1 #!/bin/sh /etc/rc.common
3 # description: Startup/shutdown script for nodogsplash captive portal
5 # Alexander Couzens <lynxis@fe80.eu> 2014
8 # (Based on wifidog startup script
11 # Comment by that author: Could be better, but it's working as expected)
19 IPT
=/usr
/sbin
/iptables
21 # -s -d 5 runs in background, with level 5 (not so verbose) messages to syslog
22 # -f -d 7 runs in foreground, with level 7 (verbose) debug messages to terminal
24 CONFIGFILE
="/tmp/invalid_nodogsplash.conf"
26 # nolog(loglevel message ...)
30 logger
-s -t nodogsplash
-p daemon.
$level $@
33 # append_config_option_map <cfgfile> <uci_cfg_obj> <option_name> <config_counterpart> [<optional default>]
34 # append "$config_counterpart $value" to cfgfile if option_name exists
35 # e.g. append_config_option "$CONFIGFILE" "$cfg" bind_address BindAddress 0.0.0.0
36 # will append "BindAddress 192.168.1.1" if uci bind_address is '192.168.1.1'
37 append_config_option_map
() {
39 local config_file
="$1"
41 local option_name
="$3"
42 local config_counterpart
="$4"
44 config_get val
"$cfg" "$option_name" "$default"
45 [ -n "$val" ] && echo "$config_counterpart $val" >> $config_file
48 # append_config_option <cfgfile> <uci_cfg_obj> <option_name> [<optional default>]
49 # append "$option_name $value" to cfgfile if option_name exists
50 # e.g. append_config_option "$CONFIGFILE" "$cfg" bind_address 0.0.0.0
51 # will append "bind_address 192.168.1.1" if uci bind_address is '192.168.1.1'
52 # if uci bind_address is unset append "bind_address 0.0.0.0"
53 append_config_option
() {
55 local config_file
="$1"
57 local option_name
="$3"
59 config_get val
"$cfg" "$option_name" "$default"
60 [ -n "$val" ] && echo "$option_name $val" >> $config_file
72 config_get val
"$cfg" macmechanism
73 if [ -z "$val" ] ; then
74 # check if we have AllowedMACList or BlockedMACList defined they will be ignored
75 config_get val
"$cfg" allowedmac
76 if [ -n "$val" ] ; then
77 echo "Ignoring allowedmac - macmechanism not \"allow\"" >&2
80 config_get val
"$cfg" blockedmac
81 if [ -n "$val" ] ; then
82 echo "Ignoring blockedmac - macmechanism not \"block\"" >&2
84 elif [ "$val" == "allow" ] ; then
86 config_list_foreach
"$cfg" allowedmac append_mac
87 echo "AllowedMACList $MAC" >> $CONFIGFILE
88 elif [ "$val" == "block" ] ; then
90 config_list_foreach
"$cfg" blockedmac append_mac
91 echo "BlockedMACList $MAC" >> $CONFIGFILE
93 nolog error
"$cfg Invalid macmechanism '$val' - allow or block are valid."
97 config_list_foreach
"$cfg" trustedmac append_mac
98 [ -n "$MAC" ] && echo "TrustedMACList $MAC" >> $CONFIGFILE
107 echo " FirewallRule $1" >> $CONFIGFILE
110 for rule
in $
(echo authenticated-users preauthenticated-users users-to-router trusted-users trusted-users-to-router
)
112 uci_name
=${rule//-/_}
113 # uci does not allow - dashes
114 echo "FirewallRuleSet $rule {" >> $CONFIGFILE
115 config_list_foreach
"$cfg" ${uci_name} append_firewall
116 echo "}" >> $CONFIGFILE
117 config_get val
"$cfg" policy_
${uci_name}
118 [ -n "$val" ] && echo "EmptyRuleSetPolicy $rule $val" >> $CONFIGFILE
122 generate_uci_config
() {
129 CONFIGFILE
="/tmp/etc/nodogsplash_$cfg.conf"
131 echo "# auto-generated config file from /etc/config/nodogsplash" > $CONFIGFILE
133 config_get val
"$cfg" config
134 if [ -n "$val" ] ; then
135 if [ ! -f "$val" ] ; then
136 nolog error
"Configuration file '$file' doesn't exist"
139 cat "$val" >> $CONFIGFILE
142 config_get val
"$cfg" network
143 if [ -n "$val" ] ; then
144 if ! network_get_device ifname
"$val" ; then
145 nolog error
"$cfg can not find ifname for network '$val'"
150 config_get val
"$cfg" gatewayinterface
151 if [ -n "$val" ] ; then
152 if [ -n "$ifname" ] ; then
153 nolog error
"$cfg cannot use both option network and gatewayinterface"
159 if [ -z "$ifname" ] ; then
160 nolog error
"$cfg option network or gatewayinterface missing"
164 echo "GatewayInterface $ifname" >> $CONFIGFILE
166 append_config_option
"$CONFIGFILE" "$cfg" gatewayname
167 append_config_option
"$CONFIGFILE" "$cfg" gatewayaddress
168 append_config_option
"$CONFIGFILE" "$cfg" gatewayport
169 append_config_option
"$CONFIGFILE" "$cfg" maxclients
170 append_config_option
"$CONFIGFILE" "$cfg" webroot
171 append_config_option
"$CONFIGFILE" "$cfg" debuglevel
172 append_config_option
"$CONFIGFILE" "$cfg" splashpage
173 append_config_option
"$CONFIGFILE" "$cfg" pagesdir
174 append_config_option
"$CONFIGFILE" "$cfg" checkinterval
175 append_config_option
"$CONFIGFILE" "$cfg" syslogfacility
176 append_config_option
"$CONFIGFILE" "$cfg" gatewayiprange
177 append_config_option
"$CONFIGFILE" "$cfg" imagedir
178 append_config_option
"$CONFIGFILE" "$cfg" redirecturl
179 append_config_option
"$CONFIGFILE" "$cfg" clientidletimeout
180 append_config_option
"$CONFIGFILE" "$cfg" clientforcetimeout
181 append_config_option
"$CONFIGFILE" "$cfg" gatewayiprange
182 append_config_option
"$CONFIGFILE" "$cfg" passwordattempts
183 append_config_option
"$CONFIGFILE" "$cfg" macmechanism
184 append_config_option
"$CONFIGFILE" "$cfg" uploadlimit
185 append_config_option
"$CONFIGFILE" "$cfg" downloadlimit
186 append_config_option
"$CONFIGFILE" "$cfg" remoteauthenticatoraction
187 append_config_option
"$CONFIGFILE" "$cfg" enablepreauth
188 append_config_option
"$CONFIGFILE" "$cfg" binvoucher
189 append_config_option
"$CONFIGFILE" "$cfg" forcevoucher
190 append_config_option
"$CONFIGFILE" "$cfg" passwordauthentication
191 append_config_option
"$CONFIGFILE" "$cfg" usernameauthentication
192 append_config_option
"$CONFIGFILE" "$cfg" passwordattempts
193 append_config_option
"$CONFIGFILE" "$cfg" username
194 append_config_option
"$CONFIGFILE" "$cfg" password
195 append_config_option
"$CONFIGFILE" "$cfg" authenticateimmediately
196 append_config_option
"$CONFIGFILE" "$cfg" decongesthttpdthreads
197 append_config_option
"$CONFIGFILE" "$cfg" httpdthreadthreshold
198 append_config_option
"$CONFIGFILE" "$cfg" httpdthreaddelayms
199 append_config_option
"$CONFIGFILE" "$cfg" fw_mark_authenticated
200 append_config_option
"$CONFIGFILE" "$cfg" fw_mark_trusted
201 append_config_option
"$CONFIGFILE" "$cfg" fw_mark_blocked
203 config_get download
"$cfg" downloadlimit
204 config_get upload
"$cfg" uploadlimit
205 [ -n "$upload" -o -n "$download" ] && echo "TrafficControl yes" >> $CONFIGFILE
207 setup_mac_lists
"$cfg"
208 setup_firewall
"$cfg"
211 # setup configuration and start instance
217 config_get_bool val
"$cfg" enabled
0
218 [ $val -gt 0 ] ||
return 0
220 generate_uci_config
"$cfg"
222 if ! test_module
; then
223 logger
-s -t nodogsplash
-p daemon.error
"nodogsplash is missing some kernel modules"
226 procd_open_instance
$cfg
227 procd_set_param
command /usr
/bin
/nodogsplash
-c $CONFIGFILE $OPTIONS
228 procd_set_param respawn
229 procd_set_param
file $CONFIGFILE
234 include
/lib
/functions
237 config_load nodogsplash
239 config_foreach create_instance nodogsplash
243 # nodogsplash doesn't exit fast enought, when procd terminates it.
244 # otherwise procd will restart nodogsplash twice. first time starting nodogsplash fails, second time it succeeds
249 $WD_DIR/ndsctl status
252 # Test if we got all modules loaded
254 ### Test ipt_mark with iptables
256 ($IPT -A FORWARD
-m mark
--mark 2 -j ACCEPT
2>&1) > /dev
/null
258 if [ "$IPTABLES_OK" -eq 0 ]; then
259 ($IPT -D FORWARD
-m mark
--mark 2 -j ACCEPT
2>&1) > /dev
/null
266 ### Test ipt_mac with iptables
268 ($IPT -A INPUT
-m mac
--mac-source 00:00:00:00:00:00 -j ACCEPT
2>&1) > /dev
/null
270 if [ "$IPTABLES_OK" -eq 0 ]; then
271 ($IPT -D INPUT
-m mac
--mac-source 00:00:00:00:00:00 -j ACCEPT
2>&1) > /dev
/null
278 ### Test ipt_IMQ with iptables
280 ($IPT -t mangle
-A PREROUTING
-j IMQ
--todev 0 2>&1) > /dev
/null
282 if [ "$IPTABLES_OK" -eq 0 ]; then
283 ($IPT -t mangle
-D PREROUTING
-j IMQ
--todev 0 2>&1) > /dev
/null
292 (ip link
set imq0 up
2>&1) > /dev
/null
294 (ip link
set imq1 up
2>&1) > /dev
/null
296 if [ "$IMQ0_OK" -eq 0 -a "$IMQ1_OK" -eq 0 ]; then
297 (ip link
set imq0 down
2>&1) > /dev
/null
298 (ip link
set imq1 down
2>&1) > /dev
/null
305 ### Test sch_htb with tc; requires imq0
307 (tc qdisc del dev imq0 root
2>&1) > /dev
/null
308 (tc qdisc add dev imq0 root htb
2>&1) > /dev
/null
310 if [ "$TC_OK" -eq 0 ]; then
311 (tc qdisc del dev imq0 root
2>&1) > /dev
/null
318 ### Find a module on disk
320 EXIST
=$
(find /lib
/modules
/`uname -r` -name $1.
*o
2> /dev
/null
)
321 if [ -n "$EXIST" ]; then
328 ### Test if a module is in memory
329 module_in_memory
() {
330 MODULE
=$
(lsmod |
grep $1 |
awk '{print $1}')
331 if [ "$MODULE" = "$1" ]; then
338 ### Test functionality of a module; load if necessary
340 echo " Testing module $1 $2"
342 if [ $?
-ne 0 ]; then
343 echo " Module $1 $2 needed"
344 echo " Scanning disk for $1 module"
346 if [ $?
-ne 0 ]; then
347 echo " $1 module missing: please install it"
350 echo " $1 exists, trying to load"
351 insmod
$1 $2 > /dev
/null
352 if [ $?
-ne 0 ]; then
353 echo " Error: insmod $1 $2 failed"
356 echo " $1 $2 loaded successfully"
360 echo " $1 is working"
364 echo " Testing required modules"
366 do_module_tests
"ipt_mac"
367 do_module_tests
"ipt_mark"
369 # test for imq modules, only if TrafficControl is enabled in conf
370 if ( grep -q -E '^[[:space:]]*TrafficControl[[:space:]]+(yes|true|1)' "$CONFIGFILE" ) ; then
371 do_module_tests
"imq" "numdevs=2"
372 do_module_tests
"ipt_IMQ"
373 do_module_tests
"sch_htb"