1275 lines
36 KiB
Bash
1275 lines
36 KiB
Bash
#!/bin/bash
|
||
|
||
if [[ "${NETWORK_BASH}" != "" ]]
|
||
then
|
||
return
|
||
else
|
||
declare -g NETWORK_BASH=1
|
||
fi
|
||
|
||
|
||
|
||
# Includes
|
||
#-----------------------------------------------------------------------------------------------------------------------------------
|
||
|
||
. /usr/global/lib/dns.bash
|
||
|
||
|
||
|
||
|
||
|
||
# Global Variable
|
||
#-----------------------------------------------------------------------------------------------------------------------------------
|
||
|
||
declare -g NETWORK_OPENVPN_STATUS
|
||
|
||
declare -Ag NETWORK_IP_ROUTE_TAB
|
||
declare -g NETWORK_IP_ROUTE_ID_LIST
|
||
declare -Ag NETWORK_IP_ROUTE_IP_IDX
|
||
|
||
declare -g NETWORK_SRC_TYPE
|
||
declare -Ag NETWORK_SRC_TAB
|
||
declare -g NETWORK_SRC_ID_LIST
|
||
declare -Ag NETWORK_SRC_IP_IDX
|
||
|
||
declare -g NETWORK_DST_TYPE
|
||
declare -Ag NETWORK_DST_TAB
|
||
declare -g NETWORK_DST_ID_LIST
|
||
declare -Ag NETWORK_DST_NAME_IDX
|
||
declare -Ag NETWORK_DST_DEV_IDX
|
||
|
||
declare -g NETWORK_CONFIG_FILE="/etc/sysconfig/rx3-network"
|
||
declare -g NETWORK_CONFIG_LOCK="/var/lock/network/rx3-network"
|
||
#declare -g NETWORK_CONFIG_LOCK="${NETWORK_CONFIG_FILE}"
|
||
|
||
|
||
|
||
|
||
|
||
file_lock ${NETWORK_CONFIG_LOCK} READ 9
|
||
|
||
[ -e "${NETWORK_CONFIG_FILE}" ] && . "${NETWORK_CONFIG_FILE}"
|
||
|
||
file_unlock 9
|
||
|
||
|
||
if [ ! -v LOG ] || [[ "${LOG}" == "" ]]
|
||
then
|
||
export LOG=":"
|
||
fi
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# is_valid_ip
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
is_valid_ip()
|
||
{
|
||
local ip=$1
|
||
local regex='^([0-9]{1,3}\.){3}[0-9]{1,3}$'
|
||
|
||
|
||
if [[ $ip =~ $regex ]]
|
||
then
|
||
IFS='.' read -r o1 o2 o3 o4 <<< "$ip"
|
||
|
||
for octet in $o1 $o2 $o3 $o4
|
||
do
|
||
if (( octet < 0 || octet > 255 ))
|
||
then
|
||
return 1
|
||
fi
|
||
done
|
||
|
||
return 0
|
||
else
|
||
return 1
|
||
fi
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# ip_to_num
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
ip_to_num()
|
||
{
|
||
local ip="$1"
|
||
local a
|
||
local b
|
||
local c
|
||
local d
|
||
|
||
IFS=. read -r a b c d <<< "${ip}"
|
||
|
||
echo $(( (a << 24) + (b << 16) + (c << 8) + d ))
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# num_to_ip
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
num_to_ip()
|
||
{
|
||
local num="$1"
|
||
|
||
|
||
# Optional safety check
|
||
if (( num < 0 || num > 4294967295 ))
|
||
then
|
||
echo "num_to_ip: value out of range (0‑4294967295)" >&2
|
||
return 1
|
||
fi
|
||
|
||
# Extract each byte by shifting and masking
|
||
local a=$(( (num >> 24) & 255 ))
|
||
local b=$(( (num >> 16) & 255 ))
|
||
local c=$(( (num >> 8) & 255 ))
|
||
local d=$(( num & 255 ))
|
||
|
||
printf '%d.%d.%d.%d\n' "$a" "$b" "$c" "$d"
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_common_load
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_common_load()
|
||
{
|
||
${LOG} 1>&2 "Loading common..."
|
||
|
||
NETWORK_OPENVPN_STATUS="$( sudo /usr/local/sbin/openvpn-status)"
|
||
NETWORK_TABLE_LIST=""
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_common_dump
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_common_dump()
|
||
{
|
||
echo "NETWORK_OPENVPN_STATUS: [${NETWORK_OPENVPN_STATUS}]"
|
||
echo
|
||
echo "NETWORK_TABLE_LIST: [${NETWORK_TABLE_LIST}]"
|
||
echo
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_ip_route_tab_load
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_ip_route_tab_load()
|
||
{
|
||
nirtl_id=0
|
||
|
||
|
||
${LOG} 1>&2 "Loading IP Route tab..."
|
||
|
||
while IFS= read -r line
|
||
do
|
||
line=${line%%#*}
|
||
if [[ ! -z "$line" ]]
|
||
then
|
||
set ${line}
|
||
|
||
nirtl_ip="$1"
|
||
nirtl_mask="$2"
|
||
nirtl_device="$3"
|
||
|
||
var_assign NETWORK_IP_ROUTE_ID_LIST "${nirtl_id}" INC
|
||
|
||
tab_assign NETWORK_IP_ROUTE_TAB "${nirtl_id},IP" "${nirtl_ip}"
|
||
tab_assign NETWORK_IP_ROUTE_TAB "${nirtl_id},Mask" "${nirtl_mask}"
|
||
tab_assign NETWORK_IP_ROUTE_TAB "${nirtl_id},Device" "${nirtl_device}"
|
||
|
||
tab_assign NETWORK_IP_ROUTE_IP_IDX "${nirtl_ip}" "${nirtl_id}"
|
||
|
||
nirtl_id=$(( ${nirtl_id} + 1))
|
||
fi
|
||
done <<< ${NETWORK_IP_ROUTE_CONFIG}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_ip_route_tab_get
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_ip_route_tab_get()
|
||
{
|
||
ip_route_id="$1"
|
||
|
||
ip_route_ip=${NETWORK_IP_ROUTE_TAB["${ip_route_id},IP"]}
|
||
ip_route_mask=${NETWORK_IP_ROUTE_TAB["${ip_route_id},Mask"]}
|
||
ip_route_device=${NETWORK_IP_ROUTE_TAB["${ip_route_id},Device"]}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_ip_route_tab_dump
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_ip_route_tab_dump()
|
||
{
|
||
echo "NETWORK_IP_ROUTE_ID_LIST: [${NETWORK_IP_ROUTE_ID_LIST}]"
|
||
echo
|
||
|
||
echo "NETWORK_IP_ROUTE_IP_IDX:"
|
||
|
||
for key in "${!NETWORK_IP_ROUTE_IP_IDX[@]}"
|
||
do
|
||
echo "[${key}]: [${NETWORK_IP_ROUTE_IP_IDX[${key}]}]"
|
||
done | sort -n
|
||
|
||
echo
|
||
|
||
echo "NETWORK_IP_ROUTE_TAB:"
|
||
|
||
for key in "${!NETWORK_IP_ROUTE_TAB[@]}"
|
||
do
|
||
echo "[${key}]: [${NETWORK_IP_ROUTE_TAB[${key}]}]"
|
||
done | sort -n
|
||
|
||
echo
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_dst_tab_load
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_dst_tab_load()
|
||
{
|
||
ndtl_id=0
|
||
|
||
|
||
${LOG} 1>&2 "Loading Dst tab..."
|
||
|
||
while IFS= read -r line
|
||
do
|
||
line=${line%%#*}
|
||
if [[ ! -z "$line" ]]
|
||
then
|
||
set ${line}
|
||
|
||
ndtl_name="$1"
|
||
ndtl_type="$2"
|
||
ndtl_device="$3"
|
||
ndtl_config="$4"
|
||
ndtl_table="$5"
|
||
|
||
var_assign NETWORK_DST_ID_LIST "${ndtl_id}" INC
|
||
|
||
tab_assign NETWORK_DST_TAB "${ndtl_id},Name" "${ndtl_name}"
|
||
tab_assign NETWORK_DST_TAB "${ndtl_id},Type" "${ndtl_type}"
|
||
tab_assign NETWORK_DST_TAB "${ndtl_id},Device" "${ndtl_device}"
|
||
tab_assign NETWORK_DST_TAB "${ndtl_id},Config" "${ndtl_config}"
|
||
tab_assign NETWORK_DST_TAB "${ndtl_id},Table" "${ndtl_table}"
|
||
|
||
var_assign NETWORK_TABLE_LIST "${ndtl_table}" INC
|
||
|
||
tab_assign NETWORK_DST_TAB "${ndtl_id},Status" "$( ip link show dev ${ndtl_device} 2>/dev/null | grep -q ",UP," && echo 1 || echo 0)"
|
||
|
||
ndtl_host_name="vpn${ndtl_id}.${NETWORK_DST_NAME}"
|
||
|
||
tab_assign NETWORK_DST_TAB "${ndtl_id},Host_Name" "${ndtl_host_name}"
|
||
dns_lookup "A" "${ndtl_host_name}" "NOCACHE"
|
||
tab_assign NETWORK_DST_TAB "${ndtl_id},IP" "${dns_value}"
|
||
|
||
case "${ndtl_type}"
|
||
in
|
||
"0")
|
||
set $(ip -s link show ${ndtl_device} 2>/dev/null ) &>/dev/null
|
||
|
||
ndtl_bytes_received="$( echo ${27} | numfmt --to=iec-i --suffix=B)"
|
||
ndtl_bytes_sent="$( echo ${40} | numfmt --to=iec-i --suffix=B)"
|
||
ndtl_uptime=""
|
||
;;
|
||
|
||
"1")
|
||
set $( echo "${NETWORK_OPENVPN_STATUS}" | grep ${ndtl_device}) &>/dev/null
|
||
|
||
# i=1; while [[ $i -lt 50 ]]; do eval "val=\${$i}"; echo "($i):[${val}]" 1>&2; i=$(( $i + 1)); done
|
||
|
||
ndtl_bytes_received="$( echo ${18/bytes,} | numfmt --to=iec-i --suffix=B)"
|
||
ndtl_bytes_sent="$( echo ${22/bytes,} | numfmt --to=iec-i --suffix=B)"
|
||
ndtl_start_date="$( grep "ext-client-${ndtl_device}.conf" /var/log/rx3-vpn.status 2>/dev/null | sed -e "s/.*Date: \[//" -e "s/\].*//")"
|
||
|
||
if [[ "${ndtl_start_date}" == "" ]]
|
||
then
|
||
ndtl_uptime=""
|
||
else
|
||
ndtl_uptime=$( echo "$(($(date +%s) - $(date -d "${ndtl_start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
|
||
fi
|
||
;;
|
||
esac
|
||
|
||
tab_assign NETWORK_DST_TAB "${ndtl_id},Bytes_Received" "${ndtl_bytes_received}"
|
||
tab_assign NETWORK_DST_TAB "${ndtl_id},Bytes_Sent" "${ndtl_bytes_sent}"
|
||
tab_assign NETWORK_DST_TAB "${ndtl_id},Uptime" "${ndtl_uptime}"
|
||
|
||
tab_assign NETWORK_DST_NAME_IDX "${ndtl_name}" "${ndtl_id}"
|
||
tab_assign NETWORK_DST_DEV_IDX "${ndtl_device}" "${ndtl_id}"
|
||
|
||
ndtl_id=$(( ${ndtl_id} + 1))
|
||
fi
|
||
done <<< ${NETWORK_DST_CONFIG}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_dst_tab_get
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_dst_tab_get()
|
||
{
|
||
dst_id="$1"
|
||
|
||
dst_name=${NETWORK_DST_TAB["${dst_id},Name"]}
|
||
dst_type=${NETWORK_DST_TAB["${dst_id},Type"]}
|
||
dst_device=${NETWORK_DST_TAB["${dst_id},Device"]}
|
||
dst_config=${NETWORK_DST_TAB["${dst_id},Config"]}
|
||
dst_table=${NETWORK_DST_TAB["${dst_id},Table"]}
|
||
|
||
dst_status=${NETWORK_DST_TAB["${dst_id},Status"]}
|
||
dst_host_name=${NETWORK_DST_TAB["${dst_id},Host_Name"]}
|
||
dst_ip=${NETWORK_DST_TAB["${dst_id},IP"]}
|
||
dst_bytes_received=${NETWORK_DST_TAB["${dst_id},Bytes_Received"]}
|
||
dst_bytes_sent=${NETWORK_DST_TAB["${dst_id},Bytes_Sent"]}
|
||
dst_start_date=${NETWORK_DST_TAB["${dst_id},Start_Date"]}
|
||
dst_uptime=${NETWORK_DST_TAB["${dst_id},Uptime"]}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_dst_tab_dump
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_dst_tab_dump()
|
||
{
|
||
echo "NETWORK_DST_ID_LIST: [${NETWORK_DST_ID_LIST}]"
|
||
echo
|
||
|
||
echo "NETWORK_DST_NAME_IDX:"
|
||
|
||
for key in "${!NETWORK_DST_NAME_IDX[@]}"
|
||
do
|
||
echo "[${key}]: [${NETWORK_DST_NAME_IDX[${key}]}]"
|
||
done | sort -n
|
||
|
||
echo
|
||
|
||
echo "NETWORK_DST_DEV_IDX:"
|
||
|
||
for key in "${!NETWORK_DST_DEV_IDX[@]}"
|
||
do
|
||
echo "[${key}]: [${NETWORK_DST_DEV_IDX[${key}]}]"
|
||
done | sort -n
|
||
|
||
echo
|
||
|
||
echo "NETWORK_DST_TAB:"
|
||
|
||
for key in "${!NETWORK_DST_TAB[@]}"
|
||
do
|
||
echo "[${key}]: [${NETWORK_DST_TAB[${key}]}]"
|
||
done | sort -n
|
||
|
||
echo
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_dst_tab_name_lookup
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_dst_tab_name_lookup()
|
||
{
|
||
dst_name="$1"
|
||
|
||
dst_id=${NETWORK_DST_NAME_IDX["${dst_name}"]}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_dst_tab_dev_lookup
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_dst_tab_dev_lookup()
|
||
{
|
||
dst_device="$1"
|
||
|
||
dst_id=${NETWORK_DST_DEV_IDX["${dst_device}"]}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_src_tab_load
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_src_tab_load()
|
||
{
|
||
nstl_id=0
|
||
nstl_local_id=0
|
||
nstl_port_default=3000
|
||
|
||
|
||
${LOG} 1>&2 "Loading Src tab..."
|
||
|
||
ip_base=$( ip_to_num ${NETWORK_SRC_LOCAL_ADDRESS})
|
||
|
||
while IFS= read -r line
|
||
do
|
||
line=${line%%#*}
|
||
if [[ ! -z "$line" ]]
|
||
then
|
||
set ${line}
|
||
|
||
nstl_ip="$1"
|
||
nstl_type="$2"
|
||
nstl_owner="$3"
|
||
nstl_table="$4"
|
||
nstl_port_start="$5"
|
||
nstl_port_range="$6"
|
||
|
||
if [[ "${nstl_port_start}" == "-" ]]
|
||
then
|
||
nstl_port_start=${nstl_port_default}
|
||
fi
|
||
|
||
dns_lookup PTR ${nstl_ip}
|
||
nstl_host_name="${dns_value}"
|
||
|
||
case "${nstl_type}"
|
||
in
|
||
"0") # Local
|
||
# nstl_device="${NETWORK_SRC_DEVICE}-${nstl_local_id}"
|
||
# ((nstl_local_id++))
|
||
|
||
# [[ $nstl_host_name =~ ([0-9]+) ]]
|
||
# nstl_device="${NETWORK_SRC_LOCAL_DEVICE}-${BASH_REMATCH[1]}"
|
||
|
||
ip_num=$(ip_to_num ${nstl_ip})
|
||
device_num="$(( ( ${ip_num} - ${ip_base}) / 4))"
|
||
|
||
nstl_device="${NETWORK_SRC_LOCAL_DEVICE}-${device_num}"
|
||
;;&
|
||
|
||
"1") # Routed
|
||
nstl_device=""
|
||
;;&
|
||
|
||
"0"|"1") # Local + Routed
|
||
nstl_status="2"
|
||
|
||
nstl_bytes_received=""
|
||
nstl_bytes_sent=""
|
||
nstl_uptime=""
|
||
nstl_last_seen=""
|
||
;;
|
||
|
||
"2") # OpenVPN
|
||
nstl_device="tun0"
|
||
nstl_status_line="$( echo "${NETWORK_OPENVPN_STATUS}" | grep "${nstl_device}.log: CLIENT_LIST.*${nstl_ip},")"
|
||
|
||
if [[ "${nstl_status_line}" == "" ]]
|
||
then
|
||
nstl_status="0"
|
||
nstl_bytes_received=""
|
||
nstl_bytes_sent=""
|
||
nstl_start_date=""
|
||
nstl_uptime=""
|
||
nstl_last_seen="$( stat -c "%x" /etc/openvpn/status/${nstl_host_name}.status 2>/dev/null | sed -e 's/\..*//')"
|
||
|
||
else
|
||
nstl_status="1"
|
||
|
||
IFS=,
|
||
set ${nstl_status_line} &>/dev/null
|
||
unset IFS
|
||
|
||
nstl_bytes_received=$( echo ${6} | numfmt --to=iec-i --suffix=B)
|
||
nstl_bytes_sent=$( echo ${7} | numfmt --to=iec-i --suffix=B)
|
||
nstl_start_date=${8}
|
||
nstl_uptime=$( echo "$(($(date +%s) - $(date -d "${nstl_start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
|
||
nstl_last_seen="$(stat -c "%x" /etc/openvpn/status/${nstl_host_name}.status 2>/dev/null | sed -e 's/\..*//')"
|
||
fi
|
||
;;
|
||
esac
|
||
|
||
if [[ " ${NETWORK_TABLE_LIST} " != *" ${nstl_table} "* ]]
|
||
then
|
||
err_echo "Invalid table number: [${nstl_table}] in network src entry: [${nstl_id}]!"
|
||
exit 1
|
||
fi
|
||
|
||
|
||
var_assign NETWORK_SRC_ID_LIST "${nstl_id}" INC
|
||
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},IP" "${nstl_ip}"
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Host_Name" "${nstl_host_name}"
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Type" "${nstl_type}"
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Owner" "${nstl_owner}"
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Table" "${nstl_table}"
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Port_Start" "${nstl_port_start}"
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Port_Range" "${nstl_port_range}"
|
||
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Device" "${nstl_device}"
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Status" "${nstl_status}"
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Bytes_Received" "${nstl_bytes_received}"
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Bytes_Sent" "${nstl_bytes_sent}"
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Uptime" "${nstl_uptime}"
|
||
tab_assign NETWORK_SRC_TAB "${nstl_id},Last_Seen" "${nstl_last_seen}"
|
||
|
||
tab_assign NETWORK_SRC_IP_IDX "${nstl_ip}" "${nstl_id}"
|
||
|
||
nstl_id=$(( ${nstl_id} + 1))
|
||
nstl_port_default=$(( ${nstl_port_start} + ${nstl_port_range}))
|
||
fi
|
||
done <<< ${NETWORK_SRC_CONFIG}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_src_tab_get
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_src_tab_get()
|
||
{
|
||
src_id="$1"
|
||
|
||
src_ip=${NETWORK_SRC_TAB["${src_id},IP"]}
|
||
src_host_name=${NETWORK_SRC_TAB["${src_id},Host_Name"]}
|
||
src_type=${NETWORK_SRC_TAB["${src_id},Type"]}
|
||
src_owner=${NETWORK_SRC_TAB["${src_id},Owner"]}
|
||
src_table=${NETWORK_SRC_TAB["${src_id},Table"]}
|
||
src_port_start=${NETWORK_SRC_TAB["${src_id},Port_Start"]}
|
||
src_port_range=${NETWORK_SRC_TAB["${src_id},Port_Range"]}
|
||
|
||
|
||
if [[ "${src_port_range}" != "0" ]]
|
||
then
|
||
src_port_end=$(( ${src_port_start} + ${src_port_range} - 1))
|
||
else
|
||
src_port_start=""
|
||
src_port_end=""
|
||
fi
|
||
|
||
src_device=${NETWORK_SRC_TAB["${src_id},Device"]}
|
||
src_status=${NETWORK_SRC_TAB["${src_id},Status"]}
|
||
src_bytes_received=${NETWORK_SRC_TAB["${src_id},Bytes_Received"]}
|
||
src_bytes_sent=${NETWORK_SRC_TAB["${src_id},Bytes_Sent"]}
|
||
src_start_date=${NETWORK_SRC_TAB["${src_id},Start_Date"]}
|
||
src_uptime=${NETWORK_SRC_TAB["${src_id},Uptime"]}
|
||
src_last_seen=${NETWORK_SRC_TAB["${src_id},Last_Seen"]}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_src_tab_dump
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_src_tab_dump()
|
||
{
|
||
echo "NETWORK_SRC_ID_LIST: [${NETWORK_SRC_ID_LIST}]"
|
||
echo
|
||
|
||
echo "NETWORK_SRC_IP_IDX:"
|
||
|
||
for key in "${!NETWORK_SRC_IP_IDX[@]}"
|
||
do
|
||
echo "[${key}]: [${NETWORK_SRC_IP_IDX[${key}]}]"
|
||
done | sort -n
|
||
|
||
echo
|
||
|
||
echo "NETWORK_SRC_TAB:"
|
||
|
||
for key in "${!NETWORK_SRC_TAB[@]}"
|
||
do
|
||
echo "[${key}]: [${NETWORK_SRC_TAB[${key}]}]"
|
||
done | sort -n
|
||
|
||
echo
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_src_tab_ip_lookup
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_src_tab_ip_lookup()
|
||
{
|
||
src_ip="$1"
|
||
|
||
src_id=${NETWORK_SRC_IP_IDX["${src_ip}"]}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_tab_load
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_tab_load()
|
||
{
|
||
${LOG} 1>&2 "Loading config..."
|
||
|
||
dns_tab_load
|
||
|
||
network_common_load
|
||
|
||
network_ip_route_tab_load
|
||
network_dst_tab_load
|
||
network_src_tab_load
|
||
|
||
dns_tab_save
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_tab_dump
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_tab_dump()
|
||
{
|
||
dns_tab_dump
|
||
|
||
network_common_dump
|
||
|
||
network_ip_route_tab_dump
|
||
network_dst_tab_dump
|
||
network_src_tab_dump
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_table_init
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_table_init()
|
||
{
|
||
for dst_id in ${NETWORK_DST_ID_LIST}
|
||
do
|
||
network_dst_tab_get ${dst_id}
|
||
|
||
if [[ ${dst_type} == "0" ]]
|
||
then
|
||
${LOG} "Copy main default route into table 3 (VPN Local routing table)"
|
||
|
||
if [[ "$(ip route list match 0.0.0.0 table main)" != "" ]]
|
||
then
|
||
${DEBUG} ip route add $(ip route list match 0.0.0.0 table main) table 3
|
||
fi
|
||
else
|
||
${LOG} "Define default route to device: [${dst_device}] into table: [${dst_table}]"
|
||
|
||
if [[ "$(ip link show ${dst_device})" != "" ]]
|
||
then
|
||
${DEBUG} ip route add default dev ${dst_device} table ${dst_table}
|
||
fi
|
||
fi
|
||
|
||
${LOG} "Add Rx3 routes in VPN tables"
|
||
|
||
for ip_route_id in ${NETWORK_IP_ROUTE_ID_LIST}
|
||
do
|
||
network_ip_route_tab_get ${ip_route_id}
|
||
|
||
${DEBUG} ip route add ${ip_route_ip}/${ip_route_mask} table ${dst_table} dev ${ip_route_device}
|
||
done
|
||
done
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_table_deinit
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_table_deinit()
|
||
{
|
||
${LOG} "Remove Rx3 routes in VPN tables"
|
||
|
||
for table in ${NETWORK_TABLE_LIST}
|
||
do
|
||
for ip_route_id in ${NETWORK_IP_ROUTE_ID_LIST}
|
||
do
|
||
network_ip_route_tab_get ${ip_route_id}
|
||
|
||
${DEBUG} ip route del ${ip_route_ip}/${ip_route_mask} table ${table} dev ${ip_route_device} 2>/dev/null
|
||
done
|
||
done
|
||
|
||
for dst_id in ${NETWORK_DST_ID_LIST}
|
||
do
|
||
network_dst_tab_get ${dst_id}
|
||
|
||
|
||
${LOG} "Remove default route in table: [${dst_table}]"
|
||
|
||
${DEBUG} ip route del default table ${dst_table}
|
||
done
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_table_set
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_table_set()
|
||
{
|
||
nts_ip=$1
|
||
nts_table=$2
|
||
|
||
network_src_tab_ip_lookup "${nts_ip}"
|
||
|
||
if [[ "${src_id}" == "" ]]
|
||
then
|
||
err_echo "IP not found: [${nts_ip}]!"
|
||
return 1
|
||
fi
|
||
|
||
if [[ " ${NETWORK_TABLE_LIST} " != *" ${nts_table} "* ]]
|
||
then
|
||
err_echo "Table not found: [${nts_table}]!"
|
||
return 1
|
||
fi
|
||
|
||
|
||
tab_assign NETWORK_SRC_TAB "${src_id},Table" "${ts_table}"
|
||
|
||
|
||
${DEBUG} sed "/^NETWORK_SRC_CONFIG=\"/,/^\"/ { s/^\(${nts_ip//./\\.}[[:space:]]\+\([^\t ]\+[[:space:]]\+\)\{2\}\)[^[:space:]]\+/\1${nts_table}/ }" -i ${NETWORK_CONFIG_FILE}
|
||
|
||
${DEBUG} ip rule del from ${nts_ip} 2>/dev/null
|
||
${DEBUG} ip rule add from ${nts_ip} table ${nts_table}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_dst_address_refresh
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_dst_address_refresh()
|
||
{
|
||
local dst_id="$1"
|
||
local dst_host_name="$2"
|
||
local dst_ip_old="$3"
|
||
|
||
local dst_ip_new
|
||
local proxy_host="proxy${dst_id}.${NETWORK_DST_PROXY_NAME}"
|
||
local proxy_port=8080
|
||
|
||
|
||
dst_ip_new=$( nc ${proxy_host} ${proxy_port})
|
||
|
||
if is_valid_ip ${dst_ip_new}
|
||
then
|
||
if [[ "${dst_ip_old}" != "${dst_ip_new}" ]]
|
||
then
|
||
${LOG} "Update ${dst_host_name}: Old: [${dst_ip_old}] New: [${dst_ip_new}]"
|
||
${DEBUG} /usr/local/sbin/ip_host_update "${dst_host_name/.*}" "${dst_host_name#*.}" "${dst_ip_new}" 60
|
||
|
||
tab_assign NETWORK_DST_TAB "${dst_id},IP" "${dst_ip_new}"
|
||
else
|
||
${LOG} "Skiping ${dst_host_name}: IP: [${dst_ip_old}]"
|
||
fi
|
||
else
|
||
${LOG} "Skiping ${dst_host_name}: Invalid IP: [${dst_ip_new}] Old IP[${dst_ip_old}]"
|
||
fi
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_dst_address_refresh_all
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_dst_address_refresh_all()
|
||
{
|
||
for dst_id in ${NETWORK_DST_ID_LIST}
|
||
do
|
||
network_dst_tab_get ${dst_id}
|
||
network_dst_address_refresh ${dst_id} ${dst_host_name} ${dst_ip}
|
||
done
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# bridge_up
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
function bridge_up
|
||
{
|
||
# set -x
|
||
bu_bridge_device=$1
|
||
bu_bridge_network=$2
|
||
bu_bridge_mask=$3
|
||
bu_bridge_address=$4
|
||
bu_peer_address=$5
|
||
bu_table=$6
|
||
|
||
|
||
${LOG} "Create bridge [${bu_bridge_device}]..."
|
||
|
||
${DEBUG} ip link add name ${bu_bridge_device} type bridge
|
||
|
||
|
||
${LOG} "Configure host side [${bu_bridge_device}:${bu_bridge_address}/${bu_bridge_mask}]..."
|
||
|
||
${DEBUG} ip link set ${bu_bridge_device} up
|
||
${DEBUG} ip addr add ${bu_bridge_address}/${bu_bridge_mask} dev ${bu_bridge_device}
|
||
|
||
|
||
${LOG} "Configure IP rule and routing [${bu_bridge_device}]..."
|
||
|
||
${DEBUG} ip rule add from ${bu_peer_address} table ${bu_table}
|
||
|
||
for bu_tab in ${NETWORK_TABLE_LIST}
|
||
do
|
||
${DEBUG} ip route add ${bu_bridge_network}/${bu_bridge_mask} dev ${bu_bridge_device} table ${bu_tab}
|
||
done
|
||
# set +x
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# bridge_down
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
function bridge_down
|
||
{
|
||
bd_bridge_device=$1
|
||
bd_bridge_network=$2
|
||
bd_bridge_mask=$3
|
||
bd_bridge_address=$4
|
||
bd_peer_address=$5
|
||
bd_table=$6
|
||
|
||
|
||
${LOG} "Remove IP routing and rule [${bd_bridge_device}]..."
|
||
|
||
for bd_tab in ${NETWORK_TABLE_LIST}
|
||
do
|
||
${DEBUG} ip route del ${bd_bridge_network}/${bd_bridge_mask} dev ${bd_bridge_device} table ${bd_tab} || true
|
||
done
|
||
|
||
${DEBUG} ip rule del from ${bd_peer_address} table ${bd_table}
|
||
|
||
|
||
${LOG} "Remove bridge [${bd_bridge_device}]..."
|
||
|
||
${DEBUG} ip link show ${bd_bridge_device} &>/dev/null && ${DEBUG} ip link del ${bd_bridge_device}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_bridge_init
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_bridge_init()
|
||
{
|
||
${LOG} "Add all Bridges"
|
||
|
||
for src_id in ${NETWORK_SRC_ID_LIST}
|
||
do
|
||
network_src_tab_get ${src_id}
|
||
|
||
if [[ "${src_type}" == "0" ]]
|
||
then
|
||
nbi_bridge_device="${src_device}"
|
||
nbi_bridge_network="${src_ip%.*}.$(( ${src_ip/*./} - 1))"
|
||
nbi_bridge_mask="30"
|
||
nbi_bridge_address="${src_ip%.*}.$(( ${src_ip/*./} + 1))"
|
||
nbi_peer_address="${src_ip}"
|
||
|
||
bridge_up "${nbi_bridge_device}" "${nbi_bridge_network}" "${nbi_bridge_mask}" "${nbi_bridge_address}" "${nbi_peer_address}" "${src_table}"
|
||
fi
|
||
done
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_bridge_deinit
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_bridge_deinit()
|
||
{
|
||
${LOG} "Remove all Bridge"
|
||
|
||
for src_id in ${NETWORK_SRC_ID_LIST}
|
||
do
|
||
network_src_tab_get ${src_id}
|
||
|
||
if [[ "${src_type}" == "0" ]]
|
||
then
|
||
nbi_bridge_device="${src_device}"
|
||
nbi_bridge_network="${src_ip%.*}.$(( ${src_ip/*./} - 1))"
|
||
nbi_bridge_mask="30"
|
||
nbi_bridge_address="${src_ip%.*}.$(( ${src_ip/*./} + 1))"
|
||
nbi_peer_address="${src_ip}"
|
||
|
||
bridge_down "${nbi_bridge_device}" "${nbi_bridge_network}" "${nbi_bridge_mask}" "${nbi_bridge_address}" "${nbi_peer_address}" "${src_table}"
|
||
fi
|
||
done
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_forward_add
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_forward_add()
|
||
{
|
||
nfa_ip=$1
|
||
nfa_port_start=$2
|
||
nfa_port_end=$3
|
||
|
||
|
||
${DEBUG} iptables -t nat -A PREROUTING-VPN -p tcp -m tcp --dport ${nfa_port_start}:${nfa_port_end} -j DNAT --to ${nfa_ip}
|
||
${DEBUG} iptables -t nat -A PREROUTING-VPN -p udp -m udp --dport ${nfa_port_start}:${nfa_port_end} -j DNAT --to ${nfa_ip}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_forward_remove
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_forward_remove()
|
||
{
|
||
nfr_ip=$1
|
||
nfr_port_start=$2
|
||
nfr_port_end=$3
|
||
|
||
${DEBUG} iptables -t nat -D PREROUTING-VPN -p tcp -m tcp --dport ${nfr_port_start}:${nfr_port_end} -j DNAT --to ${nfr_ip}
|
||
${DEBUG} iptables -t nat -D PREROUTING-VPN -p udp -m udp --dport ${nfr_port_start}:${nfr_port_end} -j DNAT --to ${nfr_ip}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_forward_start
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_forward_start()
|
||
{
|
||
${LOG} "Create VPN forward chain"
|
||
|
||
${DEBUG} iptables -t nat -N PREROUTING-VPN
|
||
|
||
|
||
${LOG} "Add jump rule for VPN"
|
||
|
||
for dst_id in ${NETWORK_DST_ID_LIST}
|
||
do
|
||
network_dst_tab_get ${dst_id}
|
||
|
||
if [[ "${dst_type}" != "0" ]]
|
||
then
|
||
${DEBUG} iptables -t nat -A PREROUTING -i ${dst_device} -j PREROUTING-VPN
|
||
fi
|
||
done
|
||
|
||
|
||
${LOG} "Add VPN client addresse rules"
|
||
|
||
for src_id in ${NETWORK_SRC_ID_LIST}
|
||
do
|
||
network_src_tab_get ${src_id}
|
||
|
||
${DEBUG} ip rule add from ${src_ip} table ${src_table}
|
||
|
||
if [[ "${src_port_range}" != "0" ]]
|
||
then
|
||
network_forward_add "${src_ip}" "${src_port_start}" "${src_port_end}"
|
||
fi
|
||
done
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_forward_stop
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_forward_stop()
|
||
{
|
||
${LOG} "Remove VPN client addresse rules"
|
||
|
||
for src_id in ${NETWORK_SRC_ID_LIST}
|
||
do
|
||
network_src_tab_get ${src_id}
|
||
|
||
${DEBUG} ip rule del from ${src_ip} 2>/dev/null
|
||
|
||
if [[ "${src_port_range}" != "0" ]]
|
||
then
|
||
network_forward_remove "${src_ip}" "${src_port_start}" "${src_port_end}"
|
||
fi
|
||
done
|
||
|
||
|
||
${LOG} "Remove Jump rule for VPN"
|
||
|
||
for dst_id in ${NETWORK_DST_ID_LIST}
|
||
do
|
||
network_dst_tab_get ${dst_id}
|
||
|
||
if [[ "${dst_type}" != "0" ]]
|
||
then
|
||
${DEBUG} iptables -t nat -D PREROUTING -i ${dst_device} -j PREROUTING-VPN
|
||
fi
|
||
done
|
||
|
||
|
||
${LOG} "Delete VPN forward chain"
|
||
|
||
${DEBUG} iptables -t nat -X PREROUTING-VPN
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_init
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_init()
|
||
{
|
||
dns_init
|
||
|
||
file_dir_init ${NETWORK_CONFIG_LOCK} root apache
|
||
|
||
network_tab_load
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_deinit
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_deinit()
|
||
{
|
||
dns_deinit
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_start
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_start()
|
||
{
|
||
network_table_init
|
||
|
||
network_bridge_init
|
||
|
||
network_forward_start
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_stop
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_stop()
|
||
{
|
||
network_forward_stop
|
||
|
||
network_bridge_deinit
|
||
|
||
network_table_deinit
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
# network_status
|
||
#--------------------------------------------------------------------------------------------------------------------------
|
||
|
||
network_status()
|
||
{
|
||
echo "Number of Network IP Route entries: ${#NETWORK_IP_ROUTE_IP_IDX[@]}"
|
||
echo "Number of Network Src entries: ${#NETWORK_SRC_IP_IDX[@]}"
|
||
echo "Number of Network Dst entries: ${#NETWORK_DST_DEV_IDX[@]}"
|
||
echo "Number of DNS cache A entries: ${#DNS_A_TAB[@]}"
|
||
echo "Number of DNS cache PTR entries: ${#DNS_PTR_TAB[@]}"
|
||
|
||
(
|
||
echo "SRC"
|
||
|
||
for src_id in ${NETWORK_SRC_ID_LIST}
|
||
do
|
||
network_src_tab_get ${src_id}
|
||
|
||
if [[ "${src_device}" != "" ]]
|
||
then
|
||
echo ${src_device}
|
||
fi
|
||
done | sort -u
|
||
|
||
echo "DST"
|
||
for dst_id in ${NETWORK_DST_ID_LIST}
|
||
do
|
||
network_dst_tab_get ${dst_id}
|
||
|
||
if [[ "${dst_device}" != "" ]]
|
||
then
|
||
echo ${dst_device}
|
||
fi
|
||
done | sort -u
|
||
) | while read entry
|
||
do
|
||
case ${entry}
|
||
in
|
||
"SRC")
|
||
echo
|
||
echo "Src Devices:"
|
||
;;
|
||
|
||
"DST")
|
||
echo
|
||
echo "Dst Devices:"
|
||
;;
|
||
|
||
*)
|
||
ip address show $entry | sed -e 's/^[^:]*: //'
|
||
;;
|
||
esac
|
||
done
|
||
|
||
echo
|
||
echo "Rules:"
|
||
|
||
ip rule show
|
||
echo
|
||
|
||
if [[ "${NETWORK_TABLE_LIST}" == "" ]]
|
||
then
|
||
echo "Network table list empty"
|
||
echo
|
||
else
|
||
for table in ${NETWORK_TABLE_LIST}
|
||
do
|
||
echo "Table ${table}:"
|
||
|
||
ip route list table ${table}
|
||
echo
|
||
done
|
||
fi
|
||
|
||
echo "Forward:"
|
||
|
||
iptables -t nat -L PREROUTING -v -n
|
||
echo
|
||
|
||
iptables -t nat -L PREROUTING-VPN -v -n
|
||
}
|