Add files
This commit is contained in:
commit
f6f53a3ba5
|
@ -0,0 +1,7 @@
|
|||
![](https://count.ayaya.beauty/get/@lol219321?theme=asoul)
|
||||
|
||||
---
|
||||
|
||||
Root files from the GPT-2741 GPON router. Extracted using the bundled sftp server (I don't remember correctly, but I used dd to copy the images to a file)
|
||||
|
||||
mtdblock3 and mtdblock5 were extracted using `binwalk -eB`. The other filesystems and partitions failed to extract automaticalle but they should be YAFFS2 filesystems.
|
Binary file not shown.
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
Binary file not shown.
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
Binary file not shown.
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
Binary file not shown.
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
Binary file not shown.
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1,566 @@
|
|||
#!/bin/sh
|
||||
|
||||
#############################################################################
|
||||
#
|
||||
# MCAFEE CONFIDENTIAL
|
||||
# Copyright ©2018 McAfee, LLC
|
||||
#
|
||||
# The source code contained or described herein and all documents related
|
||||
# to the source code ("Material") are owned by McAfee or its
|
||||
# suppliers or licensors. Title to the Material remains with McAfee
|
||||
# or its suppliers and licensors. The Material contains trade
|
||||
# secrets and proprietary and confidential information of McAfee or its
|
||||
# suppliers and licensors. The Material is protected by worldwide copyright
|
||||
# and trade secret laws and treaty provisions. No part of the Material may
|
||||
# be used, copied, reproduced, modified, published, uploaded, posted,
|
||||
# transmitted, distributed, or disclosed in any way without McAfee's prior
|
||||
# express written permission.
|
||||
#
|
||||
# No license under any patent, copyright, trade secret or other intellectual
|
||||
# property right is granted to or conferred upon you by disclosure or
|
||||
# delivery of the Materials, either expressly, by implication, inducement,
|
||||
# estoppel or otherwise. Any license under such intellectual property rights
|
||||
# must be express and approved by McAfee in writing.
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
#
|
||||
# Used for matching the version
|
||||
. /etc/shgw/shgw.version
|
||||
|
||||
#
|
||||
# Load all the variables
|
||||
. /etc/shgw/shgw.constants
|
||||
. /etc/shgw/shgw.common
|
||||
. /etc/shgw/shgw.env
|
||||
. /etc/shgw/shgw.errno
|
||||
. /etc/shgw/shgw_migrate
|
||||
|
||||
fn_trim_startup_log
|
||||
${SHGW_LOG_TRIMMER} &
|
||||
|
||||
#
|
||||
# Enable deep inspection debugging of this shell script
|
||||
|
||||
exec 3>&1 4>&2 1>> ${SHGW_STARTUP_LOG} 2>&1
|
||||
set -x
|
||||
|
||||
fn_retry_cmd_upto_five_times() {
|
||||
local _cmd=$1
|
||||
local _ecode=$2
|
||||
COUNT=1
|
||||
while [ $COUNT -lt $SQL_FAILURE_RETRY_COUNT ]; do
|
||||
eval $_cmd > /dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
COUNT=$((${COUNT} + 1))
|
||||
done
|
||||
|
||||
if [ $COUNT -eq $SQL_FAILURE_RETRY_COUNT ]; then
|
||||
fn_err_exit $_ecode
|
||||
fi
|
||||
}
|
||||
|
||||
create_debug_files(){
|
||||
if [ ! -f ${SHGW_STARTUP_STATUS} ]; then
|
||||
> ${SHGW_STARTUP_STATUS}
|
||||
fi
|
||||
|
||||
if [ ! -f ${SHGW_ERROR_FILE} ]; then
|
||||
> ${SHGW_ERROR_FILE}
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
get_lan_ifaces() {
|
||||
local _IFACE=""
|
||||
LAN_INTERFACE_JSON_LIST=""
|
||||
for _IFACE in ${LAN_INTERFACES}; do
|
||||
if [ ! -z ${LAN_INTERFACE_JSON_LIST} ]; then
|
||||
LAN_INTERFACE_JSON_LIST=${LAN_INTERFACE_JSON_LIST}','
|
||||
fi
|
||||
LAN_INTERFACE_JSON_LIST=${LAN_INTERFACE_JSON_LIST}'"'${_IFACE}'"'
|
||||
done
|
||||
if [ -z ${LAN_INTERFACE_JSON_LIST} ]; then
|
||||
fn_err_exit ${NO_LAN_IFACE}
|
||||
fi
|
||||
LAN_INTERFACE_JSON_LIST='['${LAN_INTERFACE_JSON_LIST}']'
|
||||
${ECHO} "[$(fn_time_now)] LAN_INTERFACES = ${LAN_INTERFACE_JSON_LIST} " >> ${SHGW_STARTUP_STATUS}
|
||||
}
|
||||
|
||||
create_persistant_sqlite_db(){
|
||||
${SHGW_ENCRYPT_SQL} "START" "PERSIST"
|
||||
}
|
||||
|
||||
update_persistant_sqlite_db() {
|
||||
if [ X"$mode" == X"softstart" ]; then
|
||||
reset=0
|
||||
${SHGW_ENCRYPT_SQL} "UPDATE_START" "${LAN_INTERFACE_JSON_LIST}" "${SHGW_VERSION}" "${IP_SKIP_JSON_LIST}" "${base_mac}" "${serial}" "${model}" "${country_code}" "${timezone}" "${WAN_INTERFACE_JSON_LIST}" "${DEFAULT_WAN_INTERFACE}" "${DEFAULT_DNS_SERVER_LIST}" "${LAN_IP_LIST}" "${LAN_IFACE_IP_LIST}" "${reset}"
|
||||
elif [ X"$mode" == X"db_start" ]; then
|
||||
reset=2
|
||||
${SHGW_ENCRYPT_SQL} "UPDATE_START" "${LAN_INTERFACE_JSON_LIST}" "${SHGW_VERSION}" "${IP_SKIP_JSON_LIST}" "${base_mac}" "${serial}" "${model}" "${country_code}" "${timezone}" "${WAN_INTERFACE_JSON_LIST}" "${DEFAULT_WAN_INTERFACE}" "${DEFAULT_DNS_SERVER_LIST}" "${LAN_IP_LIST}" "${LAN_IFACE_IP_LIST}" "${reset}"
|
||||
else
|
||||
${SHGW_ENCRYPT_SQL} "UPDATE_START" "${LAN_INTERFACE_JSON_LIST}" "${SHGW_VERSION}" "${IP_SKIP_JSON_LIST}" "${base_mac}" "${serial}" "${model}" "${country_code}" "${timezone}" "${WAN_INTERFACE_JSON_LIST}" "${DEFAULT_WAN_INTERFACE}" "${DEFAULT_DNS_SERVER_LIST}" "${LAN_IP_LIST}" "${LAN_IFACE_IP_LIST}"
|
||||
fi
|
||||
}
|
||||
|
||||
check_persistant_db(){
|
||||
|
||||
local _need_to_create_db=0
|
||||
if [ -f ${SHGW_PERSISTANT_DB} ]; then
|
||||
local _shgw_version_from_sql=$(${SHGW_ENCRYPT_SQL} "GET" "VERSION" "shgw_config_store")
|
||||
if [ "${_shgw_version_from_sql}" != "${SHGW_VERSION}" ]; then
|
||||
fn_migrate_persistant_db
|
||||
fi
|
||||
else
|
||||
# persistant db not found
|
||||
_need_to_create_db=1
|
||||
fi
|
||||
|
||||
if [ ${_need_to_create_db} -eq 1 ]; then
|
||||
create_persistant_sqlite_db
|
||||
fi
|
||||
}
|
||||
|
||||
fetch_skip_ips() {
|
||||
if [ ! -f ${IP_SKIP_LIST_FILE} ]; then
|
||||
${ECHO} "[$(fn_time_now)] No Skip IPs file" >> ${SHGW_STARTUP_STATUS}
|
||||
IP_SKIP_JSON_LIST='[""]'
|
||||
else
|
||||
IP_SKIP_JSON_LIST=""
|
||||
while read line
|
||||
do
|
||||
if [ ! -z ${IP_SKIP_JSON_LIST} ]; then
|
||||
IP_SKIP_JSON_LIST=${IP_SKIP_JSON_LIST}','
|
||||
fi
|
||||
IP_SKIP_JSON_LIST=${IP_SKIP_JSON_LIST}'"'${line}'"'
|
||||
done < ${IP_SKIP_LIST_FILE}
|
||||
|
||||
if [ -z ${IP_SKIP_JSON_LIST} ]; then
|
||||
${ECHO} "[$(fn_time_now)] No Skip IPs" >> ${SHGW_STARTUP_STATUS}
|
||||
fi
|
||||
|
||||
IP_SKIP_JSON_LIST='['${IP_SKIP_JSON_LIST}']'
|
||||
${ECHO} "[$(fn_time_now)] Skipping IPs = ${IP_SKIP_JSON_LIST} " >> ${SHGW_STARTUP_STATUS}
|
||||
fi
|
||||
}
|
||||
|
||||
__fetch_wan_and_dns_data() {
|
||||
local line=${1}
|
||||
local wan=""
|
||||
local dns=""
|
||||
local res=""
|
||||
|
||||
wan=$(${ECHO} ${line} | ${CUT} -d';' -f1)
|
||||
dns=$(${ECHO} ${line} | ${CUT} -d';' -f2 | ${SED} 's/,/ /g')
|
||||
dns_list=""
|
||||
|
||||
if [ ! -z "${dns}" ]; then
|
||||
for i in ${dns}; do
|
||||
if [ ! -z ${dns_list} ]; then
|
||||
dns_list=${dns_list}','
|
||||
fi
|
||||
dns_list=${dns_list}'"'${i}'"'
|
||||
done
|
||||
res='{"interface":"'${wan}'","dns":['${dns_list}']}'
|
||||
fi
|
||||
|
||||
${ECHO} $res
|
||||
}
|
||||
|
||||
fetch_wan_interfaces() {
|
||||
DEFAULT_WAN_INTERFACE=""
|
||||
WAN_INTERFACE_JSON_LIST=''
|
||||
if [ ! -f ${WAN_INFO} ]; then
|
||||
${ECHO} "[$(fn_time_now)] No WAN Info file" >> ${SHGW_STARTUP_STATUS}
|
||||
fn_err_exit ${NO_DEFAULT_WAN_IFACE}
|
||||
else
|
||||
while read line
|
||||
do
|
||||
if [ ! -z "$(${ECHO} ${line} | ${GREP} default)" ]; then
|
||||
DEFAULT_WAN_INTERFACE=$(${ECHO} ${line} | ${AWK} '{print $2}')
|
||||
else
|
||||
dns_list=""
|
||||
dns_list=$(__fetch_wan_and_dns_data ${line})
|
||||
#fetch default DNS server
|
||||
CUR_WAN_INTERFACE=$(${ECHO} ${dns_list} | ${CUT} -d':' -f2 | ${CUT} -d',' -f1 | ${SED} -e 's/"//g')
|
||||
if [ X"$CUR_WAN_INTERFACE" = X"$DEFAULT_WAN_INTERFACE" ]; then
|
||||
DEFAULT_DNS_SERVER_LIST=$(${ECHO} ${dns_list} | ${CUT} -d'[' -f2 | ${SED} -e 's/"//g' -e 's/]//g' -e 's/}//g')
|
||||
fi
|
||||
|
||||
if [ ! -z ${dns_list} ]; then
|
||||
if [ ! -z ${WAN_INTERFACE_JSON_LIST} ]; then
|
||||
WAN_INTERFACE_JSON_LIST=${WAN_INTERFACE_JSON_LIST}','
|
||||
fi
|
||||
WAN_INTERFACE_JSON_LIST=${WAN_INTERFACE_JSON_LIST}${dns_list}
|
||||
fi
|
||||
fi
|
||||
done < ${WAN_INFO}
|
||||
fi
|
||||
|
||||
if [ -z ${DEFAULT_WAN_INTERFACE} ]; then
|
||||
${ECHO} "[$(fn_time_now)] No Default WAN Interface" >> ${SHGW_STARTUP_STATUS}
|
||||
fn_err_exit ${NO_DEFAULT_WAN_IFACE}
|
||||
fi
|
||||
# exit if there is no default DNS server
|
||||
if [ -z ${DEFAULT_DNS_SERVER_LIST} ]; then
|
||||
${ECHO} "[$(fn_time_now)] No Default DNS Server" >> ${SHGW_STARTUP_STATUS}
|
||||
fn_err_exit ${NO_DEFAULT_DNS_SERVER_LIST}
|
||||
fi
|
||||
|
||||
if [ -z ${WAN_INTERFACE_JSON_LIST} ]; then
|
||||
${ECHO} "[$(fn_time_now)] No WAN Interfaces" >> ${SHGW_STARTUP_STATUS}
|
||||
fn_err_exit ${NO_DEFAULT_WAN_IFACE}
|
||||
fi
|
||||
|
||||
WAN_INTERFACE_JSON_LIST="["${WAN_INTERFACE_JSON_LIST}"]"
|
||||
${ECHO} "[$(fn_time_now)] Default WAN Interfaces: ${DEFAULT_WAN_INTERFACE}" >> ${SHGW_STARTUP_STATUS}
|
||||
${ECHO} "[$(fn_time_now)] Default DNS server list: ${DEFAULT_DNS_SERVER_LIST}" >> ${SHGW_STARTUP_STATUS}
|
||||
${ECHO} "[$(fn_time_now)] WAN Interfaces: ${WAN_INTERFACE_JSON_LIST}" >> ${SHGW_STARTUP_STATUS}
|
||||
}
|
||||
|
||||
__fetch_lan_and_ip_data() {
|
||||
local line=${1}
|
||||
local lan=""
|
||||
local ip=""
|
||||
local res=""
|
||||
|
||||
lan=$(${ECHO} ${line} | ${CUT} -d';' -f1)
|
||||
ip=$(${ECHO} ${line} | ${CUT} -d';' -f2 | ${SED} 's/,/ /g')
|
||||
ip_list=""
|
||||
|
||||
if [ ! -z "${ip}" ]; then
|
||||
for i in ${ip}; do
|
||||
if [ ! -z ${ip_list} ]; then
|
||||
ip_list=${ip_list}','
|
||||
fi
|
||||
ip_list=${ip_list}'"'${i}'"'
|
||||
done
|
||||
res='{"interface":"'${lan}'","lan_ip":['${ip_list}']}'
|
||||
fi
|
||||
${ECHO} $res
|
||||
}
|
||||
|
||||
fetch_lan_ip() {
|
||||
local line=${1}
|
||||
local ip=""
|
||||
|
||||
ip=$(${ECHO} ${line} | ${CUT} -d';' -f2 | ${SED} 's/,/ /g')
|
||||
if [ ! -z "${ip}" ]; then
|
||||
for i in ${ip}; do
|
||||
if [ ! -z "$LAN_IP_LIST" ]; then
|
||||
LAN_IP_LIST=${LAN_IP_LIST}','
|
||||
fi
|
||||
LAN_IP_LIST=${LAN_IP_LIST}'"'${i}'"'
|
||||
done
|
||||
else
|
||||
LAN_IP_LIST='"192.168.1.1"'
|
||||
fi
|
||||
${ECHO} ${LAN_IP_LIST}
|
||||
}
|
||||
|
||||
fetch_lan_interfaces() {
|
||||
LAN_INTERFACES=""
|
||||
LAN_IP_LIST=""
|
||||
LAN_IFACE_IP_LIST=""
|
||||
|
||||
local lan=""
|
||||
if [ ! -f ${LAN_INFO} ]; then
|
||||
${ECHO} "[$(fn_time_now)] No LAN Info file" >> ${SHGW_STARTUP_STATUS}
|
||||
LAN_INTERFACES="br0"
|
||||
LAN_IP_LIST='"192.168.1.1"'
|
||||
else
|
||||
while read line
|
||||
do
|
||||
if [ ! -z "$LAN_INTERFACES" ]; then
|
||||
LAN_INTERFACES=${LAN_INTERFACES}' '
|
||||
fi
|
||||
lan=$(${ECHO} ${line} | ${CUT} -d';' -f1)
|
||||
LAN_INTERFACES=${LAN_INTERFACES}${lan}
|
||||
if [ ! -z "$(${ECHO} ${line} | ${GREP} br0)" ]; then
|
||||
LAN_IP_LIST=$(fetch_lan_ip ${line})
|
||||
fi
|
||||
ip_list=""
|
||||
ip_list=$(__fetch_lan_and_ip_data ${line})
|
||||
if [ ! -z ${ip_list} ]; then
|
||||
if [ ! -z ${LAN_IFACE_IP_LIST} ]; then
|
||||
LAN_IFACE_IP_LIST=${LAN_IFACE_IP_LIST}','
|
||||
fi
|
||||
LAN_IFACE_IP_LIST=${LAN_IFACE_IP_LIST}${ip_list}
|
||||
fi
|
||||
done < ${LAN_INFO}
|
||||
fi
|
||||
LAN_IP_LIST='['${LAN_IP_LIST}']'
|
||||
LAN_IFACE_IP_LIST='['${LAN_IFACE_IP_LIST}']'
|
||||
|
||||
${ECHO} "[$(fn_time_now)] LAN Interfaces: ${LAN_INTERFACES}" >> ${SHGW_STARTUP_STATUS}
|
||||
${ECHO} "[$(fn_time_now)] LAN IP for br0: ${LAN_IP_LIST}" >> ${SHGW_STARTUP_STATUS}
|
||||
${ECHO} "[$(fn_time_now)] LAN IP for all interfcaes: ${LAN_IFACE_IP_LIST}" >> ${SHGW_STARTUP_STATUS}
|
||||
|
||||
}
|
||||
|
||||
fetch_and_update_gwinfo() {
|
||||
if [ ! -f ${HGUINFO} ]; then
|
||||
${ECHO} "[$(fn_time_now)] No HGU Info file" >> ${SHGW_STARTUP_STATUS}
|
||||
fn_err_exit ${FETCH_BASE_MAC_FAILED}
|
||||
else
|
||||
serial=$(${ECHO} $(${CUT} -d ';' -f1 ${HGUINFO}))
|
||||
model=$(${ECHO} $(${CUT} -d ';' -f2 ${HGUINFO}))
|
||||
timezone=$(${ECHO} $(${CUT} -d ';' -f3 ${HGUINFO}))
|
||||
country_code=$(${ECHO} $(${CUT} -d ';' -f4 ${HGUINFO}))
|
||||
base_mac=$(${ECHO} $(${CUT} -d ';' -f5 ${HGUINFO}))
|
||||
fi
|
||||
|
||||
if [ -z "${base_mac}" ]; then
|
||||
fn_err_exit ${FETCH_BASE_MAC_FAILED}
|
||||
fi
|
||||
|
||||
if [ -z ${serial} ]; then
|
||||
${ECHO} "[$(fn_time_now)] Serial number is empty!"
|
||||
serial="serial"
|
||||
fi
|
||||
|
||||
if [ -z ${model} ]; then
|
||||
${ECHO} "[$(fn_time_now)] Model number is empty!"
|
||||
model="model"
|
||||
fi
|
||||
|
||||
if [ -z ${country_code} ]; then
|
||||
${ECHO} "[$(fn_time_now)] Country code is empty!"
|
||||
country_code="ES" #Should we quit instead of this?
|
||||
fi
|
||||
|
||||
# Timezone in Econet is a huge string need to understand
|
||||
timezone=""
|
||||
if [ -z ${timezone} ]; then
|
||||
${ECHO} "[$(fn_time_now)] Timezone is empty!"
|
||||
timezone="GMT"
|
||||
fi
|
||||
|
||||
if [ -z ${tproxy_mark} ]; then
|
||||
${ECHO} "[$(fn_time_now)] tproxy_mark is empty!"
|
||||
tproxy_mark="0x4000"
|
||||
fi
|
||||
|
||||
if [ -z ${tproxy_mask} ]; then
|
||||
${ECHO} "[$(fn_time_now)] tproxy_mask is empty!"
|
||||
tproxy_mask="0x4000"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
create_non_persistant_sqlite_db(){
|
||||
fn_retry_query_upto_five_times "CREATE TABLE IF NOT EXISTS device_discovery_table(dev_id TEXT PRIMARY KEY, mac TEXT,ip_address TEXT,ip6_address TEXT,host_name TEXT,headless INTEGER,status INTEGER,last_seen INTEGER,trusted INTEGER);" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
|
||||
fn_retry_query_upto_five_times "CREATE TABLE IF NOT EXISTS stats(key TEXT PRIMARY KEY, value TEXT);" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
|
||||
fn_retry_query_upto_five_times "DELETE FROM stats;" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
|
||||
fn_retry_query_upto_five_times "INSERT INTO stats VALUES('dns_stats', '{}');" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
|
||||
fn_retry_query_upto_five_times "INSERT INTO stats VALUES('sys_stats', '{}');" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
|
||||
fn_retry_query_upto_five_times "CREATE TABLE IF NOT EXISTS shgw_access_restrictions(status INTEGER, protocol TEXT, port INTEGER, source TEXT, devices TEXT);" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
|
||||
}
|
||||
|
||||
delete_old_persistent_db() {
|
||||
if [ -f ${SHGW_OLD_PERSISTANT_DB} ]; then
|
||||
${RM} -f ${SHGW_OLD_PERSISTANT_DB}
|
||||
fi
|
||||
}
|
||||
|
||||
#------------------------------------start_server------------------------------
|
||||
|
||||
start_watchdogd() {
|
||||
#Remove the o/p redirection done by exec
|
||||
exec 1>&3 2>&4
|
||||
|
||||
${SHGW_WD_MONIT} &
|
||||
|
||||
#Add the o/p redirection
|
||||
exec 3>&1 4>&2 1>> ${SHGW_STARTUP_LOG} 2>&1
|
||||
|
||||
wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
|
||||
if [ ! -z $wd_pid ]; then
|
||||
# request start
|
||||
${KILL} -SIGUSR2 $wd_pid
|
||||
fi
|
||||
}
|
||||
|
||||
create_shgw_directories() {
|
||||
${MKDIR} -p ${SHGW_NVRAM}
|
||||
${MKDIR} -p ${SHGW_TMPFS_PATH}
|
||||
}
|
||||
|
||||
|
||||
check_tld_json_existence() {
|
||||
if [ ! -f ${TLD_JSON_FILE} ];then
|
||||
${CP} ${SHGW_PRIVATE}/shgw_tld_file.json ${SHGW_NVRAM}
|
||||
${CHMOD} 666 ${TLD_JSON_FILE}
|
||||
fi
|
||||
}
|
||||
|
||||
set_time() {
|
||||
rtm_util cfg igd time_ntp set 1 adm_state enable ip_intf 2 ntp_svr_1 211.22.103.157
|
||||
}
|
||||
|
||||
#------------------------------------>MAIN<----------------------------------------
|
||||
|
||||
start_shg(){
|
||||
delete_old_persistent_db
|
||||
create_shgw_directories
|
||||
|
||||
fetch_wan_interfaces
|
||||
fetch_lan_interfaces
|
||||
get_lan_ifaces
|
||||
|
||||
check_persistant_db
|
||||
fetch_and_update_gwinfo
|
||||
#calc_gwinfo
|
||||
fetch_skip_ips
|
||||
update_persistant_sqlite_db
|
||||
|
||||
#set_time
|
||||
|
||||
${SHGW_ACCESS_RESTRICTION} "inbound_sec_start"
|
||||
create_non_persistant_sqlite_db
|
||||
${ECHO} "[$(fn_time_now)] Database created successfully" >> ${SHGW_STARTUP_STATUS}
|
||||
check_tld_json_existence
|
||||
start_watchdogd
|
||||
|
||||
}
|
||||
|
||||
force_start_shg() {
|
||||
${SHGW_ENCRYPT_SQL} "UPDATE" "STOP_STATUS" "0"
|
||||
start_shg
|
||||
}
|
||||
|
||||
stop_shg(){
|
||||
${SHGW_ACCESS_RESTRICTION} "inbound_sec_stop"
|
||||
|
||||
# request stop
|
||||
wd_pid=$(ps | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
|
||||
if [ ! -z $wd_pid ]; then
|
||||
# request stop
|
||||
${KILL} -SIGUSR1 $wd_pid
|
||||
fi
|
||||
}
|
||||
|
||||
force_stop_shg(){
|
||||
${SHGW_ENCRYPT_SQL} "UPDATE" "STOP_STATUS" "1"
|
||||
stop_shg
|
||||
}
|
||||
|
||||
kill_shg() {
|
||||
${ECHO} "Killing SHGW"
|
||||
|
||||
stop_shg
|
||||
|
||||
wd_monit_pid=$(${PS} | ${GREP} -i "shgw_wd_monit" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
|
||||
if [ ! -z $wd_monit_pid ]; then
|
||||
${ECHO} "Stopping monit!"
|
||||
${KILL} -9 $wd_monit_pid
|
||||
fi
|
||||
|
||||
wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
|
||||
if [ ! -z $wd_pid ]; then
|
||||
${ECHO} "Stopping watchdog!"
|
||||
${KILL} -9 $wd_pid
|
||||
fi
|
||||
|
||||
|
||||
${RM} -rf ${SHGW_TMPFS_PATH}
|
||||
${RM} -rf ${SHGW_STARTUP_STATUS}
|
||||
${RM} -rf ${SHGW_STARTUP_LOG}
|
||||
${RM} -rf ${SHGW_ERROR_FILE}
|
||||
|
||||
}
|
||||
|
||||
reset_shg() {
|
||||
${ECHO} "Resetting SHGW!"
|
||||
|
||||
${SHGW_ROUTER_RESET} hard
|
||||
|
||||
wd_monit_pid=$(${PS} | ${GREP} -i "shgw_wd_monit" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
|
||||
if [ ! -z $wd_monit_pid ]; then
|
||||
${ECHO} "Stopping monit!"
|
||||
${KILL} -9 $wd_monit_pid
|
||||
fi
|
||||
|
||||
wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
|
||||
if [ ! -z $wd_pid ]; then
|
||||
${ECHO} "Stopping watchdog!"
|
||||
${KILL} -9 $wd_pid
|
||||
fi
|
||||
# backup
|
||||
${RM} -f ${SHGW_PERSISTANT_DB}
|
||||
|
||||
${ECHO} "Reset done!"
|
||||
}
|
||||
|
||||
shgw_mode() {
|
||||
if [ X"$mode" == X"start" ]; then
|
||||
${ECHO} "SHGW start called!"
|
||||
start_shg
|
||||
elif [ X"$mode" == X"stop" ]; then
|
||||
${ECHO} "SHGW stop called!"
|
||||
stop_shg
|
||||
elif [ X"$mode" == X"kill" ]; then
|
||||
${ECHO} "SHGW kill called!"
|
||||
kill_shg
|
||||
elif [ X"$mode" == X"restart" ]; then
|
||||
${ECHO} "SHGW restart called!"
|
||||
stop_shg
|
||||
sleep 3
|
||||
start_shg
|
||||
elif [ X"$mode" == X"force_start" ]; then
|
||||
${ECHO} "SHGW force_start called!"
|
||||
force_start_shg
|
||||
elif [ X"$mode" == X"force_stop" ]; then
|
||||
${ECHO} "SHGW force_stop called!"
|
||||
force_stop_shg
|
||||
elif [ X"$mode" == X"reset" ]; then
|
||||
${ECHO} "SHGW reset called!"
|
||||
reset_shg
|
||||
elif [ X"$mode" == X"softstart" ]; then
|
||||
${ECHO} "SHGW softstart called!"
|
||||
start_shg
|
||||
elif [ X"$mode" == X"db_start" ]; then
|
||||
${ECHO} "SHGW DB start called!"
|
||||
start_shg
|
||||
else
|
||||
${ECHO} "Usage: $0 [start|stop|kill|restart|force_start|force_stop|reset|softstart|db_start]"
|
||||
fn_err_exit ${INVALID_MODE}
|
||||
fi
|
||||
${RM} -rf $STARTUP_LOCK
|
||||
}
|
||||
|
||||
|
||||
exit_if_running() {
|
||||
# TODO : Add a fdlock implementaion
|
||||
local mypid=$$
|
||||
|
||||
if ! [ -f "$STARTUP_LOCK" ]; then
|
||||
${ECHO} $$ > $STARTUP_LOCK
|
||||
return
|
||||
fi
|
||||
|
||||
local pid_on_file=$(${CAT} "$STARTUP_LOCK")
|
||||
[ X"$pid_on_file" == X"$mypid" ] && return
|
||||
|
||||
old_cmd_line=$(${CAT} /proc/$pid_on_file/cmdline 2>/dev/null)
|
||||
[ "$?" != "0" ] && ${ECHO} $$ > $STARTUP_LOCK && return
|
||||
|
||||
${ECHO} "$old_cmd_line" | ${GREP} "shgw"
|
||||
[ "$?" == "0" ] && ${ECHO} "Already running" && exit 127
|
||||
|
||||
${ECHO} $$ > $STARTUP_LOCK
|
||||
}
|
||||
|
||||
#--------------------------------------------------------------------------------
|
||||
|
||||
${ECHO} "Called for: $1"
|
||||
exit_if_running
|
||||
|
||||
create_debug_files
|
||||
${ECHO} "[$(fn_time_now)] starting" >> ${SHGW_STARTUP_STATUS}
|
||||
mode=$1
|
||||
shgw_mode
|
||||
${ECHO} "[$(fn_time_now)] done" >> ${SHGW_STARTUP_STATUS}
|
|
@ -0,0 +1,252 @@
|
|||
#!/bin/sh
|
||||
|
||||
#############################################################################
|
||||
#
|
||||
# MCAFEE CONFIDENTIAL
|
||||
# Copyright ©2018 McAfee, LLC
|
||||
#
|
||||
# The source code contained or described herein and all documents related
|
||||
# to the source code ("Material") are owned by McAfee or its
|
||||
# suppliers or licensors. Title to the Material remains with McAfee
|
||||
# or its suppliers and licensors. The Material contains trade
|
||||
# secrets and proprietary and confidential information of McAfee or its
|
||||
# suppliers and licensors. The Material is protected by worldwide copyright
|
||||
# and trade secret laws and treaty provisions. No part of the Material may
|
||||
# be used, copied, reproduced, modified, published, uploaded, posted,
|
||||
# transmitted, distributed, or disclosed in any way without McAfee's prior
|
||||
# express written permission.
|
||||
#
|
||||
# No license under any patent, copyright, trade secret or other intellectual
|
||||
# property right is granted to or conferred upon you by disclosure or
|
||||
# delivery of the Materials, either expressly, by implication, inducement,
|
||||
# estoppel or otherwise. Any license under such intellectual property rights
|
||||
# must be express and approved by McAfee in writing.
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
|
||||
. /etc/shgw/shgw.constants
|
||||
. /etc/shgw/shgw.common
|
||||
. /etc/shgw/shgw.errno
|
||||
. /etc/shgw/shgw.env
|
||||
|
||||
|
||||
get_wan_iface(){
|
||||
WAN_IFACE=$(fn_get_wan_iface)
|
||||
}
|
||||
|
||||
flush_ipv4_tables() {
|
||||
${IPTABLES} -w -F SHP_MGT_CONSOLE_B -t filter
|
||||
${IPTABLES} -w -F SHP_MGT_CONSOLE_A -t filter
|
||||
|
||||
${IPTABLES} -w -F SHP_WAN_BLOCK -t filter
|
||||
${IPTABLES} -w -F SHP_WAN_ALLOW -t filter
|
||||
}
|
||||
|
||||
flush_ipv4_ipset() {
|
||||
${IPSET} -F SHP_MGT_CONSOLE_SET_A
|
||||
${IPSET} -F SHP_WAN_ALLOW_SET
|
||||
}
|
||||
|
||||
flush_ipv6_tables() {
|
||||
${IP6TABLES} -w -F SHP_MGT_CONSOLE_B -t filter
|
||||
${IP6TABLES} -w -F SHP_MGT_CONSOLE_A -t filter
|
||||
|
||||
${IP6TABLES} -w -F SHP_WAN_BLOCK -t filter
|
||||
${IP6TABLES} -w -F SHP_WAN_ALLOW -t filter
|
||||
|
||||
${IP6TABLES} -w -F SHGW_EXCLUSION_WAN_IPV6 -t filter
|
||||
${IP6TABLES} -w -F SHGW_EXCLUSION_IPV6 -t filter
|
||||
}
|
||||
|
||||
flush_ipv6_ipset() {
|
||||
${IPSET} -F SHP_MGT_CONSOLE_SET_A_IP6
|
||||
${IPSET} -F SHP_WAN_ALLOW_SET_IP6
|
||||
}
|
||||
|
||||
add_ipsets_to_iptables() {
|
||||
${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET dst,dst -t filter -i ${WAN_IFACE} -p tcp -j ACCEPT
|
||||
${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A src,dst -t filter -j ACCEPT
|
||||
${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
|
||||
${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
|
||||
${IPTABLES} -w -I SHP_WAN_BLOCK -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
|
||||
${IPTABLES} -w -I SHP_MGT_CONSOLE_B -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
|
||||
${IP6TABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET_IP6 dst,dst -i ${WAN_IFACE} -p tcp -t filter -j ACCEPT
|
||||
${IP6TABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A_IP6 src,dst -t filter -j ACCEPT
|
||||
}
|
||||
|
||||
check_and_run_script() {
|
||||
flush_ipv4_tables
|
||||
flush_ipv6_tables
|
||||
add_ipsets_to_iptables
|
||||
if [ -f ${SHGW_INBOUND_SEC_SCRIPT} ]; then
|
||||
${CHMOD} +x ${SHGW_INBOUND_SEC_SCRIPT}
|
||||
${SHGW_INBOUND_SEC_SCRIPT}
|
||||
${RM} -f ${SHGW_INBOUND_SEC_SCRIPT}
|
||||
fi
|
||||
}
|
||||
|
||||
#Creates 4 user defined chains and inserts rules
|
||||
create_ip4table_chains() {
|
||||
${IPTABLES} -w -N SHP_WAN_BLOCK -t filter
|
||||
${IPTABLES} -w -N SHP_WAN_ALLOW -t filter
|
||||
${IPSET} -N SHP_WAN_ALLOW_SET hash:ip,port
|
||||
|
||||
insert_filter_forward_ipset_ip4targets
|
||||
${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET dst,dst -t filter -i ${WAN_IFACE} -p tcp -j ACCEPT
|
||||
${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
|
||||
${IPTABLES} -w -I SHP_WAN_BLOCK -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
|
||||
|
||||
${IPTABLES} -w -N SHP_MGT_CONSOLE_B -t filter
|
||||
${IPTABLES} -w -N SHP_MGT_CONSOLE_A -t filter
|
||||
${IPSET} -N SHP_MGT_CONSOLE_SET_A hash:ip,port
|
||||
|
||||
insert_filter_input_ipset_ip4targets
|
||||
${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A src,dst -t filter -j ACCEPT
|
||||
${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
|
||||
${IPTABLES} -w -I SHP_MGT_CONSOLE_B -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
|
||||
}
|
||||
|
||||
remove_ip4table_chains() {
|
||||
flush_ipv4_tables
|
||||
flush_ipv4_ipset
|
||||
|
||||
|
||||
remove_filter_input_ipset_ip4targets
|
||||
${IPSET} -X SHP_MGT_CONSOLE_SET_A
|
||||
${IPTABLES} -w -X SHP_MGT_CONSOLE_B -t filter
|
||||
${IPTABLES} -w -X SHP_MGT_CONSOLE_A -t filter
|
||||
|
||||
remove_filter_forward_ipset_ip4targets
|
||||
|
||||
${IPSET} -X SHP_WAN_ALLOW_SET
|
||||
${IPTABLES} -w -X SHP_WAN_BLOCK -t filter
|
||||
${IPTABLES} -w -X SHP_WAN_ALLOW -t filter
|
||||
}
|
||||
|
||||
# Insert IP4 targets in INPUT chain for ipset interception
|
||||
insert_filter_input_ipset_ip4targets() {
|
||||
${IPTABLES} -w -I INPUT -t filter -j SHP_MGT_CONSOLE_B
|
||||
${IPTABLES} -w -I INPUT -t filter -j SHP_MGT_CONSOLE_A
|
||||
}
|
||||
|
||||
# Insert IP6 targets in INPUT chain for ipset interception
|
||||
insert_filter_input_ipset_ip6targets() {
|
||||
${IP6TABLES} -w -I INPUT -t filter -j SHGW_EXCLUSION_IPV6
|
||||
|
||||
${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_IPV6 -j SHP_MGT_CONSOLE_B
|
||||
${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_IPV6 -j SHP_MGT_CONSOLE_A
|
||||
}
|
||||
|
||||
# Insert IP4 targets in FORWARD chain for ipset interception
|
||||
insert_filter_forward_ipset_ip4targets() {
|
||||
${IPTABLES} -w -I FORWARD -t filter -j SHP_WAN_BLOCK
|
||||
${IPTABLES} -w -I FORWARD -t filter -j SHP_WAN_ALLOW
|
||||
}
|
||||
|
||||
# Insert IP6 targets in FORWARD chain for ipset interception
|
||||
insert_filter_forward_ipset_ip6targets() {
|
||||
${IP6TABLES} -w -I FORWARD -t filter -j SHGW_EXCLUSION_WAN_IPV6
|
||||
|
||||
${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_WAN_IPV6 -j SHP_WAN_BLOCK
|
||||
${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_WAN_IPV6 -j SHP_WAN_ALLOW
|
||||
}
|
||||
# Remove IP4 targets from INPUT chain for ipset interception
|
||||
remove_filter_input_ipset_ip4targets() {
|
||||
${IPTABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_B
|
||||
${IPTABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_A
|
||||
}
|
||||
|
||||
# Remove IP6 targets from INPUT chain for ipset interception
|
||||
remove_filter_input_ipset_ip6targets() {
|
||||
${IP6TABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_B
|
||||
${IP6TABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_A
|
||||
}
|
||||
|
||||
# Remove IP4 targets from FORWARD chain for ipset interception
|
||||
remove_filter_forward_ipset_ip4targets() {
|
||||
${IPTABLES} -w -D FORWARD -t filter -j SHP_WAN_BLOCK
|
||||
${IPTABLES} -w -D FORWARD -t filter -j SHP_WAN_ALLOW
|
||||
}
|
||||
|
||||
# Remove IP6 targets from FORWARD chain for ipset interception
|
||||
remove_filter_forward_ipset_ip6targets() {
|
||||
${IP6TABLES} -w -D FORWARD -t filter -j SHP_WAN_BLOCK
|
||||
${IP6TABLES} -w -D FORWARD -t filter -j SHP_WAN_ALLOW
|
||||
}
|
||||
|
||||
#Creates 4 user defined chains and inserts rules
|
||||
create_ip6table_chains() {
|
||||
${IP6TABLES} -w -N SHP_WAN_BLOCK -t filter
|
||||
${IP6TABLES} -w -N SHP_WAN_ALLOW -t filter
|
||||
${IP6TABLES} -w -N SHGW_EXCLUSION_WAN_IPV6 -t filter
|
||||
${IPSET} -N SHP_WAN_ALLOW_SET_IP6 hash:ip,port family inet6
|
||||
|
||||
insert_filter_forward_ipset_ip6targets
|
||||
${IP6TABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET_IP6 dst,dst -i ${WAN_IFACE} -p tcp -t filter -j ACCEPT
|
||||
|
||||
${IP6TABLES} -w -N SHP_MGT_CONSOLE_B -t filter
|
||||
${IP6TABLES} -w -N SHP_MGT_CONSOLE_A -t filter
|
||||
${IPSET} -N SHP_MGT_CONSOLE_SET_A_IP6 hash:ip,port family inet6
|
||||
|
||||
insert_filter_input_ipset_ip6targets
|
||||
${IP6TABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A_IP6 src,dst -t filter -j ACCEPT
|
||||
}
|
||||
|
||||
remove_ip6table_chains() {
|
||||
flush_ipv6_tables
|
||||
flush_ipv6_ipset
|
||||
|
||||
remove_filter_input_ipset_ip6targets
|
||||
|
||||
${IPSET} -X SHP_MGT_CONSOLE_SET_A_IP6
|
||||
${IP6TABLES} -w -X SHP_MGT_CONSOLE_B -t filter
|
||||
${IP6TABLES} -w -X SHP_MGT_CONSOLE_A -t filter
|
||||
|
||||
remove_filter_forward_ipset_ip6targets
|
||||
|
||||
${IPSET} -X SHP_WAN_ALLOW_SET_IP6
|
||||
${IP6TABLES} -w -X SHP_WAN_BLOCK -t filter
|
||||
${IP6TABLES} -w -X SHP_WAN_ALLOW -t filter
|
||||
${IP6TABLES} -w -X SHGW_EXCLUSION_WAN_IPV6 -t filter
|
||||
}
|
||||
|
||||
#Main
|
||||
|
||||
get_wan_iface
|
||||
|
||||
case $1 in
|
||||
inbound_sec_start)
|
||||
remove_ip4table_chains
|
||||
remove_ip6table_chains
|
||||
create_ip4table_chains
|
||||
create_ip6table_chains
|
||||
;;
|
||||
inbound_sec_stop)
|
||||
remove_ip4table_chains
|
||||
remove_ip6table_chains
|
||||
;;
|
||||
add_rules)
|
||||
check_and_run_script
|
||||
;;
|
||||
flush_ipset)
|
||||
flush_ipv4_ipset
|
||||
flush_ipv6_ipset
|
||||
;;
|
||||
halt_ipset)
|
||||
remove_filter_input_ipset_ip4targets
|
||||
remove_filter_input_ipset_ip6targets
|
||||
remove_filter_forward_ipset_ip4targets
|
||||
remove_filter_forward_ipset_ip6targets
|
||||
;;
|
||||
resume_ipset)
|
||||
remove_filter_input_ipset_ip4targets
|
||||
remove_filter_input_ipset_ip6targets
|
||||
remove_filter_forward_ipset_ip4targets
|
||||
remove_filter_forward_ipset_ip6targets
|
||||
insert_filter_input_ipset_ip4targets
|
||||
insert_filter_input_ipset_ip6targets
|
||||
insert_filter_forward_ipset_ip4targets
|
||||
insert_filter_forward_ipset_ip6targets
|
||||
;;
|
||||
esac
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,63 @@
|
|||
#!/bin/sh
|
||||
. /etc/shgw/shgw.constants
|
||||
|
||||
_temp_file="${TMPFS_PATH}/temp_hard_blk"
|
||||
case $1 in
|
||||
|
||||
get)
|
||||
|
||||
$ECHO "object:Device.WiFi.AccessPoint.1.X_LANTIQ_COM_Vendor: :GET" > ${_temp_file}
|
||||
$ECHO "param:MACAddressControlList: :" >> ${_temp_file}
|
||||
|
||||
$ECHO "object:Device.WiFi.AccessPoint.2.X_LANTIQ_COM_Vendor: :GET" >> ${_temp_file}
|
||||
$ECHO "param:MACAddressControlList: :" >> ${_temp_file}
|
||||
|
||||
${CALTEST} -g ${_temp_file} 2>&1 | ${GREP} ${PARAMVALUE} | ${AWK} 'FNR == 3 {print $3}' | ${TR} -d '""' > /var/.shgw/temp_caltest
|
||||
${CALTEST} -g ${_temp_file} 2>&1 | ${GREP} ${PARAMVALUE} | ${AWK} 'FNR == 4 {print $3}' | ${TR} -d '""' >> /var/.shgw/temp_caltest
|
||||
;;
|
||||
|
||||
set)
|
||||
|
||||
case $2 in
|
||||
|
||||
block)
|
||||
|
||||
$ECHO "object:Device.WiFi.AccessPoint.1.X_LANTIQ_COM_Vendor: :MODIFY" > ${_temp_file}
|
||||
$ECHO "param:MACAddressControlList: :$3" >> ${_temp_file}
|
||||
$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
|
||||
|
||||
$ECHO "object:Device.WiFi.AccessPoint.2.X_LANTIQ_COM_Vendor: :MODIFY" >> ${_temp_file}
|
||||
$ECHO "param:MACAddressControlList: :$4" >> ${_temp_file}
|
||||
$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
|
||||
${CALTEST} -s ${_temp_file}
|
||||
|
||||
;;
|
||||
|
||||
unblock)
|
||||
|
||||
$ECHO "object:Device.WiFi.AccessPoint.1.X_LANTIQ_COM_Vendor: :MODIFY" > ${_temp_file}
|
||||
if [ ${#3} -le 1 ]
|
||||
then
|
||||
$ECHO "param:MACAddressControlList: :\"" >> ${_temp_file}
|
||||
$ECHO "param:MACAddressControlMode: :Disabled" >> ${_temp_file}
|
||||
else
|
||||
$ECHO "param:MACAddressControlList: :${3}" >> ${_temp_file}
|
||||
$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
|
||||
fi
|
||||
|
||||
$ECHO "object:Device.WiFi.AccessPoint.2.X_LANTIQ_COM_Vendor: :MODIFY" >> ${_temp_file}
|
||||
if [ ${#4} -le 1 ]
|
||||
then
|
||||
$ECHO "param:MACAddressControlList: :\"" >> ${_temp_file}
|
||||
$ECHO "param:MACAddressControlMode: :Disabled" >> ${_temp_file}
|
||||
else
|
||||
$ECHO "param:MACAddressControlList: :${4}" >> ${_temp_file}
|
||||
$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
|
||||
fi
|
||||
${CALTEST} -s ${_temp_file}
|
||||
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
|
Binary file not shown.
|
@ -0,0 +1,43 @@
|
|||
#############################################################################
|
||||
#
|
||||
# MCAFEE CONFIDENTIAL
|
||||
# Copyright ©2018 McAfee, LLC
|
||||
#
|
||||
# The source code contained or described herein and all documents related
|
||||
# to the source code ("Material") are owned by McAfee or its
|
||||
# suppliers or licensors. Title to the Material remains with McAfee
|
||||
# or its suppliers and licensors. The Material contains trade
|
||||
# secrets and proprietary and confidential information of McAfee or its
|
||||
# suppliers and licensors. The Material is protected by worldwide copyright
|
||||
# and trade secret laws and treaty provisions. No part of the Material may
|
||||
# be used, copied, reproduced, modified, published, uploaded, posted,
|
||||
# transmitted, distributed, or disclosed in any way without McAfee's prior
|
||||
# express written permission.
|
||||
#
|
||||
# No license under any patent, copyright, trade secret or other intellectual
|
||||
# property right is granted to or conferred upon you by disclosure or
|
||||
# delivery of the Materials, either expressly, by implication, inducement,
|
||||
# estoppel or otherwise. Any license under such intellectual property rights
|
||||
# must be express and approved by McAfee in writing.
|
||||
#
|
||||
##############################################################################
|
||||
#
|
||||
#
|
||||
# Date : 09/Apr/2019
|
||||
##############################################################################
|
||||
|
||||
. /etc/shgw/shgw.common
|
||||
. /etc/shgw/shgw.constants
|
||||
|
||||
|
||||
#TODO: Make this file as one stop for trimming all kind of log files except shgw.log
|
||||
|
||||
# Trim shgw error log file
|
||||
fn_trim_error_log() {
|
||||
${TAIL} -n ${NO_ERROR_LOG_LINES} ${SHGW_ERROR_FILE} > ${SHGW_ERROR_FILE_TMP}
|
||||
${CAT} ${SHGW_ERROR_FILE_TMP} > ${SHGW_ERROR_FILE}
|
||||
${RM} -f ${SHGW_ERROR_FILE_TMP}
|
||||
}
|
||||
|
||||
|
||||
fn_trim_error_log
|
|
@ -0,0 +1,105 @@
|
|||
#!/bin/sh
|
||||
|
||||
#############################################################################
|
||||
#
|
||||
# MCAFEE CONFIDENTIAL
|
||||
# Copyright ©2018 McAfee, LLC
|
||||
#
|
||||
# The source code contained or described herein and all documents related
|
||||
# to the source code ("Material") are owned by McAfee or its
|
||||
# suppliers or licensors. Title to the Material remains with McAfee
|
||||
# or its suppliers and licensors. The Material contains trade
|
||||
# secrets and proprietary and confidential information of McAfee or its
|
||||
# suppliers and licensors. The Material is protected by worldwide copyright
|
||||
# and trade secret laws and treaty provisions. No part of the Material may
|
||||
# be used, copied, reproduced, modified, published, uploaded, posted,
|
||||
# transmitted, distributed, or disclosed in any way without McAfee's prior
|
||||
# express written permission.
|
||||
#
|
||||
# No license under any patent, copyright, trade secret or other intellectual
|
||||
# property right is granted to or conferred upon you by disclosure or
|
||||
# delivery of the Materials, either expressly, by implication, inducement,
|
||||
# estoppel or otherwise. Any license under such intellectual property rights
|
||||
# must be express and approved by McAfee in writing.
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
. /etc/shgw/shgw.constants
|
||||
|
||||
#This script is called after SHGW stop is performed from code
|
||||
#Do not change this implementation
|
||||
|
||||
delete_database() {
|
||||
${RM} -f ${SHGW_PERSISTANT_DB}
|
||||
${RM} -f ${TLD_JSON_FILE}
|
||||
${RM} -f ${BOTNET_FEED_FILE}
|
||||
${RM} -f ${SHGW_NON_PERSISTANT_DB}
|
||||
${RM} -f ${SHGW_LOG_FILE}
|
||||
${RM} -rf ${SHGW_TMPFS_PATH}
|
||||
${RM} -f ${TEMP_HARD_BLK}
|
||||
}
|
||||
|
||||
delete_shgw_debug_data_files() {
|
||||
${RM} -f ${SHGW_TMPFS_PATH}/shgw_debug_data*
|
||||
}
|
||||
|
||||
hard_reset() {
|
||||
delete_database
|
||||
}
|
||||
|
||||
kill_wd_monit_del_db() {
|
||||
|
||||
wd_monit_pid=$(${PS} | ${GREP} -i "shgw_wd_monit" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
|
||||
if [ ! -z $wd_monit_pid ]; then
|
||||
${ECHO} "Stopping monit!"
|
||||
${KILL} -9 $wd_monit_pid
|
||||
fi
|
||||
|
||||
wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
|
||||
if [ ! -z $wd_pid ]; then
|
||||
${ECHO} "Stopping watchdog!"
|
||||
${KILL} -9 $wd_pid
|
||||
fi
|
||||
|
||||
delete_database
|
||||
|
||||
}
|
||||
|
||||
soft_reset() {
|
||||
kill_wd_monit_del_db
|
||||
${SHGW_STARTUP_SCRIPT} softstart &
|
||||
}
|
||||
|
||||
db_reset() {
|
||||
kill_wd_monit_del_db
|
||||
delete_shgw_debug_data_files
|
||||
#Try to restart N number of times. After that don't restart SHP till reboot
|
||||
if [ -f ${SHGW_DB_FAIL_COUNT} ]; then
|
||||
COUNT=`${CAT} ${SHGW_DB_FAIL_COUNT}`
|
||||
COUNT=$((COUNT+1))
|
||||
else
|
||||
COUNT=0
|
||||
fi
|
||||
|
||||
${ECHO} $COUNT > ${SHGW_DB_FAIL_COUNT}
|
||||
if [ $COUNT -lt $SQL_DB_MAX_FAIL_COUNT ]; then
|
||||
${SHGW_STARTUP_SCRIPT} db_start &
|
||||
else
|
||||
${RM} -f ${SHGW_DB_FAIL_COUNT}
|
||||
${ECHO} "Max Reset tried. Exit now" && exit 127
|
||||
fi
|
||||
}
|
||||
|
||||
#Main
|
||||
reset_type=$1
|
||||
|
||||
if [ X"$reset_type" == X"hard" ]; then
|
||||
${ECHO} "Hard reset called!" >> ${SHGW_STARTUP_STATUS}
|
||||
hard_reset
|
||||
elif [ X"$reset_type" == X"soft" ]; then
|
||||
${ECHO} "Soft reset called!" >> ${SHGW_STARTUP_STATUS}
|
||||
soft_reset
|
||||
elif [ X"$reset_type" == X"db_fail" ]; then
|
||||
${ECHO} "DB reset called!" >> ${SHGW_STARTUP_STATUS}
|
||||
db_reset
|
||||
fi
|
|
@ -0,0 +1,75 @@
|
|||
#!/bin/sh
|
||||
|
||||
#############################################################################
|
||||
#
|
||||
# MCAFEE CONFIDENTIAL
|
||||
# Copyright ©2018 McAfee, LLC
|
||||
#
|
||||
# The source code contained or described herein and all documents related
|
||||
# to the source code ("Material") are owned by McAfee or its
|
||||
# suppliers or licensors. Title to the Material remains with McAfee
|
||||
# or its suppliers and licensors. The Material contains trade
|
||||
# secrets and proprietary and confidential information of McAfee or its
|
||||
# suppliers and licensors. The Material is protected by worldwide copyright
|
||||
# and trade secret laws and treaty provisions. No part of the Material may
|
||||
# be used, copied, reproduced, modified, published, uploaded, posted,
|
||||
# transmitted, distributed, or disclosed in any way without McAfee's prior
|
||||
# express written permission.
|
||||
#
|
||||
# No license under any patent, copyright, trade secret or other intellectual
|
||||
# property right is granted to or conferred upon you by disclosure or
|
||||
# delivery of the Materials, either expressly, by implication, inducement,
|
||||
# estoppel or otherwise. Any license under such intellectual property rights
|
||||
# must be express and approved by McAfee in writing.
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
|
||||
. /etc/shgw/shgw.constants
|
||||
. /etc/shgw/shgw.env
|
||||
|
||||
SCAN_FILE="${SHGW_TMPFS_PATH}/ndp_scan_file"
|
||||
NDP_LOCK_FILE="${SHGW_TMPFS_PATH}/ndp_lock_file"
|
||||
|
||||
ping_on_multicast() {
|
||||
local _LAN_IFACES=$(fn_get_lan_ifaces)
|
||||
local _IFACE=""
|
||||
for _IFACE in ${_LAN_IFACES}; do
|
||||
${PING6} -I ${_IFACE} -c 2 ${LOCAL_MULTICAST_ADDRESS} > /dev/null 2>&1
|
||||
done
|
||||
}
|
||||
|
||||
parse_ndp_cache() {
|
||||
local _LAN_IFACES=$(fn_get_lan_ifaces)
|
||||
local _IFACE=""
|
||||
for _IFACE in ${_LAN_IFACES}; do
|
||||
${IP} -6 neigh \
|
||||
| ${GREP} ${_IFACE} \
|
||||
| ${GREP} -vi fail \
|
||||
| ${AWK} '{print $5,$1}' >> ${SCAN_FILE} 2> /dev/null
|
||||
done
|
||||
}
|
||||
|
||||
empty_scan_file() {
|
||||
> ${SCAN_FILE}
|
||||
}
|
||||
|
||||
exit_if_running() {
|
||||
if [ -f "$NDP_LOCK_FILE" ]; then
|
||||
${ECHO} "Already running" && exit 127
|
||||
fi
|
||||
${ECHO} $$ > ${NDP_LOCK_FILE}
|
||||
}
|
||||
|
||||
remove_ndp_lock_file() {
|
||||
${RM} ${NDP_LOCK_FILE}
|
||||
}
|
||||
|
||||
#
|
||||
# Main
|
||||
exit_if_running
|
||||
empty_scan_file
|
||||
ping_on_multicast
|
||||
parse_ndp_cache
|
||||
remove_ndp_lock_file
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
#!/bin/sh
|
||||
|
||||
#############################################################################
|
||||
#
|
||||
# MCAFEE CONFIDENTIAL
|
||||
# Copyright ©2018 McAfee, LLC
|
||||
#
|
||||
# The source code contained or described herein and all documents related
|
||||
# to the source code ("Material") are owned by McAfee or its
|
||||
# suppliers or licensors. Title to the Material remains with McAfee
|
||||
# or its suppliers and licensors. The Material contains trade
|
||||
# secrets and proprietary and confidential information of McAfee or its
|
||||
# suppliers and licensors. The Material is protected by worldwide copyright
|
||||
# and trade secret laws and treaty provisions. No part of the Material may
|
||||
# be used, copied, reproduced, modified, published, uploaded, posted,
|
||||
# transmitted, distributed, or disclosed in any way without McAfee's prior
|
||||
# express written permission.
|
||||
#
|
||||
# No license under any patent, copyright, trade secret or other intellectual
|
||||
# property right is granted to or conferred upon you by disclosure or
|
||||
# delivery of the Materials, either expressly, by implication, inducement,
|
||||
# estoppel or otherwise. Any license under such intellectual property rights
|
||||
# must be express and approved by McAfee in writing.
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
|
||||
#############################################################################
|
||||
# Print the SHGW version details
|
||||
# The version details are generated by build system
|
||||
#
|
||||
# Date: 23/03/2016
|
||||
#############################################################################
|
||||
|
||||
. /etc/shgw/shgw.version
|
||||
|
||||
echo
|
||||
echo "System Version : ${SHGW_SYSTEM_VERSION}"
|
||||
echo "Version : ${SHGW_VERSION}"
|
||||
echo "Version Date : ${SHGW_VERSION_DATE}"
|
||||
echo "Build Date : ${SHGW_BUILD_DATE}"
|
||||
if [ ! -z ${SHGW_BUILD_NUMBER} ]; then
|
||||
echo "Build Number : ${SHGW_BUILD_NUMBER}"
|
||||
fi
|
||||
if [ ! -z ${SHGW_BUILD_BRANCH} ]; then
|
||||
echo "GIT Branch : ${SHGW_BUILD_BRANCH}"
|
||||
fi
|
||||
echo
|
||||
|
Binary file not shown.
|
@ -0,0 +1,272 @@
|
|||
#!/bin/sh
|
||||
|
||||
#############################################################################
|
||||
#
|
||||
# MCAFEE CONFIDENTIAL
|
||||
# Copyright ©2018 McAfee, LLC
|
||||
#
|
||||
# The source code contained or described herein and all documents related
|
||||
# to the source code ("Material") are owned by McAfee or its
|
||||
# suppliers or licensors. Title to the Material remains with McAfee
|
||||
# or its suppliers and licensors. The Material contains trade
|
||||
# secrets and proprietary and confidential information of McAfee or its
|
||||
# suppliers and licensors. The Material is protected by worldwide copyright
|
||||
# and trade secret laws and treaty provisions. No part of the Material may
|
||||
# be used, copied, reproduced, modified, published, uploaded, posted,
|
||||
# transmitted, distributed, or disclosed in any way without McAfee's prior
|
||||
# express written permission.
|
||||
#
|
||||
# No license under any patent, copyright, trade secret or other intellectual
|
||||
# property right is granted to or conferred upon you by disclosure or
|
||||
# delivery of the Materials, either expressly, by implication, inducement,
|
||||
# estoppel or otherwise. Any license under such intellectual property rights
|
||||
# must be express and approved by McAfee in writing.
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
|
||||
trap fn_on_sigterm SIGTERM
|
||||
|
||||
. /etc/shgw/shgw.constants
|
||||
. /etc/shgw/shgw.common
|
||||
. /etc/shgw/shgw.env
|
||||
|
||||
LAN_INTERFACES=$(fn_get_lan_ifaces)
|
||||
if [ -z ${LAN_INTERFACES} ]; then
|
||||
${ECHO} "No Lan interfaces! Exiting from dpwrap" >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
exit 0
|
||||
fi
|
||||
SHGW_DNSPROXY_PID=0
|
||||
|
||||
fn_kill_dpwrap_if_running() {
|
||||
if [ -f ${SHGW_DPWRAP_LOCK} ]; then
|
||||
${ECHO} "[$(fn_time_now)] Pid of the previous dpwarp that is running - $(${CAT} ${SHGW_DPWRAP_LOCK}). Going to kill it!" >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
kill -SIGKILL $(${CAT} ${SHGW_DPWRAP_LOCK})
|
||||
fi
|
||||
${ECHO} $$ > ${SHGW_DPWRAP_LOCK}
|
||||
${ECHO} "[$(fn_time_now)] Pid of the current dpwrap - $(${CAT} ${SHGW_DPWRAP_LOCK})]" >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
}
|
||||
|
||||
fn_shgw_ipv4_tproxy_setup() {
|
||||
local _IFACE=""
|
||||
${IPTABLES} -w -t mangle -N SHGW_DNS > /dev/null 2>&1
|
||||
for _IFACE in ${LAN_INTERFACES}; do
|
||||
${IPTABLES} -w -t mangle -A SHGW_DNS \
|
||||
-i ${_IFACE} \
|
||||
-p udp --dport 53 \
|
||||
-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK} --on-port ${SHGW_REQ_PORT} > /dev/null 2>&1
|
||||
done
|
||||
|
||||
${IPTABLES} -w -t mangle -I PREROUTING -j SHGW_DNS > /dev/null 2>&1
|
||||
|
||||
${IP} rule add fwmark ${SHGW_TPROXY_MARK} lookup ${SHGW_TABLE} ${SHGW_IPV4_RULE_PREF} > /dev/null 2>&1
|
||||
${IP} route add local 0.0.0.0/0 dev lo table ${SHGW_TABLE} > /dev/null 2>&1
|
||||
}
|
||||
|
||||
fn_shgw_ipv4_tproxy_cleanup() {
|
||||
local _IFACE=""
|
||||
for _IFACE in ${LAN_INTERFACES}; do
|
||||
fn_run_until_failure "${IPTABLES} -w -t mangle -D SHGW_DNS \
|
||||
-i ${_IFACE} \
|
||||
-p udp --dport 53 \
|
||||
-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK} --on-port ${SHGW_REQ_PORT}"
|
||||
done
|
||||
fn_run_until_failure "${IPTABLES} -w -t mangle -D PREROUTING -j SHGW_DNS"
|
||||
${IPTABLES} -w -t mangle -F SHGW_DNS > /dev/null 2>&1
|
||||
${IPTABLES} -w -t mangle -X SHGW_DNS > /dev/null 2>&1
|
||||
|
||||
${IP} route del local 0.0.0.0/0 dev lo table ${SHGW_TABLE} > /dev/null 2>&1
|
||||
fn_run_until_failure "${IP} rule del fwmark ${SHGW_TPROXY_MARK} lookup ${SHGW_TABLE} ${SHGW_IPV4_RULE_PREF}"
|
||||
}
|
||||
|
||||
fn_shgw_ipv6_tproxy_setup() {
|
||||
local _IFACE=""
|
||||
${IP6TABLES} -w -t mangle -N SHGW_DNS > /dev/null 2>&1
|
||||
for _IFACE in ${LAN_INTERFACES}; do
|
||||
${IP6TABLES} -w -t mangle -A SHGW_DNS \
|
||||
-i ${_IFACE} \
|
||||
-p udp --dport 53 \
|
||||
-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK6} --on-port ${SHGW_REQ_PORT} > /dev/null 2>&1
|
||||
done
|
||||
|
||||
${IP6TABLES} -w -t mangle -I PREROUTING -j SHGW_DNS > /dev/null 2>&1
|
||||
|
||||
${IP} -6 rule add fwmark ${SHGW_TPROXY_MARK6} lookup ${SHGW_TABLE6} ${SHGW_IPV6_RULE_PREF} > /dev/null 2>&1
|
||||
${IP} -6 route add local ::/0 dev lo table ${SHGW_TABLE6} > /dev/null 2>&1
|
||||
}
|
||||
|
||||
fn_shgw_ipv6_tproxy_cleanup() {
|
||||
local _IFACE=""
|
||||
for _IFACE in ${LAN_INTERFACES}; do
|
||||
fn_run_until_failure "${IP6TABLES} -w -t mangle -D SHGW_DNS \
|
||||
-i ${_IFACE} \
|
||||
-p udp --dport 53 \
|
||||
-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK6} --on-port ${SHGW_REQ_PORT}"
|
||||
done
|
||||
fn_run_until_failure "${IP6TABLES} -w -t mangle -D PREROUTING -j SHGW_DNS"
|
||||
${IP6TABLES} -w -t mangle -F SHGW_DNS > /dev/null 2>&1
|
||||
${IP6TABLES} -w -t mangle -X SHGW_DNS > /dev/null 2>&1
|
||||
|
||||
${IP} -6 route del local ::/0 dev lo table ${SHGW_TABLE6} > /dev/null 2>&1
|
||||
fn_run_until_failure "${IP} -6 rule del fwmark ${SHGW_TPROXY_MARK6} lookup ${SHGW_TABLE6} ${SHGW_IPV6_RULE_PREF}"
|
||||
}
|
||||
|
||||
fn_on_sigterm() {
|
||||
fn_shgw_ipset_cleanup
|
||||
fn_shgw_ipv6_tproxy_cleanup
|
||||
fn_shgw_ipv4_tproxy_cleanup
|
||||
fn_kill_if_running
|
||||
${ECHO} "[$(fn_time_now)] Trap handler.Dnsproxy exited!" >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
exit 0
|
||||
}
|
||||
|
||||
fn_kill_if_running() {
|
||||
dp_pids=$(${PS} | ${GREP} shgw_dnsproxy | ${GREP} -v grep | ${AWK} '{ print $1 }')
|
||||
if [ ! -z "$dp_pids" ]; then
|
||||
for dp_pid in $dp_pids; do
|
||||
${KILL} -s KILL $dp_pid
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
fn_launch_and_wait() {
|
||||
${ECHO} "[$(fn_time_now)]" >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
${IPTABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
${IP6TABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
fn_kill_if_running
|
||||
${IPTABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
${IP6TABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
$SHGW_DNSPROXY &
|
||||
SHGW_DNSPROXY_PID=$!
|
||||
wait $SHGW_DNSPROXY_PID
|
||||
${ECHO} "[$(fn_time_now)] Dnsproxy exited!" >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
}
|
||||
|
||||
fn_shgw_ipset_cleanup() {
|
||||
|
||||
## RULES UNDER NAT TABLE
|
||||
${IPTABLES} -w -t nat -F SHGW_HOST_REPUTATION > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -F SHGW_PC_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -F SHGW_PC_PENDING > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -F SHGW_PC_ASK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -F SHGW_PC_TIME_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -F SHGW_EULA_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -F SHGW_DEVICE_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -F SHGW_NETWORK_PAUSE > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -F SHGW_WHITELIST > /dev/null 2>&1
|
||||
|
||||
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_PENDING > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_ASK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
|
||||
|
||||
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_EULA_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_WHITELIST > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -D ${SHGW_PREROUTING_CHAIN} -j SHGW_IPSET > /dev/null 2>&1
|
||||
|
||||
${IPTABLES} -w -t nat -X SHGW_HOST_REPUTATION > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -X SHGW_PC_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -X SHGW_PC_PENDING > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -X SHGW_PC_ASK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -X SHGW_PC_TIME_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -X SHGW_EULA_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -X SHGW_DEVICE_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -X SHGW_NETWORK_PAUSE > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -X SHGW_WHITELIST > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -X SHGW_IPSET > /dev/null 2>&1
|
||||
|
||||
## RULES UNDER FILTER TABLE
|
||||
${IPTABLES} -w -t filter -F SHGW_HOST_REPUTATION > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -F SHGW_PC_TIME_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -F SHGW_DEVICE_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -F SHGW_NETWORK_PAUSE > /dev/null 2>&1
|
||||
|
||||
${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -D ${SHGW_FORWARD_CHAIN} -j SHGW_IPSET > /dev/null 2>&1
|
||||
|
||||
${IPTABLES} -w -t filter -X SHGW_HOST_REPUTATION > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -X SHGW_PC_TIME_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -X SHGW_DEVICE_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -X SHGW_NETWORK_PAUSE > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -X SHGW_IPSET > /dev/null 2>&1
|
||||
|
||||
|
||||
${IPSET} destroy SHGW_HOST_REPUTATION > /dev/null 2>&1 ##Set name and Iptable chain name are same
|
||||
${IPSET} destroy SHGW_HOST_REPUTATION_DST > /dev/null 2>&1
|
||||
${IPSET} destroy SHGW_PC_BLOCK > /dev/null 2>&1
|
||||
${IPSET} destroy SHGW_PC_PENDING > /dev/null 2>&1
|
||||
${IPSET} destroy SHGW_PC_ASK > /dev/null 2>&1
|
||||
${IPSET} destroy SHGW_PC_TIME_BLOCK > /dev/null 2>&1
|
||||
${IPSET} destroy SHGW_EULA_BLOCK > /dev/null 2>&1
|
||||
${IPSET} destroy SHGW_DEVICE_BLOCK > /dev/null 2>&1
|
||||
${IPSET} destroy SHGW_NETWORK_PAUSE > /dev/null 2>&1
|
||||
${IPSET} destroy SHGW_WHITELIST > /dev/null 2>&1
|
||||
}
|
||||
|
||||
##Creating custom iptable chains for matching the shgw ipsets
|
||||
fn_shgw_ipset_setup() {
|
||||
|
||||
## RULES UNDER NAT TABLE
|
||||
${IPTABLES} -w -t nat -N SHGW_IPSET > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -N SHGW_WHITELIST > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -N SHGW_NETWORK_PAUSE > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -N SHGW_DEVICE_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -N SHGW_EULA_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -N SHGW_PC_TIME_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -N SHGW_PC_ASK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -N SHGW_PC_PENDING > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -N SHGW_PC_BLOCK > /dev/null 2>&1
|
||||
|
||||
${IPTABLES} -w -t nat -N SHGW_HOST_REPUTATION > /dev/null 2>&1
|
||||
|
||||
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_WHITELIST > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_EULA_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_ASK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_PENDING > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_BLOCK > /dev/null 2>&1
|
||||
|
||||
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
|
||||
${IPTABLES} -w -t nat -I ${SHGW_PREROUTING_CHAIN} -j SHGW_IPSET > /dev/null 2>&1
|
||||
|
||||
## RULES UNDER FILTER TABLE
|
||||
${IPTABLES} -w -t filter -N SHGW_IPSET > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -N SHGW_NETWORK_PAUSE > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -N SHGW_DEVICE_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -N SHGW_PC_TIME_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -N SHGW_HOST_REPUTATION > /dev/null 2>&1
|
||||
|
||||
${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
|
||||
${IPTABLES} -w -t filter -I ${SHGW_FORWARD_CHAIN} -j SHGW_IPSET > /dev/null 2>&1
|
||||
|
||||
|
||||
}
|
||||
|
||||
# main
|
||||
${ECHO} "Starting dpwrap" >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
fn_trim_startup_log
|
||||
fn_kill_dpwrap_if_running
|
||||
fn_shgw_ipv6_tproxy_cleanup
|
||||
fn_shgw_ipv6_tproxy_setup
|
||||
fn_shgw_ipv4_tproxy_cleanup
|
||||
fn_shgw_ipv4_tproxy_setup
|
||||
fn_shgw_ipset_cleanup
|
||||
fn_shgw_ipset_setup
|
||||
fn_launch_and_wait
|
||||
fn_shgw_ipset_cleanup
|
||||
fn_shgw_ipv4_tproxy_cleanup
|
||||
fn_shgw_ipv6_tproxy_cleanup
|
||||
${IPTABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
${IP6TABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
|
||||
${ECHO} "Stopping dpwrap" >> ${SHGW_STARTUP_LOG} 2>&1
|
|
@ -0,0 +1,83 @@
|
|||
#!/bin/sh
|
||||
|
||||
#############################################################################
|
||||
#
|
||||
# MCAFEE CONFIDENTIAL
|
||||
# Copyright ©2018 McAfee, LLC
|
||||
#
|
||||
# The source code contained or described herein and all documents related
|
||||
# to the source code ("Material") are owned by McAfee or its
|
||||
# suppliers or licensors. Title to the Material remains with McAfee
|
||||
# or its suppliers and licensors. The Material contains trade
|
||||
# secrets and proprietary and confidential information of McAfee or its
|
||||
# suppliers and licensors. The Material is protected by worldwide copyright
|
||||
# and trade secret laws and treaty provisions. No part of the Material may
|
||||
# be used, copied, reproduced, modified, published, uploaded, posted,
|
||||
# transmitted, distributed, or disclosed in any way without McAfee's prior
|
||||
# express written permission.
|
||||
#
|
||||
# No license under any patent, copyright, trade secret or other intellectual
|
||||
# property right is granted to or conferred upon you by disclosure or
|
||||
# delivery of the Materials, either expressly, by implication, inducement,
|
||||
# estoppel or otherwise. Any license under such intellectual property rights
|
||||
# must be express and approved by McAfee in writing.
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
# A script to monitor if watchdogd is running or not
|
||||
#
|
||||
# Author : Eswar Yaganti
|
||||
# Date : 10-Mar-2016
|
||||
|
||||
. /etc/shgw/shgw.constants
|
||||
. /etc/shgw/shgw.common
|
||||
|
||||
MONIT_PID_FILE=${SHGW_TMPFS_PATH}/.shgw_wd_monit_pid
|
||||
|
||||
start_and_monitor_WD() {
|
||||
wd_died=0
|
||||
while true ; do
|
||||
fn_trim_startup_log
|
||||
${SHGW_LOG_TRIMMER} &
|
||||
wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
|
||||
if [ ! -z ${wd_pid} ]; then
|
||||
${ECHO} "[$$] $0 killing previous WD, pid=${wd_pid}, at `uptime`"
|
||||
${ECHO} "[$$] $0 killing previous WD, pid=${wd_pid}, at `uptime`" >> ${SHGW_STARTUP_LOG}
|
||||
${KILL} -9 ${wd_pid}
|
||||
${SLEEP} 2
|
||||
fi
|
||||
|
||||
${ECHO} "[$$] $0 starting ${SHGW_WD} ${SHGW_WD_CONF}, at `uptime`"
|
||||
${ECHO} "[$$] $0 starting ${SHGW_WD} ${SHGW_WD_CONF}, at `uptime`" >> ${SHGW_STARTUP_LOG}
|
||||
${SHGW_WD} ${SHGW_WD_CONF} ${wd_died} 2>>${SHGW_ERROR_FILE} &
|
||||
SHGW_WD_PID=$!
|
||||
wait ${SHGW_WD_PID}
|
||||
|
||||
# Is this required?
|
||||
${SLEEP} 2
|
||||
wd_died=1
|
||||
done
|
||||
}
|
||||
|
||||
exit_if_running() {
|
||||
if [ ! -f ${MONIT_PID_FILE} ]; then
|
||||
${ECHO} "[$$] Fresh instance at `uptime`"
|
||||
${ECHO} "[$$] Fresh instance at `uptime`" >> ${SHGW_STARTUP_LOG}
|
||||
${ECHO} $$ > ${MONIT_PID_FILE}
|
||||
else
|
||||
_PID=$(${CAT} ${MONIT_PID_FILE})
|
||||
if [ ! -z $(${CAT} /proc/${_PID}/cmdline | ${GREP} shgw_wd_monit) ];then
|
||||
${ECHO} "[$$] Another instance running, pids=[${_PID}] at `uptime`"
|
||||
${ECHO} "[$$] Another instance running, pids=[${_PID}] at `uptime`" >> ${SHGW_STARTUP_LOG}
|
||||
exit 1
|
||||
else
|
||||
${ECHO} "[$$] Overwriting ${MONIT_PID_FILE} at `uptime`"
|
||||
${ECHO} "[$$] Overwriting ${MONIT_PID_FILE} at `uptime`" >> ${SHGW_STARTUP_LOG}
|
||||
${ECHO} $$ > ${MONIT_PID_FILE}
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
exit_if_running
|
||||
start_and_monitor_WD
|
||||
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
Binary file not shown.
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh
|
||||
prefix=
|
||||
exec_prefix=${prefix}
|
||||
bindir=${exec_prefix}/bin
|
||||
sysconfdir=/etc
|
||||
localstatedir=${prefix}/var
|
||||
|
||||
${bindir}/pdbtool merge -r --glob \*.pdb -D ${sysconfdir}/patterndb.d -p ${localstatedir}/patterndb.xml
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
busybox
|
|
@ -0,0 +1 @@
|
|||
/dev/null
|
|
@ -0,0 +1 @@
|
|||
/dev/null
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue