diff options
| author | Katze Miau <miaukatzemiau@priveasy.de> | 2011-12-20 16:30:27 (GMT) |
|---|---|---|
| committer | Katze Miau <miaukatzemiau@priveasy.de> | 2011-12-20 16:30:27 (GMT) |
| commit | 8ebdb23cff88abd518c8f631eb5e8cc65036d08e (patch) | |
| tree | e223ba0259f69ff66d239cc498eedc6944d62f91 /files/common/sbin | |
| parent | 2c089f72e227ec7229709c7903d322ef42986abd (diff) | |
reintegrate splash
- add cronjob for splash_sync (every minute for debugging; to be
increased)
- add redirection for unsplashed users in queen.enter, remove it in
queen.leave
- add /etc/splash.sh to centralize functionality used in
/sbin/splash_sync and /www/service/*splash*
- make splash_sync to use a transactional update approach: insert
iptable rules for all splashed MACs into a new chain, then replace
old and new chain; this avoids downtime even if splash_sync is slow
- remove allowed services for splashed users; this is intended to not
move old cruft over to new code; if any of the those services shall
be reenabled, it should happen in /etc/firewall.user
- make /sbin/splash_sync aware of the current state of FSM inetable
(read via /sbin/fsm with optional command line override); this
allows to unconditionally call splash_sync via cron
- add locks to all places where the splash state is touched
- remove multiple escaping/quoting/encoding problems in splash cgi
scripts
- reenable link to the page the user initially demanded in
/www/service/cgi-bin/splash_click
Diffstat (limited to 'files/common/sbin')
| -rwxr-xr-x | files/common/sbin/splash_sync | 72 |
1 files changed, 34 insertions, 38 deletions
diff --git a/files/common/sbin/splash_sync b/files/common/sbin/splash_sync index 3a2b0f1..978583f 100755 --- a/files/common/sbin/splash_sync +++ b/files/common/sbin/splash_sync @@ -1,51 +1,47 @@ -#!/bin/sh +#!/bin/sh -e . $IPKG_INSTROOT/etc/functions.sh +. /etc/splash.sh + x=0 -config_load splash_users -test=1 -myip=`uci get network.mesh.ipaddr` +current_time=$(date +%s) splash_check() { - timeout=6000 - current_time=`date +%s` config_get mac "$1" mac config_get time "$1" time - local config="$1" let time_check=$time+$timeout if [ $time_check -gt $current_time ]; then - # User ist noch gesplashed - iptables -t nat -D ffj_splash -m mac --mac-source $mac -j ACCEPT - iptables -t nat -I ffj_splash 1 -m mac --mac-source $mac -j ACCEPT + # user is splashed + iptables -t nat -I $chain -m mac --mac-source $mac -j ACCEPT else - # User is not longer splashed / the user must click again - iptables -t nat -D ffj_splash -m mac --mac-source $mac -j ACCEPT - uci delete splash_users.@user[$x].mac - uci delete splash_users.@user[$x].time - uci delete splash_users.@user[$x] - + # user is no longer splashed / must click again + uci delete splash_users.@user[$x] fi let x=$x+1 } -#chain refresh -iptables -t nat -D zone_mesh_prerouting -p tcp -j ffj_splash -iptables -t nat -F ffj_splash -iptables -t nat -X ffj_splash -#recreation -iptables -t nat -N ffj_splash -iptables -t nat -I zone_mesh_prerouting 1 -p tcp -j ffj_splash -config_foreach splash_check user -#DNS Whitelisting -iptables -t nat -p udp -A ffj_splash --dport 53 -j ACCEPT -#Jabber Whitelisting -iptables -t nat -p tcp -A ffj_splash --dport 5222 -j ACCEPT -iptables -t nat -p tcp -A ffj_splash --dport 5223 -j ACCEPT -#Free Wavez in Freifunk -iptables -t nat -A ffj_splash -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT -#Freifunk-Jena Whitelisting -iptables -t nat -A ffj_splash -d freifunk-jena.de -j ACCEPT -iptables -t nat -A ffj_splash -d www.freifunk-jena.de -j ACCEPT -#Jappix Whitelisting -iptables -t nat -A ffj_splash -d static.jappix.com -j ACCEPT -iptables -t nat -A ffj_splash -p tcp -j DNAT --to $myip:80 - +# check for current inetable state, allowing a command line override +lockSplash +state=${1:-$(fsm get inetable)} +if [ "$state" == "queen" ]; then + # functional gateway: copy splash db to a new iptables chain and + # replace the old chain with the new one; this ensures that a user + # stays splashed during the runtime of this script + chain_id=$(($chain_id + 1)) + chain=$chain_prefix$chain_id + echo $chain_id > $chain_id_file + iptables -t nat -N $chain + + config_load splash_users + config_foreach splash_check user + iptables -t nat -I prerouting_inet_splashed -j $chain + while iptables -t nat -D prerouting_inet_splashed 2 &>/dev/null; do :; done +else + # no working gw -> remove reference to iptable copy of splash db + iptables -t nat -F prerouting_inet_splashed +fi +# remove old splash_db chains +for i in $(iptables -t nat -L | grep ^Chain | grep '0 references' \ + | cut -f2 -d' ' | grep ^splash_db); do + iptables -t nat -F $i + iptables -t nat -X $i +done |