hostmngr: handled host access control timing

hostmngr/Makefile

@@ -63,6 +63,7 @@ define Package/hostmngr/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/hostmngr $(1)/usr/sbin/
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/src/bbf_plugin/libhostmngr.so $(1)/etc/hostmngr/
 	$(INSTALL_DATA) ./files/etc/hostmngr/input.json $(1)/etc/hostmngr/	
+	$(INSTALL_DATA) ./files/lib/hosts/hosts_acl.sh $(1)/lib/hosts/
 endef
 
 ifeq ($(LOCAL_DEV),1)

hostmngr/files/etc/firewall.hosts

@@ -1,103 +1,7 @@
 #!/bin/sh
 
 . /lib/functions.sh
-
-day=""
-IP_RULE=""
-
-process_ac_schedule() {
-	local acs_id="$1"
-	local is_enabled
-	local access_control
-	local start_time=""
-	local mac=""
-
-	handle_day_list() {
-		local value=$1
-
-		val=$(echo $value | cut -c 1-3)
-		if [ -z $day ]; then
-			day="$val"
-		else
-			day="$day,$val"
-		fi
-	}
-
-	config_list_foreach "$acs_id" "day" handle_day_list
-	config_get is_enabled "$acs_id" "enable" 1
-	config_get access_control "$acs_id" "dm_parent"
-
-	if [ "$is_enabled" == "0" ] || [ -z "$access_control" ]; then
-		return
-	fi
-
-	IP_RULE=""
-
-	mac=$(uci -q get hosts.$access_control.macaddr)
-	access_policy=$(uci -q get hosts.$access_control.access_policy)
-
-	config_get start_time "$acs_id" "start_time"
-	config_get duration "$acs_id" "duration"
-
-	if [ -z "$mac" ] && [ -z "$start_time" ] && [ -z "$duration" ] && [ -z "$day" ] && [ -z "$access_policy" ]; then
-		return
-	fi
-	if [ -n "$mac" ]; then
-		IP_RULE="$IP_RULE -m mac --mac-source $mac"
-	fi
-
-	# as per iptables manual default starttime is 00:00
-	# default stoptime is 23:59
-	if [ -z "$start_time" ]; then
-		start_time="0:0"
-	fi
-	# conversion to utc
-	zone=$(date +%z | cut -c 1)
-	utc_h=$(date -u -d @$(date "+%s" -d "$start_time") +%H)
-	local_h=$(echo $start_time | awk -F: '{ print $1 }')
-	if [ "$zone" == "+" ] && [ $utc_h -gt $local_h ]; then
-		start_utc="0:0"
-	else
-		start_utc=$(date -u -d @$(date "+%s" -d "$start_time") +%H:%M)
-	fi
-
-        if [ -n "$duration" ]; then
-		hh=$(echo $start_utc | awk -F: '{ print $1 }')
-                mm=$(echo $start_utc | awk -F: '{ print $2 }')
-                hh_s=`expr $hh \* 3600`
-                mm_s=`expr $mm \* 60`
-                ss=$(( hh_s + mm_s ))
-
-                stop_ss=$(( ss + duration ))
-                hh=$(( stop_ss / 3600 ))
-                if [ $hh -lt 24 ]; then
-                	rem_ss=$(( stop_ss % 3600 ))
-                	mm=$(( rem_ss / 60 ))
-                	ss=$(( rem_ss % 60 ))
-			stop_utc="$hh:$mm:$ss"
-                else
-			stop_utc="23:59"
-                fi
-        else
-		stop_utc="23:59"
-        fi
-
-	IP_RULE="$IP_RULE -m time --timestart $start_utc --timestop $stop_utc"
-	if [ -n "$day" ]; then
-		IP_RULE="$IP_RULE --weekdays $day"
-	fi
-
-	if [ "$access_policy" == "Deny" ]; then
-		IP_RULE="$IP_RULE -j DROP"
-	else
-		IP_RULE="$IP_RULE -j ACCEPT"
-	fi
-
-	iptables -w -A hosts_forward ${IP_RULE}
-	ip6tables -w -A hosts_forward ${IP_RULE}
-
-	day=""
-}
+. /lib/hosts/hosts_acl.sh
 
 iptables -w -F hosts_forward
 ip6tables -w -F hosts_forward

hostmngr/files/etc/init.d/hostmngr

@@ -4,6 +4,7 @@ START=97
 STOP=20
 
 . /etc/bbfdm/bbfdm_services.sh
+. /lib/hosts/hosts_acl.sh
 
 USE_PROCD=1
 
@@ -19,6 +20,7 @@ start_service() {
 	procd_close_instance
 	
 	bbfdm_add_service "bbfdm.hosts" "${HOSTS_JSON_INPUT}"
+	hosts_acl
 }
 
 service_triggers()

hostmngr/files/lib/hosts/hosts_acl.sh

@@ -0,0 +1,230 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+day=""
+next_days=""
+prev_days=""
+IP_RULE=""
+IP_RULE1=""
+
+get_next_day() {
+	local weekday="$1"
+	case "$weekday" in
+		"Mon"|"Monday") echo "Tuesday"
+		;;
+		"Tue"|"Tuesday") echo "Wednesday"
+		;;
+		"Wed"|"Wednesday") echo "Thursday"
+		;;
+		"Thu"|"Thursday") echo "Friday"
+		;;
+		"Fri"|"Friday") echo "Saturday"
+		;;
+		"Sat"|"Saturday") echo "Sunday"
+		;;
+		"Sun"|"Sunday") echo "Monday"
+		;;
+	esac
+}
+
+get_previous_day() {
+	local weekday="$1"
+	case "$weekday" in
+		"Mon"|"Monday") echo "Sunday"
+		;;
+		"Tue"|"Tuesday") echo "Monday"
+		;;
+		"Wed"|"Wednesday") echo "Tuesday"
+		;;
+		"Thu"|"Thursday") echo "Wednesday"
+		;;
+		"Fri"|"Friday") echo "Thursday"
+		;;
+		"Sat"|"Saturday") echo "Friday"
+		;;
+		"Sun"|"Sunday") echo "Saturday"
+		;;
+	esac
+}
+
+ip_rule_west_zone() {
+	local utc_start_t_h="$1"
+	local utc_stop_t_h="$2"
+	local local_start_t_h="$3"
+	local local_stop_t_h="$4"
+	local utc_start_time="$5"
+	local utc_stop_time="$6"
+
+	if [ "$utc_start_t_h" -lt "$local_start_t_h" ]; then
+		IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
+		if [ -n "$next_days" ]; then
+			IP_RULE="$IP_RULE --weekdays $next_days"
+		fi
+	else
+		if [ "$utc_stop_t_h" -lt "$local_stop_t_h" ]; then
+			IP_RULE1="$IP_RULE"
+			IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop 23:59"
+			IP_RULE1="$IP_RULE1 -m time --timestart 00:00 --timestop $utc_stop_time"
+			if [ -n "$next_days" ]; then
+				IP_RULE1="$IP_RULE1 --weekdays $next_days"
+			fi
+		else
+			IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
+		fi
+		if [ -n "$day" ]; then
+			IP_RULE="$IP_RULE --weekdays $day"
+		fi
+	fi
+}
+
+ip_rule_east_zone() {
+	local utc_start_t_h="$1"
+	local utc_stop_t_h="$2"
+	local local_start_t_h="$3"
+	local local_stop_t_h="$4"
+	local utc_start_time="$5"
+	local utc_stop_time="$6"
+
+	if [ "$utc_start_t_h" -lt "$local_start_t_h" ]; then
+		IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
+		if [ -n "$day" ]; then
+			IP_RULE="$IP_RULE --weekdays $day"
+		fi
+	else
+		if [ "$utc_stop_t_h" -lt "$local_stop_t_h" ]; then
+			IP_RULE1="$IP_RULE"
+			IP_RULE="$IP_RULE -m time --timestart 00:00 --timestop $utc_stop_time"
+			IP_RULE1="$IP_RULE1 -m time --timestart $utc_start_time --timestop 23:59"
+			if [ -n "$prev_days" ]; then
+				IP_RULE1="$IP_RULE1 --weekdays $prev_days"
+			fi
+		else
+			IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
+		fi
+		if [ -n "$day" ]; then
+			IP_RULE="$IP_RULE --weekdays $day"
+		fi
+	fi
+}
+
+process_ac_schedule() {
+	local acs_id="$1"
+	local is_enabled
+	local access_control
+	local start_time=""
+	local mac=""
+
+
+	handle_day_list() {
+		local value=$1
+
+		val=$(echo $value | cut -c 1-3)
+		next_day_val=$(get_next_day $val)
+		prev_day_val=$(get_previous_day $val)
+		if [ -z $day ]; then
+			day="$val"
+			next_days="$next_day_val"
+			prev_days="$prev_day_val"
+		else
+			day="$day,$val"
+			next_days="$next_days,$next_day_val"
+			prev_days="$prev_days,$prev_day_val"
+		fi
+	}
+
+	config_list_foreach "$acs_id" "day" handle_day_list
+	config_get is_enabled "$acs_id" "enable" 1
+	config_get access_control "$acs_id" "dm_parent"
+
+	if [ "$is_enabled" == "0" ] || [ -z "$access_control" ]; then
+		return
+	fi
+
+	IP_RULE=""
+	IP_RULE1=""
+
+	mac=$(uci -q get hosts.$access_control.macaddr)
+	access_policy=$(uci -q get hosts.$access_control.access_policy)
+
+	config_get start_time "$acs_id" "start_time"
+	config_get duration "$acs_id" "duration"
+
+	if [ -z "$mac" ] && [ -z "$start_time" ] && [ -z "$duration" ] && [ -z "$day" ] && [ -z "$access_policy" ]; then
+		return
+	fi
+	if [ -n "$mac" ]; then
+		IP_RULE="$IP_RULE -m mac --mac-source $mac"
+	fi
+
+	zone=$(date +%z | cut -c 1)
+	local_start_time=$start_time
+        if [ -n "$duration" ]; then
+		hh=$(echo $local_start_time | awk -F: '{ print $1 }')
+                mm=$(echo $local_start_time | awk -F: '{ print $2 }')
+                hh_s=`expr $hh \* 3600`
+                mm_s=`expr $mm \* 60`
+                ss=$(( hh_s + mm_s ))
+		local_start_hh=$hh
+
+                stop_ss=$(( ss + duration ))
+                hh=$(( stop_ss / 3600 ))
+               	rem_ss=$(( stop_ss % 3600 ))
+               	mm=$(( rem_ss / 60 ))
+               	ss=$(( rem_ss % 60 ))
+		local_stop_time="$hh:$mm:$ss"
+		local_stop_hh=$hh
+	fi
+
+	utc_start_time=$(date -u -d @$(date "+%s" -d "$local_start_time") +%H:%M)
+	utc_stop_time=$(date -u -d @$(date "+%s" -d "$local_stop_time") +%H:%M)
+	utc_start_hh=$(echo $utc_start_time | awk -F: '{ print $1 }')
+	utc_stop_hh=$(echo $utc_stop_time | awk -F: '{ print $1 }')
+	if [ "$zone" == "-" ]; then
+		ip_rule_west_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time
+	else
+		ip_rule_east_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time
+	fi
+
+	if [ "$access_policy" == "Deny" ]; then
+		IP_RULE="$IP_RULE -j DROP"
+		if [ -n "$IP_RULE1" ]; then
+			IP_RULE1="$IP_RULE1 -j DROP"
+		fi
+	else
+		IP_RULE="$IP_RULE -j ACCEPT"
+		if [ -n "$IP_RULE1" ]; then
+			IP_RULE1="$IP_RULE1 -j ACCEPT"
+		fi
+	fi
+
+	iptables -w -A hosts_forward ${IP_RULE}
+	ip6tables -w -A hosts_forward ${IP_RULE}
+	if [ -n "$IP_RULE1" ]; then
+		iptables -w -A hosts_forward ${IP_RULE1}
+		ip6tables -w -A hosts_forward ${IP_RULE1}
+	fi
+
+	day=""
+	next_days=""
+	prev_days=""
+}
+
+hosts_acl() {
+	iptables -w -F hosts_forward
+	ip6tables -w -F hosts_forward
+
+	hosts_forward=$(iptables -t filter --list | grep hosts_forward)
+	if [ -z "$hosts_forward" ]; then
+		iptables -w -t filter -N hosts_forward
+		ret=$?
+		[ $ret -eq 0 ] && iptables -w -t filter -I FORWARD -j hosts_forward
+		ip6tables -w -t filter -N hosts_forward
+		ret=$?
+		[ $ret -eq 0 ] && ip6tables -w -t filter -I FORWARD -j hosts_forward
+	fi
+
+	# Load /etc/config/hosts UCI file
+	config_load hosts
+	config_foreach process_ac_schedule ac_schedule
+}