X-Git-Url: https://git.archive.openwrt.org/?a=blobdiff_plain;f=applications%2Fluci-splash%2Froot%2Fusr%2Fsbin%2Fluci-splash;h=34b2e9c420f4b56b0ceaac9a8f2c4b7c39832bc1;hb=2a366f4c554d46a33f727bc04e4d7a7798e5be3b;hp=017cfebfcaee5c5d702c0bf38fd12a6c1b804ca8;hpb=b0771c43ea996b6f3c3a38ef7c6f5b28eaf04a89;p=project%2Fluci.git diff --git a/applications/luci-splash/root/usr/sbin/luci-splash b/applications/luci-splash/root/usr/sbin/luci-splash index 017cfebfc..34b2e9c42 100755 --- a/applications/luci-splash/root/usr/sbin/luci-splash +++ b/applications/luci-splash/root/usr/sbin/luci-splash @@ -9,12 +9,15 @@ require("luci.sys.iptparser") local uci = luci.model.uci.cursor_state() local ipt = luci.sys.iptparser.IptParser() local net = luci.sys.net +local fs = require "luci.fs" local limit_up = 0 local limit_down = 0 +local has_ipv6 = fs.access("/proc/net/ipv6_route") and fs.access("/usr/sbin/ip6tables") + function lock() - os.execute("lock -w /var/run/luci_splash.lock && lock /var/run/luci_splash.lock") + os.execute("lock /var/run/luci_splash.lock") end function unlock() @@ -29,7 +32,7 @@ function main(argv) limit_down = tonumber(uci:get("luci_splash", "general", "limit_down")) or 0 if ( cmd == "lease" or cmd == "add-rules" or cmd == "remove" or - cmd == "whitelist" or cmd == "blacklist" ) and #argv > 0 + cmd == "whitelist" or cmd == "blacklist" or cmd == "status" ) and #argv > 0 then lock() @@ -45,7 +48,7 @@ function main(argv) else for _, e in ipairs(arp_cache) do if e["IP address"] == adr then - mac = e["HW address"] + mac = e["HW address"]:lower() break end end @@ -59,6 +62,11 @@ function main(argv) elseif whitelist_macs[mac] then add_whitelist_rule(mac) end + elseif mac and cmd == "status" then + print(leased_macs[mac] and "lease" + or whitelist_macs[mac] and "whitelist" + or blacklist_macs[mac] and "blacklist" + or "new") elseif mac and ( cmd == "whitelist" or cmd == "blacklist" or cmd == "lease" ) then if cmd ~= "lease" and leased_macs[mac] then print("Removing %s from leases" % mac) @@ -164,7 +172,7 @@ function get_known_ips(macs, arp) local leased_ips = { } if not macs then macs = get_known_macs() end for _, e in ipairs(arp or net.arptable()) do - if macs[e["HW address"]] then leased_ips[e["IP address"]] = true end + if macs[e["HW address"]:lower()] then leased_ips[e["IP address"]] = true end end return leased_ips end @@ -186,6 +194,26 @@ function ipt_delete_all(args, comp, off) end end +function ipt6_delete_all(args, comp, off) + off = off or { } + for i, r in ipairs(ipt:find(args)) do + if comp == nil or comp(r) then + off[r.table] = off[r.table] or { } + off[r.table][r.chain] = off[r.table][r.chain] or 0 + + os.execute("ip6tables -t %q -D %q %d 2>/dev/null" + %{ r.table, r.chain, r.index - off[r.table][r.chain] }) + + off[r.table][r.chain] = off[r.table][r.chain] + 1 + end + end +end + + +-- Convert mac to uci-compatible section name +function convert_mac_to_secname(mac) + return string.gsub(mac, ":", "") +end -- Add a lease to state and invoke add_rule function add_lease(mac, arp, no_uci) @@ -194,7 +222,7 @@ function add_lease(mac, arp, no_uci) -- Get current ip address local ipaddr for _, entry in ipairs(arp or net.arptable()) do - if entry["HW address"] == mac then + if entry["HW address"]:lower() == mac then ipaddr = entry["IP address"] break end @@ -203,7 +231,7 @@ function add_lease(mac, arp, no_uci) -- Add lease if there is an ip addr if ipaddr then if not no_uci then - uci:section("luci_splash", "lease", nil, { + uci:section("luci_splash", "lease", convert_mac_to_secname(mac), { mac = mac, ipaddr = ipaddr, start = os.time() @@ -236,7 +264,7 @@ end -- Add a whitelist entry function add_whitelist(mac) - uci:section("luci_splash", "whitelist", nil, { mac = mac }) + uci:section("luci_splash", "whitelist", convert_mac_to_secname(mac), { mac = mac }) uci:save("luci_splash") uci:commit("luci_splash") add_whitelist_rule(mac) @@ -245,7 +273,7 @@ end -- Add a blacklist entry function add_blacklist(mac) - uci:section("luci_splash", "blacklist", nil, { mac = mac }) + uci:section("luci_splash", "blacklist", convert_mac_to_secname(mac), { mac = mac }) uci:save("luci_splash") uci:commit("luci_splash") add_blacklist_rule(mac) @@ -276,13 +304,19 @@ end -- Add an iptables rule function add_lease_rule(mac, ipaddr) - if limit_up > 0 and limit_down > 0 then - os.execute("iptables -t mangle -I luci_splash_mark_out -m mac --mac-source %q -j MARK --set-mark 79" % mac) - os.execute("iptables -t mangle -I luci_splash_mark_in -d %q -j MARK --set-mark 80" % ipaddr) + os.execute("iptables -t mangle -I luci_splash_mark_out -m mac --mac-source %q -j MARK --set-mark 79" % mac) + os.execute("iptables -t mangle -I luci_splash_mark_in -d %q -j MARK --set-mark 80" % ipaddr) + if has_ipv6 then + os.execute("ip6tables -t mangle -I luci_splash_mark_out -m mac --mac-source %q -j MARK --set-mark 79" % mac) + os.execute("ip6tables -t mangle -I luci_splash_mark_in -d %q -j MARK --set-mark 80" % ipaddr) end + os.execute("iptables -t filter -I luci_splash_filter -m mac --mac-source %q -j RETURN" % mac) os.execute("iptables -t nat -I luci_splash_leases -m mac --mac-source %q -j RETURN" % mac) + if has_ipv6 then + os.execute("ip6tables -t filter -I luci_splash_filter -m mac --mac-source %q -j RETURN" % mac) + end end @@ -297,6 +331,9 @@ function remove_lease_rule(mac, ipaddr) ipt_delete_all({table="filter", chain="luci_splash_filter", options={"MAC", mac:upper()}}) ipt_delete_all({table="nat", chain="luci_splash_leases", options={"MAC", mac:upper()}}) + if has_ipv6 then + ipt6_delete_all({table="filter", chain="luci_splash_filter", options={"MAC", mac:upper()}}) + end end @@ -304,13 +341,18 @@ end function add_whitelist_rule(mac) os.execute("iptables -t filter -I luci_splash_filter -m mac --mac-source %q -j RETURN" % mac) os.execute("iptables -t nat -I luci_splash_leases -m mac --mac-source %q -j RETURN" % mac) + if has_ipv6 then + os.execute("ip6tables -t filter -I luci_splash_filter -m mac --mac-source %q -j RETURN" % mac) + end end -- Add blacklist rules function add_blacklist_rule(mac) os.execute("iptables -t filter -I luci_splash_filter -m mac --mac-source %q -j DROP" % mac) - os.execute("iptables -t nat -I luci_splash_leases -m mac --mac-source %q -j DROP" % mac) + if has_ipv6 then + os.execute("ip6tables -t filter -I luci_splash_filter -m mac --mac-source %q -j DROP" % mac) + end end @@ -338,7 +380,7 @@ function sync() remove_lease_rule(v.mac, v.ipaddr) else -- Rewrite state - uci:section("luci_splash", "lease", nil, { + uci:section("luci_splash", "lease", convert_mac_to_secname(v.mac), { mac = v.mac, ipaddr = v.ipaddr, start = v.start @@ -357,16 +399,22 @@ function sync() ipt_delete_all({table="filter", chain="luci_splash_filter", options={"MAC"}}, function(r) return not macs[r.options[2]:lower()] end) - ipt_delete_all({table="nat", chain="luci_splash_leases", options={"MAC"}}, function(r) return not macs[r.options[2]:lower()] end) - ipt_delete_all({table="mangle", chain="luci_splash_mark_out", options={"MAC", "MARK", "set"}}, function(r) return not macs[r.options[2]:lower()] end) - ipt_delete_all({table="mangle", chain="luci_splash_mark_in", options={"MARK", "set"}}, function(r) return not ips[r.destination] end) + if has_ipv6 then + ipt6_delete_all({table="filter", chain="luci_splash_filter", options={"MAC"}}, + function(r) return not macs[r.options[2]:lower()] end) + ipt_delete_all({table="mangle", chain="luci_splash_mark_out", options={"MAC", "MARK", "set"}}, + function(r) return not macs[r.options[2]:lower()] end) + ipt_delete_all({table="mangle", chain="luci_splash_mark_in", options={"MARK", "set"}}, + function(r) return not ips[r.destination] end) + end + unlock() end @@ -375,7 +423,7 @@ function list() -- Get current arp cache local arpcache = { } for _, entry in ipairs(net.arptable()) do - arpcache[entry["HW address"]] = { entry["Device"], entry["IP address"] } + arpcache[entry["HW address"]:lower()] = { entry["Device"]:lower(), entry["IP address"]:lower() } end -- Find traffic usage @@ -424,8 +472,8 @@ function list() local arp = arpcache[mac] print(string.format( "%-17s %-15s %-9s %4s %-7s %9s %9s", - mac, arp and arp[2] or "?", s[".type"], "- ", - arp and arp[1] or "?", "-", "-" + mac, arp and arp[2] or "?", s[".type"], + "- ", arp and arp[1] or "?", "-", "-" )) end end