forked from freifunk-franken/firmware
clean up old and unused files
Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de>
This commit is contained in:
parent
9fb60b6560
commit
9fb41d9190
|
@ -1,221 +0,0 @@
|
||||||
#!/bin/ash
|
|
||||||
|
|
||||||
# string check
|
|
||||||
check() {
|
|
||||||
local MODE="$1"
|
|
||||||
local STRING="$2"
|
|
||||||
local REGEXP=
|
|
||||||
local STRING_VALID=
|
|
||||||
[ -n "$2" ] || return 1
|
|
||||||
case "$MODE" in
|
|
||||||
binary)
|
|
||||||
REGEXP="^[01]+$"
|
|
||||||
;;
|
|
||||||
|
|
||||||
bool)
|
|
||||||
REGEXP="^[01]$"
|
|
||||||
;;
|
|
||||||
|
|
||||||
direction)
|
|
||||||
REGEXP="^[NESW]{1,3}$"
|
|
||||||
;;
|
|
||||||
|
|
||||||
email)
|
|
||||||
REGEXP="^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}$"
|
|
||||||
;;
|
|
||||||
|
|
||||||
hostname)
|
|
||||||
REGEXP="^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$"
|
|
||||||
;;
|
|
||||||
|
|
||||||
httpurl)
|
|
||||||
REGEXP="^http(s?):\/\/[^ \"\(\)\<\>]*$"
|
|
||||||
;;
|
|
||||||
|
|
||||||
integer)
|
|
||||||
REGEXP="^[0-9]+$"
|
|
||||||
;;
|
|
||||||
|
|
||||||
numeric)
|
|
||||||
REGEXP="^[0-9]+(\.[0-9]+)?$"
|
|
||||||
;;
|
|
||||||
|
|
||||||
regexp)
|
|
||||||
REGEXP="$3"
|
|
||||||
;;
|
|
||||||
|
|
||||||
telephone)
|
|
||||||
REGEXP="^\+?[-0-9./() ]+$"
|
|
||||||
;;
|
|
||||||
|
|
||||||
simplestring)
|
|
||||||
REGEXP="^[-a-zA-Z0-9._ ]+$"
|
|
||||||
;;
|
|
||||||
|
|
||||||
esac
|
|
||||||
STRING_VALID=$(echo -n "$STRING" | grep -E "$REGEXP")
|
|
||||||
[ "$STRING" == "$STRING_VALID" ] || return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
# command implementations
|
|
||||||
set_hostname() {
|
|
||||||
local HOSTNAME="$1"
|
|
||||||
check hostname "$HOSTNAME" || return 1
|
|
||||||
uci set system.@system[0].hostname="$HOSTNAME"
|
|
||||||
uci commit
|
|
||||||
echo "$HOSTNAME" > /proc/sys/kernel/hostname
|
|
||||||
}
|
|
||||||
|
|
||||||
set_wanratelimit() {
|
|
||||||
local UPLIMIT="$1"
|
|
||||||
local DOWNLIMIT="$2"
|
|
||||||
check integer "$UPLIMIT" || return 1
|
|
||||||
check integer "$DOWNLIMIT" || return 1
|
|
||||||
if [ "$UPLIMIT" -gt 0 ] && [ "$DOWNLIMIT" -gt 0 ]; then
|
|
||||||
uci set qos.wan.upload="$UPLIMIT"
|
|
||||||
uci set qos.wan.download="$DOWNLIMIT"
|
|
||||||
uci commit
|
|
||||||
/etc/init.d/qos stop
|
|
||||||
/etc/init.d/qos enable
|
|
||||||
/etc/init.d/qos start
|
|
||||||
else
|
|
||||||
/etc/init.d/qos stop
|
|
||||||
/etc/init.d/qos disable
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
upgrade_firmware() {
|
|
||||||
local URL="$1"
|
|
||||||
local MD5SUM="$2"
|
|
||||||
local BOARDNAME=$(uci get board.model.name)
|
|
||||||
[ -n "$BOARDNAME" ] || return 1
|
|
||||||
if [ -z "$URL" ]; then
|
|
||||||
local UPGRADEPATH=$(uci get firmware.upgrade.path)
|
|
||||||
URL="${UPGRADEPATH}/${BOARDNAME}.bin"
|
|
||||||
fi
|
|
||||||
check httpurl "$URL" || return 1
|
|
||||||
check regexp "$URL" "$BOARDNAME" || return 1
|
|
||||||
check regexp "$URL" "upgrade" || return 1
|
|
||||||
[ -n "$MD5SUM" ] || MD5SUM=$(wget -q -O - --no-check-certificate "$URL.md5" | cut -d" " -f1)
|
|
||||||
[ -n "$MD5SUM" ] || return 1
|
|
||||||
wget -q -O /tmp/firmware-sysupgrade.bin --no-check-certificate "$URL" || return 1
|
|
||||||
local MD5SUM_VALID=$(md5sum /tmp/firmware-sysupgrade.bin | cut -d" " -f1)
|
|
||||||
[ "$MD5SUM" == "$MD5SUM_VALID" ] || return 1
|
|
||||||
sysupgrade /tmp/firmware-sysupgrade.bin
|
|
||||||
}
|
|
||||||
|
|
||||||
set_upgradepath() {
|
|
||||||
local UPGRADEPATH="$1"
|
|
||||||
check httpurl "$UPGRADEPATH" || return 1
|
|
||||||
uci set firmware.upgrade=upgrade || return 1
|
|
||||||
uci set firmware.upgrade.path="$UPGRADEPATH" || return 1
|
|
||||||
uci commit
|
|
||||||
}
|
|
||||||
|
|
||||||
set_location() {
|
|
||||||
local LATITUDE="$1"
|
|
||||||
local LONGITUDE="$2"
|
|
||||||
local ELEVATION="$3"
|
|
||||||
check numeric "$LATITUDE" || return 1
|
|
||||||
check numeric "$LONGITUDE" || return 1
|
|
||||||
uci set site.location=location
|
|
||||||
uci set site.location.latitude="$LATITUDE"
|
|
||||||
uci set site.location.longitude="$LONGITUDE"
|
|
||||||
check numeric "$ELEVATION" && uci set site.location.elevation="$ELEVATION"
|
|
||||||
uci commit
|
|
||||||
}
|
|
||||||
|
|
||||||
set_direction() {
|
|
||||||
local DIRECTION="$@"
|
|
||||||
DIRECTION=$(echo "$DIRECTION" | tr "nesw" "NESW") || return 1
|
|
||||||
check direction "$DIRECTION" || return 1
|
|
||||||
uci set site.location=location
|
|
||||||
uci set site.location.direction="$DIRECTION"
|
|
||||||
uci commit
|
|
||||||
}
|
|
||||||
|
|
||||||
set_tags() {
|
|
||||||
local TAGS="$@"
|
|
||||||
TAGS=$(echo $TAGS | tr -s " ")
|
|
||||||
check simplestring "$TAGS" || return 1
|
|
||||||
uci set site.location=location
|
|
||||||
uci set site.location.tags="$TAGS"
|
|
||||||
uci commit
|
|
||||||
}
|
|
||||||
|
|
||||||
set_email() {
|
|
||||||
local EMAIL="$@"
|
|
||||||
check email "$EMAIL" || return 1
|
|
||||||
uci set site.contact=contact
|
|
||||||
uci set site.contact.email="$EMAIL"
|
|
||||||
uci commit
|
|
||||||
}
|
|
||||||
|
|
||||||
set_contact() {
|
|
||||||
local CONTACT="$@"
|
|
||||||
check simplestring "$CONTACT" || return 1
|
|
||||||
uci set site.contact=contact
|
|
||||||
uci set site.contact.name="$CONTACT"
|
|
||||||
uci commit
|
|
||||||
}
|
|
||||||
|
|
||||||
set_telephone() {
|
|
||||||
local TELEPHONE="$@"
|
|
||||||
check telephone "$TELEPHONE" || return 1
|
|
||||||
uci set site.contact=contact
|
|
||||||
uci set site.contact.telephone="$TELEPHONE"
|
|
||||||
uci commit
|
|
||||||
}
|
|
||||||
|
|
||||||
ACTION="$1"
|
|
||||||
shift
|
|
||||||
|
|
||||||
case "$ACTION" in
|
|
||||||
hostname)
|
|
||||||
set_hostname $@
|
|
||||||
;;
|
|
||||||
|
|
||||||
wanlimit)
|
|
||||||
set_wanratelimit $@
|
|
||||||
;;
|
|
||||||
|
|
||||||
upgrade)
|
|
||||||
upgrade_firmware $@
|
|
||||||
;;
|
|
||||||
|
|
||||||
upgradepath)
|
|
||||||
set_upgradepath $@
|
|
||||||
;;
|
|
||||||
|
|
||||||
location)
|
|
||||||
set_location $@
|
|
||||||
;;
|
|
||||||
|
|
||||||
direction)
|
|
||||||
set_direction $@
|
|
||||||
;;
|
|
||||||
|
|
||||||
tags)
|
|
||||||
set_tags $@
|
|
||||||
;;
|
|
||||||
|
|
||||||
email)
|
|
||||||
set_email $@
|
|
||||||
;;
|
|
||||||
|
|
||||||
contact)
|
|
||||||
set_contact $@
|
|
||||||
;;
|
|
||||||
|
|
||||||
telephone)
|
|
||||||
set_telephone $@
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
echo "unknown action '$ACTION'"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# dont add anything here so we get the exit status of the action
|
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
#!/bin/ash
|
|
||||||
|
|
||||||
[ $# -ge 2 ] || exit 1
|
|
||||||
|
|
||||||
CACHEDIR='/tmp/cache'
|
|
||||||
|
|
||||||
MAXAGE="$1"
|
|
||||||
shift 1
|
|
||||||
COMMAND="$@"
|
|
||||||
|
|
||||||
# generate an ID based on the command to be executed
|
|
||||||
ID=$(echo "$COMMAND" | md5sum | cut -d" " -f1) || exit 1
|
|
||||||
|
|
||||||
CACHED=false
|
|
||||||
|
|
||||||
# create directory for cached output
|
|
||||||
[ -d "$CACHEDIR" ] || mkdir -p "$CACHEDIR"
|
|
||||||
[ -d "$CACHEDIR" ] || exit 1
|
|
||||||
|
|
||||||
# if there is an entry for the command to be executed...
|
|
||||||
if [ -f "$CACHEDIR/$ID/timestamp" ]; then
|
|
||||||
TIMESTAMP=$(cat "$CACHEDIR/$ID/timestamp")
|
|
||||||
CURRENTTIME=$(date +%s)
|
|
||||||
# ...check the timestamp and determine if it is sufficiently recent
|
|
||||||
if [ -n "$TIMESTAMP" ] && [ $(($CURRENTTIME-$TIMESTAMP)) -lt $MAXAGE ] && [ -f "$CACHEDIR/$ID/output" ]; then
|
|
||||||
CACHED=true
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# if there is cached output data just put it out...
|
|
||||||
if $CACHED; then
|
|
||||||
cat "$CACHEDIR/$ID/output"
|
|
||||||
else
|
|
||||||
# ...if not execute the command and save the output and a timestamp
|
|
||||||
[ -d "$CACHEDIR/$ID" ] || mkdir -p "$CACHEDIR/$ID"
|
|
||||||
$COMMAND | tee "$CACHEDIR/$ID/output"
|
|
||||||
date +%s > "$CACHEDIR/$ID/timestamp"
|
|
||||||
fi
|
|
|
@ -1,16 +0,0 @@
|
||||||
MESH_INTERFACE="br-mesh"
|
|
||||||
CLIENT_INTERFACES="wlan0"
|
|
||||||
|
|
||||||
#CLIENTS
|
|
||||||
SEDDEV=`brctl showstp $MESH_INTERFACE | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'`
|
|
||||||
|
|
||||||
for entry in $CLIENT_INTERFACES; do
|
|
||||||
CLIENT_MACS=$CLIENT_MACS`brctl showmacs $MESH_INTERFACE | sed -e "$SEDDEV" | awk '{if ($3 != "yes" && $1 == "'"$entry"'") print $2}'`" "
|
|
||||||
done
|
|
||||||
|
|
||||||
i=0
|
|
||||||
for client in $CLIENT_MACS; do
|
|
||||||
i=`expr $i + 1` #Zähler um eins erhöhen
|
|
||||||
done
|
|
||||||
|
|
||||||
echo $i
|
|
|
@ -1,18 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
i=`/etc/clients.sh`
|
|
||||||
wget -q -O - http://status.kreativitaet-trifft-technik.de/update/ff\?bootup=`date +%s`\&clients_count=$i
|
|
||||||
|
|
||||||
while read LINE
|
|
||||||
do
|
|
||||||
if [ "`echo $LINE | grep 'wlan0: new station'`" != "" ]; then
|
|
||||||
i=`expr $i + 1`
|
|
||||||
wget -q -O - http://status.kreativitaet-trifft-technik.de/update/ff\?client_associated=`date +%s`\&clients_count=$i
|
|
||||||
fi
|
|
||||||
if [ "`echo $LINE | grep 'wlan0: unknown event 20'`" != "" ]; then
|
|
||||||
i=`expr $i - 1`
|
|
||||||
wget -q -O - http://status.kreativitaet-trifft-technik.de/update/ff\?client_disassociated=`date +%s`\&clients_count=$i
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
*/5 * * * * sh /etc/fastdstart.sh; sh /etc/nodewatcher.sh; sh /etc/configurator.sh; sh /etc/statistics.sh; sh /etc/wlanwatchdog.sh >> /var/log/wlanwatchdog.log 2>&1
|
*/5 * * * * sh /etc/fastdstart.sh; sh /etc/nodewatcher.sh; sh /etc/configurator.sh; sh /etc/wlanwatchdog.sh >> /var/log/wlanwatchdog.log 2>&1
|
||||||
|
|
||||||
#15 01 * * * rdate -s time.fu-berlin.de > /dev/null
|
#15 01 * * * rdate -s time.fu-berlin.de > /dev/null
|
||||||
|
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
ipv6_link_local_addr="`ifconfig br-mesh | grep 'inet6 addr:' | grep 'Scope:Link' | awk '{ print $3}'`"
|
|
||||||
|
|
||||||
ipv6_link_local_addr="`echo $ipv6_link_local_addr | cut -d/ -f1`"
|
|
||||||
|
|
||||||
ping_result="`ping6 -I br-mesh $ipv6_link_local_addr`"
|
|
||||||
|
|
||||||
ping_result="`echo $ping_result | grep 'bad address'`"
|
|
||||||
|
|
||||||
ping_result="`$ping_result | awk '{ print $2}'`"
|
|
||||||
|
|
||||||
echo $ping_result
|
|
||||||
|
|
||||||
if [ "$ping_result"=="ping6\: sendto\: Cannot assign requested address" ]; then
|
|
||||||
echo "down"
|
|
||||||
ifconfig br-mesh down
|
|
||||||
ifconfig br-mesh up
|
|
||||||
else
|
|
||||||
echo "up"
|
|
||||||
fi
|
|
|
@ -1,622 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# If you got false positives, try a higher value
|
|
||||||
BOGOTHRESH=200
|
|
||||||
|
|
||||||
# Note: for mail alarm, you need "ssmtp" installed and configured.
|
|
||||||
# Example /etc/ssmtp/ssmtp.conf (debian/ubuntu) for GMX needs:
|
|
||||||
# mailhub=mail.gmx.net:25 FromLineOverride=YES
|
|
||||||
# AuthUser=$MAILFROM AuthPass=x UseSTARTTLS=YES
|
|
||||||
MAILFROM=sender-address@domain.de
|
|
||||||
MAILADDR=receiver-address@domain.de
|
|
||||||
|
|
||||||
# Insert IPs you trust
|
|
||||||
#TRUSTEDIP="$TRUSTEDIP 1.2.3.4"
|
|
||||||
#TRUSTEDIP="$TRUSTEDIP 2.3.4.5"
|
|
||||||
|
|
||||||
# 0: Do not save, 1: save conntrack if zapp
|
|
||||||
DEBUGSAVE=0
|
|
||||||
# Empty: No log in /var/log/zapp/, otherwise string to prepend to saved bogothresh files
|
|
||||||
DEBUGLOGS= #$(date "+%b%d %H:%M")
|
|
||||||
|
|
||||||
# 0: Manual clear, or minutes until auto-clear blockade (5-1439)
|
|
||||||
CLEARTIME=360
|
|
||||||
|
|
||||||
WEBSERVER=/www
|
|
||||||
|
|
||||||
# --- END OF CONFIGURATION SETTINGS ---
|
|
||||||
|
|
||||||
# This script uses case-esac for speed with busybox-ash. Current version under:
|
|
||||||
# http://ff-firmware.cvs.sourceforge.net/viewvc/*checkout*/ff-firmware/ff-devel/freifunk-zapp/etc/init.d/S92zapp
|
|
||||||
|
|
||||||
# When running via cron, the PATH is unset
|
|
||||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
||||||
|
|
||||||
# We start a netcat-based webserver on this port if someone is blocked
|
|
||||||
BLOCKPORT=8090
|
|
||||||
|
|
||||||
CRONUSR=root
|
|
||||||
CRONDIR=/var/spool/cron/crontabs
|
|
||||||
|
|
||||||
# First argument may be an input file
|
|
||||||
CONN=${1:-/proc/net/ip_conntrack}
|
|
||||||
|
|
||||||
# This script calls itself with the IP to analyze why its blocking
|
|
||||||
DEBIP=$2
|
|
||||||
case $1 in '')DEBUG=false;;*)DEBUG=true;;esac
|
|
||||||
|
|
||||||
case $DEBUGLOGS in "");;*)test -d /var/log/zapp || mkdir -p /var/log/zapp;;esac
|
|
||||||
|
|
||||||
# Find out our IP that is used to connect to the Internet
|
|
||||||
DEV=$(ip route get 1.1.1.1/1|sed -n '1{s/.* dev \([^ ]\+\).*/\1/;p}')
|
|
||||||
ADR=$(ip -f inet addr list dev $DEV scope global|sed -n '2s/^.*inet \([0-9\.]\+\).*/\1/p')
|
|
||||||
PAT=$(sed 's/\./_/g'<<Q
|
|
||||||
$ADR
|
|
||||||
Q
|
|
||||||
)
|
|
||||||
UNK=0
|
|
||||||
|
|
||||||
which () {
|
|
||||||
# Note: do not unset IFS (busybox ash and bash are different here)
|
|
||||||
for p in $(sed 's/:/ /g'<<Q
|
|
||||||
$PATH
|
|
||||||
Q
|
|
||||||
);do
|
|
||||||
test -x $p/$1 && return 0
|
|
||||||
done
|
|
||||||
return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
# Freifunk Firmware Configs
|
|
||||||
which nvram && {
|
|
||||||
ff_zapp_thresh=$(nvram get ff_zapp_thresh)
|
|
||||||
BOGOTHRESH=${ff_zapp_thresh:-$BOGOTHRESH}
|
|
||||||
}
|
|
||||||
|
|
||||||
case $BOGOTHRESH in ""|0)exit 0;;esac
|
|
||||||
|
|
||||||
NC_CMD=
|
|
||||||
which nc && NC_CMD=nc
|
|
||||||
which nc-hobbit && NC_CMD=nc-hobbit
|
|
||||||
which netcat && NC_CMD=netcat
|
|
||||||
which nc6 && NC_CMD=nc6
|
|
||||||
# Note: busybox nc unusable, "-q" only Debian, GNU netcat "-c" unusable
|
|
||||||
$NC_CMD -h 2>&1 | egrep -q '\-l\b' || NC_CMD=
|
|
||||||
|
|
||||||
# 1=-I/-D 2=proto 3=srcip, 4=dport, 5=to
|
|
||||||
portfw () {
|
|
||||||
local to
|
|
||||||
case $1 in "-D")
|
|
||||||
to=$(iptables -t nat -nL PREROUTING|sed -n "s/^DNAT[[:space:]]\\+$2[[:space:]]\\+[^[:space:]]\\+[[:space:]]\\+$3[[:space:]]\\+![[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+[[:space:]]\\+$2[[:space:]]\\+dpt:$4[[:space:]]\\+to://;tp;b;:p p;q")
|
|
||||||
;;esac
|
|
||||||
to=${to:-$5}
|
|
||||||
iptables -t nat $1 PREROUTING --proto $2 -s $3 ! -d ${to%:*} --dport $4 -j DNAT --to $to
|
|
||||||
}
|
|
||||||
|
|
||||||
netcatruns () {
|
|
||||||
for pid in $(pidof $NC_CMD);do
|
|
||||||
ppid=$(sed -n 's/^PPid: //p' /proc/$pid/status)
|
|
||||||
case $(sed -n 's/^Name: //p' /proc/$ppid/status) in ${0##*/})
|
|
||||||
# Check netstat: release the IP currently grabbing our blocking page
|
|
||||||
case "$1" in "GET /let-me-browse-again"*)
|
|
||||||
le=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\4 \3 \2 \1/'))
|
|
||||||
be=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\1 \2 \3 \4/'))
|
|
||||||
eval $(sed -n '/^ *[0-9]\+: \+'$le':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\4 )).$(( 0x\3 )).$(( 0x\2 )).$(( 0x\1 ))/;p;q};/^ *[0-9]\+: \+'$be':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\1 )).$(( 0x\2 )).$(( 0x\3 )).$(( 0x\4 ))/;p;q}' /proc/net/tcp)
|
|
||||||
portfw -D tcp $ip 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
|
|
||||||
;;esac
|
|
||||||
return 0
|
|
||||||
;;esac
|
|
||||||
done
|
|
||||||
return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
# Add (-I) or remove (-D) iptables rules
|
|
||||||
block () {
|
|
||||||
# Freifunk Firmware Configs
|
|
||||||
which nvram && {
|
|
||||||
ff_adm_mail=$(nvram get ff_adm_mail)
|
|
||||||
ff_zapp_time=$(nvram get ff_zapp_time)
|
|
||||||
ff_zapp_debug=$(nvram get ff_zapp_debug)
|
|
||||||
ff_zapp_server=$(nvram get ff_zapp_server)
|
|
||||||
ff_zapp_strict=$(nvram get ff_zapp_strict)
|
|
||||||
MAILFROM=${ff_adm_mail:-$MAILFROM}
|
|
||||||
MAILADDR=${ff_adm_mail:-$MAILADDR}
|
|
||||||
CLEARTIME=${ff_zapp_time:-$CLEARTIME}
|
|
||||||
DEBUGSAVE=${ff_zapp_debug:-$DEBUGSAVE}
|
|
||||||
WEBSERVER=${ff_zapp_server:-$WEBSERVER}
|
|
||||||
IFS=\;
|
|
||||||
for i in $(nvram get ff_zapp_trusted); do
|
|
||||||
TRUSTEDIP="$TRUSTEDIP $i"
|
|
||||||
done
|
|
||||||
unset IFS
|
|
||||||
}
|
|
||||||
|
|
||||||
for i in $TRUSTEDIP;do
|
|
||||||
case $2 in $i)
|
|
||||||
# Prevents re-blocking next run
|
|
||||||
iptables $1 FORWARD -s $2
|
|
||||||
iptables $1 FORWARD -d $2
|
|
||||||
return
|
|
||||||
;;esac
|
|
||||||
done
|
|
||||||
|
|
||||||
# Note: FreifunkFW does not have REJECT out-of-the-box
|
|
||||||
jump=DROP
|
|
||||||
iptables -I OUTPUT -d 127.0.0.1 -j REJECT 2>&- && iptables -D OUTPUT -d 127.0.0.1 -j REJECT 2>&- && jump=REJECT
|
|
||||||
|
|
||||||
iptables $1 FORWARD -s $2 -j $jump
|
|
||||||
iptables $1 FORWARD -d $2 -j $jump
|
|
||||||
|
|
||||||
# Allowing ping is always a good idea
|
|
||||||
iptables $1 FORWARD -s $2 --proto icmp -j ACCEPT
|
|
||||||
iptables $1 FORWARD -d $2 --proto icmp -j ACCEPT
|
|
||||||
|
|
||||||
# Allow TCP up to port 1023
|
|
||||||
iptables $1 FORWARD -s $2 --proto tcp --dport :1023 -j ACCEPT
|
|
||||||
iptables $1 FORWARD -d $2 --proto tcp --sport :1023 -j ACCEPT
|
|
||||||
|
|
||||||
# Note: Freifunk FW does not have REDIRECT, use DNAT instead,
|
|
||||||
# which needs the correct outgoing interface IP for redirection.
|
|
||||||
ifip=$(ip route get $2|sed -n 's/^.* src \([^ ]\+\).*/\1/p')
|
|
||||||
|
|
||||||
# Allow DNS, redirect to our local dnsmasq if applicable
|
|
||||||
if pidof dnsmasq >&-; then
|
|
||||||
portfw $1 udp $2 53 ${ifip:-$ADR}:53
|
|
||||||
portfw $1 tcp $2 53 ${ifip:-$ADR}:53
|
|
||||||
else
|
|
||||||
iptables $1 FORWARD -s $2 --proto udp --dport 53 -j ACCEPT
|
|
||||||
iptables $1 FORWARD -d $2 --proto udp --sport 53 -j ACCEPT
|
|
||||||
fi
|
|
||||||
|
|
||||||
# It's polite to tell a blocked user what's going on
|
|
||||||
case $NC_CMD in "");;*)
|
|
||||||
portfw $1 tcp $2 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
|
|
||||||
case $1 in "-D")
|
|
||||||
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
|
|
||||||
sed -i -e "/\/${0##*/} unblock $2\$/d" $CRONDIR/$CRONUSR
|
|
||||||
echo $CRONUSR > $CRONDIR/cron.update
|
|
||||||
};;esac
|
|
||||||
if ! iptables -t nat -nL PREROUTING|egrep -q "\\bto:[^:]+:$BLOCKPORT\\b"; then
|
|
||||||
netcatruns && (echo "Stopping netcat server" >&2;kill $ppid $pid)
|
|
||||||
fi
|
|
||||||
;;*)
|
|
||||||
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
|
|
||||||
min=$(date +%M)
|
|
||||||
min=$(( $(date +%k ) * 60 + ${min#0} + $CLEARTIME ))
|
|
||||||
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
|
|
||||||
sed -i -e "\$a$(( $min % 60 )) $(( $min / 60 % 24 )) * * * $me unblock $2" $CRONDIR/$CRONUSR
|
|
||||||
echo $CRONUSR > $CRONDIR/cron.update
|
|
||||||
};;esac
|
|
||||||
if ! netcatruns; then
|
|
||||||
echo "Starting netcat server for $2" >&2
|
|
||||||
while true;do ($NC_CMD -l -p $BLOCKPORT <<EOF
|
|
||||||
HTTP/1.0 200 OK
|
|
||||||
Expires: -1
|
|
||||||
Pragma: no-cache
|
|
||||||
Cache-Control: no-cache
|
|
||||||
Content-Type: text/html; charset=utf-8
|
|
||||||
|
|
||||||
<HTML>
|
|
||||||
<HEAD><TITLE>Sorry...</TITLE>
|
|
||||||
<META HTTP-EQUIV="Expires" CONTENT="-1">
|
|
||||||
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
|
|
||||||
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
|
|
||||||
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=utf-8">
|
|
||||||
<STYLE TYPE="text/css"></STYLE>
|
|
||||||
</HEAD>
|
|
||||||
<BODY ONLOAD="if ('/let-me-browse-again' == window.location.pathname)location.href=document.referrer">
|
|
||||||
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript"><!--
|
|
||||||
function addrule(selector, rule)
|
|
||||||
{
|
|
||||||
if (null!=document.styleSheets && 0<document.styleSheets.length)
|
|
||||||
{
|
|
||||||
if (null!=document.styleSheets[0].cssRules)
|
|
||||||
{
|
|
||||||
document.styleSheets[0].insertRule(selector+"{"+rule+"}", 0);
|
|
||||||
}
|
|
||||||
else if (null!=document.styleSheets[0].rules)
|
|
||||||
{
|
|
||||||
document.styleSheets[0].addRule(selector, rule);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (null != navigator.language && "de" == navigator.language ||
|
|
||||||
null != navigator.browserLanguage && "de" == navigator.browserLanguage)
|
|
||||||
{
|
|
||||||
addrule(".de", "display:block");
|
|
||||||
addrule(".fr", "display:none");
|
|
||||||
addrule(".en", "display:none");
|
|
||||||
}
|
|
||||||
else if (null != navigator.language && "fr" == navigator.language ||
|
|
||||||
null != navigator.browserLanguage && "fr" == navigator.browserLanguage)
|
|
||||||
{
|
|
||||||
addrule(".de", "display:none");
|
|
||||||
addrule(".fr", "display:block");
|
|
||||||
addrule(".en", "display:none");
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
addrule(".de", "display:none");
|
|
||||||
addrule(".fr", "display:none");
|
|
||||||
addrule(".en", "display:block");
|
|
||||||
}
|
|
||||||
//--></SCRIPT>
|
|
||||||
<H1>Zapped on $(uname -n) (${ifip:-$ADR})</H1>
|
|
||||||
|
|
||||||
<DIV CLASS="en">
|
|
||||||
<P><SMALL CLASS="de">Deutsch: siehe unten</SMALL><SMALL CLASS="fr">français : voir ci-dessous</SMALL></P>
|
|
||||||
<HR>
|
|
||||||
<P>Hello! You are a victim of a filesharing blockade. Your PC opens too
|
|
||||||
much connections to different Internet hosts. This may be caused by the
|
|
||||||
VoIP program Skype, by a filesharing program or by another program with
|
|
||||||
this unusual communication pattern. $(test -f $WEBSERVER/cgi-bin-skype.html &&
|
|
||||||
echo "For operating the Skype VoIP program please read this
|
|
||||||
<A HREF='http://$ifip/cgi-bin-skype.html'>Information Page</A>.")
|
|
||||||
</P>
|
|
||||||
<P>TCP based services still work (ports up to 1023), but UDP based services are blocked now.</P>
|
|
||||||
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
|
||||||
VALUE='I have read this page and stopped the respective program. Please restore access to the Web.'
|
|
||||||
TYPE='submit'></FORM>
|
|
||||||
<P>The blockade $(case $CLEARTIME in ""|0) echo "needs to be removed manually.";;*)echo "will be
|
|
||||||
removed after $CLEARTIME minutes. Alternatively, the blockade can be removed manually.";;esac)
|
|
||||||
For this, send an email to <A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
|
||||||
</P>
|
|
||||||
</DIV>
|
|
||||||
|
|
||||||
<DIV CLASS="de">
|
|
||||||
<HR>
|
|
||||||
<P>Hallo! Du bist das Opfer einer Filesharing-Sperre geworden. Dein Rechner
|
|
||||||
öffnet zuviele Verbindungen zu verschiedenen Internet-Rechnern. Dies
|
|
||||||
kann ausgelöst werden durch das VoIP-Programm Skype, durch ein
|
|
||||||
Filesharing-Programm oder durch ein anderes Programm welches dieses ungewöhnliche
|
|
||||||
Kommunikationsmuster aufweist. $(test -f $WEBSERVER/cgi-bin-skype.html &&
|
|
||||||
echo "Zum Betrieb des VoIP-Programms Skype lies bitte diese
|
|
||||||
<A HREF='http://$ifip/cgi-bin-skype.html'>Informationsseite</A>.")
|
|
||||||
</P>
|
|
||||||
<P><B>Hinweis:</B> TCP-basierte Dienste (Ports bis 1023) funktionieren, aber UDP-basierte Dienste sind nun gesperrt.</P>
|
|
||||||
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
|
||||||
VALUE='Ich habe verstanden und das entsprechende Programm beendet. Bitte Web-Zugang freigeben.'
|
|
||||||
TYPE='submit'></FORM>
|
|
||||||
<P>Die Sperre $(case $CLEARTIME in ""|0)echo "muss manuell entfernt werden.";;*)
|
|
||||||
echo "wird nach $CLEARTIME Minuten entfernt. Wahlweise kann die Sperre
|
|
||||||
auch manuell entfernt werden.";;esac) Sende dazu eine Mail an
|
|
||||||
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
|
||||||
</P>
|
|
||||||
</DIV>
|
|
||||||
|
|
||||||
<DIV CLASS="fr">
|
|
||||||
<HR>
|
|
||||||
<P>Bonjour! Vous êtes victime du mécanisme de blocage de partage de fichiers. Votre
|
|
||||||
ordinateur ouvre trop de connexions simultanées vers trop d'hôtes Internet différents.
|
|
||||||
Ceci peut venir du logiciel de communications Skype, d'un logiciel de partage de fichiers,
|
|
||||||
ou d'un autre programme qui aurait ce même comportement inhabituel, comme certains virus.
|
|
||||||
$(test -f $WEBSERVER/cgi-bin-skype.html &&
|
|
||||||
echo "Pour l'utilisation de Skype en voix sur IP (VoIP) merci de lire cette
|
|
||||||
<A HREF='http://$ifip/cgi-bin-skype.html'>page d'informations</A>.")
|
|
||||||
</P>
|
|
||||||
<P><B>Précisions:</B> Les services TCP restent fonctionnels (Ports jusqu'au n° 1023) mais les
|
|
||||||
services UDP sont bloqués.
|
|
||||||
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
|
||||||
VALUE='J‘ai lu cette page et j‘ai arrêté les programmes suspectés. Lever le blocage!'
|
|
||||||
TYPE='submit'></FORM>
|
|
||||||
<P>Le blocage $(case $CLEARTIME in ""|0)echo "doit être désactivé manuellement.";;*)
|
|
||||||
echo "sera levé automatiquement dans $CLEARTIME minutes. Il est aussi possible de
|
|
||||||
le faire manuellement.";;esac) en envoyant un mail à
|
|
||||||
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
|
||||||
</P>
|
|
||||||
</DIV>
|
|
||||||
</BODY>
|
|
||||||
<HEAD>
|
|
||||||
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
|
|
||||||
<META HTTP-EQUIV="Expires" CONTENT="-1">
|
|
||||||
</HEAD>
|
|
||||||
</HTML>
|
|
||||||
EOF
|
|
||||||
)|(read -r GET && netcatruns "$GET" && kill $pid)
|
|
||||||
done >&- 2>&- &
|
|
||||||
fi
|
|
||||||
;;esac
|
|
||||||
;;esac
|
|
||||||
}
|
|
||||||
|
|
||||||
zapp () {
|
|
||||||
# Block an IP and send a mail to the admin
|
|
||||||
ip=$(echo $1|sed -e 's/^[A-Z]\+_//;s/=.*//;s/_/./g')
|
|
||||||
if $DEBUG; then
|
|
||||||
# Prevent script recursion
|
|
||||||
case $DEBIP in "")
|
|
||||||
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)"
|
|
||||||
echo
|
|
||||||
$0 "$CONN" ${1%=*}
|
|
||||||
;;esac
|
|
||||||
elif ! iptables -nL FORWARD | egrep -q "\\b$(echo $ip|sed 's/\./\\&/g')\\b";then
|
|
||||||
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)" >> /var/log/zappfile.txt
|
|
||||||
mac=$(sed -n 's/^'$(echo $ip|sed 's/\./\\./g')' \+\([^ ]\+ \+\)\{2\}\([^ ]\+\).*/\2/p' /proc/net/arp)
|
|
||||||
|
|
||||||
# Disabled, because we cannot unblock this currently
|
|
||||||
case 0 in 1)case $mac in '');;*)
|
|
||||||
echo "Also zapping $mac at $(date)" >> /var/log/zappfile.txt
|
|
||||||
iptables -I FORWARD -m mac --mac-source $mac -j $jump
|
|
||||||
;;esac;;esac
|
|
||||||
|
|
||||||
block -I $ip
|
|
||||||
|
|
||||||
case $DEBUGSAVE in 1)
|
|
||||||
# Save current conntrack for later analysis
|
|
||||||
cat "$CONN"|gzip -c>/var/log/zappfile-$ip-$(date).txt.gz
|
|
||||||
;;esac
|
|
||||||
|
|
||||||
which ssmtp && cat|ssmtp $MAILADDR<<EOF
|
|
||||||
To: $MAILADDR
|
|
||||||
From: $MAILFROM
|
|
||||||
Subject: Zappfile extended on $(uname -n)
|
|
||||||
|
|
||||||
The following IP exeeded the conntrack limit and was added to the zappfile:
|
|
||||||
|
|
||||||
IP: $ip
|
|
||||||
MAC: $mac
|
|
||||||
Date: $(date)
|
|
||||||
Bogopoints: $2
|
|
||||||
Threshold: $BOGOTHRESH
|
|
||||||
|
|
||||||
The forwarding firewall now has the following rules:
|
|
||||||
|
|
||||||
$(iptables -nL FORWARD)
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# TCP rules:
|
|
||||||
# * Bittorrent opens and uses lots of TCP connections
|
|
||||||
# * BT also uses a higher bandwidth, especially on port 688x
|
|
||||||
# * General: lots of TCP traffic from/to different peers (!port 80)
|
|
||||||
tcp () {
|
|
||||||
# We only count traffic generated by others
|
|
||||||
case $3 in $PAT);;*)
|
|
||||||
case "${10}" in
|
|
||||||
# We count unreplied connection attempts because
|
|
||||||
# lots of P2P peers may not have correct portfw
|
|
||||||
# as well as currently active transfers
|
|
||||||
SYN_SENT|SYN_RECV|ESTABLISHED)
|
|
||||||
case $4 in
|
|
||||||
# HTTP, HTTPS: browsers tend to open multiple connections
|
|
||||||
80|443)
|
|
||||||
case $9 in
|
|
||||||
?????)
|
|
||||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
case ${DEBIP#IP_} in $1)echo "tcp ham $1:$2 $3:$4";;esac
|
|
||||||
;;
|
|
||||||
# Punish traffic on ports 6880-6889
|
|
||||||
688*)
|
|
||||||
case $9 in
|
|
||||||
?????)
|
|
||||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
case ${DEBIP#IP_} in $1)echo "tcp p2p $1:$2 $3:$4";;esac
|
|
||||||
;;
|
|
||||||
# Everything else is normal tcp
|
|
||||||
*)
|
|
||||||
case $9 in
|
|
||||||
?????)
|
|
||||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
case ${DEBIP#IP_} in $1)echo "tcp std $1:$2 $3:$4";;esac
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
eval "TCP_$1_$3=\$(( \$TCP_$1_$3 + 1 ))"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;esac
|
|
||||||
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
# UDP rules:
|
|
||||||
# * Bittorrent DHT feature got us unreplied incoming UDP from diverse IPs (sport likely 688x)
|
|
||||||
# * P2P-user with DHT: incoming UDP dport(unreplied) is port the P2P-user configured for DHT
|
|
||||||
# * P2P-user none DHT: Peers seeking DHT, we have a P2P-user currently, lower tolerance
|
|
||||||
# * General: lots of UDP traffic from/to different peers(!port 53)
|
|
||||||
|
|
||||||
udp () {
|
|
||||||
case ${10} in "[UNREPLIED]") case $3 in $PAT)
|
|
||||||
# We are contacted by incoming UDP (without reason). If that is the case
|
|
||||||
# it is likely that we have at least one P2P user now. Especially if that
|
|
||||||
# peer sends us from his port 688x which is the default for Bittorrent.
|
|
||||||
case $2 in
|
|
||||||
668*)
|
|
||||||
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
|
|
||||||
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
case $4 in
|
|
||||||
688*)
|
|
||||||
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
|
|
||||||
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 1 ));;esac"
|
|
||||||
case $DEBIP in '');;*)echo "nak udp $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
eval "UNK_$1=\$(( \$UNK_$1 + 1 ))"
|
|
||||||
;;esac;;esac
|
|
||||||
# We only count traffic generated by others
|
|
||||||
case $3 in $PAT);;*)
|
|
||||||
case $4 in
|
|
||||||
# DNS: resolvers tend to open multiple connections
|
|
||||||
53)
|
|
||||||
case ${10} in
|
|
||||||
"[UNREPLIED]")
|
|
||||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac";;
|
|
||||||
*)
|
|
||||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac";;
|
|
||||||
esac
|
|
||||||
case ${DEBIP#IP_} in $1)echo "udp ham $1:$2 $3:$4";;esac
|
|
||||||
;;
|
|
||||||
# Punish traffic on ports 6880-6889
|
|
||||||
688*)
|
|
||||||
case ${10} in
|
|
||||||
"[UNREPLIED]")
|
|
||||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac";;
|
|
||||||
*)
|
|
||||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac";;
|
|
||||||
esac
|
|
||||||
case ${DEBIP#IP_} in $1)echo "udp p2p $1:$2 $3:$4";;esac
|
|
||||||
;;
|
|
||||||
# Everything else is normal udp
|
|
||||||
*)
|
|
||||||
case ${10} in
|
|
||||||
"[UNREPLIED]")
|
|
||||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac";;
|
|
||||||
*)
|
|
||||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac";;
|
|
||||||
esac
|
|
||||||
case ${DEBIP#IP_} in $1)echo "udp std $1:$2 $3:$4";;esac
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
eval "UDP_$1_$3=\$(( \$UDP_$1_$3 + 1 ))"
|
|
||||||
;;esac
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
case $1 in
|
|
||||||
block)
|
|
||||||
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
|
|
||||||
block "-I" $2
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
unblock|clear)
|
|
||||||
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
|
|
||||||
block "-D" $2
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
start|stop)
|
|
||||||
test ! -f $CRONDIR/$CRONUSR && (echo "No $CRONDIR/$CRONUSR" 2>&-;exit 1)
|
|
||||||
if egrep -q "/${0##*/}" $CRONDIR/$CRONUSR; then
|
|
||||||
case $1 in stop)
|
|
||||||
echo "Removing ${0##*/} from cron"
|
|
||||||
sed -i -e "/\/${0##*/}/d" $CRONDIR/$CRONUSR
|
|
||||||
;;esac
|
|
||||||
else
|
|
||||||
case $1 in start)
|
|
||||||
case $BOGOTHRESH in 0);;*)
|
|
||||||
echo "Adding ${0##*/} to cron"
|
|
||||||
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
|
|
||||||
sed -i -e "\$a*/1 * * * * $me" $CRONDIR/$CRONUSR
|
|
||||||
;;esac
|
|
||||||
;;esac
|
|
||||||
fi
|
|
||||||
echo $CRONUSR > $CRONDIR/cron.update
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
status)
|
|
||||||
echo "Firewall status:"
|
|
||||||
iptables -nL FORWARD|egrep '^(DROP|REJECT)? +all +-- +[1-9][0-9\.]+ +0.0.0.0/0\b' || echo " No IPs blocked"
|
|
||||||
egrep -q "/${0##*/}" $CRONDIR/$CRONUSR && echo "Running via cron" || echo "Not running via cron"
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
-h|--help|help)
|
|
||||||
cat<<EOF
|
|
||||||
This script examines the kernel conntrack table and blocks a source IP if
|
|
||||||
it detects a filesharing application. Read the script file for details.
|
|
||||||
|
|
||||||
Usage: $0 {start|stop|block [IP]|unblock [IP]|help|[file]}
|
|
||||||
|
|
||||||
start add this scipt as cron job
|
|
||||||
stop remove this script from cron
|
|
||||||
status show a list of blocked IPs
|
|
||||||
block manually block an IP
|
|
||||||
unblock manually unblock an IP
|
|
||||||
[file] parse [file] instead /proc/net/ip_conntrack (for testing)
|
|
||||||
No args normal function, e.g. called by cron without arguments
|
|
||||||
|
|
||||||
Note1: if netcat is installed, this script tries to inform a blocked user
|
|
||||||
by starting a simple web server. If also ssmtp is installed, this script
|
|
||||||
informs you by e-mail about the filesharing and blocking incidents. If
|
|
||||||
someone is blocked, this is recorded in /var/log/zapp* files for later
|
|
||||||
analysis. To analyze, unpack the gzipped conntrack file of the incident
|
|
||||||
and start this script by supplying the filename.
|
|
||||||
|
|
||||||
Note2: to install on Freifunk-FW copy this script to /etc/init.d/S92zapp
|
|
||||||
and restart the router. On other systems it shoud be sufficient to start
|
|
||||||
this script with "$0 start".
|
|
||||||
EOF
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if ! $DEBUG; then
|
|
||||||
if [ -f /proc/sys/net/netfilter/nf_conntrack_acct ] &&
|
|
||||||
[ 0 = $(cat /proc/sys/net/netfilter/nf_conntrack_acct) ]
|
|
||||||
then
|
|
||||||
# Kernel-2.6 needs accounting=on for correct ip_conntrack format
|
|
||||||
echo "Kernel accounting not enabled, which is required." >&2
|
|
||||||
echo "Use 'sysctl -w net.netfilter.nf_conntrack_acct=1'" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Different kernels have differnt formats, script lines doubled to prevent too much compare operations
|
|
||||||
REL=$(uname -r)
|
|
||||||
case ${REL#2.4} in $REL)
|
|
||||||
# Kernel 2.6 output has [STATUS] in different positions, shift to end
|
|
||||||
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
|
|
||||||
set $l
|
|
||||||
case $1 in
|
|
||||||
tcp)
|
|
||||||
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${11#src=} ${13#sport=} ${12#dst=} ${14#dport=} $(( ${10#bytes=} + ${16#bytes=} )) $4
|
|
||||||
;;
|
|
||||||
udp)
|
|
||||||
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${10#src=} ${12#sport=} ${11#dst=} ${13#dport=} $(( ${9#bytes=}+${15#bytes=} )) ${19}
|
|
||||||
;;
|
|
||||||
eof)
|
|
||||||
# If probably no P2P client active double threshold
|
|
||||||
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
|
|
||||||
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
|
|
||||||
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
|
|
||||||
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
|
|
||||||
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
|
|
||||||
done
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
;;*)
|
|
||||||
# Kernel 2.4 output has [STATUS] in different positions, shift to end
|
|
||||||
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
|
|
||||||
set $l
|
|
||||||
case $1 in
|
|
||||||
tcp)
|
|
||||||
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${9#src=} ${11#sport=} ${10#dst=} ${12#dport=} ${15#bytes=} $4
|
|
||||||
;;
|
|
||||||
udp)
|
|
||||||
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${8#src=} ${10#sport=} ${9#dst=} ${11#dport=} ${14#bytes=} ${15}
|
|
||||||
;;
|
|
||||||
eof)
|
|
||||||
# If probably no P2P client active double threshold
|
|
||||||
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
|
|
||||||
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
|
|
||||||
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
|
|
||||||
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
|
|
||||||
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
|
|
||||||
done
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
;;esac
|
|
||||||
|
|
||||||
exit 0
|
|
|
@ -36,9 +36,6 @@ ntpd -p ${NTPD_IP}
|
||||||
mkdir /tmp/crawldata
|
mkdir /tmp/crawldata
|
||||||
httpd -h /tmp/crawldata
|
httpd -h /tmp/crawldata
|
||||||
|
|
||||||
# serve the 30s-cached output of "report.sh gzip" on port 81 with max 1 request/s
|
|
||||||
/etc/serve.sh 81 1 "/etc/cache.sh 30 /etc/report.sh gzip" &
|
|
||||||
|
|
||||||
touch /tmp/started
|
touch /tmp/started
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -1,247 +0,0 @@
|
||||||
#!/bin/ash
|
|
||||||
|
|
||||||
POSTPROC="$@"
|
|
||||||
[ -n "$POSTPROC" ] || POSTPROC="cat -"
|
|
||||||
|
|
||||||
# functions
|
|
||||||
# prefixes all lines with a comma but the first one
|
|
||||||
comma() {
|
|
||||||
awk '{ if (NR >1) print ","$0; else print $0; }'
|
|
||||||
}
|
|
||||||
|
|
||||||
# counts clients via bridge
|
|
||||||
# hardcoded interfaces br-mesh and wlan0 as they
|
|
||||||
# are the same on all routers
|
|
||||||
get_clients() {
|
|
||||||
local COUNT=0
|
|
||||||
local DEVNUMBER=
|
|
||||||
DEVNUMBER=$(brctl showstp br-mesh |\
|
|
||||||
awk '/^wlan0 / { gsub("[()]", "", $2); printf $2; exit}')
|
|
||||||
if [ -n "$DEVNUMBER" ]; then
|
|
||||||
COUNT=$(brctl showmacs br-mesh |\
|
|
||||||
awk -v number=$DEVNUMBER '
|
|
||||||
BEGIN {count=0}
|
|
||||||
{if ($1 == number && $3 == "no") count++}
|
|
||||||
END {print count}')
|
|
||||||
fi
|
|
||||||
echo $COUNT
|
|
||||||
}
|
|
||||||
|
|
||||||
# generate a json report compatible with libremap 1.0
|
|
||||||
report() {
|
|
||||||
# json
|
|
||||||
echo "{"
|
|
||||||
|
|
||||||
# use lowercase MAC addr from br-mesh interface as id
|
|
||||||
local ID=$(ifconfig br-mesh |\
|
|
||||||
grep -o -E "HWaddr[ ]+[0-9a-fA-F:]+" |\
|
|
||||||
tr -s " " |\
|
|
||||||
cut -d" " -f2 |\
|
|
||||||
tr "ABCDEF" "abcdef")
|
|
||||||
local HOSTNAME=$(cat /proc/sys/kernel/hostname)
|
|
||||||
echo "\"_id\":\"${ID}\""
|
|
||||||
echo ",\"api_rev\":1.0"
|
|
||||||
echo ",\"type\":\"router\""
|
|
||||||
echo ",\"hostname\":\"${HOSTNAME}\""
|
|
||||||
|
|
||||||
# location
|
|
||||||
# latitude and longitude are required!
|
|
||||||
echo ",\"location\":{"
|
|
||||||
local LATITUDE=$(uci get site.location.latitude)
|
|
||||||
local LOGITUDE=$(uci get site.location.longitude)
|
|
||||||
local ELEVATION=$(uci get site.location.elevation 2>/dev/null)
|
|
||||||
echo "\"lat\":${LATITUDE}"
|
|
||||||
echo ",\"lon\":${LOGITUDE}"
|
|
||||||
echo ",\"ele\":${ELEVATION}"
|
|
||||||
echo "}"
|
|
||||||
# /location
|
|
||||||
|
|
||||||
# aliases
|
|
||||||
# each mac adresses identifies the router
|
|
||||||
echo ",\"aliases\":["
|
|
||||||
ip -o address show |\
|
|
||||||
grep -o -E "link/ether [0-9a-fA-F:]+" |\
|
|
||||||
tr -s " " |\
|
|
||||||
cut -d" " -f2 |\
|
|
||||||
sort -u |\
|
|
||||||
tr "ABCDEF" "abcdef" |\
|
|
||||||
awk '{print "{\"alias\":\""$0"\",\"type\":\"mac\"}"}' |\
|
|
||||||
comma
|
|
||||||
echo "]"
|
|
||||||
# /aliases
|
|
||||||
|
|
||||||
# links
|
|
||||||
echo ",\"links\":["
|
|
||||||
batctl o |\
|
|
||||||
grep -o -E "^([0-9a-f]{2}:?)+[ ]+[0-9.]+s[ ]+\([ 0-9]+\)[ ]+([0-9a-f]{2}:?)+[ ]+\[[^]]+\]" |\
|
|
||||||
tr -d "s()[]" |\
|
|
||||||
tr -s " " |\
|
|
||||||
tr "ABCDEF" "abcdef" |\
|
|
||||||
awk '{
|
|
||||||
if ($1 == $4) {
|
|
||||||
type="unk"
|
|
||||||
if ($5 ~ /wlan/) type="wlan"
|
|
||||||
if ($5 ~ /eth/) type="eth"
|
|
||||||
if ($5 ~ /VPN/) type="vpn"
|
|
||||||
if ($5 ~ /vpn/) type="vpn"
|
|
||||||
quality=sprintf("%.2f",$3/255)
|
|
||||||
print "{\"alias\":\""$1"\",\"type\":\"mac\",\"quality\":"quality",\"attributes\":{\"type\":\""type"\"}}"
|
|
||||||
}
|
|
||||||
}' |\
|
|
||||||
comma
|
|
||||||
echo "]"
|
|
||||||
# /links
|
|
||||||
|
|
||||||
# attributes
|
|
||||||
echo ",\"attributes\":{"
|
|
||||||
|
|
||||||
# contact
|
|
||||||
echo "\"contact\":{"
|
|
||||||
local CONTACT=$(uci get site.contact.name 2>/dev/null)
|
|
||||||
local EMAIL=$(uci get site.contact.email 2>/dev/null)
|
|
||||||
local TELEPHONE=$(uci get site.contact.telephone 2>/dev/null)
|
|
||||||
echo "\"name\":\"${CONTACT}\""
|
|
||||||
echo ",\"email\":\"${EMAIL}\""
|
|
||||||
echo ",\"telephone\":\"${TELEPHONE}\""
|
|
||||||
echo "}"
|
|
||||||
# /contact
|
|
||||||
|
|
||||||
# site
|
|
||||||
echo ",\"site\":{"
|
|
||||||
local DIRECTION=$(uci get site.location.direction)
|
|
||||||
local TAGS=$(uci get site.location.tags)
|
|
||||||
echo "\"direction\":\"${DIRECTION}\""
|
|
||||||
echo ",\"tags\":\"${TAGS}\""
|
|
||||||
echo "}"
|
|
||||||
# /site
|
|
||||||
|
|
||||||
# system
|
|
||||||
echo ",\"system\":{"
|
|
||||||
local MODEL=$(uci get board.model.name)
|
|
||||||
local CPU=$(cat /proc/cpuinfo |\
|
|
||||||
awk -F': ' '/^cpu model/ { print $2; exit}')
|
|
||||||
local MEMORY=$(cat /proc/meminfo |\
|
|
||||||
awk -F" " '/^MemTotal:/ {print $2; exit}')
|
|
||||||
local FIRMWARE=$(cat /etc/*release |\
|
|
||||||
grep "^FIRMWARE_VERSION=" |\
|
|
||||||
cut -d= -f2 |\
|
|
||||||
tr -d "'\"")
|
|
||||||
local DISTIBUTION=$(cat /etc/*release |\
|
|
||||||
grep "^DISTRIB_DESCRIPTION=" |\
|
|
||||||
cut -d= -f2 |\
|
|
||||||
tr -d "'\"")
|
|
||||||
local LINUX=$(uname -r)
|
|
||||||
local BATMANADV=$(cat /sys/module/batman_adv/version)
|
|
||||||
local FASTD=$(fastd -v | cut -d" " -f2)
|
|
||||||
local WLANPOWER=$(iwconfig wlan0 |\
|
|
||||||
grep -o -E "Tx-Power= *[0-9]+" |\
|
|
||||||
cut -d= -f2)
|
|
||||||
[ -n "$WLANPOWER" ] || WLANPOWER=0
|
|
||||||
echo "\"hardware\":{"
|
|
||||||
echo "\"model\":\"$MODEL\""
|
|
||||||
echo ",\"cpu\":\"$CPU\""
|
|
||||||
echo ",\"memory\":$MEMORY"
|
|
||||||
echo "}"
|
|
||||||
echo ",\"software\":{"
|
|
||||||
echo "\"firmware\":\"$FIRMWARE\""
|
|
||||||
echo ",\"distribution\":\"$DISTIBUTION\""
|
|
||||||
echo ",\"linux\":\"$LINUX\""
|
|
||||||
echo ",\"batman-adv\":\"$BATMANADV\""
|
|
||||||
echo ",\"fastd\":\"$FASTD\""
|
|
||||||
echo "}"
|
|
||||||
echo ",\"wireless\":{"
|
|
||||||
echo "\"power\":$WLANPOWER"
|
|
||||||
echo "}"
|
|
||||||
echo "}"
|
|
||||||
# /system
|
|
||||||
|
|
||||||
|
|
||||||
# load
|
|
||||||
echo ",\"load\":{"
|
|
||||||
local UPTIME=$(cat /proc/uptime | cut -d" " -f1)
|
|
||||||
local CPU_LOAD=$(cat /proc/loadavg | cut -d" " -f2)
|
|
||||||
local MEMORY_LOAD=$(cat /proc/meminfo |\
|
|
||||||
awk '
|
|
||||||
/^MemTotal:/ {total=$2}
|
|
||||||
/^MemFree:/ {free=$2}
|
|
||||||
/^Buffers:/ {buffers=$2}
|
|
||||||
/^Cached:/ {cached=$2; exit}
|
|
||||||
END {printf "%.2f",(total-free-buffers-cached)/total}
|
|
||||||
')
|
|
||||||
local TRAFFIC_MESH=
|
|
||||||
local TRAFFIC_WAN=
|
|
||||||
if [ -f '/var/statistics/traffic' ]; then
|
|
||||||
TRAFFIC_MESH=$(cat /var/statistics/traffic |\
|
|
||||||
awk '/^bat0 / { printf "[%.2f,%.2f]",$4/1024,$2/1024}')
|
|
||||||
TRAFFIC_WAN=$(cat /var/statistics/traffic |\
|
|
||||||
awk '/^[^ ]*(VPN|vpn)[^ ]* / { printf "[%.2f,%.2f]",$4/1024,$2/1024; exit }')
|
|
||||||
fi
|
|
||||||
[ -n "$TRAFFIC_MESH" ] || TRAFFIC_MESH=[0,0]
|
|
||||||
[ -n "$TRAFFIC_WAN" ] || TRAFFIC_WAN=[0,0]
|
|
||||||
local CLIENTS=$(get_clients)
|
|
||||||
MESH=$(batctl o |\
|
|
||||||
tail -n+3 |\
|
|
||||||
awk 'BEGIN {count=0;cumqual=0;} {gsub("[()]", "", $3); cumqual +=$3; count++;} END {printf "%.2f",(cumqual/(count*255))}')
|
|
||||||
[ -n "$MESH" ] || MESH=0
|
|
||||||
echo "\"uptime\":$UPTIME"
|
|
||||||
echo ",\"cpu\":$CPU_LOAD"
|
|
||||||
echo ",\"memory\":$MEMORY_LOAD"
|
|
||||||
echo ",\"clients\":$CLIENTS"
|
|
||||||
echo ",\"mesh\":$MESH"
|
|
||||||
echo ",\"traffic\":{"
|
|
||||||
echo "\"mesh\":"$TRAFFIC_MESH
|
|
||||||
echo ",\"wan\":"$TRAFFIC_WAN
|
|
||||||
echo "}"
|
|
||||||
echo "}"
|
|
||||||
# /load
|
|
||||||
|
|
||||||
# internet
|
|
||||||
# get data from selected or (if unavailable) best connected gw
|
|
||||||
echo ",\"internet\":{"
|
|
||||||
batctl gwl |\
|
|
||||||
awk -F" " 'BEGIN {
|
|
||||||
gateway_sel=""
|
|
||||||
via_sel=""
|
|
||||||
quality_sel=0
|
|
||||||
}
|
|
||||||
/Gateway/ { next }
|
|
||||||
/No gateways/ { next }
|
|
||||||
{
|
|
||||||
sub("^=>", "1", $0)
|
|
||||||
sub("^ ", "0", $0)
|
|
||||||
sub(" *\\( *", " ", $0)
|
|
||||||
sub(" *\\) *", " ", $0)
|
|
||||||
sub(" *\\[ *", " ", $0)
|
|
||||||
sub(" *\\]: *", " ", $0)
|
|
||||||
quality=sprintf("%.2f",$3/255)
|
|
||||||
if ($1 == 1) {
|
|
||||||
gateway_sel=$2
|
|
||||||
via_sel=$4
|
|
||||||
quality_sel=quality
|
|
||||||
exit
|
|
||||||
} else if (quality > quality_sel) {
|
|
||||||
gateway_sel=$2
|
|
||||||
via_sel=$4
|
|
||||||
quality_sel=quality
|
|
||||||
}
|
|
||||||
}
|
|
||||||
END {
|
|
||||||
print "\"alias\":\""gateway_sel"\""
|
|
||||||
print ",\"type\":\"mac\""
|
|
||||||
print ",\"quality\":"quality_sel
|
|
||||||
print ",\"via\":{"
|
|
||||||
print "\"alias\":\""via_sel"\""
|
|
||||||
print ",\"type\":\"mac\""
|
|
||||||
print "}"
|
|
||||||
}'
|
|
||||||
echo "}"
|
|
||||||
# /gateway
|
|
||||||
|
|
||||||
echo "}"
|
|
||||||
# /attributes
|
|
||||||
|
|
||||||
echo "}"
|
|
||||||
# /json
|
|
||||||
}
|
|
||||||
|
|
||||||
report | $POSTPROC
|
|
|
@ -1,13 +0,0 @@
|
||||||
#!/bin/ash
|
|
||||||
|
|
||||||
[ $# -ge 3 ] || exit 1
|
|
||||||
|
|
||||||
PORT="$1"
|
|
||||||
DELAY="$2"
|
|
||||||
shift 2
|
|
||||||
COMMAND="$@"
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
(nc -l -p $PORT -e $COMMAND) > /dev/null 2>&1
|
|
||||||
sleep $DELAY
|
|
||||||
done
|
|
|
@ -1,50 +0,0 @@
|
||||||
#!/bin/ash
|
|
||||||
|
|
||||||
# config
|
|
||||||
STATSDIR="/tmp/statistics"
|
|
||||||
|
|
||||||
get_trafficdata() {
|
|
||||||
cat /proc/net/dev | tail -n +3 | tr ":" " " | sed -e 's/^[ ]\+//g' | tr -s " " | cut -d" " -f 1,2,3,10,11 || return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
update_traffic() {
|
|
||||||
local TIME=$(date +%s)
|
|
||||||
local DATA=$(get_trafficdata)
|
|
||||||
local DATATMP=
|
|
||||||
local REFERENCE=
|
|
||||||
local REFERENCETMP=
|
|
||||||
local REFERENCE_TIME=
|
|
||||||
local DELTA=
|
|
||||||
local DEVICES=
|
|
||||||
if [ -f "$STATSDIR/traffic_reference_time" ] && [ -f "$STATSDIR/traffic_reference" ]; then
|
|
||||||
REFERENCE_TIME=$(cat "$STATSDIR/traffic_reference_time")
|
|
||||||
REFERENCE=$(cat "$STATSDIR/traffic_reference")
|
|
||||||
fi
|
|
||||||
if [ -n "$TIME" ] && [ -n "$REFERENCE_TIME" ]; then
|
|
||||||
DELTA=$(($TIME-$REFERENCE_TIME))
|
|
||||||
fi
|
|
||||||
if [ -n "$DATA" ] && [ -n "$REFERENCE" ] && [ -n "$DELTA" ]; then
|
|
||||||
echo "#device rx[b/s] rx[p/s] tx[b/s] tx[p/s]" > "$STATSDIR/traffic.tmp"
|
|
||||||
DEVICES=$(echo "$DATA" | cut -d" " -f1 | sort -u) || return 1
|
|
||||||
echo "$DEVICES" | while read DEVICE; do
|
|
||||||
if [ -n "$DEVICE" ]
|
|
||||||
then
|
|
||||||
DATATMP=$(echo "$DATA" | grep "^$DEVICE " | cut -d" " -f 2- | tr "\n" " ") || return 1
|
|
||||||
REFERENCETMP=$(echo "$REFERENCE" | grep "^$DEVICE " | cut -d" " -f 2- | tr "\n" " ") || return 1
|
|
||||||
echo "$DEVICE $DATATMP $REFERENCETMP" | tr -s " " | awk -F" " -v DELTA=$DELTA '{printf "%s %.0f %.0f %.0f %.0f\n",$1,($2-$6)/DELTA,($3-$7)/DELTA,($4-$8)/DELTA,($5-$9)/DELTA}' >> "$STATSDIR/traffic.tmp" || return 1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
mv "$STATSDIR/traffic.tmp" "$STATSDIR/traffic"
|
|
||||||
fi
|
|
||||||
echo "$DATA" > "$STATSDIR/traffic_reference"
|
|
||||||
echo "$TIME" > "$STATSDIR/traffic_reference_time"
|
|
||||||
}
|
|
||||||
|
|
||||||
# secure dot-scripts
|
|
||||||
[ -e "$STATSDIR" ] || mkdir -p "$STATSDIR"
|
|
||||||
[ -d "$STATSDIR" ] || exit 1
|
|
||||||
chown -R root "$STATSDIR"
|
|
||||||
chmod -R 700 "$STATSDIR"
|
|
||||||
|
|
||||||
# update values
|
|
||||||
update_traffic
|
|
|
@ -1,32 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
# This script needs to be enabled within the rc.local with:
|
|
||||||
# iw event -f | /etc/clients_event.sh &
|
|
||||||
|
|
||||||
API_IPV4_ADRESS=`uci get configurator.@api[0].ipv4_address`
|
|
||||||
API_IPV6_ADRESS=`uci get configurator.@api[0].ipv6_address`
|
|
||||||
API_IPV6_INTERFACE=`uci get configurator.@api[0].ipv6_interface`
|
|
||||||
CRAWL_ROUTER_ID=`uci get configurator.@crawl[0].router_id`
|
|
||||||
|
|
||||||
get_url() {
|
|
||||||
if [[ $API_IPV4_ADRESS != "1" ]]; then
|
|
||||||
url=$API_IPV4_ADRESS
|
|
||||||
else
|
|
||||||
url="[$API_IPV6_ADRESS"%"$API_IPV6_INTERFACE]"
|
|
||||||
fi
|
|
||||||
echo $url
|
|
||||||
}
|
|
||||||
|
|
||||||
netmon_api=`get_url`
|
|
||||||
|
|
||||||
while read LINE
|
|
||||||
do
|
|
||||||
if [ "`echo $LINE | grep 'wlan0: new station'`" != "" ]; then
|
|
||||||
mac_addr="`echo $LINE | grep 'wlan0: new station' | cut -d' ' -f4`"
|
|
||||||
|
|
||||||
command="wget -q -O - http://$netmon_api/api_csv_variable_splash.php?section=insert_client&router_id=$CRAWL_ROUTER_ID&mac_addr=$mac_addr"
|
|
||||||
api_return=`$command`
|
|
||||||
echo "$api_return"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
config model 'model'
|
|
||||||
option name 'wdr4300'
|
|
|
@ -1,18 +0,0 @@
|
||||||
if [[ "$(cat /var/sysinfo/board_name)" = "tl-wdr3500" ]]; then
|
|
||||||
WLAN0_MACADDR=$(cat /sys/class/net/w2mesh/address)
|
|
||||||
else
|
|
||||||
WLAN0_MACADDR=$(cat /sys/class/net/w5mesh/address)
|
|
||||||
fi
|
|
||||||
|
|
||||||
BRMESH_MACADDR=$(cat /sys/class/net/br-mesh/address)
|
|
||||||
|
|
||||||
if [[ "$WLAN0_MACADDR=" != "$BRMESH_MACADDR=" ]]; then
|
|
||||||
echo "Fixing wrong MAC on br-mesh"
|
|
||||||
uci set network.mesh.macaddr=$WLAN0_MACADDR
|
|
||||||
uci commit
|
|
||||||
ifconfig br-mesh hw ether $WLAN0_MACADDR
|
|
||||||
ifconfig br-mesh down
|
|
||||||
ifconfig br-mesh up
|
|
||||||
fi
|
|
||||||
|
|
||||||
# vim: noexpandtab
|
|
|
@ -1,2 +0,0 @@
|
||||||
config model 'model'
|
|
||||||
option name 'wdr4900'
|
|
|
@ -1,13 +0,0 @@
|
||||||
WLAN0_MACADDR=$(cat /sys/class/net/w5mesh/address)
|
|
||||||
BRMESH_MACADDR=$(cat /sys/class/net/br-mesh/address)
|
|
||||||
|
|
||||||
if [[ "$WLAN0_MACADDR=" != "$BRMESH_MACADDR=" ]]; then
|
|
||||||
echo "Fixing wrong MAC on br-mesh"
|
|
||||||
uci set network.mesh.macaddr=$WLAN0_MACADDR
|
|
||||||
uci commit
|
|
||||||
ifconfig br-mesh hw ether $WLAN0_MACADDR
|
|
||||||
ifconfig br-mesh down
|
|
||||||
ifconfig br-mesh up
|
|
||||||
fi
|
|
||||||
|
|
||||||
# vim: noexpandtab
|
|
Loading…
Reference in New Issue
Block a user