1 #!/bin/sh /etc/rc.common
2 # Copyright (C) 2009-2011 OpenWrt.org
8 EXTRA_COMMANDS="killclients"
9 EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself"
15 # check if section is enabled (default)
17 config_get_bool enabled "${section}" enable 1
18 [ "${enabled}" -eq 0 ] && return 1
20 # increase pid file count to handle multiple instances correctly
21 PIDCOUNT="$(( ${PIDCOUNT} + 1 ))"
23 # prepare parameters (initialise with pid file)
24 local args="-P /var/run/${NAME}.${PIDCOUNT}.pid"
27 config_get vals "${section}" listen
28 [ -n "${vals}" ] && for val in $vals; do append args "-p ${val}"; done
30 config_get val "${section}" ssh
31 [ -n "${val}" ] && append args "--ssh ${val}"
33 config_get val "${section}" ssl
34 [ -n "${val}" ] && append args "--ssl ${val}"
35 # D) openvpn parameter
36 config_get val "${section}" openvpn
37 [ -n "${val}" ] && append args "--openvpn ${val}"
39 config_get val "${section}" tinc
40 [ -n "${val}" ] && append args "--tinc ${val}"
41 # F) timeout (before a connection is considered to be SSH)
42 config_get val "${section}" timeout
43 [ -n "${val}" ] && append args "-t ${val}"
44 # G) verbose parameter
46 config_get_bool verbosed "${section}" verbose 0
47 [ "${verbosed}" -ne 0 ] && append args "-v"
49 # execute program and return its exit code
50 [ "${verbosed}" -ne 0 ] && echo "${initscript}: section ${section} started via ${PROG} ${args}"
58 config_foreach sslh_start sslh
66 # killing all server processes
67 for pidfile in `ls /var/run/${NAME}.*.pid`
69 start-stop-daemon -q -K -s KILL -p "${pidfile}" -n "${NAME}"
73 [ -z "${pidfile}" ] && echo "${initscript}: no pid files, if you get problems with start then try killclients"
74 [ ${rc} -ne 0 ] && echo "${initscript}: inconsistency in pid files, if you get problems with start then try killclients"
86 # if this script is run from inside a client session, then ignore that session
88 while [ "${pid}" -ne 0 ]
90 # get parent process id
91 pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
92 [ "${pid}" -eq 0 ] && break
94 # check if pid is connected to a client connection
95 # a) get established connection for pid
96 connection=`netstat -tupn 2>/dev/null | sed "s/[ ]\+/ /g" | grep -e "ESTABLISHED ${pid}/"`
97 [ -z "${connection}" ] && continue
98 # get connection details for foreign address
99 proto=`echo ${connection} | cut -d ' ' -f 1`
100 address=`echo ${connection} | cut -d ' ' -f 5`
102 # b) get pid for foreign address, only possible if foreign address is from this machine itself
103 connection=`netstat -tupn 2>/dev/null | sed "s/[ ]\+/ /g" | grep -e "^${proto}.*${address}.*ESTABLISHED.*/${NAME}"`
104 [ -z "${connection}" ] && continue
105 # check that the local address (field 4) corresponds to the foreign address of the previous connection
106 server=`echo ${connection} | cut -d ' ' -f 4`
107 [ "${server}" != "${address}" ] && continue
108 # get pid from connection
109 server=`echo ${connection} | cut -d ' ' -f 7 | cut -d '/' -f 1`
111 # check if client connection
112 grep -F -q -e "${PROG}" "/proc/${server}/cmdline" && {
113 append ignore "${server}"
118 # get all server pids that should be ignored
119 for server in `cat /var/run/${NAME}.*.pid`
121 append ignore "${server}"
124 # get all running pids and kill client connections
126 for pid in `pidof "${NAME}"`
128 # check if correct program, otherwise process next pid
129 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
133 # check if pid should be ignored (servers, ourself)
135 for server in ${ignore}
137 if [ "${pid}" == "${server}" ]
143 [ "${skip}" -ne 0 ] && continue
146 echo "${initscript}: Killing ${pid}..."