From 4176db98cb9a9437c939ac6b9f85fb176614b2cc Mon Sep 17 00:00:00 2001
From: Jan Huwald <jh@sotun.de>
Date: Mon, 23 Apr 2012 16:33:37 +0000
Subject: rewrite splash to use a p2ptbl

- add p2ptbl splash (see doc/splash.org)
- replace all uci queries with p2ptbl queries
- centralize splash db modification in /etc/splash.sh
- add node to the list of splashed devices upon first use of
  /etc/splash.sh (shortly after booting)
- remove locks in cgi-bin/splash_click

diff --git a/doc/splash.org b/doc/splash.org
new file mode 100644
index 0000000..60dc0f3
--- /dev/null
+++ b/doc/splash.org
@@ -0,0 +1,6 @@
+* distribution issues
+  race condition between first IP packet and the p2ptbl update message
+  that has to cause an iptable effect
+* p2ptbl schema
+  1. MAC (in capital letters)
+  2. expiry time (seconds since UNIX epoch)
diff --git a/files/common/etc/splash.sh b/files/common/etc/splash.sh
index b56ddb5..75eb620 100644
--- a/files/common/etc/splash.sh
+++ b/files/common/etc/splash.sh
@@ -1,12 +1,7 @@
 timeout=6000
 chain_prefix=splash_db_
 chain_id_file=/tmp/splash_chain_id
-
-chain_id=$(cat $chain_id_file 2>/dev/null || true)
-if ! [ "$chain_id" -gt 0 ] &>/dev/null; then
-    chain_id=1
-    echo $chain_id > $chain_id_file
-fi
+tbl=/tmp/p2ptbl/splash
 
 lockSplash () {
     exec 666<$chain_id_file
@@ -16,3 +11,34 @@ lockSplash () {
 unlockSplash () {
     exec 666<&-
 }
+
+have_splash_iptable () {
+    state=${1:-$(fsm get inetable)}
+    [ "$state" == "queen" ]
+}
+
+# $mac
+add_splash_iptable () {
+    iptables -t nat -I $chain_prefix$chain_id \
+	-m mac --mac-source "$1" -j ACCEPT
+}
+
+# $mac $time
+add_splash_p2ptbl () {
+    p2ptbl update $tbl "$1" "${2:-$(($(date +%s) + $timeout))}" br-mesh
+}
+
+# determine current splash iptable iteration
+chain_id=$(cat $chain_id_file 2>/dev/null || true)
+if ! [ "$chain_id" -gt 0 ] &>/dev/null; then
+    # first -> create id file
+    chain_id=1
+    echo $chain_id > $chain_id_file
+
+    # create splash p2ptbl and add own MAC addr to it with an at least
+    # year 2033 timeout
+    p2ptbl init $tbl
+    add_splash_p2ptbl \
+	$(ifconfig br-mesh | egrep -o '([0-9A-F]{2}:){5}[0-9A-F]{2}') \
+	2000000000
+fi
diff --git a/files/common/sbin/splash_sync b/files/common/sbin/splash_sync
index 992ec3f..bbb4182 100755
--- a/files/common/sbin/splash_sync
+++ b/files/common/sbin/splash_sync
@@ -1,38 +1,25 @@
 #!/bin/sh -e
-. $IPKG_INSTROOT/etc/functions.sh
 . /etc/splash.sh
 
-x=0
-current_time=$(date +%s)
-splash_check() {
-   config_get mac "$1" mac
-   config_get time "$1" time
-   let time_check=$time+$timeout
-   if [ $time_check -gt  $current_time ]; then
-	# user is splashed
-       iptables -t nat -I $chain -m mac --mac-source $mac -j ACCEPT
-   else
-	# user is no longer splashed / must click again
-       uci delete splash_users.@user[$x]
-   fi
-   let x=$x+1
-}
-
 # check for current inetable state, allowing a command line override
 lockSplash
-state=${1:-$(fsm get inetable)}
-if [ "$state" == "queen" ]; then
-    # functional gateway: copy splash db to a new iptables chain and
-    # replace the old chain with the new one; this ensures that a user
-    # stays splashed during the runtime of this script
+if have_splash_iptable $1; then
+    # remove old entries from splash p2ptbl
+    p2ptbl filter $tbl \
+	awk '{ if ($2 > '$(date +%s)') print $0 }'
+
+    # create new iptables chain from splash p2ptbl and replace the old
+    # chain with the new one; this ensures that a user stays splashed
+    # during the runtime of this script
     chain_id=$(($chain_id + 1))
     chain=$chain_prefix$chain_id
-    echo $chain_id > $chain_id_file
     iptables -t nat -N $chain
-
-    config_load splash_users
-    config_foreach splash_check user
     iptables -t nat -I prerouting_inet_splashed -j $chain
+    echo $chain_id > $chain_id_file
+    p2ptbl show $tbl \
+	| while read mac rest; do
+	    add_splash_iptable "$mac"
+        done
     while iptables -t nat -D prerouting_inet_splashed 2 &>/dev/null; do :; done
 else
     # no working gw -> remove reference to iptable copy of splash db
diff --git a/files/common/www/service/cgi-bin/splash_click.html b/files/common/www/service/cgi-bin/splash_click.html
index 59926d0..8affc71 100755
--- a/files/common/www/service/cgi-bin/splash_click.html
+++ b/files/common/www/service/cgi-bin/splash_click.html
@@ -1,39 +1,21 @@
 #!/bin/sh -e
-
-. $IPKG_INSTROOT/etc/functions.sh
 . /etc/splash.sh
 . /www/service/cgi-bin/common.sh
 
 # decode request params
-#URL="http://$(sed 's/target_url=//g' | urldecode || true)"
-URL="http://sotun.de/"
+URL="http://$(sed 's/target_url=//g' | urldecode || true)"
 USER_MAC=$(grep ^$REMOTE_HOST </proc/net/arp \
 	 | awk 'BEGIN { FS = " " } ; { print $4 }')
 [ -n "$USER_MAC" ]
 
-# check if user is already splashed; splash otherwise
-lockSplash
-ISSPLASHED=0
-config_load splash_users
-is_mac() {
-   config_get mac "$1" mac
-   if [ "$mac" == "$USER_MAC" ]; then
-   	ISSPLASHED=1
-   fi
-}
-config_foreach is_mac user
-if [ $ISSPLASHED -eq 0 ]; then
-    # user is now free to go
-    chain=$chain_prefix$chain_id
-    if have_internet; then
-	iptables -t nat -I $chain 1 -m mac --mac-source $USER_MAC -j ACCEPT
+# check if user is already splashed; splash otherwise; refresh the
+# p2ptbl entry in any case (renews the timer)
+if [ -z "$(p2ptbl get $tbl "$USER_MAC")" ]; then
+    if have_splash_iptable; then
+	add_splash_iptable "$USER_MAC"
     fi
-
-    uci -q add splash_users user >/dev/null
-    uci -q set splash_users.@user[-1].mac=$USER_MAC
-    uci -q set splash_users.@user[-1].time=`date +%s`
 fi
-unlockSplash
+add_splash_p2ptbl "$USER_MAC"
 
 # send response (encode / to not confuse sed)
 
-- 
cgit v0.10.1