diff options
Diffstat (limited to 'applications/luci-splash/root/etc/init.d/luci_splash')
-rwxr-xr-x | applications/luci-splash/root/etc/init.d/luci_splash | 362 |
1 files changed, 0 insertions, 362 deletions
diff --git a/applications/luci-splash/root/etc/init.d/luci_splash b/applications/luci-splash/root/etc/init.d/luci_splash deleted file mode 100755 index feefabd81a..0000000000 --- a/applications/luci-splash/root/etc/init.d/luci_splash +++ /dev/null @@ -1,362 +0,0 @@ -#!/bin/sh /etc/rc.common - -START=70 -EXTRA_COMMANDS=clear_leases -LIMIT_DOWN=0 -LIMIT_DOWN_BURST=0 -LIMIT_UP=0 -TC=/usr/sbin/tc -IPT=/usr/sbin/iptables -IPT6=/usr/sbin/ip6tables - -IPT_REPLAY=/var/run/luci_splash.iptlog -LOCK=/var/run/luci_splash.lock -[ -x $IPT6 ] && [ -f /proc/net/ipv6_route ] && HAS_IPV6=1 - -silent() { - "$@" 2>/dev/null -} - -ipt_log() { - $IPT -I "$@" - echo $IPT -D "$@" >> $IPT_REPLAY -} - -ipt6_log() { - [ "$HAS_IPV6" = 1 ] || return - $IPT6 -I "$@" - echo $IPT6 -D "$@" >> $IPT_REPLAY -} - - -iface_add() { - local cfg="$1" - - config_get zone "$cfg" zone - [ -n "$zone" ] || return 0 - - config_get net "$cfg" network - [ -n "$net" ] || return 0 - - config_get ifname "$net" ifname - [ -n "$ifname" ] || return 0 - - config_get ipaddr "$net" ipaddr - [ -n "$ipaddr" ] || return 0 - - config_get netmask "$net" netmask - [ -n "$netmask" ] || return 0 - - config_get ip6addr "$net" ip6addr - - config_get type "$net" type - - parentiface="$(uci -q get network.${net}.ifname)" - - [ -n "$parentiface" ] && [ ! "$type" = "bridge" ] && { - parentiface=${parentiface#@} - config_get parentproto "$parentiface" proto - config_get parentipaddr "$parentiface" ipaddr - config_get parentnetmask "$parentiface" netmask - } - - eval "$(ipcalc.sh $ipaddr $netmask)" - - logger -s -p info -t splash "Add $NETWORK/$PREFIX ($ifname) to splashed networks." - - ### Add interface specific chain entry rules - ipt_log "prerouting_${zone}_rule" -i "${ifname%:*}" -s "$NETWORK/$PREFIX" -j luci_splash_prerouting -t nat - ipt_log "forwarding_${zone}_rule" -i "${ifname%:*}" -s "$NETWORK/$PREFIX" -j luci_splash_forwarding -t filter - - if [ "$HAS_IPV6" = 1 ] && [ -n "$ip6addr" ]; then - ipt6_log "forwarding_${zone}_rule" -i "${ifname%:*}" -s "$ip6addr" -j luci_splash_forwarding -t filter - fi - - ### Allow traffic to the same subnet - $IPT -t nat -I luci_splash_prerouting -d "$ipaddr/${netmask:-32}" -j RETURN - $IPT -t filter -I luci_splash_forwarding -d "$ipaddr/${netmask:-32}" -j RETURN - - ### Allow traffic to the mesh subnet - [ "$parentproto" = "static" -a -n "$parentipaddr" ] && { - $IPT -t nat -I luci_splash_prerouting -d "$parentipaddr/${parentnetmask:-32}" -j RETURN - $IPT -t filter -I luci_splash_forwarding -d "$parentipaddr/${parentnetmask:-32}" -j RETURN - } - - qos_iface_add "$ifname" "$NETWORK" "$PREFIX" -} - -iface_del() { - config_get zone "$1" zone - [ -n "$zone" ] || return 0 - - config_get net "$1" network - [ -n "$net" ] || return 0 - - config_get ifname "$net" ifname - [ -n "$ifname" ] || return 0 - - # Clear interface specific rules - [ -s $IPT_REPLAY ] && { - logger -s -p info -t splash "Remove $ifname from splashed networks." - grep -- "-i ${ifname%:*}" $IPT_REPLAY | while read ln; do silent $ln; done - sed -ie "/-i ${ifname%:*}/d" $IPT_REPLAY - } - - qos_iface_del "$ifname" -} - -mac_add() { - config_get mac "$1" mac - append MACS "$mac" -} - -whitelist_add() { - config_get mac "$1" mac - iface=$2 - $TC filter add dev "$iface" parent ffff: protocol ip prio 1 u32 match ether src $mac police pass - $TC filter add dev "$iface" parent 1:0 protocol ip prio 1 u32 match ether dst $mac classid 1:1 -} - - -subnet_add() { - local cfg="$1" - - config_get ipaddr "$cfg" ipaddr - config_get netmask "$cfg" netmask - - [ -n "$ipaddr" ] && { - $IPT -t nat -I luci_splash_prerouting -d "$ipaddr/${netmask:-32}" -j RETURN - $IPT -t filter -I luci_splash_forwarding -d "$ipaddr/${netmask:-32}" -j RETURN - } -} - -qos_iface_add() { - local iface="$1" - local network="$2" - local prefix="$3" - - # 77 -> download root qdisc - # ffff -> upload root qdisc - - silent $TC qdisc del dev "$iface" root handle 1: - silent $TC class del dev "$iface" parent 1: classid 1:ffff - silent $TC class del dev "$iface" parent 1: classid 1:1 - silent $TC filter del dev "$iface" parent ffff: protocol ip prio 1 u32 - silent $TC filter del dev "$iface" parent ffff: protocol ip prio 2 u32 - silent $TC filter del dev "$iface" parent ffff: protocol ip prio 3 u32 - - if [ "$LIMIT_UP" -gt 0 -a "$LIMIT_DOWN" -gt 0 ]; then - # Setup qdiscs - $TC qdisc add dev "$iface" root handle 1: htb default 1 - silent $TC qdisc add dev "$iface" ingress - - # Default class - all clients which are not otherwise handled are put in that class - # and share that bandwidth. - $TC class add dev "$iface" parent 1: classid 1:ffff htb rate ${LIMIT_DOWN}kbit - - # default class and class for whitelisted clients = unlimited - $TC class add dev "$iface" parent 1: classid 1:1 htb rate 100mbit - - # All traffic to the dhcp subnet is put into the limited class - $TC filter add dev "$iface" parent 1:0 protocol ip prio 3 u32 match ip dst $network/$prefix classid 1:ffff - $TC qdisc add dev "$iface" parent 1:ffff sfq perturb 10 - $TC filter add dev "$iface" parent ffff: protocol ip prio 3 u32 match ip src $network/$prefix police rate ${LIMIT_UP}kbit mtu 6k burst 6k drop - - # classify packets by their iptables MARK set in luci_splash_mark_in (mangle table) - # every client gets his own class and so his own bandwidth limit - $TC filter add dev "$iface" parent 1:0 protocol ip prio 2 fw - - config_foreach whitelist_add whitelist $iface - fi -} - -qos_iface_del() { - local iface="$1" - silent $TC qdisc del dev "$iface" root handle 77: -} - -boot() { - ### Setup splash-relay - uci get uhttpd.splash 2>/dev/null || { -uci batch <<EOF - set uhttpd.splash=uhttpd - set uhttpd.splash.home="/www/cgi-bin/splash/" - set uhttpd.splash.interpreter=".sh=/bin/ash" - set uhttpd.splash.listen_http="8082" - set uhttpd.splash.index_page="splash.sh" - set uhttpd.splash.error_page="/splash.sh" - set uhttpd.splash.http_keepalive='0' - commit uhttpd -EOF - } - - ### We are started by the firewall include - exit 0 -} - -start() { - lock $LOCK - logger -s -p info -t splash "Starting luci-splash" - include /lib/network - . /lib/functions/network.sh - scan_interfaces - config_load luci_splash - - ### Find QoS limits - config_get LIMIT_UP general limit_up - config_get LIMIT_DOWN general limit_down - config_get LIMIT_DOWN_BURST general limit_down_burst - - LIMIT_UP="$((8*${LIMIT_UP:-0}))" - LIMIT_DOWN="$((8*${LIMIT_DOWN:-0}))" - LIMIT_DOWN_BURST="${LIMIT_DOWN_BURST:+$((8*$LIMIT_DOWN_BURST))}" - LIMIT_DOWN_BURST="${LIMIT_DOWN_BURST:-$(($LIMIT_DOWN / 5 * 6))}" - - ### Load required modules - [ "$LIMIT_UP" -gt 0 -a "$LIMIT_DOWN" -gt 0 ] && { - silent insmod act_police - silent insmod cls_fw - silent insmod cls_u32 - silent insmod sch_htb - silent insmod sch_sfq - silent insmod sch_ingress - } - - ### Create subchains - $IPT -t nat -N luci_splash_prerouting - $IPT -t nat -N luci_splash_leases - $IPT -t filter -N luci_splash_forwarding - $IPT -t filter -N luci_splash_filter - - if [ "$HAS_IPV6" = 1 ]; then - $IPT6 -t filter -N luci_splash_forwarding - $IPT6 -t filter -N luci_splash_filter - fi - - ### Clear iptables replay log - [ -s $IPT_REPLAY ] && . $IPT_REPLAY - echo -n > $IPT_REPLAY - - ### Add interface independant prerouting rules - $IPT -t nat -A luci_splash_prerouting -j luci_splash_leases - $IPT -t nat -A luci_splash_leases -p udp --dport 53 -j REDIRECT --to-ports 53 - $IPT -t nat -A luci_splash_leases -p tcp --dport 80 -j REDIRECT --to-ports 8082 - - ### Add interface independant forwarding rules - $IPT -t filter -A luci_splash_forwarding -j luci_splash_filter - $IPT -t filter -A luci_splash_filter -p tcp -j REJECT --reject-with tcp-reset - $IPT -t filter -A luci_splash_filter -j REJECT --reject-with icmp-net-prohibited - - if [ "$HAS_IPV6" = 1 ]; then - $IPT6 -t filter -A luci_splash_forwarding -j luci_splash_filter - $IPT6 -t filter -A luci_splash_filter -p tcp -j REJECT --reject-with tcp-reset - $IPT6 -t filter -A luci_splash_filter -j REJECT --reject-with adm-prohibited - fi - - ### Add QoS chain - $IPT -t mangle -N luci_splash_mark_out - $IPT -t mangle -N luci_splash_mark_in - $IPT -t mangle -I PREROUTING -j luci_splash_mark_out - $IPT -t mangle -I POSTROUTING -j luci_splash_mark_in - - if [ "$HAS_IPV6" = 1 ]; then - $IPT6 -t mangle -N luci_splash_mark_out - $IPT6 -t mangle -N luci_splash_mark_in - $IPT6 -t mangle -I PREROUTING -j luci_splash_mark_out - $IPT6 -t mangle -I POSTROUTING -j luci_splash_mark_in - fi - - ### Build the main and portal rule - config_foreach iface_add iface - config_foreach subnet_add subnet - - ### Add the community homepage to the list of allowed destination subnets - hp=$(uci -q get freifunk.community.homepage) && { - chp=${hp#http*://} - chp=${chp%%/*} - $IPT -t nat -I luci_splash_prerouting -d "${chp}/32" -j RETURN - $IPT -t filter -I luci_splash_forwarding -d "${chp}/32" -j RETURN - } - - ### Find active mac addresses - MACS="" - - - config_foreach mac_add blacklist - config_foreach mac_add whitelist - - config_load luci_splash_leases - config_foreach mac_add lease - - ### Add crontab entry - test -f /etc/crontabs/root || touch /etc/crontabs/root - grep -q luci-splash /etc/crontabs/root || { - echo '*/5 * * * * /usr/sbin/luci-splash sync' >> /etc/crontabs/root - } - - lock -u $LOCK - - ### Populate iptables - [ -n "$MACS" ] && luci-splash add-rules $MACS -} - -stop() { - lock $LOCK - - include /lib/network - scan_interfaces - config_load luci_splash - - ### Clear interface rules - config_foreach iface_del iface - - silent $IPT -t mangle -D PREROUTING -j luci_splash_mark_out - silent $IPT -t mangle -D POSTROUTING -j luci_splash_mark_in - - if [ "$HAS_IPV6" = 1 ]; then - silent $IPT6 -t mangle -D PREROUTING -j luci_splash_mark_out - silent $IPT6 -t mangle -D POSTROUTING -j luci_splash_mark_in - fi - - ### Clear subchains - silent $IPT -t nat -F luci_splash_prerouting - silent $IPT -t nat -F luci_splash_leases - silent $IPT -t filter -F luci_splash_forwarding - silent $IPT -t filter -F luci_splash_filter - silent $IPT -t mangle -F luci_splash_mark_out - silent $IPT -t mangle -F luci_splash_mark_in - - if [ "$HAS_IPV6" = 1 ]; then - $IPT6 -t filter -F luci_splash_forwarding - $IPT6 -t filter -F luci_splash_filter - $IPT6 -t mangle -F luci_splash_mark_out - $IPT6 -t mangle -F luci_splash_mark_in - fi - - ### Delete subchains - silent $IPT -t nat -X luci_splash_prerouting - silent $IPT -t nat -X luci_splash_leases - silent $IPT -t filter -X luci_splash_forwarding - silent $IPT -t filter -X luci_splash_filter - silent $IPT -t mangle -X luci_splash_mark_out - silent $IPT -t mangle -X luci_splash_mark_in - if [ "$HAS_IPV6" = 1 ]; then - $IPT6 -t filter -X luci_splash_forwarding - $IPT6 -t filter -X luci_splash_filter - $IPT6 -t mangle -X luci_splash_mark_out - $IPT6 -t mangle -X luci_splash_mark_in - fi - sed -ie '/\/usr\/sbin\/luci-splash sync/d' /var/spool/cron/crontabs/root - - lock -u $LOCK -} - -clear_leases() { - ### Find active mac addresses - MACS="" - config_foreach mac_add lease - - ### Clear leases - [ -n "$MACS" ] && luci-splash remove $MACS -} - |