welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Check return code when throttling users

Browse source
This commit is contained in:
fred_nerk 2004-05-24 04:28:41 +00:00
parent 1af4c16721
commit 010ee3abba
2 changed files with 39 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

49
rl.c
View file

@ -1,32 +1,32 @@
// L2TPNS Rate Limiting Stuff // L2TPNS Rate Limiting Stuff
// $Id: rl.c,v 1.3 2004/04/05 05:29:13 fred_nerk Exp $ // $Id: rl.c,v 1.4 2004/05/24 04:28:41 fred_nerk Exp $
#include <arpa/inet.h>
#include <errno.h>
#include <malloc.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/file.h> #include <sys/file.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <errno.h> #include <sys/types.h>
#include <string.h> #include <sys/wait.h>
#include <time.h>
#include <unistd.h> #include <unistd.h>
#include <stdlib.h>
#include <malloc.h>
#include "l2tpns.h" #include "l2tpns.h"
extern radiust *radius; extern radiust *radius;
extern sessiont *session; extern sessiont *session;
extern u32 sessionid; extern u32 sessionid;
extern int radfd;
extern tbft *filter_buckets; extern tbft *filter_buckets;
extern struct configt *config; extern struct configt *config;
#define DEVICE "tun0" #define DEVICE "tun0"
int next_tbf = 1;
void init_rl() void init_rl()
{ {
char *commands[] = { char *commands[] = {
"tc qdisc add dev " DEVICE " root handle 1: htb", "tc qdisc add dev " DEVICE " root handle 1: htb",
"tc class add dev " DEVICE " parent 1: classid 1:1 htb rate 100mbit burst 300k",
"tc filter del dev " DEVICE " protocol ip pref 1 fw", "tc filter del dev " DEVICE " protocol ip pref 1 fw",
"iptables -t mangle -N throttle 2>&1 >/dev/null", "iptables -t mangle -N throttle 2>&1 >/dev/null",
"iptables -t mangle -F throttle 2>&1 >/dev/null", "iptables -t mangle -F throttle 2>&1 >/dev/null",
@ -50,22 +50,31 @@ u16 rl_create_tbf()
char cmd[2048]; char cmd[2048];
if (!config->rl_rate) return 0; if (!config->rl_rate) return 0;
if (next_tbf >= MAXSESSION) return 0; t = ++config->next_tbf;
t = next_tbf++; if (config->next_tbf >= MAXSESSION) return 0;
snprintf(filter_buckets[t].handle, 9, "1:%d0", t); snprintf(filter_buckets[t].handle, 9, "1:%d0", t);
log(2, 0, 0, 0, "Creating new htb %s\n", filter_buckets[t].handle); log(2, 0, 0, 0, "Creating new htb %s\n", filter_buckets[t].handle);
snprintf(cmd, 2048, "tc class add dev " DEVICE " parent 1: classid %s htb rate %lukbit burst 15k", snprintf(cmd, 2048, "tc class add dev " DEVICE " parent 1: classid %s htb rate %lukbit burst 15k",
filter_buckets[t].handle, config->rl_rate); filter_buckets[t].handle, config->rl_rate);
log(3, 0, 0, 0, "%s\n", cmd); log(3, 0, 0, 0, "%s\n", cmd);
system(cmd); if (WEXITSTATUS(system(cmd)) != 0)
{
memset(filter_buckets[t].handle, 0, sizeof(filter_buckets[t].handle));
log(0, 0, 0, 0, "tc returned an error creating a token bucket\n");
return 0;
}
snprintf(cmd, 2048, "tc filter add dev " DEVICE " protocol ip parent 1:0 prio 1 handle %d fw flowid %s", snprintf(cmd, 2048, "tc filter add dev " DEVICE " protocol ip parent 1:0 prio 1 handle %d fw flowid %s",
t, filter_buckets[t].handle); t, filter_buckets[t].handle);
log(3, 0, 0, 0, "%s\n", cmd); log(3, 0, 0, 0, "%s\n", cmd);
system(cmd); if (WEXITSTATUS(system(cmd)) != 0)
{
memset(filter_buckets[t].handle, 0, sizeof(filter_buckets[t].handle));
log(0, 0, 0, 0, "tc returned an error creating a filter\n");
return 0;
}
next_tbf++;
return t; return t;
} }
@ -76,13 +85,13 @@ u16 rl_get_tbf()
for (i = 1; i < MAXSESSION; i++) for (i = 1; i < MAXSESSION; i++)
{ {
if (!filter_buckets[i].in_use && *filter_buckets[i].handle) if (!*filter_buckets[i].handle) continue;
{ if (filter_buckets[i].in_use) continue;
filter_buckets[i].in_use = 1; filter_buckets[i].in_use = 1;
log(2, 0, 0, 0, "Returning tbf %s\n", filter_buckets[i].handle); log(2, 0, 0, 0, "Returning tbf %s\n", filter_buckets[i].handle);
return i; return i;
} }
}
i = rl_create_tbf(); i = rl_create_tbf();
if (i) filter_buckets[i].in_use = 1; if (i) filter_buckets[i].in_use = 1;
return i; return i;
@ -91,7 +100,6 @@ u16 rl_get_tbf()
void rl_done_tbf(u16 t) void rl_done_tbf(u16 t)
{ {
if (!t) return; if (!t) return;
if (!config->rl_rate) return;
log(2, 0, 0, 0, "Freeing up HTB %s\n", filter_buckets[t].handle); log(2, 0, 0, 0, "Freeing up HTB %s\n", filter_buckets[t].handle);
filter_buckets[t].in_use = 0; filter_buckets[t].in_use = 0;
} }
@ -106,9 +114,8 @@ void rl_destroy_tbf(u16 t)
return; return;
} }
snprintf(cmd, 2048, "tc qdisc del dev " DEVICE " handle %s", filter_buckets[t].handle); snprintf(cmd, 2048, "tc qdisc del dev " DEVICE " handle %s", filter_buckets[t].handle);
system(cmd); if (WEXITSTATUS(system(cmd)) != 0)
system("iptables -t mangle -D l2tpns -j throttle 2>&1 >/dev/null"); log(0, 0, 0, 0, "tc returned an error deleting a token bucket\n");
system("iptables -t mangle -X throttle 2>&1 >/dev/null");
memset(filter_buckets[t].handle, 0, sizeof(filter_buckets[t].handle)); memset(filter_buckets[t].handle, 0, sizeof(filter_buckets[t].handle));
} }

13
throttle.c
View file

@ -1,5 +1,5 @@
// L2TPNS Throttle Stuff // L2TPNS Throttle Stuff
// $Id: throttle.c,v 1.2 2004/03/05 00:09:03 fred_nerk Exp $ // $Id: throttle.c,v 1.3 2004/05/24 04:29:21 fred_nerk Exp $
#include <stdio.h> #include <stdio.h>
#include <sys/file.h> #include <sys/file.h>
@ -19,7 +19,6 @@
extern radiust *radius; extern radiust *radius;
extern sessiont *session; extern sessiont *session;
extern u32 sessionid; extern u32 sessionid;
extern int radfd;
extern tbft *filter_buckets; extern tbft *filter_buckets;
extern struct configt *config; extern struct configt *config;
@ -41,12 +40,16 @@ int throttle_session(sessionidt s, int throttle)
log(1, 0, s, session[s].tunnel, "Error creating a filtering bucket for user %s\n", session[s].user); log(1, 0, s, session[s].tunnel, "Error creating a filtering bucket for user %s\n", session[s].user);
return 0; return 0;
} }
log(2, 0, s, session[s].tunnel, "Throttling session %d for user %s\n", s, session[s].user); log(2, 0, s, session[s].tunnel, "Throttling session %d for user %s (bucket %s)\n", s, session[s].user, filter_buckets[session[s].tbf].handle);
snprintf(cmd, 2048, "iptables -t mangle -A throttle -d %s -j MARK --set-mark %d", snprintf(cmd, 2048, "iptables -t mangle -A throttle -d %s -j MARK --set-mark %d",
inet_toa(ntohl(session[s].ip)), inet_toa(ntohl(session[s].ip)),
session[s].tbf); session[s].tbf);
log(4, 0, s, session[s].tunnel, "Running %s\n", cmd); log(4, 0, s, session[s].tunnel, "Running %s\n", cmd);
system(cmd); if (WEXITSTATUS(system(cmd)) != 0)
{
log(2, 0, s, session[s].tunnel, "iptables returned an error. Session is not throttled\n");
return 0;
}
} }
else else
{ {
@ -69,6 +72,6 @@ int throttle_session(sessionidt s, int throttle)
} }
} }
session[s].throttle = throttle; session[s].throttle = throttle;
return 0; return session[s].throttle;
} }