summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorManuel Munz <freifunk@somakoma.de>2013-08-11 16:45:39 +0000
committerManuel Munz <freifunk@somakoma.de>2013-08-11 16:45:39 +0000
commit3b0dee6e5cc344f3f1abef7c3036a7cb8f1238cb (patch)
treea106912fa1e41f16dffa78bb1805401890ae8ace
parentbbc5b2ef69622f375670302d9a28a6943129e943 (diff)
applications/luci-splash: do not delete the nodes luci_splash_mark_in rule when its ip is unknown while syncing, instead use iptables comments there and delete that rule when the lease has been removed.
-rwxr-xr-xapplications/luci-splash/root/usr/sbin/luci-splash45
1 files changed, 17 insertions, 28 deletions
diff --git a/applications/luci-splash/root/usr/sbin/luci-splash b/applications/luci-splash/root/usr/sbin/luci-splash
index e4fa6e775..3f08f2c6b 100755
--- a/applications/luci-splash/root/usr/sbin/luci-splash
+++ b/applications/luci-splash/root/usr/sbin/luci-splash
@@ -167,17 +167,6 @@ function get_known_macs(list)
end
--- Get a list of known ip addresses
-function get_known_ips(macs, arp)
- local leased_ips = { }
- if not macs then macs = get_known_macs() end
- for _, e in ipairs(arp or net.arptable()) do
- if macs[e["HW address"]:lower()] then leased_ips[e["IP address"]] = true end
- end
- return leased_ips
-end
-
-
-- Helper to delete iptables rules
function ipt_delete_all(args, comp, off)
off = off or { }
@@ -304,11 +293,13 @@ end
-- Add an iptables rule
function add_lease_rule(mac, ipaddr)
- os.execute("iptables -t mangle -I luci_splash_mark_out -m mac --mac-source %q -j MARK --set-mark 79" % mac)
- os.execute("iptables -t mangle -I luci_splash_mark_in -d %q -j MARK --set-mark 80" % ipaddr)
+ os.execute("iptables -t mangle -I luci_splash_mark_out -m mac --mac-source %q -j MARK --set-mark 79" % mac)
+ os.execute("iptables -t mangle -I luci_splash_mark_in -d %q -j MARK --set-mark 80 -m comment --comment %s" % {ipaddr, mac:upper()})
+
if has_ipv6 then
- os.execute("ip6tables -t mangle -I luci_splash_mark_out -m mac --mac-source %q -j MARK --set-mark 79" % mac)
- os.execute("ip6tables -t mangle -I luci_splash_mark_in -d %q -j MARK --set-mark 80" % ipaddr)
+ os.execute("ip6tables -t mangle -I luci_splash_mark_out -m mac --mac-source %q -j MARK --set-mark 79" % mac)
+ -- not working yet, needs the ip6addr
+ --os.execute("ip6tables -t mangle -I luci_splash_mark_in -d %q -j MARK --set-mark 80 -m comment --comment %s" % {ipaddr, mac:upper()})
end
@@ -323,15 +314,13 @@ end
-- Remove lease, black- or whitelist rules
function remove_lease_rule(mac, ipaddr)
ipt:resync()
-
- if ipaddr then
- ipt_delete_all({table="mangle", chain="luci_splash_mark_in", destination=ipaddr})
- ipt_delete_all({table="mangle", chain="luci_splash_mark_out", options={"MAC", mac:upper()}})
- end
-
+ ipt_delete_all({table="mangle", chain="luci_splash_mark_in", options={"/*", mac:upper()}})
+ ipt_delete_all({table="mangle", chain="luci_splash_mark_out", options={"MAC", mac:upper()}})
ipt_delete_all({table="filter", chain="luci_splash_filter", options={"MAC", mac:upper()}})
ipt_delete_all({table="nat", chain="luci_splash_leases", options={"MAC", mac:upper()}})
if has_ipv6 then
+ --ipt6_delete_all({table="mangle", chain="luci_splash_mark_in", options={"/*", mac:upper()}})
+ ipt6_delete_all({table="mangle", chain="luci_splash_mark_out", options={"MAC", mac:upper()}})
ipt6_delete_all({table="filter", chain="luci_splash_filter", options={"MAC", mac:upper()}})
end
end
@@ -391,9 +380,8 @@ function sync()
uci:save("luci_splash_leases")
- -- Get current IPs and MAC addresses
+ -- Get the mac addresses of current leases
local macs = get_known_macs()
- local ips = get_known_ips(macs)
ipt:resync()
@@ -403,16 +391,17 @@ function sync()
function(r) return not macs[r.options[2]:lower()] end)
ipt_delete_all({table="mangle", chain="luci_splash_mark_out", options={"MAC", "MARK", "set"}},
function(r) return not macs[r.options[2]:lower()] end)
- ipt_delete_all({table="mangle", chain="luci_splash_mark_in", options={"MARK", "set"}},
- function(r) return not ips[r.destination] end)
+ ipt_delete_all({table="mangle", chain="luci_splash_mark_in", options={"/*", "MARK", "set"}},
+ function(r) return not macs[r.options[2]:lower()] end)
+
if has_ipv6 then
ipt6_delete_all({table="filter", chain="luci_splash_filter", options={"MAC"}},
function(r) return not macs[r.options[2]:lower()] end)
- ipt_delete_all({table="mangle", chain="luci_splash_mark_out", options={"MAC", "MARK", "set"}},
+ ipt6_delete_all({table="mangle", chain="luci_splash_mark_out", options={"MAC", "MARK", "set"}},
function(r) return not macs[r.options[2]:lower()] end)
- ipt_delete_all({table="mangle", chain="luci_splash_mark_in", options={"MARK", "set"}},
- function(r) return not ips[r.destination] end)
+ --ipt6_delete_all({table="mangle", chain="luci_splash_mark_in", options={"/*", "MARK", "set"}},
+ -- function(r) return not macs[r.options[2]:lower()] end)
end
unlock()