<?php

if (isset($_SERVER['REMOTE_ADDR'])) die();

$Enabled = 1;
$ClassesEnabled = 1;
include_once('../../../Common/Global.php');
NactiMesicniParametry(0);

// Generate traffic shaping rules
//$TotalMaxSpeedIn = 4048; //$RealMaxSpeed; //1536;
//TotalMaxSpeedOut = 3048; //$RealMaxSpeed; //1536;
//$UsersMaxSpeedIn = 1900; //$MaxSpeed;
//$UsersMaxSpeedOut = 1900; //$MaxSpeed;

$InDivider = 1;
$OutDivider = 1;
$TotalMaxSpeedIn = round($RealMaxSpeed / $InDivider);
$TotalMaxSpeedOut = round($RealMaxSpeed / $OutDivider);
$UsersMaxSpeedIn = round($MaxSpeed / $InDivider);
$UsersMaxSpeedOut = round($MaxSpeed / $OutDivider);
$VoipMaxSpeedIn = $TotalMaxSpeedIn - 136;
$VoipMaxSpeedOut = $TotalMaxSpeedOut - 136;
$VoipSpeedIn = 100; //$SpeedReserve;
$VoipSpeedOut = 100; //$SpeedReserve;
$OutInterface = $InetInterface;
$InInterface = 'ifb0';
$FreeInetSpeed = 64;


  $FileClassInfo = fopen('/tmp/ClassInfo.txt', 'w+');
  $File = fopen('/a/bin/htb.sh', 'w+');
  fputs($File, "#!/bin/sh\n");
  exec('/sbin/iptables -t mangle -F FORWARD');
  exec('/sbin/iptables -t mangle -F INPUT');
  exec('/sbin/iptables -t mangle -F OUTPUT');
  exec('/sbin/iptables -t mangle -F PREROUTING');
  exec('/sbin/iptables -t mangle -F POSTROUTING');
  if ($Enabled)
  {
    //exec('/sbin/iptables -t mangle -A FORWARD -j MARK --set-mark 0');
    //exec('/sbin/iptables -t mangle -i eth1 -A FORWARD -j MARK --set-mark 1');
    //exec('/sbin/iptables -t mangle -o eth1 -A FORWARD -j MARK --set-mark 1');
  }

  $FreeInetClass = 2;

  // In going traffic
  fputs($File, "/sbin/tc qdisc del dev ".$InInterface." root\n");
  if ($Enabled)
  {
    fputs($File, "/sbin/tc qdisc add dev ".$InInterface." root handle 1:0 htb default 2\n");
    fputs($FileClassInfo, "1:1 Základní\n");
    fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedIn."kbit quantum 1500\n");
    fputs($FileClassInfo, "1:2 Internet zdarma\n");
    fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:1 classid 1:".$FreeInetClass." htb rate ".$FreeInetSpeed."kbit prio 3 quantum 1500\n");
    fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
  }
  // Out going traffic
  fputs($File, "/sbin/tc qdisc del dev ".$OutInterface." root\n");
  if ($Enabled)
  {
    fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." root handle 1:0 htb default 2\n");
    fputs($FileClassInfo, "1:1 Základní\n");
    fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedOut."kbit quantum 1500\n");
    fputs($FileClassInfo, "1:2 Internet zdarma\n");
    fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:1 classid 1:".$FreeInetClass." htb rate ".$FreeInetSpeed."kbit prio 3 quantum 1500\n");
    fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
  }

  if (!$Enabled) die("Traffic shaping disabled\n");

  if ($ClassesEnabled)
  {
  $ClassId = 3;

  // VoIP
  $VoipClassId = $ClassId;
  $ClassId = $ClassId + 1;
  $Prio = 0; // Highest

  // VoIP in going traffic
  fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedIn."kbit ceil ".$VoipMaxSpeedIn."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");
  fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");
  fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");
  // VoIP out going traffic
  fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedOut."kbit ceil ".$VoipMaxSpeedOut."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");
  fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");
  fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");
  fputs($FileClassInfo, '1:'.$VoipClassId." VoIP\n");


  // Users hosts
  //DB_Select('users', 'COUNT(*)', 'inet=1');
  //$Row = DB_Row();
  //$InetUserCount = $Row[0];
  //$SpeedIn = round($UsersMaxSpeedIn / $InetUserCount);
  //$SpeedOut = round($UsersMaxSpeedOut / $InetUserCount);
  $Prio = 1;


  $AllUsersClassId = $ClassId;
  $ClassId = $ClassId + 1;
  fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedIn."kbit prio 1 quantum 1500\n");
  fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedOut."kbit prio 1 quantum 1500\n");
  fputs($FileClassInfo, '1:'.$AllUsersClassId." Všichni uivatelé\n");

  // Torrent sharing
  $TorrentClassId = $ClassId;
  $ClassId = $ClassId + 1;
  $Prio = 2; // Lowest
  $TorrentSpeedOut = 4;

  // Torrent out going traffic
  fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");
  fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");
  fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
  fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");
  // Torrent in going traffic
  fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");
  fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");
  fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
  fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");

  $DbResult = $Database->select('users', '*, CONCAT(second_name, " ", first_name) as fullname', '(inet=1)');
  while ($User = $DbResult->fetch_array())
  {
    $UserClassId = $ClassId;
    $ClassId = $ClassId + 1;
    $SpeedIn = round($Tarify[$User['inet_tarif_now']]['InternetSpeedMin'] / $InDivider);
    $SpeedOut = round($Tarify[$User['inet_tarif_now']]['InternetSpeedMin'] / $OutDivider);
    $UserMaxSpeedIn = round($Tarify[$User['inet_tarif_now']]['InternetSpeedMax'] / $InDivider);
    $UserMaxSpeedOut = round($Tarify[$User['inet_tarif_now']]['InternetSpeedMax'] / $OutDivider);
    $Quantum = $Tarify[$User['inet_tarif_now']]['speed_factor'] * 1500;

    fputs($File, "# === ".$User['fullname']." ===\n");
    fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio 1 quantum ".$Quantum."\n");
    //fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");
    //fputs($File, "/sbin/tc class add dev ".$InInterface." parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedIn."bit prio 1\n");
    fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio 1 quantum ".$Quantum."\n");
    //fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");
    //fputs($File, "/sbin/tc class add dev ".$OutInterface." parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedOut."bit prio 1\n");
    fputs($FileClassInfo, '1:'.$UserClassId.' '.$User['fullname']."\n");

    //echo('User class id: '.$UserClassId."\n");

    $DbResult2 = $Database->select('hosts', 'COUNT(*)', "block=0 AND MAC!='' AND user=".$User['id']);
    $Row = $DbResult2->fetch_array();
    $HostCount = $Row[0];
    $HostSpeedIn = round($SpeedIn / $HostCount);
    $HostSpeedOut = round($SpeedOut / $HostCount);

    $DbResult2 = $Database->select('hosts','*',"block=0 AND MAC!='' AND user=".$User['id']);
    while ($Host = $DbResult2->fetch_array())
    //if ($Row['name'] != 'WOW')
    {
      $HostClassId = $ClassId;
      $ClassId = $ClassId + 1;
      fputs($File, "# ".$Host['name']."\n");
      fputs($FileClassInfo, '1:'.$HostClassId.' '.$Host['name']."\n");
      //echo('  Host class id: '.$HostClassId."\n");
    //if ($User['inet'] == 1)
      {
        $Prio = 1;
        if ($Host['vpn'] == 1)
        {
          if ($Host['external_ip'] != '') $Host['IP'] = $Host['external_ip'];
          else $Host['IP'] = ToVpnIp($Host);
        }

        //if ($Host['name'] == 'TERMINAL') $SpeedDivider = 0.5;
          //else
        $SpeedDivider = 1;

        if ($Host['name'] == 'centrala')
        {
          $Host['IP'] = $Host['external_ip'];
          $TableOut = 'OUTPUT';
          $TableIn = 'INPUT';
         } else
         {
           $TableOut = 'FORWARD';
           $TableIn = 'FORWARD';
         }
        //if ($Row['name'] == 'TERMINAL2') $Prio = 0;
        //  if ($Row['name'] = 'TERMINAL2') $Prio = 0;
        if ($Host['name'] == 'voip-hajda') $Protocol = ' -p tcp';
        else $Protocol = '';
        //  if ($Host['name'] == 'KARLOS') $UserMaxSpeedIn = 128000;
        /*
if ($Host['name'] == 'GAME')
        {
          exec('/sbin/iptables -t mangle -F game-server');
          $TableOut = 'game-server';
          $TableIn = 'game-server';
        }*/
        //if ($Host['name'] == 'TBC') continue;

        // In going traffic
        //exec('/sbin/iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
        fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio ".$Prio." quantum ".$Quantum."\n");
        fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
        //fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
        fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip prio 1 u32 match ip dst ".$Host['external_ip']."/32 flowid 1:".$HostClassId."\n");

        // Out going traffic
        //exec('/sbin/iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
        fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio ".$Prio." quantum ".$Quantum."\n");
        fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
        //fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
        fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip prio 1 u32 match ip src ".$Host['external_ip']."/32 flowid 1:".$HostClassId."\n");
         //echo($Row['id'].',');
      }
      // Free inet
      if ($Tarify[$User['inet_tarif_now']]['group_id'] == 3)
      {
        //exec('/sbin/iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
        //exec('/sbin/iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
      }
      // VoIP devices
/*
      if (($Host['name'] == 'HAJDA-VOIP') || ($Host['name'] == 'NAVRATIL-VOIP'))
      {
        exec('/sbin/iptables -t mangle -A '.$TableIn." -i eth1 -d ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);
        exec('/sbin/iptables -t mangle -A '.$TableOut." -o eth1 -s ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);
      } else
      if ($Host['name'] == 'GAME')
      {
        exec('/sbin/iptables -t mangle -A FORWARD -o eth1 -s '.$Host['IP']." -j game-server");
        exec('/sbin/iptables -t mangle -A FORWARD -i eth1 -d '.$Host['IP']." -j game-server");

        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
        //exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 10886 -j MARK --set-mark ".$TorrentClassId);
        // default torrents
        //exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 10886 -j MARK --set-mark ".$TorrentClassId);

        // Local services
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId); // ICMP
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId);
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 6969 -j MARK --set-mark ".$HostClassId); // web torrent
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 6969 -j MARK --set-mark ".$HostClassId);
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId);   // web
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId);
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 21 -j MARK --set-mark ".$HostClassId);    // FTP
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 21 -j MARK --set-mark ".$HostClassId);
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8085 -j MARK --set-mark ".$HostClassId);  // wow game server
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 8085 -j MARK --set-mark ".$HostClassId);
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3724 -j MARK --set-mark ".$HostClassId);  // wow login server
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3724 -j MARK --set-mark ".$HostClassId);
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 22 -j MARK --set-mark ".$HostClassId);    // wow game server
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 22 -j MARK --set-mark ".$HostClassId);
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId);   // https
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId);
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 27015 -j MARK --set-mark ".$HostClassId); // Counter Strike
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 27015 -j MARK --set-mark ".$HostClassId);
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5905 -j MARK --set-mark ".$HostClassId);  // VNC
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5905 -j MARK --set-mark ".$HostClassId);
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5906 -j MARK --set-mark ".$HostClassId);  // VNC
        exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5906 -j MARK --set-mark ".$HostClassId);

  // Remote services
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId);   // https
  exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId);
        exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId);   // http
  exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId);

      }
*/

    }
  }
  //echo($Row['id'].',');

  }

  // In going traffic
  // exec('/sbin/iptables -t mangle -A FORWARD -m mark --mark 1 -j LOG --log-prefix "TRAFFIC " --log-level info');
  //exec('/sbin/iptables -t mangle -A FORWARD -i eth1 -j IMQ --todev 0');
  //exec('/sbin/iptables -t mangle -A INPUT -i eth1 -j IMQ --todev 0');
  // Out going traffic
  //exec('/sbin/iptables -t mangle -A FORWARD -o eth1 -j IMQ --todev 1');
  //exec('/sbin/iptables -t mangle -A OUTPUT -o eth1 -j IMQ --todev 1');

  fputs($File, "\n# Interface redirection\n");
  fputs($File, "/sbin/tc qdisc del dev ".$InetInterface." ingress\n");
  fputs($File, "/sbin/tc qdisc add dev ".$InetInterface." ingress\n");
  fputs($File, "/sbin/tc filter add dev ".$InetInterface." parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0\n");

  //fputs($File, "/sbin/tc qdisc del dev ".$InetInterface." root handle 1: htb default 10\n");
  //fputs($File, "/sbin/tc qdisc add dev ".$InetInterface." root handle 1: htb default 10\n");
  //fputs($File, "/sbin/tc filter add dev ".$InetInterface." parent 1: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb1\n");

  //exec('/sbin/iptables-save >/etc/sysconfig//sbin/iptables');
  fclose($File);
  fclose($FileClassInfo);