1 #!/bin/sh /etc/rc.common
2 # Copyright (C) 2009-2011 OpenWrt.org
8 EXTRA_COMMANDS
="killclients"
9 EXTRA_HELP
=" killclients Kill ${NAME} processes except servers and yourself"
15 # check if section is enabled (default)
17 config_get_bool enabled
"${section}" enable 1
18 [ "${enabled}" -eq 0 ] && return 1
20 # increase pid file count to handle multiple instances correctly
21 PIDCOUNT
="$(( ${PIDCOUNT} + 1 ))"
23 # prepare parameters (initialise with pid file)
24 local args
="-P /var/run/${NAME}.${PIDCOUNT}.pid"
27 config_get vals
"${section}" listen
28 [ -n "${vals}" ] && for val
in $vals; do append args
"-p ${val}"; done
30 config_get val
"${section}" ssh
31 [ -n "${val}" ] && append args
"--ssh ${val}"
33 config_get val
"${section}" ssl
34 [ -n "${val}" ] && append args
"--ssl ${val}"
35 # D) openvpn parameter
36 config_get val
"${section}" openvpn
37 [ -n "${val}" ] && append args
"--openvpn ${val}"
39 config_get val
"${section}" tinc
40 [ -n "${val}" ] && append args
"--tinc ${val}"
41 # F) timeout (before a connection is considered to be SSH)
42 config_get val
"${section}" timeout
43 [ -n "${val}" ] && append args
"-t ${val}"
44 # G) verbose parameter
46 config_get_bool verbosed
"${section}" verbose
0
47 [ "${verbosed}" -ne 0 ] && append args
"-v"
49 # execute program and return its exit code
50 [ "${verbosed}" -ne 0 ] && echo "${initscript}: section ${section} started via ${PROG} ${args}"
58 config_foreach sslh_start sslh
66 # killing all server processes
67 for pidfile
in `ls /var/run/${NAME}.*.pid`
69 start-stop-daemon
-q -K -s KILL
-p "${pidfile}" -n "${NAME}"
73 [ -z "${pidfile}" ] && echo "${initscript}: no pid files, if you get problems with start then try killclients"
74 [ ${rc} -ne 0 ] && echo "${initscript}: inconsistency in pid files, if you get problems with start then try killclients"
86 # if this script is run from inside a client session, then ignore that session
88 while [ "${pid}" -ne 0 ]
90 # get parent process id
91 pid
=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
92 [ "${pid}" -eq 0 ] && break
94 # check if pid is connected to a client connection
95 # a) get established connection for pid
96 connection
=`netstat -tupn 2>/dev/null | sed "s/[ ]\+/ /g" | grep -e "ESTABLISHED ${pid}/"`
97 [ -z "${connection}" ] && continue
98 # get connection details for foreign address
99 proto
=`echo ${connection} | cut -d ' ' -f 1`
100 address
=`echo ${connection} | cut -d ' ' -f 5`
102 # b) get pid for foreign address, only possible if foreign address is from this machine itself
103 connection
=`netstat -tupn 2>/dev/null | sed "s/[ ]\+/ /g" | grep -e "^${proto}.*${address}.*ESTABLISHED.*/${NAME}"`
104 [ -z "${connection}" ] && continue
105 # check that the local address (field 4) corresponds to the foreign address of the previous connection
106 server
=`echo ${connection} | cut -d ' ' -f 4`
107 [ "${server}" != "${address}" ] && continue
108 # get pid from connection
109 server
=`echo ${connection} | cut -d ' ' -f 7 | cut -d '/' -f 1`
111 # check if client connection
112 grep -F -q -e "${PROG}" "/proc/${server}/cmdline" && {
113 append ignore
"${server}"
118 # get all server pids that should be ignored
119 for server
in `cat /var/run/${NAME}.*.pid`
121 append ignore
"${server}"
124 # get all running pids and kill client connections
126 for pid
in `pidof "${NAME}"`
128 # check if correct program, otherwise process next pid
129 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" ||
{
133 # check if pid should be ignored (servers, ourself)
135 for server
in ${ignore}
137 if [ "${pid}" == "${server}" ]
143 [ "${skip}" -ne 0 ] && continue
146 echo "${initscript}: Killing ${pid}..."