diff options
| -rw-r--r-- | doc/splash.org | 6 | ||||
| -rw-r--r-- | files/common/etc/splash.sh | 38 | ||||
| -rwxr-xr-x | files/common/sbin/splash_sync | 39 | ||||
| -rwxr-xr-x | files/common/www/service/cgi-bin/splash_click.html | 32 | 
4 files changed, 58 insertions, 57 deletions
| diff --git a/doc/splash.org b/doc/splash.org new file mode 100644 index 0000000..60dc0f3 --- /dev/null +++ b/doc/splash.org @@ -0,0 +1,6 @@ +* distribution issues +  race condition between first IP packet and the p2ptbl update message +  that has to cause an iptable effect +* p2ptbl schema +  1. MAC (in capital letters) +  2. expiry time (seconds since UNIX epoch) diff --git a/files/common/etc/splash.sh b/files/common/etc/splash.sh index b56ddb5..75eb620 100644 --- a/files/common/etc/splash.sh +++ b/files/common/etc/splash.sh @@ -1,12 +1,7 @@  timeout=6000  chain_prefix=splash_db_  chain_id_file=/tmp/splash_chain_id - -chain_id=$(cat $chain_id_file 2>/dev/null || true) -if ! [ "$chain_id" -gt 0 ] &>/dev/null; then -    chain_id=1 -    echo $chain_id > $chain_id_file -fi +tbl=/tmp/p2ptbl/splash  lockSplash () {      exec 666<$chain_id_file @@ -16,3 +11,34 @@ lockSplash () {  unlockSplash () {      exec 666<&-  } + +have_splash_iptable () { +    state=${1:-$(fsm get inetable)} +    [ "$state" == "queen" ] +} + +# $mac +add_splash_iptable () { +    iptables -t nat -I $chain_prefix$chain_id \ +	-m mac --mac-source "$1" -j ACCEPT +} + +# $mac $time +add_splash_p2ptbl () { +    p2ptbl update $tbl "$1" "${2:-$(($(date +%s) + $timeout))}" br-mesh +} + +# determine current splash iptable iteration +chain_id=$(cat $chain_id_file 2>/dev/null || true) +if ! [ "$chain_id" -gt 0 ] &>/dev/null; then +    # first -> create id file +    chain_id=1 +    echo $chain_id > $chain_id_file + +    # create splash p2ptbl and add own MAC addr to it with an at least +    # year 2033 timeout +    p2ptbl init $tbl +    add_splash_p2ptbl \ +	$(ifconfig br-mesh | egrep -o '([0-9A-F]{2}:){5}[0-9A-F]{2}') \ +	2000000000 +fi diff --git a/files/common/sbin/splash_sync b/files/common/sbin/splash_sync index 992ec3f..bbb4182 100755 --- a/files/common/sbin/splash_sync +++ b/files/common/sbin/splash_sync @@ -1,38 +1,25 @@  #!/bin/sh -e -. $IPKG_INSTROOT/etc/functions.sh  . /etc/splash.sh -x=0 -current_time=$(date +%s) -splash_check() { -   config_get mac "$1" mac -   config_get time "$1" time -   let time_check=$time+$timeout -   if [ $time_check -gt  $current_time ]; then -	# user is splashed -       iptables -t nat -I $chain -m mac --mac-source $mac -j ACCEPT -   else -	# user is no longer splashed / must click again -       uci delete splash_users.@user[$x] -   fi -   let x=$x+1 -} -  # check for current inetable state, allowing a command line override  lockSplash -state=${1:-$(fsm get inetable)} -if [ "$state" == "queen" ]; then -    # functional gateway: copy splash db to a new iptables chain and -    # replace the old chain with the new one; this ensures that a user -    # stays splashed during the runtime of this script +if have_splash_iptable $1; then +    # remove old entries from splash p2ptbl +    p2ptbl filter $tbl \ +	awk '{ if ($2 > '$(date +%s)') print $0 }' + +    # create new iptables chain from splash p2ptbl and replace the old +    # chain with the new one; this ensures that a user stays splashed +    # during the runtime of this script      chain_id=$(($chain_id + 1))      chain=$chain_prefix$chain_id -    echo $chain_id > $chain_id_file      iptables -t nat -N $chain - -    config_load splash_users -    config_foreach splash_check user      iptables -t nat -I prerouting_inet_splashed -j $chain +    echo $chain_id > $chain_id_file +    p2ptbl show $tbl \ +	| while read mac rest; do +	    add_splash_iptable "$mac" +        done      while iptables -t nat -D prerouting_inet_splashed 2 &>/dev/null; do :; done  else      # no working gw -> remove reference to iptable copy of splash db diff --git a/files/common/www/service/cgi-bin/splash_click.html b/files/common/www/service/cgi-bin/splash_click.html index 59926d0..8affc71 100755 --- a/files/common/www/service/cgi-bin/splash_click.html +++ b/files/common/www/service/cgi-bin/splash_click.html @@ -1,39 +1,21 @@  #!/bin/sh -e - -. $IPKG_INSTROOT/etc/functions.sh  . /etc/splash.sh  . /www/service/cgi-bin/common.sh  # decode request params -#URL="http://$(sed 's/target_url=//g' | urldecode || true)" -URL="http://sotun.de/" +URL="http://$(sed 's/target_url=//g' | urldecode || true)"  USER_MAC=$(grep ^$REMOTE_HOST </proc/net/arp \  	 | awk 'BEGIN { FS = " " } ; { print $4 }')  [ -n "$USER_MAC" ] -# check if user is already splashed; splash otherwise -lockSplash -ISSPLASHED=0 -config_load splash_users -is_mac() { -   config_get mac "$1" mac -   if [ "$mac" == "$USER_MAC" ]; then -   	ISSPLASHED=1 -   fi -} -config_foreach is_mac user -if [ $ISSPLASHED -eq 0 ]; then -    # user is now free to go -    chain=$chain_prefix$chain_id -    if have_internet; then -	iptables -t nat -I $chain 1 -m mac --mac-source $USER_MAC -j ACCEPT +# check if user is already splashed; splash otherwise; refresh the +# p2ptbl entry in any case (renews the timer) +if [ -z "$(p2ptbl get $tbl "$USER_MAC")" ]; then +    if have_splash_iptable; then +	add_splash_iptable "$USER_MAC"      fi - -    uci -q add splash_users user >/dev/null -    uci -q set splash_users.@user[-1].mac=$USER_MAC -    uci -q set splash_users.@user[-1].time=`date +%s`  fi -unlockSplash +add_splash_p2ptbl "$USER_MAC"  # send response (encode / to not confuse sed) | 
