X-Git-Url: https://git.archive.openwrt.org/?p=project%2Fluci.git;a=blobdiff_plain;f=applications%2Fluci-splash%2Froot%2Fusr%2Fsbin%2Fluci-splash;h=e2bcc557d2fb0a94781f6075b02fc67a61a4bd56;hp=72456c01e61509ab36e9672aa3e6f031b740c6f7;hb=e385f91ff6b0faeea8a9ef04d306bbb888b42513;hpb=0092df3d17247986be0cb5f43f49547ce9c08bc4;ds=sidebyside diff --git a/applications/luci-splash/root/usr/sbin/luci-splash b/applications/luci-splash/root/usr/sbin/luci-splash old mode 100644 new mode 100755 index 72456c01e..e2bcc557d --- a/applications/luci-splash/root/usr/sbin/luci-splash +++ b/applications/luci-splash/root/usr/sbin/luci-splash @@ -1,40 +1,49 @@ #!/usr/bin/lua -require("luci.http") -require("luci.sys") +require("luci.util") require("luci.model.uci") +require("luci.sys.iptparser") -- Init state session -luci.model.uci.set_savedir(luci.model.uci.savedir_state) -local uci = luci.model.uci +local uci = luci.model.uci.cursor_state() +local ipt = luci.sys.iptparser.IptParser() +local splash_interfaces = { } +local limit_up = 0 +local limit_down = 0 +local limit_down_burst = 0 function main(argv) local cmd = argv[1] local arg = argv[2] + + limit_up = tonumber(uci:get("luci_splash", "general", "limit_up") or 0) + limit_down = tonumber(uci:get("luci_splash", "general", "limit_down") or 0) + limit_down_burst = tonumber(uci:get("luci_splash", "general", "limit_down_burst") or limit_down * 2) - if cmd == "status" then - if not arg then - os.exit(1) + uci:foreach("luci_splash", "iface", function(s) + if s.network then + splash_interfaces[#splash_interfaces+1] = uci:get("network", s.network, "ifname") end - - if iswhitelisted(arg) then + end) + + if cmd == "status" and arg then + if islisted("whitelist", arg) then print("whitelisted") - os.exit(0) + elseif islisted("blacklist", arg) then + print("blacklisted") + else + local lease = haslease(arg) + if lease and lease.kicked then + print("kicked") + elseif lease then + print("lease") + else + print("unknown") + end end - - if haslease(arg) then - print("lease") - os.exit(0) - end - - print("unknown") os.exit(0) - elseif cmd == "add" then - if not arg then - os.exit(1) - end - + elseif cmd == "add" and arg then if not haslease(arg) then add_lease(arg) else @@ -42,11 +51,7 @@ function main(argv) os.exit(2) end os.exit(0) - elseif cmd == "remove" then - if not arg then - os.exit(1) - end - + elseif cmd == "remove" and arg then remove_lease(arg) os.exit(0) elseif cmd == "sync" then @@ -60,87 +65,122 @@ end -- Add a lease to state and invoke add_rule function add_lease(mac) - uci.section("luci_splash", "lease", nil, { + uci:section("luci_splash", "lease", nil, { mac = mac, start = os.time() }) add_rule(mac) - uci.save() + uci:save("luci_splash") end -- Remove a lease from state and invoke remove_rule function remove_lease(mac) mac = mac:lower() - local del = {} + remove_rule(mac) - uci.foreach("luci_splash", "lease", - function (section) - if section.mac:lower() == mac then - table.insert(del, section[".name"]) - end - end) + uci:delete_all("luci_splash", "lease", + function(s) return ( s.mac:lower() == mac ) end) - for i,j in ipairs(del) do - remove_rule(j) - uci.delete("luci_splash", j) - end - - uci.save() + uci:save("luci_splash") end -- Add an iptables rule function add_rule(mac) - return os.execute("iptables -t nat -I luci_splash_leases -m mac --mac-source '"..mac.."' -j RETURN") + local a, b, c, d, e, f = mac:match("(%w+):(%w+):(%w+):(%w+):(%w+):(%w+)") + local mac_pre = "%s%s" %{ a, b } + local mac_post = "%s%s%s%s" %{ c, d, e, f } + local handle = f + + if limit_up > 0 and limit_down > 0 then + os.execute("iptables -t mangle -I luci_splash_mark -m mac --mac-source %q -j MARK --set-mark 79" % mac) + + for _, i in ipairs(splash_interfaces) do + os.execute("tc filter add dev %q parent 77:0 protocol ip prio 2 " % i .. + "handle ::%q u32 " % handle .. + "match u16 0x0800 0xFFFF at -2 match u32 0x%q 0xFFFFFFFF at -12 " % mac_post .. + "match u16 0x%q 0xFFFF at -14 flowid 77:10" % mac_pre) + end + end + + os.execute("iptables -t filter -I luci_splash_counter -m mac --mac-source %q -j RETURN" % mac) + return os.execute("iptables -t nat -I luci_splash_leases -m mac --mac-source %q -j RETURN" % mac) end -- Remove an iptables rule function remove_rule(mac) - return os.execute("iptables -t nat -D luci_splash_leases -m mac --mac-source '"..mac.."' -j RETURN") + local handle = mac:match("%w+:%w+:%w+:%w+:%w+:(%w+)") + + local function ipt_delete_foreach(args) + for _, r in ipairs(ipt:find(args)) do + if r.options and #r.options >= 2 and r.options[1] == "MAC" and + r.options[2]:lower() == mac:lower() + then + os.execute("iptables -t %q -D %q -m mac --mac-source %q %s 2>/dev/null" + %{ r.table, r.chain, mac, + r.target == "MARK" and "-j MARK --set-mark 79" or + r.target and "-j %q" % r.target or "" }) + end + end + end + + ipt_delete_foreach({table="filter", chain="luci_splash_counter"}) + ipt_delete_foreach({table="mangle", chain="luci_splash_mark"}) + ipt_delete_foreach({table="nat", chain="luci_splash_leases"}) + + for _, i in ipairs(splash_interfaces) do + os.execute("tc filter del dev %q parent 77:0 protocol ip prio 2 " % i .. + "handle 800::%q u32 2>/dev/null" % handle) + end + + ipt:resync() end -- Check whether a MAC-Address is listed in the lease state list function haslease(mac) mac = mac:lower() - local stat = false - - uci.foreach("luci_splash", "lease", + local lease = nil + + uci:foreach("luci_splash", "lease", function (section) if section.mac:lower() == mac then - stat = true - return + lease = section end end) - - return stat + + return lease end --- Check whether a MAC-Address is whitelisted -function iswhitelisted(mac) +-- Check whether a MAC-Address is in given list +function islisted(what, mac) mac = mac:lower() - - uci.foreach("luci_splash", "whitelist", + + uci:foreach("luci_splash", what, function (section) if section.mac:lower() == mac then stat = true return end end) - + return false end -- Returns a list of MAC-Addresses for which a rule is existing function listrules() - local cmd = "iptables -t nat -L luci_splash_leases | grep RETURN |" - cmd = cmd .. "egrep -io [0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+" - return luci.util.split(luci.sys.exec(cmd)) + local macs = { } + for i, r in ipairs(ipt:find({table="nat", chain="luci_splash_leases"})) do + if r.options and #r.options >= 2 and r.options[1] == "MAC" then + macs[r.options[2]:lower()] = true + end + end + return luci.util.keys(macs) end @@ -150,14 +190,14 @@ function sync() local time = os.time() -- Current leases in state files - local leases = uci.get_all("luci_splash") + local leases = uci:get_all("luci_splash") -- Convert leasetime to seconds - local leasetime = tonumber(uci.get("luci_splash", "general", "leasetime")) * 3600 + local leasetime = tonumber(uci:get("luci_splash", "general", "leasetime")) * 3600 -- Clean state file - uci.load("luci_splash") - uci.revert("luci_splash") + uci:load("luci_splash") + uci:revert("luci_splash") -- For all leases @@ -165,15 +205,18 @@ function sync() if v[".type"] == "lease" then if os.difftime(time, tonumber(v.start)) > leasetime then -- Remove expired - remove_rule(v.mac) + remove_rule(v.mac, v.kicked) else -- Rewrite state - uci.section("luci_splash", "lease", nil, { - mac = v.mac, - start = v.start + uci:section("luci_splash", "lease", nil, { + mac = v.mac, + start = v.start, + kicked = v.kicked }) written[v.mac:lower()] = 1 end + elseif v[".type"] == "whitelist" or v[".type"] == "blacklist" then + written[v.mac:lower()] = 1 end end @@ -185,7 +228,7 @@ function sync() end end - uci.save("luci_splash") + uci:save("luci_splash") end -main(arg) \ No newline at end of file +main(arg)