nemo/mir3c
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
43e3e6b7ae
mir3c/squashfs-root/usr/sbin/wifishare.sh
Nemo 914426421d Adds squashfs root
2018-05-25 14:19:31 +05:30

1407 lines
36 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/sh
# Copyright (C) 2016 Xiaomi
. /lib/functions.sh
network_name="guest"
section_name="wifishare"
redirect_port="8999"
dev_redirect_port="8899"
whiteport_list="67 68"
http_port="80"
dns_port="53"
dnsd_port="5533"
dnsd_conf="/var/dnsd.conf"
guest_gw=""
fw3lock="/var/run/fw3.lock"
hasctf=$(uci get misc.quickpass.ctf 2>/dev/null)
guest_ifname=$(uci get wireless.guest_2G.ifname 2>/dev/null)
hashwnat=$([ -f /etc/init.d/hwnat ] && echo 1)
auth_timeout_default=90
timeout_default=86400
date_tag=$(date +%F" "%H:%M:%S)
macs_blocked=""
share_block_table="wifishare_block"
share_block_table_input="wifishare_block_input"
share_whitehost_ipset="wifishare_whitehost"
share_whitehost_file="/etc/dnsmasq.d/wifishare_whitehost.conf"
share_nat_table="wifishare_nat"
share_filter_table="wifishare_filter"
share_nat_device_table="wifishare_nat_device"
share_filter_device_table="wifishare_filter_device"
share_nat_dev_redirect_table="wifishare_nat_dev_redirect"
hosts_dianping=".dianping.com .dpfile.com"
hosts_apple=""
hosts_nuomi=""
hosts_index="dianping"
filepath=$(cd `dirname $0`; pwd)
filename=$(basename $0;)
daemonfile="/usr/sbin/wifishare_daemon.sh"
active="user business"
#wechat qq dianping nuomi .etc
active_type=""
WIFIRENT_NAME="wifirent"
TICKET_NAME="ticket"
COUNT_INTERVAL=5 #Minites
COUNT_INTERVAL_SECS=300 #1 minites
MATOOL_DATA_FILE="/tmp/wifishare.remote.log"
COUNTING_DATA_FILE="/tmp/wifishare.counting.log"
counting_pid="/tmp/wifishare_counting.pid"
################### domain list #############
wifishare_log()
{
logger -p warn -t wifishare "$1"
}
business_whitehost_add()
{
for _host in $1
do
echo "ipset=/$_host/$share_whitehost_ipset" >>$share_whitehost_file
done
}
business_init()
{
rm $share_whitehost_file
touch $share_whitehost_file
for _idx in $hosts_index
do
_hosts=`eval echo '$hosts_'"$_idx"`
business_whitehost_add "$_hosts"
done
}
################### hwnat ###################
hwnat_start()
{
[ "$hashwnat" != "1" ] && return;
uci -q batch <<-EOF >/dev/null
set hwnat.switch.${section_name}=0
commit hwnat
EOF
/etc/init.d/hwnat start &>/dev/null
}
hwnat_stop()
{
[ "$hashwnat" != "1" ] && return;
uci -q batch <<-EOF >/dev/null
set hwnat.switch.${section_name}=1
commit hwnat
EOF
/etc/init.d/hwnat stop &>/dev/null
}
_locked="0"
################### lock ###################
fw3_lock()
{
trap "lock -u $fw3lock; exit 1" SIGHUP SIGINT SIGTERM
lock $fw3lock
return $?
}
fw3_trylock()
{
trap "lock -u $fw3lock; exit 1" SIGHUP SIGINT SIGTERM
lock -n $fw3lock
[ $? == 1 ] && _locked="1"
return $?
}
fw3_unlock()
{
lock -u $fw3lock
}
################### dnsd ###################
share_dnsd_start()
{
killall dnsd > /dev/null 2>&1
guest_gw=$(uci get network.guest.ipaddr)
[ $? != 0 ] && return;
#always create/update the dnsd config file (guest gw maybe changed)
echo "* $guest_gw" > $dnsd_conf
[ $? != 0 ] && return;
dnsd -p $dnsd_port -c $dnsd_conf -d > /dev/null 2>&1
[ $? != 0 ] && {
rm $dnsd_conf > /dev/null 2>&1
return ;
}
}
share_dnsd_stop()
{
killall dnsd > /dev/null 2>&1
[ -f $dnsd_conf ] && {
rm $dnsd_conf > /dev/null 2>&1
}
}
################### config ###################
share_parse_global()
{
local section="$1"
auth_timeout=""
timeout=""
config_get disabled $section disabled &>/dev/null;
#config_get auth_timeout $section auth_timeout &>/dev/null;
[ "$auth_timeout" == "" ] && auth_timeout=${auth_timeout_default}
config_get timeout $section timeout &>/dev/null;
[ "$timeout" == "" ] && timeout=${timeout_default}
config_get _business $section business &>/dev/null;
[ "$_business" == "" ] && _business=${business_default}
config_get _sns $section sns &>/dev/null;
[ "$_sns" == "" ] && _sns=${sns_default}
config_get _active $section active &>/dev/null;
[ "$_active" == "" ] && _active=${active_default}
if [ "$_active" == "business" ]
then
active_type="$_business"
else
active_type="$_sns"
fi
#echo "active -- $_active"
#echo "sns -- $_sns"
#echo "business -- $_business"
#echo "type -- $active_type"
}
share_parse_block()
{
config_get macs_blocked $section mac &>/dev/null;
}
share_ipset_create()
{
_rule_ipset=$1
[ "$_rule_ipset" == "" ] && return;
ipset flush $_rule_ipset >/dev/null 2>&1
ipset destroy $_rule_ipset >/dev/null 2>&1
ipset create $_rule_ipset hash:net >/dev/null
return
}
share_ipset_destroy()
{
_rule_ipset=$1
[ "$_rule_ipset" == "" ] && return;
ipset flush $_rule_ipset >/dev/null 2>&1
ipset destroy $_rule_ipset >/dev/null 2>&1
return
}
################### iptables ###################
ipt_table_create()
{
iptables -t $1 -F $2 >/dev/null 2>&1
iptables -t $1 -X $2 >/dev/null 2>&1
iptables -t $1 -N $2 >/dev/null 2>&1
}
ipt_table_destroy()
{
iptables -t $1 -F $2 >/dev/null 2>&1
iptables -t $1 -X $2 >/dev/null 2>&1
}
################### firewall ###################
share_fw_add_default()
{
[ "$hasctf" == "1" ] && iptables -t mangle -I PREROUTING -i br-guest -j SKIPCTF
ipt_table_create nat $share_nat_table
ipt_table_create nat $share_nat_device_table
ipt_table_create nat $share_nat_dev_redirect_table
ipt_table_create filter $share_filter_table
ipt_table_create filter $share_filter_device_table
iptables -t nat -I zone_guest_prerouting -i br-guest -j $share_nat_table >/dev/null 2>&1
iptables -t filter -I forwarding_rule -i br-guest -j $share_filter_table >/dev/null 2>&1
iptables -t nat -A $share_nat_table -p tcp -j REDIRECT --to-ports ${redirect_port}
iptables -t nat -A $share_nat_table -p udp -j REDIRECT --to-ports ${redirect_port}
#dns redirect
local dnsd_ok="0"
ps | grep dnsd | grep -v grep >/dev/null 2>&1
[ $? == 0 ] && {
dnsd_ok="1"
}
[ "$dnsd_ok" == "1" ] && {
iptables -t nat -I $share_nat_table -p udp -m udp --dport ${dns_port} -j REDIRECT --to-port ${dnsd_port}
}
#device list
iptables -t filter -I $share_filter_table -j $share_filter_device_table
iptables -t nat -I $share_nat_table -j $share_nat_device_table
if [ "$dnsd_ok" == "1" ];
then
iptables -t nat -I $share_nat_dev_redirect_table -j ACCEPT
echo a1
iptables -t nat -I $share_nat_dev_redirect_table -p tcp --dst ${guest_gw} --dport ${http_port} -j REDIRECT --to-ports ${dev_redirect_port}
echo a2
iptables -t nat -I $share_nat_dev_redirect_table -p tcp -m set --match-set ${share_whitehost_ipset} dst -j ACCEPT
else
iptables -t nat -I $share_nat_table -p udp -m udp --dport ${dns_port} -j ACCEPT
fi
for _port in ${whiteport_list}
do
iptables -t nat -I $share_nat_table -p udp -m udp --dport ${_port} -j ACCEPT
done
#white host
iptables -t filter -I $share_filter_table -p tcp -m set --match-set ${share_whitehost_ipset} dst -j ACCEPT
iptables -t nat -I $share_nat_table -p tcp -m set --match-set ${share_whitehost_ipset} dst -j ACCEPT
}
is_active_type()
{
# $1 type
# $2 type list
local _type=""
[ "$1" == "" ] && return 1;
[ "$2" == "" ] && return 1;
#reload
local _is_wechat_pay=$(echo $2 | grep "wifirent_wechat_pay")
[ "$_is_wechat_pay" != "" ] && {
[ "$1" == "$WIFIRENT_NAME" ] && return 0;
}
#wifishare enable
[ "$1" == "$WIFIRENT_NAME" ] && return 0;
for _type in $2
do
[ "$_type" == "$1" ] && return 0;
done
return 1;
}
share_fw_add_device()
{
local section="$1"
local _src_mac=""
local _start=""
local _stop=""
config_get disabled $section disabled &>/dev/null;
[ "$disabled" == "1" ] && return
config_get _start $section datestart &>/dev/null;
[ "$_start" == "" ] && return
config_get _stop $section datestop &>/dev/null;
[ "$_stop" == "" ] && return
config_get _src_mac $section mac &>/dev/null;
[ "$_src_mac" == "" ] && return
config_get _type $section sns &>/dev/null;
[ "$_type" == "" ] && return
is_active_type "$_type" "$active_type" || return;
share_block_has_mac $_src_mac
[ $? -eq 1 ] && return
share_access_remove $_src_mac
iptables -t filter -A $share_filter_device_table -m mac --mac-source $_src_mac -m time --datestart $_stop --kerneltz -j DROP >/dev/null 2>&1
iptables -t nat -I $share_nat_device_table -m mac --mac-source $_src_mac -m time --datestart $_start --datestop $_stop --kerneltz -j ACCEPT >/dev/null 2>&1
return;
}
share_fw_add_device_all()
{
config_load ${section_name}
config_foreach share_fw_add_device device
return;
}
share_fw_remove_all()
{
[ "$hasctf" == "1" ] && iptables -t mangle -D PREROUTING -i br-guest -j SKIPCTF
iptables -t nat -D zone_guest_prerouting -i br-guest -j $share_nat_table >/dev/null 2>&1
iptables -t filter -D forwarding_rule -i br-guest -j $share_filter_table >/dev/null 2>&1
ipt_table_destroy nat $share_nat_table
ipt_table_destroy nat $share_nat_device_table
ipt_table_destroy nat $share_nat_dev_redirect_table
ipt_table_destroy filter $share_filter_table
ipt_table_destroy filter $share_filter_device_table
return
}
################### contrack ###################
share_contrack_remove_perdevice()
{
local section="$1"
local _src_mac=""
local _start=""
local _stop=""
config_get _src_mac $section mac &>/dev/null;
[ "$_src_mac" == "" ] && return
share_contrack_remove $_src_mac
return
}
share_contrack_remove_all()
{
config_load ${section_name}
config_foreach share_contrack_remove_perdevice device
return
}
share_contrack_remove()
{
local _ip=$(/usr/bin/arp | awk -v mac=$1 ' BEGIN{IGNORECASE=1}{if($3==mac) print $1;}' 2>/dev/null)
[ "$_ip" == "" ] && return
echo $_ip > /proc/net/nf_conntrack
return
}
################### block ###################
share_block_has_mac()
{
local _src_mac=$1
local has_mac=""
[ "$_active" == "business" ] && return 0
[ "$macs_blocked" == "" ] && return 0
has_mac=$(echo $macs_blocked | awk -v mac=$_src_mac '{for(i=1;i<=NF;i++) { if($i==mac) print "1"; break;} }')
[ "$has_mac" != "" ] && return 1
return 0;
}
share_block_add_default()
{
share_block_remove_default
ipt_table_create filter $share_block_table
ipt_table_create filter $share_block_table_input
iptables -t filter -I forwarding_rule -i br-guest -j $share_block_table >/dev/null 2>&1
iptables -t filter -I INPUT -i br-guest -j $share_block_table_input >/dev/null 2>&1
iptables -t filter -I $share_block_table_input -p tcp -m tcp --dport 8999 -j ACCEPT
}
share_block_remove_default()
{
iptables -t filter -D forwarding_rule -i br-guest -j $share_block_table >/dev/null 2>&1
iptables -t filter -D INPUT -i br-guest -j $share_block_table_input >/dev/null 2>&1
ipt_table_destroy filter $share_block_table
ipt_table_destroy filter $share_block_table_input
}
share_block_add_perdevice()
{
local section="$1"
local _src_mac=""
config_get _mac_list $section mac &>/dev/null;
for _src_mac in $_mac_list
do
name_dev="${section_name}_block_${_src_mac//:/}"
echo "block device mac: $_src_mac, dev comment: $name_dev."
share_access_remove $_src_mac
iptables -t filter -A $share_block_table_input -m mac --mac-source $_src_mac -j DROP >/dev/null
iptables -t filter -A $share_block_table -m mac --mac-source $_src_mac -j DROP >/dev/null
done
return;
}
share_block_apply()
{
iptables -t filter -F $share_block_table >/dev/null 2>&1
iptables -t filter -F $share_block_table_input >/dev/null 2>&1
iptables -t filter -I $share_block_table_input -p tcp -m tcp --dport 8999 -j ACCEPT
config_load ${section_name}
config_foreach share_block_add_perdevice block
}
share_block_remove_all()
{
iptables -t filter -F $share_block_table >/dev/null 2>&1
}
################### interface ###################
#sns : string, 社交网络代码
#guest_user_id : string, 好友id
#extra_payload : string
#mac : 放行设备mac地址
share_access_prepare()
{
local _src_mac=$1
local _device_id=""
local _current=""
local _start=""
local _stop=""
[ "$_src_mac" == "" ] && return 1;
share_block_has_mac $_src_mac
[ $? -eq 1 ] && return
_device_id=${_src_mac//:/};
_current=$(date "+%Y-%m-%dT%H:%M:%S")
_start=$(echo $_current | awk -v timeout=30 '{gsub(/-|:|T/," ",$0);now=mktime($0);now=now-timeout;print strftime("%Y-%m-%dT%H:%M:%S",now);return;}')
_stop=$(echo $_current | awk -v timeout=$auth_timeout '{gsub(/-|:|T/," ",$0);now=mktime($0);now=now+timeout;print strftime("%Y-%m-%dT%H:%M:%S",now);return;}')
local allowed_datestop=$(uci get ${section_name}.${_device_id}.datestop)
[ "$allowed_datestop" != "" ] && {
local time_now=$(echo $_current | tr -cd '[0-9]')
local time_stop=$(echo $allowed_datestop | tr -cd '[0-9]')
[ $time_stop -ge $time_now ]&& {
return;
}
}
local name_dev="${section_name}_${_device_id}"
share_aceess_remove_iptables $_src_mac
local dnsd_ok="0"
ps | grep dnsd | grep -v grep >/dev/null 2>&1
[ $? == 0 ] && {
dnsd_ok="1"
}
iptables -t filter -I $share_filter_device_table -m mac --mac-source $_src_mac -m time --datestart $_stop --kerneltz -j DROP
if [ "$dnsd_ok" == 1 ];
then
iptables -t nat -I $share_nat_device_table -m mac --mac-source $_src_mac -m time --datestart $_start --datestop $_stop --kerneltz -j ${share_nat_dev_redirect_table}
else
iptables -t nat -I $share_nat_device_table -m mac --mac-source $_src_mac -m time --datestart $_start --datestop $_stop --kerneltz -j ACCEPT
fi
return
}
share_access_allow()
{
local _src_mac=$1
local dev_sns=$2
local _device_id=""
local _start=""
local _stop=""
local force_write=0
local online_time=$(ubus call trafficd hw |jason.sh -b |grep "$_mac"|grep online_timer |awk '{print $2}')
[ "$_src_mac" == "" ] && return 1;
share_block_has_mac $_src_mac
[ $? -eq 1 ] && return
_device_id=${_src_mac//:/};
_current=$(date "+%Y-%m-%dT%H:%M:%S")
_start=$(date "+%Y-%m-%dT%H:%M:%S")
_stop=$(echo $_start | awk -v timeout=$timeout '{gsub(/-|:|T/," ",$0);now=mktime($0);now=now+timeout;print strftime("%Y-%m-%dT%H:%M:%S",now);return;}')
local allowed_datestop=$(uci get ${section_name}.${_device_id}.datestop)
local _payload=$(uci get ${section_name}.${_device_id}.extra_payload)
force_write=$(is_active_type "$_type" "$active_type")
#logger -p warn -t wifishare "force_write $force_write $dev_sns active $active_type"
[ "$allowed_datestop" != "" -a "$force_write" == "0" ] && {
local time_now=$(echo $_current | tr -cd '[0-9]')
local time_stop=$(echo $allowed_datestop | tr -cd '[0-9]')
[ $time_stop -ge $time_now ]&& {
return;
}
}
share_aceess_remove_iptables $_src_mac
iptables -t filter -I $share_filter_device_table -m mac --mac-source $_src_mac -m time --datestart $_stop --kerneltz -j DROP
exe_ret1=$?
iptables -t nat -I $share_nat_device_table -m mac --mac-source $_src_mac -m time --datestart $_start --datestop $_stop --kerneltz -j ACCEPT
exe_ret2=$?
[ "$exe_ret1" != "0" ] && logger -p info -t wifishare "stat_points_none wifishare_error=$_src_mac|iptables_add1|$date_tag|$exe_ret1"
[ "$exe_ret2" != "0" ] && logger -p info -t wifishare "stat_points_none wifishare_error=$_src_mac|iptables_add2|$date_tag|$exe_ret2"
uci -q batch <<-EOF >/dev/null
set ${section_name}.${_device_id}=device
set ${section_name}.${_device_id}.datestart="$_start"
set ${section_name}.${_device_id}.datestop="$_stop"
set ${section_name}.${_device_id}.mac="$_src_mac"
set ${section_name}.${_device_id}.timecount_last="$online_time"
EOF
uci commit ${section_name}
old_ticket=$(echo $_payload | jason.sh -b |grep "\[\"initial_ticket\"\]" |awk '{print $2}' |sed 's/\"//g')
[ "$old_ticket" != "" ] && logger -p info -t wifishare "stat_points_none wifishare_allow=$_src_mac|$old_ticket|$date_tag"
[ "$old_ticket" == "" ] && logger -p info -t wifishare "stat_points_none wifishare_error=$_src_mac|nooldticket|$date_tag"
}
share_aceess_remove_iptables()
{
local _src_mac=$1
local _device_id=""
[ "$_src_mac" == "" ] && return 1;
_device_id=${_src_mac//:/};
# iptables -t filter -A $share_filter_table -m mac --mac-source $_src_mac -m time --datestart $_stop --kerneltz -m comment --comment ${name_dev} -j DROP
iptables-save -t filter | awk -v mac=$_src_mac '/^-A wifishare_filter_device / {
i = 1;
while ( i <= NF )
{
if($i~/--mac-source/)
{
if($(i+1)==mac)
{
gsub("^-A", "-D")
print "iptables -t filter "$0";"
}
}
i++
}
}' |sh
iptables-save -t nat | awk -v mac=$_src_mac '/^-A wifishare_nat_device / {
i = 1;
while ( i <= NF )
{
if($i~/--mac-source/)
{
if($(i+1)==mac)
{
gsub("^-A", "-D")
print "iptables -t nat "$0";"
}
}
i++
}
}' |sh
return;
}
share_access_remove()
{
local _src_mac=$1
share_aceess_remove_iptables $_src_mac
share_contrack_remove $_src_mac
logger -p info -t wifishare "stat_points_none wifishare_remove=$_src_mac|$date_tag"
return
}
timeout_devname_list=""
timeout_time=""
share_timeout_gettime()
{
timeout_time=$(echo 1| awk '{now=systime(); print now }')
}
share_access_timeout_iptables()
{
local _timeout_range=$1
[ -z $_timeout_range ] && _timeout_range=$timeout
[ "$_timeout_range" -le 3600 ] && _timeout_range=3600
let _timeout_range+=30
iptables-save -t nat | awk -v now=$timeout_time -v auth_timeout=$auth_timeout -v range=$_timeout_range '/^-A wifishare_nat_device / {
i = 1;
while ( i <= NF )
{
if($i~/--mac-source/)
{
need_remove=0;
mac=$(i+1);
device_id=mac;
gsub(":", "", device_id);
}
if($i~/--datestart/)
{
datestart=$(i+1)
gsub(/-|:|T/," ", datestart);
start=mktime(datestart);
}
if($i~/--datestop/)
{
datestop=$(i+1);
filter_datestart=datestop;
gsub(/-|:|T/," ", datestop);
stop=mktime(datestop);
if(now>stop)
{
need_remove=1;
}
else if (now-start>range)
{
need_remove=1;
}
}
if($i~/-j/)
{
if(need_remove == 1)
{
gsub("^-A", "-D");
print "iptables -t filter -D wifishare_filter_device -m mac --mac-source "mac" -m time --datestart "filter_datestart" --kerneltz -j DROP";
print "iptables -t nat "$0;
print "logger -p info -t wifishare \"stat_points_none wifishare_timeout="mac"|"datestop"|"now"\""
}
}
i++
}
} ' |sh
return
}
share_access_timeout_config_perdevice()
{
local _mac=""
local _datestop=""
local _stop=""
local _start=""
local need_remove=0
config_get _mac $section mac &>/dev/null;
config_get _datestop $section datestop &>/dev/null;
config_get _datestart $section datestart &>/dev/null;
_stop=$(echo $_datestop |awk '{gsub(/-|:|T/," ", $O); seconds=mktime($0); print seconds;}')
_start=$(echo $_datestart |awk '{gsub(/-|:|T/," ", $O); seconds=mktime($0); print seconds;}')
[ "$timeout_range" != "" ] && {
local _start_timeout
let _start_timeout=$timeout_time-$_start
echo $_start_timeout
[ $_start_timeout -gt $timeout_range ] && {
need_remove=1
}
}
[ $_stop -lt $timeout_time ] && {
need_remove=1;
}
[ "$need_remove" == "1" ] && {
macsets_timeout="$macsets_timeout $_mac"
}
}
share_access_timeout_uci()
{
local macsets_timeout=""
timeout_range=$1
local onemac=""
config_load "${section_name}"
[ -z $timeout_range ] && timeout_range=$timeout
[ "$timeout_range" -le 3600 ] && timeout_range=3600
config_foreach share_access_timeout_config_perdevice device
[ "$macsets_timeout" != "" ] && {
for onemac in $macsets_timeout
do
local _device_id=""
_device_id=${onemac//:/}
share_contrack_remove ${onemac}
uci delete ${section_name}.${_device_id}
done
uci commit ${section_name}
}
}
share_access_timeout()
{
#get current time
share_timeout_gettime
#remove iptables
share_access_timeout_iptables $1
share_access_timeout_uci $1
return
}
share_access_counting_perdevice()
{
local dev_sns=""
local _payload=""
local _timecount=0
local newcount=0
local _mac=""
local _datestop=""
local _stop=""
local _start=""
local old_ticket=""
local need_remove=0
local _device_id=""
config_get dev_sns $section sns &>/dev/null;
[ "$dev_sns" != "$WIFIRENT_NAME" ] && return;
config_get _mac $section mac &>/dev/null;
[ "$_mac" == "" ] && {
logger -p info -t wifishare "stat_points_none wifishare_error=$_mac|macempty"
return;
};
_device_id=${_mac//:/};
online_ifname=$(ubus call trafficd hw |jason.sh -b|grep "\[\"${_mac}\",\"ifname\"\]"|awk '{print $2}'| sed 's/\"//g')
[ "$online_ifname" != "$guest_ifname" -o "$online_ifname" == "" ] && {
uci delete wifishare.${_device_id}.timecount_last
logger -p info -t wifishare "stat_points_none wifishare_error=$_mac|onlineifnameempty"
return;
}
config_get old_ticket $section ticket &>/dev/null;
#[ "$_ticket" == "" ] && return;
config_get _payload $section extra_payload &>/dev/null;
[ "$_payload" == "" ] && {
logger -p info -t wifishare "stat_points_none wifishare_error=$_mac|payloadempty"
return;
}
config_get _lastcount $section timecount_last &>/dev/null;
[ "$_lastcount" == "" ] && _lastcount=0;
#config_get _datestop $section datestop &>/dev/null;
#config_get _datestart $section datestart &>/dev/null;
#_stop=$(echo $_datestop |awk '{gsub(/-|:|T/," ", $O); seconds=mktime($0); print seconds;}')
#_start=$(echo $_datestart |awk '{gsub(/-|:|T/," ", $O); seconds=mktime($0); print seconds;}')
online_time=$(ubus call trafficd hw |jason.sh -b |grep "$_mac"|grep wifishare_timer |awk '{print $2}')
[ "$online_time" == "" ] && {
uci delete wifishare.${_device_id}.timecount_last
logger -p info -t wifishare "stat_points_none wifishare_error=$_mac|onlinetimeempty"
return;
}
[ "$old_ticket" == "" ] && old_ticket=$(echo $_payload | jason.sh -b |grep "\[\"initial_ticket\"\]" |awk '{print $2}' |sed 's/\"//g')
[ "$old_ticket" == "" ] && {
logger -p info -t wifishare "stat_points_none wifishare_error=$_mac|oldticketempty"
return;
}
if [ $_lastcount -eq 0 ]
then
newcount=60
elif [ $_lastcount -ge $online_time ]
then
newcount=$COUNT_INTERVAL_SECS
else
newcount=$(expr $online_time - $_lastcount)
fi
wifishare_log "COUNTING $newcount seconds";
#uci get wifishare.FC64BA9687F9.extra_payload | jason.sh -b
#matool --method api_call --params /device/wifi_rent/counting "{\"ticket\":\"xxxx\",\"duration\":15}"
report_success=0
for report_try in `seq 1 3`
do
matool --method api_call --params /device/wifi_rent/counting "{\"ticket\":\"$old_ticket\", \"duration\":$newcount }" >$MATOOL_DATA_FILE
_code=$( cat $MATOOL_DATA_FILE|jason.sh -b | grep "\"code\"" | awk '{print $2}')
new_ticket=$(cat $MATOOL_DATA_FILE |jason.sh -b |grep "\[\"data\",\"ticket\"\]" | awk '{print $2}' |sed 's/\"//g')
case $_code in
4502 | 4503 )
need_remove=1;
echo "$date_tag $_mac $newcount $old_ticket $new_ticket $_code $need_remove remove" >> $COUNTING_DATA_FILE
#logger -p info -t wifishare "stat_points_none wifishare_counting=$date_tag|$_mac|$newcount|$old_ticket|$new_ticket|$_code|$need_remove|remove"
macsets_arrearage="$macsets_arrearage $_mac"
report_success=1;
break;
;;
-1 )
echo "$date_tag $_mac $newcount $old_ticket $new_ticket $_code $need_remove error" >> $COUNTING_DATA_FILE
logger -p info -t wifishare "stat_points_none wifishare_counting=$date_tag|$_mac|$newcount|$old_ticket|$new_ticket|$_code|$need_remove|error"
continue;
;;
esac
report_success=1;
break
done
[ "$report_success" == "0" ] && {
logger -p info -t wifishare "stat_points_none wifishare_counting=$date_tag|$_mac|$newcount|$old_ticket|$new_ticket|$_code|$need_remove|finalerror"
return;
}
echo "$date_tag $_mac $newcount $old_ticket $new_ticket $_code $need_remove" >> $COUNTING_DATA_FILE
#logger -p info -t wifishare "stat_points_none wifishare_counting=$_mac|$date_tag|$newcount|$old_ticket|$new_ticket|$_code|$need_remove|notremove"
#echo "TIME: $date_tag"
#echo "MAC $_mac"
#echo "SECONDS $newcount"
#echo "OLD TICKET $old_ticket"
#echo "NEW TICKET $new_ticket"
#echo "RETURN CODE $_code"
#echo "NEED REMOVE $need_remove"
#matool --method api_call --params /device/wifi_rent/counting "{\"ticket\":\"$_ticket\", \"duration\":1000}"
#uci get wifishare.FC64BA9687F9.extra_payload | jason.sh -b |grep "\[\"sns\"\]" |awk '{print $2}'
[ "$new_ticket" == "" ] && {
return;
}
uci set wifishare.${_device_id}.timecount_last=${online_time}
uci set wifishare.${_device_id}.ticket=${new_ticket}
return;
}
share_access_counting()
{
local macsets_arrearage=""
timeout_range=$1
local onemac=""
config_load "${section_name}"
config_foreach share_access_counting_perdevice device
[ "$macsets_arrearage" != "" ] && {
for onemac in $macsets_arrearage
do
local _device_id=""
_device_id=${onemac//:/}
share_access_remove ${onemac}
#share_contrack_remove ${onemac}
uci delete ${section_name}.${_device_id}
done
}
uci commit ${section_name}
}
# add timer task to crontab
# eg.
# bridgeap mode gateway check
# */1 * * * * /usr/sbin/ap_mode.sh check_gw
#share_counting_stop_crontab()
#{
# grep -v "/usr/sbin/wifishare.sh counting" /etc/crontabs/root > /etc/crontabs/root.new;
# mv /etc/crontabs/root.new /etc/crontabs/root
# /etc/init.d/cron restart
#}
#share_counting_start_crontab()
#{
# grep -v "/usr/sbin/wifishare.sh counting" /etc/crontabs/root > /etc/crontabs/root.new;
# echo "*/$COUNT_INTERVAL * * * * /usr/sbin/wifishare.sh counting" >> /etc/crontabs/root.new
# mv /etc/crontabs/root.new /etc/crontabs/root
# /etc/init.d/cron restart
#}
share_clean_config_perdevice_wifirent()
{
local _mac=""
#local _sns=""
config_get _mac $section mac &>/dev/null;
macsets_cleaned="$macsets_cleaned $_mac"
}
share_clean_wifirent()
{
local macsets_cleaned=""
config_load "${section_name}"
config_foreach share_clean_config_perdevice_wifirent device
[ "$macsets_cleaned" != "" ] && {
for onemac in $macsets_cleaned
do
local _device_id=""
_device_id=${onemac//:/}
share_contrack_remove ${onemac}
uci delete ${section_name}.${_device_id}
done
uci commit ${section_name}
}
}
share_clean_config_perdevice()
{
local _mac=""
local dev_sns=""
config_get _mac $section mac &>/dev/null;
config_get dev_sns $section sns &>/dev/null;
[ "$dev_sns" == "$WIFIRENT_NAME" ] && return;
macsets_cleaned="$macsets_cleaned $_mac"
}
share_clean_uci_device()
{
local macsets_cleaned=""
config_load "${section_name}"
config_foreach share_clean_config_perdevice device
[ "$macsets_cleaned" != "" ] && {
for onemac in $macsets_cleaned
do
local _device_id=""
_device_id=${onemac//:/}
#share_contrack_remove ${onemac}
share_access_remove ${onemac}
uci delete ${section_name}.${_device_id}
done
uci commit ${section_name}
}
}
share_clean_uci_record()
{
local macsets_cleaned=""
config_load "${section_name}"
config_foreach share_clean_config_perdevice record
[ "$macsets_cleaned" != "" ] && {
for onemac in $macsets_cleaned
do
local _device_id=""
_device_id=${onemac//:/}
share_contrack_remove ${onemac}
uci delete ${section_name}.${_device_id}"_RECORD"
done
uci commit ${section_name}
}
}
share_clean_uci_block()
{
uci delete ${section_name}.blacklist
uci commit ${section_name}
}
share_clean()
{
#iptables -t nat -F $share_nat_device_table >/dev/null 2>&1
#iptables -t nat -F $share_nat_dev_redirect_table >/dev/null 2>&1
#iptables -t filter -F $share_filter_device_table >/dev/null 2>&1
iptables -t filter -F $share_block_table >/dev/null 2>&1
iptables -t filter -F $share_block_table_input >/dev/null 2>&1
iptables -t filter -I $share_block_table_input -p tcp -m tcp --dport 8999 -j ACCEPT
share_clean_uci_device
share_clean_uci_record
share_clean_uci_block
return;
}
share_reload()
{
share_fw_remove_all
share_ipset_create $share_whitehost_ipset
[ "$_active" == "business" ] && business_init
[ "$_active" == "business" ] || share_dnsd_start
share_fw_add_default
share_fw_add_device_all
share_block_remove_default
share_block_add_default
[ "$_active" != "business" ] && share_block_apply
return
}
share_config_set()
{
local _auth_timeout=${1}
local _timeout=${2}
local _dhcp_leasetime=${3}
[ ! -z $_dhcp_leasetime ] && {
uci -q batch <<-EOF >/dev/null
set dhcp.guest.leasetime=${_dhcp_leasetime}
EOF
uci commit dhcp
/etc/init.d/dnsmasq restart
}
uci -q batch <<-EOF >/dev/null
set firewall.${section_name}=include
set firewall.${section_name}.path="/usr/sbin/wifishare.sh reload"
set firewall.${section_name}.reload=1
set ${section_name}.global.auth_timeout=${_auth_timeout}
set ${section_name}.global.timeout=${_timeout}
EOF
uci commit firewall
uci commit ${section_name}
return;
}
share_config_set_default()
{
uci -q batch <<-EOF >/dev/null
del firewall.${section_name}
set ${section_name}.global.auth_timeout=${auth_timeout_default}
set ${section_name}.global.timeout=${timeout_default}
set dhcp.guest.leasetime=12h
EOF
uci commit ${section_name}
uci commit dhcp
uci commit firewall
/etc/init.d/dnsmasq restart
}
share_start()
{
local name_default="${section_name}_default"
local _auth_timeout=${1}
local _timeout=${2}
local _dhcp_leasetime=${3}
has_wifishare=$(uci get firewall.wifishare.path)
[ "$has_wifishare" == "/usr/sbin/wifishare.sh reload" ] && return
[ -z $_auth_timeout ] && _auth_timeout=${auth_timeout_default}
[ -z $_timeout ] && _timeout=${timeout_default}
share_reload
share_config_set $@
return
}
share_stop()
{
share_config_set_default
share_contrack_remove_all
share_fw_remove_all
share_block_remove_all
share_block_remove_default
share_ipset_destroy $share_whitehost_ipset
share_dnsd_stop
share_clean
return
}
guest_network_judge()
{
local _encryption=$(uci get wireless.guest_2G.encryption 2>/dev/null)
local _ssid=$(uci get wireless.guest_2G.ssid 2>/dev/null)
local _disabled=$(uci get wireless.guest_2G.disabled 2>/dev/null)
[ "$_disabled" == 1 ] && exit 1
[ "$_ssid" == "" ] && exit 1
[ "$_encryption" != "none" ] && exit 1
return
}
share_usage()
{
echo "$0:"
echo " on : start guest share, guest must open and encryption is none."
echo " format: $0 on auth_timeout timeout"
echo " auth_timeout default 60 seconds(one minute). "
echo " timeout default 86400 second(one day)"
echo " dhcp_leasetime default 12h (12 hour). other example 60m"
echo " eg: $0 on"
echo " eg: $0 on 120 7200 2h"
echo " off : stop guest share."
echo " format: $0 off"
echo " block_apply: apply block list."
echo " format: $0 block_apply"
echo " prepare: prepare for guest client, allow data transfer for 60 seconds."
echo " format: $0 prepare mac_address"
echo " eg : $0 prepare 01:12:34:ab:cd:ef"
echo " allow : access allow, default 1 day."
echo " format: $0 allow mac_address"
echo " eg : $0 allow 01:12:34:ab:cd:ef"
echo " deny : access deny, default 1 day."
echo " format: $0 deny mac_address"
echo " eg : $0 deny 01:12:34:ab:cd:ef"
echo " timeout: remove timeout item in firewall iptables wifishare."
echo " format: $0 timeout"
echo " other: usage."
return;
}
daemon_stop()
{
local this_pid=$$
local one_pid=""
local _pid_list=""
echo $$ >$counting_pid
ps w|grep wifishare_daemon.sh|grep -v grep
_pid_list=$(ps w|grep wifishare_daemon.sh|grep -v grep |grep -v counting|awk '{print $1}')
for one_pid in $_pid_list
do
echo "curent try pid "$one_pid" end"
[ "$one_pid" != "$this_pid" ] && {
echo "wifishare kill "$one_pid
kill -9 $one_pid
}
done
echo "wifishare daemon stop"
}
daemon_start()
{
daemon_stop
$daemonfile daemon &
}
daemon_run()
{
sleep 60
while true
do
$daemonfile counting
sleep $COUNT_INTERVAL_SECS
done
}
OPT=$1
config_load "${section_name}"
config_foreach share_parse_global global
config_foreach share_parse_block block
#main
wifishare_log "$OPT"
case $OPT in
on)
guest_network_judge
hwnat_stop
fw3_lock
share_start $2 $3 $4
fw3_unlock
daemon_start
#share_counting_start_crontab
return $?
;;
off)
#share_counting_stop_crontab
fw3_lock
share_stop
fw3_unlock
hwnat_start
daemon_stop
return $?
;;
prepare)
local _dev_mac=$(echo "$2"| tr '[a-z]' '[A-Z]')
fw3_lock
wifishare_log "$OPT begin"
share_access_prepare $_dev_mac
#share_access_timeout
wifishare_log "$OPT end"
fw3_unlock
return $?
;;
allow)
local _dev_mac=$(echo "$2"| tr '[a-z]' '[A-Z]')
local _dev_sns="$3"
fw3_lock
wifishare_log "$OPT begin"
share_access_allow $_dev_mac $_dev_sns
share_access_timeout
wifishare_log "$OPT end"
fw3_unlock
return $?
;;
deny)
#deny issue don't delete uci config
local _dev_mac=$(echo "$2"| tr '[a-z]' '[A-Z]')
fw3_trylock
wifishare_log "$OPT begin"
[ "$_locked" == "1" ] && return;
share_access_remove $_dev_mac
share_access_timeout
wifishare_log "$OPT end"
fw3_unlock
return $?
;;
block_apply)
fw3_trylock
[ "$_locked" == "1" ] && return;
share_block_apply
fw3_unlock
return $?
;;
counting)
fw3_trylock
[ "$_locked" == "1" ] && return;
wifishare_log "$OPT begin"
share_access_counting
wifishare_log "$OPT end"
fw3_unlock
;;
daemon)
daemon_run
;;
timeout)
local _timeout=$(echo $2 | sed 's/[^0-9]//g')
fw3_trylock
share_access_timeout $_timeout
fw3_unlock
return $?
;;
clean)
fw3_trylock
[ "$_locked" == "1" ] && return;
wifishare_log "$OPT begin"
share_clean
#share_clean_wifirent
wifishare_log "$OPT end"
fw3_unlock
logger -p info -t wifishare "stat_points_none wifishare_clean=$date_tag"
;;
reload)
wifishare_log "$OPT begin"
share_reload
daemon_start
wifishare_log "$OPT end"
return $?
;;
*)
share_usage
return 0
;;
esac
Reference in New Issue View Git Blame Copy Permalink