mirror
/
openwrt-routing
mirror of https://git.openwrt.org/feed/routing.git
1
0
Fork 0
Code Releases Activity

nodogsplash: code cleanup, add option gatewayinterface, allow uci and manual configration in parallel

This commit is contained in:
Moritz Warning 2015-01-26 14:52:13 +01:00
parent 0a8100ae67
commit 5f49ef1192
4 changed files with 206 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nodogsplash/Makefile
View File

@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=nodogsplash
PKG_FIXUP:=autoreconf
PKG_VERSION:=0.9_beta9.9.9
PKG_RELEASE:=3
PKG_RELEASE:=4
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@ -43,10 +43,9 @@ define Package/nodogsplash/install
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ndsctl $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) files/nodogsplash.init $(1)/etc/init.d/$(PKG_NAME)
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_CONF) ./files/nodogsplash.migrate $(1)/etc/uci-defaults/30_nodogsplash
$(INSTALL_BIN) files/nodogsplash.init $(1)/etc/init.d/nodogsplash
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) files/nodogsplash.config $(1)/etc/config/nodogsplash
$(INSTALL_DIR) $(1)/etc/$(PKG_NAME)/htdocs/images
$(CP) $(PKG_BUILD_DIR)/resources/splash.html $(1)/etc/$(PKG_NAME)/htdocs/

39
nodogsplash/files/nodogsplash.config Normal file
View File

@ -0,0 +1,39 @@
config instance
# Set to 1 to enable nodogsplash
option enabled 0
# Use plain configuration file as well
#option config '/etc/nodogsplash/nodogsplash.conf'
option network 'lan'
option gatewayname 'OpenWrt Nodogsplash'
option maxclients '250'
option idletimeout '1200'
# Your router may have several interfaces, and you
# probably want to keep them private from the network/gatewayinterface.
# If so, you should block the entire subnets on those interfaces, e.g.:
list authenticated_users 'block to 192.168.0.0/16'
list authenticated_users 'block to 10.0.0.0/8'
# Typical ports you will probably want to open up.
list authenticated_users 'allow tcp port 22'
list authenticated_users 'allow tcp port 53'
list authenticated_users 'allow udp port 53'
list authenticated_users 'allow tcp port 80'
list authenticated_users 'allow tcp port 443'
# For preauthenticated users to resolve IP addresses in their
# initial request not using the router itself as a DNS server,
list preauthenticated_users 'allow tcp port 53'
list preauthenticated_users 'allow udp port 53'
# Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS
list users_to_router 'allow tcp port 22'
list users_to_router 'allow tcp port 23'
list users_to_router 'allow tcp port 53'
list users_to_router 'allow udp port 53'
list users_to_router 'allow udp port 67'
list users_to_router 'allow tcp port 80'
list users_to_router 'allow tcp port 443'
# See https://github.com/nodogsplash for a full list of available options.

318
nodogsplash/files/nodogsplash.init
View File

@ -53,15 +53,15 @@ setup_user_authentication() {
[ $val -gt 0 ] && echo "AuthenticateImmediately yes" >> $CONFIGFILE
config_get val "$cfg" username
if [ -n "${val}" ] ; then
if [ -n "$val" ] ; then
echo "UsernameAuthentication" >> $CONFIGFILE
echo "Username ${val}" >> $CONFIGFILE
echo "Username $val" >> $CONFIGFILE
fi
config_get val "$cfg" password
if [ -n "${val}" ] ; then
if [ -n "$val" ] ; then
echo "PasswordAuthentication" >> $CONFIGFILE
echo "Password ${val}" >> $CONFIGFILE
echo "Password $val" >> $CONFIGFILE
fi
}
@ -71,26 +71,26 @@ setup_mac_lists() {
local val
append_mac() {
append MAC $1 ,
append MAC "$1" ","
}
config_get val "$cfg" macmechanism
if [ -z "${val}" ] ; then
if [ -z "$val" ] ; then
# check if we have AllowedMACList or BlockedMACList defined they will be ignored
config_get val "$cfg" allowedmac
if [ -n "${val}" ] ; then
if [ -n "$val" ] ; then
echo "Ignoring allowedmac - macmechanism not \"allow\"" >&2
fi
config_get val "$cfg" blockedmac
if [ -n "${val}" ] ; then
if [ -n "$val" ] ; then
echo "Ignoring blockedmac - macmechanism not \"block\"" >&2
fi
elif [ "${val}" == "allow" ] ; then
elif [ "$val" == "allow" ] ; then
MAC=""
config_list_foreach "$cfg" allowedmac append_mac
echo "AllowedMACList $MAC" >> $CONFIGFILE
elif [ "${val}" == "block" ] ; then
elif [ "$val" == "block" ] ; then
MAC=""
config_list_foreach "$cfg" blockedmac append_mac
echo "BlockedMACList $MAC" >> $CONFIGFILE
@ -120,7 +120,7 @@ setup_firewall() {
config_list_foreach "$cfg" ${uci_name} append_firewall
echo "}" >> $CONFIGFILE
config_get val "$cfg" policy_${uci_name}
[ -n "${val}" ] && echo "EmptyRuleSetPolicy $rule $val" >> $CONFIGFILE
[ -n "$val" ] && echo "EmptyRuleSetPolicy $rule $val" >> $CONFIGFILE
done
}
@ -134,20 +134,41 @@ generate_uci_config() {
CONFIGFILE="/tmp/etc/nodogsplash_$cfg.conf"
echo "# auto-generated config file from /etc/config/nodogsplash" > $CONFIGFILE
config_get val "$cfg" network
if [ ! -n "${val}" ] ; then
nolog error "$cfg missing network"
return 1
config_get val "$cfg" config
if [ -n "$val" ] ; then
if [ -f "$val" ] ; then
nolog error "Configuration file '$file' doesn't exist"
return 0
fi
cat $val > CONFIGFILE
fi
if ! network_get_device ifname $val ; then
nolog error "$cfg can not find ifname for network '${val}'"
return 1
config_get val "$cfg" network
if [ -n "$val" ] ; then
if ! network_get_device ifname "$val" ; then
nolog error "$cfg can not find ifname for network '$val'"
return 1
fi
fi
config_get val "$cfg" gatewayinterface
if [ -n "$val" ] ; then
if [ -n "$ifname" ] ; then
nolog error "$cfg cannot use both option network and gatewayinterface"
return 1
fi
ifname="$val"
fi
if [ -z "$ifname" ] ; then
nolog error "$cfg option network or gatewayinterface missing"
return 1
fi
echo "GatewayInterface $ifname" >> $CONFIGFILE
config_get val "$cfg" externalnetwork
[ -n "${val}" ] && network_get_device ifname ${val} && echo "ExternalInterface $ifname" >> $CONFIGFILE
[ -n "$val" ] && network_get_device ifname "$val" && echo "ExternalInterface $ifname" >> $CONFIGFILE
append_config_option "$CONFIGFILE" "$cfg" gatewayname GatewayName
append_config_option "$CONFIGFILE" "$cfg" gatewayaddress GatewayAddress
@ -177,22 +198,11 @@ create_instance() {
local cfg="$1"
local manual_config
local val
CONFIGFILE="/tmp/etc/nodogsplash_$cfg.conf"
config_get_bool val "$cfg" disabled 0
[ $val -gt 0 ] && return 0
config_get_bool val "$cfg" enabled 0
[ $val -gt 0 ] || return 0
config_get manual_config "$cfg" config ""
if [ ! -n "$manual_config" ] ; then
generate_uci_config "$cfg"
else
# check if configration exists
if [ ! -f "$manual_config" ] ; then
nolog error "Configuration file '$file' doesn't exists"
return 0
fi
CONFIGFILE="$manual_config"
fi
generate_uci_config "$cfg"
if ! test_module ; then
logger -s -t nodogsplash -p daemon.error "nodogsplash is missing some kernel modules"
@ -226,127 +236,125 @@ status() {
# Test if we got all modules loaded
test_module() {
### Test ipt_mark with iptables
test_ipt_mark () {
($IPT -A FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null
IPTABLES_OK=$?
if [ "$IPTABLES_OK" -eq 0 ]; then
($IPT -D FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null
return 0
else
return 1
fi
}
### Test ipt_mac with iptables
test_ipt_mac () {
($IPT -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null
IPTABLES_OK=$?
if [ "$IPTABLES_OK" -eq 0 ]; then
($IPT -D INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null
return 0
else
return 1
fi
}
### Test ipt_IMQ with iptables
test_ipt_IMQ () {
($IPT -t mangle -A PREROUTING -j IMQ --todev 0 2>&1) > /dev/null
IPTABLES_OK=$?
if [ "$IPTABLES_OK" -eq 0 ]; then
($IPT -t mangle -D PREROUTING -j IMQ --todev 0 2>&1) > /dev/null
return 0
else
return 1
fi
}
### Test imq with ip
test_imq () {
(ip link set imq0 up 2>&1) > /dev/null
IMQ0_OK=$?
(ip link set imq1 up 2>&1) > /dev/null
IMQ1_OK=$?
if [ "$IMQ0_OK" -eq 0 -a "$IMQ1_OK" -eq 0 ]; then
(ip link set imq0 down 2>&1) > /dev/null
(ip link set imq1 down 2>&1) > /dev/null
return 0
else
return 1
fi
}
### Test sch_htb with tc; requires imq0
test_sch_htb () {
(tc qdisc del dev imq0 root 2>&1) > /dev/null
(tc qdisc add dev imq0 root htb 2>&1) > /dev/null
TC_OK=$?
if [ "$TC_OK" -eq 0 ]; then
(tc qdisc del dev imq0 root 2>&1) > /dev/null
return 0
else
return 1
fi
}
### Find a module on disk
module_exists () {
EXIST=$(find /lib/modules/`uname -r` -name $1.*o 2> /dev/null)
if [ -n "$EXIST" ]; then
return 0
else
return 1
fi
}
### Test if a module is in memory
module_in_memory () {
MODULE=$(lsmod | grep $1 | awk '{print $1}')
if [ "$MODULE" = "$1" ]; then
return 0
else
return 1
fi
}
### Test functionality of a module; load if necessary
do_module_tests () {
echo " Testing module $1 $2"
"test_$1"
if [ $? -ne 0 ]; then
echo " Module $1 $2 needed"
echo " Scanning disk for $1 module"
module_exists $1
if [ $? -ne 0 ]; then
echo " $1 module missing: please install it"
exit 1
else
echo " $1 exists, trying to load"
insmod $1 $2 > /dev/null
if [ $? -ne 0 ]; then
echo " Error: insmod $1 $2 failed"
exit 1
else
echo " $1 $2 loaded successfully"
fi
fi
else
echo " $1 is working"
fi
}
echo " Testing required modules"
do_module_tests "ipt_mac"
do_module_tests "ipt_mark"
# test for imq modules, only if TrafficControl is enabled in conf
if ( grep -q -E '^[[:space:]]*TrafficControl[[:space:]]+(yes|true|1)' "$NDS_CONF" ) ; then
do_module_tests "imq" "numdevs=2"
do_module_tests "ipt_IMQ"
do_module_tests "sch_htb"
### Test ipt_mark with iptables
test_ipt_mark () {
($IPT -A FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null
IPTABLES_OK=$?
if [ "$IPTABLES_OK" -eq 0 ]; then
($IPT -D FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null
return 0
else
return 1
fi
}
### Test ipt_mac with iptables
test_ipt_mac () {
($IPT -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null
IPTABLES_OK=$?
if [ "$IPTABLES_OK" -eq 0 ]; then
($IPT -D INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null
return 0
else
return 1
fi
}
### Test ipt_IMQ with iptables
test_ipt_IMQ () {
($IPT -t mangle -A PREROUTING -j IMQ --todev 0 2>&1) > /dev/null
IPTABLES_OK=$?
if [ "$IPTABLES_OK" -eq 0 ]; then
($IPT -t mangle -D PREROUTING -j IMQ --todev 0 2>&1) > /dev/null
return 0
else
return 1
fi
}
### Test imq with ip
test_imq () {
(ip link set imq0 up 2>&1) > /dev/null
IMQ0_OK=$?
(ip link set imq1 up 2>&1) > /dev/null
IMQ1_OK=$?
if [ "$IMQ0_OK" -eq 0 -a "$IMQ1_OK" -eq 0 ]; then
(ip link set imq0 down 2>&1) > /dev/null
(ip link set imq1 down 2>&1) > /dev/null
return 0
else
return 1
fi
}
### Test sch_htb with tc; requires imq0
test_sch_htb () {
(tc qdisc del dev imq0 root 2>&1) > /dev/null
(tc qdisc add dev imq0 root htb 2>&1) > /dev/null
TC_OK=$?
if [ "$TC_OK" -eq 0 ]; then
(tc qdisc del dev imq0 root 2>&1) > /dev/null
return 0
else
return 1
fi
}
### Find a module on disk
module_exists () {
EXIST=$(find /lib/modules/`uname -r` -name $1.*o 2> /dev/null)
if [ -n "$EXIST" ]; then
return 0
else
return 1
fi
}
### Test if a module is in memory
module_in_memory () {
MODULE=$(lsmod | grep $1 | awk '{print $1}')
if [ "$MODULE" = "$1" ]; then
return 0
else
return 1
fi
}
### Test functionality of a module; load if necessary
do_module_tests () {
echo " Testing module $1 $2"
"test_$1"
if [ $? -ne 0 ]; then
echo " Module $1 $2 needed"
echo " Scanning disk for $1 module"
module_exists $1
if [ $? -ne 0 ]; then
echo " $1 module missing: please install it"
exit 1
else
echo " $1 exists, trying to load"
insmod $1 $2 > /dev/null
if [ $? -ne 0 ]; then
echo " Error: insmod $1 $2 failed"
exit 1
else
echo " $1 $2 loaded successfully"
fi
fi
else
echo " $1 is working"
fi
}
echo " Testing required modules"
do_module_tests "ipt_mac"
do_module_tests "ipt_mark"
# test for imq modules, only if TrafficControl is enabled in conf
if ( grep -q -E '^[[:space:]]*TrafficControl[[:space:]]+(yes|true|1)' "$CONFIGFILE" ) ; then
do_module_tests "imq" "numdevs=2"
do_module_tests "ipt_IMQ"
do_module_tests "sch_htb"
fi
}

44
nodogsplash/files/nodogsplash.migrate
View File

@ -1,44 +0,0 @@
#!/bin/sh
. /lib/functions.sh
add_uci_default() {
local disabled=$1
# add default configuration
uci batch <<EOF
add nodogsplash instance
set nodogsplash.@instance[-1].network='lan'
set nodogsplash.@instance[-1].gatewayname='OpenWrt Nodogsplash'
set nodogsplash.@instance[-1].maxclients=250
set nodogsplash.@instance[-1].idletimeout=1200
set nodogsplash.@instance[-1].disabled=$disabled
add_list nodogsplash.@instance[-1].users_to_router='allow tcp port 22'
add_list nodogsplash.@instance[-1].users_to_router='allow tcp port 23'
add_list nodogsplash.@instance[-1].users_to_router='allow tcp port 53'
add_list nodogsplash.@instance[-1].users_to_router='allow udp port 53'
add_list nodogsplash.@instance[-1].users_to_router='allow udp port 67'
add_list nodogsplash.@instance[-1].users_to_router='allow tcp port 80'
add_list nodogsplash.@instance[-1].users_to_router='allow tcp port 443'
EOF
}
[ -e /etc/config/nodogsplash ] && exit 0
touch /etc/config/nodogsplash
# check if we have an old config
if [ -e "/etc/nodogsplash/nodogsplash.conf" ] ; then
uci batch <<EOF
add nodogsplash instance
set nodogsplash.@instance[-1].config='/etc/nodogsplash/nodogsplash.conf'
EOF
add_uci_default 1
else
add_uci_default 0
fi
exit 0