23,11 → 23,10 |
OLDIFS=$IFS |
IFS=$'\n' |
|
# Fonction appelée si un Pb de connectivité Internet |
# On fait pointer les usagers sur l'adresse locale |
function ext_down_alert () |
function lan_down_alert () |
# users are redirected on ALCASAR IP address if LAN Pb detected |
{ |
case $EXT_DOWN in |
case $LAN_DOWN in |
"1") |
logger "eth0 link down" |
/bin/sed -i "s?diagnostic =.*?diagnostic = \"eth0 link down\";?g" $Index_Page |
36,10 → 35,6 |
logger "can't contact the default router" |
/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page |
;; |
"3") |
logger "can't contact the Internet DNS" |
/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the Internet DNS\";?g" $Index_Page |
;; |
esac |
net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l` |
if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas). |
51,76 → 46,92 |
fi |
} |
|
# On teste la connectivité réseau |
# On teste l'état d'EXTIF |
EXT_DOWN="0" |
if [ "`/usr/sbin/ethtool $EXTIF|grep Link|cut -d' ' -f3`" != "yes" ] |
then |
EXT_DOWN="1" |
fi |
# si EXTIF ok, on teste la connectivité vers le routeur par défaut (Box FAI) |
if [ $EXT_DOWN -eq "0" ] |
then |
IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3` |
arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2` |
if [ $arp_reply -eq "0" ] |
then |
EXT_DOWN="2" |
function lan_test () |
# LAN connectiivity testing |
{ |
# EXTIF testing |
LAN_DOWN="0" |
if [ "`/usr/sbin/ethtool $EXTIF|grep Link|cut -d' ' -f3`" != "yes" ] |
then |
LAN_DOWN="1" |
fi |
fi |
# si routeur OK, on teste la connectivité vers les DNS externes |
# + tard (EXT_DOWN=3) |
# si Pb réseau, on avertit les usagers |
if [ $EXT_DOWN != "0" ] |
then |
ext_down_alert |
else |
# sinon, le cas échéant, on rebascule en mode normal |
net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l` |
if [ $net_pb != "0" ] |
# Default GW testing |
if [ $LAN_DOWN -eq "0" ] |
then |
/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page |
/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq-blackhole.conf |
/bin/sed -i "/^address=/d" /etc/dnsmasq.conf |
/etc/init.d/dnsmasq restart |
IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3` |
arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2` |
if [ $arp_reply -eq "0" ] |
then |
LAN_DOWN="2" |
fi |
fi |
fi |
# if LAN pb detected, users are warned |
if [ $LAN_DOWN != "0" ] |
then |
lan_down_alert |
# else switch in normal mode |
else |
net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l` |
if [ $net_pb != "0" ] |
then |
/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page |
/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq-blackhole.conf |
/bin/sed -i "/^address=/d" /etc/dnsmasq.conf |
/etc/init.d/dnsmasq restart |
fi |
fi |
} |
|
usage="Usage: alcasar-watchdog.sh {-lt --lan_test}" |
case $1 in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
-lt | --lan_test) |
lan_test |
exit 0 |
;; |
*) |
lan_test |
# lecture du fichier contenant les adresses IP des stations muettes |
if [ -e $tmp_file ]; then |
cat $tmp_file | while read noresponse |
do |
noresponse_ip=`echo $noresponse | cut -d" " -f1` |
noresponse_mac=`echo $noresponse | cut -d" " -f2` |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep response|cut -d" " -f2` |
if [[ $(expr $arp_reply) -eq 0 ]] |
then |
logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user." |
/usr/sbin/chilli_query logout $noresponse_mac |
if [ -e $tmp_file ]; then |
cat $tmp_file | while read noresponse |
do |
noresponse_ip=`echo $noresponse | cut -d" " -f1` |
noresponse_mac=`echo $noresponse | cut -d" " -f2` |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep response|cut -d" " -f2` |
if [[ $(expr $arp_reply) -eq 0 ]] |
then |
logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user." |
/usr/sbin/chilli_query logout $noresponse_mac |
fi |
done |
rm $tmp_file |
fi |
done |
rm $tmp_file |
fi |
# on traite chaque équipements connus de chilli |
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"` |
do |
active_ip=`echo $system |cut -d" " -f2` |
active_session=`echo $system |cut -d" " -f5` |
active_mac=`echo $system | cut -d" " -f1` |
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"` |
do |
active_ip=`echo $system |cut -d" " -f2` |
active_session=`echo $system |cut -d" " -f5` |
active_mac=`echo $system | cut -d" " -f1` |
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes) |
if [[ $(expr $active_session) -eq 1 ]] |
then |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l` |
if [[ $(expr $active_session) -eq 1 ]] |
then |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l` |
# on stocke les adresses IP des stations muettes |
if [[ $(expr $arp_reply) -eq 0 ]] |
then |
echo "$active_ip $active_mac" >> $tmp_file |
fi |
if [[ $(expr $arp_reply) -eq 0 ]] |
then |
echo "$active_ip $active_mac" >> $tmp_file |
fi |
# on deconnecte l'usager d'une stations usurpée (@MAC) |
if [[ $(expr $arp_reply) -gt 2 ]] |
then |
logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user." |
/usr/sbin/chilli_query logout $active_mac |
fi |
fi |
done |
if [[ $(expr $arp_reply) -gt 2 ]] |
then |
logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user." |
/usr/sbin/chilli_query logout $active_mac |
fi |
fi |
done |
;; |
esac |
IFS=$OLDIFS |