node("splash").target = call("action_dispatch")
node("splash", "activate").target = call("action_activate")
node("splash", "splash").target = template("splash_splash/splash")
+
+ entry({"admin", "status", "splash"}, call("action_status_admin"), "Client-Splash")
end
function action_dispatch()
luci.http.redirect(luci.dispatcher.build_url())
end
end
+
+function action_status_admin()
+ local uci = luci.model.uci.cursor_state()
+ local macs = luci.http.formvaluetable("save")
+
+ local function delete_mac(what, mac)
+ uci:delete_all("luci_splash", what,
+ function(s)
+ return ( s.mac and s.mac:lower() == mac )
+ end)
+ end
+
+ local function leases(mac)
+ local leases = { }
+
+ uci:foreach("luci_splash", "lease", function(s)
+ if s.start and s.mac and s.mac:lower() ~= mac then
+ leases[#leases+1] = {
+ start = s.start,
+ mac = s.mac
+ }
+ end
+ end)
+
+ uci:revert("luci_splash")
+
+ return leases
+ end
+
+ local function commit(leases, no_commit)
+ if not no_commit then
+ uci:save("luci_splash")
+ uci:commit("luci_splash")
+ end
+
+ for _, l in ipairs(leases) do
+ uci:section("luci_splash", "lease", nil, l)
+ end
+
+ uci:save("luci_splash")
+ os.execute("/etc/init.d/luci_splash restart")
+ end
+
+ for key, _ in pairs(macs) do
+ local policy = luci.http.formvalue("policy.%s" % key)
+ local mac = luci.http.protocol.urldecode(key)
+ local lslist = leases(policy ~= "kick" and mac)
+
+ delete_mac("blacklist", mac)
+ delete_mac("whitelist", mac)
+
+ if policy == "whitelist" or policy == "blacklist" then
+ uci:section("luci_splash", policy, nil, { mac = mac })
+ elseif policy == "normal" then
+ lslist[#lslist+1] = { mac = mac, start = os.time() }
+ elseif policy == "kick" then
+ for _, l in ipairs(lslist) do
+ if l.mac:lower() == mac then l.kicked="1" end
+ end
+ end
+
+ commit(lslist)
+ end
+
+ luci.template.render("admin_status/splash", { is_admin = true })
+end
--- /dev/null
+<%#
+LuCI - Lua Configuration Interface
+Copyright 2009 Jo-Philipp Wich <xm@leipzig.freifunk.net>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+
+-%>
+
+<%-
+
+local utl = require "luci.util"
+local ipt = require "luci.sys.iptparser".IptParser()
+local uci = require "luci.model.uci".cursor_state()
+local wat = require "luci.tools.webadmin"
+local clients = { }
+local leasetime = tonumber(uci:get("luci_splash", "general", "leasetime") or 1) * 60 * 60
+local leasefile = "/tmp/dhcp.leases"
+
+uci:foreach("dhcp", "dnsmasq",
+ function(s)
+ if s.leasefile then leasefile = s.leasefile end
+ end)
+
+
+uci:foreach("luci_splash", "lease",
+ function(s)
+ if s.start and s.mac then
+ clients[s.mac:lower()] = {
+ start = tonumber(s.start),
+ limit = ( tonumber(s.start) + leasetime ),
+ mac = s.mac:upper(),
+ policy = "normal",
+ packets = 0,
+ bytes = 0,
+ kicked = s.kicked and true or false
+ }
+ end
+ end)
+
+for _, r in ipairs(ipt:find({table="nat", chain="luci_splash_leases"})) do
+ if r.options and #r.options >= 2 and r.options[1] == "MAC" then
+ if not clients[r.options[2]:lower()] then
+ clients[r.options[2]:lower()] = {
+ start = 0,
+ limit = 0,
+ mac = r.options[2]:upper(),
+ policy = ( r.target == "RETURN" ) and "whitelist" or "blacklist",
+ packets = 0,
+ bytes = 0
+ }
+ end
+ end
+end
+
+for _, r in ipairs(ipt:find({table="filter", chain="luci_splash_counter"})) do
+ if r.options and #r.options >= 2 and r.options[1] == "MAC" then
+ local c = clients[r.options[2]:lower()]
+ if c and c.packets == 0 then
+ c.bytes = tonumber(r.bytes)
+ c.packets = tonumber(r.packets)
+ end
+ end
+end
+
+uci:foreach("luci_splash", "whitelist",
+ function(s)
+ if s.mac and clients[s.mac:lower()] then
+ clients[s.mac:lower()].policy="whitelist"
+ end
+ end)
+
+uci:foreach("luci_splash", "blacklist",
+ function(s)
+ if s.mac and clients[s.mac:lower()] then
+ clients[s.mac:lower()].policy=(s.kicked and "kicked" or "blacklist")
+ end
+ end)
+
+if luci.fs.access(leasefile) then
+ for l in io.lines(leasefile) do
+ local time, mac, ip, name = l:match("^(%d+) (%S+) (%S+) (%S+)")
+ if time and mac and ip then
+ local c = clients[mac:lower()]
+ if c then
+ c.ip = ip
+ c.hostname = ( name ~= "*" ) and name or nil
+ end
+ end
+ end
+end
+
+for i, a in ipairs(luci.sys.net.arptable()) do
+ local c = clients[a["HW address"]:lower()]
+ if c and not c.ip then
+ c.ip = a["IP address"]
+ end
+end
+
+local function showmac(mac)
+ if not is_admin then
+ mac = mac:gsub("(%S%S:%S%S):%S%S:%S%S:(%S%S:%S%S)", "%1:XX:XX:%2")
+ end
+ return mac
+end
+
+-%>
+
+<%+header%>
+
+<div id="cbi-splash-leases" class="cbi-map">
+ <h2><a id="content" name="content"><%:ff_splash Client-Splash%></a></h2>
+ <fieldset id="cbi-table-table" class="cbi-section">
+ <legend><%:ff_splash_clients Active Clients%></legend>
+ <div class="cbi-section-node">
+ <% if is_admin then %><form action="<%=REQUEST_URI%>" method="post"><% end %>
+ <table class="cbi-section-table">
+ <tr class="cbi-section-table-titles">
+ <th class="cbi-section-table-cell"><%:ff_splash_hostname Hostname%></th>
+ <th class="cbi-section-table-cell"><%:ff_splash_ip IP Address%></th>
+ <th class="cbi-section-table-cell"><%:ff_splash_mac MAC Address%></th>
+ <th class="cbi-section-table-cell"><%:ff_splash_timeleft Time remaining%></th>
+ <th class="cbi-section-table-cell"><%:ff_splash_traffic Outgoing traffic%></th>
+ <th class="cbi-section-table-cell"><%:ff_splash_policy Policy%></th>
+ </tr>
+
+ <%-
+ local count = 0
+ for _, c in utl.spairs(clients,
+ function(a,b)
+ if clients[a].policy == clients[b].policy then
+ return (clients[a].start > clients[b].start)
+ else
+ return (clients[a].policy > clients[b].policy)
+ end
+ end)
+ do
+ if c.ip then
+ count = count + 1
+ -%>
+ <tr class="cbi-section-table-row cbi-rowstyle-<%=2-(count%2)%>">
+ <td class="cbi-section-table-cell"><%=c.hostname or "<em>" .. translate("ff_splash_unknown", "unknown") .. "</em>"%></td>
+ <td class="cbi-section-table-cell"><%=c.ip or "<em>" .. translate("ff_splash_unknown", "unknown") .. "</em>"%></td>
+ <td class="cbi-section-table-cell"><%=showmac(c.mac)%></td>
+ <td class="cbi-section-table-cell"><%=
+ (c.limit >= os.time()) and wat.date_format(c.limit-os.time()) or
+ (c.policy ~= "normal") and "-" or "<em>" .. translate("ff_splash_expired", "expired") .. "</em>"
+ %></td>
+ <td class="cbi-section-table-cell"><%=wat.byte_format(c.bytes)%></td>
+ <td class="cbi-section-table-cell">
+ <% if is_admin then %>
+ <select name="policy.<%=c.mac:lower()%>" style="width:200px">
+ <option value="whitelist"<%=c.policy=="whitelist" and ' selected="selected"'%>><%:ff_splash_whitelisted whitelisted%></option>
+ <option value="normal"<%=c.policy=="normal" and not c.kicked and ' selected="selected"'%>><%:ff_splash_splashed splashed%></option>
+ <option value="blacklist"<%=c.policy=="blacklist" and ' selected="selected"'%>><%:ff_splash_blacklisted blacklisted%></option>
+ <% if c.policy == "normal" then -%>
+ <option value="kick"<%=c.kicked and ' selected="selected"'%>><%:ff_splash_tempblock temporarily blocked%> (<%=wat.date_format(c.limit-os.time())%>)</option>
+ <%- end %>
+ </select>
+ <input type="submit" class="cbi-button cbi-button-save" name="save.<%=c.mac:lower()%>" value="<%:save Save%>" />
+ <% else %>
+ <%=c.policy%>
+ <% end %>
+ </td>
+ </tr>
+ <%-
+ end
+ end
+
+ if count == 0 then
+ -%>
+ <tr class="cbi-section-table-row">
+ <td colspan="7" class="cbi-section-table-cell">
+ <br /><em><%:ff_splash_noclients No clients connected%></em><br />
+ </td>
+ </tr>
+ <%- end -%>
+ </table>
+ <% if is_admin then %></form><% end %>
+ </div>
+ </fieldset>
+</div>
+
+<%+footer%>
local cfg="$1"
config_get mac "$cfg" mac
- [ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP
+ [ -n "$mac" ] && {
+ iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN
+ iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP
+ }
}
whitelist_add() {
local cfg="$1"
config_get mac "$cfg" mac
- [ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j RETURN
+ config_get ban "$cfg" kicked
+
+ ban=${ban:+DROP}
+
+ [ -n "$mac" ] && {
+ iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN
+ iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j "${ban:-RETURN}"
+ }
}
boot() {
include /lib/network
scan_interfaces
config_load luci_splash
-
+
### Create subchains
+ iptables -N luci_splash_counter
iptables -t nat -N luci_splash_portal
iptables -t nat -N luci_splash_leases
iptables -t nat -N luci_splash_prerouting
-
+
### Build the main and portal rule
config_foreach blacklist_add blacklist
config_foreach whitelist_add whitelist
config_foreach whitelist_add lease
config_foreach iface_add iface
-
+
### Build the portal rule
+ iptables -I INPUT -j luci_splash_counter
+ iptables -I FORWARD -j luci_splash_counter
iptables -t nat -A luci_splash_portal -p udp --dport 33434:33523 -j RETURN
iptables -t nat -A luci_splash_portal -p icmp -j RETURN
iptables -t nat -A luci_splash_portal -p udp --dport 53 -j RETURN
iptables -t nat -A luci_splash_portal -j luci_splash_leases
-
+
### Build the leases rule
iptables -t nat -A luci_splash_leases -p tcp --dport 80 -j REDIRECT --to-ports 8082
iptables -t nat -A luci_splash_leases -j DROP
-
+
### Add crontab entry
test -f /etc/crontabs/root || touch /etc/crontabs/root
grep -q luci-splash /etc/crontabs/root || {
### Clear interface rules
config_load luci_splash
config_foreach iface_del iface
-
+ iptables -D INPUT -j luci_splash_counter
+ iptables -D FORWARD -j luci_splash_counter
+
### Clear subchains
iptables -t nat -F luci_splash_leases
iptables -t nat -F luci_splash_portal
iptables -t nat -F luci_splash_prerouting
-
+ iptables -F luci_splash_counter
+
### Delete subchains
iptables -t nat -X luci_splash_leases
iptables -t nat -X luci_splash_portal
iptables -t nat -X luci_splash_prerouting
+ iptables -X luci_splash_counter
sed -ie '/\/usr\/sbin\/luci-splash sync/d' /var/spool/cron/crontabs/root
}
#!/usr/bin/lua
-require("luci.http")
require("luci.util")
require("luci.model.uci")
+require("luci.sys.iptparser")
-- Init state session
local uci = luci.model.uci.cursor_state()
+local ipt = luci.sys.iptparser.IptParser()
function main(argv)
local cmd = argv[1]
local arg = argv[2]
- if cmd == "status" then
- if not arg then
- os.exit(1)
- end
-
- if iswhitelisted(arg) then
+ if cmd == "status" and arg then
+ if islisted("whitelist", arg) then
print("whitelisted")
- os.exit(0)
+ elseif islisted("blacklist", arg) then
+ print("blacklisted")
+ else
+ local lease = haslease(arg)
+ if lease and lease.kicked then
+ print("kicked")
+ elseif lease then
+ print("lease")
+ else
+ print("unknown")
+ end
end
-
- if haslease(arg) then
- print("lease")
- os.exit(0)
- end
-
- print("unknown")
os.exit(0)
- elseif cmd == "add" then
- if not arg then
- os.exit(1)
- end
-
+ elseif cmd == "add" and arg then
if not haslease(arg) then
add_lease(arg)
else
os.exit(2)
end
os.exit(0)
- elseif cmd == "remove" then
- if not arg then
- os.exit(1)
- end
-
+ elseif cmd == "remove" and arg then
remove_lease(arg)
os.exit(0)
elseif cmd == "sync" then
-- Remove a lease from state and invoke remove_rule
function remove_lease(mac)
mac = mac:lower()
- local del = {}
+ remove_rule(mac)
- uci:foreach("luci_splash", "lease",
- function (section)
- if section.mac:lower() == mac then
- table.insert(del, section[".name"])
- end
- end)
-
- for i,j in ipairs(del) do
- remove_rule(j)
- uci:delete("luci_splash", j)
- end
+ uci:delete_all("luci_splash", "lease",
+ function(s) return ( s.mac:lower() == mac ) end)
uci:save("luci_splash")
end
-- Add an iptables rule
function add_rule(mac)
+ os.execute("iptables -I luci_splash_counter -m mac --mac-source '"..mac.."'")
return os.execute("iptables -t nat -I luci_splash_leases -m mac --mac-source '"..mac.."' -j RETURN")
end
-- Remove an iptables rule
function remove_rule(mac)
- return os.execute("iptables -t nat -D luci_splash_leases -m mac --mac-source '"..mac.."' -j RETURN")
+ for _, r in ipairs(ipt:find({table="filter", chain="luci_splash_counter"})) do
+ if r.options and #r.options >= 2 and r.options[1] == "MAC" and
+ r.options[2]:lower() == mac:lower()
+ then
+ os.execute("iptables -D luci_splash_counter -m mac --mac-source %q -j %s"
+ %{ mac, r.target })
+ end
+ end
+
+ for _, r in ipairs(ipt:find({table="nat", chain="luci_splash_leases"})) do
+ if r.options and #r.options >= 2 and r.options[1] == "MAC" and
+ r.options[2]:lower() == mac:lower()
+ then
+ os.execute("iptables -t nat -D luci_splash_leases -m mac --mac-source %q -j %s"
+ %{ mac, r.target })
+ end
+ end
+
+ ipt:resync()
end
-- Check whether a MAC-Address is listed in the lease state list
function haslease(mac)
mac = mac:lower()
- local stat = false
-
+ local lease = nil
+
uci:foreach("luci_splash", "lease",
function (section)
if section.mac:lower() == mac then
- stat = true
- return
+ lease = section
end
end)
-
- return stat
+
+ return lease
end
--- Check whether a MAC-Address is whitelisted
-function iswhitelisted(mac)
+-- Check whether a MAC-Address is in given list
+function islisted(what, mac)
mac = mac:lower()
-
- uci:foreach("luci_splash", "whitelist",
+
+ uci:foreach("luci_splash", what,
function (section)
if section.mac:lower() == mac then
stat = true
return
end
end)
-
+
return false
end
-- Returns a list of MAC-Addresses for which a rule is existing
function listrules()
- local cmd = "iptables -t nat -L luci_splash_leases | grep RETURN |"
- cmd = cmd .. "egrep -io [0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+"
- return luci.util.split(luci.util.exec(cmd))
+ local macs = { }
+ for i, r in ipairs(ipt:find({table="nat", chain="luci_splash_leases"})) do
+ if r.options and #r.options >= 2 and r.options[1] == "MAC" then
+ macs[r.options[2]:lower()] = true
+ end
+ end
+ return luci.util.keys(macs)
end
else
-- Rewrite state
uci:section("luci_splash", "lease", nil, {
- mac = v.mac,
- start = v.start
+ mac = v.mac,
+ start = v.start,
+ kicked = v.kicked
})
written[v.mac:lower()] = 1
end
+ elseif v[".type"] == "whitelist" or v[".type"] == "blacklist" then
+ written[v.mac:lower()] = 1
end
end
uci:save("luci_splash")
end
-main(arg)
\ No newline at end of file
+main(arg)
projects / oweals / luci.git / commitdiff