diff --git a/parental-control/Config.in b/parental-control/Config.in index e5d46422b..7567ba2d7 100644 --- a/parental-control/Config.in +++ b/parental-control/Config.in @@ -1,12 +1,10 @@ if PACKAGE_parental-control -config PARENTAL_CONTROL_INCLUDE_URLFILTER_BUNDLES - bool "Include default bundle files" - default n +config PARENTAL_CONTROL_URLFILTERING + bool "Enables URL Filter functions and datamodel" + default y help - Set this option to include bundle files by default, - they are also included in the UCI, urlfilter - still needs to be enabled though. + Set this option to include url filter feature config PARENTAL_CONTROL_VENDOR_PREFIX string "Package specific datamodel Vendor Prefix for TR181 extensions" diff --git a/parental-control/Makefile b/parental-control/Makefile index 0c7051127..cce9c291c 100644 --- a/parental-control/Makefile +++ b/parental-control/Makefile @@ -1,17 +1,17 @@ # -# Copyright (C) 2021-2024 IOPSYS +# Copyright (C) 2021-2025 IOPSYS # include $(TOPDIR)/rules.mk PKG_NAME:=parental-control -PKG_VERSION:=1.1.6 +PKG_VERSION:=1.2.0 LOCAL_DEV:=0 ifneq ($(LOCAL_DEV),1) PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git -PKG_SOURCE_VERSION:=5128498a36c8f1ac48d320850c292c7e66256884 +PKG_SOURCE_VERSION:=5d931642e1d46b8cfe24e37054ffd2885e354c2c PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz PKG_MIRROR_HASH:=skip endif @@ -49,8 +49,11 @@ endif TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\" -TARGET_LDFLAGS += \ - -lcmph +ifeq ($(CONFIG_PARENTAL_CONTROL_URLFILTERING),y) + TARGET_CFLAGS+=-DPARENTAL_CONTROL_ULRFILTER +endif + +TARGET_LDFLAGS += -lcmph ifeq ($(LOCAL_DEV),1) define Build/Prepare @@ -85,8 +88,12 @@ define Package/parental-control/install $(BBFDM_REGISTER_SERVICES) -v ${VENDOR_PREFIX} ./bbfdm_service.json $(1) parentalcontrol -ifeq ($(CONFIG_PARENTAL_CONTROL_INCLUDE_URLFILTER_BUNDLES),y) - $(INSTALL_DATA) ./files/etc/parentalcontrol/urlbundles.tar.xz $(1)/etc/parentalcontrol/ +ifeq ($(CONFIG_PARENTAL_CONTROL_URLFILTERING),y) + $(INSTALL_DATA) ./files/etc/uci-defaults/55-add-default-bundles $(1)/etc/uci-defaults/ + $(CP) ./files/urlbundle_override.json $(1)/etc/parentalcontrol/ +else + $(BBFDM_INSTALL_MS_PLUGIN) -v ${VENDOR_PREFIX} ./files/urlbundle_override.json $(1) parentalcontrol + $(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_urlfilter $(1)/etc/uci-defaults/ endif endef diff --git a/parental-control/files/etc/config/parentalcontrol b/parental-control/files/etc/config/parentalcontrol index 250ca7533..6dfc40a04 100644 --- a/parental-control/files/etc/config/parentalcontrol +++ b/parental-control/files/etc/config/parentalcontrol @@ -1,93 +1,4 @@ config globals 'globals' option enable '0' option loglevel '3' - -config urlbundle 'urlbundle_1' - option enable '0' - option name 'Abuse' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt' - -config urlbundle 'urlbundle_2' - option enable '0' - option name 'Ads' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt' - -config urlbundle 'urlbundle_3' - option enable '0' - option name 'Crypto' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt' - -config urlbundle 'urlbundle_4' - option enable '1' - option name 'Drugs' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt' - -config urlbundle 'urlbundle_5' - option enable '0' - option name 'Everything else' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt' - -config urlbundle 'urlbundle_6' - option enable '1' - option name 'Facebook/Instagram' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt' - -config urlbundle 'urlbundle_7' - option enable '1' - option name 'Fraud' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt' - -config urlbundle 'urlbundle_8' - option enable '1' - option name 'Gambling' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt' - -config urlbundle 'urlbundle_9' - option enable '0' - option name 'Malware' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt' - -config urlbundle 'urlbundle_10' - option enable '1' - option name 'Phishing' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt' - -config urlbundle 'urlbundle_11' - option enable '1' - option name 'Piracy' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt' - -config urlbundle 'urlbundle_12' - option enable '0' - option name 'Porn' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt' - -config urlbundle 'urlbundle_13' - option enable '1' - option name 'Ransomware' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt' - -config urlbundle 'urlbundle_14' - option enable '0' - option name 'Redirect' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt' - -config urlbundle 'urlbundle_15' - option enable '1' - option name 'Scam' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt' - -config urlbundle 'urlbundle_16' - option enable '0' - option name 'TikTok' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt' - -config urlbundle 'urlbundle_17' - option enable '0' - option name 'Torrent' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt' - -config urlbundle 'urlbundle_18' - option enable '0' - option name 'Tracking' - option download_url 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt' + option urlfilter '1' diff --git a/parental-control/files/etc/firewall.parentalcontrol b/parental-control/files/etc/firewall.parentalcontrol index 05410754f..0a88b64f8 100644 --- a/parental-control/files/etc/firewall.parentalcontrol +++ b/parental-control/files/etc/firewall.parentalcontrol @@ -2,15 +2,22 @@ . /lib/parentalcontrol/parentalcontrol.sh +enabled="$(uci -q get parentalcontrol.globals.enable)" +urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)" + # if parentalcontrol is enabled, add the rules, else remove them -if [ "$(uci -q get parentalcontrol.globals.enable)" == "1" ]; then +if [ "${enabled}" -eq "1" ]; then # this is for urlfilter daemon add_iptables_nfqueue_rules - # this for internet_access and profile_bedtime_schedule sections - add_internet_schedule_rules + if [ "${urlfilter}" -eq "1" ]; then + # this for internet_access and profile_bedtime_schedule sections + add_internet_schedule_rules + fi else # remove urlfilter daemon rules remove_iptables_nfqueue_rules - # remove internet_access and profile_bedtime_schedule rules - remove_internet_schedule_rules + if [ "${urlfilter}" -eq "1" ]; then + # remove internet_access and profile_bedtime_schedule rules + remove_internet_schedule_rules + fi fi diff --git a/parental-control/files/etc/init.d/parentalcontrol b/parental-control/files/etc/init.d/parentalcontrol index 17bba8b7c..8f520197d 100755 --- a/parental-control/files/etc/init.d/parentalcontrol +++ b/parental-control/files/etc/init.d/parentalcontrol @@ -12,7 +12,8 @@ validate_global_section() { uci_validate_section parentalcontrol globals globals \ 'enable:bool:1' \ 'loglevel:uinteger:3' \ - 'bundle_path:string' + 'bundle_path:string' \ + 'urlfilter:bool' } remove_fw_rules() { @@ -23,27 +24,36 @@ remove_fw_rules() { } configure_fw_rules() { - local enable - - remove_fw_rules + local enable urlfilter config_load parentalcontrol config_get_bool enable globals enable 0 + config_get_bool urlfilter globals urlfilter 0 + + remove_fw_rules if [ "${enable}" -eq "0" ]; then # Parental control is disabled return 0 fi - # Now flush the existing connections, otherwise, - # URL filtering cannot be performed on already open sites. - if [ -n "$(which conntrack)" ]; then - sleep 5 - conntrack -F + if [ "${urlfilter}" -eq "1" ]; then + if [ ! -f "${DM_PLUGIN_PATH}" ]; then + # throw error + log "ERROR: urlfiltering disabled at compile time but enabled in config" + else + # Now flush the existing connections, otherwise, + # URL filtering cannot be performed on already open sites. + if [ -n "$(which conntrack)" ]; then + sleep 5 + conntrack -F + fi + + # this is for urlfilter daemon + add_iptables_nfqueue_rules + fi fi - # this is for urlfilter daemon - add_iptables_nfqueue_rules # this for internet_access and profile_bedtime_schedule sections add_internet_schedule_rules } @@ -68,7 +78,7 @@ copy_dhcp_leases() { } start_service() { - local enable loglevel bundle_path + local enable loglevel bundle_path urlfilter config_load parentalcontrol validate_global_section @@ -80,6 +90,12 @@ start_service() { # add firewall rules configure_fw_rules + if [ "${urlfilter}" -eq "1" ]; then + enable_urlfilter_dm + else + disable_urlfilter_dm + fi + # if the router is, for example, upgraded and then it boots up # then /tmp/dhcp.leases will be empty until clients try to get a lease, # in that case, hostnames will not be processed by the daemon, @@ -88,7 +104,7 @@ start_service() { # and will be used as a backup in case /tmp/dhcp.leases is empty copy_dhcp_leases - procd_open_instance "parentalcontrol_dm" + procd_open_instance "parentalcontrol" procd_set_param command nice -n 10 "${PROG}" # Lower priority procd_append_param command -l ${loglevel} procd_set_param respawn diff --git a/parental-control/files/etc/parentalcontrol/urlbundles.tar.xz b/parental-control/files/etc/parentalcontrol/urlbundles.tar.xz deleted file mode 100644 index b8a508cb5..000000000 Binary files a/parental-control/files/etc/parentalcontrol/urlbundles.tar.xz and /dev/null differ diff --git a/parental-control/files/etc/uci-defaults/50-parental_control_urlfilter b/parental-control/files/etc/uci-defaults/50-parental_control_urlfilter new file mode 100644 index 000000000..4be5d5182 --- /dev/null +++ b/parental-control/files/etc/uci-defaults/50-parental_control_urlfilter @@ -0,0 +1,7 @@ +#!/bin/sh + +. /lib/functions.sh + +[ ! -f "/etc/config/parentalcontrol" ] && exit 0 + +uci -q set parentalcontrol.globals.urlfilter='0' diff --git a/parental-control/files/etc/uci-defaults/55-add-default-bundles b/parental-control/files/etc/uci-defaults/55-add-default-bundles new file mode 100644 index 000000000..8b8749501 --- /dev/null +++ b/parental-control/files/etc/uci-defaults/55-add-default-bundles @@ -0,0 +1,40 @@ +#!/bin/sh + +COUNT=1 + +add_urlbundle() +{ + local enabled name url + + enabled="${1}"; shift + url="${1}"; shift + name="${@}" + + uci -q set parentalcontrol.urlbundle_${COUNT}=urlbundle + uci -q set parentalcontrol.urlbundle_${COUNT}.enable="${enabled}" + uci -q set parentalcontrol.urlbundle_${COUNT}.name="${name}" + uci -q set parentalcontrol.urlbundle_${COUNT}.download_url="${url}" + + COUNT="$((COUNT+1))" +} + +add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt" "Abuse" +add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt" "Ads" +add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt" "Crypto" +add_urlbundle "1" "https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt" "Drugs" +add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt' "Everything else" +add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt' 'Facebook/Instagram' +add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt' 'Fraud' +add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt' 'Gambling' +add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt' 'Malware' +add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt' 'Phishing' +add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt' 'Piracy' +add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt' 'Porn' +add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt' 'Ransomware' +add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt' 'Redirect' +add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt' 'Scam' +add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt' 'TikTok' +add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt' 'Torrent' +add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt' 'Tracking' + +exit 0 diff --git a/parental-control/files/lib/parentalcontrol/parentalcontrol.sh b/parental-control/files/lib/parentalcontrol/parentalcontrol.sh index 07df93faf..fd0345027 100644 --- a/parental-control/files/lib/parentalcontrol/parentalcontrol.sh +++ b/parental-control/files/lib/parentalcontrol/parentalcontrol.sh @@ -311,6 +311,9 @@ parse_macs_or_hostnames() { local input="$1" local lease_file="/tmp/dhcp.leases" + [ -f "$lease_file" ] || lease_file="/etc/parentalcontrol/dhcp.leases" + [ -f "$lease_file" ] || { log "Error: No DHCP lease file found."; return 1; } + for item in $input; do case "$item" in ??:??:??:??:??:??) @@ -509,3 +512,25 @@ remove_internet_schedule_rules() { ip6tables -w -X parentalcontrol_forward fi } + +OVERRIDE_JSON="/etc/parentalcontrol/urlbundle_override.json" +DM_PLUGIN_PATH="/usr/share/bbfdm/micro_services/parentalcontrol/urlbundle_override.json" + +enable_urlfilter_dm() { + if [ -f "${DM_PLUGIN_PATH}" ]; then + rm ${DM_PLUGIN_PATH} + echo "Please restart to apply" + fi +} + +disable_urlfilter_dm() { + mkdir -p "$(dirname ${DM_PLUGIN_PATH})" + + if [ ! -f "${DM_PLUGIN_PATH}" ]; then + if [ -f "${OVERRIDE_JSON}" ]; then + cp "${OVERRIDE_JSON}" "${DM_PLUGIN_PATH}" + echo "Please restart to apply" + + fi + fi +} diff --git a/parental-control/files/lib/parentalcontrol/sync_bundles.sh b/parental-control/files/lib/parentalcontrol/sync_bundles.sh index cf19f9a51..1b726f3cf 100644 --- a/parental-control/files/lib/parentalcontrol/sync_bundles.sh +++ b/parental-control/files/lib/parentalcontrol/sync_bundles.sh @@ -224,6 +224,14 @@ cleanup_bundle_files() { # Main handler for all profile URL bundles handle_filter_for_bundles() { + local urlfilter + + urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)" + if [ "${urlfilter}" -ne "1" ]; then + logger -p info "urlbundle not supported" + return + fi + ubus -t 20 wait_for bbfdm.parentalcontrol if [ "$?" -ne 0 ]; then diff --git a/parental-control/files/urlbundle_override.json b/parental-control/files/urlbundle_override.json new file mode 100644 index 000000000..074edb59e --- /dev/null +++ b/parental-control/files/urlbundle_override.json @@ -0,0 +1,89 @@ +{ + "json_plugin_version": 2, + "Device.X_IOWRT_EU_ParentalControl.": { + "type": "object", + "protocols": [ + "cwmp", + "usp" + ], + "access": false, + "array": false, + "DefaultBundles": { + "type": "string", + "protocols": [ + "none" + ], + "read": true, + "write": false + }, + "MaxBlockHistory": { + "type": "unsignedInt", + "protocols": [ + "none" + ], + "read": true, + "write": true, + "datatype": "unsignedInt" + }, + "BlockHistoryNumberOfEntries": { + "type": "unsignedInt", + "read": true, + "write": false, + "protocols": [ + "none" + ], + "datatype": "unsignedInt" + }, + "URLBundleNumberOfEntries": { + "type": "unsignedInt", + "read": true, + "write": false, + "protocols": [ + "none" + ], + "datatype": "unsignedInt" + }, + "Device.X_IOWRT_EU_ParentalControl.BlockHistory.": { + "type": "object", + "protocols": [ + "none" + ], + "access": false, + "array": true + }, + "Device.X_IOWRT_EU_ParentalControl.URLBundle.": { + "type": "object", + "protocols": [ + "none" + ], + "access": true, + "array": true + } + }, + "Device.X_IOWRT_EU_ParentalControl.Profile.{i}.": { + "type": "object", + "protocols": [ + "cwmp", + "usp" + ], + "access": true, + "array": true, + "URLFilterNumberOfEntries": { + "type": "unsignedInt", + "read": true, + "write": false, + "protocols": [ + "none" + ], + "datatype": "unsignedInt" + }, + "Device.X_IOWRT_EU_ParentalControl.Profile.{i}.URLFilter.": { + "type": "object", + "protocols": [ + "none" + ], + "access": true, + "array": true + } + } +}