nemo/mir3c
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
43e3e6b7ae
mir3c/squashfs-root/usr/sbin/wifishare.sh

1407 lines
36 KiB
Bash
Raw Normal View History

Adds squashfs root
2018-05-25 08:49:31 +00:00
#!/bin/sh
# Copyright (C) 2016 Xiaomi
. /lib/functions.sh
network_name="guest"
section_name="wifishare"
redirect_port="8999"
dev_redirect_port="8899"
whiteport_list="67 68"
http_port="80"
dns_port="53"
dnsd_port="5533"
dnsd_conf="/var/dnsd.conf"
guest_gw=""
fw3lock="/var/run/fw3.lock"
hasctf=$(uci get misc.quickpass.ctf 2>/dev/null)
guest_ifname=$(uci get wireless.guest_2G.ifname 2>/dev/null)
hashwnat=$([ -f /etc/init.d/hwnat ] && echo 1)
auth_timeout_default=90
timeout_default=86400
date_tag=$(date +%F" "%H:%M:%S)
macs_blocked=""
share_block_table="wifishare_block"
share_block_table_input="wifishare_block_input"
share_whitehost_ipset="wifishare_whitehost"
share_whitehost_file="/etc/dnsmasq.d/wifishare_whitehost.conf"
share_nat_table="wifishare_nat"
share_filter_table="wifishare_filter"
share_nat_device_table="wifishare_nat_device"
share_filter_device_table="wifishare_filter_device"
share_nat_dev_redirect_table="wifishare_nat_dev_redirect"
hosts_dianping=".dianping.com .dpfile.com"
hosts_apple=""
hosts_nuomi=""
hosts_index="dianping"
filepath=$(cd `dirname $0`; pwd)
filename=$(basename $0;)
daemonfile="/usr/sbin/wifishare_daemon.sh"
active="user business"
#wechat qq dianping nuomi .etc
active_type=""
WIFIRENT_NAME="wifirent"
TICKET_NAME="ticket"
COUNT_INTERVAL=5 #Minites
COUNT_INTERVAL_SECS=300 #1 minites
MATOOL_DATA_FILE="/tmp/wifishare.remote.log"
COUNTING_DATA_FILE="/tmp/wifishare.counting.log"
counting_pid="/tmp/wifishare_counting.pid"
################### domain list #############
wifishare_log()
{
logger -p warn -t wifishare "$1"
}
business_whitehost_add()
{
for _host in $1
do
echo "ipset=/$_host/$share_whitehost_ipset" >>$share_whitehost_file
done
}
business_init()
{
rm $share_whitehost_file
touch $share_whitehost_file
for _idx in $hosts_index
do
_hosts=`eval echo '$hosts_'"$_idx"`
business_whitehost_add "$_hosts"
done
}
################### hwnat ###################
hwnat_start()
{
[ "$hashwnat" != "1" ] && return;
uci -q batch <<-EOF >/dev/null
set hwnat.switch.${section_name}=0
commit hwnat
EOF
/etc/init.d/hwnat start &>/dev/null
}
hwnat_stop()
{
[ "$hashwnat" != "1" ] && return;
uci -q batch <<-EOF >/dev/null
set hwnat.switch.${section_name}=1
commit hwnat
EOF
/etc/init.d/hwnat stop &>/dev/null
}
_locked="0"
################### lock ###################
fw3_lock()
{
trap "lock -u $fw3lock; exit 1" SIGHUP SIGINT SIGTERM
lock $fw3lock
return $?
}
fw3_trylock()
{
trap "lock -u $fw3lock; exit 1" SIGHUP SIGINT SIGTERM
lock -n $fw3lock
[ $? == 1 ] && _locked="1"
return $?
}
fw3_unlock()
{
lock -u $fw3lock
}
################### dnsd ###################
share_dnsd_start()
{
killall dnsd > /dev/null 2>&1
guest_gw=$(uci get network.guest.ipaddr)
[ $? != 0 ] && return;
#always create/update the dnsd config file (guest gw maybe changed)
echo "* $guest_gw" > $dnsd_conf
[ $? != 0 ] && return;
dnsd -p $dnsd_port -c $dnsd_conf -d > /dev/null 2>&1
[ $? != 0 ] && {
rm $dnsd_conf > /dev/null 2>&1
return ;
}
}
share_dnsd_stop()
{
killall dnsd > /dev/null 2>&1
[ -f $dnsd_conf ] && {
rm $dnsd_conf > /dev/null 2>&1
}
}
################### config ###################
share_parse_global()
{
local section="$1"
auth_timeout=""
timeout=""
config_get disabled $section disabled &>/dev/null;
#config_get auth_timeout $section auth_timeout &>/dev/null;
[ "$auth_timeout" == "" ] && auth_timeout=${auth_timeout_default}
config_get timeout $section timeout &>/dev/null;
[ "$timeout" == "" ] && timeout=${timeout_default}
config_get _business $section business &>/dev/null;
[ "$_business" == "" ] && _business=${business_default}
config_get _sns $section sns &>/dev/null;
[ "$_sns" == "" ] && _sns=${sns_default}
config_get _active $section active &>/dev/null;
[ "$_active" == "" ] && _active=${active_default}
if [ "$_active" == "business" ]
then
active_type="$_business"
else
active_type="$_sns"
fi
#echo "active -- $_active"
#echo "sns -- $_sns"
#echo "business -- $_business"
#echo "type -- $active_type"
}
share_parse_block()
{
config_get macs_blocked $section mac &>/dev/null;
}
share_ipset_create()
{
_rule_ipset=$1
[ "$_rule_ipset" == "" ] && return;
ipset flush $_rule_ipset >/dev/null 2>&1
ipset destroy $_rule_ipset >/dev/null 2>&1
ipset create $_rule_ipset hash:net >/dev/null
return
}
share_ipset_destroy()
{
_rule_ipset=$1
[ "$_rule_ipset" == "" ] && return;
ipset flush $_rule_ipset >/dev/null 2>&1
ipset destroy $_rule_ipset >/dev/null 2>&1
return
}
################### iptables ###################
ipt_table_create()
{
iptables -t $1 -F $2 >/dev/null 2>&1
iptables -t $1 -X $2 >/dev/null 2>&1
iptables -t $1 -N $2 >/dev/null 2>&1
}
ipt_table_destroy()
{
iptables -t $1 -F $2 >/dev/null 2>&1
iptables -t $1 -X $2 >/dev/null 2>&1
}
################### firewall ###################
share_fw_add_default()
{
[ "$hasctf" == "1" ] && iptables -t mangle -I PREROUTING -i br-guest -j SKIPCTF
ipt_table_create nat $share_nat_table
ipt_table_create nat $share_nat_device_table
ipt_table_create nat $share_nat_dev_redirect_table
ipt_table_create filter $share_filter_table
ipt_table_create filter $share_filter_device_table
iptables -t nat -I zone_guest_prerouting -i br-guest -j $share_nat_table >/dev/null 2>&1
iptables -t filter -I forwarding_rule -i br-guest -j $share_filter_table >/dev/null 2>&1
iptables -t nat -A $share_nat_table -p tcp -j REDIRECT --to-ports ${redirect_port}
iptables -t nat -A $share_nat_table -p udp -j REDIRECT --to-ports ${redirect_port}
#dns redirect
local dnsd_ok="0"
ps | grep dnsd | grep -v grep >/dev/null 2>&1
[ $? == 0 ] && {
dnsd_ok="1"
}
[ "$dnsd_ok" == "1" ] && {
iptables -t nat -I $share_nat_table -p udp -m udp --dport ${dns_port} -j REDIRECT --to-port ${dnsd_port}
}
#device list
iptables -t filter -I $share_filter_table -j $share_filter_device_table
iptables -t nat -I $share_nat_table -j $share_nat_device_table
if [ "$dnsd_ok" == "1" ];
then
iptables -t nat -I $share_nat_dev_redirect_table -j ACCEPT
echo a1
iptables -t nat -I $share_nat_dev_redirect_table -p tcp --dst ${guest_gw} --dport ${http_port} -j REDIRECT --to-ports ${dev_redirect_port}
echo a2
iptables -t nat -I $share_nat_dev_redirect_table -p tcp -m set --match-set ${share_whitehost_ipset} dst -j ACCEPT
else
iptables -t nat -I $share_nat_table -p udp -m udp --dport ${dns_port} -j ACCEPT
fi
for _port in ${whiteport_list}
do
iptables -t nat -I $share_nat_table -p udp -m udp --dport ${_port} -j ACCEPT
done
#white host
iptables -t filter -I $share_filter_table -p tcp -m set --match-set ${share_whitehost_ipset} dst -j ACCEPT
iptables -t nat -I $share_nat_table -p tcp -m set --match-set ${share_whitehost_ipset} dst -j ACCEPT
}
is_active_type()
{
# $1 type
# $2 type list
local _type=""
[ "$1" == "" ] && return 1;
[ "$2" == "" ] && return 1;
#reload
local _is_wechat_pay=$(echo $2 | grep "wifirent_wechat_pay")
[ "$_is_wechat_pay" != "" ] && {
[ "$1" == "$WIFIRENT_NAME" ] && return 0;
}
#wifishare enable
[ "$1" == "$WIFIRENT_NAME" ] && return 0;
for _type in $2
do
[ "$_type" == "$1" ] && return 0;
done
return 1;
}
share_fw_add_device()
{
local section="$1"
local _src_mac=""
local _start=""
local _stop=""
config_get disabled $section disabled &>/dev/null;
[ "$disabled" == "1" ] && return
config_get _start $section datestart &>/dev/null;
[ "$_start" == "" ] && return
config_get _stop $section datestop &>/dev/null;
[ "$_stop" == "" ] && return
config_get _src_mac $section mac &>/dev/null;
[ "$_src_mac" == "" ] && return
config_get _type $section sns &>/dev/null;
[ "$_type" == "" ] && return
is_active_type "$_type" "$active_type" || return;
share_block_has_mac $_src_mac
[ $? -eq 1 ] && return
share_access_remove $_src_mac
iptables -t filter -A $share_filter_device_table -m mac --mac-source $_src_mac -m time --datestart $_stop --kerneltz -j DROP >/dev/null 2>&1
iptables -t nat -I $share_nat_device_table -m mac --mac-source $_src_mac -m time --datestart $_start --datestop $_stop --kerneltz -j ACCEPT >/dev/null 2>&1
return;
}
share_fw_add_device_all()
{
config_load ${section_name}
config_foreach share_fw_add_device device
return;
}
share_fw_remove_all()
{
[ "$hasctf" == "1" ] && iptables -t mangle -D PREROUTING -i br-guest -j SKIPCTF
iptables -t nat -D zone_guest_prerouting -i br-guest -j $share_nat_table >/dev/null 2>&1
iptables -t filter -D forwarding_rule -i br-guest -j $share_filter_table >/dev/null 2>&1
ipt_table_destroy nat $share_nat_table
ipt_table_destroy nat $share_nat_device_table
ipt_table_destroy nat $share_nat_dev_redirect_table
ipt_table_destroy filter $share_filter_table
ipt_table_destroy filter $share_filter_device_table
return
}
################### contrack ###################
share_contrack_remove_perdevice()
{
local section="$1"
local _src_mac=""
local _start=""
local _stop=""
config_get _src_mac $section mac &>/dev/null;
[ "$_src_mac" == "" ] && return
share_contrack_remove $_src_mac
return
}
share_contrack_remove_all()
{
config_load ${section_name}
config_foreach share_contrack_remove_perdevice device
return
}
share_contrack_remove()
{
local _ip=$(/usr/bin/arp | awk -v mac=$1 ' BEGIN{IGNORECASE=1}{if($3==mac) print $1;}' 2>/dev/null)
[ "$_ip" == "" ] && return
echo $_ip > /proc/net/nf_conntrack
return
}
################### block ###################
share_block_has_mac()
{
local _src_mac=$1
local has_mac=""
[ "$_active" == "business" ] && return 0
[ "$macs_blocked" == "" ] && return 0
has_mac=$(echo $macs_blocked | awk -v mac=$_src_mac '{for(i=1;i<=NF;i++) { if($i==mac) print "1"; break;} }')
[ "$has_mac" != "" ] && return 1
return 0;
}
share_block_add_default()
{
share_block_remove_default
ipt_table_create filter $share_block_table
ipt_table_create filter $share_block_table_input
iptables -t filter -I forwarding_rule -i br-guest -j $share_block_table >/dev/null 2>&1
iptables -t filter -I INPUT -i br-guest -j $share_block_table_input >/dev/null 2>&1
iptables -t filter -I $share_block_table_input -p tcp -m tcp --dport 8999 -j ACCEPT
}
share_block_remove_default()
{
iptables -t filter -D forwarding_rule -i br-guest -j $share_block_table >/dev/null 2>&1
iptables -t filter -D INPUT -i br-guest -j $share_block_table_input >/dev/null 2>&1
ipt_table_destroy filter $share_block_table
ipt_table_destroy filter $share_block_table_input
}
share_block_add_perdevice()
{
local section="$1"
local _src_mac=""
config_get _mac_list $section mac &>/dev/null;
for _src_mac in $_mac_list
do
name_dev="${section_name}_block_${_src_mac//:/}"
echo "block device mac: $_src_mac, dev comment: $name_dev."
share_access_remove $_src_mac
iptables -t filter -A $share_block_table_input -m mac --mac-source $_src_mac -j DROP >/dev/null
iptables -t filter -A $share_block_table -m mac --mac-source $_src_mac -j DROP >/dev/null
done
return;
}
share_block_apply()
{
iptables -t filter -F $share_block_table >/dev/null 2>&1
iptables -t filter -F $share_block_table_input >/dev/null 2>&1
iptables -t filter -I $share_block_table_input -p tcp -m tcp --dport 8999 -j ACCEPT
config_load ${section_name}
config_foreach share_block_add_perdevice block
}
share_block_remove_all()
{
iptables -t filter -F $share_block_table >/dev/null 2>&1
}
################### interface ###################
#sns : string, 社交网络代码
#guest_user_id : string, 好友id
#extra_payload : string
#mac : 放行设备mac地址
share_access_prepare()
{
local _src_mac=$1
local _device_id=""
local _current=""
local _start=""
local _stop=""
[ "$_src_mac" == "" ] && return 1;
share_block_has_mac $_src_mac
[ $? -eq 1 ] && return
_device_id=${_src_mac//:/};
_current=$(date "+%Y-%m-%dT%H:%M:%S")
_start=$(echo $_current | awk -v timeout=30 '{gsub(/-|:|T/," ",$0);now=mktime($0);now=now-timeout;print strftime("%Y-%m-%dT%H:%M:%S",now);return;}')
_stop=$(echo $_current | awk -v timeout=$auth_timeout '{gsub(/-|:|T/," ",$0);now=mktime($0);now=now+timeout;print strftime("%Y-%m-%dT%H:%M:%S",now);return;}')
local allowed_datestop=$(uci get ${section_name}.${_device_id}.datestop)
[ "$allowed_datestop" != "" ] && {
local time_now=$(echo $_current | tr -cd '[0-9]')
local time_stop=$(echo $allowed_datestop | tr -cd '[0-9]')
[ $time_stop -ge $time_now ]&& {
return;
}
}
local name_dev="${section_name}_${_device_id}"
share_aceess_remove_iptables $_src_mac
local dnsd_ok="0"
ps | grep dnsd | grep -v grep >/dev/null 2>&1
[ $? == 0 ] && {
dnsd_ok="1"
}
iptables -t filter -I $share_filter_device_table -m mac --mac-source $_src_mac -m time --datestart $_stop --kerneltz -j DROP
if [ "$dnsd_ok" == 1 ];
then
iptables -t nat -I $share_nat_device_table -m mac --mac-source $_src_mac -m time --datestart $_start --datestop $_stop --kerneltz -j ${share_nat_dev_redirect_table}
else
iptables -t nat -I $share_nat_device_table -m mac --mac-source $_src_mac -m time --datestart $_start --datestop $_stop --kerneltz -j ACCEPT
fi
return
}
share_access_allow()
{
local _src_mac=$1
local dev_sns=$2
local _device_id=""
local _start=""
local _stop=""
local force_write=0
local online_time=$(ubus call trafficd hw |jason.sh -b |grep "$_mac"|grep online_timer |awk '{print $2}')
[ "$_src_mac" == "" ] && return 1;
share_block_has_mac $_src_mac
[ $? -eq 1 ] && return
_device_id=${_src_mac//:/};
_current=$(date "+%Y-%m-%dT%H:%M:%S")
_start=$(date "+%Y-%m-%dT%H:%M:%S")
_stop=$(echo $_start | awk -v timeout=$timeout '{gsub(/-|:|T/," ",$0);now=mktime($0);now=now+timeout;print strftime("%Y-%m-%dT%H:%M:%S",now);return;}')
local allowed_datestop=$(uci get ${section_name}.${_device_id}.datestop)
local _payload=$(uci get ${section_name}.${_device_id}.extra_payload)
force_write=$(is_active_type "$_type" "$active_type")
#logger -p warn -t wifishare "force_write $force_write $dev_sns active $active_type"
[ "$allowed_datestop" != "" -a "$force_write" == "0" ] && {
local time_now=$(echo $_current | tr -cd '[0-9]')
local time_stop=$(echo $allowed_datestop | tr -cd '[0-9]')
[ $time_stop -ge $time_now ]&& {
return;
}
}
share_aceess_remove_iptables $_src_mac
iptables -t filter -I $share_filter_device_table -m mac --mac-source $_src_mac -m time --datestart $_stop --kerneltz -j DROP
exe_ret1=$?
iptables -t nat -I $share_nat_device_table -m mac --mac-source $_src_mac -m time --datestart $_start --datestop $_stop --kerneltz -j ACCEPT
exe_ret2=$?
[ "$exe_ret1" != "0" ] && logger -p info -t wifishare "stat_points_none wifishare_error=$_src_mac|iptables_add1|$date_tag|$exe_ret1"
[ "$exe_ret2" != "0" ] && logger -p info -t wifishare "stat_points_none wifishare_error=$_src_mac|iptables_add2|$date_tag|$exe_ret2"
uci -q batch <<-EOF >/dev/null
set ${section_name}.${_device_id}=device
set ${section_name}.${_device_id}.datestart="$_start"
set ${section_name}.${_device_id}.datestop="$_stop"
set ${section_name}.${_device_id}.mac="$_src_mac"
set ${section_name}.${_device_id}.timecount_last="$online_time"
EOF
uci commit ${section_name}
old_ticket=$(echo $_payload | jason.sh -b |grep "\[\"initial_ticket\"\]" |awk '{print $2}' |sed 's/\"//g')
[ "$old_ticket" != "" ] && logger -p info -t wifishare "stat_points_none wifishare_allow=$_src_mac|$old_ticket|$date_tag"
[ "$old_ticket" == "" ] && logger -p info -t wifishare "stat_points_none wifishare_error=$_src_mac|nooldticket|$date_tag"
}
share_aceess_remove_iptables()
{
local _src_mac=$1
local _device_id=""
[ "$_src_mac" == "" ] && return 1;
_device_id=${_src_mac//:/};
# iptables -t filter -A $share_filter_table -m mac --mac-source $_src_mac -m time --datestart $_stop --kerneltz -m comment --comment ${name_dev} -j DROP
iptables-save -t filter | awk -v mac=$_src_mac '/^-A wifishare_filter_device / {
i = 1;
while ( i <= NF )
{
if($i~/--mac-source/)
{
if($(i+1)==mac)
{
gsub("^-A", "-D")
print "iptables -t filter "$0";"
}
}
i++
}
}' |sh
iptables-save -t nat | awk -v mac=$_src_mac '/^-A wifishare_nat_device / {
i = 1;
while ( i <= NF )
{
if($i~/--mac-source/)
{
if($(i+1)==mac)
{
gsub("^-A", "-D")
print "iptables -t nat "$0";"
}
}
i++
}
}' |sh
return;
}
share_access_remove()
{
local _src_mac=$1
share_aceess_remove_iptables $_src_mac
share_contrack_remove $_src_mac
logger -p info -t wifishare "stat_points_none wifishare_remove=$_src_mac|$date_tag"
return
}
timeout_devname_list=""
timeout_time=""
share_timeout_gettime()
{
timeout_time=$(echo 1| awk '{now=systime(); print now }')
}
share_access_timeout_iptables()
{
local _timeout_range=$1
[ -z $_timeout_range ] && _timeout_range=$timeout
[ "$_timeout_range" -le 3600 ] && _timeout_range=3600
let _timeout_range+=30
iptables-save -t nat | awk -v now=$timeout_time -v auth_timeout=$auth_timeout -v range=$_timeout_range '/^-A wifishare_nat_device / {
i = 1;
while ( i <= NF )
{
if($i~/--mac-source/)
{
need_remove=0;
mac=$(i+1);
device_id=mac;
gsub(":", "", device_id);
}
if($i~/--datestart/)
{
datestart=$(i+1)
gsub(/-|:|T/," ", datestart);
start=mktime(datestart);
}
if($i~/--datestop/)
{
datestop=$(i+1);
filter_datestart=datestop;
gsub(/-|:|T/," ", datestop);
stop=mktime(datestop);
if(now>stop)
{
need_remove=1;
}
else if (now-start>range)
{
need_remove=1;
}
}
if($i~/-j/)
{
if(need_remove == 1)
{
gsub("^-A", "-D");
print "iptables -t filter -D wifishare_filter_device -m mac --mac-source "mac" -m time --datestart "filter_datestart" --kerneltz -j DROP";
print "iptables -t nat "$0;
print "logger -p info -t wifishare \"stat_points_none wifishare_timeout="mac"|"datestop"|"now"\""
}
}
i++
}
} ' |sh
return
}
share_access_timeout_config_perdevice()
{
local _mac=""
local _datestop=""
local _stop=""
local _start=""
local need_remove=0
config_get _mac $section mac &>/dev/null;
config_get _datestop $section datestop &>/dev/null;
config_get _datestart $section datestart &>/dev/null;
_stop=$(echo $_datestop |awk '{gsub(/-|:|T/," ", $O); seconds=mktime($0); print seconds;}')
_start=$(echo $_datestart |awk '{gsub(/-|:|T/," ", $O); seconds=mktime($0); print seconds;}')
[ "$timeout_range" != "" ] && {
local _start_timeout
let _start_timeout=$timeout_time-$_start
echo $_start_timeout
[ $_start_timeout -gt $timeout_range ] && {
need_remove=1
}
}
[ $_stop -lt $timeout_time ] && {
need_remove=1;
}
[ "$need_remove" == "1" ] && {
macsets_timeout="$macsets_timeout $_mac"
}
}
share_access_timeout_uci()
{
local macsets_timeout=""
timeout_range=$1
local onemac=""
config_load "${section_name}"
[ -z $timeout_range ] && timeout_range=$timeout
[ "$timeout_range" -le 3600 ] && timeout_range=3600
config_foreach share_access_timeout_config_perdevice device
[ "$macsets_timeout" != "" ] && {
for onemac in $macsets_timeout
do
local _device_id=""
_device_id=${onemac//:/}
share_contrack_remove ${onemac}
uci delete ${section_name}.${_device_id}
done
uci commit ${section_name}
}
}
share_access_timeout()
{
#get current time
share_timeout_gettime
#remove iptables
share_access_timeout_iptables $1
share_access_timeout_uci $1
return
}
share_access_counting_perdevice()
{
local dev_sns=""
local _payload=""
local _timecount=0
local newcount=0
local _mac=""
local _datestop=""
local _stop=""
local _start=""
local old_ticket=""
local need_remove=0
local _device_id=""
config_get dev_sns $section sns &>/dev/null;
[ "$dev_sns" != "$WIFIRENT_NAME" ] && return;
config_get _mac $section mac &>/dev/null;
[ "$_mac" == "" ] && {
logger -p info -t wifishare "stat_points_none wifishare_error=$_mac|macempty"
return;
};
_device_id=${_mac//:/};
online_ifname=$(ubus call trafficd hw |jason.sh -b|grep "\[\"${_mac}\",\"ifname\"\]"|awk '{print $2}'| sed 's/\"//g')
[ "$online_ifname" != "$guest_ifname" -o "$online_ifname" == "" ] && {
uci delete wifishare.${_device_id}.timecount_last
logger -p info -t wifishare "stat_points_none wifishare_error=$_mac|onlineifnameempty"
return;
}
config_get old_ticket $section ticket &>/dev/null;
#[ "$_ticket" == "" ] && return;
config_get _payload $section extra_payload &>/dev/null;
[ "$_payload" == "" ] && {
logger -p info -t wifishare "stat_points_none wifishare_error=$_mac|payloadempty"
return;
}
config_get _lastcount $section timecount_last &>/dev/null;
[ "$_lastcount" == "" ] && _lastcount=0;
#config_get _datestop $section datestop &>/dev/null;
#config_get _datestart $section datestart &>/dev/null;
#_stop=$(echo $_datestop |awk '{gsub(/-|:|T/," ", $O); seconds=mktime($0); print seconds;}')
#_start=$(echo $_datestart |awk '{gsub(/-|:|T/," ", $O); seconds=mktime($0); print seconds;}')
online_time=$(ubus call trafficd hw |jason.sh -b |grep "$_mac"|grep wifishare_timer |awk '{print $2}')
[ "$online_time" == "" ] && {
uci delete wifishare.${_device_id}.timecount_last
logger -p info -t wifishare "stat_points_none wifishare_error=$_mac|onlinetimeempty"
return;
}
[ "$old_ticket" == "" ] && old_ticket=$(echo $_payload | jason.sh -b |grep "\[\"initial_ticket\"\]" |awk '{print $2}' |sed 's/\"//g')
[ "$old_ticket" == "" ] && {
logger -p info -t wifishare "stat_points_none wifishare_error=$_mac|oldticketempty"
return;
}
if [ $_lastcount -eq 0 ]
then
newcount=60
elif [ $_lastcount -ge $online_time ]
then
newcount=$COUNT_INTERVAL_SECS
else
newcount=$(expr $online_time - $_lastcount)
fi
wifishare_log "COUNTING $newcount seconds";
#uci get wifishare.FC64BA9687F9.extra_payload | jason.sh -b
#matool --method api_call --params /device/wifi_rent/counting "{\"ticket\":\"xxxx\",\"duration\":15}"
report_success=0
for report_try in `seq 1 3`
do
matool --method api_call --params /device/wifi_rent/counting "{\"ticket\":\"$old_ticket\", \"duration\":$newcount }" >$MATOOL_DATA_FILE
_code=$( cat $MATOOL_DATA_FILE|jason.sh -b | grep "\"code\"" | awk '{print $2}')
new_ticket=$(cat $MATOOL_DATA_FILE |jason.sh -b |grep "\[\"data\",\"ticket\"\]" | awk '{print $2}' |sed 's/\"//g')
case $_code in
4502 | 4503 )
need_remove=1;
echo "$date_tag $_mac $newcount $old_ticket $new_ticket $_code $need_remove remove" >> $COUNTING_DATA_FILE
#logger -p info -t wifishare "stat_points_none wifishare_counting=$date_tag|$_mac|$newcount|$old_ticket|$new_ticket|$_code|$need_remove|remove"
macsets_arrearage="$macsets_arrearage $_mac"
report_success=1;
break;
;;
-1 )
echo "$date_tag $_mac $newcount $old_ticket $new_ticket $_code $need_remove error" >> $COUNTING_DATA_FILE
logger -p info -t wifishare "stat_points_none wifishare_counting=$date_tag|$_mac|$newcount|$old_ticket|$new_ticket|$_code|$need_remove|error"
continue;
;;
esac
report_success=1;
break
done
[ "$report_success" == "0" ] && {
logger -p info -t wifishare "stat_points_none wifishare_counting=$date_tag|$_mac|$newcount|$old_ticket|$new_ticket|$_code|$need_remove|finalerror"
return;
}
echo "$date_tag $_mac $newcount $old_ticket $new_ticket $_code $need_remove" >> $COUNTING_DATA_FILE
#logger -p info -t wifishare "stat_points_none wifishare_counting=$_mac|$date_tag|$newcount|$old_ticket|$new_ticket|$_code|$need_remove|notremove"
#echo "TIME: $date_tag"
#echo "MAC $_mac"
#echo "SECONDS $newcount"
#echo "OLD TICKET $old_ticket"
#echo "NEW TICKET $new_ticket"
#echo "RETURN CODE $_code"
#echo "NEED REMOVE $need_remove"
#matool --method api_call --params /device/wifi_rent/counting "{\"ticket\":\"$_ticket\", \"duration\":1000}"
#uci get wifishare.FC64BA9687F9.extra_payload | jason.sh -b |grep "\[\"sns\"\]" |awk '{print $2}'
[ "$new_ticket" == "" ] && {
return;
}
uci set wifishare.${_device_id}.timecount_last=${online_time}
uci set wifishare.${_device_id}.ticket=${new_ticket}
return;
}
share_access_counting()
{
local macsets_arrearage=""
timeout_range=$1
local onemac=""
config_load "${section_name}"
config_foreach share_access_counting_perdevice device
[ "$macsets_arrearage" != "" ] && {
for onemac in $macsets_arrearage
do
local _device_id=""
_device_id=${onemac//:/}
share_access_remove ${onemac}
#share_contrack_remove ${onemac}
uci delete ${section_name}.${_device_id}
done
}
uci commit ${section_name}
}
# add timer task to crontab
# eg.
# bridgeap mode gateway check
# */1 * * * * /usr/sbin/ap_mode.sh check_gw
#share_counting_stop_crontab()
#{
# grep -v "/usr/sbin/wifishare.sh counting" /etc/crontabs/root > /etc/crontabs/root.new;
# mv /etc/crontabs/root.new /etc/crontabs/root
# /etc/init.d/cron restart
#}
#share_counting_start_crontab()
#{
# grep -v "/usr/sbin/wifishare.sh counting" /etc/crontabs/root > /etc/crontabs/root.new;
# echo "*/$COUNT_INTERVAL * * * * /usr/sbin/wifishare.sh counting" >> /etc/crontabs/root.new
# mv /etc/crontabs/root.new /etc/crontabs/root
# /etc/init.d/cron restart
#}
share_clean_config_perdevice_wifirent()
{
local _mac=""
#local _sns=""
config_get _mac $section mac &>/dev/null;
macsets_cleaned="$macsets_cleaned $_mac"
}
share_clean_wifirent()
{
local macsets_cleaned=""
config_load "${section_name}"
config_foreach share_clean_config_perdevice_wifirent device
[ "$macsets_cleaned" != "" ] && {
for onemac in $macsets_cleaned
do
local _device_id=""
_device_id=${onemac//:/}
share_contrack_remove ${onemac}
uci delete ${section_name}.${_device_id}
done
uci commit ${section_name}
}
}
share_clean_config_perdevice()
{
local _mac=""
local dev_sns=""
config_get _mac $section mac &>/dev/null;
config_get dev_sns $section sns &>/dev/null;
[ "$dev_sns" == "$WIFIRENT_NAME" ] && return;
macsets_cleaned="$macsets_cleaned $_mac"
}
share_clean_uci_device()
{
local macsets_cleaned=""
config_load "${section_name}"
config_foreach share_clean_config_perdevice device
[ "$macsets_cleaned" != "" ] && {
for onemac in $macsets_cleaned
do
local _device_id=""
_device_id=${onemac//:/}
#share_contrack_remove ${onemac}
share_access_remove ${onemac}
uci delete ${section_name}.${_device_id}
done
uci commit ${section_name}
}
}
share_clean_uci_record()
{
local macsets_cleaned=""
config_load "${section_name}"
config_foreach share_clean_config_perdevice record
[ "$macsets_cleaned" != "" ] && {
for onemac in $macsets_cleaned
do
local _device_id=""
_device_id=${onemac//:/}
share_contrack_remove ${onemac}
uci delete ${section_name}.${_device_id}"_RECORD"
done
uci commit ${section_name}
}
}
share_clean_uci_block()
{
uci delete ${section_name}.blacklist
uci commit ${section_name}
}
share_clean()
{
#iptables -t nat -F $share_nat_device_table >/dev/null 2>&1
#iptables -t nat -F $share_nat_dev_redirect_table >/dev/null 2>&1
#iptables -t filter -F $share_filter_device_table >/dev/null 2>&1
iptables -t filter -F $share_block_table >/dev/null 2>&1
iptables -t filter -F $share_block_table_input >/dev/null 2>&1
iptables -t filter -I $share_block_table_input -p tcp -m tcp --dport 8999 -j ACCEPT
share_clean_uci_device
share_clean_uci_record
share_clean_uci_block
return;
}
share_reload()
{
share_fw_remove_all
share_ipset_create $share_whitehost_ipset
[ "$_active" == "business" ] && business_init
[ "$_active" == "business" ] || share_dnsd_start
share_fw_add_default
share_fw_add_device_all
share_block_remove_default
share_block_add_default
[ "$_active" != "business" ] && share_block_apply
return
}
share_config_set()
{
local _auth_timeout=${1}
local _timeout=${2}
local _dhcp_leasetime=${3}
[ ! -z $_dhcp_leasetime ] && {
uci -q batch <<-EOF >/dev/null
set dhcp.guest.leasetime=${_dhcp_leasetime}
EOF
uci commit dhcp
/etc/init.d/dnsmasq restart
}
uci -q batch <<-EOF >/dev/null
set firewall.${section_name}=include
set firewall.${section_name}.path="/usr/sbin/wifishare.sh reload"
set firewall.${section_name}.reload=1
set ${section_name}.global.auth_timeout=${_auth_timeout}
set ${section_name}.global.timeout=${_timeout}
EOF
uci commit firewall
uci commit ${section_name}
return;
}
share_config_set_default()
{
uci -q batch <<-EOF >/dev/null
del firewall.${section_name}
set ${section_name}.global.auth_timeout=${auth_timeout_default}
set ${section_name}.global.timeout=${timeout_default}
set dhcp.guest.leasetime=12h
EOF
uci commit ${section_name}
uci commit dhcp
uci commit firewall
/etc/init.d/dnsmasq restart
}
share_start()
{
local name_default="${section_name}_default"
local _auth_timeout=${1}
local _timeout=${2}
local _dhcp_leasetime=${3}
has_wifishare=$(uci get firewall.wifishare.path)
[ "$has_wifishare" == "/usr/sbin/wifishare.sh reload" ] && return
[ -z $_auth_timeout ] && _auth_timeout=${auth_timeout_default}
[ -z $_timeout ] && _timeout=${timeout_default}
share_reload
share_config_set $@
return
}
share_stop()
{
share_config_set_default
share_contrack_remove_all
share_fw_remove_all
share_block_remove_all
share_block_remove_default
share_ipset_destroy $share_whitehost_ipset
share_dnsd_stop
share_clean
return
}
guest_network_judge()
{
local _encryption=$(uci get wireless.guest_2G.encryption 2>/dev/null)
local _ssid=$(uci get wireless.guest_2G.ssid 2>/dev/null)
local _disabled=$(uci get wireless.guest_2G.disabled 2>/dev/null)
[ "$_disabled" == 1 ] && exit 1
[ "$_ssid" == "" ] && exit 1
[ "$_encryption" != "none" ] && exit 1
return
}
share_usage()
{
echo "$0:"
echo " on : start guest share, guest must open and encryption is none."
echo " format: $0 on auth_timeout timeout"
echo " auth_timeout default 60 seconds(one minute). "
echo " timeout default 86400 second(one day)"
echo " dhcp_leasetime default 12h (12 hour). other example 60m"
echo " eg: $0 on"
echo " eg: $0 on 120 7200 2h"
echo " off : stop guest share."
echo " format: $0 off"
echo " block_apply: apply block list."
echo " format: $0 block_apply"
echo " prepare: prepare for guest client, allow data transfer for 60 seconds."
echo " format: $0 prepare mac_address"
echo " eg : $0 prepare 01:12:34:ab:cd:ef"
echo " allow : access allow, default 1 day."
echo " format: $0 allow mac_address"
echo " eg : $0 allow 01:12:34:ab:cd:ef"
echo " deny : access deny, default 1 day."
echo " format: $0 deny mac_address"
echo " eg : $0 deny 01:12:34:ab:cd:ef"
echo " timeout: remove timeout item in firewall iptables wifishare."
echo " format: $0 timeout"
echo " other: usage."
return;
}
daemon_stop()
{
local this_pid=$$
local one_pid=""
local _pid_list=""
echo $$ >$counting_pid
ps w|grep wifishare_daemon.sh|grep -v grep
_pid_list=$(ps w|grep wifishare_daemon.sh|grep -v grep |grep -v counting|awk '{print $1}')
for one_pid in $_pid_list
do
echo "curent try pid "$one_pid" end"
[ "$one_pid" != "$this_pid" ] && {
echo "wifishare kill "$one_pid
kill -9 $one_pid
}
done
echo "wifishare daemon stop"
}
daemon_start()
{
daemon_stop
$daemonfile daemon &
}
daemon_run()
{
sleep 60
while true
do
$daemonfile counting
sleep $COUNT_INTERVAL_SECS
done
}
OPT=$1
config_load "${section_name}"
config_foreach share_parse_global global
config_foreach share_parse_block block
#main
wifishare_log "$OPT"
case $OPT in
on)
guest_network_judge
hwnat_stop
fw3_lock
share_start $2 $3 $4
fw3_unlock
daemon_start
#share_counting_start_crontab
return $?
;;
off)
#share_counting_stop_crontab
fw3_lock
share_stop
fw3_unlock
hwnat_start
daemon_stop
return $?
;;
prepare)
local _dev_mac=$(echo "$2"| tr '[a-z]' '[A-Z]')
fw3_lock
wifishare_log "$OPT begin"
share_access_prepare $_dev_mac
#share_access_timeout
wifishare_log "$OPT end"
fw3_unlock
return $?
;;
allow)
local _dev_mac=$(echo "$2"| tr '[a-z]' '[A-Z]')
local _dev_sns="$3"
fw3_lock
wifishare_log "$OPT begin"
share_access_allow $_dev_mac $_dev_sns
share_access_timeout
wifishare_log "$OPT end"
fw3_unlock
return $?
;;
deny)
#deny issue don't delete uci config
local _dev_mac=$(echo "$2"| tr '[a-z]' '[A-Z]')
fw3_trylock
wifishare_log "$OPT begin"
[ "$_locked" == "1" ] && return;
share_access_remove $_dev_mac
share_access_timeout
wifishare_log "$OPT end"
fw3_unlock
return $?
;;
block_apply)
fw3_trylock
[ "$_locked" == "1" ] && return;
share_block_apply
fw3_unlock
return $?
;;
counting)
fw3_trylock
[ "$_locked" == "1" ] && return;
wifishare_log "$OPT begin"
share_access_counting
wifishare_log "$OPT end"
fw3_unlock
;;
daemon)
daemon_run
;;
timeout)
local _timeout=$(echo $2 | sed 's/[^0-9]//g')
fw3_trylock
share_access_timeout $_timeout
fw3_unlock
return $?
;;
clean)
fw3_trylock
[ "$_locked" == "1" ] && return;
wifishare_log "$OPT begin"
share_clean
#share_clean_wifirent
wifishare_log "$OPT end"
fw3_unlock
logger -p info -t wifishare "stat_points_none wifishare_clean=$date_tag"
;;
reload)
wifishare_log "$OPT begin"
share_reload
daemon_start
wifishare_log "$OPT end"
return $?
;;
*)
share_usage
return 0
;;
esac
Reference in New Issue Copy Permalink