Changeset 43154f8625f76af133f75133b2517fd6565f6b35

Timestamp:

07/29/10 23:34:53 (22 months ago)

Author:

Neutron Soutmun <neo.neutron@…>

Children:

3cbe0c2fb30e0b5337ba35e14fb6cafda374e7b9

Parents:

732bc1be8e814ff17f8d31268e1de28124d93aeb

git-committer:

Neutron Soutmun <neo.neutron@…> (07/29/10 23:34:53)

Message:

Add implementation of class-of-service

• Add new implementation of class-of-service which respect to the RADIUS Attribute "WISPr-Billing-Class-Of-Service"
• Remove the concept of vip users and use the class-of-service concept which more flexibility instead.
• Update the firewall script which "--option ! xxx" is deprecated and should replaced by "! --option xxx".
• Update the firewall script to support the serviceclass concept.
• Update weblogin which should send the class-of-service name when RADIUS return this attribute back.
• src/include has been removed (no needs).

Files:

• configure.ac (modified) (1 diff)
• src/Makefile.am (modified) (3 diffs)
• src/include/linux/netfilter_ipv4/ip_set.h (deleted)
• src/include/linux/netfilter_ipv4/ip_set_rahunas.h (deleted)
• src/ipset/ip_set.h (modified) (1 diff)
• src/ipset/ip_set_hashes.h (added)
• src/ipset/ip_set_rahunas_ipiphash.h (added)
• src/rahunasd.c (modified) (6 diffs)
• src/rahunasd.h (modified) (1 diff)
• src/rh-config.c (modified) (11 diffs)
• src/rh-config.h (modified) (5 diffs)
• src/rh-ipset.c (modified) (2 diffs)
• src/rh-ipset.h (modified) (1 diff)
• src/rh-server.c (modified) (1 diff)
• src/rh-server.h (modified) (2 diffs)
• src/rh-serviceclass.c (added)
• src/rh-serviceclass.h (added)
• src/rh-task-dbset.c (modified) (6 diffs)
• src/rh-task-memset.c (modified) (2 diffs)
• src/rh-task-serviceclass.c (added)
• src/rh-task-serviceclass.h (added)
• src/rh-task.c (modified) (1 diff)
• src/rh-task.h (modified) (1 diff)
• src/rh-xmlrpc-server.c (modified) (4 diffs)
• tools/rahunas-firewall.in (modified) (18 diffs)
• tools/rahunas-vipmap.in (deleted)
• weblogin/login.php (modified) (4 diffs)

configure.ac

@@ -62 +62 @@
   tools/rahunas-firewall
   tools/rahunas-bandwidth
-  tools/rahunas-vipmap
   tools/rahunas-weblogin-config-update
   example/Makefile

src/Makefile.am

@@ -9 +9 @@
   $(LIBGDA_CFLAGS) \
   -I$(top_srcdir)/src/ \
-  -I$(top_srcdir)/src/include/ \
   -DRAHUNAS_VERSION=\"$(RAHUNAS_VERSION)\" \
   -DPROGRAM=\"$(PROGRAM)\" \
@@ -45 +44 @@
   rh-task-bandwidth.c \
   rh-task-bandwidth.h \
+  rh-task-serviceclass.c \
+  rh-task-serviceclass.h \
   rh-radius.h \
   rh-config.c \
-  rh-config.h
+  rh-config.h \
+  rh-serviceclass.h \
+  rh-serviceclass.c
 
 rahunasd_LDADD =  \
@@ -54 +57 @@
   $(LIBGNET_LIBS) \
   $(LIBGDA_LIBS)
-
-noinst_HEADERS = \
-  include/linux/netfilter_ipv4/ip_set.h \
-  include/linux/netfilter_ipv4/ip_set_rahunas.h
-

src/ipset/ip_set.h

@@ -1 +1 @@
 #ifndef _IP_SET_H
 #define _IP_SET_H
+
+#include <inttypes.h>
 
 /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>

src/rahunasd.c

@@ -29 +29 @@
 struct main_server rh_main_server_instance = {
   .vserver_list = NULL,
+  .serviceclass_list = NULL,
   .task_list = NULL,
 };
@@ -177 +178 @@
   }
 
+  /* Get serviceclass config, again */
+  if (rh_main_server->main_config->serviceclass_conf_dir != NULL) {
+    get_serviceclass_config(rh_main_server->main_config->serviceclass_conf_dir,
+                            rh_main_server);
+  } else {
+    syslog(LOG_ERR, "The main configuration file is incompleted, lack of serviceclass_conf_dir\n");
+    exit(EXIT_FAILURE);
+  }
+
+  walk_through_serviceclass(&serviceclass_reload, rh_main_server);
+  serviceclass_unused_cleanup(rh_main_server);
+
   walk_through_vserver(&vserver_reload, rh_main_server);
   vserver_unused_cleanup(rh_main_server);
@@ -284 +297 @@
   if (member->session_id && member->session_id != termstring)
     free(member->session_id);
+
+  if (member->serviceclass_name && member->serviceclass_name != termstring)
+    free(member->serviceclass_name);
+
+  if (member->mapping_ip && member->mapping_ip != termstring)
+    free(member->mapping_ip);
 }
 
@@ -299 +318 @@
   union rahunas_config rh_main_config = {
     .rh_main.conf_dir = NULL,
+    .rh_main.serviceclass_conf_dir = NULL,
     .rh_main.log_file = NULL,
     .rh_main.dhcp = NULL,
     .rh_main.polling_interval = POLLING,
     .rh_main.bandwidth_shape = BANDWIDTH_SHAPE,
+    .rh_main.serviceclass = 0,
   };
 
@@ -343 +364 @@
   }
 
+  if (rh_main_server->main_config->serviceclass) {
+    /* Get serviceclass config */
+    if (rh_main_server->main_config->serviceclass_conf_dir != NULL) {
+      get_serviceclass_config(rh_main_server->main_config->serviceclass_conf_dir,
+                              rh_main_server);
+    } else {
+      syslog(LOG_ERR, "The main configuration file is incompleted, lack of serviceclass_conf_dir\n");
+      exit(EXIT_FAILURE);
+    }
+  }
+
+
   snprintf(version, sizeof (version), "Starting %s - Version %s", PROGRAM, 
            RAHUNAS_VERSION);
@@ -349 +382 @@
   rh_task_register(rh_main_server);
   rh_task_startservice(rh_main_server);
+
+  if (rh_main_server->main_config->serviceclass)
+    walk_through_serviceclass(&serviceclass_init, rh_main_server);
 
   walk_through_vserver(&rh_task_init, rh_main_server);

src/rahunasd.h

@@ -59 +59 @@
   long bandwidth_max_up;
   unsigned short bandwidth_slot_id;
+  char *serviceclass_name;
+  uint32_t serviceclass_slot_id;
+  char *mapping_ip;
   char *username;
   char *session_id;

src/rh-config.c

@@ -45 +45 @@
   if (strncmp(main_key, "main", 4) == 0) {
     cfg_type = MAIN;
-
-  } if (strncmp(main_key, "service_class", strlen ("service_class")) == 0) {
+  } else if (strncmp(main_key, "service_class", strlen ("service_class")) == 0) {
     cfg_type = SERVICECLASS;
   } else {
@@ -60 +59 @@
           free(config->rh_main.conf_dir);
         config->rh_main.conf_dir = strdup(value);
+      } else if (strncmp(sub_key, "serviceclass_conf_dir", 21) == 0) {
+        if (config->rh_main.serviceclass_conf_dir != NULL)
+          free(config->rh_main.serviceclass_conf_dir);
+        config->rh_main.serviceclass_conf_dir = strdup(value);
       } else if (strncmp(sub_key, "log_file", 8) == 0) {
         if (config->rh_main.log_file != NULL)
@@ -68 +71 @@
           free(config->rh_main.dhcp);
         config->rh_main.dhcp = strdup(value);
+      } else if (strncmp(sub_key, "serviceclass", 12) == 0) {
+        config->rh_main.serviceclass = strncmp(value, "yes", 3) == 0 ? 1 : 0;
       } else if (strncmp(sub_key, "bandwidth_shape", 15) == 0) {
-        if (strncmp(value, "yes", 3) == 0)
-          config->rh_main.bandwidth_shape = 1; 
-        else
-          config->rh_main.bandwidth_shape = 0;
+        config->rh_main.bandwidth_shape = strncmp(value, "yes", 3) == 0 ? 1 : 0;
       } else if (strncmp(sub_key, "bittorrent_download_max", 23) == 0) {
         config->rh_main.bittorrent_download_max = atoi(value); 
@@ -83 +85 @@
 
     case SERVICECLASS:
-      if (strncmp (sub_key, "name", strlen("name")) == 0) {
-        if (config->rh_serviceclass.name != NULL)
-          free(config->rh_serviceclass.name);
-        config->rh_serviceclass.name = strdup(value);
+      if (strncmp (sub_key, "serviceclass_id",
+            strlen("serviceclass_id")) == 0) {
+        config->rh_serviceclass.serviceclass_id = atoi (value);
+      } else if (strncmp (sub_key, "serviceclass_name", strlen("serviceclass_name")) == 0) {
+        if (config->rh_serviceclass.serviceclass_name != NULL)
+          free(config->rh_serviceclass.serviceclass_name);
+        config->rh_serviceclass.serviceclass_name = strdup(value);
       } else if (strncmp (sub_key, "description", strlen("description")) == 0) {
         if (config->rh_serviceclass.description != NULL)
@@ -114 +119 @@
             else
               {
-                // Start address should not be the network address
-                config->rh_serviceclass.start_addr.s_addr += 1;
                 DP ("service_class: %s - start ip = %s, size: %d",
-                    config->rh_serviceclass.name,
+                    config->rh_serviceclass.serviceclass_name,
                     inet_ntoa (config->rh_serviceclass.start_addr),
                     config->rh_serviceclass.network_size);
@@ -130 +133 @@
 
         if (!valid) {
-          if (config->rh_serviceclass.name != NULL) {
+          if (config->rh_serviceclass.serviceclass_name != NULL) {
             syslog(LOG_ERR, "\"%s\" service_class config config error: "
                             "invalid network %s",
-                            config->rh_serviceclass.name, value);
+                            config->rh_serviceclass.serviceclass_name, value);
           } else {
             syslog(LOG_ERR, "unknown service_class config error: "
@@ -139 +142 @@
           }
         }
-      } else if (strncmp (sub_key, "fake_arpd", strlen("fake_arpd")) == 0) {
-        if (config->rh_serviceclass.fake_arpd != NULL)
-          free(config->rh_serviceclass.fake_arpd);
-        config->rh_serviceclass.fake_arpd = strdup(value);
       } else if (strncmp (sub_key, "fake_arpd_iface",
                  strlen("fake_arpd_iface")) == 0) {
@@ -148 +147 @@
           free(config->rh_serviceclass.fake_arpd_iface);
         config->rh_serviceclass.fake_arpd_iface = strdup(value);
+      } else if (strncmp (sub_key, "fake_arpd", strlen("fake_arpd")) == 0) {
+        if (config->rh_serviceclass.fake_arpd != NULL)
+          free(config->rh_serviceclass.fake_arpd);
+        config->rh_serviceclass.fake_arpd = strdup(value);
       }
       break;
@@ -374 +377 @@
 }
 
+int get_serviceclass_config(const char *conf_dir, struct main_server *server)
+{
+  DIR *dp;
+  struct dirent *dirp;
+  void *data = NULL;
+  size_t len;
+  char conf_file[200];
+
+  if ((dp = opendir(conf_dir)) == NULL)
+    return errno;
+
+  while ((dirp = readdir(dp)) != NULL) {
+    if (strstr(dirp->d_name, ".conf") == NULL)
+      continue;
+
+    memset(conf_file, 0, sizeof(conf_file));
+
+    strncat(conf_file, conf_dir, sizeof(conf_file));
+    strncat(conf_file, "/", 1);
+    strncat(conf_file, dirp->d_name, sizeof(conf_file));
+
+    syslog(LOG_INFO, "Loading service class config file: %s", conf_file);
+
+    register_serviceclass(server, conf_file);
+  }
+
+  closedir(dp);
+  return 0;
+}
 
 int cleanup_vserver_config(struct rahunas_vserver_config *config)
@@ -416 +448 @@
 int cleanup_serviceclass_config(struct rahunas_serviceclass_config *config)
 {
-  rh_free(&(config->name));
+  rh_free(&(config->serviceclass_name));
   rh_free(&(config->description));
   rh_free(&(config->network));
@@ -428 +460 @@
 {
   rh_free(&(config->conf_dir));  
+  rh_free(&(config->serviceclass_conf_dir));
   rh_free(&(config->log_file));
   rh_free(&(config->dhcp));

src/rh-config.h

@@ -9 +9 @@
 #include "../lcfg/lcfg_static.h"
 #include "rh-server.h"
+#include "rh-serviceclass.h"
 
 #define DEFAULT_LOG RAHUNAS_LOG_DIR "rahunas.log"
@@ -35 +36 @@
 struct rahunas_main_config {
   char *conf_dir;
+  char *serviceclass_conf_dir;
   char *log_file;
   char *dhcp;
+  int  serviceclass;
   int  bandwidth_shape;
   int  bittorrent_download_max;
   int  bittorrent_upload_max;
   int  polling_interval;
-  int  service_class_enabled;
 };
 
@@ -85 +87 @@
 
 struct rahunas_serviceclass_config {
-  char *name;
+  char *serviceclass_name;
+  int  serviceclass_id;
+  int  init_flag;
   char *description;
   char *network;
@@ -114 +118 @@
 };
 
+enum serviceclass_config_init_flag {
+  SC_NONE,
+  SC_INIT,
+  SC_RELOAD,
+  SC_RESET,
+  SC_DONE
+};
+
 extern GList *interfaces_list;
 
@@ -119 +131 @@
 int get_value(const char *cfg_file, const char *key, void **data, size_t *len);
 int get_vservers_config(const char *conf_dir, struct main_server *server);
+int get_serviceclass_config(const char *conf_dir, struct main_server *server);
 int cleanup_vserver_config(struct rahunas_vserver_config *config);
 int cleanup_serviceclass_config(struct rahunas_serviceclass_config *config);

src/rh-ipset.c

@@ -10 +10 @@
 #include <unistd.h>
 #include <syslog.h>
+#include <ipset/ip_set_rahunas_ipiphash.h>
 #include "rh-ipset.h"
 #include "rh-utils.h"
@@ -297 +298 @@
 }
 
+int set_ipiphash_adtip(struct set *rahunas_set, const char *ip,
+                       const char *ip1, unsigned op)
+{
+  ip_set_ip_t _ip;
+  ip_set_ip_t _ip1;
+  parse_ip(ip, &_ip);
+  parse_ip(ip1, &_ip1);
+
+  return set_adtip_nb(rahunas_set, &_ip, &_ip1, op);
+}
+
+int set_ipiphash_adtip_nb(struct set *rahunas_set, ip_set_ip_t *ip,
+                          ip_set_ip_t *ip1, unsigned op)
+{
+  struct ip_set_req_adt *req_adt = NULL;
+  struct ip_set_req_rahunas_ipiphash req;
+
+  size_t size;
+  void *data;
+  int res = 0;
+
+  check_protocolversion ();
+
+  if (rahunas_set == NULL)
+    return -1;
+
+  size = ALIGNED(sizeof(struct ip_set_req_adt)) + sizeof(struct ip_set_req_rahunas_ipiphash);
+  data = rh_malloc(size);
+
+  memcpy(&req.ip, ip, sizeof(ip_set_ip_t));
+  memcpy(&req.ip1, ip1, sizeof(ip_set_ip_t));
+
+  req_adt = (struct ip_set_req_adt *) data;
+  req_adt->op = op;
+  req_adt->index = rahunas_set->index;
+  memcpy(data + ALIGNED(sizeof(struct ip_set_req_adt)), &req,
+           sizeof(struct ip_set_req_rahunas_ipiphash));
+
+  if (kernel_sendto_handleerrno(op, data, size) == -1)
+    switch (op) {
+    case IP_SET_OP_ADD_IP:
+      DP("%s:%s is already in set", ip_tostring(ip), ip_tostring(ip1));
+      res = RH_IS_IN_SET;
+      break;
+    case IP_SET_OP_DEL_IP:
+      DP("%s:%s is not in set", ip_tostring(ip), ip_tostring(ip1));
+      res = RH_IS_NOT_IN_SET;
+      break;
+    case IP_SET_OP_TEST_IP:
+      DP("%s:%s is in set", ip_tostring(ip), ip_tostring(ip1));
+      res = RH_IS_IN_SET;
+      break;
+    default:
+      break;
+    }
+  else
+    switch (op) {
+    case IP_SET_OP_TEST_IP:
+      DP("%s:%s is not in set", ip_tostring(ip), ip_tostring(ip1));
+      res = RH_IS_NOT_IN_SET;
+      break;
+    default:
+      break;
+    }
+
+  rh_free(&data);
+
+  return res;
+}
+
 void set_flush(const char *name)
 {

src/rh-ipset.h

@@ -83 +83 @@
 
 int set_adtip_nb(struct set *rahunas_set, ip_set_ip_t *adtip, 
-                     unsigned char adtmac[ETH_ALEN], unsigned op);
+                 unsigned char adtmac[ETH_ALEN], unsigned op);
+
+int set_ipiphash_adtip(struct set *rahunas_set, const char *ip,
+                       const char *ip1, unsigned op);
+int set_ipiphash_adtip_nb(struct set *rahunas_set, ip_set_ip_t *ip,
+                          ip_set_ip_t *ip1, unsigned op);
 
 void set_flush(const char *name);

src/rh-server.c

@@ -176 +176 @@
   new_vserver->vserver_config = vserver_config;
 
+  new_vserver->main_server = ms;
   new_vserver->vserver_config->init_flag = VS_INIT;
   ms->vserver_list = g_list_append(ms->vserver_list, new_vserver);

src/rh-server.h

@@ -10 +10 @@
 #include "rh-config.h"
 
+struct main_server {
+  struct rahunas_main_config *main_config;
+  GList *vserver_list;
+  GList *serviceclass_list;
+  GList *task_list;
+  int log_fd;
+  int polling_blocked;
+};
+
 struct vserver {
   struct rahunas_vserver_config *vserver_config;
@@ -15 +24 @@
   struct rahunas_map *v_map;
   struct set *v_set;
-};
-
-struct main_server {
-  struct rahunas_main_config *main_config;
-  GList *vserver_list;
-  GList *task_list;
-  int log_fd;
-  int polling_blocked;
+  struct main_server *main_server;
 };
 

src/rh-task-dbset.c

@@ -26 +26 @@
   long bandwidth_max_down;
   long bandwidth_max_up;
+  gchar *service_class;
+  uint32_t service_class_slot_id;
 };
 
@@ -101 +103 @@
       } else if (strncmp("bandwidth_max_up", title, 18) == 0) {
         row->bandwidth_max_up = atol(str);
+      } else if (strncmp("service_class_slot_id", title,
+                         strlen("service_class_slot_id")) == 0) {
+          row->service_class_slot_id = atol(str);
+      } else if (strncmp("service_class", title,
+                         strlen("service_class")) == 0) {
+          row->service_class = g_strdup(str);
       }
     }
@@ -187 +195 @@
     g_free(row->ip);
     g_free(row->mac);
+    g_free(row->service_class);
   }
   
@@ -235 +244 @@
     req.bandwidth_max_up = row->bandwidth_max_up;
 
+    req.serviceclass_name = row->service_class;
+    req.serviceclass_slot_id = row->service_class_slot_id;
+
     rh_task_startsess(vs, &req);
   }
@@ -354 +366 @@
          "(session_id,vserver_id,username,ip,mac,session_start,"
          "session_timeout,bandwidth_slot_id,bandwidth_max_down,"
-         "bandwidth_max_up) "
-         "VALUES('%s','%d','%s','%s','%s',%s,%s,%u,%lu,%lu)",
+         "bandwidth_max_up,service_class,service_class_slot_id) "
+         "VALUES('%s','%d','%s','%s','%s',%s,%s,%u,%lu,%lu,'%s',%lu)",
          req->session_id, 
          vs->vserver_config->vserver_id, 
@@ -365 +377 @@
          member->bandwidth_slot_id, 
          req->bandwidth_max_down,
-         req->bandwidth_max_up);
+         req->bandwidth_max_up,
+         member->serviceclass_name,
+         member->serviceclass_slot_id);
 
   DP("SQL: %s", startsess_cmd);

src/rh-task-memset.c

@@ -149 +149 @@
     free(member->session_id);
 
+  if (member->serviceclass_name && member->serviceclass_name != termstring)
+    free(member->serviceclass_name);
+
+  if (member->mapping_ip && member->mapping_ip != termstring)
+    free(member->mapping_ip);
+
   member->username   = strdup(req->username);
   if (!member->username)
@@ -156 +162 @@
   if (!member->session_id)
     member->session_id = termstring;
+
+  member->serviceclass_name    = NULL;
+  member->serviceclass_slot_id = 0;
+  member->mapping_ip = termstring;
 
   if (req->session_start == 0) {

src/rh-task.c

@@ -55 +55 @@
     rh_task_memset_reg(ms);
     rh_task_ipset_reg(ms);
+
+    if (ms->main_config->serviceclass)
+      rh_task_serviceclass_reg(ms);
 
     if (ms->main_config->bandwidth_shape)

src/rh-task.h

@@ -23 +23 @@
   unsigned long bandwidth_max_down;
   unsigned long bandwidth_max_up;
+  const char *serviceclass_name;
+  uint32_t serviceclass_slot_id;
   unsigned short req_opt;
 };

src/rh-xmlrpc-server.c

@@ -35 +35 @@
   gchar *bandwidth_max_down = NULL;
   gchar *bandwidth_max_up = NULL;
-  gchar *service_class = NULL;
+  gchar *serviceclass_name = NULL;
   gchar *vserver_id = NULL;
   uint32_t id;
@@ -53 +53 @@
   bandwidth_max_down = rh_string_get_sep(param, "|", 6);
   bandwidth_max_up   = rh_string_get_sep(param, "|", 7);
-  service_class      = rh_string_get_sep(param, "|", 8);
+  serviceclass_name  = rh_string_get_sep(param, "|", 8);
   vserver_id         = rh_string_get_sep(param, "|", 9);
 
@@ -111 +111 @@
     member = (struct rahunas_member *)member_node->data;
     *reply_string = g_strdup_printf("Greeting! Got: IP %s, User %s, ID %s, "
-                                    "VIP-IP %s",
+                                    "Service Class %s, Mapping %s",
                                     ip, member->username, 
-                                    member->session_id, "");
+                                    member->session_id,
+                                    member->serviceclass_name,
+                                    member->mapping_ip);
     goto cleanup;
   }
@@ -130 +132 @@
   g_free(bandwidth_max_down);
   g_free(bandwidth_max_up);
-  g_free(service_class);
+  g_free(serviceclass_name);
   g_free(vserver_id);
   return 0;

tools/rahunas-firewall.in

@@ -40 +40 @@
   file=$3
 
-  cat $file | sed -e "0,/$section = {/ ! { /}/,/$section = {/ ! s/^/>>/ }" | grep "^>>" | sed -e "s/^>>//g" | grep -w "$key" | cut -d= -f2 | sed "s/^ *\(.*[^ ]\) *$/\1/" | sed 's/"//g'
+  cat $file | sed -e "0,/$section = {/ ! { /}/,/$section = {/ ! s/^/>>/ }" | grep "^>>" | sed -e "s/^>>//g" | grep -w "$key[ ]*=" | cut -d= -f2 | sed "s/^ *\(.*[^ ]\) *$/\1/" | sed 's/"//g'
 }
 
@@ -49 +49 @@
 # Main
 MAIN_CONF_DIR=`get_config_value main conf_dir $RAHUNAS_CONFIG`
+MAIN_SERVICECLASS=`get_config_value main serviceclass $RAHUNAS_CONFIG`
 MAIN_BANDWIDTH_SHAPE=`get_config_value main bandwidth_shape $RAHUNAS_CONFIG`
 MAIN_BITTORRENT_DOWNLOAD_MAX=`get_config_value main bittorrent_download_max $RAHUNAS_CONFIG`
@@ -79 +80 @@
   VSERVER_PORTS_INTERCEPT=
   SETNAME=
-  VIPMAP=
-  VIPMAP_FAKE_ARP=
 fi
 
@@ -101 +100 @@
 CHAIN_NAT_POSTROUTING=
 CHAIN_NAT_AUTHEN=
-CHAIN_NAT_VIP_PREROUTING=
-CHAIN_NAT_VIP_POSTROUTING=
 CHAIN_P2P_DETECT=
 CHAIN_P2P_RECHECK=
@@ -151 +148 @@
     VSERVER_PORTS_ALLOW=`get_config_value $SETNAME vserver_ports_allow $file`
     VSERVER_PORTS_INTERCEPT=`get_config_value $SETNAME vserver_ports_intercept $file`
-    VIPMAP=`get_config_value $SETNAME vipmap $file`
-    VIPMAP_NETWORK=`get_config_value $SETNAME vipmap_network $file`
-    VIPMAP_FAKE_ARP=`get_config_value $SETNAME vipmap_fake_arp $file`
   fi
  
@@ -180 +174 @@
   CHAIN_NAT_POSTROUTING="${SETNAME}_nat_post"
   CHAIN_NAT_AUTHEN="${SETNAME}_nat_authen"
-  CHAIN_NAT_VIP_PREROUTING="${SETNAME}_nat_vip_pre"
-  CHAIN_NAT_VIP_POSTROUTING="${SETNAME}_nat_vip_post"
   
   # P2P checking chains declaration
@@ -230 +222 @@
   $IPSET -N $SETNAME rahunas $ipset_opt $ipset_ignoremac 
 
-  if [ "$VIPMAP" = "yes" ]; then
-    $IPSET -N ${SETNAME}-vip rahunas $ipset_opt $ipset_ignoremac
-  fi
-
   if [ "$BITTORRENT" = "throttle" ]; then
     $IPSET -N $P2P_SET iphash
@@ -253 +241 @@
   $IPSET -F $SETNAME
   $IPSET -X $SETNAME
-
-  if [ "$VIPMAP" = "yes" ]; then
-    $IPSET -F ${SETNAME}-vip
-    $IPSET -X ${SETNAME}-vip
-  fi
 
   if [ "$BITTORRENT" = "throttle" ]; then
@@ -374 +357 @@
       -j $CHAIN_NAT_POSTROUTING
   done
-}
+
+
+}
+
 
 ##
@@ -412 +398 @@
   $IPTABLES -t nat -F $CHAIN_NAT_AUTHEN
   $IPTABLES -t nat -X $CHAIN_NAT_AUTHEN
-
-  if [ "$VIPMAP" = "yes" ]; then
-    $IPTABLES -t nat -F $CHAIN_NAT_VIP_PREROUTING
-    $IPTABLES -t nat -X $CHAIN_NAT_VIP_PREROUTING
-
-    $IPTABLES -t nat -F $CHAIN_NAT_VIP_POSTROUTING
-    $IPTABLES -t nat -X $CHAIN_NAT_VIP_POSTROUTING
-  fi
 
   if [ "$BITTORRENT" = "throttle" ]; then
@@ -448 +426 @@
   $IPTABLES -t nat -N $CHAIN_NAT_AUTHEN
 
-  if [ "$VIPMAP" = "yes" ]; then
-    $IPTABLES -t nat -N $CHAIN_NAT_VIP_PREROUTING
-    $IPTABLES -t nat -N $CHAIN_NAT_VIP_POSTROUTING
-  fi
-
   if [ "$BITTORRENT" = "throttle" ]; then
     $IPTABLES -t mangle -N $CHAIN_P2P_CHECK
@@ -675 +648 @@
     fi
 
-    if [ "$VIPMAP" = "yes" ]; then
+    if [ "$MAIN_SERVICECLASS" = "yes" ]; then
       $IPTABLES -t nat -A $CHAIN_NAT_PREROUTING \
-        -m set --set ${SETNAME}-vip src -j $CHAIN_NAT_VIP_PREROUTING
-
-      $IPTABLES -t nat -A $CHAIN_NAT_VIP_PREROUTING -j ACCEPT
+        -m set --set rahunas_serviceclass src -j ACCEPT
     fi
 
@@ -686 +657 @@
       then
         $IPTABLES -t nat -A $CHAIN_NAT_PREROUTING -p tcp --dport http \
-          -d ! $VSERVER_IP \
+          ! -d $VSERVER_IP \
           -m connmark --mark 2/2 -j REDIRECT --to-ports $PROXY_PORT
       else
         $IPTABLES -t nat -A $CHAIN_NAT_PREROUTING -p tcp --dport http \
-          -d ! $VSERVER_IP \
+          ! -d $VSERVER_IP \
           -m connmark --mark 2/2 \
           -j DNAT --to-destination $PROXY_HOST:$PROXY_PORT
@@ -702 +673 @@
   
   $IPTABLES -t nat -A $CHAIN_NAT_PREROUTING -p tcp -m multiport \
-    --dports $VSERVER_PORTS_INTERCEPT -d ! $VSERVER_IP \
+    --dports $VSERVER_PORTS_INTERCEPT ! -d $VSERVER_IP \
     -m connmark ! --mark 2/2 \
     -j $CHAIN_NAT_AUTHEN
@@ -712 +683 @@
   # MASQUERADE
   ##
-  if [ "$VIPMAP" = "yes" ]; then
-    $IPTABLES -t nat -A $CHAIN_NAT_POSTROUTING \
-      -m set --set ${SETNAME}-vip src -j $CHAIN_NAT_VIP_POSTROUTING
-  fi
-
   if [ "$MASQUERADE" = "yes" ]; then
     $IPTABLES -t nat -A $CHAIN_NAT_POSTROUTING -j MASQUERADE
@@ -744 +710 @@
   $IPTABLES -t nat -A $CHAIN_NAT_PREROUTING -j RETURN
   $IPTABLES -t nat -A $CHAIN_NAT_POSTROUTING -j RETURN
-
-  if [ "$VIPMAP" = "yes" ]; then
-    $IPTABLES -t nat -A $CHAIN_NAT_VIP_PREROUTING -j RETURN
-    $IPTABLES -t nat -A $CHAIN_NAT_VIP_POSTROUTING -j RETURN
-
-    if [ "$VIPMAP_FAKE_ARP" = "yes" ]; then
-      for dev in $DEV_EXTERNAL_LIST; do
-        $FARPD -i $dev $VIPMAP_NETWORK
-      done
-    fi
+}
+
+##
+# Service class set
+##
+serviceclass_set () {
+  opt=$1
+  if [ "$opt" = "start" ]; then
+    $IPSET -N rahunas_serviceclass rahunas_ipiphash
+  elif [ "$opt" = "cleanup" ]; then
+    $IPSET -F rahunas_serviceclass
+    $IPSET -X rahunas_serviceclass
+  fi
+}
+
+##
+# Service class rules
+##
+serviceclass_rules () {
+  opt=$1
+  if [ "$opt" = "start" ]; then
+    action="-I"
+  elif [ "$opt" = "stop" ]; then
+    action="-D"
+  fi
+
+  if [ "$MAIN_SERVICECLASS" = "yes" -o "$opt" = "stop" ]; then
+    # RAW - Service class
+    $IPTABLES -t raw $action PREROUTING \
+      -m set --set rahunas_serviceclass src \
+      -j RAHURAWDNAT --bind-set rahunas_serviceclass
+
+    $IPTABLES -t rawpost $action POSTROUTING \
+      -m set --set rahunas_serviceclass dst \
+      -j RAHURAWSNAT --bind-set rahunas_serviceclass
   fi
 }
@@ -790 +781 @@
   policy 
 
+  if [ "$MAIN_SERVICECLASS" = "yes" ]; then
+    serviceclass_set start
+    serviceclass_rules start
+  fi
+
   touch $RUN
 }
@@ -795 +791 @@
 stop () {
   test -f $RUN || return 0
+
+  serviceclass_rules stop
+  serviceclass_set cleanup
    
   cleanup_policy

weblogin/login.php

@@ -46 +46 @@
 $config = get_config_by_network($ip, $config_list);
 $vserver_id = $config["VSERVER_ID"];
-$vip_user = 0;
 
 $forward = false;
@@ -103 +102 @@
     $racct->gen_session_id();
 
-    if ($config["VIPMAP"] == "yes" &&
-          !empty ($rauth->attributes[$config["VIPMAP_ATTRIBUTE"]])) {
-      $vip_user = 1;
-    }
-
-
     try {
       $prepareData = array (
@@ -118 +111 @@
         "Bandwidth-Max-Down" => $rauth->attributes['WISPr-Bandwidth-Max-Down'],
         "Bandwidth-Max-Up" => $rauth->attributes['WISPr-Bandwidth-Max-Up'],
-        "Vip_User" => $vip_user,
+        "Class-Of-Service" => $rauth->attributes['WISPr-Billing-Class-Of-Service'],
       );
       $result = $xmlrpc->do_startsession($vserver_id, $prepareData);
@@ -125 +118 @@
         $forward = false;
       } else if (strstr($result, "Greeting")) {
-        $split = explode ("VIP-IP ", $result);
+        $split = explode ("Mapping ", $result);
         $called_station_id = $split[1];
         if (!empty ($called_station_id))