#!/bin/bash

/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp

#/sbin/modprobe ip_conntrack_pptp 2> /dev/null
#/sbin/modprobe ip_nat_pptp 2> /dev/null

/sbin/modprobe nf_conntrack_pptp 
/sbin/modprobe nf_nat_pptp 

BDAT=`date`
XLOG=/tmp/ips.dat

DIR=`dirname $0`

cd $DIR

. /ips/setup/.config
. /ips/setup/.version

. /ips/ip2/.functions

echo 2> $ELOG > $SLOG

echo -n "$BDAT ... " > $XLOG

if [ 1 = 0 ]; then
    DOIT=1
    COM="test error 1" ; rule "$COM"
    rule "test error 2"
    exit
fi

monitor() {

   $IPS/.monitor --init
   
}

# not log tosed
function  tos2 {

if [ "$QOS_LOG_TOS" = "" ]; then
   return
fi

OURNET="${SUBNET}${ADR}/${SMASK}"

if [ "$QOS_BRIDGE" = "1" ]; then

#    rulea  "INPUT -t mangle -s $OURNET -j TOS --set-tos $QOS_LOG_TOS"
#    rulea "OUTPUT -t mangle -d $OURNET -j TOS --set-tos $QOS_LOG_TOS"

    #COM="FORWARD -t mangle -m physdev ! --physdev-in $ANYDEV -d ${SUBNET}0/16 -j TOS --set-tos $QOS_LOG_TOS"

  if [ "$IMQ" = "" ]; then
    rulei "FORWARD -t mangle -s $OURNET  -d $OURNET -j TOS --set-tos $QOS_LOG_TOS"
  else
    rulea "PREROUTING -t mangle -s $OURNET  -d $OURNET -j TOS --set-tos $QOS_LOG_TOS"
  fi


else

    COM="FORWARD -t mangle -i ! $ANYDEV -o ! $ANYDEV -d ${SUBNET}0/16 -j TOS --set-tos $QOS_LOG_TOS"
    rulei "$COM"

fi

}


# marked treat as local
function  mark2 {

if [ "$QOS_LOC_MARK" = "" ]; then
   return
fi


OURNET="${SUBNET}${ADR}/${SMASK}"

if [ "$QOS_BRIDGE" = "1" ]; then

    rulea  "INPUT -t mangle -s $OURNET -j MARK --set-mark $QOS_LOC_MARK"
    rulea "OUTPUT -t mangle -d $OURNET -j MARK --set-mark $QOS_LOC_MARK"

    #COM="FORWARD -t mangle -m mark ! --mark 1024/0xfc00 -m physdev ! --physdev-in $ANYDEV -d ${SUBNET}0/16 -j MARK --set-mark $QOS_LOC_MARK"
  if [ "$IMQ" = "" ]; then
    rulei "FORWARD -t mangle -s $OURNET -d $OURNET -j MARK --set-mark $QOS_LOC_MARK"
  else
    rulea "PREROUTING -t mangle -s $OURNET -d $OURNET -j MARK --set-mark $QOS_LOC_MARK"
  fi

else

    COM="FORWARD -t mangle -i ! $ANYDEV -o ! $ANYDEV -d ${SUBNET}0/16  -j MARK --set-mark $QOS_LOC_MARK"
    rulea "$COM"

fi

}




function  imqdown {

ip link set imq0 down 2> /dev/null
ip link set imq1 down 2> /dev/null

}

function imqup {


if [ "$IMQ" != "1" -a "$IMQ" != "2" ]; then
   return
fi

    modprobe imq numdevs=2

ip link set imq0 up
ip link set imq1 up


}

function imq2 {


if [ "$IMQ" != "1" -a "$IMQ" != "2" ]; then
   return
fi

if [ "$QOS_BRIDGE" = "1" ]; then

    echo -n "imq0 for i $ANYDEV : " 
    COM="PREROUTING -t mangle -m physdev --physdev-in $ANYDEV  -j IMQ --todev 0"
    ruledi "$COM"
   
else

    echo -n "imq0 for i $ANYDEV : " 
    COM="PREROUTING -t mangle -i $ANYDEV  -j IMQ --todev 0"
    ruledi "$COM"

fi

if [ "$IMQ" = "2" ]; then
echo -n "imq2 for o $ANYDEV : " 
COM="POSTROUTING -t mangle -o $ANYDEV  -j IMQ --todev 1"

#COM="OUTPUT -t mangle -o $ANYDEV  -j IMQ --todev 1"
#ruledi "$COM"
ruleda "$COM"
fi


}

DOIT=1
imqdown

if [ "$QOS_BRIDGE" = "1" ]; then
  allips br0
else
  allips $ANYDEV
fi

export ANYIPS="$ALLIPS"
echo $ANYIPS > ANYIPS
#echo $ANYIPS; exit

if [ "$CONNTRACK_MAX" = "" ]; then
       CONNTRACK_MAX=32768
fi

if [ -f /proc/sys/net/ipv4/ip_conntrack_max ]; then 
    echo $CONNTRACK_MAX > /proc/sys/net/ipv4/ip_conntrack_max 2> /dev/null
fi
if [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_max ]; then
    echo $CONNTRACK_MAX > /proc/sys/net/ipv4/netfilter/ip_conntrack_max 2> /dev/null
fi
if [ -f /proc/sys/net/netfilter/nf_conntrack_max ]; then
    echo $CONNTRACK_MAX > /proc/sys/net/netfilter/nf_conntrack_max 2> /dev/null
fi

if [ "$TCP_TOUT_EST" = "" ]; then
       TCP_TOUT_EST=432000
fi

if [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established ]; then
    echo "$TCP_TOUT_EST" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established 2> /dev/null
fi
if [ -f  /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established ]; then
    echo "$TCP_TOUT_EST" > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established 2> /dev/null
fi


if [ "$PPP" = "1" ]; then

 IP1=`cat IP1 2> /dev/null`
 DEV1=`cat DEV1 2> /dev/null`

else

# Jan 14 2007
 if [ "$ANYIP" = "" ]; then

   if [ "$QOS_BRIDGE" = "1" ]; then
      ANYIP=`/sbin/ifconfig br0 2> /dev/null | grep 'inet addr' | cut -f2-2 -d ':'  | cut -f1-1 -d ' '` 
   else
      ANYIP=`/sbin/ifconfig $ANYDEV 2> /dev/null | grep 'inet addr' | cut -f2-2 -d ':'  | cut -f1-1 -d ' '` 
   fi

    export ANYIP    
    echo $ANYIP > IP1
    echo $ANYDEV > DEV1
 fi 
 
 IP1=$ANYIP
 DEV1=$ANYDEV

fi


PATH=/sbin:$PATH


if [ 1 = 1 ]; then

 for DEV in $LANDEV; do

    IP_=`/sbin/ifconfig $DEV 2> /dev/null`
    if [ $? != 0  ]; then
       LANDEV=
       export LANDEV
       echo "$DEV doesn't exist, (an)other LAN(s) disabled !"
       break    
    fi
    IP_=`/sbin/ifconfig $DEV | grep 'inet addr' | cut -f2-2 -d ':'  | cut -f1-1 -d ' '` 
    echo $IP_ > IP_$DEV
#   export IP_$DEV=$IP_
    eval IP_$DEV=$IP_
    export IP_$DEV


    MA_=`/sbin/ifconfig $DEV | grep 'inet addr' |   cut -f4-4 -d ':' ` 
    echo $MA_ > MA_$DEV
    eval MA_$DEV=$MA_
    export MA_$DEV

    
 done

fi



#*
if [ "$KEEP_DEFAULTROUTE" != "1" ]; then
route del default
fi

# QOS_ACT set in setup/.all.sh avoids resetting of qos
if [ "$QOS_ACT" = "" ]; then

tc qdisc del root dev ppp0 2> /dev/null
tc qdisc del root dev ppp1 2> /dev/null

if [ "$DEV1" != "" ]; then
  tc qdisc del root dev ${DEV1} 2> /dev/null
  tc qdisc add dev ${DEV1} root handle 1: sfq quantum 1500b perturb 5 
fi

fi


if [ "$IP1" = "" ]; then
  echo no interface is active, giving up
  exit 1
fi

if [ "$DEV1" != "" ]; then
  echo interface $DEV1 is active, ok

#*
   if [ "$KEEP_DEFAULTROUTE" != "1" ]; then
      ip route add default nexthop via ${IP1} dev ${DEV1}  weight 1  
   fi

   imqup 2>> $ELOG >> $SLOG

  if [ -f /ips/setup/.NOTIPSALL ]; then

     /ips/ip2/.iptables-restore 2>> $ELOG >> $SLOG
     rm -f /ips/setup/.NOTIPSALL

  else

   ./.ips --doit $IP1 $DEV1 2>> $ELOG >> $SLOG
   # 1.10.5
   if [ $? != 0 ]; then
      echo ".ips error"
      exit 1
   fi

   /ips/ip2/.r2 >> $ELOG >> $SLOG
   
   imq2 2>> $ELOG >> $SLOG
   
#    ./.firewall $IP1 $DEV1 		       


#    if [ "$QOS_IPTABLESX" = "" ]; then
        monitor
#    fi	

    tos2
    mark2


    /ips/ip2/.iptables-save


  fi

  EDAT=`date`
  echo  "$EDAT" >> $XLOG
   
  exit 0
  
fi

