local fs = require "luci.fs"
local ip = require "luci.ip"
-local debug = true
+local debug = false
local has_ipv6 = fs.access("/proc/net/ipv6_route") and fs.access("/usr/sbin/ip6tables")
-function lock()
- os.execute("lock /var/run/luci_splash.lock")
-end
-
-function unlock()
- os.execute("lock -u /var/run/luci_splash.lock")
-end
-
function exec(cmd)
- local ret = sys.exec(cmd)
+ -- executes a cmd and gets its output
if debug then
+ local ret = sys.exec(cmd)
print('+ ' .. cmd)
if ret and ret ~= "" then
print(ret)
end
+ else
+ local ret = sys.exec(cmd .. " &> /dev/null")
end
end
+function call(cmd)
+ -- just calls a command
+ if debug then
+ print('+ ' .. cmd)
+ end
+ os.execute(cmd)
+end
+
+
+function lock()
+ call("lock /var/run/luci_splash.lock")
+end
+
+function unlock()
+ call("lock -u /var/run/luci_splash.lock")
+end
+
function get_id(ip)
local o3, o4 = ip:match("[0-9]+%.[0-9]+%.([0-9]+)%.([0-9]+)")
if o3 and 04 then
end
end
-function update_stats(leased, whitelisted, whitelisttotal, blacklisted, blacklisttotal)
+function update_stats(leased, whitelisted, whitelisttotal, blacklisted, blacklisttotal)
local leases = uci:get_all("luci_splash_leases", "stats")
uci:delete("luci_splash_leases", "stats")
uci:section("luci_splash_leases", "stats", "stats", {
uci:save("luci_splash_leases")
end
+
function get_device_for_ip(ipaddr)
local dev
uci:foreach("network", "interface", function(s)
local tbl = {}
local handle
for k, v in pairs(input) do
- handle = v:match('filter protocol ip pref %d+ u32 fh (%d*:%d*:%d*) order')
+ handle = v:match('filter protocol ip pref %d+ u32 fh (%d*:%d*:%d*) order') or v:match('filter protocol all pref %d+ u32 fh (%d*:%d*:%d*) order')
if handle then
local mac, mac1, mac2, mac3, mac4, mac5, mac6
if direction == 'src' then
else
print("The mac %s is not known" % mac)
end
+
else
print("Can not find mac for ip %s" % argv[i])
end
end
-
unlock()
- os.exit(0)
+ os.exit(0)
elseif cmd == "sync" then
sync()
os.exit(0)
local leased_macs = { }
if not list or list == "lease" then
- uci:foreach("luci_splash_leases", "lease",
- function(s) leased_macs[s.mac:lower()] = true end)
+ uci:foreach("luci_splash_leases", "lease", function(s)
+ if s.mac then
+ leased_macs[s.mac:lower()] = true
+ end
+ end)
end
if not list or list == "whitelist" then
- uci:foreach("luci_splash", "whitelist",
- function(s) leased_macs[s.mac:lower()] = true end)
+ uci:foreach("luci_splash", "whitelist", function(s)
+ if s.mac then
+ leased_macs[s.mac:lower()] = true
+ end
+ end)
end
if not list or list == "blacklist" then
- uci:foreach("luci_splash", "blacklist",
- function(s) leased_macs[s.mac:lower()] = true end)
+ uci:foreach("luci_splash", "blacklist", function(s)
+ if s.mac then
+ leased_macs[s.mac:lower()] = true
+ end
+ end)
end
-
return leased_macs
end
uci:delete_all("luci_splash_leases", "lease",
function(s)
if s.mac:lower() == mac then
- remove_lease_rule(mac, s.ipaddr, s.device, tonumber(s.limit_up), tonumber(s.limit_down))
+
local leased = uci:get("luci_splash_leases", "stats", "leases")
if type(tonumber(leased)) == "number" and tonumber(leased) > 0 then
update_stats(leased - 1, nil, nil, nil, nil)
end
+ remove_lease_rule(mac, s.ipaddr, s.device, tonumber(s.limit_up), tonumber(s.limit_down))
return true
end
return false
end)
-
+
uci:save("luci_splash_leases")
end
exec("iptables -t mangle -I luci_splash_mark_out -m mac --mac-source %q -j RETURN" % mac)
+ -- Mark incoming packets to a splashed host
+ -- for ipv4 - by iptables and destination
if id and device then
exec("iptables -t mangle -I luci_splash_mark_in -d %q -j MARK --set-mark 0x1%s -m comment --comment %s" % {ipaddr, id, mac:upper()})
end
+ --for ipv6: need to use the mac here
+
if has_ipv6 then
exec("ip6tables -t mangle -I luci_splash_mark_out -m mac --mac-source %q -j MARK --set-mark 79" % mac)
- -- not working yet, needs the ip6addr
- --exec("ip6tables -t mangle -I luci_splash_mark_in -d %q -j MARK --set-mark 80 -m comment --comment %s" % {ipaddr, mac:upper()})
+ if id and device and tonumber(limit_down) then
+ exec("tc filter add dev %s parent 1:0 protocol ipv6 prio 1 u32 match ether dst %s classid 1:%s" % {device, mac:lower(), id})
+ end
end
if device and tonumber(limit_up) > 0 then
- exec('tc filter add dev "%s" parent ffff: protocol ip prio 2 u32 match ether src %s police rate %skbit mtu 6k burst 6k drop' % {device, mac, limit_up})
+ exec('tc filter add dev "%s" parent ffff: protocol all prio 2 u32 match ether src %s police rate %skbit mtu 6k burst 6k drop' % {device, mac, limit_up})
end
if id and device and tonumber(limit_down) > 0 then
-- Remove lease, black- or whitelist rules
function remove_lease_rule(mac, ipaddr, device, limit_up, limit_down)
+
local id
if ipaddr then
id = get_id(ipaddr)
ipt6_delete_all({table="mangle", chain="luci_splash_mark_out", options={"MAC", mac:upper()}})
ipt6_delete_all({table="filter", chain="luci_splash_filter", options={"MAC", mac:upper()}})
end
+
if device and tonumber(limit_up) > 0 then
local handle = get_filter_handle('ffff:', 'src', device, mac)
if handle then
- exec('tc filter del dev "%s" parent ffff: protocol ip prio 2 handle %s u32 police rate %skbit mtu 6k burst 6k drop' % {device, handle, limit_up})
+ exec('tc filter del dev "%s" parent ffff: protocol all prio 2 handle %s u32 police rate %skbit mtu 6k burst 6k drop' % {device, handle, limit_up})
else
print('Warning! Could not get a handle for %s parent :ffff on interface %s' % { mac, device })
end
end
-
-- remove clients class
if device and id then
exec('tc class del dev "%s" classid 1:%s' % {device, id})
- exec('tc qdisc del dev "%s" parent 1:%s sfq perturb 10' % { device, id })
+ exec('tc filter del dev "%s" parent 1:0 prio 1' % device) -- ipv6 rule
+ --exec('tc qdisc del dev "%s" parent 1:%s sfq perturb 10' % { device, id })
end
-
end
-- Clean state file
uci:load("luci_splash_leases")
uci:revert("luci_splash_leases")
-
- -- For all leases
+
+
+ local arpcache = get_arpcache()
+
+ local blackwhitelist = uci:get_all("luci_splash")
+ local whitelist_total = 0
+ local whitelist_online = 0
+ local blacklist_total = 0
+ local blacklist_online = 0
local leasecount = 0
+ local leases_online = 0
+
+ -- For all leases
for k, v in pairs(leases) do
if v[".type"] == "lease" then
if os.difftime(time, tonumber(v.start)) > leasetime then
remove_lease_rule(v.mac, v.ipaddr, v.device, tonumber(v.limit_up), tonumber(v.limit_down))
else
leasecount = leasecount + 1
+
+ -- only count leases_online for connected clients
+ if arpcache[v.mac] then
+ leases_online = leases_online + 1
+ end
+
-- Rewrite state
uci:section("luci_splash_leases", "lease", convert_mac_to_secname(v.mac), {
mac = v.mac,
end
end
- -- Get the mac addresses of current leases
- local macs = get_known_macs()
- local arpcache = get_arpcache()
-
- local blackwhitelist = uci:get_all("luci_splash")
- local whitelist_total = 0
- local whitelist_online = 0
- local blacklist_total = 0
- local blacklist_online = 0
-
-- Whitelist, Blacklist
for _, s in utl.spairs(blackwhitelist,
function(a,b) return blackwhitelist[a][".type"] > blackwhitelist[b][".type"] end
end
end
- update_stats(leasecount, whitelist_online, whitelist_total, blacklist_online, blacklist_total)
+ -- ToDo:
+ -- include a new field "leases_online" in stats to differ between active clients and leases:
+ -- update_stats(leasecount, leases_online, whitelist_online, whitelist_total, blacklist_online, blacklist_total) later:
+ update_stats(leases_online, whitelist_online, whitelist_total, blacklist_online, blacklist_total)
uci:save("luci_splash_leases")
+ -- Get the mac addresses of current leases
+ local macs = get_known_macs()
+
ipt:resync()
ipt_delete_all({table="filter", chain="luci_splash_filter", options={"MAC"}},