diff options
| author | Jan Huwald <jh@sotun.de> | 2012-04-23 16:33:37 (GMT) |
|---|---|---|
| committer | Jan Huwald <jh@sotun.de> | 2012-04-23 16:33:37 (GMT) |
| commit | 4176db98cb9a9437c939ac6b9f85fb176614b2cc (patch) | |
| tree | b7bd9497beed44948c1bcadca34246ad0c29e55d | |
| parent | 312d7c1eb3b92e11b192c0717b1480d096db20d3 (diff) | |
rewrite splash to use a p2ptbl
- add p2ptbl splash (see doc/splash.org)
- replace all uci queries with p2ptbl queries
- centralize splash db modification in /etc/splash.sh
- add node to the list of splashed devices upon first use of
/etc/splash.sh (shortly after booting)
- remove locks in cgi-bin/splash_click
| -rw-r--r-- | doc/splash.org | 6 | ||||
| -rw-r--r-- | files/common/etc/splash.sh | 38 | ||||
| -rwxr-xr-x | files/common/sbin/splash_sync | 39 | ||||
| -rwxr-xr-x | files/common/www/service/cgi-bin/splash_click.html | 32 |
4 files changed, 58 insertions, 57 deletions
diff --git a/doc/splash.org b/doc/splash.org new file mode 100644 index 0000000..60dc0f3 --- /dev/null +++ b/doc/splash.org @@ -0,0 +1,6 @@ +* distribution issues + race condition between first IP packet and the p2ptbl update message + that has to cause an iptable effect +* p2ptbl schema + 1. MAC (in capital letters) + 2. expiry time (seconds since UNIX epoch) diff --git a/files/common/etc/splash.sh b/files/common/etc/splash.sh index b56ddb5..75eb620 100644 --- a/files/common/etc/splash.sh +++ b/files/common/etc/splash.sh @@ -1,12 +1,7 @@ timeout=6000 chain_prefix=splash_db_ chain_id_file=/tmp/splash_chain_id - -chain_id=$(cat $chain_id_file 2>/dev/null || true) -if ! [ "$chain_id" -gt 0 ] &>/dev/null; then - chain_id=1 - echo $chain_id > $chain_id_file -fi +tbl=/tmp/p2ptbl/splash lockSplash () { exec 666<$chain_id_file @@ -16,3 +11,34 @@ lockSplash () { unlockSplash () { exec 666<&- } + +have_splash_iptable () { + state=${1:-$(fsm get inetable)} + [ "$state" == "queen" ] +} + +# $mac +add_splash_iptable () { + iptables -t nat -I $chain_prefix$chain_id \ + -m mac --mac-source "$1" -j ACCEPT +} + +# $mac $time +add_splash_p2ptbl () { + p2ptbl update $tbl "$1" "${2:-$(($(date +%s) + $timeout))}" br-mesh +} + +# determine current splash iptable iteration +chain_id=$(cat $chain_id_file 2>/dev/null || true) +if ! [ "$chain_id" -gt 0 ] &>/dev/null; then + # first -> create id file + chain_id=1 + echo $chain_id > $chain_id_file + + # create splash p2ptbl and add own MAC addr to it with an at least + # year 2033 timeout + p2ptbl init $tbl + add_splash_p2ptbl \ + $(ifconfig br-mesh | egrep -o '([0-9A-F]{2}:){5}[0-9A-F]{2}') \ + 2000000000 +fi diff --git a/files/common/sbin/splash_sync b/files/common/sbin/splash_sync index 992ec3f..bbb4182 100755 --- a/files/common/sbin/splash_sync +++ b/files/common/sbin/splash_sync @@ -1,38 +1,25 @@ #!/bin/sh -e -. $IPKG_INSTROOT/etc/functions.sh . /etc/splash.sh -x=0 -current_time=$(date +%s) -splash_check() { - config_get mac "$1" mac - config_get time "$1" time - let time_check=$time+$timeout - if [ $time_check -gt $current_time ]; then - # user is splashed - iptables -t nat -I $chain -m mac --mac-source $mac -j ACCEPT - else - # user is no longer splashed / must click again - uci delete splash_users.@user[$x] - fi - let x=$x+1 -} - # check for current inetable state, allowing a command line override lockSplash -state=${1:-$(fsm get inetable)} -if [ "$state" == "queen" ]; then - # functional gateway: copy splash db to a new iptables chain and - # replace the old chain with the new one; this ensures that a user - # stays splashed during the runtime of this script +if have_splash_iptable $1; then + # remove old entries from splash p2ptbl + p2ptbl filter $tbl \ + awk '{ if ($2 > '$(date +%s)') print $0 }' + + # create new iptables chain from splash p2ptbl and replace the old + # chain with the new one; this ensures that a user stays splashed + # during the runtime of this script chain_id=$(($chain_id + 1)) chain=$chain_prefix$chain_id - echo $chain_id > $chain_id_file iptables -t nat -N $chain - - config_load splash_users - config_foreach splash_check user iptables -t nat -I prerouting_inet_splashed -j $chain + echo $chain_id > $chain_id_file + p2ptbl show $tbl \ + | while read mac rest; do + add_splash_iptable "$mac" + done while iptables -t nat -D prerouting_inet_splashed 2 &>/dev/null; do :; done else # no working gw -> remove reference to iptable copy of splash db diff --git a/files/common/www/service/cgi-bin/splash_click.html b/files/common/www/service/cgi-bin/splash_click.html index 59926d0..8affc71 100755 --- a/files/common/www/service/cgi-bin/splash_click.html +++ b/files/common/www/service/cgi-bin/splash_click.html @@ -1,39 +1,21 @@ #!/bin/sh -e - -. $IPKG_INSTROOT/etc/functions.sh . /etc/splash.sh . /www/service/cgi-bin/common.sh # decode request params -#URL="http://$(sed 's/target_url=//g' | urldecode || true)" -URL="http://sotun.de/" +URL="http://$(sed 's/target_url=//g' | urldecode || true)" USER_MAC=$(grep ^$REMOTE_HOST </proc/net/arp \ | awk 'BEGIN { FS = " " } ; { print $4 }') [ -n "$USER_MAC" ] -# check if user is already splashed; splash otherwise -lockSplash -ISSPLASHED=0 -config_load splash_users -is_mac() { - config_get mac "$1" mac - if [ "$mac" == "$USER_MAC" ]; then - ISSPLASHED=1 - fi -} -config_foreach is_mac user -if [ $ISSPLASHED -eq 0 ]; then - # user is now free to go - chain=$chain_prefix$chain_id - if have_internet; then - iptables -t nat -I $chain 1 -m mac --mac-source $USER_MAC -j ACCEPT +# check if user is already splashed; splash otherwise; refresh the +# p2ptbl entry in any case (renews the timer) +if [ -z "$(p2ptbl get $tbl "$USER_MAC")" ]; then + if have_splash_iptable; then + add_splash_iptable "$USER_MAC" fi - - uci -q add splash_users user >/dev/null - uci -q set splash_users.@user[-1].mac=$USER_MAC - uci -q set splash_users.@user[-1].time=`date +%s` fi -unlockSplash +add_splash_p2ptbl "$USER_MAC" # send response (encode / to not confuse sed) |