diff --git a/configure.in b/configure.in index 6daed5fc..ebde3a43 100644 --- a/configure.in +++ b/configure.in @@ -24,6 +24,11 @@ WIFIDOG_MINOR_VERSION=2 WIFIDOG_MICRO_VERSION=1 WIFIDOG_VERSION=$WIFIDOG_MAJOR_VERSION.$WIFIDOG_MINOR_VERSION.$WIFIDOG_MICRO_VERSION +# I want to use Semantic Beta Versioning like this x.y.z-release-x.y.z for test my new features. +WIFIDOG_BETA_VERSION=0.0.1 +WIFIDOG_VERSION=$WIFIDOG_VERSION-$WIFIDOG_BETA_VERSION + + AC_SUBST(WIFIDOG_MAJOR_VERSION) AC_SUBST(WIFIDOG_MINOR_VERSION) AC_SUBST(WIFIDOG_MICRO_VERSION) @@ -90,16 +95,9 @@ AC_DEFUN([BB_CYASSL], [ AC_ARG_ENABLE(cyassl, [ --enable-cyassl enable TLS support for auth server communication (no)], [], [enable_cyassl=no]) if test "x$enable_cyassl" = xyes; then - # CyaSSL has been renamed wolfSSL. Old method names are still available - # via cyassl/ssl.h, which maps old methods to new methods via macros. - # To find the proper lib to link against (cyassl or wolfssl), we do have - # the use the new naming scheme below as cyassl/ssl.h is not available for - # AC_SEARCH_LIBS AC_CHECK_HEADERS(cyassl/ssl.h) - AC_SEARCH_LIBS([CyaTLSv1_client_method], [cyassl], [], [ - AC_SEARCH_LIBS([wolfTLSv1_client_method], [wolfssl], [], [ - AC_MSG_ERROR([unable to locate SSL lib: either wolfSSL or CyaSSL needed.]) - ]) + AC_SEARCH_LIBS([CyaSSLv23_client_method], [cyassl wolfssl], [], [ + AC_MSG_ERROR([unable to find the CyaSSLv23_client_method function.]) ]) AC_MSG_CHECKING([for the CyaSSL SNI enabled]) diff --git a/contrib/airos/wifidog/Makefile b/contrib/airos/wifidog/Makefile deleted file mode 100644 index 4195dbf1..00000000 --- a/contrib/airos/wifidog/Makefile +++ /dev/null @@ -1,70 +0,0 @@ -# -# Copyright (C) 2006,2008 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=wifidog -PKG_VERSION:=20090925 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:= @SF/$(PKG_NAME) -PKG_MD5SUM:= - -PKG_FIXUP = libtool - -include $(INCLUDE_DIR)/package.mk - -define Package/wifidog - SUBMENU:=Captive Portals - SECTION:=net - CATEGORY:=Network - DEPENDS:=+iptables-mod-extra +iptables-mod-ipopt +iptables-mod-nat +iptables-mod-nat-extra +libpthread - TITLE:=A wireless captive portal solution - URL:=http://www.wifidog.org -endef - -define Package/wifidog/description - The Wifidog project is a complete and embeddable captive - portal solution for wireless community groups or individuals - who wish to open a free Hotspot while still preventing abuse - of their Internet connection. -endef - -define Package/wifidog/conffiles - /usr/etc/wifidog.conf -endef - -MAKE_FLAGS += \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - all install - -define Package/wifidog/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/scripts/init.d/wifidog $(1)/usr/bin/wifidog-init - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/wifidog $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/wdctl $(1)/usr/bin/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libhttpd.so* $(1)/usr/lib/ - $(INSTALL_DIR) $(1)/usr/etc - $(INSTALL_DATA) ./files/wifidog.conf $(1)/usr/etc/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/wifidog-msg.html $(1)/usr/etc/ - $(INSTALL_DIR) $(1)/usr/etc/init.d - $(INSTALL_BIN) ./files/$(PKG_NAME).init $(1)/usr/etc/init.d/wifidog -endef - -define Package/wifidog/postinst -#!/bin/sh - -# # check if the wifidog is already running, if so restart it -if /etc/init.d/wifidog status | grep 'Authentication servers' > /dev/null; then - # create copies of passwd and group, if we use squashfs - /etc/init.d/wifidog restart -fi -endef - -$(eval $(call BuildPackage,wifidog)) diff --git a/contrib/airos/wifidog/files.patch b/contrib/airos/wifidog/files.patch deleted file mode 100644 index a877a64b..00000000 --- a/contrib/airos/wifidog/files.patch +++ /dev/null @@ -1,87 +0,0 @@ ---- SDK.UBNT.v5.2.clean/openwrt/package/ubnt-base-files/files/init 2010-05-14 06:11:06.000000000 -0400 -+++ SDK.UBNT.v5.2/openwrt/package/ubnt-base-files/files/init 2010-07-27 12:52:36.087267563 -0400 -@@ -64,7 +64,7 @@ echo "...filesystem init done" - # making sure that critical files are in place - mkdir -p /etc/rc.d /etc/init.d - # forced update --for f in inittab rc.d/rc.sysinit rc.d/rc rc.d/rc.stop ppp; do -+for f in inittab rc.d/rc.sysinit rc.d/rc rc.d/rc.stop ppp wifidog.conf wifidog-msg.html ; do - cp -f -r /usr/etc/$f /etc/$f - done - echo "...base ok" -@@ -139,6 +139,14 @@ if [ -e /sbin/ubntconf ]; then - /sbin/ubntconf - fi - -+#adding wifidog to startup programs -+if [ -f /usr/etc/init.d/wifidog ]; then -+ cp -f /usr/etc/init.d/wifidog /etc/sysinit/wifidog.conf -+ echo "null::respawn:/usr/bin/wifidog -f" >> /etc/inittab -+ echo "wifidog" >> /etc/startup.list -+fi -+ -+ - echo "...running /sbin/init" - exec /sbin/init - ---- SDK.UBNT.v5.2.clean/openwrt/package/ubnt-base-files/files/usr/etc/rc.d/rc.softrestart 2010-05-14 06:11:06.000000000 -0400 -+++ SDK.UBNT.v5.2/openwrt/package/ubnt-base-files/files/usr/etc/rc.d/rc.softrestart 2010-07-27 12:03:15.604767622 -0400 -@@ -80,3 +80,10 @@ if [ $# -gt 0 ]; then - -p /etc/ 2>/dev/null & - fi - fi -+ -+#adding wifidog to startup programs -+if [ -f /usr/etc/init.d/wifidog ]; then -+ cp -f /usr/etc/init.d/wifidog /etc/sysinit/wifidog.conf -+ echo "null::respawn:/usr/bin/wifidog -f" >> /etc/inittab -+ echo "wifidog" >> /etc/startup.list -+fi - ---- SDK.UBNT.v5.2.clean/openwrt/.config 2010-05-18 05:03:40.000000000 -0400 -+++ SDK.UBNT.v5.2/openwrt/.config 2010-07-26 14:59:08.131750309 -0400 -@@ -888,7 +888,7 @@ CONFIG_PACKAGE_hotplug2=y - CONFIG_PACKAGE_iptables=y - CONFIG_PACKAGE_iptables-mod-conntrack=y - CONFIG_PACKAGE_iptables-mod-conntrack-extra=y --# CONFIG_PACKAGE_iptables-mod-extra is not set -+CONFIG_PACKAGE_iptables-mod-extra=y - CONFIG_PACKAGE_iptables-mod-filter=y - # CONFIG_PACKAGE_iptables-mod-imq is not set - CONFIG_PACKAGE_iptables-mod-ipopt=y -@@ -896,7 +896,7 @@ CONFIG_PACKAGE_iptables-mod-ipopt=y - # CONFIG_PACKAGE_iptables-mod-ipsec is not set - # CONFIG_PACKAGE_iptables-mod-ipset is not set - CONFIG_PACKAGE_iptables-mod-nat=y --# CONFIG_PACKAGE_iptables-mod-nat-extra is not set -+CONFIG_PACKAGE_iptables-mod-nat-extra=y - # CONFIG_PACKAGE_iptables-mod-ulog is not set - # CONFIG_PACKAGE_iptables-utils is not set - # CONFIG_PACKAGE_ldconfig is not set -@@ -963,6 +963,7 @@ CONFIG_PACKAGE_php2=y - # - # Network - # -+CONFIG_PACKAGE_wifidog=y - - # - # Monitoring -@@ -1149,7 +1150,7 @@ CONFIG_PACKAGE_kmod-ebtables=y - CONFIG_PACKAGE_kmod-ipt-core=y - CONFIG_PACKAGE_kmod-ipt-conntrack=y - CONFIG_PACKAGE_kmod-ipt-conntrack-extra=y --# CONFIG_PACKAGE_kmod-ipt-extra is not set -+CONFIG_PACKAGE_kmod-ipt-extra=y - CONFIG_PACKAGE_kmod-ipt-filter=y - # CONFIG_PACKAGE_kmod-ipt-imq is not set - CONFIG_PACKAGE_kmod-ipt-ipopt=y -@@ -1157,7 +1158,7 @@ CONFIG_PACKAGE_kmod-ipt-ipopt=y - # CONFIG_PACKAGE_kmod-ipt-ipsec is not set - # CONFIG_PACKAGE_kmod-ipt-ipset is not set - CONFIG_PACKAGE_kmod-ipt-nat=y --# CONFIG_PACKAGE_kmod-ipt-nat-extra is not set -+CONFIG_PACKAGE_kmod-ipt-nat-extra=y - CONFIG_PACKAGE_kmod-ipt-nathelper=y - # CONFIG_PACKAGE_kmod-ipt-nathelper-extra is not set - # CONFIG_PACKAGE_kmod-ipt-queue is not set - diff --git a/contrib/airos/wifidog/files/wifidog.init b/contrib/airos/wifidog/files/wifidog.init deleted file mode 100644 index 2c6857e9..00000000 --- a/contrib/airos/wifidog/files/wifidog.init +++ /dev/null @@ -1,27 +0,0 @@ -plugin_start() { - echo "Inserting kernel modules: " - insmod ip_conntrack - insmod ip_nat - insmod ip_tables - insmod ipt_MARK - insmod ipt_mark - insmod ipt_mac - insmod ipt_REDIRECT - insmod ipt_MASQUERADE - insmod ipt_state - insmod iptable_mangle - insmod iptable_nat - insmod iptable_filter - - # echo "Starting wifidog: " - - #/usr/bin/wifidog-init start - echo - true -} -plugin_stop() { - killall wifidog - #/usr/bin/wifidog-init stop - true -} - diff --git a/contrib/airos/wifidog/patches/100-counter_outoing.patch b/contrib/airos/wifidog/patches/100-counter_outoing.patch deleted file mode 100644 index 3fa8a1ad..00000000 --- a/contrib/airos/wifidog/patches/100-counter_outoing.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- a/src/fw_iptables.c 2009-09-18 19:01:57.000000000 -0400 -+++ b/src/fw_iptables.c 2010-08-21 19:37:28.975094088 -0400 -@@ -513,6 +513,7 @@ iptables_fw_counters_update(void) - char *script, - ip[16], - rc; -+ char mystring[250]; - unsigned long long int counter; - t_client *p1; - struct in_addr tempaddr; -@@ -533,8 +534,11 @@ iptables_fw_counters_update(void) - while (('\n' != fgetc(output)) && !feof(output)) - ; - while (output && !(feof(output))) { -- rc = fscanf(output, "%*s %llu %*s %*s %*s %*s %*s %15[0-9.] %*s %*s %*s %*s %*s %*s", &counter, ip); -+ rc = fgets(mystring,250,output); -+ rc = sscanf(mystring, "%*s %llu %*s %*s %*s %*s %*s %15[0-9.]", &counter, ip); -+ //rc = fscanf(output, "%*s %llu %*s %*s %*s %*s %*s %15[0-9.] %*s %*s %*s %*s %*s %*s", &counter, ip); - //rc = fscanf(output, "%*s %llu %*s %*s %*s %*s %*s %15[0-9.] %*s %*s %*s %*s %*s 0x%*u", &counter, ip); -+ - if (2 == rc && EOF != rc) { - /* Sanity*/ - if (!inet_aton(ip, &tempaddr)) { - diff --git a/contrib/airos/wifidog/readme.txt b/contrib/airos/wifidog/readme.txt deleted file mode 100644 index 38e28aa3..00000000 --- a/contrib/airos/wifidog/readme.txt +++ /dev/null @@ -1,43 +0,0 @@ --- Compiling airos with the wifidog package running at boot - -Because airos doesn't have a package manager like opkf and has a (mostly) read-only file system, we need to build the the firmware with wifidog in it to have wifidog running on airos - -1- Get the latest wifidog source code tarball from sourceforge (http://sourceforge.net/projects/wifidog/files/) and copy it to the ~/dev/wifidog directory - -2- Get the wifidog airos package directory - -cd ~/dev/wifidog -wget http://dev.wifidog.org/wiki/doc/install/airos/wifidog_airos.tar.gz -tar xvzf wifidog_airos.tar.gz - -If compiling from source, this directory is located in wifidog/contrib/airos - -3- Download the airos SDK from http://www.ubnt.com/support/downloads and copy it to the ~/dev/airos directory - -4- Untar the SDK and prepare the files - -cd ~/dev/airos -tar xvjf SDK.UBNT.v5.2.tar.bz2 -cd SDK.UBNT.v5.2 - -cd openwrt/package -ln -s ~/dev/wifidog/airos/wifidog/ -cd ../dl -ln -s ~/dev/wifidog/wifidog-20090925.tar.gz - -cd ../.. -patch -p1 < openwrt/package/wifidog/files.patch - -5- Prepare the wifidog.conf file for your network, since airos is readonly, changes to the config files cannot be done in the router - -cd ~/dev/airos/SDK.UBNT.v5.2/openwrt -mkdir -p files/usr/etc -cp package/wifidog/files/wifidog.conf files/usr/etc/wifidog.conf - -6- Edit the files/usr/etc/wifidog.conf file for your authentication server settings. Also the GatewayInterface may need to be changed if you are not using a SOHO router configuration (eth0 for SOHO router, ath0 for router) - -7- Make the os - -make world V=99 - -8- Your new image should be available in the openwrt/bin directory as XM.v5.2....bin diff --git a/contrib/build-deb/changelog b/contrib/build-deb/changelog deleted file mode 100644 index d0274250..00000000 --- a/contrib/build-deb/changelog +++ /dev/null @@ -1,14 +0,0 @@ -wifidog (1.0.0-1) stable; urgency=low - - * New init.d file. - * Inclu - * debian/rules: Configuration and init.d file added. - * Bump version in anticipation for release - - -- Guillaume Beaudoin Sun, 29 Aug 2004 23:14:12 -0400 - -wifidog (0.2.0-1) stable; urgency=low - - * Initial Package - - -- Philippe April Wed, 21 Jul 2004 15:22:50 -0500 diff --git a/contrib/build-deb/control b/contrib/build-deb/control deleted file mode 100644 index 330f63af..00000000 --- a/contrib/build-deb/control +++ /dev/null @@ -1,15 +0,0 @@ -Source: wifidog -Section: net -Priority: optional -Maintainer: Philippe April - -Package: wifidog -Architecture: any -Depends: iptables, modutils, grep, mawk | awk -Provides: libhttpd -Description: The WiFi Guard Dog client - The WiFi Gaurd Dog project is a complete and embeddable captive portal - solution for wireless community groups or individuals who wish to open - a free HotSpot while still preventing abuse of their Internet connection. - . - This package contains only the client part. diff --git a/contrib/build-deb/rules b/contrib/build-deb/rules deleted file mode 100755 index 45291ed2..00000000 --- a/contrib/build-deb/rules +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/make -f - -# Uncomment this to turn on verbose mode. -#export DH_VERBOSE=1 - -build: build-stamp -build-stamp: - dh_testdir - - ./configure --prefix=/usr - $(MAKE) - - touch build-stamp - -clean: - dh_testdir - dh_testroot - rm -f build-stamp - - -$(MAKE) clean - -$(MAKE) distclean - - dh_clean - -install: build - dh_testdir - dh_testroot - dh_clean -k - dh_installdirs - - $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install - mkdir -p $(CURDIR)/debian/tmp/etc - cp wifidog.conf $(CURDIR)/debian/tmp/etc - cp scripts/init.d/wifidog debian/wifidog.init - -# Build architecture-independent files here. -binary-indep: build install -# We have nothing to do by default. - -# Build architecture-dependent files here. -binary-arch: build install - dh_testdir - dh_testroot - dh_installchangelogs - dh_installdocs -# dh_installexamples -# dh_install -# dh_installmenu -# dh_installdebconf -# dh_installlogrotate -# dh_installemacsen -# dh_installcatalogs -# dh_installpam -# dh_installmime - dh_installinit -# dh_installcron -# dh_installinfo -# dh_undocumented - dh_installman - dh_link - dh_strip - dh_compress - dh_fixperms -# dh_perl -# dh_python - dh_makeshlibs - dh_installdeb -# dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb - -binary: binary-indep binary-arch -.PHONY: build clean binary-indep binary-arch binary install diff --git a/contrib/airos/wifidog/files/wifidog.conf b/contrib/build-openwrt-common/wifidog/files/wifidog.conf similarity index 60% rename from contrib/airos/wifidog/files/wifidog.conf rename to contrib/build-openwrt-common/wifidog/files/wifidog.conf index 32e9ea90..9039772d 100644 --- a/contrib/airos/wifidog/files/wifidog.conf +++ b/contrib/build-openwrt-common/wifidog/files/wifidog.conf @@ -1,4 +1,4 @@ -# $Id: wifidog.conf 1375 2008-09-30 10:20:06Z wichert $ +# $Id$ # WiFiDog Configuration file # Parameter: GatewayID @@ -29,11 +29,11 @@ # Mandatory # # Set this to the internal interface (typically your wifi interface). -# Typically br0 for whiterussian, br-lan for kamikaze (by default the wifi interface is bridged with wired lan in openwrt) +# Typically br-lan for Openwrt (by default the wifi interface is bridged with wired lan in openwrt) # and eth1, wlan0, ath0, etc. otherwise # You can get this interface with the ifconfig command and finding your wifi interface -GatewayInterface eth0 +GatewayInterface br-lan # Parameter: GatewayAddress # Default: Find it from GatewayInterface @@ -69,9 +69,14 @@ GatewayInterface eth0 # LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.) # PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.) # MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.) -# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.) -# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.) +# PingScriptPathFragment (Optional; Default: ping/? Note: This is the wifidog-ping protocol. See http://dev.wifidog.org/wiki/doc/developer/WiFiDogProtocol_V1) +# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the wifidog-auth protocol. See http://dev.wifidog.org/wiki/doc/developer/WiFiDogProtocol_V1) #} +# If SSLAvailable is set, then the client will be redirected to the +# auth daemon on its HTTPS port. If Wifidog is compiled with SSL support, +# then Wifidog will also use HTTPS to talk to the auth server instead of +# plain HTTP. +# #AuthServer { # Hostname auth.ilesansfil.org @@ -85,6 +90,14 @@ GatewayInterface eth0 # Path / #} +# Parameter: DeltaTraffic +# Default: no +# Optional +# +# Set this to true if you want to reset each user's traffic (Outgoing and Incoming) value after each Auth operation. +# If this is enabled, Wifidog will add two new parameters to the AuthScriptPathFragment: Incoming_Delta, Outgoing_delta. +# DeltaTraffic no + # Parameter: Daemon # Default: 1 # Optional @@ -159,14 +172,95 @@ GatewayInterface eth0 # The timeout will be INTERVAL * TIMEOUT ClientTimeout 5 +# Parameter: SSLPeerVerification +# Default: yes +# Optional +# +# Enable peer certificate verification when talking to the auth +# server over SSL/TLS. Disabling this setting is mainly useful if +# you do not want to install ca-certificates. +# +# If this setting is set to yes, then the certificates in +# the directory indicated by SSLCertPath will be used to +# verify the auth server. +# +# This setting requires that WifiDog is compiled with SSL support. +# It will be ignored otherwise. +# +# To disable SSL completely for testing purposes, set SSLAvailable +# to False for the auth server in question. Note that this will disable +# HTTPS when redirecting clients to your auth server. +# +# SSLPeerVerification yes + +# Parameter: SSLCertPath +# Default: /etc/ssl/certs/ +# Optional +# +# Where to look for SSL certificates to verify the auth servers +# certificate. Note that these will only be used if the auth server +# in question is configured with SSLAvailable yes. +# +# The certificates in this directory must be named by their hash +# value. For OpenWRT, you need a ca-certificates package newer +# than what is shipped in Barrier Breaker (see +# https://dev.openwrt.org/ticket/16537). +# +# This setting requires that WifiDog is compiled with SSL support. +# It will be ignored otherwise. +# +# SSLCertPath /etc/ssl/certs/ + +# Parameter: SSLAllowedCipherList +# Default: all ciphers supported +# Optional +# +# Which cipher suite to allow. Note that CyaSSL will ignore cipher +# suites that use algorithms that aren't compiled in or cipher +# suites *WITH ERRORS IN THEIR NAMES*. +# +# Please see CyaSSL documentation for allowed values, format is a +# string where the ciphers are separated by colons (:) with no +# spaces. Ciphers are ordered from most desirable to least desirable. +# +# SSLAllowedCipherList ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:AES128-SHA:AES256-SHA + +# Parameter: SSLUseSNI +# Default: no +# Optional +# +# Enable SNI (Server Name Indication) TLS extension. +# Enabling this setting is mainly useful if the auth server is hosted +# multiple secure (HTTPS) websites. The WifiDog should indicate which hostname +# it is attempting to connect to at the start of the handshaking process. +# +# This setting requires that WifiDog is compiled with SSL support. +# It will be ignored otherwise. +# +# SSLUseSNI no + # Parameter: TrustedMACList # Default: none # Optional # + +# Check DNS health by querying IPs of these hosts +PopularServers kernel.org,ieee.org + # Comma separated list of MAC addresses who are allowed to pass -# through without authentication +# through without authentication. +# N.B.: weak security, since MAC addresses are easy to spoof. +# #TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D +# Parameter: UntrustedMACList +# Default: none +# Optional +# +# Comma separated list of MAC addresses who are not allowed to pass +# through without authentication +#UntrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D + # Parameter: FirewallRuleSet # Default: none # Mandatory @@ -182,6 +276,10 @@ ClientTimeout 5 # # Used for rules to be applied to all other rulesets except locked. FirewallRuleSet global { + + # FirewallRule syntax: + # FirewallRule (block|drop|allow|log|ulog) [(tcp|udp|icmp) [port X or port-range X:Y]] [to IP/CIDR] + ## To block SMTP out, as it's a tech support nightmare, and a legal liability #FirewallRule block tcp port 25 @@ -197,10 +295,19 @@ FirewallRuleSet global { #FirewallRule allow udp to 69.90.89.192/27 #FirewallRule allow udp to 69.90.85.0/27 #FirewallRule allow tcp port 80 to 69.90.89.205 - + + ## This is an example ruleset for example.com + ## example.com means example.com and *.example.com + #FirewallRule allow tcp to example.com + + ## Use the following if you are having problems with Apple iOS 7 clients. + ## See #7 and #14 at https://github.com/wifidog/wifidog-gateway/issues/ + #FirewallRule allow tcp to apple.com + #FirewallRule allow tcp to icloud.com + ## Use the following to log or ulog the traffic you want to allow or block. # For OPENWRT: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies - # iptables-mod-extra and iptables-mod-ulog (to adapt it to the linux distribution). + # iptables-mod-extra and iptables-mod-ulog (to adapt it to the linux distribution). # Note: the log or ulog rule must be passed before, the rule you want to match. # for openwrt: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies # iptables-mod-extra and iptables-mod-ulog @@ -228,10 +335,12 @@ FirewallRuleSet known-users { # Rule Set: auth-is-down # +# Does nothing when not configured. +# # Used when auth server is down -FirewallRuleSet auth-is-down { +#FirewallRuleSet auth-is-down { # FirewallRule allow to 0.0.0.0/0 -} +#} # Rule Set: unknown-users # @@ -239,6 +348,13 @@ FirewallRuleSet auth-is-down { # # XXX The redirect code adds the Default DROP clause. FirewallRuleSet unknown-users { + # Use to-ipset to block or allow externally specified hosts. + # Ipsets are created with the ipset utility. This is useful to + # block or allow hosts at runtime externally. + # For example, if your auth server requires users to log in + # via Facebook, use the ipset feature built into dnsmasq to + # to populate a list of various IPs used by the Facebook networks. + #FirewallRule allow to-ipset fb FirewallRule allow udp port 53 FirewallRule allow tcp port 53 FirewallRule allow udp port 67 diff --git a/contrib/build-openwrt-common/wifidog/files/wifidog.init b/contrib/build-openwrt-common/wifidog/files/wifidog.init new file mode 100644 index 00000000..4a8bef93 --- /dev/null +++ b/contrib/build-openwrt-common/wifidog/files/wifidog.init @@ -0,0 +1,45 @@ +#!/bin/sh /etc/rc.common +# wifidog start on boot +#2015-08-12 +# + +START=65 + +EXTRA_COMMANDS="status" +EXTRA_HELP=" status Print the status of the service" + + +start() { + /usr/bin/dog_conf_generator & + echo "00 04 * * * reboot" > /etc/crontabs/root + echo "root" > /etc/crontabs/cron.update + sleep 1 + /usr/bin/wifidog-init start + +# sleep 1 +# /usr/bin/white_black_flush & + + sleep 5 + /usr/bin/DOG_monitor & +} + +stop() { + /usr/bin/wifidog-init stop +# sleep 1 +# rst=`ps | grep white_black | cut -d "r" -f 1` +# if [ -n "$rst" ]; then +# kill -9 $rst +# fi + + sleep 2 + rst=`ps | grep DOG_monitor | cut -d "r" -f 1` + if [ -n "$rst" ]; then + kill -9 $rst + fi +} + +status() { + + /usr/bin/wifidog-init status +} + diff --git a/contrib/build-openwrt-kamikazeipk/wifidog/Makefile b/contrib/build-openwrt-kamikazeipk/wifidog/Makefile deleted file mode 100644 index adec69eb..00000000 --- a/contrib/build-openwrt-kamikazeipk/wifidog/Makefile +++ /dev/null @@ -1,62 +0,0 @@ -# -# Copyright (C) 2006,2008 OpenWrt.org -# Copyright (C) 2008 Technologies Coeus inc. -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# -# $Id$ - -include $(TOPDIR)/rules.mk - -PKG_NAME:=wifidog -PKG_VERSION:=20090925 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:= @SF/$(PKG_NAME) -PKG_MD5SUM:= - -PKG_FIXUP = libtool - -include $(INCLUDE_DIR)/package.mk - -define Package/wifidog - SUBMENU:=Captive Portals - SECTION:=net - CATEGORY:=Network - DEPENDS:=+kmod-ipt-extra +iptables-mod-extra +kmod-ipt-ipopt +iptables-mod-ipopt +kmod-ipt-nat +iptables-mod-nat +libpthread - TITLE:=A wireless captive portal solution - URL:=http://www.wifidog.org -endef - -define Package/wifidog/description - The Wifidog project is a complete and embeddable captive - portal solution for wireless community groups or individuals - who wish to open a free Hotspot while still preventing abuse - of their Internet connection. -endef - -define Package/wifidog/conffiles -/etc/wifidog.conf -endef - -MAKE_FLAGS += \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - all install - -define Package/wifidog/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/scripts/init.d/wifidog $(1)/usr/bin/wifidog-init - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/wifidog $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/wdctl $(1)/usr/bin/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libhttpd.so* $(1)/usr/lib/ - $(INSTALL_DIR) $(1)/etc - $(INSTALL_DATA) ./files/wifidog.conf $(1)/etc/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/wifidog-msg.html $(1)/etc/ - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files/$(PKG_NAME).init $(1)/etc/init.d/wifidog -endef - -$(eval $(call BuildPackage,wifidog)) diff --git a/contrib/build-openwrt-kamikazeipk/wifidog/files/wifidog.conf b/contrib/build-openwrt-kamikazeipk/wifidog/files/wifidog.conf deleted file mode 100644 index c905f04c..00000000 --- a/contrib/build-openwrt-kamikazeipk/wifidog/files/wifidog.conf +++ /dev/null @@ -1,246 +0,0 @@ -# $Id: wifidog.conf 1375 2008-09-30 10:20:06Z wichert $ -# WiFiDog Configuration file - -# Parameter: GatewayID -# Default: default -# Optional -# -# Set this to the node ID on the auth server -# This is used to give a customized login page to the clients and for -# monitoring/statistics purpose. If you run multiple gateways on the same -# machine each gateway needs to have a different gateway id. -# If none is supplied, the mac address of the GatewayInterface interface will be used, -# without the : separators - -# GatewayID default - -# Parameter: ExternalInterface -# Default: NONE -# Optional -# -# Set this to the external interface (the one going out to the Inernet or your larger LAN). -# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise, -# Normally autodetected - -# ExternalInterface eth0 - -# Parameter: GatewayInterface -# Default: NONE -# Mandatory -# -# Set this to the internal interface (typically your wifi interface). -# Typically br0 for whiterussian, br-lan for kamikaze (by default the wifi interface is bridged with wired lan in openwrt) -# and eth1, wlan0, ath0, etc. otherwise -# You can get this interface with the ifconfig command and finding your wifi interface - -GatewayInterface br-lan - -# Parameter: GatewayAddress -# Default: Find it from GatewayInterface -# Optional -# -# Set this to the internal IP address of the gateway. Not normally required. - -# GatewayAddress 192.168.1.1 - -# Parameter: HtmlMessageFile -# Default: wifidog-msg.html -# Optional -# -# This allows you to specify a custome HTML file which will be used for -# system errors by the gateway. Any $title, $message and $node variables -# used inside the file will be replaced. -# -# HtmlMessageFile /opt/wifidog/etc/wifidog-.html - -# Parameter: AuthServer -# Default: NONE -# Mandatory, repeatable -# -# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds. -# Set this to the hostname or IP of your auth server(s), the path where -# WiFiDog-auth resides in and the port it listens on. -#AuthServer { -# Hostname (Mandatory; Default: NONE) -# SSLAvailable (Optional; Default: no; Possible values: yes, no) -# SSLPort (Optional; Default: 443) -# HTTPPort (Optional; Default: 80) -# Path (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.) -# LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.) -# PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.) -# MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.) -# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.) -# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.) -#} - -#AuthServer { -# Hostname auth.ilesansfil.org -# SSLAvailable yes -# Path / -#} - -#AuthServer { -# Hostname auth2.ilesansfil.org -# SSLAvailable yes -# Path / -#} - -# Parameter: Daemon -# Default: 1 -# Optional -# -# Set this to true if you want to run as a daemon -# Daemon 1 - -# Parameter: GatewayPort -# Default: 2060 -# Optional -# -# Listen on this port -# GatewayPort 2060 - -# Parameter: ProxyPort -# Default: 0 (disable) -# Optional -# -# Redirect http traffic of knowns & probations users -# to a local transparent proxy listening on ProxyPort port -# ProxyPort 0 - -# Parameter: HTTPDName -# Default: WiFiDog -# Optional -# -# Define what name the HTTPD server will respond -# HTTPDName WiFiDog - -# Parameter: HTTPDMaxConn -# Default: 10 -# Optional -# -# How many sockets to listen to -# HTTPDMaxConn 10 - -# Parameter: HTTPDRealm -# Default: WiFiDog -# Optional -# -# The name of the HTTP authentication realm. This only used when a user -# tries to access a protected WiFiDog internal page. See HTTPUserName. -# HTTPDRealm WiFiDog - -# Parameter: HTTPDUserName / HTTPDPassword -# Default: unset -# Optional -# -# The gateway exposes some information such as the status page through its web -# interface. This information can be protected with a username and password, -# which can be set through the HTTPDUserName and HTTPDPassword parameters. -# HTTPDUserName admin -# HTTPDPassword secret - -# Parameter: CheckInterval -# Default: 60 -# Optional -# -# How many seconds should we wait between timeout checks. This is also -# how often the gateway will ping the auth server and how often it will -# update the traffic counters on the auth server. Setting this too low -# wastes bandwidth, setting this too high will cause the gateway to take -# a long time to switch to it's backup auth server(s). - -# CheckInterval 60 - -# Parameter: ClientTimeout -# Default: 5 -# Optional -# -# Set this to the desired of number of CheckInterval of inactivity before a client is logged out -# The timeout will be INTERVAL * TIMEOUT -ClientTimeout 5 - -# Parameter: TrustedMACList -# Default: none -# Optional -# -# Comma separated list of MAC addresses who are allowed to pass -# through without authentication -#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D - -# Parameter: FirewallRuleSet -# Default: none -# Mandatory -# -# Groups a number of FirewallRule statements together. - -# Parameter: FirewallRule -# Default: none -# -# Define one firewall rule in a rule set. - -# Rule Set: global -# -# Used for rules to be applied to all other rulesets except locked. -FirewallRuleSet global { - ## To block SMTP out, as it's a tech support nightmare, and a legal liability - #FirewallRule block tcp port 25 - - ## Use the following if you don't want clients to be able to access machines on - ## the private LAN that gives internet access to wifidog. Note that this is not - ## client isolation; The laptops will still be able to talk to one another, as - ## well as to any machine bridged to the wifi of the router. - # FirewallRule block to 192.168.0.0/16 - # FirewallRule block to 172.16.0.0/12 - # FirewallRule block to 10.0.0.0/8 - - ## This is an example ruleset for the Teliphone service. - #FirewallRule allow udp to 69.90.89.192/27 - #FirewallRule allow udp to 69.90.85.0/27 - #FirewallRule allow tcp port 80 to 69.90.89.205 - - ## Use the following to log or ulog the traffic you want to allow or block. - # For OPENWRT: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies - # iptables-mod-extra and iptables-mod-ulog (to adapt it to the linux distribution). - # Note: the log or ulog rule must be passed before, the rule you want to match. - # for openwrt: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies - # iptables-mod-extra and iptables-mod-ulog - # For example, you want to log (ulog works the same way) the traffic allowed on port 80 to the ip 69.90.89.205: - #FirewallRule log tcp port 80 to 69.90.89.205 - #FirewallRule allow tcp port 80 to 69.90.89.205 - # And you want to know, who matche your block rule: - #FirewallRule log to 0.0.0.0/0 - #FirewallRule block to 0.0.0.0/0 -} - -# Rule Set: validating-users -# -# Used for new users validating their account -FirewallRuleSet validating-users { - FirewallRule allow to 0.0.0.0/0 -} - -# Rule Set: known-users -# -# Used for normal validated users. -FirewallRuleSet known-users { - FirewallRule allow to 0.0.0.0/0 -} - -# Rule Set: unknown-users -# -# Used for unvalidated users, this is the ruleset that gets redirected. -# -# XXX The redirect code adds the Default DROP clause. -FirewallRuleSet unknown-users { - FirewallRule allow udp port 53 - FirewallRule allow tcp port 53 - FirewallRule allow udp port 67 - FirewallRule allow tcp port 67 -} - -# Rule Set: locked-users -# -# Not currently used -FirewallRuleSet locked-users { - FirewallRule block to 0.0.0.0/0 -} diff --git a/contrib/build-openwrt-kamikazeipk/wifidog/files/wifidog.init b/contrib/build-openwrt-kamikazeipk/wifidog/files/wifidog.init deleted file mode 100644 index 68d4eea6..00000000 --- a/contrib/build-openwrt-kamikazeipk/wifidog/files/wifidog.init +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh /etc/rc.common -# Copyright (C) 2006 OpenWrt.org -START=65 -EXTRA_COMMANDS="status" -EXTRA_HELP=" status Print the status of the service" - - -start() { - /usr/bin/wifidog-init start -} - -stop() { - /usr/bin/wifidog-init stop -} - -status() { - /usr/bin/wifidog-init status -} \ No newline at end of file diff --git a/contrib/build-openwrt-kamikazeipk8.09up/wifidog/Makefile b/contrib/build-openwrt-kamikazeipk8.09up/wifidog/Makefile deleted file mode 100644 index 3be5dbbf..00000000 --- a/contrib/build-openwrt-kamikazeipk8.09up/wifidog/Makefile +++ /dev/null @@ -1,60 +0,0 @@ -# -# Copyright (C) 2006,2008 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=wifidog -PKG_VERSION:=20090925 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:= @SF/$(PKG_NAME) -PKG_MD5SUM:= - -PKG_FIXUP = libtool - -include $(INCLUDE_DIR)/package.mk - -define Package/wifidog - SUBMENU:=Captive Portals - SECTION:=net - CATEGORY:=Network - DEPENDS:=+iptables-mod-extra +iptables-mod-ipopt +iptables-mod-nat +iptables-mod-nat-extra +libpthread - TITLE:=A wireless captive portal solution - URL:=http://www.wifidog.org -endef - -define Package/wifidog/description - The Wifidog project is a complete and embeddable captive - portal solution for wireless community groups or individuals - who wish to open a free Hotspot while still preventing abuse - of their Internet connection. -endef - -define Package/wifidog/conffiles -/etc/wifidog.conf -endef - -MAKE_FLAGS += \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - all install - -define Package/wifidog/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/scripts/init.d/wifidog $(1)/usr/bin/wifidog-init - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/wifidog $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/wdctl $(1)/usr/bin/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libhttpd.so* $(1)/usr/lib/ - $(INSTALL_DIR) $(1)/etc - $(INSTALL_DATA) ./files/wifidog.conf $(1)/etc/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/wifidog-msg.html $(1)/etc/ - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files/$(PKG_NAME).init $(1)/etc/init.d/wifidog -endef - -$(eval $(call BuildPackage,wifidog)) diff --git a/contrib/build-openwrt-kamikazeipk8.09up/wifidog/files/wifidog.conf b/contrib/build-openwrt-kamikazeipk8.09up/wifidog/files/wifidog.conf deleted file mode 100644 index c905f04c..00000000 --- a/contrib/build-openwrt-kamikazeipk8.09up/wifidog/files/wifidog.conf +++ /dev/null @@ -1,246 +0,0 @@ -# $Id: wifidog.conf 1375 2008-09-30 10:20:06Z wichert $ -# WiFiDog Configuration file - -# Parameter: GatewayID -# Default: default -# Optional -# -# Set this to the node ID on the auth server -# This is used to give a customized login page to the clients and for -# monitoring/statistics purpose. If you run multiple gateways on the same -# machine each gateway needs to have a different gateway id. -# If none is supplied, the mac address of the GatewayInterface interface will be used, -# without the : separators - -# GatewayID default - -# Parameter: ExternalInterface -# Default: NONE -# Optional -# -# Set this to the external interface (the one going out to the Inernet or your larger LAN). -# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise, -# Normally autodetected - -# ExternalInterface eth0 - -# Parameter: GatewayInterface -# Default: NONE -# Mandatory -# -# Set this to the internal interface (typically your wifi interface). -# Typically br0 for whiterussian, br-lan for kamikaze (by default the wifi interface is bridged with wired lan in openwrt) -# and eth1, wlan0, ath0, etc. otherwise -# You can get this interface with the ifconfig command and finding your wifi interface - -GatewayInterface br-lan - -# Parameter: GatewayAddress -# Default: Find it from GatewayInterface -# Optional -# -# Set this to the internal IP address of the gateway. Not normally required. - -# GatewayAddress 192.168.1.1 - -# Parameter: HtmlMessageFile -# Default: wifidog-msg.html -# Optional -# -# This allows you to specify a custome HTML file which will be used for -# system errors by the gateway. Any $title, $message and $node variables -# used inside the file will be replaced. -# -# HtmlMessageFile /opt/wifidog/etc/wifidog-.html - -# Parameter: AuthServer -# Default: NONE -# Mandatory, repeatable -# -# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds. -# Set this to the hostname or IP of your auth server(s), the path where -# WiFiDog-auth resides in and the port it listens on. -#AuthServer { -# Hostname (Mandatory; Default: NONE) -# SSLAvailable (Optional; Default: no; Possible values: yes, no) -# SSLPort (Optional; Default: 443) -# HTTPPort (Optional; Default: 80) -# Path (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.) -# LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.) -# PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.) -# MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.) -# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.) -# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.) -#} - -#AuthServer { -# Hostname auth.ilesansfil.org -# SSLAvailable yes -# Path / -#} - -#AuthServer { -# Hostname auth2.ilesansfil.org -# SSLAvailable yes -# Path / -#} - -# Parameter: Daemon -# Default: 1 -# Optional -# -# Set this to true if you want to run as a daemon -# Daemon 1 - -# Parameter: GatewayPort -# Default: 2060 -# Optional -# -# Listen on this port -# GatewayPort 2060 - -# Parameter: ProxyPort -# Default: 0 (disable) -# Optional -# -# Redirect http traffic of knowns & probations users -# to a local transparent proxy listening on ProxyPort port -# ProxyPort 0 - -# Parameter: HTTPDName -# Default: WiFiDog -# Optional -# -# Define what name the HTTPD server will respond -# HTTPDName WiFiDog - -# Parameter: HTTPDMaxConn -# Default: 10 -# Optional -# -# How many sockets to listen to -# HTTPDMaxConn 10 - -# Parameter: HTTPDRealm -# Default: WiFiDog -# Optional -# -# The name of the HTTP authentication realm. This only used when a user -# tries to access a protected WiFiDog internal page. See HTTPUserName. -# HTTPDRealm WiFiDog - -# Parameter: HTTPDUserName / HTTPDPassword -# Default: unset -# Optional -# -# The gateway exposes some information such as the status page through its web -# interface. This information can be protected with a username and password, -# which can be set through the HTTPDUserName and HTTPDPassword parameters. -# HTTPDUserName admin -# HTTPDPassword secret - -# Parameter: CheckInterval -# Default: 60 -# Optional -# -# How many seconds should we wait between timeout checks. This is also -# how often the gateway will ping the auth server and how often it will -# update the traffic counters on the auth server. Setting this too low -# wastes bandwidth, setting this too high will cause the gateway to take -# a long time to switch to it's backup auth server(s). - -# CheckInterval 60 - -# Parameter: ClientTimeout -# Default: 5 -# Optional -# -# Set this to the desired of number of CheckInterval of inactivity before a client is logged out -# The timeout will be INTERVAL * TIMEOUT -ClientTimeout 5 - -# Parameter: TrustedMACList -# Default: none -# Optional -# -# Comma separated list of MAC addresses who are allowed to pass -# through without authentication -#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D - -# Parameter: FirewallRuleSet -# Default: none -# Mandatory -# -# Groups a number of FirewallRule statements together. - -# Parameter: FirewallRule -# Default: none -# -# Define one firewall rule in a rule set. - -# Rule Set: global -# -# Used for rules to be applied to all other rulesets except locked. -FirewallRuleSet global { - ## To block SMTP out, as it's a tech support nightmare, and a legal liability - #FirewallRule block tcp port 25 - - ## Use the following if you don't want clients to be able to access machines on - ## the private LAN that gives internet access to wifidog. Note that this is not - ## client isolation; The laptops will still be able to talk to one another, as - ## well as to any machine bridged to the wifi of the router. - # FirewallRule block to 192.168.0.0/16 - # FirewallRule block to 172.16.0.0/12 - # FirewallRule block to 10.0.0.0/8 - - ## This is an example ruleset for the Teliphone service. - #FirewallRule allow udp to 69.90.89.192/27 - #FirewallRule allow udp to 69.90.85.0/27 - #FirewallRule allow tcp port 80 to 69.90.89.205 - - ## Use the following to log or ulog the traffic you want to allow or block. - # For OPENWRT: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies - # iptables-mod-extra and iptables-mod-ulog (to adapt it to the linux distribution). - # Note: the log or ulog rule must be passed before, the rule you want to match. - # for openwrt: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies - # iptables-mod-extra and iptables-mod-ulog - # For example, you want to log (ulog works the same way) the traffic allowed on port 80 to the ip 69.90.89.205: - #FirewallRule log tcp port 80 to 69.90.89.205 - #FirewallRule allow tcp port 80 to 69.90.89.205 - # And you want to know, who matche your block rule: - #FirewallRule log to 0.0.0.0/0 - #FirewallRule block to 0.0.0.0/0 -} - -# Rule Set: validating-users -# -# Used for new users validating their account -FirewallRuleSet validating-users { - FirewallRule allow to 0.0.0.0/0 -} - -# Rule Set: known-users -# -# Used for normal validated users. -FirewallRuleSet known-users { - FirewallRule allow to 0.0.0.0/0 -} - -# Rule Set: unknown-users -# -# Used for unvalidated users, this is the ruleset that gets redirected. -# -# XXX The redirect code adds the Default DROP clause. -FirewallRuleSet unknown-users { - FirewallRule allow udp port 53 - FirewallRule allow tcp port 53 - FirewallRule allow udp port 67 - FirewallRule allow tcp port 67 -} - -# Rule Set: locked-users -# -# Not currently used -FirewallRuleSet locked-users { - FirewallRule block to 0.0.0.0/0 -} diff --git a/contrib/build-openwrt-kamikazeipk8.09up/wifidog/files/wifidog.init b/contrib/build-openwrt-kamikazeipk8.09up/wifidog/files/wifidog.init deleted file mode 100644 index 1cbbafda..00000000 --- a/contrib/build-openwrt-kamikazeipk8.09up/wifidog/files/wifidog.init +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh /etc/rc.common -# Copyright (C) 2006 OpenWrt.org -START=65 -EXTRA_COMMANDS="status" -EXTRA_HELP=" status Print the status of the service" - -start() { - /usr/bin/wifidog-init start -} - -stop() { - /usr/bin/wifidog-init stop -} - -status() { - /usr/bin/wifidog-init status -} diff --git a/contrib/build-openwrt-whiterussianipk/wifidog/Config.in b/contrib/build-openwrt-whiterussianipk/wifidog/Config.in deleted file mode 100644 index 7b67874b..00000000 --- a/contrib/build-openwrt-whiterussianipk/wifidog/Config.in +++ /dev/null @@ -1,16 +0,0 @@ -config BR2_PACKAGE_WIFIDOG - prompt "wifidog........................... A wireless captive portal solution" - tristate - default m if CONFIG_DEVEL - select BR2_PACKAGE_LIBPTHREAD - select BR2_PACKAGE_IPTABLES - select BR2_PACKAGE_IPTABLES_MOD_NAT - select BR2_PACKAGE_IPTABLES-MOD_IPOPT - help - The Wifidog project is a complete and embeddable captive - portal solution for wireless community groups or individuals - who wish to open a free Hotspot while still preventing abuse - of their Internet connection. - - http://dev.wifidog.org/ - diff --git a/contrib/build-openwrt-whiterussianipk/wifidog/Makefile b/contrib/build-openwrt-whiterussianipk/wifidog/Makefile deleted file mode 100644 index 42df3f22..00000000 --- a/contrib/build-openwrt-whiterussianipk/wifidog/Makefile +++ /dev/null @@ -1,65 +0,0 @@ -# $Id: $ -ifndef TOPDIR - ERR := $(Please set TOPDIR to OpenWRT SDK's buildroot) -endif - -include $(TOPDIR)/rules.mk - -PKG_NAME:=wifidog -PKG_VERSION:=20090925 -PKG_RELEASE:=1 -PKG_MD5SUM:= - -PKG_SOURCE_URL:= @SF/$(PKG_NAME) -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_CAT:=zcat -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) -PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install -include $(TOPDIR)/package/rules.mk -$(eval $(call PKG_template,WIFIDOG,$(PKG_NAME),$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) -$(PKG_BUILD_DIR)/.configured: $(PKG_BUILD_DIR)/.prepared - (cd $(PKG_BUILD_DIR); \ - $(TARGET_CONFIGURE_OPTS) \ - CFLAGS="$(TARGET_CFLAGS)" \ - CPPFLAGS="-I$(STAGING_DIR)/usr/include -I$(STAGING_DIR)/include" \ - LDFLAGS="-L$(STAGING_DIR)/usr/lib -L$(STAGING_DIR)/lib" \ - ./configure \ - --target=$(GNU_TARGET_NAME) \ - --host=$(GNU_TARGET_NAME) \ - --build=$(GNU_HOST_NAME) \ - --prefix=/usr \ - --sysconfdir=/etc \ - --without-libiconv-prefix \ - --without-libintl-prefix \ - --disable-nls \ - ); - ## Add software specific configurable options above - ## See : ./configure --help - touch $@ - -$(PKG_BUILD_DIR)/.built: - $(MAKE) -C $(PKG_BUILD_DIR) \ - $(TARGET_CONFIGURE_OPTS) - mkdir -p $(PKG_INSTALL_DIR) - $(MAKE) -C $(PKG_BUILD_DIR) \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - all install - touch $@ - -$(IPKG_WIFIDOG): - install -m0755 -d $(IDIR_WIFIDOG)/etc/init.d - install -m0755 ./files/$(PKG_NAME).init $(IDIR_WIFIDOG)/etc/init.d/S65wifidog - install -m0644 ./files/wifidog.conf $(IDIR_WIFIDOG)/etc/ - install -m0644 $(PKG_BUILD_DIR)/wifidog-msg.html $(IDIR_WIFIDOG)/etc/ - install -m0755 -d $(IDIR_WIFIDOG)/usr/bin - install -m0755 -d $(IDIR_WIFIDOG)/usr/lib - install -m0755 $(PKG_BUILD_DIR)/scripts/init.d/wifidog $(IDIR_WIFIDOG)/usr/bin/wifidog-init - $(CP) $(PKG_INSTALL_DIR)/usr/bin/wifidog $(IDIR_WIFIDOG)/usr/bin/ - $(CP) $(PKG_INSTALL_DIR)/usr/bin/wdctl $(IDIR_WIFIDOG)/usr/bin/ - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libhttpd.so* $(IDIR_WIFIDOG)/usr/lib/ - $(RSTRIP) $(IDIR_WIFIDOG) - $(IPKG_BUILD) $(IDIR_WIFIDOG) $(PACKAGE_DIR) -mostlyclean: - make -C $(PKG_BUILD_DIR) clean - rm $(PKG_BUILD_DIR)/.built -all: $(IPKG_WIFIDOG) \ No newline at end of file diff --git a/contrib/build-openwrt-whiterussianipk/wifidog/files/wifidog.conf b/contrib/build-openwrt-whiterussianipk/wifidog/files/wifidog.conf deleted file mode 100644 index c275b887..00000000 --- a/contrib/build-openwrt-whiterussianipk/wifidog/files/wifidog.conf +++ /dev/null @@ -1,246 +0,0 @@ -# $Id: wifidog.conf 1375 2008-09-30 10:20:06Z wichert $ -# WiFiDog Configuration file - -# Parameter: GatewayID -# Default: default -# Optional -# -# Set this to the node ID on the auth server -# This is used to give a customized login page to the clients and for -# monitoring/statistics purpose. If you run multiple gateways on the same -# machine each gateway needs to have a different gateway id. -# If none is supplied, the mac address of the GatewayInterface interface will be used, -# without the : separators - -# GatewayID default - -# Parameter: ExternalInterface -# Default: NONE -# Optional -# -# Set this to the external interface (the one going out to the Inernet or your larger LAN). -# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise, -# Normally autodetected - -# ExternalInterface eth0 - -# Parameter: GatewayInterface -# Default: NONE -# Mandatory -# -# Set this to the internal interface (typically your wifi interface). -# Typically br0 for whiterussian, br-lan for kamikaze (by default the wifi interface is bridged with wired lan in openwrt) -# and eth1, wlan0, ath0, etc. otherwise -# You can get this interface with the ifconfig command and finding your wifi interface - -GatewayInterface br0 - -# Parameter: GatewayAddress -# Default: Find it from GatewayInterface -# Optional -# -# Set this to the internal IP address of the gateway. Not normally required. - -# GatewayAddress 192.168.1.1 - -# Parameter: HtmlMessageFile -# Default: wifidog-msg.html -# Optional -# -# This allows you to specify a custome HTML file which will be used for -# system errors by the gateway. Any $title, $message and $node variables -# used inside the file will be replaced. -# -# HtmlMessageFile /opt/wifidog/etc/wifidog-.html - -# Parameter: AuthServer -# Default: NONE -# Mandatory, repeatable -# -# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds. -# Set this to the hostname or IP of your auth server(s), the path where -# WiFiDog-auth resides in and the port it listens on. -#AuthServer { -# Hostname (Mandatory; Default: NONE) -# SSLAvailable (Optional; Default: no; Possible values: yes, no) -# SSLPort (Optional; Default: 443) -# HTTPPort (Optional; Default: 80) -# Path (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.) -# LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.) -# PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.) -# MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.) -# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.) -# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.) -#} - -#AuthServer { -# Hostname auth.ilesansfil.org -# SSLAvailable yes -# Path / -#} - -#AuthServer { -# Hostname auth2.ilesansfil.org -# SSLAvailable yes -# Path / -#} - -# Parameter: Daemon -# Default: 1 -# Optional -# -# Set this to true if you want to run as a daemon -# Daemon 1 - -# Parameter: GatewayPort -# Default: 2060 -# Optional -# -# Listen on this port -# GatewayPort 2060 - -# Parameter: ProxyPort -# Default: 0 (disable) -# Optional -# -# Redirect http traffic of knowns & probations users -# to a local transparent proxy listening on ProxyPort port -# ProxyPort 0 - -# Parameter: HTTPDName -# Default: WiFiDog -# Optional -# -# Define what name the HTTPD server will respond -# HTTPDName WiFiDog - -# Parameter: HTTPDMaxConn -# Default: 10 -# Optional -# -# How many sockets to listen to -# HTTPDMaxConn 10 - -# Parameter: HTTPDRealm -# Default: WiFiDog -# Optional -# -# The name of the HTTP authentication realm. This only used when a user -# tries to access a protected WiFiDog internal page. See HTTPUserName. -# HTTPDRealm WiFiDog - -# Parameter: HTTPDUserName / HTTPDPassword -# Default: unset -# Optional -# -# The gateway exposes some information such as the status page through its web -# interface. This information can be protected with a username and password, -# which can be set through the HTTPDUserName and HTTPDPassword parameters. -# HTTPDUserName admin -# HTTPDPassword secret - -# Parameter: CheckInterval -# Default: 60 -# Optional -# -# How many seconds should we wait between timeout checks. This is also -# how often the gateway will ping the auth server and how often it will -# update the traffic counters on the auth server. Setting this too low -# wastes bandwidth, setting this too high will cause the gateway to take -# a long time to switch to it's backup auth server(s). - -# CheckInterval 60 - -# Parameter: ClientTimeout -# Default: 5 -# Optional -# -# Set this to the desired of number of CheckInterval of inactivity before a client is logged out -# The timeout will be INTERVAL * TIMEOUT -ClientTimeout 5 - -# Parameter: TrustedMACList -# Default: none -# Optional -# -# Comma separated list of MAC addresses who are allowed to pass -# through without authentication -#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D - -# Parameter: FirewallRuleSet -# Default: none -# Mandatory -# -# Groups a number of FirewallRule statements together. - -# Parameter: FirewallRule -# Default: none -# -# Define one firewall rule in a rule set. - -# Rule Set: global -# -# Used for rules to be applied to all other rulesets except locked. -FirewallRuleSet global { - ## To block SMTP out, as it's a tech support nightmare, and a legal liability - #FirewallRule block tcp port 25 - - ## Use the following if you don't want clients to be able to access machines on - ## the private LAN that gives internet access to wifidog. Note that this is not - ## client isolation; The laptops will still be able to talk to one another, as - ## well as to any machine bridged to the wifi of the router. - # FirewallRule block to 192.168.0.0/16 - # FirewallRule block to 172.16.0.0/12 - # FirewallRule block to 10.0.0.0/8 - - ## This is an example ruleset for the Teliphone service. - #FirewallRule allow udp to 69.90.89.192/27 - #FirewallRule allow udp to 69.90.85.0/27 - #FirewallRule allow tcp port 80 to 69.90.89.205 - - ## Use the following to log or ulog the traffic you want to allow or block. - # For OPENWRT: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies - # iptables-mod-extra and iptables-mod-ulog (to adapt it to the linux distribution). - # Note: the log or ulog rule must be passed before, the rule you want to match. - # for openwrt: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies - # iptables-mod-extra and iptables-mod-ulog - # For example, you want to log (ulog works the same way) the traffic allowed on port 80 to the ip 69.90.89.205: - #FirewallRule log tcp port 80 to 69.90.89.205 - #FirewallRule allow tcp port 80 to 69.90.89.205 - # And you want to know, who matche your block rule: - #FirewallRule log to 0.0.0.0/0 - #FirewallRule block to 0.0.0.0/0 -} - -# Rule Set: validating-users -# -# Used for new users validating their account -FirewallRuleSet validating-users { - FirewallRule allow to 0.0.0.0/0 -} - -# Rule Set: known-users -# -# Used for normal validated users. -FirewallRuleSet known-users { - FirewallRule allow to 0.0.0.0/0 -} - -# Rule Set: unknown-users -# -# Used for unvalidated users, this is the ruleset that gets redirected. -# -# XXX The redirect code adds the Default DROP clause. -FirewallRuleSet unknown-users { - FirewallRule allow udp port 53 - FirewallRule allow tcp port 53 - FirewallRule allow udp port 67 - FirewallRule allow tcp port 67 -} - -# Rule Set: locked-users -# -# Not currently used -FirewallRuleSet locked-users { - FirewallRule block to 0.0.0.0/0 -} diff --git a/contrib/build-openwrt-whiterussianipk/wifidog/files/wifidog.init b/contrib/build-openwrt-whiterussianipk/wifidog/files/wifidog.init deleted file mode 100644 index 44a272a6..00000000 --- a/contrib/build-openwrt-whiterussianipk/wifidog/files/wifidog.init +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh /etc/rc.common -# Copyright (C) 2006 OpenWrt.org -START=50 - -start() { - /usr/bin/wifidog-init start -} - -stop() { - /usr/bin/wifidog-init stop -} - -status() { - /usr/bin/wifidog-init status -} \ No newline at end of file diff --git a/contrib/build-openwrt-whiterussianipk/wifidog/ipkg/wifidog.conffiles b/contrib/build-openwrt-whiterussianipk/wifidog/ipkg/wifidog.conffiles deleted file mode 100644 index aaa3dd14..00000000 --- a/contrib/build-openwrt-whiterussianipk/wifidog/ipkg/wifidog.conffiles +++ /dev/null @@ -1 +0,0 @@ -/etc/wifidog.conf diff --git a/contrib/build-openwrt-whiterussianipk/wifidog/ipkg/wifidog.control b/contrib/build-openwrt-whiterussianipk/wifidog/ipkg/wifidog.control deleted file mode 100644 index dcf25e87..00000000 --- a/contrib/build-openwrt-whiterussianipk/wifidog/ipkg/wifidog.control +++ /dev/null @@ -1,8 +0,0 @@ -Package: wifidog -Priority: optional -Section: net -Depends: libpthread, iptables, iptables-mod-nat, iptables-mod-ipopt -Description: WiFiDog is a complete and embeddable captive portal - solution for wireless community groups or individuals who - wish to open a free Hotspot while still preventing abuse - of their Internet connection. diff --git a/scripts/DOG_monitor.sh b/scripts/DOG_monitor.sh new file mode 100644 index 00000000..5340e219 --- /dev/null +++ b/scripts/DOG_monitor.sh @@ -0,0 +1,294 @@ +#!/bin/sh +########################################################### +## +## Description: this scripts generate the interface traffic +## count file and clients rate file for the +## wifidog daemon,and monitor the wifidog daemon, +## if the wifidog was down,it will be start again. +## This scripts based on UCI and iptables,run on +## OpenWrt routers. +## Author: GaomingPan +## Lisence: GPL +## Date: 2015-09-12 +## Version: v1.2.7 +## +############################################################ + +############################################### +## +## wifidog execute file and contorl files. +## +############################################### +WIFI_DOG_BIN=/usr/bin/wifidog +WIFI_DOG_INIT=/usr/bin/wifidog-init +WIFI_DOG_WDCTL=/usr/bin/wdctl + +############################################################ +## +## Function: iface_data_file_generator +## Description: generate the file that contains: interface +## name,Receive bytes,Transmit bytes,Rx rate in +## a second and Tx rate in a second. +## FileContentsFormat: +## ifacename RxBytes TxBytes dRx dTx +## +############################################################ +IFACE_DATA=/tmp/.iface-data +T_IFACE_DATA=/tmp/.t_iface-data +DEV_FILE=/proc/net/dev +TMP=/tmp/.ftmp +TMP_D=/tmp/.ftmpd + +iface_data_file_generator() +{ + echo > $IFACE_DATA + echo > $T_IFACE_DATA + echo > $TMP + echo > $TMP_D + cat $DEV_FILE | sed 1d | sed 1d > $TMP + while read line + do + echo $line | awk '{print $1,$2,$10}' >> $T_IFACE_DATA + done < $TMP + sleep 1 + cat $DEV_FILE | sed 1d | sed 1d > $TMP + while read line + do + echo $line | awk '{print $1,$2,$10}' >> $IFACE_DATA + done < $TMP + sed '/^$/d' $T_IFACE_DATA > $TMP + cat $TMP > $T_IFACE_DATA + sed '/^$/d' $IFACE_DATA > $TMP + cat $TMP > $IFACE_DATA + echo > $TMP + i=$(awk 'END{print NR}' $IFACE_DATA) + while [ $i -gt 0 ] + do + read line < $IFACE_DATA + rx1=$(echo $line | awk '{print $2}') + tx1=$(echo $line | awk '{print $3}') + read line < $T_IFACE_DATA + rx2=$(echo $line | awk '{print $2}') + tx2=$(echo $line | awk '{print $3}') + cat $IFACE_DATA|sed 1d > $TMP + cat $TMP > $IFACE_DATA + cat $T_IFACE_DATA|sed 1d > $TMP + cat $TMP > $T_IFACE_DATA + drx=$(($rx1 - $rx2)) + dtx=$(($tx1 - $tx2)) + echo "$line $drx $dtx" >> $TMP_D + i=$(($i - 1)) + done + cat $TMP_D > $IFACE_DATA + +} + +########################################################## +## +## Function: clients_RxTxRate_generator +## Description: this function generator the client rate file. +## +########################################################### +UP_SPEED=/tmp/.client.up.speed +DOWN_SPEED=/tmp/.client.down.speed +MAC_IP=/tmp/.mac-ip.client +I_FACE=$(uci get wifidog_conf.single.gatewayInterface | awk '{print $2}') +CHECK_INTERVAL=$(uci get wifidog_conf.single.checkInterval | awk '{print $2}') + +# if the chain is already exists, +# first all shuld delete them. +chain_check() +{ + iptables -w -nvx -L FORWARD | grep DOWNLOAD | awk '{print $9}' > $MAC_IP + while read line;do iptables -w -D FORWARD -d $line -j DOWNLOAD;done < $MAC_IP + + read line < $MAC_IP + if [ -n "$line" ] + then + iptables -w -X DOWNLOAD + fi + + iptables -w -nvx -L FORWARD | grep UPLOAD | awk '{print $8}' > $MAC_IP + while read line;do iptables -w -D FORWARD -s $line -j UPLOAD;done < $MAC_IP + + read line < $MAC_IP + if [ -n "$line" ] + then + iptables -w -X UPLOAD + fi +} + +clients_RxTxRate_generator() +{ + chain_check + + cat /proc/net/arp | grep : | grep $I_FACE | grep -v 00:00:00:00:00:00| awk '{print $1}' > $MAC_IP + iptables -w -N UPLOAD + iptables -w -N DOWNLOAD + while read line;do iptables -w -I FORWARD 1 -s $line -j UPLOAD;done < $MAC_IP + while read line;do iptables -w -I FORWARD 1 -d $line -j DOWNLOAD;done < $MAC_IP + sleep 1 + iptables -w -nvx -L FORWARD | grep DOWNLOAD | awk '{print $9,$2}' | sort -n -r > $DOWN_SPEED + iptables -w -nvx -L FORWARD | grep UPLOAD | awk '{print $8,$2}' | sort -n -r > $UP_SPEED + while read line;do iptables -w -D FORWARD -s $line -j UPLOAD;done < $MAC_IP + while read line;do iptables -w -D FORWARD -d $line -j DOWNLOAD;done < $MAC_IP + iptables -w -X UPLOAD + iptables -w -X DOWNLOAD +} + +################################################## +## +## Function: dog_daemon_monitor +## Description: monitor the wifidog daemon,if it +## was down,then start it. +## +################################################# +PID_NAME=wifidog +PS_FILE=/tmp/ps-info +dog_daemon_monitor() +{ + ps > $PS_FILE + pid=$(cat $PS_FILE | grep $PID_NAME | awk '{print $1}') + + if [ -n "$pid" ] + then + return 1 + fi + + $WIFI_DOG_INIT stop > /dev/null + sleep 2 + $WIFI_DOG_INIT start > /dev/null + + return 0 +} + + +################################################## +## +## Function: hostname_file_generator +## Description: this function generate and refresh +## the hostname file for wifidog. +## +################################################## +HOST_NAME_FILE=/tmp/.hostname.txt + +hostname_file_generator() +{ + cat $(uci get dhcp.@dnsmasq[0].leasefile) | awk '{print $2,$3,$4}' > $HOST_NAME_FILE +} + +################################################## +## +## Function: iface_conn_file_generator +## Description: this function generate and refresh +## the interface connection file for wifidog. +## +################################################## +IFACE_CONN_FILE=/tmp/.iface_conn +IFACE_LIST=/tmp/.iface_list.txt + +iface_conn_file_generator() +{ + rm -f $IFACE_CONN_FILE + cat /proc/net/arp | awk '{print $6}' | awk '!a[$1]++' | sed 1d > $IFACE_LIST + while read line + do + echo "$line $(cat /proc/net/arp | grep -e "0x2" | grep -e $line | awk 'END{print NR}')" >> $IFACE_CONN_FILE + done < $IFACE_LIST +} + + +################################################## +## +## Function: cpu_use_info_file_generator +## Description: this function generate and refresh +## the cpu use information file for wifidog. +## +################################################## +CPU_USE_INFO_FILE=/tmp/.cpu_use_info + +cpu_use_info_file_generator() +{ + echo "$(top -n 1 | awk 'NR==2{print}')" > $CPU_USE_INFO_FILE +} + + +################################################## +## +## Function: wan_ipaddr_file_generator +## Description: this function generate and refresh +## the WAN ip address information file for wifidog. +## +################################################## +WAN_IPADDR_FILE=/tmp/.wan_ipaddr.txt + +wan_ipaddr_file_generator() +{ + echo "$(ifconfig | grep $(uci get network.wan.ifname) -A 2 | grep addr | sed 1d | awk '{print $2}' | awk -F ":" '{print $2}')" > $WAN_IPADDR_FILE +} + + +################################################## +## +## Function: stop_and_start_dog_monitor +## Description: this function STOP the wifidog and +## wifidog monitor process(DOG_monitor). +## +################################################## +STOP_START_FLAG_FILE=/tmp/.is_stop_or_start_deamon + +stop_and_start_dog_monitor() +{ + flag=$(cat $STOP_START_FLAG_FILE) + is_stop=1 + + while [ $flag -eq 1 ] + do + + if [ $is_stop -eq 1 ] + then + $WIFI_DOG_INIT stop > /dev/null + sleep 3 + is_stop=0 + fi + + sleep 10 + flag=$(cat $STOP_START_FLAG_FILE) + + done + +} + +################################################## +## +## Function: man_loop +## Description: this is the mian function,do above +## things to refresh data. +## +################################################# +main_loop() +{ + echo "$(uci get dog_alive.@dog_alive[0].is_alive)" > $STOP_START_FLAG_FILE + sleep_time=$(($CHECK_INTERVAL - 4)) + + while [ true ] + do + iface_data_file_generator + clients_RxTxRate_generator + hostname_file_generator + iface_conn_file_generator + cpu_use_info_file_generator + wan_ipaddr_file_generator + dog_daemon_monitor + sleep $sleep_time + stop_and_start_dog_monitor + done + } + +############################# +## +## now,do the loop +## +############################# +main_loop + diff --git a/scripts/GET_settings.sh b/scripts/GET_settings.sh new file mode 100644 index 00000000..a5326654 --- /dev/null +++ b/scripts/GET_settings.sh @@ -0,0 +1,54 @@ +#!/bin/sh +############################################################################################################################### +# +# description: get the settings of wireless, +# lan,wan,reboot_info and dhcp. +# use in OpenWrt router,based on uci +# Version: 1.0.0 +# Author: GaomingPan +# 2015-07-29 +# +# Pram: $1 gw_id +# $2 cmd_id +# +################################################################################################################################ +TMP=/tmp/.tmpfile +STMP=/tmp/.stmpfile +RESULT_FILE=/tmp/.routersettings +RESULT="" +echo "" > $RESULT_FILE +RESULT="$RESULT$(echo "{\"gw_id\":\"$1\",\"cmd_id\":\"$2\",\"type\":\"getsettings\",")" +RESULT="$RESULT$(echo "\"result\":{\"wireless\":{")" +uci show wireless > $TMP +while read line;do echo $line>$STMP; RESULT="$RESULT$(awk -F "=" '{print "\""$1"\":","\""$2"\"," }'<$STMP)";done < $TMP +RESULT=${RESULT%,} +RESULT="$RESULT},\"lan\":{" +uci show network.lan > $TMP +while read line;do echo $line>$STMP; RESULT="$RESULT$(awk -F "=" '{print "\""$1"\":","\""$2"\"," }'<$STMP)";done < $TMP +RESULT=${RESULT%,} +RESULT="$RESULT},\"wan\":{" +uci show network.wan > $TMP +while read line;do echo $line>$STMP; RESULT="$RESULT$(awk -F "=" '{print "\""$1"\":","\""$2"\"," }'<$STMP)";done < $TMP +RESULT=${RESULT%,} +RESULT="$RESULT},\"dhcp\":{" +uci show dhcp > $TMP +while read line;do echo $line>$STMP; RESULT="$RESULT$(awk -F "=" '{print "\""$1"\":","\""$2"\"," }'<$STMP)";done < $TMP +RESULT=${RESULT%,} +RESULT="$RESULT},\"reboot_info\":\"`cat /etc/crontabs/root | grep -E "reboot" | awk '{print $2" :",$1}'`\"," +RESULT="$RESULT\"trustedMacList\":[$(uci get wifidog_conf.trustedMACList.TrustedMACList | awk '{for(i=1;i<=NF;i++) print "\""$i"\","}')" +RESULT=${RESULT%,}], +RESULT="$RESULT\"untrustedMacList\":[$(uci get wifidog_conf.untrustedMACList.UntrustedMACList | awk '{for(i=1;i<=NF;i++) print "\""$i"\","}')" +RESULT=${RESULT%,}], +RESULT="$RESULT\"WhiteList\":[$(uci get wifidog_conf.whiteBlackList.WhiteList | awk '{for(i=1;i<=NF;i++) print "\""$i"\","}')" +RESULT=${RESULT%,}], +RESULT="$RESULT\"BlackList\":[$(uci get wifidog_conf.whiteBlackList.BlackList | awk '{for(i=1;i<=NF;i++) print "\""$i"\","}')" +RESULT=${RESULT%,}]}} + +rm $TMP $STMP +echo $RESULT > $RESULT_FILE +##### +# delete the single quote ' character,because some uci version will echo ' to the file. +# +sed -i 's/'\''//g' $RESULT_FILE + + diff --git a/scripts/conf/dog_alive b/scripts/conf/dog_alive new file mode 100644 index 00000000..039c0157 --- /dev/null +++ b/scripts/conf/dog_alive @@ -0,0 +1,4 @@ +package 'dog_alive' + +config 'dog_alive' + option is_alive '0' \ No newline at end of file diff --git a/scripts/conf/dog_post_conf b/scripts/conf/dog_post_conf new file mode 100644 index 00000000..9c2fdefa --- /dev/null +++ b/scripts/conf/dog_post_conf @@ -0,0 +1,8 @@ + +config dog_post 'url' + option 'info_url' 'http://auth.octodata.com.cn:8080/WiFiAuth/v1/wifidog/result' + option 'normal_url' 'http://auth.octodata.com.cn:8080/WiFiAuth/v1/wifidog/result' +config dog_post 'rmflag' + option 'info_rmflag' 'result' + option 'normal_rmflag' 'result' + diff --git a/scripts/conf/wifidog_conf b/scripts/conf/wifidog_conf new file mode 100644 index 00000000..dd7d5846 --- /dev/null +++ b/scripts/conf/wifidog_conf @@ -0,0 +1,74 @@ +package 'wifidog_conf' + +config 'wifidog_conf' 'single' + option gatewayId '#GatewayID default is mac addr' + option externalInterface '# ExternalInterface eth0' + option gatewayInterface 'GatewayInterface br-lan' + option gatewayAddress '# GatewayAddress 192.168.1.1' + option htmlMessageFile '# HtmlMessageFile /opt/wifidog/etc/wifidog-.html' + option daemon '# Deamon 1' + option gatewayPort '# GatewayPort 2060' + option proxyPort '# ProxyPort 0' + option httpdName '# HTTPDName WiFiDog' + option httpdMaxConn '# HTTPDMaxConn 10' + option httpdRealm '# HTTPDRealm WiFiDog' + option httpdUserName '# HTTPDUserName admin' + option httpdPassword '# HTTPDPassword secret' + option checkInterval 'CheckInterval 30' + option clientTimeout 'ClientTimeout 5' + + +config 'wifidog_conf' 'authServer' + option 'hostname' 'Hostname auth.octodata.com.cn' + option 'sslAvailable' '# SSLAvailable (Optional;Default: no;Possible values:yes,no)' + option 'sslPort' '# SSLPort (Optional;Default:443)' + option 'httpPort' 'HTTPPort 8080' + option 'path' 'Path /WiFiAuth/v1/wifidog/' + option 'loginScriptPathFragment' '# LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.)' + option 'portalScriptPathFragment' '# PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.)' +# option 'msgScriptPathFragment' '# MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.)' + option 'msgScriptPathFragment' 'MsgScriptPathFragment gw_message/?' + option 'pingScriptPathFragment' '# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.)' + option 'authScriptPathFragment' '# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.)' + +config 'wifidog_conf' 'trustedMACList' + option 'enable' '1' + list 'TrustedMACList' '11:22:33:44:55:66' + list 'TrustedMACList' 'aa:bb:cc:dd:ee:ff' + +config 'wifidog_conf' 'untrustedMACList' + option 'enable' '1' + list 'UntrustedMACList' 'aa:bb:cc:dd:ee:ff' + + +config 'wifidog_conf' 'whiteBlackList' + option 'white_enable' '0' + option 'black_enable' '0' + list 'WhiteList' 'www.baidu.com' + list 'WhiteList' 'www.taobao.com' + list 'BlackList' 'www.google.com' + list 'BlackList' 'www.hao123.com' + + +config 'wifidog_conf' 'firewallRule_global' + list 'FirewallRuleSet_global' '# FirewallRule block to 192.168.0.0/16 L' + list 'FirewallRuleSet_global' '# FirewallRule block to 172.16.0.0/12 L' + list 'FirewallRuleSet_global' 'FirewallRule allow to auth.octodata.com.cn L' + + +config 'wifidog_conf' 'firewallRule_validating_users' + list 'FirewallRuleSet_validating_users' 'FirewallRule allow to 0.0.0.0/0 L' + + +config 'wifidog_conf' 'firewallRule_known_users' + list 'FirewallRuleSet_known_users' 'FirewallRule allow to 0.0.0.0/0 L' + +config 'wifidog_conf' 'firewallRule_unknown_users' + list 'FirewallRuleSet_unknown_users' 'FirewallRule allow udp port 53 L' + list 'FirewallRuleSet_unknown_users' 'FirewallRule allow tcp port 53 L' + list 'FirewallRuleSet_unknown_users' 'FirewallRule allow udp port 67 L' + list 'FirewallRuleSet_unknown_users' 'FirewallRule allow tcp port 67 L' + +config 'wifidog_conf' 'firewallRule_locked_users' + list 'FirewallRuleSet_locked_users' 'FirewallRule block to 0.0.0.0/0 L' + diff --git a/scripts/dog_conf_generator.sh b/scripts/dog_conf_generator.sh new file mode 100644 index 00000000..cc0736a0 --- /dev/null +++ b/scripts/dog_conf_generator.sh @@ -0,0 +1,192 @@ +#!/bin/sh +############################################################################################################## +# +# Generates the wifidog config file based on UCI +# +# Author : GaomingPan +# Date : 2015-08-05 +# Version: 1.0.3 +# +############################################################################################################### + +version="1.0.3" + +WIFI_DOG_CONF_FILE=/etc/wifidog.conf +WIFI_DOG_CONF=/etc/config/wifidog_conf +SINGLE=wifidog_conf.single +AUTH_SERVER=wifidog_conf.authServer +TRUSTED_MAC_LIST=wifidog_conf.trustedMACList +UNTRUSTED_MAC_LIST=wifidog_conf.untrustedMACList +WHITE_LIST=wifidog_conf.whiteBlackList +BLACK_LIST=wifidog_conf.whiteBlackList +FIREWALL_RULE_GLOABL=wifidog_conf.firewallRule_global.FirewallRuleSet_global +FIREWALL_RULE_VALIDATING_USERS=wifidog_conf.firewallRule_validating_users.FirewallRuleSet_validating_users +FIREWALL_RULE_KNOWN_USERS=wifidog_conf.firewallRule_known_users.FirewallRuleSet_known_users +FIREWALL_RULE_UNKNOWN_USERS=wifidog_conf.firewallRule_unknown_users.FirewallRuleSet_unknown_users +FIREWALL_RULE_LOCKED_USERS=wifidog_conf.firewallRule_locked_users.FirewallRuleSet_locked_users + + +generate_single() +{ + echo "$(uci show $SINGLE | sed 1d | awk -F "=" '{print $2}')" >> $WIFI_DOG_CONF_FILE +} + +generate_authServer() +{ + echo "AuthServer {" >> $WIFI_DOG_CONF_FILE + echo "$(uci show $AUTH_SERVER | sed 1d | \ + awk -F "=" '{print $2}')" >> $WIFI_DOG_CONF_FILE + echo "}" >> $WIFI_DOG_CONF_FILE +} + +generate_trustedMACList() +{ + enable=$(uci get "$TRUSTED_MAC_LIST.enable") + + if [ $enable -ne 1 ] + then + return + fi + + echo "TrustedMACList $(uci get "$TRUSTED_MAC_LIST.TrustedMACList" | \ + tr " " ",")" >> $WIFI_DOG_CONF_FILE +} + +generate_untrustedMACList() +{ + enable=$(uci get "$UNTRUSTED_MAC_LIST.enable") + + if [ $enable -ne 1 ] + then + return + fi + + echo "UntrustedMACList $(uci get "$UNTRUSTED_MAC_LIST.UntrustedMACList" | \ + tr " " ",")" >> $WIFI_DOG_CONF_FILE +} + +generate_whiteList() +{ + white_enable=$(uci get "$WHITE_LIST.white_enable") + + if [ $white_enable -ne 1 ] + then + return + fi + + echo "WhiteList $(uci get "$WHITE_LIST.WhiteList" | \ + tr " " ",")" >> $WIFI_DOG_CONF_FILE +} + + +generate_blackList() +{ + black_enable=$(uci get "$BLACK_LIST.black_enable") + + if [ $black_enable -ne 1 ] + then + return + fi + + echo "BlackList $(uci get "$BLACK_LIST.BlackList" | \ + tr " " ",")" >> $WIFI_DOG_CONF_FILE +} + + +generate_firewallRule_global() +{ + echo "FirewallRuleSet global {" >> $WIFI_DOG_CONF_FILE + echo "$(uci get $FIREWALL_RULE_GLOABL | tr "L" "\n")" >> $WIFI_DOG_CONF_FILE + echo "}" >> $WIFI_DOG_CONF_FILE +} + +generate_PopularServer() +{ + echo "PopularServers wifi.xiao8web.com,kernel.org" >> $WIFI_DOG_CONF_FILE +} + +generate_firewallRule_validating_users() +{ + echo "FirewallRuleSet validating-users {" >> $WIFI_DOG_CONF_FILE + echo "$(uci get $FIREWALL_RULE_VALIDATING_USERS | tr "L" "\n")" >> $WIFI_DOG_CONF_FILE + echo "}" >> $WIFI_DOG_CONF_FILE +} + +generate_firewallRule_known_users() +{ + echo "FirewallRuleSet known-users {" >> $WIFI_DOG_CONF_FILE + echo "$(uci get $FIREWALL_RULE_KNOWN_USERS | tr "L" "\n")" >> $WIFI_DOG_CONF_FILE + echo "}" >> $WIFI_DOG_CONF_FILE +} + + +generate_firewallRule_unknown_users() +{ + echo "FirewallRuleSet unknown-users {" >> $WIFI_DOG_CONF_FILE + echo "$(uci get $FIREWALL_RULE_UNKNOWN_USERS | tr "L" "\n")" >> $WIFI_DOG_CONF_FILE + echo "}" >> $WIFI_DOG_CONF_FILE +} + +generate_firewallRule_auth_is_down() +{ + echo "FirewallRuleSet auth-is-down {" >> $WIFI_DOG_CONF_FILE + echo "FirewallRule allow to 0.0.0.0/0" >> $WIFI_DOG_CONF_FILE + echo "}" >> $WIFI_DOG_CONF_FILE +} + +generate_firewallRule_locked_users() +{ + echo "FirewallRuleSet locked-users {" >> $WIFI_DOG_CONF_FILE + echo "$(uci get $FIREWALL_RULE_LOCKED_USERS | tr "L" "\n")" >> $WIFI_DOG_CONF_FILE + echo "}" >> $WIFI_DOG_CONF_FILE +} + +conf_character_check() +{ + +##### +# delete the single quote ' character,because some uci version will echo ' to the +# config file. + sed -i 's/'\''//g' $WIFI_DOG_CONF_FILE +#### +# delete the blank character at the line header + sed -i 's/^[[:space:]]*//' $WIFI_DOG_CONF_FILE + +#### +# delete the blank character at the line tail + sed -i 's/[[:space:]]*$//' $WIFI_DOG_CONF_FILE + +} + +generate_wifidog_conf_file() +{ + echo "###########################################################" > $WIFI_DOG_CONF_FILE + echo "## this is wifidog config file" >> $WIFI_DOG_CONF_FILE + echo "## auto generate by dog_conf_generator.sh" >> $WIFI_DOG_CONF_FILE + echo "## Version: $version Based on UCI" >> $WIFI_DOG_CONF_FILE + echo "############################################################" >> $WIFI_DOG_CONF_FILE + + generate_single + generate_authServer + generate_trustedMACList + generate_untrustedMACList + generate_PopularServer + generate_whiteList + generate_blackList + generate_firewallRule_global + generate_firewallRule_validating_users + generate_firewallRule_known_users + generate_firewallRule_unknown_users + generate_firewallRule_locked_users + generate_firewallRule_auth_is_down + + conf_character_check +} + + +#echo "------ starting generate wifidog config file --------" + +generate_wifidog_conf_file + +#echo "------ wifidog config file generate complete --------" + diff --git a/scripts/etc/devicekey b/scripts/etc/devicekey new file mode 100644 index 00000000..12a3d538 --- /dev/null +++ b/scripts/etc/devicekey @@ -0,0 +1,6 @@ +######################################################## +## ### +## this file is the device key, do NOT modify it. ### +## ### +######################################################## +ae89-0633-cd4f-895d-780f-3342 \ No newline at end of file diff --git a/scripts/init.d/wifidog b/scripts/init.d/wifidog index f5447651..37ea5715 100644 --- a/scripts/init.d/wifidog +++ b/scripts/init.d/wifidog @@ -14,7 +14,7 @@ IPT=/usr/sbin/iptables WD_DIR=/usr/bin -OPTIONS="" +OPTIONS="-d 4" case "$1" in start) diff --git a/src/Makefile.am b/src/Makefile.am index fba84cf0..d93f598c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -34,7 +34,8 @@ libgateway_a_SOURCES = commandline.c \ httpd_thread.c \ simple_http.c \ pstring.c \ - wd_util.c + wd_util.c \ + extend_util.c noinst_HEADERS = commandline.h \ common.h \ @@ -55,7 +56,8 @@ noinst_HEADERS = commandline.h \ httpd_thread.h \ simple_http.h \ pstring.h \ - wd_util.h + wd_util.h \ + extend_util.h wdctl_LDADD = libgateway.a diff --git a/src/auth.c b/src/auth.c index 549a59d3..f7ff28c6 100644 --- a/src/auth.c +++ b/src/auth.c @@ -40,7 +40,6 @@ #include "httpd.h" #include "http.h" #include "safe.h" -#include "conf.h" #include "debug.h" #include "auth.h" #include "centralserver.h" @@ -49,6 +48,9 @@ #include "client_list.h" #include "util.h" #include "wd_util.h" +#include "conf.h" + +#include "extend_util.h" /** Launches a thread that periodically checks if any of the connections has timed out @param arg Must contain a pointer to a string containing the IP adress of the client to check to check @@ -61,8 +63,18 @@ thread_client_timeout_check(const void *arg) pthread_cond_t cond = PTHREAD_COND_INITIALIZER; pthread_mutex_t cond_mutex = PTHREAD_MUTEX_INITIALIZER; struct timespec timeout; + int ret = 0; while (1) { + /** + * Now,cllecting client's info,will create a + * client's info list. + * Added by GaomingPan + * */ + ret = collect_client_info(); + if(ret) + debug(LOG_WARNING,"cllecting client's info ERROR."); + /* Sleep for config.checkinterval seconds... */ timeout.tv_sec = time(NULL) + config_get_config()->checkinterval; timeout.tv_nsec = 0; @@ -79,6 +91,14 @@ thread_client_timeout_check(const void *arg) debug(LOG_DEBUG, "Running fw_counter()"); fw_sync_with_authserver(); + + /** + * Now,clearing client's info list, + * free the memories. + * Added by GaomingPan + * */ + ret = clean_client_info(); + debug(LOG_DEBUG,"free [%d] entry client's info.",ret); } } @@ -222,7 +242,21 @@ authenticate_client(request * r) "adding to firewall and redirecting them to portal", client->token, client->ip, client->mac); fw_allow(client, FW_MARK_KNOWN); served_this_session++; - safe_asprintf(&urlFragment, "%sgw_id=%s", auth_server->authserv_portal_script_path_fragment, config->gw_id); + + /** add parameter: + * gw_address,mac (client's MAC address). + * Added by GaomingPan. + * */ + //safe_asprintf(&urlFragment, "%sgw_id=%s", auth_server->authserv_portal_script_path_fragment, config->gw_id); + safe_asprintf(&urlFragment, "%sgw_id=%s&gw_address=%s&mac=%s", + auth_server->authserv_portal_script_path_fragment, + config->gw_id, + config->gw_address, + client->mac + ); + /************************************/ + debug(LOG_INFO,"PortalQString: [[<< ============== \n\n %s ============== >>]]\n\n",urlFragment); + http_send_redirect_to_auth(r, urlFragment, "Redirect to portal"); free(urlFragment); break; diff --git a/src/centralserver.c b/src/centralserver.c index 22c87099..c5f230c3 100644 --- a/src/centralserver.c +++ b/src/centralserver.c @@ -21,8 +21,8 @@ /* $Id$ */ /** @file centralserver.c - @brief Functions to talk to the central server (auth/send stats/get rules/etc...) - @author Copyright (C) 2004 Philippe April + @brief Functions to talk to the central server (auth/send stats/get rules/etc...) + @author Copyright (C) 2004 Philippe April */ #include @@ -39,307 +39,417 @@ #include #include "httpd.h" - -#include "common.h" -#include "safe.h" -#include "util.h" -#include "wd_util.h" #include "auth.h" +#include "common.h" #include "conf.h" #include "debug.h" -#include "centralserver.h" #include "firewall.h" +#include "safe.h" +#include "simple_http.h" +#include "util.h" +#include "wd_util.h" #include "../config.h" -#include "simple_http.h" +#include "centralserver.h" + +#include "extend_util.h" /** Initiates a transaction with the auth server, either to authenticate or to * update the traffic counters at the server -@param authresponse Returns the information given by the central server -@param request_type Use the REQUEST_TYPE_* defines in centralserver.h -@param ip IP adress of the client this request is related to -@param mac MAC adress of the client this request is related to -@param token Authentification token of the client -@param incoming Current counter of the client's total incoming traffic, in bytes -@param outgoing Current counter of the client's total outgoing traffic, in bytes -*/ -t_authcode -auth_server_request(t_authresponse * authresponse, const char *request_type, const char *ip, const char *mac, - const char *token, unsigned long long int incoming, unsigned long long int outgoing, unsigned long long int incoming_delta, unsigned long long int outgoing_delta) + @param authresponse Returns the information given by the central server + @param request_type Use the REQUEST_TYPE_* defines in centralserver.h + @param ip IP adress of the client this request is related to + @param mac MAC adress of the client this request is related to + @param token Authentification token of the client + @param incoming Current counter of the client's total incoming traffic, in bytes + @param outgoing Current counter of the client's total outgoing traffic, in bytes + */ +t_authcode auth_server_request(t_authresponse * authresponse, + const char *request_type, const char *ip, const char *mac, + const char *token, unsigned long long int incoming, + unsigned long long int outgoing, unsigned long long int incoming_delta, + unsigned long long int outgoing_delta) { - s_config *config = config_get_config(); - int sockfd; - char buf[MAX_BUF]; - char *tmp; - char *safe_token; - t_auth_serv *auth_server = NULL; - auth_server = get_auth_server(); + s_config *config = config_get_config(); + int sockfd; + char buf[MAX_BUF]; + char *tmp; + char *safe_token; + t_auth_serv *auth_server = NULL; + auth_server = get_auth_server(); + + /** + * get client's info, + * get client's online time, + * outgo rate and comin rate. + * Added by TianyuanPan + * */ + t_clientinfo *client_info = NULL; + client_info = get_client_info_by_ip(ip); + time_t online_time = get_online_time(ip, mac); + int go_speed, come_speed; - /* Blanket default is error. */ - authresponse->authcode = AUTH_ERROR; + /* Blanket default is error. */ + authresponse->authcode = AUTH_ERROR; - sockfd = connect_auth_server(); + sockfd = connect_auth_server(); - /** + /** * TODO: XXX change the PHP so we can harmonize stage as request_type * everywhere. */ - memset(buf, 0, sizeof(buf)); - safe_token = httpdUrlEncode(token); - if(config -> deltatraffic) { - snprintf(buf, (sizeof(buf) - 1), - "GET %s%sstage=%s&ip=%s&mac=%s&token=%s&incoming=%llu&outgoing=%llu&incomingdelta=%llu&outgoingdelta=%llu&gw_id=%s HTTP/1.0\r\n" - "User-Agent: WiFiDog %s\r\n" - "Host: %s\r\n" - "\r\n", - auth_server->authserv_path, - auth_server->authserv_auth_script_path_fragment, - request_type, - ip, mac, safe_token, - incoming, - outgoing, - incoming_delta, - outgoing_delta, - config->gw_id, VERSION, auth_server->authserv_hostname); - } else { - snprintf(buf, (sizeof(buf) - 1), - "GET %s%sstage=%s&ip=%s&mac=%s&token=%s&incoming=%llu&outgoing=%llu&gw_id=%s HTTP/1.0\r\n" - "User-Agent: WiFiDog %s\r\n" - "Host: %s\r\n" - "\r\n", - auth_server->authserv_path, - auth_server->authserv_auth_script_path_fragment, - request_type, - ip, - mac, safe_token, incoming, outgoing, config->gw_id, VERSION, auth_server->authserv_hostname); - } - free(safe_token); - - char *res; + memset(buf, 0, sizeof(buf)); + safe_token = httpdUrlEncode(token); + + if (client_info) { + if (config->deltatraffic) { + snprintf(buf, (sizeof(buf) - 1), + "GET %s%sstage=%s&ip=%s&mac=%s&token=%s&incoming=%llu&outgoing=%llu&incomingdelta=%llu&outgoingdelta=%llu&gw_id=%s&host_name=%s&go_speed=%d&come_speed=%d&online_time=%ld&flag=%s HTTP/1.0\r\n" + "User-Agent: WiFiDog %s\r\n" + "Host: %s\r\n" + "DeviceKey: %s\r\n" + "\r\n", auth_server->authserv_path, + auth_server->authserv_auth_script_path_fragment, + request_type, ip, mac, safe_token, incoming, outgoing, + incoming_delta, outgoing_delta, config->gw_id, + + /* new parameters,added by TianyuanPan */ + client_info->host_name, client_info->go_speed, + client_info->come_speed, online_time, + get_client_auth_flag(), + /**************************************/ + + VERSION, auth_server->authserv_hostname, + + /* add a device key to the header.Added by TianyuanPan */ + get_device_key()); + } else { + snprintf(buf, (sizeof(buf) - 1), + "GET %s%sstage=%s&ip=%s&mac=%s&token=%s&incoming=%llu&outgoing=%llu&gw_id=%s&host_name=%s&go_speed=%d&come_speed=%d&online_time=%ld&flag=%s HTTP/1.0\r\n" + "User-Agent: WiFiDog %s\r\n" + "Host: %s\r\n" + "DeviceKey: %s\r\n" + "\r\n", auth_server->authserv_path, + auth_server->authserv_auth_script_path_fragment, + request_type, ip, mac, safe_token, incoming, outgoing, + config->gw_id, + + /* new parameters,added by TianyuanPan */ + client_info->host_name, client_info->go_speed, + client_info->come_speed, online_time, + get_client_auth_flag(), + /**************************************/ + + VERSION, auth_server->authserv_hostname, + + /* add a device key to the header.Added by TianyuanPan */ + get_device_key()); + } + } else { //if(client_info) + get_unknown_client_speed(ip, &go_speed, &come_speed); + if (config->deltatraffic) { + snprintf(buf, (sizeof(buf) - 1), + "GET %s%sstage=%s&ip=%s&mac=%s&token=%s&incoming=%llu&outgoing=%llu&incomingdelta=%llu&outgoingdelta=%llu&gw_id=%s&host_name=%s&go_speed=%d&come_speed=%d&online_time=%ld&flag=%s HTTP/1.0\r\n" + "User-Agent: WiFiDog %s\r\n" + "Host: %s\r\n" + "DeviceKey: %s\r\n" + "\r\n", auth_server->authserv_path, + auth_server->authserv_auth_script_path_fragment, + request_type, ip, mac, safe_token, incoming, outgoing, + incoming_delta, outgoing_delta, config->gw_id, + + /* new parameters,added by TianyuanPan */ + "unknown", //client_info->host_name, + go_speed, //client_info->go_speed, + come_speed, //client_info->come_speed, + online_time, //online_time, + get_client_auth_flag(), + /**************************************/ + + VERSION, auth_server->authserv_hostname, + + /* add a device key to the header.Added by TianyuanPan */ + get_device_key()); + } else { + snprintf(buf, (sizeof(buf) - 1), + "GET %s%sstage=%s&ip=%s&mac=%s&token=%s&incoming=%llu&outgoing=%llu&gw_id=%s&host_name=%s&go_speed=%d&come_speed=%d&online_time=%ld&flag=%s HTTP/1.0\r\n" + "User-Agent: WiFiDog %s\r\n" + "Host: %s\r\n" + "DeviceKey: %s\r\n" + "\r\n", auth_server->authserv_path, + auth_server->authserv_auth_script_path_fragment, + request_type, ip, mac, safe_token, incoming, outgoing, + config->gw_id, + + /* new parameters,added by TianyuanPan */ + "unknown", //client_info->host_name, + go_speed, //client_info->go_speed, + come_speed, //client_info->come_speed, + online_time, //online_time, + get_client_auth_flag(), + /**************************************/ + + VERSION, auth_server->authserv_hostname, + + /* add a device key to the header.Added by TianyuanPan */ + get_device_key()); + } + } //if(client_info) + + free(safe_token); + + debug(LOG_INFO, + "\n\nSendingQString: [[<<================\n %s ==================>>]]\n\n", + buf); + + char *res; #ifdef USE_CYASSL - if (auth_server->authserv_use_ssl) { - res = https_get(sockfd, buf, auth_server->authserv_hostname); - } else { - res = http_get(sockfd, buf); - } + if (auth_server->authserv_use_ssl) { + res = https_get(sockfd, buf, auth_server->authserv_hostname); + } else { + res = http_get(sockfd, buf); + } #endif #ifndef USE_CYASSL - res = http_get(sockfd, buf); + res = http_get(sockfd, buf); #endif - if (NULL == res) { - debug(LOG_ERR, "There was a problem talking to the auth server!"); - return (AUTH_ERROR); - } - - if ((tmp = strstr(res, "Auth: "))) { - if (sscanf(tmp, "Auth: %d", (int *)&authresponse->authcode) == 1) { - debug(LOG_INFO, "Auth server returned authentication code %d", authresponse->authcode); - free(res); - return (authresponse->authcode); - } else { - debug(LOG_WARNING, "Auth server did not return expected authentication code"); - free(res); - return (AUTH_ERROR); - } - } - free(res); - return (AUTH_ERROR); + if (NULL == res) { + debug(LOG_ERR, "There was a problem talking to the auth server!"); + return (AUTH_ERROR); + } + + if ((tmp = strstr(res, "Auth: "))) { + if (sscanf(tmp, "Auth: %d", (int *) &authresponse->authcode) == 1) { + debug(LOG_INFO, "Auth server returned authentication code %d", + authresponse->authcode); + free(res); + return (authresponse->authcode); + } else { + debug(LOG_WARNING, + "Auth server did not return expected authentication code"); + free(res); + return (AUTH_ERROR); + } + } + free(res); + return (AUTH_ERROR); } /* Tries really hard to connect to an auth server. Returns a file descriptor, -1 on error */ -int -connect_auth_server() +int connect_auth_server() { - int sockfd; - - LOCK_CONFIG(); - sockfd = _connect_auth_server(0); - UNLOCK_CONFIG(); - - if (sockfd == -1) { - debug(LOG_ERR, "Failed to connect to any of the auth servers"); - mark_auth_offline(); - } else { - debug(LOG_DEBUG, "Connected to auth server"); - mark_auth_online(); - } - return (sockfd); + int sockfd; + + LOCK_CONFIG() + ; + sockfd = _connect_auth_server(0); + UNLOCK_CONFIG() + ; + + if (sockfd == -1) { + debug(LOG_ERR, "Failed to connect to any of the auth servers"); + mark_auth_offline(); + } else { + debug(LOG_DEBUG, "Connected to auth server"); + mark_auth_online(); + } + return (sockfd); } /* Helper function called by connect_auth_server() to do the actual work including recursion * DO NOT CALL DIRECTLY @param level recursion level indicator must be 0 when not called by _connect_auth_server() */ -int -_connect_auth_server(int level) +int _connect_auth_server(int level) { - s_config *config = config_get_config(); - t_auth_serv *auth_server = NULL; - t_popular_server *popular_server = NULL; - struct in_addr *h_addr; - int num_servers = 0; - char *hostname = NULL; - char *ip; - struct sockaddr_in their_addr; - int sockfd; - - /* If there are no auth servers, error out, from scan-build warning. */ - if (NULL == config->auth_servers) { - return (-1); - } - - /* XXX level starts out at 0 and gets incremented by every iterations. */ - level++; - - /* - * Let's calculate the number of servers we have - */ - for (auth_server = config->auth_servers; auth_server; auth_server = auth_server->next) { - num_servers++; - } - debug(LOG_DEBUG, "Level %d: Calculated %d auth servers in list", level, num_servers); - - if (level > num_servers) { - /* - * We've called ourselves too many times - * This means we've cycled through all the servers in the server list - * at least once and none are accessible - */ - return (-1); - } - - /* - * Let's resolve the hostname of the top server to an IP address - */ - auth_server = config->auth_servers; - hostname = auth_server->authserv_hostname; - debug(LOG_DEBUG, "Level %d: Resolving auth server [%s]", level, hostname); - h_addr = wd_gethostbyname(hostname); - if (!h_addr) { - /* - * DNS resolving it failed - */ - debug(LOG_DEBUG, "Level %d: Resolving auth server [%s] failed", level, hostname); - - for (popular_server = config->popular_servers; popular_server; popular_server = popular_server->next) { - debug(LOG_DEBUG, "Level %d: Resolving popular server [%s]", level, popular_server->hostname); - h_addr = wd_gethostbyname(popular_server->hostname); - if (h_addr) { - debug(LOG_DEBUG, "Level %d: Resolving popular server [%s] succeeded = [%s]", level, popular_server->hostname, - inet_ntoa(*h_addr)); - break; - } else { - debug(LOG_DEBUG, "Level %d: Resolving popular server [%s] failed", level, popular_server->hostname); - } - } - - /* - * If we got any h_addr buffer for one of the popular servers, in other - * words, if one of the popular servers resolved, we'll assume the DNS - * works, otherwise we'll deal with net connection or DNS failure. - */ - if (h_addr) { - free(h_addr); - /* - * Yes - * - * The auth server's DNS server is probably dead. Try the next auth server - */ - debug(LOG_DEBUG, "Level %d: Marking auth server [%s] as bad and trying next if possible", level, hostname); - if (auth_server->last_ip) { - free(auth_server->last_ip); - auth_server->last_ip = NULL; - } - mark_auth_server_bad(auth_server); - return _connect_auth_server(level); - } else { - /* - * No - * - * It's probably safe to assume that the internet connection is malfunctioning - * and nothing we can do will make it work - */ - mark_offline(); - debug(LOG_DEBUG, "Level %d: Failed to resolve auth server and all popular servers. " - "The internet connection is probably down", level); - return (-1); - } - } else { - /* - * DNS resolving was successful - */ - mark_online(); - ip = safe_strdup(inet_ntoa(*h_addr)); - debug(LOG_DEBUG, "Level %d: Resolving auth server [%s] succeeded = [%s]", level, hostname, ip); - - if (!auth_server->last_ip || strcmp(auth_server->last_ip, ip) != 0) { - /* - * But the IP address is different from the last one we knew - * Update it - */ - debug(LOG_DEBUG, "Level %d: Updating last_ip IP of server [%s] to [%s]", level, hostname, ip); - if (auth_server->last_ip) - free(auth_server->last_ip); - auth_server->last_ip = ip; - - /* Update firewall rules */ - fw_clear_authservers(); - fw_set_authservers(); - } else { - /* - * IP is the same as last time - */ - free(ip); - } - - /* - * Connect to it - */ - int port = 0; + s_config *config = config_get_config(); + t_auth_serv *auth_server = NULL; + t_popular_server *popular_server = NULL; + struct in_addr *h_addr; + int num_servers = 0; + char *hostname = NULL; + char *ip; + struct sockaddr_in their_addr; + int sockfd; + + /* If there are no auth servers, error out, from scan-build warning. */ + if (NULL == config->auth_servers) { + return (-1); + } + + /* XXX level starts out at 0 and gets incremented by every iterations. */ + level++; + + /* + * Let's calculate the number of servers we have + */ + for (auth_server = config->auth_servers; auth_server; auth_server = + auth_server->next) { + num_servers++; + } + debug(LOG_DEBUG, "Level %d: Calculated %d auth servers in list", level, + num_servers); + + if (level > num_servers) { + /* + * We've called ourselves too many times + * This means we've cycled through all the servers in the server list + * at least once and none are accessible + */ + return (-1); + } + + /* + * Let's resolve the hostname of the top server to an IP address + */ + auth_server = config->auth_servers; + hostname = auth_server->authserv_hostname; + debug(LOG_DEBUG, "Level %d: Resolving auth server [%s]", level, hostname); + h_addr = wd_gethostbyname(hostname); + if (!h_addr) { + /* + * DNS resolving it failed + */ + debug(LOG_DEBUG, "Level %d: Resolving auth server [%s] failed", level, + hostname); + + for (popular_server = config->popular_servers; popular_server; + popular_server = popular_server->next) { + debug(LOG_DEBUG, "Level %d: Resolving popular server [%s]", level, + popular_server->hostname); + h_addr = wd_gethostbyname(popular_server->hostname); + if (h_addr) { + debug(LOG_DEBUG, + "Level %d: Resolving popular server [%s] succeeded = [%s]", + level, popular_server->hostname, inet_ntoa(*h_addr)); + break; + } else { + debug(LOG_DEBUG, + "Level %d: Resolving popular server [%s] failed", level, + popular_server->hostname); + } + } + + /* + * If we got any h_addr buffer for one of the popular servers, in other + * words, if one of the popular servers resolved, we'll assume the DNS + * works, otherwise we'll deal with net connection or DNS failure. + */ + if (h_addr) { + free(h_addr); + /* + * Yes + * + * The auth server's DNS server is probably dead. Try the next auth server + */ + debug(LOG_DEBUG, + "Level %d: Marking auth server [%s] as bad and trying next if possible", + level, hostname); + if (auth_server->last_ip) { + free(auth_server->last_ip); + auth_server->last_ip = NULL; + } + mark_auth_server_bad(auth_server); + return _connect_auth_server(level); + } else { + /* + * No + * + * It's probably safe to assume that the internet connection is malfunctioning + * and nothing we can do will make it work + */ + mark_offline(); + debug(LOG_DEBUG, + "Level %d: Failed to resolve auth server and all popular servers. " + "The internet connection is probably down", level); + return (-1); + } + } else { + /* + * DNS resolving was successful + */ + mark_online(); + ip = safe_strdup(inet_ntoa(*h_addr)); + debug(LOG_DEBUG, + "Level %d: Resolving auth server [%s] succeeded = [%s]", level, + hostname, ip); + + if (!auth_server->last_ip || strcmp(auth_server->last_ip, ip) != 0) { + /* + * But the IP address is different from the last one we knew + * Update it + */ + debug(LOG_DEBUG, + "Level %d: Updating last_ip IP of server [%s] to [%s]", + level, hostname, ip); + if (auth_server->last_ip) + free(auth_server->last_ip); + auth_server->last_ip = ip; + + /* Update firewall rules */ + fw_clear_authservers(); + fw_set_authservers(); + } else { + /* + * IP is the same as last time + */ + free(ip); + } + + /* + * Connect to it + */ + int port = 0; #ifdef USE_CYASSL - if (auth_server->authserv_use_ssl) { - debug(LOG_DEBUG, "Level %d: Connecting to SSL auth server %s:%d", level, hostname, - auth_server->authserv_ssl_port); - port = htons(auth_server->authserv_ssl_port); - } else { - debug(LOG_DEBUG, "Level %d: Connecting to auth server %s:%d", level, hostname, - auth_server->authserv_http_port); - port = htons(auth_server->authserv_http_port); - } + if (auth_server->authserv_use_ssl) { + debug(LOG_DEBUG, "Level %d: Connecting to SSL auth server %s:%d", level, hostname, + auth_server->authserv_ssl_port); + port = htons(auth_server->authserv_ssl_port); + } else { + debug(LOG_DEBUG, "Level %d: Connecting to auth server %s:%d", level, hostname, + auth_server->authserv_http_port); + port = htons(auth_server->authserv_http_port); + } #endif #ifndef USE_CYASSL - debug(LOG_DEBUG, "Level %d: Connecting to auth server %s:%d", level, hostname, auth_server->authserv_http_port); - port = htons(auth_server->authserv_http_port); + debug(LOG_DEBUG, "Level %d: Connecting to auth server %s:%d", level, + hostname, auth_server->authserv_http_port); + port = htons(auth_server->authserv_http_port); #endif - their_addr.sin_port = port; - their_addr.sin_family = AF_INET; - their_addr.sin_addr = *h_addr; - memset(&(their_addr.sin_zero), '\0', sizeof(their_addr.sin_zero)); - free(h_addr); - - if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { - debug(LOG_ERR, "Level %d: Failed to create a new SOCK_STREAM socket: %s", strerror(errno)); - return (-1); - } - - if (connect(sockfd, (struct sockaddr *)&their_addr, sizeof(struct sockaddr)) == -1) { - /* - * Failed to connect - * Mark the server as bad and try the next one - */ - debug(LOG_DEBUG, - "Level %d: Failed to connect to auth server %s:%d (%s). Marking it as bad and trying next if possible", - level, hostname, ntohs(port), strerror(errno)); - close(sockfd); - mark_auth_server_bad(auth_server); - return _connect_auth_server(level); /* Yay recursion! */ - } else { - /* - * We have successfully connected - */ - debug(LOG_DEBUG, "Level %d: Successfully connected to auth server %s:%d", level, hostname, ntohs(port)); - return sockfd; - } - } + their_addr.sin_port = port; + their_addr.sin_family = AF_INET; + their_addr.sin_addr = *h_addr; + memset(&(their_addr.sin_zero), '\0', sizeof(their_addr.sin_zero)); + free(h_addr); + + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + debug(LOG_ERR, + "Level %d: Failed to create a new SOCK_STREAM socket: %s", + strerror(errno)); + return (-1); + } + + if (connect(sockfd, (struct sockaddr *) &their_addr, + sizeof(struct sockaddr)) == -1) { + /* + * Failed to connect + * Mark the server as bad and try the next one + */ + debug(LOG_DEBUG, + "Level %d: Failed to connect to auth server %s:%d (%s). Marking it as bad and trying next if possible", + level, hostname, ntohs(port), strerror(errno)); + close(sockfd); + mark_auth_server_bad(auth_server); + return _connect_auth_server(level); /* Yay recursion! */ + } else { + /* + * We have successfully connected + */ + debug(LOG_DEBUG, + "Level %d: Successfully connected to auth server %s:%d", + level, hostname, ntohs(port)); + return sockfd; + } + } } diff --git a/src/client_list.c b/src/client_list.c index df7bd610..21ba2101 100644 --- a/src/client_list.c +++ b/src/client_list.c @@ -126,6 +126,10 @@ client_list_add(const char *ip, const char *mac, const char *token) curclient->counters.incoming = curclient->counters.incoming_history = curclient->counters.outgoing = curclient->counters.outgoing_history = 0; curclient->counters.last_updated = time(NULL); + /** + * record the time when client add to the list. + * */ + curclient->record_time = time(NULL); client_list_insert_client(curclient); diff --git a/src/client_list.h b/src/client_list.h index ebc1c192..9ad36552 100644 --- a/src/client_list.h +++ b/src/client_list.h @@ -59,6 +59,7 @@ typedef struct _t_client { _http_* function is called */ t_counters counters; /**< @brief Counters for input/output of the client. */ + time_t record_time; /**< @breif the time point of the client add to list.*/ } t_client; /** @brief Get a new client struct, not added to the list yet */ diff --git a/src/commandline.c b/src/commandline.c index fdcfe501..a75522fa 100644 --- a/src/commandline.c +++ b/src/commandline.c @@ -29,12 +29,12 @@ #include #include #include +#include +#include "commandline.h" +#include "conf.h" #include "debug.h" #include "safe.h" -#include "conf.h" -#include "commandline.h" - #include "../config.h" /* diff --git a/src/conf.c b/src/conf.c index 89998cd1..d5720a61 100644 --- a/src/conf.c +++ b/src/conf.c @@ -44,7 +44,7 @@ #include "http.h" #include "auth.h" #include "firewall.h" -#include "config.h" +#include "../config.h" #include "util.h" @@ -97,6 +97,7 @@ typedef enum { oFirewallRule, oFirewallRuleSet, oTrustedMACList, + oUntrustedMACList,/*Untrusted mac list option,added by GaomingPan*/ oPopularServers, oHtmlMessageFile, oProxyPort, @@ -144,6 +145,7 @@ static const struct { "firewallruleset", oFirewallRuleSet}, { "firewallrule", oFirewallRule}, { "trustedmaclist", oTrustedMACList}, { + "untrustedmaclist", oUntrustedMACList},{ /*key word for untrusted mac, added by GaomingPan*/ "popularservers", oPopularServers}, { "htmlmessagefile", oHtmlMessageFile}, { "proxyport", oProxyPort}, { @@ -159,6 +161,7 @@ static void parse_auth_server(FILE *, const char *, int *); static int _parse_firewall_rule(const char *, char *); static void parse_firewall_ruleset(const char *, FILE *, const char *, int *); static void parse_trusted_mac_list(const char *); +static void parse_untrusted_mac_list(const char *);/*parse untrusted mac list, added by GaomingPan*/ static void parse_popular_servers(const char *); static void validate_popular_servers(void); static void add_popular_server(const char *); @@ -735,6 +738,9 @@ config_read(const char *filename) case oTrustedMACList: parse_trusted_mac_list(p1); break; + case oUntrustedMACList: /*parse untrustd mac list,added by GaomingPan*/ + parse_untrusted_mac_list(p1); + break; case oPopularServers: parse_popular_servers(rawarg); break; @@ -943,6 +949,82 @@ parse_trusted_mac_list(const char *ptr) } +/** @internal + * Parse the untrusted mac list. + * Added by GaomingPan,Sun Oct 11,2015 + */ +static void +parse_untrusted_mac_list(const char *ptr) +{ + char *ptrcopy = NULL; + char *possiblemac = NULL; + char *mac = NULL; + t_untrusted_mac *p = NULL; + + debug(LOG_DEBUG, "Parsing string [%s] for untrusted MAC addresses", ptr); + + mac = safe_malloc(18); + + /* strsep modifies original, so let's make a copy */ + ptrcopy = safe_strdup(ptr); + + while ((possiblemac = strsep(&ptrcopy, ","))) { + /* check for valid format */ + if (!check_mac_format(possiblemac)) { + debug(LOG_ERR, + "[%s] not a valid MAC address to not trust. See option UntrustedMACList in wifidog.conf for correct this mistake.", + possiblemac); + free(ptrcopy); + free(mac); + return; + } else { + if (sscanf(possiblemac, " %17[A-Fa-f0-9:]", mac) == 1) { + /* Copy mac to the list */ + + debug(LOG_DEBUG, "Adding MAC address [%s] to untrusted list", mac); + + if (config.untrustedmaclist == NULL) { + config.untrustedmaclist = safe_malloc(sizeof(t_untrusted_mac)); + config.untrustedmaclist->mac = safe_strdup(mac); + config.untrustedmaclist->next = NULL; + } else { + int skipmac; + /* Advance to the last entry */ + p = config.untrustedmaclist; + skipmac = 0; + /* Check before loop to handle case were mac is a duplicate + * of the first and only item in the list so far. + */ + if (0 == strcmp(p->mac, mac)) { + skipmac = 1; + } + while (p->next != NULL) { + if (0 == strcmp(p->mac, mac)) { + skipmac = 1; + } + p = p->next; + } + if (!skipmac) { + p->next = safe_malloc(sizeof(t_untrusted_mac)); + p = p->next; + p->mac = safe_strdup(mac); + p->next = NULL; + } else { + debug(LOG_ERR, + "MAC address [%s] already on untrusted list. See option UntrustedMACList in wifidog.conf file ", + mac); + } + } + } + } + } + + free(ptrcopy); + + free(mac); + +} + /** @internal * Add a popular server to the list. It prepends for simplicity. * @param server The hostname to add. diff --git a/src/conf.h b/src/conf.h index f9ce3404..0e56d4bb 100644 --- a/src/conf.h +++ b/src/conf.h @@ -145,6 +145,15 @@ typedef struct _trusted_mac_t { struct _trusted_mac_t *next; } t_trusted_mac; +/** + * Untrusted MAC Addresses. + * Added by GaomingPan,Sun Oct 11, 2015. + * */ +typedef struct _untrusted_mac_t { + char *mac; + struct _untrusted_mac_t *next; +} t_untrusted_mac; + /** * Popular Servers */ @@ -195,6 +204,8 @@ typedef struct { auth server for server name indication, the TLS extension */ t_firewall_ruleset *rulesets; /**< @brief firewall rules */ t_trusted_mac *trustedmaclist; /**< @brief list of trusted macs */ + t_untrusted_mac *untrustedmaclist; /**< @brief list of untrusted macs, + added by GaomingPan */ char *arp_table_path; /**< @brief Path to custom ARP table, formatted like /proc/net/arp */ t_popular_server *popular_servers; /**< @brief list of popular servers */ diff --git a/src/debug.c b/src/debug.c index 83c87cd9..58fff29c 100644 --- a/src/debug.c +++ b/src/debug.c @@ -24,6 +24,8 @@ @author Copyright (C) 2004 Philippe April */ +#include "debug.h" + #include #include #include @@ -32,7 +34,6 @@ #include #include -#include "debug.h" debugconf_t debugconf = { .debuglevel = LOG_INFO, diff --git a/src/extend_util.c b/src/extend_util.c new file mode 100644 index 00000000..30103367 --- /dev/null +++ b/src/extend_util.c @@ -0,0 +1,1117 @@ +/* + * extend_util.c + * + * Created on: Oct 10, 2015 + * Author: TianyuanPan + */ +#include "extend_util.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "client_list.h" +#include "conf.h" +#include "debug.h" +#include "fw_iptables.h" +#include "util.h" +#include "../config.h" + + + + +/*================= SOME INTERNAL DEFINDS AND STRUCTURES ======================*/ +/** + * This part is get the device information functions, + * and some Macro defines. + * */ +#define DEV_IFNAME_LEN 11 +#define IFACE_DATA_FILE "/tmp/.iface-data" +#define IFACE_CONN_FILE "/tmp/.iface_conn" +#define CPU_USE_INFO_FILE "/tmp/.cpu_use_info" +#define CPU_USER 1 +#define CPU_SYS 3 +#define CPU_NIC 5 +#define CPU_IDLE 7 +#define CPU_IO 9 +#define CPU_IRQ 11 +#define CPU_SIRQ 13 +#define CPU_LOAD 16 + + +/** + * This part is get the client's information functions, + * and some Macro defines. + * */ +#define UP_SPEED_FILE "/tmp/.client.up.speed" +#define DOWN_SPEED_FILE "/tmp/.client.down.speed" +#define HOST_NAME_FILE "/tmp/.hostname.txt" + +/** + * This part is get the remote shell command functions, + * and some Macro defines. + * */ +#define GET_SETTINGS_INFO_CMD "GET_settings" +#define SETTINGS_INFO_FILE "/tmp/.routersettings" +#define NORMAL_CMD_RESULT_FILE "/tmp/.normal_cmd_result" + +#define BUILE_NORMAL_CMD_RESULT_SHELL "sed -i \"s/\\\"/ /g\" "NORMAL_CMD_RESULT_FILE "; echo \"[\" > /tmp/.normal.arr;while read line;do echo \"\\\"$line\\\"\", >> /tmp/.normal.arr;done < "NORMAL_CMD_RESULT_FILE";result=\"$(cat /tmp/.normal.arr)\";result=\"${result%,}]\";echo $result" + +#define CMD_GET_WAN_IP "uci -P/var/state get network.wan.ipaddr" +#define CMD_GET_AP_MAC "uci get network.lan.macaddr" //"uci -P/var/state get network.lan.macaddr" +#define CMD_GET_WIRELESS_SSID "uci get wireless.@wifi-iface[0].ssid" +#define WAN_IP_ADDR_FILE "/tmp/.wan_ipaddr.txt" +#define REMOTE_SHELL_COMMAND_LEN 1024 +#define MAX_CMD_EXECUT_OUT_LEN 4096 + +/** + * This part is get the remote shell command functions, + * and some Macro defines. + * */ +#define DEVICE_KEY_FILE "/etc/.devicekey" + + +/*=============================================================*/ +/** + * This part is get the device information functions, + * and some Macro defines. + * */ + + +/** + * @ breif a internal struct hold cpu load information for ap + * */ +struct _t_cpuuse{ + char use_info[15][8]; +}; + + +typedef struct _t_cpuuse t_cpuuse; + + +/*======================== END DEFINDS ========================*/ + + +extern pthread_mutex_t client_list_mutex; +static t_devinfo devinfo; +static t_cpuuse cpuuse; +static char apmac[DEV_MAC_ADDR_LEN] = {0}; +static char apwanip[DEV_WAN_IP_LEN] = {0}; +//extern char *dev_extern_iface; + + +/** + * @brief this function collect the gateway device information. + * @returnValue a type pointer of t_devinfo + * */ +t_devinfo *get_devinfo(void) +{ + + memcpy(devinfo.gw_mac,apmac,DEV_MAC_ADDR_LEN); + +// if(get_apmac(devinfo.gw_mac)) +// { +// debug(LOG_WARNING,"MyDEBUG:get get_apmac error!"); +// } + + if(get_devssid(devinfo.gw_ssid)) + { + debug(LOG_WARNING,"ERR:get ssid error!"); + } + + if(get_dogversion(devinfo.dog_version)) + { + debug(LOG_WARNING,"ERR: get_dogversion error!"); + } + + if(get_wanip(devinfo.wan_ip)) + { + debug(LOG_WARNING,"ERR: get_wanip error!\n"); + } + + devinfo.cur_conn = get_curconn(); + devinfo.dev_conn = get_devconn(); + + devinfo.cpu_use = get_cpuuse(CPU_LOAD); + + if(get_wanbps(&devinfo.go_speed,&devinfo.come_speed)) + { + debug(LOG_WARNING,"ERR: get_speed error!"); + } + + if(get_trafficCount(get_dev_extern_iface(),&devinfo.incoming,&devinfo.outgoing,NULL,NULL)) + { + debug(LOG_WARNING,"ERR: get_traffic error!\n"); + } + + return &devinfo; +} + +/** + * @brief get wireless ssid,based on uci command. + * @param ssid: the char pointer for save the ssid. + * @return value: zero is success,others is failed. + * */ +int get_devssid(char *ssid) +{ + FILE *fp; + memset(ssid,0,DEV_SSID_NAME_LEN); + fp = popen(CMD_GET_WIRELESS_SSID,"r"); + if(NULL == fp) + { + debug(LOG_WARNING," get_devssid error!"); + sprintf(ssid,"%s","null"); + return -1; + } + fread(ssid,DEV_SSID_NAME_LEN,1,fp); + pclose(fp); + + int i = DEV_SSID_NAME_LEN - 1; + for(;i > 0;i--) + { + if(0x0a == ssid[i]) + { + ssid[i] = 0; + break; + } + } + return 0; +} + + +/** + * @breif get wifidog version + * @param dogversion:the char pointer for save the version + * @return value:always return zero + * */ +int get_dogversion(char *dogversion) +{ + memset(dogversion,0,DEV_DOG_VERSION_LEN); + sprintf(dogversion,"%s",VERSION); + return 0; +} + +/** + * @breif get wan interface ip,based on uci command. + * @param wanip:the char pointer for save the wan ip + * @return value:always zero is success,others is failed. + * */ +int get_wanip(char *wanip) +{ + FILE *fp; + + if(0 == strlen(apwanip)){ + /* + fp = popen(CMD_GET_WAN_IP,"r"); + if(NULL == fp){ + debug(LOG_WARNING,"get_wanip error!"); + if(NULL != wanip) + sprintf(wanip,"%s","0.0.0.0"); + return -1; + } + fread(apwanip,DEV_WAN_IP_LEN - 1,1,fp); + pclose(fp); + + int i = DEV_WAN_IP_LEN - 1; + for(;i >= 0;i--){ + if(0x0a == apwanip[i]){ + apwanip[i] = 0; + break; + } + } + */ + fp = fopen(WAN_IP_ADDR_FILE,"r"); + if(NULL == fp){ + debug(LOG_WARNING,"get_wanip error!"); + if(NULL != wanip) + sprintf(wanip,"%s","0.0.0.0"); + return -1; + } + fread(apwanip,DEV_WAN_IP_LEN - 1,1,fp); + fclose(fp); + + int i = DEV_WAN_IP_LEN - 1; + for(;i >= 0;i--){ + if(0x0a == apwanip[i]){ + apwanip[i] = 0; + break; + } + } + + } + if(NULL != wanip) + sprintf(wanip,"%s",apwanip); + + return 0; +} + +/** + * @breif get ap mac address,based on uci command. + * @param apmac:the char pointer for save the mac + * @return value:zero is success,others is failed. + * */ +int get_apmac(char *mac) +{ + FILE *fp; + int i; + + if(0 == strlen(apmac)){ + fp = popen(CMD_GET_AP_MAC,"r"); + if(NULL == fp){ + debug(LOG_WARNING,"get_apmac() popen error."); + sprintf(apmac,"%s","00-00-00-00-00-00"); + return -1; + } + fread(apmac,DEV_MAC_ADDR_LEN - 1,1,fp); + pclose(fp); + + for(i = 0; i< DEV_MAC_ADDR_LEN; i++){ + if(':' == apmac[i]) + apmac[i] = '-'; + if(apmac[i] >= 'A' && apmac[i] <= 'F') + apmac[i] += apmac[i] + 0x20; + if(0x0a == apmac[i]) + apmac[i] = 0; + } + } + + if(NULL != mac) + mac = apmac; + + return 0; +} + + +/** + * @breif get number of client it in the client list + * @return value:the number of current connected client + * */ +int get_curconn(void) +{ + int count; + t_client *first; + + LOCK_CLIENT_LIST(); + + first = client_get_first_client(); + if (first == NULL) { + count = 0; + } else { + count = 1; + while (first->next != NULL) { + first = first->next; + count++; + } + } + + UNLOCK_CLIENT_LIST(); + + return count; +} + + +/** + * @breif get number of client who connect to the device + * @return value:the number of connected client + * */ +int get_devconn(void) +{ + FILE *fp; + char info_buf[512], + num_buf[10]; + char *ptr = NULL; + s_config *conf = config_get_config(); + + fp = fopen(IFACE_CONN_FILE,"r"); + if(NULL == fp){ + debug(LOG_WARNING,"Warning: fopen error, at get_devconn()."); + return -1; + } + if(0 == fread(info_buf,1,512,fp)){ + fclose(fp); + debug(LOG_WARNING,"Warning: read device conn error."); + return 0; + } + fclose(fp); + ptr = strstr(info_buf,conf->gw_interface); + if(NULL == ptr){ + debug(LOG_WARNING,"Warning: strstr(info_buf,conf->gw_interface) return is NULL"); + return 0; + } + sscanf(ptr,"%*s %s",num_buf); + return (atoi(num_buf)); +} + + +/** + * @breif get cpu use infomation,based on shell command + * @param type: CPU_USER,CPU_SYS,CPU_NIC,CPU_IDLE,CPU_IO,CPU_IRQ,CPU_SIRQ,CPU_LOAD + * @return value:the number of current percent of CPU use. + * */ +int get_cpuuse(int type) +{ + int use, + i; + FILE *fp; + + for(i = 0;i < 15;i++) + memset(cpuuse.use_info[i],0,8); + + fp = fopen(CPU_USE_INFO_FILE,"r"); + if(NULL == fp){ + debug(LOG_WARNING,"fopen error,at get_cpuuse(...) !"); + return -1; + } + fscanf(fp,"%s %s %s %s %s %s %s %s %s %s %s %s %s %s %s", + cpuuse.use_info[0],cpuuse.use_info[1],cpuuse.use_info[2], + cpuuse.use_info[3],cpuuse.use_info[4],cpuuse.use_info[5], + cpuuse.use_info[6],cpuuse.use_info[7],cpuuse.use_info[8], + cpuuse.use_info[9],cpuuse.use_info[10],cpuuse.use_info[11], + cpuuse.use_info[12],cpuuse.use_info[13],cpuuse.use_info[14] + ); + fclose(fp); + +// for(;i<15;i++) +// printf("cpuuse.use_info[%d]:%s\n",i,cpuuse.use_info[i]); + + switch(type){ + case CPU_USER: + cpuuse.use_info[CPU_USER][strlen(cpuuse.use_info[CPU_USER])-1] = 0; + use = atoi(cpuuse.use_info[CPU_USER]); + break; + case CPU_SYS: + cpuuse.use_info[CPU_SYS][strlen(cpuuse.use_info[CPU_SYS])-1] = 0; + use = atoi(cpuuse.use_info[CPU_SYS]); + break; + case CPU_NIC: + cpuuse.use_info[CPU_NIC][strlen(cpuuse.use_info[CPU_NIC])-1] = 0; + use = atoi(cpuuse.use_info[CPU_NIC]); + break; + case CPU_IDLE: + cpuuse.use_info[CPU_IDLE][strlen(cpuuse.use_info[CPU_IDLE])-1] = 0; + use = atoi(cpuuse.use_info[CPU_IDLE]); + break; + case CPU_LOAD: + cpuuse.use_info[CPU_IDLE][strlen(cpuuse.use_info[CPU_IDLE])-1] = 0; + use = 100 - atoi(cpuuse.use_info[CPU_IDLE]); + break; + case CPU_IO: + cpuuse.use_info[CPU_IDLE][strlen(cpuuse.use_info[CPU_IO])-1] = 0; + use = atoi(cpuuse.use_info[CPU_IO]); + break; + case CPU_IRQ: + cpuuse.use_info[CPU_IRQ][strlen(cpuuse.use_info[CPU_IRQ])-1] = 0; + use = atoi(cpuuse.use_info[CPU_IRQ]); + break; + case CPU_SIRQ: + cpuuse.use_info[CPU_SIRQ][strlen(cpuuse.use_info[CPU_SIRQ])-1] = 0; + use = atoi(cpuuse.use_info[CPU_SIRQ]); + break; + default: + use = -1; + break; + } + + return use; +} + +/** + * @breif get wan interface traffic,based on shell command. + * @param iface_name: interface name + * @param income: interface incoming + * @param outgo: interface outgoing + * @param rx_rate: interface RX rate + * @param tx_rate: interface TX rate + * @return value:zero is success,others is error + * */ +int get_trafficCount(char *iface_name,unsigned long long *income,unsigned long long *outgo,unsigned int *rx_rate,unsigned int *tx_rate) +{ + FILE *fp; + char *iface, + *ptr; + char data[4096]; + struct stat statbuf; + int data_size; + int ret; + + unsigned int rx,tx; + unsigned long long out,in; + + + iface = iface_name; + if(NULL == iface){ + out = 0L; + in = 0L; + debug(LOG_WARNING,"at get_trafficCount(...),ifce_name is NULL."); + ret = -1; + goto ERR; + } + + stat(IFACE_DATA_FILE,&statbuf); + data_size = statbuf.st_size; + + fp = fopen(IFACE_DATA_FILE,"r"); + if(NULL == fp){ + out = 0L; + in = 0L; + debug(LOG_WARNING,"at get_trafficCount(...), fopen the IFACE_DATA_FILE error."); + ret = -2; + goto ERR; + } + fread(data,1,data_size,fp); + fclose(fp); + + ptr = strstr(data,iface); + if(NULL == ptr){ + out = 0L; + in = 0L; + debug(LOG_WARNING,"at get_trafficCount(...), strstr(..) get iface position error."); + ret = -3; + goto ERR; + } + ret = sscanf(ptr,"%*s %llu %llu %u %u",&in,&out,&rx,&tx); + if(ret != 4) + goto ERR; + + if(NULL != outgo) + *outgo = out; + if(NULL != income) + *income = in; + if(NULL != rx_rate) + *rx_rate = rx; + if(NULL != tx_rate) + *tx_rate = tx; + + return 0; + +ERR: + if(NULL != outgo) + *outgo = 0; + if(NULL != income) + *income = 0; + if(NULL != rx_rate) + *rx_rate = 0; + if(NULL != tx_rate) + *tx_rate = 0; + + return ret; +} + +/** + * @breif get wan interface speed,based on shell command. + * @param go:the pointer for save out rate + * @param come:the pointer for save income rate. + * @return value:zero is success,others is error. + * */ +int get_wanbps(unsigned int *go,unsigned int *come) +{ + unsigned int tx,rx; + int ret = 0; + char *iface; + + iface = get_dev_extern_iface();//config_get_config()->external_interface; + if(NULL == iface){ + debug(LOG_WARNING,"at get_trafficCount(...), wifidog can't find the external_interface."); + } + + ret = get_trafficCount(iface,NULL,NULL,&rx,&tx); + if(ret != 0){ + debug(LOG_WARNING,"at get_wanbps(), get_trafficCount() error return code = %d",ret); + if(NULL != go) + *go = 0; + if(NULL != come) + *come = 0; + return -1; + } + + if(NULL != go) + *go = tx; + if(NULL != come) + *come = rx; + + return 0; +} +/*=============================================================*/ + +/*=============================================================*/ +/** + * This part is get the client's information functions, + * and some Macro defines. + * */ +static t_clientinfo *first_client_info = NULL; +static char client_auth_flag[7] = {0}; + +/** + * @breif get client host name,income speed and outgo speed,based on shell command. + * this functions take at least 1 second to run,because of execute the shell + * command have to sleep 1 second to collect client speed. + * @return value: zero is success,others is error. + * @Note: after this function be called and you get some clients information,you should + * call clean_client_info() function to clean up,just like the fopen() and fclose(). + * */ +int collect_client_info() +{ + FILE *fp; + char a_rate[20], + ip[18]; + t_clientinfo *p1, + *p2, + *p3; + int ret; + int line_num = 0; + char *line = NULL; + + if(first_client_info){ + debug(LOG_WARNING,"client's info list not NULL,can't cllecting info,will clearing the list."); + clean_client_info(); + return -1; + } + /** + * malloc memories for clients info list. + * */ + first_client_info = (t_clientinfo*)malloc(sizeof(t_clientinfo)); + if(NULL == first_client_info){ + debug(LOG_WARNING,"Warning: at collect_client_info(), malloc error."); + return -1; + } + first_client_info->next = NULL; + p1 = first_client_info; + p2 = p1; + + /** + * get host name,ip and mac + * */ + fp = fopen(HOST_NAME_FILE,"r"); + if(NULL == fp){ + + debug(LOG_WARNING,"Warning: at collect_client_info(),fopen error."); + return -1; + } + while(-1 != getline(&line,&line_num,fp)){ + if(NULL == p1){ + p1 = (t_clientinfo*)malloc(sizeof(t_clientinfo)); + if(NULL == p1){ + debug(LOG_WARNING,"Warning: at collect_client_info(), malloc error."); + fclose(fp); + return -1; + } + p2->next = p1; + p2 = p1; + p1->next = NULL; + + }//if(NULL == p1) + ret = sscanf(line,"%s %s %s",p1->client_mac,p1->client_ip,p1->host_name); + if(3 != ret){ + if(line != NULL) + free(line); + fclose(fp); + return -1; + } + p1 = p1->next; + + }//while + fclose(fp); + if(line != NULL){ + free(line); + line = NULL; + } + + /* get up speed + * */ + fp = fopen(UP_SPEED_FILE,"r"); + if(NULL == fp){ + debug(LOG_WARNING,"Warning: at collect_client_info(),fopen for fp error."); + return -1; + } + while(-1 != getline(&line,&line_num,fp)){ + ret = sscanf(line,"%s %s",ip,a_rate); + if(2 != ret){ + if(line != NULL) + free(line); + fclose(fp); + return -1; + } + p3 = get_client_info_by_ip(ip); + if(NULL != p3){ + p3->go_speed = atoi(a_rate); + } + + }//while + fclose(fp); + if(line != NULL){ + free(line); + line = NULL; + } + + /* get the down speed + * */ + fp = fopen(DOWN_SPEED_FILE,"r"); + if(NULL == fp){ + debug(LOG_WARNING,"Warning: at collect_client_info(),fopen for fp error."); + return -1; + } + while(-1 != getline(&line,&line_num,fp)){ + + ret = sscanf(line,"%s %s",ip,a_rate); + if(2 != ret){ + if(line != NULL) + free(line); + fclose(fp); + return -1; + } + p3 = get_client_info_by_ip(ip); + if(NULL != p3){ + p3->come_speed = atoi(a_rate); + } + + }//while + fclose(fp); + if(line != NULL){ + free(line); + line = NULL; + } + + return 0; +} + + +/** + * @breif get unknown host name client's income speed and outgo speed,based on shell command. + * this functions take at least 1 second to run,because of execute the shell + * command have to sleep 1 second to collect client speed. + * @param client_ip: the unknown host name client's ip. + * @param go_speed: the pointer for client's outgoing speed to store. + * @param come_speed: the pointer for client's incoming speed to store. + * @return value: zero is success,others is error. + * */ +int get_unknown_client_speed(const char *client_ip,int *go_speed,int *come_speed) +{ + + FILE *fp; + + char a_rate[20], + ip[18]; + + int ret; + int line_num = 0; + char *line = NULL; + + /* get up speed + * */ + fp = fopen(UP_SPEED_FILE,"r"); + if(NULL == fp){ + debug(LOG_WARNING,"Warning: at collect_client_info(),fopen for fp error."); + return -1; + } + while(-1 != getline(&line,&line_num,fp)){ + ret = sscanf(line,"%s %s",ip,a_rate); + if(2 != ret){ + if(line != NULL) + free(line); + fclose(fp); + *go_speed = 0; + *come_speed = 0; + return -1; + } + + if(0 == strcmp(client_ip,ip)){ + *go_speed = atoi(a_rate); + } + + }//while + fclose(fp); + if(line != NULL){ + free(line); + line = NULL; + } + + /* get the down speed + * */ + fp = fopen(DOWN_SPEED_FILE,"r"); + if(NULL == fp){ + debug(LOG_WARNING,"Warning: at collect_client_info(),fopen for fp error."); + return -1; + } + while(-1 != getline(&line,&line_num,fp)){ + + ret = sscanf(line,"%s %s",ip,a_rate); + if(2 != ret){ + if(line != NULL) + free(line); + fclose(fp); + *go_speed = 0; + *come_speed = 0; + return -1; + } + if(0 == strcmp(client_ip,ip)){ + *come_speed = atoi(a_rate); + } + + }//while + fclose(fp); + if(line != NULL){ + free(line); + line = NULL; + } + + return 0; +} + +/** + * @breif After the function collect_client_info() called,should call this function to + * clean up. + * @return value: the count number of clean + * */ +int clean_client_info() +{ + t_clientinfo *p; + int num = 0; + + p = first_client_info; + + while(NULL != p){ + ++num; + free(p); + p = p->next; + } + + first_client_info = NULL; + + return num; +} + + + +/** + * @breif find the element from the client_info list by mac. + * @param mac: the pointer point to by mac. + * @return value: success return the t_clientinfo pointer that point to target element, + * fail return the NULL. + * */ +t_clientinfo * get_client_info_by_mac(const char *mac) +{ + t_clientinfo *p; + p = first_client_info; + while(NULL != p){ + if(strcmp(mac,p->client_mac) == 0){ + return p; + } + p = p->next; + } + return NULL; +} + + + +/** + * @breif find the element from the client_info list by ip. + * @param ip: the pointer point to by ip. + * @return value: success return the t_clientinfo pointer that point to target element, + * fail return the NULL. + * */ +t_clientinfo * get_client_info_by_ip(const char *ip) +{ + t_clientinfo *p; + p = first_client_info; + while(NULL != p){ + if(strcmp(ip,p->client_ip) == 0){ + return p; + } + p = p->next; + } + return NULL; +} + + +/** + * @breif find the element from the client_info list by ip. + * @param ip: the pointer point to by client's ip. + * @param mac: the pointer point to by client's mac. + * */ +long get_online_time(const char *ip,const char *mac) +{ + t_client *ptr; + long online_time = 0; + ptr = client_list_find(ip,mac); + if(NULL!= ptr) + online_time = time(NULL) - ptr->record_time; + return online_time; +} + +/* + * @breif get a flage string + * */ +char *get_client_auth_flag() +{ + return client_auth_flag; +} + +/* + * @breif set a flage string + * */ +void set_client_auth_flag() +{ + /* + * Rand a range number at [max,min]: + * rand()%(max - min + 1) + min + * */ + int i; + for(i = 0;i<6;i++) + client_auth_flag[i] = rand()%(90 - 65 + 1) + 65; +} + + +/*=============================================================*/ +/** + * This part is get the remote shell command functions, + * and some Macro defines. + * */ +static char remote_shell_cmd[ REMOTE_SHELL_COMMAND_LEN ]; +static char info_http_url[128], + info_rmflag[20], + normal_http_url[128], + normal_rmflag[20]; + + +int init_post_http_url_config(void) +{ + memset(info_http_url,0,128); + memset(info_rmflag,0,20); + memset(normal_http_url,0,128); + memset(normal_rmflag,0,20); + + char buf[128]; + FILE *fp; + memset(buf,0,128); + + fp = popen("uci get dog_post_conf.url.info_url","r"); + if(NULL == fp){ + return -1; + } + fread(buf,1,128,fp); + pclose(fp); + sprintf(info_http_url,"%s",buf); + memset(buf,0,128); + + fp = popen("uci get dog_post_conf.url.normal_url","r"); + if(NULL == fp){ + return -2; + } + fread(buf,1,128,fp); + pclose(fp); + + sprintf(normal_http_url,"%s",buf); + memset(buf,0,128); + + fp = popen("uci get dog_post_conf.rmflag.info_rmflag","r"); + if(NULL == fp){ + return -3; + } + fread(buf,1,128,fp); + pclose(fp); + + sprintf(info_rmflag,"%s",buf); + memset(buf,0,128); + + fp = popen("uci get dog_post_conf.rmflag.normal_rmflag","r"); + if(NULL == fp){ + return -4; + } + fread(buf,1,128,fp); + pclose(fp); + sprintf(normal_rmflag,"%s",buf); + + debug(LOG_INFO,"init result :info_url:%s;info_rmflag:%s;normal_url:%s;normal_rmflag:%s", \ + info_http_url,info_rmflag, \ + normal_http_url,normal_rmflag + ); + + return 0; +} + + + + +int post_get_info_execut_output(char *cmd_output_path) +{ + char output[MAX_CMD_EXECUT_OUT_LEN]; + FILE *fp; + sprintf(output,"wget --post-data=\"$(cat %s)\" %s \n rm -f ./%s",cmd_output_path,info_http_url,info_rmflag); + fp = popen(output,"r"); + if(NULL == fp){ + debug(LOG_WARNING,"popen error,at int post_get_info_execut_output(char *cmd_output_path,char *http_url,char * rm_flag)"); + return -1; + } + pclose(fp); + return 0; +} + + + +int post_normal_execut_output(char *gw_id, char *cmd_id) +{ + char output[MAX_CMD_EXECUT_OUT_LEN]; + FILE *fp; + + sprintf(output,"wget --post-data=\"{\\\"gw_id\\\":\\\"%s\\\"," + "\\\"cmd_id\\\":\\\"%s\\\"," + "\\\"type\\\":\\\"normal\\\"," + "\\\"message\\\":$(%s)}\" %s \n rm ./%s", + gw_id,cmd_id, + BUILE_NORMAL_CMD_RESULT_SHELL, + normal_http_url, + normal_rmflag + ); + debug(LOG_INFO,"output_normal:--> %s",output); + fp = popen(output,"r"); + if(NULL == fp){ + debug(LOG_WARNING,"popen error,at int post_nomal_execut_output(char *post_data,char *http_url,char *rm_flag)"); + return -1; + } + pclose(fp); + return 0; +} + + +char *get_shell_command(char *cmdptr) +{ + + if(NULL == cmdptr){ + debug(LOG_WARNING,"REMOTE shell: remote shell command is null."); + return NULL; + } + memset(remote_shell_cmd,0,REMOTE_SHELL_COMMAND_LEN); + sprintf(remote_shell_cmd,"%s",cmdptr); + + return remote_shell_cmd; +} + + + +int excute_shell_command(char *gw_id,char *shellcmd) +{ + FILE *fp; + + char cmd_id[512], + get_info_cmd[512], + normal_cmd[MAX_CMD_EXECUT_OUT_LEN], + cmdresult[1024]; + + char *pos_id, + *pos_cmd; + + int is_get_info = 0; + + memset(cmdresult,0,1024); + memset(cmd_id,0,512); + memset(get_info_cmd,0,512); + + pos_id = shellcmd; + pos_cmd = strstr(shellcmd,"|"); + + snprintf(cmd_id,++pos_cmd - pos_id - 1,"%s",++pos_id); + + pos_cmd = ++pos_cmd; + + snprintf(get_info_cmd,30,"%s",pos_cmd); + + is_get_info = strcmp(get_info_cmd,GET_SETTINGS_INFO_CMD";"); + + debug(LOG_INFO,"cmd_id:%s,get_inf_cmd:%s,is_get_info cmp:%d",cmd_id,get_info_cmd,is_get_info); + + if(0 == is_get_info){ + get_info_cmd[strlen(get_info_cmd) - 1] = 0;// delete the semicolon it at the tail + sprintf(get_info_cmd,"%s %s %s",get_info_cmd,gw_id,cmd_id);/* add gw_id and cmd_id to the command as + the parameter of the command */ + fp = popen(get_info_cmd,"r"); + }else{ + /* if the command is a normal command,just do it. + * */ + sprintf(normal_cmd,"RESULT=\"$(%s)\";echo \"$RESULT\" > "NORMAL_CMD_RESULT_FILE,pos_cmd); + fp = popen(normal_cmd,"r"); + } + + debug(LOG_INFO,"pos_cmd:%s",pos_cmd); + + if(NULL == fp){ + debug(LOG_WARNING,"excute_shell_command popen error...."); + return -1; + } + + pclose(fp); + + if(0 == is_get_info){ + post_get_info_execut_output(SETTINGS_INFO_FILE); + + }else{ + + post_normal_execut_output(gw_id,cmd_id); + } + return 0; +} + + + +/** + * the global device key char array. + * */ +static char device_key[64] = {0}; + + +/* @breif get the global device key.the key will be use as auth key + * @PARAMETER: void + * @RETURN_VALUE: a none NULL char pointer + * TianyuanPan lonely-test:yes + * */ +char * get_device_key() +{ + return device_key; +} + + + + +/* @breif get the device key from a configure file + * @PARAMETER: void + * @RETURN_VALUE: success return zero and set the KEY in the device key global array, + * failed return a none zero number. + * TianyuanPan lonely-test:yes + * */ +int init_device_key() +{ + FILE *fp; + char *line = NULL; + size_t len = 0; + ssize_t read_len; + + fp = fopen(DEVICE_KEY_FILE,"r"); + if(NULL == fp) + { + return -1; + } + while((read_len = getline(&line,&len,fp)) != -1) + { + if('#' == line[0] || ' ' == line[0] || '\t' == line[0]) + continue; + else + { + sprintf(device_key,"%s",line); + free(line); + fclose(fp); + return 0; + } + } + free(line); + fclose(fp); + return -2; +} + +/*=============================================================*/ diff --git a/src/extend_util.h b/src/extend_util.h new file mode 100644 index 00000000..76d8bccf --- /dev/null +++ b/src/extend_util.h @@ -0,0 +1,242 @@ +/* + * extend_util.h + * + * Created on: Oct 10, 2015 + * Author: TianyuanPan + */ + +#ifndef _EXTEND_UTIL_H_ +#define _EXTEND_UTIL_H_ + +/** + * @ breif a internal struct hold information for ap + * */ +#define DEV_MAC_ADDR_LEN 18 +#define DEV_SSID_NAME_LEN 20 +#define DEV_DOG_VERSION_LEN 20 +#define DEV_WAN_IP_LEN 16 + +struct _t_devinfo { + char gw_mac[DEV_MAC_ADDR_LEN]; // ap mac address + char gw_ssid[DEV_SSID_NAME_LEN]; // ap wireless ssid + char dog_version[DEV_DOG_VERSION_LEN]; // wifidog version,private. + char wan_ip[DEV_WAN_IP_LEN]; // ap's wan interface ip + int cur_conn; // number of current connection client + int dev_conn;// number of connection in the device,maybe some has no authentication. + int cpu_use; // percent of use CPU + unsigned int go_speed; // wan interface go out speed + unsigned int come_speed; // wan interface come in speed + unsigned long long incoming; // wan interface incoming bytes + unsigned long long outgoing; // wan interface outgoing bytes +}; + +/** + * @breif a internal sturct for client_info list + * */ +#define CLIENT_HOST_NAME_LEN 40 +#define CLIENT_MAC_ADDRESS_LEN 18 +#define CLIENT_IP_ADDRESS_LEN 16 +struct _t_clientinfo { + + char client_mac[CLIENT_MAC_ADDRESS_LEN]; + char client_ip[CLIENT_IP_ADDRESS_LEN]; + char host_name[CLIENT_HOST_NAME_LEN]; + int go_speed; + int come_speed; + struct _t_clientinfo *next; + +}; +typedef struct _t_clientinfo t_clientinfo; +typedef struct _t_devinfo t_devinfo; + +/*=============================================================*/ +/** + * This part is get the device information functions, + * and some Macro defines. + * */ + +/** + * @brief this function collect the gateway device information. + * @returnValue a type pointer of t_devinfo + * */ +t_devinfo *get_devinfo(void); + +/** + * @brief get wireless ssid,based on uci command. + * @param ssid: the char pointer for save the ssid. + * @return value: zero is success,others is failed. + * */ +int get_devssid(char *ssid); + +/** + * @breif get wifidog version + * @param dogversion:the char pointer for save the version + * @return value:always return zero + * */ +int get_dogversion(char *dogversion); + +/** + * @breif get wan interface ip,based on uci command. + * @param wanip:the char pointer for save the wan ip + * @return value:always zero is success,others is failed. + * */ +int get_wanip(char *wanip); + +/** + * @breif get ap mac address,based on uci command. + * @param apmac:the char pointer for save the mac + * @return value:zero is success,others is failed. + * */ +int get_apmac(char *apmac); + +/** + * @breif get number of client it in the client list + * @return value:the number of current connected client + * */ +int get_curconn(void); + +/** + * @breif get number of client who connect to the device + * @return value:the number of connected client + * */ +int get_devconn(void); + +/** + * @breif get cpu use infomation,based on shell command + * @param type: CPU_USER,CPU_SYS,CPU_NIC,CPU_IDLE,CPU_IO,CPU_IRQ,CPU_SIRQ,CPU_LOAD + * @return value:the number of current percent of CPU use. + * */ +int get_cpuuse(int type); + +/** + * @breif get wan interface speed,based on shell command. + * @param go:the pointer for save out rate + * @param come:the pointer for save income rate. + * @return value:zero is success,others is error. + * */ +int get_wanbps(unsigned int *go, unsigned int *come); + +/** + * @breif get wan interface traffic,based on shell command. + * @param iface_name: interface name + * @param income: interface incoming + * @param outgo: interface outgoing + * @param rx_rate: interface RX rate + * @param tx_rate: interface TX rate + * @return value:zero is success,others is error + * */ +int get_trafficCount(char *iface_name, unsigned long long *income, + unsigned long long *outgo, unsigned int *rx_rate, unsigned int *tx_rate); + +/*=============================================================*/ + +/*=============================================================*/ +/** + * This part is get the client's information functions, + * and some Macro defines. + * */ + +/** + * @breif get client host name,income speed and outgo speed,based on shell command. + * this functions take at least 1 second to run,because of execute the shell + * command have to sleep 1 second to collect client speed. + * @return value: zero is success,others is error. + * @Note: after this function be called and you get some clients information,you should + * call clean_client_info() function to clean up,just like the fopen() and fclose(). + * */ +int collect_client_info(); + +/** + * @breif get unknown host name client's income speed and outgo speed,based on shell command. + * this functions take at least 1 second to run,because of execute the shell + * command have to sleep 1 second to collect client speed. + * @param client_ip: the unknown host name client's ip. + * @param go_speed: the pointer for client's outgoing speed to store. + * @param come_speed: the pointer for client's incoming speed to store. + * @return value: zero is success,others is error. + * */ +int get_unknown_client_speed(const char *client_ip, int *go_speed, + int *come_speed); + +/** + * @breif After the function collect_client_info() called,should call this function to + * clean up. + * @return value: the count number of clean + * */ +int clean_client_info(); + +/** + * @breif find the element from the client_info list by mac. + * @param mac: the pointer point to by mac. + * @return value: success return the t_clientinfo pointer that point to target element, + * fail return the NULL. + * */ +t_clientinfo * get_client_info_by_mac(const char *mac); + +/** + * @breif find the element from the client_info list by ip. + * @param ip: the pointer point to by ip. + * @return value: success return the t_clientinfo pointer that point to target element, + * fail return the NULL. + * */ +t_clientinfo * get_client_info_by_ip(const char *ip); + +/** + * @breif find the element from the client_info list by ip. + * @param ip: the pointer point to by client's ip. + * @param mac: the pointer point to by client's mac. + * */ +long get_online_time(const char *ip, const char *mac); + +/* + * @breif get a flage string + * */ +char *get_client_auth_flag(); + +/* + * @breif set a flage string + * */ +void set_client_auth_flag(); + +/*=============================================================*/ + +/*=============================================================*/ +/** + * This part is get the remote shell command functions, + * and some Macro defines. + * */ + +char *get_shell_command(char *cmdptr); + +int excute_shell_command(char *gw_id, char *shellcmd); + +int post_get_info_execut_output(char *cmd_output_path); + +int post_normal_execut_output(char *gw_id, char *cmd_id); + +int init_post_http_url_config(void); + +/*=============================================================*/ + +/*=============================================================*/ +/** + * This part is get the remote shell command functions, + * and some Macro defines. + * */ + +/* @breif get the global device key.the key will be use as auth key + * @PARAMETER: void + * @RETURN_VALUE: a none NULL char pointer + * TianyuanPan lonely-test:yes + * */ +char * get_device_key(); + +/* @breif get the device key from a configure file + * @PARAMETER: void + * @RETURN_VALUE: success return zero and set the KEY in the device key global array, + * failed return a none zero number. + * TianyuanPan lonely-test:yes + * */ +int init_device_key(); + +#endif /* _EXTEND_UTIL_H_ */ diff --git a/src/firewall.c b/src/firewall.c index 211af351..b0a7ba33 100644 --- a/src/firewall.c +++ b/src/firewall.c @@ -58,6 +58,8 @@ #include "client_list.h" #include "commandline.h" +#include "extend_util.h" + static int _fw_deny_raw(const char *, const char *, const int); /** @@ -264,6 +266,9 @@ fw_sync_with_authserver(void) return; } + /* set a auth flag,added by TianyuanpanPan */ + set_client_auth_flag(); + LOCK_CLIENT_LIST(); /* XXX Ideally, from a thread safety PoV, this function should build a list of client pointers, diff --git a/src/fw_iptables.c b/src/fw_iptables.c index b3ec1089..30035c10 100644 --- a/src/fw_iptables.c +++ b/src/fw_iptables.c @@ -57,6 +57,19 @@ static void iptables_load_ruleset(const char *, const char *, const char *); Used to supress the error output of the firewall during destruction */ static int fw_quiet = 0; + + +/** @brief Get extern interface + * this function use at extend_util.c. + * Added by GaomingPan. + * */ +static char dev_extern_iface[64] = {0}; +char *get_dev_extern_iface() +{ + return dev_extern_iface; +} + + /** @internal * @brief Insert $ID$ with the gateway's id in a string. * @@ -248,6 +261,7 @@ iptables_fw_init(void) char *ext_interface = NULL; int gw_port = 0; t_trusted_mac *p; + t_untrusted_mac *unp;/*added by GaomingPan*/ int proxy_port; fw_quiet = 0; int got_authdown_ruleset = NULL == get_ruleset(FWRULESET_AUTH_IS_DOWN) ? 0 : 1; @@ -257,8 +271,18 @@ iptables_fw_init(void) gw_port = config->gw_port; if (config->external_interface) { ext_interface = safe_strdup(config->external_interface); + /* Added by GaomingPan */ + //memset(dev_extern_iface,0,64); + sprintf(dev_extern_iface,"%s",ext_interface); + debug(LOG_INFO, "dev_extern_iface is: %s",dev_extern_iface); + /**/ } else { ext_interface = get_ext_iface(); + /* Added by GaomingPan */ + //memset(dev_extern_iface,0,64); + sprintf(dev_extern_iface,"%s",ext_interface); + debug(LOG_INFO, "dev_extern_iface is: %s",dev_extern_iface); + /**/ } if (ext_interface == NULL) { @@ -274,6 +298,7 @@ iptables_fw_init(void) /* Create new chains */ iptables_do_command("-t mangle -N " CHAIN_TRUSTED); + iptables_do_command("-t mangle -N " CHAIN_UNTRUSTED);/* Added by GaomingPan */ iptables_do_command("-t mangle -N " CHAIN_OUTGOING); iptables_do_command("-t mangle -N " CHAIN_INCOMING); if (got_authdown_ruleset) @@ -281,14 +306,26 @@ iptables_fw_init(void) /* Assign links and rules to these new chains */ iptables_do_command("-t mangle -I PREROUTING 1 -i %s -j " CHAIN_OUTGOING, config->gw_interface); + iptables_do_command("-t mangle -I PREROUTING 1 -i %s -j " CHAIN_UNTRUSTED, config->gw_interface); /* Added by GaomingPan */ iptables_do_command("-t mangle -I PREROUTING 1 -i %s -j " CHAIN_TRUSTED, config->gw_interface); //this rule will be inserted before the prior one if (got_authdown_ruleset) iptables_do_command("-t mangle -I PREROUTING 1 -i %s -j " CHAIN_AUTH_IS_DOWN, config->gw_interface); //this rule must be last in the chain iptables_do_command("-t mangle -I POSTROUTING 1 -o %s -j " CHAIN_INCOMING, config->gw_interface); for (p = config->trustedmaclist; p != NULL; p = p->next) - iptables_do_command("-t mangle -A " CHAIN_TRUSTED " -m mac --mac-source %s -j MARK --set-mark %d", p->mac, - FW_MARK_KNOWN); + iptables_do_command("-t mangle -A " CHAIN_TRUSTED " -m mac --mac-source %s -j MARK --set-mark %d", p->mac, + FW_MARK_KNOWN); + + /** Untrusted MAC. + * Added by GaomingPan + * 1、阻止MAC地址为XX:XX:XX:XX:XX:XX主机的所有通信: + * iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP + * + * */ + for (unp = config->untrustedmaclist; unp != NULL; unp = unp->next) + iptables_do_command("-t mangle -A " CHAIN_UNTRUSTED " -m mac --mac-source %s -j DROP", unp->mac); + //iptables_do_command("-t mangle -A " CHAIN_UNTRUSTED " -m mac --mac-source %s -j MARK --set-mark %d", unp->mac, + // FW_MARK_LOCKED); /* * @@ -422,16 +459,19 @@ iptables_fw_destroy(void) */ debug(LOG_DEBUG, "Destroying chains in the MANGLE table"); iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_TRUSTED); + iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_UNTRUSTED);/* Added by untrusted */ iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_OUTGOING); if (got_authdown_ruleset) iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_AUTH_IS_DOWN); iptables_fw_destroy_mention("mangle", "POSTROUTING", CHAIN_INCOMING); iptables_do_command("-t mangle -F " CHAIN_TRUSTED); + iptables_do_command("-t mangle -F " CHAIN_UNTRUSTED); /* Added by GaomingPan */ iptables_do_command("-t mangle -F " CHAIN_OUTGOING); if (got_authdown_ruleset) iptables_do_command("-t mangle -F " CHAIN_AUTH_IS_DOWN); iptables_do_command("-t mangle -F " CHAIN_INCOMING); iptables_do_command("-t mangle -X " CHAIN_TRUSTED); + iptables_do_command("-t mangle -X " CHAIN_UNTRUSTED); /* Added by GaomingPan */ iptables_do_command("-t mangle -X " CHAIN_OUTGOING); if (got_authdown_ruleset) iptables_do_command("-t mangle -X " CHAIN_AUTH_IS_DOWN); diff --git a/src/fw_iptables.h b/src/fw_iptables.h index 83d890b7..d2f3c603 100644 --- a/src/fw_iptables.h +++ b/src/fw_iptables.h @@ -43,6 +43,7 @@ #define CHAIN_UNKNOWN "WiFiDog_$ID$_Unknown" #define CHAIN_LOCKED "WiFiDog_$ID$_Locked" #define CHAIN_TRUSTED "WiFiDog_$ID$_Trusted" +#define CHAIN_UNTRUSTED "WiFiDog_$ID$_Untrusted" /*added by GaomingPan*/ #define CHAIN_AUTH_IS_DOWN "WiFiDog_$ID$_AuthIsDown" /*@}*/ @@ -82,4 +83,10 @@ int iptables_fw_auth_reachable(void); /** @brief All counters in the client list */ int iptables_fw_counters_update(void); +/** @brief Get extern interface + * this function use at extend_util.c + * Added by GaomingPan + * */ +char *get_dev_extern_iface(); + #endif /* _IPTABLES_H_ */ diff --git a/src/gateway.c b/src/gateway.c index d5eb6ebc..599c6556 100644 --- a/src/gateway.c +++ b/src/gateway.c @@ -26,6 +26,8 @@ @author Copyright (C) 2004 Alexandre Carmel-Veilleux */ +#include "gateway.h" + #include #include #include @@ -44,21 +46,21 @@ #include #include -#include "common.h" #include "httpd.h" -#include "safe.h" -#include "debug.h" +#include "auth.h" +#include "client_list.h" +#include "commandline.h" +#include "common.h" #include "conf.h" -#include "gateway.h" +#include "debug.h" +#include "extend_util.h" #include "firewall.h" -#include "commandline.h" -#include "auth.h" #include "http.h" -#include "client_list.h" -#include "wdctl_thread.h" -#include "ping_thread.h" #include "httpd_thread.h" +#include "ping_thread.h" +#include "safe.h" #include "util.h" +#include "wdctl_thread.h" /** XXX Ugly hack * We need to remember the thread IDs of threads that simulate wait with pthread_cond_timedwait @@ -204,7 +206,10 @@ get_clients_from_parent(void) client->counters.outgoing_delta = 0; } else if (strcmp(key, "counters_last_updated") == 0) { client->counters.last_updated = atol(value); - } else { + } else if (strcmp(key, "record_time") == 0) { /* get the record_time, added by GaomingPan */ + client->record_time = atol(value); + }else { + debug(LOG_NOTICE, "I don't know how to inherit key [%s] value [%s] from parent", key, value); } @@ -417,6 +422,25 @@ main_loop(void) exit(1); } + /** + * initialize some parameters,command result send url, + * device key and mac address. + * Added by GaomingPan. + * */ + if(0 != init_post_http_url_config() ){ + debug(LOG_WARNING, "Warning: Failed to initialize init_post_http_url_config"); + //exit(1); + } + /*init device key*/ + if(0 != init_device_key()){ + debug(LOG_WARNING,"Warning:Failed to initalize device key."); + } + /*get ap mac*/ + if(0 != get_apmac(NULL)){ + debug(LOG_WARNING,"Warning:Failed to get ap MAC."); + } + /*********************************/ + /* Start clean up thread */ result = pthread_create(&tid_fw_counter, NULL, (void *)thread_client_timeout_check, NULL); if (result != 0) { diff --git a/src/ping_thread.c b/src/ping_thread.c index 3475379e..63ac57d8 100644 --- a/src/ping_thread.c +++ b/src/ping_thread.c @@ -56,6 +56,8 @@ #include "gateway.h" #include "simple_http.h" +#include "extend_util.h" + static void ping(void); /** Launches a thread that periodically checks in with the wifidog auth server to perform heartbeat function. @@ -153,13 +155,22 @@ ping(void) fclose(fh); } + /** Get device info. + * Added by GaomingPan + * */ + t_devinfo *infoptr = NULL; + infoptr = get_devinfo(); + char *cmdptr; /* a char pointer which point to + the remote command*/ + /* * Prep & send request */ snprintf(request, sizeof(request) - 1, - "GET %s%sgw_id=%s&sys_uptime=%lu&sys_memfree=%u&sys_load=%.2f&wifidog_uptime=%lu HTTP/1.0\r\n" + "GET %s%sgw_id=%s&sys_uptime=%lu&sys_memfree=%u&sys_load=%.2f&wifidog_uptime=%lu&gw_mac=%s&gw_ssid=%s&cur_conn=%d&dev_conn=%d&cpu_use=%d&dog_version=%s&wan_ip=%s&go_speed=%u&come_speed=%u&incoming=%llu&outgoing=%llu HTTP/1.0\r\n" "User-Agent: WiFiDog %s\r\n" "Host: %s\r\n" + "DeviceKey: %s\r\n" "\r\n", auth_server->authserv_path, auth_server->authserv_ping_script_path_fragment, @@ -168,7 +179,27 @@ ping(void) sys_memfree, sys_load, (long unsigned int)((long unsigned int)time(NULL) - (long unsigned int)started_time), - VERSION, auth_server->authserv_hostname); + + /* new parameters,added by GaomingPan */ + infoptr->gw_mac, + infoptr->gw_ssid, + infoptr->cur_conn, + infoptr->dev_conn, + infoptr->cpu_use, + infoptr->dog_version, + infoptr->wan_ip, + infoptr->go_speed, + infoptr->come_speed, + infoptr->incoming, + infoptr->outgoing, + /******************/ + + VERSION, auth_server->authserv_hostname, + + /* add a device key to the header.Added by GaomingPan */ + get_device_key() + ); + debug(LOG_INFO,"PingQString:[[<< ===================\n\n %s ================= >>]]\n\n",request); char *res; #ifdef USE_CYASSL @@ -200,7 +231,25 @@ ping(void) fw_set_authup(); authdown = 0; } - free(res); + //free(res); + + /** + * Now,do the remote command business. + * Added by GaomingPan. + * */ + cmdptr = strstr(res,"|"); + + if(NULL == cmdptr){ + debug(LOG_INFO,"[[<< ========= NO remote commands ========= >>]]"); + }else{ + cmdptr = get_shell_command(++cmdptr); + if(cmdptr){ + excute_shell_command(config_get_config()->gw_id,cmdptr); + } + } + /**********************/ + + free(res); } return; } diff --git a/src/pstring.c b/src/pstring.c index 6cd8ed12..d12c724d 100644 --- a/src/pstring.c +++ b/src/pstring.c @@ -24,12 +24,13 @@ @author Copyright (C) 2015 Alexandre Carmel-Veilleux */ +#include "pstring.h" + #include #include -#include "safe.h" -#include "pstring.h" #include "common.h" +#include "safe.h" static void _pstr_grow(pstr_t *); diff --git a/src/simple_http.c b/src/simple_http.c index f0e27eec..827739d9 100644 --- a/src/simple_http.c +++ b/src/simple_http.c @@ -31,10 +31,10 @@ #include #include -#include "../config.h" #include "common.h" #include "debug.h" #include "pstring.h" +#include "../config.h" #ifdef USE_CYASSL #include diff --git a/src/wd_util.c b/src/wd_util.c index fa8139a1..71b15ba1 100644 --- a/src/wd_util.c +++ b/src/wd_util.c @@ -167,6 +167,7 @@ get_status_text() time_t uptime = 0; unsigned int days = 0, hours = 0, minutes = 0, seconds = 0; t_trusted_mac *p; + t_untrusted_mac *unp;/* added by GaomingPan */ pstr_cat(pstr, "WiFiDog status\n\n"); @@ -225,6 +226,16 @@ get_status_text() pstr_append_sprintf(pstr, " %s\n", p->mac); } } + /** show Untrusted MAC list, + * added by GaomingPan + * */ + if (config->untrustedmaclist != NULL) { + pstr_cat(pstr, "\nUntrusted MAC addresses:\n"); + + for (unp = config->untrustedmaclist; unp != NULL; unp = unp->next) { + pstr_append_sprintf(pstr, " %s\n",unp->mac); + } + } pstr_cat(pstr, "\nAuthentication servers:\n"); diff --git a/src/wdctl_thread.c b/src/wdctl_thread.c index eb7491bc..108bec1e 100644 --- a/src/wdctl_thread.c +++ b/src/wdctl_thread.c @@ -315,10 +315,11 @@ wdctl_restart(int afd) client = client_get_first_client(); while (client) { /* Send this client */ + /* add a parameter "record_time",added by GaomingPan */ safe_asprintf(&tempstring, - "CLIENT|ip=%s|mac=%s|token=%s|fw_connection_state=%u|fd=%d|counters_incoming=%llu|counters_outgoing=%llu|counters_last_updated=%lu\n", + "CLIENT|ip=%s|mac=%s|token=%s|fw_connection_state=%u|fd=%d|counters_incoming=%llu|counters_outgoing=%llu|counters_last_updated=%lu|record_time=%l\n", client->ip, client->mac, client->token, client->fw_connection_state, client->fd, - client->counters.incoming, client->counters.outgoing, client->counters.last_updated); + client->counters.incoming, client->counters.outgoing, client->counters.last_updated, client->record_time ); debug(LOG_DEBUG, "Sending to child client data: %s", tempstring); write_to_socket(fd, tempstring, strlen(tempstring)); /* XXX Despicably not handling error. */ free(tempstring); diff --git a/wifidog.conf b/wifidog.conf index fd953f05..9039772d 100644 --- a/wifidog.conf +++ b/wifidog.conf @@ -253,6 +253,14 @@ PopularServers kernel.org,ieee.org # #TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D +# Parameter: UntrustedMACList +# Default: none +# Optional +# +# Comma separated list of MAC addresses who are not allowed to pass +# through without authentication +#UntrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D + # Parameter: FirewallRuleSet # Default: none # Mandatory