From 3b23203ce95c48a08b417a303ee8c6dc47f6eb60 Mon Sep 17 00:00:00 2001
From: Steven Hessing <steven.hessing@gmail.com>
Date: Thu, 21 Sep 2017 22:08:43 -0700
Subject: [PATCH] luci-app-noddos: Noddos, device-aware cloud-powered firewall
 (new package)

Signed-off-by: Steven Hessing <steven.hessing@gmail.com>
---
 applications/luci-app-noddos/Makefile              |  18 ++++
 .../luci-app-noddos/htdocs/cgi-bin/clientdetails   |  91 +++++++++++++++++
 .../luci-app-noddos/luasrc/controller/noddos.lua   |  10 ++
 .../luci-app-noddos/luasrc/model/cbi/noddos.lua    |  46 +++++++++
 .../luci-app-noddos/luasrc/view/noddos/clients.htm | 111 +++++++++++++++++++++
 .../root/etc/uci-defaults/40_luci-noddos           |  14 +++
 6 files changed, 290 insertions(+)
 create mode 100644 applications/luci-app-noddos/Makefile
 create mode 100755 applications/luci-app-noddos/htdocs/cgi-bin/clientdetails
 create mode 100644 applications/luci-app-noddos/luasrc/controller/noddos.lua
 create mode 100644 applications/luci-app-noddos/luasrc/model/cbi/noddos.lua
 create mode 100644 applications/luci-app-noddos/luasrc/view/noddos/clients.htm
 create mode 100644 applications/luci-app-noddos/root/etc/uci-defaults/40_luci-noddos

diff --git a/applications/luci-app-noddos/Makefile b/applications/luci-app-noddos/Makefile
new file mode 100644
index 000000000..4c2b9044a
--- /dev/null
+++ b/applications/luci-app-noddos/Makefile
@@ -0,0 +1,18 @@
+# Copyright (C) 2017 Steven Hessing (steven.hessing@gmail.com)
+# Based on initial implementation by Stan Grishin (stangri@melmac.net)
+# This is free software, licensed under the GNU General Public License v3.
+
+include $(TOPDIR)/rules.mk
+
+PKG_LICENSE:=GPLv3
+PKG_MAINTAINER:=Steven Hessing <steven.hessing@gmail.com>
+
+LUCI_TITLE:=Noddos Service Web UI
+LUCI_DESCRIPTION:=Provides Web UI for Noddos service.
+LUCI_DEPENDS:=+luci +noddos
+LUCI_PKGARCH:=all
+PKG_RELEASE:=1
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
diff --git a/applications/luci-app-noddos/htdocs/cgi-bin/clientdetails b/applications/luci-app-noddos/htdocs/cgi-bin/clientdetails
new file mode 100755
index 000000000..6ff4ce59f
--- /dev/null
+++ b/applications/luci-app-noddos/htdocs/cgi-bin/clientdetails
@@ -0,0 +1,91 @@
+#!/usr/bin/lua
+
+-- clientdetails.lua : Provides details about client devices discovered by Noddos
+-- Copyright (C) 2017 Steven Hessing (steven.hessing@gmail.com)
+-- This is free software, licensed under the GNU General Public License v3.
+
+require "nixio.fs"
+
+print ("Content-type: Text/html\n")
+local info = os.getenv("QUERY_STRING")
+
+local params = {}
+local echo = {}
+
+function print_row(key)
+	print ("<tr><th>")
+	print (key)
+	print ("</th><td>")
+	print (device[key])
+	print ("</td></tr>")
+end
+
+for name, value in string.gmatch(info .. '&', '(.-)%=(.-)%&') do
+    value = string.gsub(value , '%+', ' ')
+    value = string.gsub(value , '%%(%x%x)', function(dpc)
+        return string.char(tonumber(dpc,16))
+		end )
+	params[name] = value
+
+    value = string.gsub(value, "%&", "&amp;")
+    value = string.gsub(value, "%<", "&lt;")
+    value = string.gsub(value, '%"', "&quot;")
+    echo[name] = value
+end
+
+device = {}
+profile = {}
+
+if nixio.fs.access("/var/lib/noddos/DeviceDump.json") then
+        io.input("/var/lib/noddos/DeviceDump.json")
+        local t = io.read("*all")
+	local json = require "luci.jsonc"
+        local devdump = json.parse(t)
+        for i, v in ipairs(devdump) do
+				if v.MacAddress == params["mac"] then
+                        device = v
+                end
+        end
+        io.input("/var/lib/noddos/DeviceProfiles.json")
+        t = io.read("*all")
+        local temp = json.parse(t)
+        for i, v in ipairs(temp) do
+                if device.DeviceProfileUuid == v.DeviceProfileUuid then
+                        profile = v
+                end
+        end
+end
+pagetop = [[
+<html>
+  <head>
+    <title>Client Details by Noddos</title>
+    <meta charset="utf-8">
+    <!--[if lt IE 9]><script src="/luci-static/bootstrap/html5.js?v=git-17.100.70571-29fabe2"></script><![endif]-->
+    <meta name="viewport" content="initial-scale=1.0">
+    <link rel="stylesheet" href="/luci-static/bootstrap/cascade.css?v=git-17.100.70571-29fabe2">
+    <link rel="stylesheet" media="only screen and (max-device-width: 854px)" href="/luci-static/bootstrap/mobile.css?v=git-17.100.70571-29fabe2" type="text/css" />
+    <link rel="shortcut icon" href="/luci-static/bootstrap/favicon.ico">
+    <script src="/luci-static/resources/xhr.js?v=git-17.100.70571-29fabe2"></script>
+  </head>
+  <body text=blue>
+    <h1>Client Details</h1>
+]]
+print (pagetop)
+
+if params["mac"] ~= nil then
+	print ("<table>")
+	for i, key in ipairs{"MacAddress", "Ipv4Address", "Ipv6Address", "DeviceProfileUuid", "DhcpHostname", "DhcpVendor", "SsdpFriendlyName", "SsdpLocation", "SsdpManufacturer", "SsdpModelName", "SsdpModelUrl", "SsdpSerialNumber", "SsdpServer","SsdpUserAgent", "MdnsDeviceUrl", "MdnsHw", "MdnsManufacturer", "MdnsModelName", "MdnsOs", "WsDiscoveryTypes", "WsDiscoveryXaddrs", "DnsQueries"} do
+		print_row(key)
+	end
+	print ("</table>")
+else 
+	print ("no mac address specified")
+end
+
+pagebase = [[<br><br>
+Client Details by
+<a href=http://www.noddos.io>Noddos</a>
+</body></html>
+]]
+
+print (pagebase)
diff --git a/applications/luci-app-noddos/luasrc/controller/noddos.lua b/applications/luci-app-noddos/luasrc/controller/noddos.lua
new file mode 100644
index 000000000..c45e24bc9
--- /dev/null
+++ b/applications/luci-app-noddos/luasrc/controller/noddos.lua
@@ -0,0 +1,10 @@
+-- Copyright 2017 Steven Hessing (steven.hessing@gmail.com)
+-- This is free software, licensed under the GNU General Public License v3.
+-- /usr/lib/lua/luci/controller/noddos.lua
+
+module("luci.controller.noddos", package.seeall)
+function index()
+    entry({"admin", "status", "noddos"}, template("noddos/clients"), _("Noddos Clients"), 3)
+    entry({"admin", "network", "noddos"}, cbi("noddos"), _("Noddos Client Tracking"), 55)
+end
+
diff --git a/applications/luci-app-noddos/luasrc/model/cbi/noddos.lua b/applications/luci-app-noddos/luasrc/model/cbi/noddos.lua
new file mode 100644
index 000000000..3abb73bc6
--- /dev/null
+++ b/applications/luci-app-noddos/luasrc/model/cbi/noddos.lua
@@ -0,0 +1,46 @@
+-- Copyright 2017 Steven Hessing (steven.hessing@gmail.com)
+-- This is free software, licensed under the GNU General Public License v3.
+-- /usr/lib/lua/luci/model/cbi/noddos.lua
+
+m = Map("noddos", translate("Client Firewall"),
+    translate("Noddos controls traffic from the clients on your network to the Internet. " ..
+        "This helps protect your network, the bandwidth on your Internet connection and " ..
+        "the Internet"))
+
+s = m:section(TypedSection, "noddos", translate("Server Settings"))
+s.anonymous = true
+s.addremove = false
+
+s:option(Flag, "rfc1918",
+    translate("Private networks"),
+    translate("Report traffic to private networks (10/8, 172.16/12, 192.168/16, fd75:6b5d:352c:ed05::/64)")).default=false
+
+s:option(Flag, "upload",
+    translate("Upload anonimized traffic stats"),
+    translate("Uploading your statistics helps improving device recognition " ..
+        "and discovering hacked devices & botnets"))
+
+o = s:option(DynamicList, "whitelistipv4",
+    translate("Excluded IPv4 addresses"),
+    translate("Don't monitor these IPv4 addresses"))
+o.optional = true
+o.placeholder = "127.0.0.1 192.168.1.1"
+o.delimiter = " "
+o.datatype="list(ip4addr)"
+
+o = s:option(DynamicList, "whitelistipv6",
+    translate("Excluded IPv6 addresses"),
+    translate("Don't monitor these IPv6 addresses"))
+o.optional = true
+o.delimiter = " "
+o.datatype="list(ip6addr)"
+
+o = s:option(DynamicList, "whitelistmac",
+    translate("Excluded MAC addresses"),
+    translate("Don't monitor these MAC addresses"))
+o.optional = true
+o.delimiter = " "
+o.datatype="list(macaddr)"
+
+return m
+
diff --git a/applications/luci-app-noddos/luasrc/view/noddos/clients.htm b/applications/luci-app-noddos/luasrc/view/noddos/clients.htm
new file mode 100644
index 000000000..45c9ca8c1
--- /dev/null
+++ b/applications/luci-app-noddos/luasrc/view/noddos/clients.htm
@@ -0,0 +1,111 @@
+<%#
+ Copyright (C) 2017 Steven Hessing <steven.hessing@gmail.com>
+  This is free software, licensed under the GNU General Public License v3.
+ /usr/lib/lua/luci/view/clients.htm
+-%>
+
+<%-
+
+    require "nixio.fs"
+    require "os"
+
+    local last_modified = "<boottime>"
+    local style = true
+    local v
+    local devdump
+
+    if nixio.fs.access("/var/lib/noddos/DeviceDump.json") then
+        last_modified = os.date("%c", nixio.fs.stat("/var/lib/noddos/DeviceDump.json")['mtime'])
+        io.input("/var/lib/noddos/DeviceDump.json")
+        t = io.read("*all")
+        devdump = luci.jsonc.parse(t)
+        io.input("/var/lib/noddos/DeviceProfiles.json")
+        t = io.read("*all")
+        temp = luci.jsonc.parse(t)
+        devicevalues = {}
+        for i, v in ipairs(temp) do
+            devicevalues[v.DeviceProfileUuid] = v
+        end
+    end
+-%>
+
+<%+header%>
+
+<div class="cbi-map" id="cbi-network">
+    <h2 name="content"><%:Clients%></h2>
+    <div class="cbi-map-descr"><%:The following clients have been discovered on the network. The last discovery was completed at %><%=last_modified%></div>
+
+    <fieldset class="cbi-section">
+        <legend>Recognized Clients</legend>
+        <div class="cbi-section-node">
+            <table class="cbi-section-table">
+                <tr class="cbi-section-table-titles">
+                    <th class="cbi-section-table-cell">Hostname</th>
+                    <th class="cbi-section-table-cell">IPv4</th>
+                    <th class="cbi-section-table-cell">MAC</th>
+                    <th class="cbi-section-table-cell">Manufacturer</th>
+                    <th class="cbi-section-table-cell">Model</th>
+                    <th class="cbi-section-table-cell">Class</th>
+                </tr>
+
+                <%
+                    for i,v in ipairs(devdump) do
+                        if v.DeviceProfileUuid ~= "" then
+                %>
+                <tr class="cbi-section-table-row cbi-rowstyle-<%=(style and 1 or 2)%>">
+                    <td class="cbi-value-field"><%=v.Hostname%></td>
+                    <td class="cbi-value-field"><%=v.Ipv4Address%></td>
+                    <td class="cbi-value-field"><a href="/cgi-bin/clientdetails?mac=<%=v.MacAddress%>"><%=v.MacAddress%></a></td>
+                    <td class="cbi-value-field"><%=devicevalues[v.DeviceProfileUuid].Manufacturer%></td>
+                    <td class="cbi-value-field"><%=devicevalues[v.DeviceProfileUuid].Model%></td>
+                    <td class="cbi-value-field"><%=devicevalues[v.DeviceProfileUuid].ThingClass%></td>
+                </tr>
+                <%
+                            style=false
+                        end
+                    end
+                %>
+            </table>
+        </div>
+    </fieldset>
+    <br />
+    <fieldset class="cbi-section">
+        <legend>Unrecognized Clients</legend>
+        <div class="cbi-section-node">
+            <table class="cbi-section-table">
+                <tr class="cbi-section-table-titles">
+                    <th class="cbi-section-table-cell">Hostname</th>
+                    <th class="cbi-section-table-cell">IPv4</th>
+                    <th class="cbi-section-table-cell">MAC</th>
+                    <th class="cbi-section-table-cell">Manufacturer</th>
+                    <th class="cbi-section-table-cell">Model</th>
+                    <th class="cbi-section-table-cell">DhcpVendor</th>
+                    <th class="cbi-section-table-cell">DhcpHostname</th>
+                </tr>
+
+                <%
+                    for i,v in ipairs(devdump) do
+                        if v.DeviceProfileUuid == "" then
+                %>
+                <tr class="cbi-section-table-row cbi-rowstyle-<%=(style and 1 or 2)%>">
+                    <td class="cbi-value-field"><%=v.Hostname%></td>
+                    <td class="cbi-value-field"><%=v.Ipv4Address%></td>
+                    <td class="cbi-value-field"><a href="/cgi-bin/clientdetails?mac=<%=v.MacAddress%>"><%=v.MacAddress%></a></td>
+                    <td class="cbi-value-field"><%=v.SsdpManufacturer%></td>
+                    <td class="cbi-value-field"><%=v.SsdpModelName%></td>
+                    <td class="cbi-value-field"><%=v.DhcpVendor1%></td>
+                    <td class="cbi-value-field"><%=v.DhcpHostname%></td>
+                </tr>
+                <%
+                            style=false
+                        end
+                    end
+                %>
+            </table>
+        </div>
+    </fieldset>
+
+</div>
+
+<%+footer%>
+
diff --git a/applications/luci-app-noddos/root/etc/uci-defaults/40_luci-noddos b/applications/luci-app-noddos/root/etc/uci-defaults/40_luci-noddos
new file mode 100644
index 000000000..17abbc41c
--- /dev/null
+++ b/applications/luci-app-noddos/root/etc/uci-defaults/40_luci-noddos
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Steven Hessing (steven.hessing@live.com)
+# This is free software, licensed under the GNU General Public License v3
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@noddos[-1]
+	add ucitrack noddos
+	set ucitrack.@noddos[-1].init=noddos
+	commit ucitrack
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0
-- 
2.11.0