--- /dev/null
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=nodogsplash2
+PKG_FIXUP:=autoreconf
+PKG_VERSION:=2.0.0
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=git://github.com/nodogsplash/nodogsplash.git
+PKG_SOURCE_VERSION:=9d985d93f15db4052677dc34c37232bc958944bc
+PKG_MIRROR_HASH:=12f9ea4e19c76f438f54a2214b098af233645713db7f8893c968fe1cab98ab1b
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_MAINTAINER:=Moritz Warning <moritzwarning@web.de>
+PKG_BUILD_PARALLEL:=1
+PKG_LICENSE:=GPL-2.0+
+
+include $(INCLUDE_DIR)/package.mk
+
+
+define Package/nodogsplash2
+ SUBMENU:=Captive Portals
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=+libpthread +iptables-mod-ipopt +libmicrohttpd-no-ssl
+ TITLE:=Open public network gateway daemon
+ URL:=https://github.com/nodogsplash/nodogsplash
+ CONFLICTS:=nodogsplash
+endef
+
+define Package/nodogsplash2/description
+ Nodogsplash offers a simple way to open a free hotspot providing
+ restricted access to an internet connection.
+endef
+
+define Package/nodogsplash2/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/nodogsplash $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/ndsctl $(1)/usr/bin/
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) files/nodogsplash.init $(1)/etc/init.d/nodogsplash
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_CONF) files/nodogsplash.config $(1)/etc/config/nodogsplash
+
+ $(INSTALL_DIR) $(1)/etc/$(PKG_NAME)/htdocs/images
+ $(CP) $(PKG_BUILD_DIR)/resources/splash.html $(1)/etc/$(PKG_NAME)/htdocs/
+ $(CP) $(PKG_BUILD_DIR)/resources/infoskel.html $(1)/etc/$(PKG_NAME)/htdocs/
+ $(CP) $(PKG_BUILD_DIR)/resources/splash.jpg $(1)/etc/$(PKG_NAME)/htdocs/images/
+endef
+
+define Package/nodogsplash2/conffiles
+/etc/nodogsplash/nodogsplash.conf
+endef
+
+$(eval $(call BuildPackage,nodogsplash2))
--- /dev/null
+
+# The options available here are an adaptation of the settings used in nodogsplash.conf.
+# See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf
+
+config nodogsplash
+ # Set to 1 to enable nodogsplash
+ option enabled 0
+
+ # Use plain configuration file
+ #option config '/etc/nodogsplash/nodogsplash.conf'
+
+ # The network the users are connected to
+ option network 'lan'
+ option gatewayname 'LEDE Nodogsplash'
+ option maxclients '250'
+ option clientidletimeout '1200'
+
+ # Your router may have several interfaces, and you
+ # probably want to keep them private from the network/gatewayinterface.
+ # If so, you should block the entire subnets on those interfaces, e.g.:
+ list authenticated_users 'block to 192.168.0.0/16'
+ list authenticated_users 'block to 10.0.0.0/8'
+
+ # Typical ports you will probably want to open up.
+ list authenticated_users 'allow tcp port 22'
+ list authenticated_users 'allow tcp port 53'
+ list authenticated_users 'allow udp port 53'
+ list authenticated_users 'allow tcp port 80'
+ list authenticated_users 'allow tcp port 443'
+
+ # For preauthenticated users to resolve IP addresses in their
+ # initial request not using the router itself as a DNS server,
+ list preauthenticated_users 'allow tcp port 53'
+ list preauthenticated_users 'allow udp port 53'
+
+ # Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS
+ list users_to_router 'allow tcp port 22'
+ list users_to_router 'allow tcp port 23'
+ list users_to_router 'allow tcp port 53'
+ list users_to_router 'allow udp port 53'
+ list users_to_router 'allow udp port 67'
+ list users_to_router 'allow tcp port 80'
+ list users_to_router 'allow tcp port 443'
+
+ # MAC addresses that are / are not allowed to access the splash page
+ # Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used.
+ #option macmechanism 'allow'
+ #list allowedmac '00:00:C0:01:D0:0D'
+ #list allowedmac '00:00:C0:01:D0:1D'
+ #list blockedmac '00:00:C0:01:D0:2D'
+
+ #MAC addresses that do not need to authenticate
+ #list trustedmac '00:00:C0:01:D0:1D'
--- /dev/null
+#!/bin/sh /etc/rc.common
+#
+# description: Startup/shutdown script for nodogsplash captive portal
+#
+# Alexander Couzens <lynxis@fe80.eu> 2014
+# P. Kube 2007
+#
+# (Based on wifidog startup script
+# Date : 2004-08-25
+# Version : 1.0
+# Comment by that author: Could be better, but it's working as expected)
+#
+
+START=95
+STOP=95
+
+USE_PROCD=1
+
+IPT=/usr/sbin/iptables
+WD_DIR=/usr/bin
+# -s -d 5 runs in background, with level 5 (not so verbose) messages to syslog
+# -f -d 7 runs in foreground, with level 7 (verbose) debug messages to terminal
+OPTIONS="-s -f -d 5"
+CONFIGFILE="/tmp/invalid_nodogsplash.conf"
+
+# nolog(loglevel message ...)
+nolog() {
+ local level=$1
+ shift
+ logger -s -t nodogsplash -p daemon.$level $@
+}
+
+# append_config_option_map <cfgfile> <uci_cfg_obj> <option_name> <config_counterpart> [<optional default>]
+# append "$config_counterpart $value" to cfgfile if option_name exists
+# e.g. append_config_option "$CONFIGFILE" "$cfg" bind_address BindAddress 0.0.0.0
+# will append "BindAddress 192.168.1.1" if uci bind_address is '192.168.1.1'
+append_config_option_map() {
+ local val=""
+ local config_file="$1"
+ local cfg="$2"
+ local option_name="$3"
+ local config_counterpart="$4"
+ local default="$5"
+ config_get val "$cfg" "$option_name" "$default"
+ [ -n "$val" ] && echo "$config_counterpart $val" >> $config_file
+}
+
+# append_config_option <cfgfile> <uci_cfg_obj> <option_name> [<optional default>]
+# append "$option_name $value" to cfgfile if option_name exists
+# e.g. append_config_option "$CONFIGFILE" "$cfg" bind_address 0.0.0.0
+# will append "bind_address 192.168.1.1" if uci bind_address is '192.168.1.1'
+# if uci bind_address is unset append "bind_address 0.0.0.0"
+append_config_option() {
+ local val=""
+ local config_file="$1"
+ local cfg="$2"
+ local option_name="$3"
+ local default="$4"
+ config_get val "$cfg" "$option_name" "$default"
+ [ -n "$val" ] && echo "$option_name $val" >> $config_file
+}
+
+setup_mac_lists() {
+ local cfg="$1"
+ local MAC=""
+ local val
+
+ append_mac() {
+ append MAC "$1" ","
+ }
+
+ config_get val "$cfg" macmechanism
+ if [ -z "$val" ] ; then
+ # check if we have AllowedMACList or BlockedMACList defined they will be ignored
+ config_get val "$cfg" allowedmac
+ if [ -n "$val" ] ; then
+ echo "Ignoring allowedmac - macmechanism not \"allow\"" >&2
+ fi
+
+ config_get val "$cfg" blockedmac
+ if [ -n "$val" ] ; then
+ echo "Ignoring blockedmac - macmechanism not \"block\"" >&2
+ fi
+ elif [ "$val" == "allow" ] ; then
+ MAC=""
+ config_list_foreach "$cfg" allowedmac append_mac
+ echo "AllowedMACList $MAC" >> $CONFIGFILE
+ elif [ "$val" == "block" ] ; then
+ MAC=""
+ config_list_foreach "$cfg" blockedmac append_mac
+ echo "BlockedMACList $MAC" >> $CONFIGFILE
+ else
+ nolog error "$cfg Invalid macmechanism '$val' - allow or block are valid."
+ return 1
+ fi
+ MAC=""
+ config_list_foreach "$cfg" trustedmac append_mac
+ [ -n "$MAC" ] && echo "TrustedMACList $MAC" >> $CONFIGFILE
+}
+
+setup_firewall() {
+ local cfg="$1"
+ local uciname
+ local val
+
+ append_firewall() {
+ echo " FirewallRule $1" >> $CONFIGFILE
+ }
+
+ for rule in $(echo authenticated-users preauthenticated-users users-to-router trusted-users trusted-users-to-router)
+ do
+ uci_name=${rule//-/_}
+ # uci does not allow - dashes
+ echo "FirewallRuleSet $rule {" >> $CONFIGFILE
+ config_list_foreach "$cfg" ${uci_name} append_firewall
+ echo "}" >> $CONFIGFILE
+ config_get val "$cfg" policy_${uci_name}
+ [ -n "$val" ] && echo "EmptyRuleSetPolicy $rule $val" >> $CONFIGFILE
+ done
+}
+
+wait_for_interface()
+{
+ local ifname="$1"
+ local timeout=10
+ for i in $(seq $timeout); do
+ if [ $(ip -4 addr show dev $ifname 2> /dev/null | grep -c inet) -ne 0 ]; then
+ break
+ fi
+ sleep 1
+ if [ $i == $timeout ] ; then
+ nolog error "$ifname not detected, NoDogSplash not starting."
+ exit 1
+ fi
+ done
+}
+
+generate_uci_config() {
+ local cfg="$1"
+ local val
+ local ifname
+ local download
+ local upload
+
+ CONFIGFILE="/tmp/etc/nodogsplash_$cfg.conf"
+
+ echo "# auto-generated config file from /etc/config/nodogsplash" > $CONFIGFILE
+
+ config_get val "$cfg" config
+ if [ -n "$val" ] ; then
+ if [ ! -f "$val" ] ; then
+ nolog error "Configuration file '$file' doesn't exist"
+ return 0
+ fi
+ cat "$val" >> $CONFIGFILE
+ fi
+
+ config_get val "$cfg" network
+ if [ -n "$val" ] ; then
+ if ! network_get_device ifname "$val" ; then
+ nolog error "$cfg can not find ifname for network '$val'"
+ return 1
+ fi
+ fi
+
+ config_get val "$cfg" gatewayinterface
+ if [ -n "$val" ] ; then
+ if [ -n "$ifname" ] ; then
+ nolog error "$cfg cannot use both option network and gatewayinterface"
+ return 1
+ fi
+ ifname="$val"
+ fi
+
+ if [ -z "$ifname" ] ; then
+ nolog error "$cfg option network or gatewayinterface missing"
+ return 1
+ fi
+
+ wait_for_interface "$ifname"
+
+ echo "GatewayInterface $ifname" >> $CONFIGFILE
+
+ append_config_option "$CONFIGFILE" "$cfg" gatewayname
+ append_config_option "$CONFIGFILE" "$cfg" gatewayaddress
+ append_config_option "$CONFIGFILE" "$cfg" gatewayport
+ append_config_option "$CONFIGFILE" "$cfg" maxclients
+ append_config_option "$CONFIGFILE" "$cfg" webroot
+ append_config_option "$CONFIGFILE" "$cfg" debuglevel
+ append_config_option "$CONFIGFILE" "$cfg" splashpage
+ append_config_option "$CONFIGFILE" "$cfg" pagesdir
+ append_config_option "$CONFIGFILE" "$cfg" checkinterval
+ append_config_option "$CONFIGFILE" "$cfg" syslogfacility
+ append_config_option "$CONFIGFILE" "$cfg" gatewayiprange
+ append_config_option "$CONFIGFILE" "$cfg" imagedir
+ append_config_option "$CONFIGFILE" "$cfg" redirecturl
+ append_config_option "$CONFIGFILE" "$cfg" clientidletimeout
+ append_config_option "$CONFIGFILE" "$cfg" clientforcetimeout
+ append_config_option "$CONFIGFILE" "$cfg" gatewayiprange
+ append_config_option "$CONFIGFILE" "$cfg" passwordattempts
+ append_config_option "$CONFIGFILE" "$cfg" macmechanism
+ append_config_option "$CONFIGFILE" "$cfg" uploadlimit
+ append_config_option "$CONFIGFILE" "$cfg" downloadlimit
+ append_config_option "$CONFIGFILE" "$cfg" remoteauthenticatoraction
+ append_config_option "$CONFIGFILE" "$cfg" enablepreauth
+ append_config_option "$CONFIGFILE" "$cfg" binvoucher
+ append_config_option "$CONFIGFILE" "$cfg" forcevoucher
+ append_config_option "$CONFIGFILE" "$cfg" passwordauthentication
+ append_config_option "$CONFIGFILE" "$cfg" usernameauthentication
+ append_config_option "$CONFIGFILE" "$cfg" passwordattempts
+ append_config_option "$CONFIGFILE" "$cfg" username
+ append_config_option "$CONFIGFILE" "$cfg" password
+ append_config_option "$CONFIGFILE" "$cfg" authenticateimmediately
+ append_config_option "$CONFIGFILE" "$cfg" decongesthttpdthreads
+ append_config_option "$CONFIGFILE" "$cfg" httpdthreadthreshold
+ append_config_option "$CONFIGFILE" "$cfg" httpdthreaddelayms
+ append_config_option "$CONFIGFILE" "$cfg" fw_mark_authenticated
+ append_config_option "$CONFIGFILE" "$cfg" fw_mark_trusted
+ append_config_option "$CONFIGFILE" "$cfg" fw_mark_blocked
+
+ config_get download "$cfg" downloadlimit
+ config_get upload "$cfg" uploadlimit
+ [ -n "$upload" -o -n "$download" ] && echo "TrafficControl yes" >> $CONFIGFILE
+
+ setup_mac_lists "$cfg"
+ setup_firewall "$cfg"
+}
+
+# setup configuration and start instance
+create_instance() {
+ local cfg="$1"
+ local manual_config
+ local val
+
+ config_get_bool val "$cfg" enabled 0
+ [ $val -gt 0 ] || return 0
+
+ generate_uci_config "$cfg"
+
+ if ! test_module ; then
+ logger -s -t nodogsplash -p daemon.error "nodogsplash is missing some kernel modules"
+ fi
+
+ procd_open_instance $cfg
+ procd_set_param command /usr/bin/nodogsplash -c $CONFIGFILE $OPTIONS
+ procd_set_param respawn
+ procd_set_param file $CONFIGFILE
+ procd_close_instance
+}
+
+start_service() {
+ include /lib/functions
+
+ mkdir -p /tmp/etc/
+ config_load nodogsplash
+
+ config_foreach create_instance nodogsplash
+}
+
+stop_service() {
+ # nodogsplash doesn't exit fast enought, when procd terminates it.
+ # otherwise procd will restart nodogsplash twice. first time starting nodogsplash fails, second time it succeeds
+ sleep 1
+}
+
+status() {
+ $WD_DIR/ndsctl status
+}
+
+# Test if we got all modules loaded
+test_module() {
+ ### Test ipt_mark with iptables
+ test_ipt_mark () {
+ ($IPT -A FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null
+ IPTABLES_OK=$?
+ if [ "$IPTABLES_OK" -eq 0 ]; then
+ ($IPT -D FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null
+ return 0
+ else
+ return 1
+ fi
+ }
+
+ ### Test ipt_mac with iptables
+ test_ipt_mac () {
+ ($IPT -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null
+ IPTABLES_OK=$?
+ if [ "$IPTABLES_OK" -eq 0 ]; then
+ ($IPT -D INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null
+ return 0
+ else
+ return 1
+ fi
+ }
+
+ ### Test ipt_IMQ with iptables
+ test_ipt_IMQ () {
+ ($IPT -t mangle -A PREROUTING -j IMQ --todev 0 2>&1) > /dev/null
+ IPTABLES_OK=$?
+ if [ "$IPTABLES_OK" -eq 0 ]; then
+ ($IPT -t mangle -D PREROUTING -j IMQ --todev 0 2>&1) > /dev/null
+ return 0
+ else
+ return 1
+ fi
+ }
+
+ ### Test imq with ip
+ test_imq () {
+ (ip link set imq0 up 2>&1) > /dev/null
+ IMQ0_OK=$?
+ (ip link set imq1 up 2>&1) > /dev/null
+ IMQ1_OK=$?
+ if [ "$IMQ0_OK" -eq 0 -a "$IMQ1_OK" -eq 0 ]; then
+ (ip link set imq0 down 2>&1) > /dev/null
+ (ip link set imq1 down 2>&1) > /dev/null
+ return 0
+ else
+ return 1
+ fi
+ }
+
+ ### Test sch_htb with tc; requires imq0
+ test_sch_htb () {
+ (tc qdisc del dev imq0 root 2>&1) > /dev/null
+ (tc qdisc add dev imq0 root htb 2>&1) > /dev/null
+ TC_OK=$?
+ if [ "$TC_OK" -eq 0 ]; then
+ (tc qdisc del dev imq0 root 2>&1) > /dev/null
+ return 0
+ else
+ return 1
+ fi
+ }
+
+ ### Find a module on disk
+ module_exists () {
+ EXIST=$(find /lib/modules/`uname -r` -name $1.*o 2> /dev/null)
+ if [ -n "$EXIST" ]; then
+ return 0
+ else
+ return 1
+ fi
+ }
+
+ ### Test if a module is in memory
+ module_in_memory () {
+ MODULE=$(lsmod | grep $1 | awk '{print $1}')
+ if [ "$MODULE" = "$1" ]; then
+ return 0
+ else
+ return 1
+ fi
+ }
+}
projects / feed / routing.git / commitdiff