period})",
"-v$tr{'bytes per second'}",
"DEF:incoming=$rrdlog/$interface.rrd:incoming:AVERAGE",
"DEF:outgoing=$rrdlog/$interface.rrd:outgoing:AVERAGE",
"CDEF:in_neg=incoming,-1,*",
"AREA:outgoing#33cc33:$tr{'incoming traffic in bytes per second'}\\j",
"LINE1:outgoing#006600",
"AREA:in_neg#ff3333:$tr{'outgoing traffic in bytes per second'}\\j",
"LINE1:in_neg#990000",
"GPRINT:outgoing:MAX:$tr{'maximal'} $tr{'in'}\\:%8.3lf %sBps",
"GPRINT:outgoing:AVERAGE:$tr{'average'} $tr{'in'}\\:%8.3lf %sBps",
"GPRINT:outgoing:LAST:$tr{'current'} $tr{'in'}\\:%8.3lf %sBps\\j",
"GPRINT:incoming:MAX:$tr{'maximal'} $tr{'out'}\\:%8.3lf %sBps",
"GPRINT:incoming:AVERAGE:$tr{'average'} $tr{'out'}\\:%8.3lf %sBps",
"GPRINT:incoming:LAST:$tr{'current'} $tr{'out'}\\:%8.3lf %sBps\\j");
}
$ERROR = RRDs::error;
print "Error in RRD::graph for $interface: $ERROR\n" if $ERROR;
}
# End altgraphs

graphs.cgi

#!/usr/bin/perl
#
# SmoothWall CGIs
#
# This code is distributed under the terms of the GPL
#
# (c) The SmoothWall Team
#
# $Id: graphs.cgi,v 1.9.2.7 2006/04/04 22:25:16 gespinasse Exp $
#
###################################################################
#
# Includes mods/tweeks by E Allan Kissack (c) 2005
#
# Following mods/tweeks are included:
#  1. Hourly graphs
#  2. Link quality graphs
#
###################################################################
use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipcop/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
my %cgiparams=();
my %pppsettings=();
my %netsettings=();
my @cgigraphs=();
my @graphs=();
my $iface='';
&Header::showhttpheaders();
my $graphdir = "/home/httpd/html/graphs";
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
$ENV{'QUERY_STRING'} =~ s/&//g;
@cgigraphs = split(/graph=/,$ENV{'QUERY_STRING'});
$cgigraphs[1] = '' unless defined $cgigraphs[1];
if ($cgigraphs[1] =~ /(network|GREEN|BLUE|ORANGE|RED|lq|internal|Hi-Pri|Lo-Pri|Servers|Others)/) {
&Header::openpage($Lang::tr{'network traffic graphs'}, 1, '');
} else {
&Header::openpage($Lang::tr{'system graphs'}, 1, '');
}
&Header::openbigbox('100%', 'left');
if ($cgigraphs[1] =~ /(GREEN|BLUE|ORANGE|RED|lq|cpu|memory|swap|disk|Hi-Pri|Lo-Pri|Servers|Others)/) {
my $graph = $cgigraphs[1];
my $graphname = ucfirst(lc($cgigraphs[1]));
&Header::openbox('100%', 'center', "$graphname $Lang::tr{'graph'}");
if (-e "$graphdir/${graph}-day.png") {
my $ftime = localtime((stat("$graphdir/${graph}-day.png"))[9]);
print "<center>";
print "<b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br /><hr />\n";
# EAK - >
# 		Added to allow graphs showing finer detail over 1 hour
print "<img src='/graphs/${graph}-hour.png' border='0' /><hr />";
# < - EAK
print "<img src='/graphs/${graph}-day.png' border='0' alt='${graph}-$Lang::tr{'day'}' /><hr />";
print "<img src='/graphs/${graph}-week.png' border='0' alt='${graph}-$Lang::tr{'week'}' /><hr />";
print "<img src='/graphs/${graph}-month.png' border='0' alt='${graph}-$Lang::tr{'month'}' /><hr />";
print "<img src='/graphs/${graph}-year.png' border='0' alt='${graph}-$Lang::tr{'year'}' />";
} else {
print $Lang::tr{'no information available'};
}
&Header::closebox();
print "<div align='center'><table width='80%'><tr><td align='center'>";
if ($cgigraphs[1] =~ /(GREEN|BLUE|ORANGE|RED|lq|Hi-Pri|Lo-Pri|Servers|Others)/) {
print "<a href='/cgi-bin/graphs.cgi?graph=network'>";
} else {
print "<a href='/cgi-bin/graphs.cgi'>";
}
print "$Lang::tr{'back'}</a></td></tr></table></div>\n";
;
} elsif ($cgigraphs[1] =~ /network/ || $cgigraphs[1] =~ /internal/) {
if ($cgigraphs[1] =~ /internal/) {
push (@graphs, ('lq'));
push (@graphs, ('Hi-Pri'));
push (@graphs, ('Lo-Pri'));
push (@graphs, ('Servers'));
push (@graphs, ('Other'));
}
if ($cgigraphs[1] =~ /network/) {
push (@graphs, ('lq'));
push (@graphs, ('GREEN'));
if ($netsettings{'BLUE_DEV'}) {
push (@graphs, ('BLUE')); }
if ($netsettings{'ORANGE_DEV'}) {
push (@graphs, ('ORANGE')); }
push (@graphs, ("RED"));
}
foreach my $graphname (@graphs) {
&Header::openbox('100%', 'center', "$graphname $Lang::tr{'graph'}");
if (-e "$graphdir/${graphname}-day.png") {
my $ftime = localtime((stat("$graphdir/${graphname}-day.png"))[9]);
print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
print "<a href='/cgi-bin/graphs.cgi?graph=$graphname'>";
print "<img src='/graphs/${graphname}-day.png' alt='${graphname}-$Lang::tr{'day'}' border='0' />";
print "</a>";
} else {
print $Lang::tr{'no information available'};
}
print "<br />\n";
&Header::closebox();
}
} else {
&Header::openbox('100%', 'center', "CPU $Lang::tr{'graph'}");
if (-e "$graphdir/cpu-day.png") {
my $ftime = localtime((stat("$graphdir/cpu-day.png"))[9]);
print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
print "<a href='/cgi-bin/graphs.cgi?graph=cpu'>";
print "<img src='/graphs/cpu-day.png' alt='cpu-$Lang::tr{'day'}' border='0' />";
print "</a>";
} else {
print $Lang::tr{'no information available'};
}
print "<br />\n";
&Header::closebox();
&Header::openbox('100%', 'center', "Memory $Lang::tr{'graph'}");
if (-e "$graphdir/memory-day.png") {
my $ftime = localtime((stat("$graphdir/memory-day.png"))[9]);
print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
print "<a href='/cgi-bin/graphs.cgi?graph=memory'>";
print "<img src='/graphs/memory-day.png' alt='$Lang::tr{'memory'}-$Lang::tr{'day'}' border='0' />";
print "</a>";
} else {
print $Lang::tr{'no information available'};
}
print "<br />\n";
&Header::closebox();
&Header::openbox('100%', 'center', "Swap $Lang::tr{'graph'}");
if (-e "$graphdir/swap-day.png") {
my $ftime = localtime((stat("$graphdir/swap-day.png"))[9]);
print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
print "<a href='/cgi-bin/graphs.cgi?graph=swap'>";
print "<img src='/graphs/swap-day.png' alt='$Lang::tr{'swap'}-$Lang::tr{'day'}' border='0' />";
print "</a>";
} else {
print $Lang::tr{'no information available'};
}
print "<br />\n";
&Header::closebox();
&Header::openbox('100%', 'center', "Disk $Lang::tr{'graph'}");
if (-e "$graphdir/disk-day.png") {
my $ftime = localtime((stat("$graphdir/disk-day.png"))[9]);
print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
print "<a href='/cgi-bin/graphs.cgi?graph=disk'>";
print "<img src='/graphs/disk-day.png' alt='disk-$Lang::tr{'day'}' border='0' />";
print "</a>";
} else {
print $Lang::tr{'no information available'};
}
print "<br />\n";
&Header::closebox();
}
&Header::closebigbox();
&Header::closepage();

nice traffic shaping

Hi,

I'm currently working on writing my own iptables script and integrating it with nice traffic shaping.

I have a combined internet gateway/server running :
amule,bittorrent,vncserver,ssh,samba

I also work on it from school occasionaly. So I need to be able to browse and stuff.

I have a 2560 / 520 connection ... I have experimented with using wondershaper a bit and I have found 2400 520 work nicely.

my gateway has two nics. eth1 is the one connected to my modem and eth0 is the one connected to my lan.

here's the script I am working on (the tc part still misses) :


# Flushing all tables
iptables -F

### filter

iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT

# allow local loopback connections
iptables -t filter -A INPUT -i lo -j ACCEPT

# drop INVALID connections
iptables -t filter -A INPUT -m state --state INVALID -j DROP
iptables -t filter -A OUTPUT -m state --state INVALID -j DROP
iptables -t filter -A FORWARD -m state --state INVALID -j DROP

# allow all established and related
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# allow connections to my ISP's DNS servers
iptables -t filter -A INPUT -s 213.73.255.52 -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j ACCEPT
iptables -t filter -A INPUT -s 213.73.255.52 -p udp -j ACCEPT
iptables -t filter -A INPUT -s 213.132.189.250 -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j ACCEPT
iptables -t filter -A INPUT -s 213.132.189.250 -p udp -j ACCEPT
iptables -t filter -A INPUT -s 213.73.255.53 -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j ACCEPT
iptables -t filter -A INPUT -s 213.73.255.53 -p udp -j ACCEPT

#ping
iptables -t filter -A INPUT -p icmp --icmp-type echo-request -m limit --limit 10/sec -j ACCEPT

#open ports 4662,4672 = amule, 5900,5901 = vnc, 22 = ssh
iptables -t filter -A INPUT -p tcp -m tcp --dport 4662 -j ACCEPT
iptables -t filter -A INPUT -p udp -m udp --dport 4672 -j ACCEPT
iptables -t filter -A INPUT -p tcp -m tcp --dport 5900 -j ACCEPT
iptables -t filter -A INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
iptables -t filter -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

#bittorrent :
iptables -t filter -A INPUT -p tcp -m tcp --dport 6881:6889 -j ACCEPT

#samba (only connections from lan are accepted)
iptables -t filter -A INPUT -o eth0 -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 137:139 -j ACCEPT
iptables -t filter -A INPUT -o eth0 -s 192.168.0.0/255.255.255.0 -p udp -m udp --dport 137:139 -j ACCEPT
iptables -t filter -A INPUT -o eth0 -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 445 -j ACCEPT
iptables -t filter -A INPUT -o eth0 -s 192.168.0.0/255.255.255.0 -p udp -m udp --dport 445 -j ACCEPT

# log all other attempted in going connections
iptables -t filter -A INPUT -o eth0 -j LOG

### nat

# set up IP forwarding and nat
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P PREROUTING ACCEPT

# 6891:6900 = msn filetransfers
# 192.168.0.1 = gateway
# 192.168.0.216 = client in network
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 6891:6900 -j DNAT --to-destination 192.168.0.216:6891-6900
iptables -t nat -A PREROUTING -i eth1 -p udp -m udp --dport 6891:6900 -j DNAT --to-destination 192.168.0.216:6891-6900
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE


I would like some input/tips. I haven't tested the script yet.

here are some resources that I used or am going to use :

http://gentoo-wiki.com/HOWTO_Packet_Shaping
http://lartc.org/howto
http://linuxgazette.net/103/odonovan.html
http://www.netfilter.org/documentation/
http://www.knowplace.org/shaper/
http://linux-ip.net/articles/Traffic-Control-HOWTO/
http://howtos.linux.com/howtos/Traffic-Control-HOWTO/intro.shtml
http://andthatsjazz.org:8/lartc/

What do you think of this iptables script ? improvements ? Did I make any errors ?

Do you guys have any good resources on traffic shaping with tc ?

IPTABLES Firewall

IPTABLES Firewall
Homepage
 The Netfilter Project Homepage   http://www.netfilter.org

Source Code
 Userspace code (tar.bz2)   http://www.netfilter.org/files/iptables-1.3.3.tar.bz2

FAQ
 Netfilter/Iptables FAQ   http://netfilter.samba.org/documentation/FAQ/netfilter-faq.html
 Firewall Forensics (What am I seeing?) FAQ   http://www.robertgraham.com/pubs/firewall-seen.html
 Network Intrusion Detection Systems - IDS   http://www.robertgraham.com/pubs/network-intrusion-detection.html
 Sniffing (network wiretap, sniffer) FAQ   http://www.robertgraham.com/pubs/sniffing-faq.html
 Linux IP Masquerade FAQ   http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/
 Firewall Admins Guide to Porn FAQ   http://www.robertgraham.com/pubs/firewall-pr0n.html
 Hacking Lexicon - hacking dictionary   http://www.robertgraham.com/pubs/hacking-dict.html
 Submit a FAQ Link or URL   http://www.linuxguruz.com/iptables/#links

Scripts
 Home LAN masquerading   http://the-devil.dnsalias.net/home/extremist_MASQ
 Home LAN ip6tables   http://the-devil.dnsalias.net/home/extremist6
 Basic IPv6 FireWall script   http://ipv6.klingon.nl/ipv6firewall/
 HomeLAN Security v.1.3.1   http://www.unixpages.com/downloads/HomeLANSecurity-1_3_1.txt
 Resets iptables to default values   http://www.linuxguruz.com/iptables/scripts/rc.flush-iptables.txt
 MonMotha's Firewall 2.3.8-pre7   http://monmotha.mplug.org/firewall/firewall/2.3/rc.firewall-2.3.8-pre9
 Firewall BASH Script - by Netcat   http://the-devil.dnsalias.net/home/extremist
 Arno's IPTABLES Firewall Script   http://freshmeat.net/projects/iptables-firewall/?topic_id=151
 The Wonder Shaper   http://lartc.org/wondershaper/
 Projectfiles.com Linux Firewall   http://projectfiles.com/firewall/
 Technion's IPTables Script   http://orbital.wiretapped.net/~technion/iptables
 Initial SIMPLE IP Firewall   http://www.linuxguruz.com/iptables/scripts/rc.firewall.txt
 DMZ IP Firewall script   http://www.linuxguruz.com/iptables/scripts/rc.DMZ.firewall.txt
 DHCP IP Firewall script   http://www.linuxguruz.com/iptables/scripts/rc.DHCP.firewall.txt
 UTIN Firewall script   http://www.linuxguruz.com/iptables/scripts/rc.UTIN.firewall.txt
 Linux Firewall and NAT for DSL   http://www.ccl.net/cca/software/UNIX/netfilter/
 NATting SOHO firewall   http://www.linuxguruz.com/iptables/scripts/rc.firewall_002.txt
 Simple IPTABLES firewall   http://linux.ardynet.com/ipmasq/ipmasq.php3#iptables
 IPTABLES masquerading firewall   http://www.linuxguruz.com/iptables/scripts/rc.firewall_023.txt
 Script for a dual-homed firewall   http://www.linuxguruz.com/iptables/scripts/rc.firewall_004.txt
 Script for a multi-homed firewall   http://www.linuxguruz.com/iptables/scripts/rc.firewall_005.txt
 Set up iptables NAT rules   http://www.linuxguruz.com/iptables/scripts/rc.firewall_006.txt
 Example netfilter setup   http://www.linuxguruz.com/iptables/scripts/rc.firewall_007.txt
 Packet filtering setup script   http://www.linuxguruz.com/iptables/scripts/rc.firewall_008.txt
 Very restrictive set of firewall rules   http://www.linuxguruz.com/iptables/scripts/rc.firewall_012.txt
 Tightly secured firewall for general use   http://www.linuxguruz.com/iptables/scripts/rc.firewall_013.txt
 Example NAT usage   http://www.linuxguruz.com/iptables/scripts/rc.firewall_014.txt
 Run a web server inside LAN   http://www.linuxguruz.com/iptables/scripts/rc.firewall_016.txt
 Configuration with no services supported   http://www.linuxguruz.com/iptables/scripts/rc.firewall_017.txt
 Script for NAT and more   http://www.linuxguruz.com/iptables/scripts/rc.firewall_018.txt
 NAT iptables firewall script   http://www.sjdjweis.com/linux/proxyarp/rc.firewall.txt
 Routing incoming ppp0   http://www.linuxguruz.com/iptables/scripts/rc.firewall_020.txt
 Basic Ipchains Firewall Rule Script   http://www.linuxguruz.com/iptables/scripts/rc.firewall_021.txt
 Common firewall functions   http://www.bagley.org/~doug/firewall/firewall.functions.iptables
 Script written by Rick Dicaire   http://www.linuxguruz.com/iptables/scripts/rc.firewall_022.txt
 NAT and blocking all but Port 22   http://www.linuxguruz.com/iptables/scripts/rc.firewall_024.txt
 Firebred iptables Script   http://void.printf.net/~bredroll/firewall.html
 Email us your rc.firewall script or URL   iptables@linuxguruz.com

IRC
 EfNet IPTABLES IRC Channel   JPilot Java IRC Applet - #IPTABLES

Howto
 Linux Stateful Firewall & IP Masquerading   http://www.puschitz.com/FirewallAndRouters.shtml
 Linux IP Masquerade HOWTO   http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html
 Linux iptables HOWTO   http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html
 Netfilter Extensions HOWTO - Patch-O-Matic   http://www.linuxguruz.com/iptables/howto/netfilter-extensions-HOWTO.html
 Linux netfilter Hacking HOWTO   http://www.linuxguruz.com/iptables/howto/netfilter-hacking-HOWTO.html 
 Linux ipnatctl HOWTO   http://www.linuxguruz.com/iptables/howto/ipnatctl-HOWTO.html
 Linux 2.4 NAT HOWTO   http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html
 Linux 2.4 Packet Filtering HOWTO   http://www.linuxguruz.com/iptables/howto/packet-filtering-HOWTO.html
 Linux Administrator's Security Guide   http://www.seifried.org/lasg/
 Networking Concepts HOWTO   http://www.linuxguruz.com/iptables/howto/networking-concepts-HOWTO.html
 Transparent Proxy mini-HOWTO   http://en.tldp.org/HOWTO/TransparentProxy.html
 Linux 2.4 Advanced Routing HOWTO   http://www.linuxguruz.com/iptables/howto/2.4routing.html
 Manpage of IPTABLES   http://www.linuxguruz.com/iptables/howto/maniptables.html
 tinc from behind a masquerading firewall   http://tinc.nl.linux.org/examples/masquerading-firewall.html
 Linux Performance, Security, and Managability   http://www.linuxguruz.com/iptables/howto/TrinityOS/
 Stopping Filesharing   http://www.oofle.com/filesharing.php
 Submit a Howto Link or URL   http://www.linuxguruz.com/iptables/#links

Tutorial
 Traffic Shaping with Linux   http://www.knowplace.org/shaper/
 Firewalling with Netfilter/Iptables   http://www.knowplace.org/netfilter/index.html
 What is the difference between REJECT and DENY?   http://logi.cc/linux/reject_or_deny.html
 Linux Advanced Routing & Traffic Control   http://www.lartc.org
 Iptables Tutorial   http://iptables-tutorial.frozentux.net/iptables-tutorial.html
 Traffic Shaping (QOS and TOS)   http://www.docum.org/docum.org/
 Filter The Web With squidGuard   http://networking.earthweb.com/netos/article/0,,12083_1371241,00.html
 Comparison of iptables Automation Tools   http://online.securityfocus.com/infocus/1410
 LinuxWorld: San Jose August 2000   http://www.linuxguruz.com/iptables/tutorial/tut1/
 Set up an gateway for home or office   http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html
 Filtering Packets with iptables   http://www.unixreview.com/documents/s=1237/urm0103c/0103c.htm
 Using iptables   http://www.unixreview.com/documents/s=1236/urm0104l/0104l.htm
 Netfilter framework in Linux 2.4   http://www.gnumonks.org/papers/netfilter-lk2000/presentation.html
 IPtables Connection tracking   http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html
 Iptables - What is it   http://www.sns.ias.edu/~jns/security/iptables/index.html
 Linux Kernel 2.4 Firewalling Matures   http://www.linuxsecurity.com/feature_stories/kernel-netfilter.html
 Network Security With Linux 2.4   http://www.linux-mag.com/2000-01/bestdefense_01.html
 Netfilter Log Format   http://logi.cc/linux/netfilter-log-format.php3
 Netfilter Log Analyzer   http://logi.cc/linux/NetfilterLogAnalyzer.php3
 Submit a Tutorial or URL   http://www.linuxguruz.com/iptables/#links

Tools
 Firewall Builder - Multi-platform configuration and management   http://www.fwbuilder.org/
 NuFW - Authentication of every connection passing IP filter   http://www.nufw.org/
 fabfw - Firewall-Script built on iptables   http://www.realdealz.ch/fabfw_en.php
 Ftwall - Block network traffic from P2P client applications   http://www.lowth.com/p2pwall/
 Bifrost - GUI firewall management interface to iptables   http://bifrost.heimdalls.com/
 LinWiz - Linux configuration file and scripting Wizards   http://www.lowth.com/LinWiz/
 Dnsmasq - caching DNS forwarder   http://thekelleys.org.uk/dnsmasq/doc.html
 FireHOL, the iptables stateful packet filtering firewall builder   http://firehol.sourceforge.net/
 adcfw-log - firewall logs analyzer/summarizer   http://adcfw-log.sourceforge.net/
 BullDog - A comprehensive and progressive firewall   http://tanaya.net/BullDog/
 WallFire: wflogs - firewall log analysis tool   http://www.wallfire.org/wflogs/
 Ulog-php - a php analyser for netfilter U-log   http://www.inl.fr/article.php3?id_article=7
 Firewall Tester   http://ftester.sourceforge.net
 Easy Firewall Generator for IPTables   http://easyfwgen.morizot.net/gen/
 YAFT's Another Firewall Tool   http://sourceforge.net/projects/yaft
 PFG for IPTables   http://www.thegate.nu/pfg/
 IPTables log analyzer   http://www.gege.org/iptables/
 Turtle Firewall Project   http://turtlefirewall.sourceforge.net
 TuxFrw - Firewall Automation Tool   http://tuxfrw.sourceforge.net/index.html
 Shoreline Firewall   http://www.shorewall.net/
 levy - Perl Firewall Generater   http://muse.linuxmafia.org/levy/
 gSshield - BASH Shell Script Configurator   http://muse.linuxmafia.org/gshield/
 Mason - Builds from system traffic   http://www.stearns.org/mason/
 GIPTables Firewall - IPTABLES Rules Generator   http://www.giptables.org
 Firewall Builder - GUI Firewall Frontend   http://www.fwbuilder.org/index.html
 IPMENU - Curses Firewall Frontend   http://users.pandora.be/stes/ipmenu.html
 Fireparse - Firewall Log Parser   http://aaron.marasco.com/linux.html
 SATAN - Port Scanner with a Web Interface   http://www.ibiblio.org/pub/packages/security/Satan-for-Linux/
 Submit a Tools Link or URL   http://www.linuxguruz.com/iptables/#links

Network Security Sites
 PenguinSecurity   http://www.penguinsecurity.net/
 Security Wizards   http://www.secwiz.com/
 WebHostingTalk Technical & Security Issues Page   http://www.webhostingtalk.com/forumdisplay.php?forumid=5
 Submit a Network Security Site Link or URL   http://www.linuxguruz.com/iptables/#links