Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 2257

Přidáno uživatelem Ondřej Fibich před téměř 11 roky(ů)

Upravy:
- uplne odstraneni freenetis-redirection z hlavniho repozitare, nahrazeno https://github.com/freenetis/freenetis-redirection. Dalsi vyvoj bude probihat pouze v novem repozitari.

Zobrazit rozdíly:

freenetis/branches/1.1/application/vendors/redirection/freenetis-redirection.conf
# This is configuration file for freenetis-redirection
#
# freenetis-redirection is part of project FreenetIS (for more info see http://www.freenetis.org)
################################################################################
# G E N E R A L S E T T I N G S #
################################################################################
# Base PATH_FN to running FreenetIS instance
PATH_FN=http://localhost/freenetis
# Log file, change to /dev/null to disable logging
LOG_FILE=/var/log/freenetis-redirection.log
# Log file for redirector deamon, change to /dev/null to disable logging
LOG_FILE_REDIRECTOR=/var/log/freenetis-http-redirection.log
################################################################################
# R E D I R E C T I O N S E T T I N G S #
################################################################################
# Local variable contains port number to be redirect from - mandatory
PORT_WEB=80
# Local variable contains port number to be redirect to - mandatory
PORT_REDIRECT=36000
# Local variable contains port number for canceling of redirection by redirected user - mandatory
PORT_SELF_CANCEL=36001
# Delay in seconds between next update cycle
DELAY=60
# URL of pages which we need to download from FreenetIS. [DO NOT CHANGE THIS VARIABLES!!!]
# SET_URL_RANGES - contains list of CIDR networks (e.g. 192.160.0/23) which we can redirect
# SET_URL_ALLOWED - contains list of IP allowed addresses will not be redirect
# SET_URL_SELF_CANCEL - contains list of IP addresses which can disable redirection itself
SET_URL_RANGES=$PATH_FN/index.php/en/web_interface/redirected_ranges
SET_URL_ALLOWED=$PATH_FN/index.php/en/web_interface/allowed_ip_addresses
SET_URL_SELF_CANCEL=$PATH_FN/index.php/en/web_interface/self_cancelable_ip_addresses
freenetis/branches/1.1/application/vendors/redirection/freenetis-redirection.sh
#!/bin/bash
################################################################################
# #
# This script serves for redirection IP policy of IS FreenetIS #
# #
# author Kliment Michal, Sevcik Roman #
# email kliment@freenetis.org, sevcik.roman@slfree.net #
# #
# name freenetis-redirection.sh #
# version 2.2 #
# #
################################################################################
# Version
VERSION="2.2"
# Load variables from config file
CONFIG=/etc/freenetis/freenetis-redirection.conf
# Local variable contains path to iptables - mandatory
IPTABLES=/sbin/iptables
# Local variable contains path to ipset - mandatory
IPSET=/usr/sbin/ipset
# Local variable contains path to wget - mandatory
WGET=/usr/bin/wget
# Path to HTTP 302 redirector
REDIRECTION_HTTP_REDIRECTOR=/usr/sbin/freenetis-http-302-redirection
# Path to HTTP 302 redirector
REDIRECTION_HTTP_REDIRECTOR_PIDFILE=/var/run/freenetis-http-302-redirection.pid
#Paths where temporary data will be saved.
PATH_ERRORS=`mktemp`
#Load variables
if [ -f ${CONFIG} ]; then
. $CONFIG;
else
echo "Config file is missing at path $CONFIG."
echo "Terminating..."
exit 0
fi
# Runs command and print result (OK = success, FAILED = error)
run_and_print_result ()
{
$@ 2> "$PATH_ERRORS"
if [ $? -eq 0 ];
then
echo "OK"
else
echo "FAILED! Error: $? "`cat "$PATH_ERRORS" | awk '{$1 = ""; print}'`
fi
}
# Tests whether iptables rule already exists
rule_exists ()
{
iptables-save | grep -q "$@"
if [ $? -eq 0 ];
then
echo 1
else
echo 0
fi
}
# Tests whether program is running
is_running ()
{
ps aux | grep -v grep | grep "$@" | wc -l
}
# Adds iptables rules
add_rules()
{
echo -n "Adding iptables rule for self canceling..."
#Rule for allowing access. If come packet to $PORT_SELF_CANCEL then we add source address do set allowed and to set seen
#Set seen is used for ip synchronization with FreenetIS.
if [ `rule_exists "PREROUTING -p tcp -m set --match-set self_cancel src -m tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src"` -eq 0 ];
then
run_and_print_result "$IPTABLES -t nat -A PREROUTING -m set --match-set self_cancel src -p tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src"
else
echo "already added"
fi
echo -n "Adding iptables rule for allowed..."
#If IP is allowed then it is not redirected
if [ `rule_exists "PREROUTING -m set --match-set allowed src -j ACCEPT"` -eq 0 ];
then
run_and_print_result "$IPTABLES -t nat -A PREROUTING -m set --match-set allowed src -j ACCEPT"
else
echo "already added"
fi
echo -n "Adding iptables rule for allowed..."
#If IP is allowed then it is not redirected
if [ `rule_exists "PREROUTING -m set --match-set allowed dst -j ACCEPT"` -eq 0 ];
then
run_and_print_result "$IPTABLES -t nat -A PREROUTING -m set --match-set allowed dst -j ACCEPT"
else
echo "already added"
fi
echo -n "Adding iptables rule for redirection..."
#Redirect everything trafic what has destination port $PORT_WEB to $PORT_REDIRECT
if [ `rule_exists "PREROUTING -p tcp -m set --match-set ranges src -m tcp --dport $PORT_WEB -j REDIRECT --to-ports $PORT_REDIRECT"` -eq 0 ];
then
run_and_print_result "$IPTABLES -t nat -A PREROUTING -m set --match-set ranges src -p tcp --dport $PORT_WEB -j REDIRECT --to-port $PORT_REDIRECT"
else
echo "already added"
fi
echo -n "Adding iptables rule for allowed..."
#If IP is allowed then it is not redirected
if [ `rule_exists "FORWARD -m set --match-set allowed src -j ACCEPT"` -eq 0 ];
then
run_and_print_result "$IPTABLES -I FORWARD 1 -m set --match-set allowed src -j ACCEPT"
else
echo "already added"
fi
echo -n "Adding iptables rule for allowed..."
#If IP is allowed then it is not redirected
if [ `rule_exists "FORWARD -m set --match-set allowed dst -j ACCEPT"` -eq 0 ];
then
run_and_print_result "$IPTABLES -I FORWARD 2 -m set --match-set allowed dst -j ACCEPT"
else
echo "already added"
fi
echo -n "Adding iptables rule for block others..."
#Else everything drop
if [ `rule_exists "FORWARD -m set --match-set ranges src -j DROP"` -eq 0 ];
then
run_and_print_result "$IPTABLES -I FORWARD 3 -m set --match-set ranges src -j DROP"
else
echo "already added"
fi
}
# Deletes iptables rules
delete_rules()
{
echo -n "Deleting iptables rule for self canceling..."
#Rule for allowing access. If come packet to $PORT_SELF_CANCEL then we add source address do set allowed and to set seen
#Set seen is used for ip synchronization with FreenetIS.
if [ `rule_exists "PREROUTING -p tcp -m set --match-set self_cancel src -m tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src"` -eq 1 ];
then
run_and_print_result "$IPTABLES -t nat -D PREROUTING -m set --match-set self_cancel src -p tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src"
else
echo "already deleted"
fi
echo -n "Deleting iptables rule for allowed..."
#If IP is allowed then it is not redirected
if [ `rule_exists "PREROUTING -m set --match-set allowed src -j ACCEPT"` -eq 1 ];
then
run_and_print_result "$IPTABLES -t nat -D PREROUTING -m set --match-set allowed src -j ACCEPT"
else
echo "already deleted"
fi
echo -n "Deleting iptables rule for allowed..."
#If IP is allowed then it is not redirected
if [ `rule_exists "PREROUTING -m set --match-set allowed dst -j ACCEPT"` -eq 1 ];
then
run_and_print_result "$IPTABLES -t nat -D PREROUTING -m set --match-set allowed dst -j ACCEPT"
else
echo "already deleted"
fi
echo -n "Deleting iptables rule for redirection..."
#Redirect everything trafic what has destination port $PORT_WEB to $PORT_REDIRECT
if [ `rule_exists "PREROUTING -p tcp -m set --match-set ranges src -m tcp --dport $PORT_WEB -j REDIRECT --to-ports $PORT_REDIRECT"` -eq 1 ];
then
run_and_print_result "$IPTABLES -t nat -D PREROUTING -m set --match-set ranges src -p tcp --dport $PORT_WEB -j REDIRECT --to-port $PORT_REDIRECT"
else
echo "already deleted"
fi
echo -n "Deleting iptables rule for allowed..."
#If IP is allowed then it is not redirected
if [ `rule_exists "FORWARD -m set --match-set allowed src -j ACCEPT"` -eq 1 ];
then
run_and_print_result "$IPTABLES -D FORWARD -m set --match-set allowed src -j ACCEPT"
else
echo "already deleted"
fi
echo -n "Deleting iptables rule for allowed..."
#If IP is allowed then it is not redirected
if [ `rule_exists "FORWARD -m set --match-set allowed dst -j ACCEPT"` -eq 1 ];
then
run_and_print_result "$IPTABLES -D FORWARD -m set --match-set allowed dst -j ACCEPT"
else
echo "already deleted"
fi
echo -n "Deleting iptables rule for block others..."
#Else everything drop
if [ `rule_exists "FORWARD -m set --match-set ranges src -j DROP"` -eq 1 ];
then
run_and_print_result "$IPTABLES -D FORWARD -m set --match-set ranges src -j DROP"
else
echo "already deleted"
fi
}
# Adds ipsets
add_ipsets()
{
echo -n "Adding ipset allowed... "
if [ -n "`$IPSET -L allowed 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -N allowed iphash --hashsize 10000 --probes 8 --resize 50"
else
echo "already added"
fi
echo -n "Adding ipset self_cancel..."
if [ -n "`$IPSET -L self_cancel 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -N self_cancel iphash --hashsize 10000 --probes 8 --resize 50"
else
echo "already added"
fi
echo -n "Adding ipset ranges..."
if [ -n "`$IPSET -L ranges 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -N ranges nethash --hashsize 1024 --probes 4 --resize 50"
else
echo "already added"
fi
echo -n "Adding temporary ipset for ipset allowed..."
if [ -n "`$IPSET -L allowed_tmp 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -N allowed_tmp iphash --hashsize 10000 --probes 8 --resize 50"
else
echo "already added"
fi
echo -n "Adding temporary ipset for ipset self_cancel..."
if [ -n "`$IPSET -L self_cancel_tmp 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -N self_cancel_tmp iphash --hashsize 10000 --probes 8 --resize 50"
else
echo "already added"
fi
echo -n "Adding temporary ipset for ipset ranges..."
if [ -n "`$IPSET -L ranges_tmp 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -N ranges_tmp nethash --hashsize 1024 --probes 4 --resize 50"
else
echo "already added"
fi
}
# Deletes ipsets
delete_ipsets()
{
echo -n "Deleting ipset allowed... "
if [ -z "`$IPSET -L allowed 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -X allowed"
else
echo "already deleted"
fi
echo -n "Deleting ipset self_cancel..."
if [ -z "`$IPSET -L self_cancel 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -X self_cancel"
else
echo "already deleted"
fi
echo -n "Deleting ipset ranges..."
if [ -z "`$IPSET -L ranges 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -X ranges"
else
echo "already deleted"
fi
echo -n "Deleting temporary ipset for ipset allowed..."
if [ -z "`$IPSET -L allowed_tmp 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -X allowed_tmp"
else
echo "already deleted"
fi
echo -n "Deleting temporary ipset for ipset self_cancel..."
if [ -z "`$IPSET -L self_cancel_tmp 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -X self_cancel_tmp"
else
echo "already deleted"
fi
echo -n "Deleting temporary ipset for ipset ranges..."
if [ -z "`$IPSET -L ranges_tmp 2>&1>/dev/null`" ];
then
run_and_print_result "$IPSET -X ranges_tmp"
else
echo "already deleted"
fi
}
# Starts HTTP 302 redirector
start_http_redirector ()
{
echo -n "Starting FreenetIS redirection HTTP deamon: "
if [ `is_running "$REDIRECTION_HTTP_REDIRECTOR"` -eq 0 ];
then
run_and_print_result "start-stop-daemon --start --quiet --make-pidfile --pidfile=$REDIRECTION_HTTP_REDIRECTOR_PIDFILE --background --exec $REDIRECTION_HTTP_REDIRECTOR -- $PORT_REDIRECT $PATH_FN $LOG_FILE_REDIRECTOR"
else
echo "already started"
fi
}
# Stops HTTP 302 redirector
stop_http_redirector ()
{
echo -n "Stopping FreenetIS redirection HTTP deamon: "
if [ `is_running "$REDIRECTION_HTTP_REDIRECTOR"` -eq 1 ];
then
run_and_print_result "start-stop-daemon --stop --quiet --pidfile=$REDIRECTION_HTTP_REDIRECTOR_PIDFILE"
else
echo "already stopped"
fi
rm -f "$REDIRECTION_HTTP_REDIRECTOR_PIDFILE"
}
# Starts redirection - only adds ipsets, rules and starts HTTP redirector
start_redirection ()
{
echo "[STARTING]"
add_ipsets
add_rules
start_http_redirector
}
# Stops redirection - only deletes ipset, rules and stops HTTP redirector
stop_redirection ()
{
echo "[STOPPING]"
delete_rules
delete_ipsets
stop_http_redirector
}
# Syncs ipsets with FreenetIS - only one time
sync_ipsets ()
{
echo "[SYNCING]"
PATH_ALLOWED=`mktemp`
PATH_SELF_CANCEL=`mktemp`
PATH_RANGES=`mktemp`
for URL in "$SET_URL_ALLOWED";
do
echo -n "Downloading list of allowed IP addresses from $URL: ";
$WGET -qO- $URL --no-check-certificate >> $PATH_ALLOWED 2>/dev/null
if [ $? -eq 0 ];
then
echo "OK"
else
echo "FAILED!"
fi
done
for URL in "$SET_URL_SELF_CANCEL";
do
echo -n "Downloading list of self-cancel IP addresses from $URL: ";
$WGET -qO- $URL --no-check-certificate >> $PATH_SELF_CANCEL 2>/dev/null
if [ $? -eq 0 ];
then
echo "OK"
else
echo "FAILED!"
fi
done
for URL in "$SET_URL_RANGES";
do
echo -n "Downloading list of ranges from $URL: ";
$WGET -qO- $URL --no-check-certificate >> $PATH_RANGES 2>/dev/null
if [ $? -eq 0 ];
then
echo "OK"
else
echo "FAILED!"
fi
done
$IPSET -F ranges_tmp 2>/dev/null
$IPSET -F allowed_tmp 2>/dev/null
$IPSET -F self_cancel_tmp 2>/dev/null
echo -n "Adding IP addresses to temporary ipset for ipset allowed..."
for i in $(cat $PATH_ALLOWED);
do
$IPSET -A allowed_tmp $i 2>/dev/null
done
echo `cat $PATH_ALLOWED | wc -l`" addresses added "
echo -n "Adding IP addresses to temporary ipset for ipset self_cancel..."
for i in $(cat $PATH_SELF_CANCEL);
do
$IPSET -A self_cancel_tmp $i 2>/dev/null
done
echo `cat $PATH_SELF_CANCEL | wc -l`" addresses added "
echo -n "Adding IP addresses to temporary ipset for ipset ranges..."
for i in $(cat $PATH_RANGES);
do
$IPSET -A ranges_tmp $i 2>/dev/null
done
echo `cat $PATH_RANGES | wc -l`" addresses added "
echo -n "Replacing content of ipset ranges with content of temporary ipset..."
run_and_print_result "$IPSET -W ranges_tmp ranges"
echo -n "Replacing content of ipset allowed with content of temporary ipset..."
run_and_print_result "$IPSET -W allowed_tmp allowed"
echo -n "Replacing content of ipset self_cancel with content of temporary ipset..."
run_and_print_result "$IPSET -W self_cancel_tmp self_cancel"
#Cleaning up...
rm -f $PATH_RANGES
rm -f $PATH_ALLOWED
rm -f $PATH_SELF_CANCEL
}
# Runs whole redirections (start, sync, stop) in endless loop
run ()
{
echo "[STARTING]"
trap 'stop_redirection' EXIT
while (true);
do
# makes sure ipsets exist
add_ipsets
# makes sure iptables rules exist
add_rules
# makes sure HTTP 302 redirector is running
start_http_redirector
# syncs ipsets with FreenetIS
sync_ipsets
echo "Sleeping now for $DELAY seconds..."
sleep $DELAY;
done
}
# Prints usage
usage ()
{
echo "Usage : `echo $0` ACTION [ LOG FILE ]"
echo "where ACTION := { start | stop | restart | sync | run | version | help }"
}
# Prints version
version ()
{
echo $VERSION
}
# Prints help
help ()
{
echo " start - creates firewall rules and ipsets for redirection"
echo " stop - deletes firewall rules and ipsets for redirection"
echo " restart - deletes and recreates firewall rules and ipsets for redirection"
echo " sync - sync content of ipsets with FreenetIS"
echo " run - run complete redirection in endless loop"
echo " version - print version"
echo " help - prints help for redirection"
}
# Second parameter is set => will used as log file
if [ -n "$2" ]; then
exec > "$2"
fi;
# Is parameter #1 zero length?
if [ -z "$1" ]; then
usage
exit 0
fi;
case "$1" in
start)
start_redirection
exit 0
;;
stop)
stop_redirection
exit 0
;;
restart)
stop_redirection
start_redirection
exit 0
;;
sync)
sync_ipsets
exit 0
;;
run)
run
exit 0
;;
version)
version
exit 0
;;
help)
usage
help
exit 0
;;
*)
usage
exit 0
;;
esac
exit 0
freenetis/branches/1.1/application/vendors/redirection/freenetis-redirection.init.sh
#! /bin/bash
### BEGIN INIT INFO
# Provides: freenetis-redirection
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start: $network $syslog
# Should-Stop: $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start and stop freenetis synchronization daemon
# Description: FreenetIS redirection synchronization script.
### END INIT INFO
################################################################################
# #
# This script serves for redirection IP policy of IS FreenetIS #
# #
# author Kliment Michal, Sevcik Roman #
# email kliment@freenetis.org, sevcik.roman@slfree.net #
# #
# name freenetis-redirection.init.sh #
# version 2.2 #
# #
################################################################################
#Load variables from config file
CONFIG=/etc/freenetis/freenetis-redirection.conf
# Path to redirection synchronization file
REDIRECTION_FILE=/usr/sbin/freenetis-redirection
#Path to redirection pid file
REDIRECTION_PIDFILE=/var/run/freenetis-redirection.pid
# Path to HTTP 302 redirector
REDIRECTION_HTTP_REDIRECTOR=/usr/sbin/freenetis-http-302-redirection
# Path to HTTP 302 redirector
REDIRECTION_HTTP_REDIRECTOR_PIDFILE=/var/run/freenetis-http-302-redirection.pid
#Load variables
if [ -f ${CONFIG} ]; then
. $CONFIG;
else
echo "Config file is missing at path $CONFIG."
echo "Terminating..."
exit 0
fi
# Tests whether program is running
is_running ()
{
ps aux | grep -v grep | grep "$@" | wc -l
}
# Starts Freenetis redirection daemon
start_redirection ()
{
if [ `is_running "$REDIRECTION_FILE"` -eq 0 ];
then
echo -n "Starting FreenetIS redirection daemon: "
start-stop-daemon --start --quiet --make-pidfile --pidfile="$REDIRECTION_PIDFILE" --background --exec "$REDIRECTION_FILE" -- run "$LOG_FILE" 2>> "$LOG_FILE"
sleep 2
if [ $? -eq 0 ];
then
echo "OK"
else
echo "FAILED!"
fi
else
echo "Already started."
fi
}
# Stops Freenetis redirection daemon
stop_redirection ()
{
if [ `is_running "$REDIRECTION_FILE"` -eq 1 ];
then
echo -n "Stopping FreenetIS redirection daemon: "
start-stop-daemon --stop --quiet --pidfile="$REDIRECTION_PIDFILE" 2>> "$LOG_FILE"
sleep 2
if [ $? -eq 0 ];
then
echo "OK"
else
echo "FAILED!"
fi
else
echo "Already stopped."
fi
rm -f "$REDIRECTION_PIDFILE"
}
# Prints status of Freenetis redirection daemon
status_redirection ()
{
if [ `is_running "$REDIRECTION_FILE"` -eq 1 ];
then
echo "FreenetIS redirection daemon is running with PID "`cat "$REDIRECTION_PIDFILE"`
if [ `is_running "$REDIRECTION_HTTP_REDIRECTOR"` -eq 1 ];
then
echo "FreenetIS HTTP redirector is running with PID "`cat "$REDIRECTION_HTTP_REDIRECTOR_PIDFILE"`
fi
else
echo "FreenetIS redirection is not running."
echo "FreenetIS HTTP redirector is not running."
fi
}
# Prints version
version_redirection ()
{
VERSION=`"$REDIRECTION_FILE" version 2>/dev/null`
echo $VERSION
}
# Prints usage
usage_redirection ()
{
echo "usage : `echo $0` (start|stop|restart|status|version|help)"
}
# Prints help
help_redirection ()
{
echo " start - starts FreenetIS redirection daemon"
echo " stop - stops FreenetIS redirection daemon"
echo " restart - restarts FreenetIS redirection daemon"
echo " reload - reloads configuration and restarts FreenetIS redirection daemon"
echo " status - returns actual status of FreenetIS redirection daemon"
echo " version - prints version"
echo " help - prints help"
}
# Is parameter #1 zero length?
if [ -z "$1" ]; then
usage_redirection
exit 0
fi;
case "$1" in
start)
start_redirection
exit 0
;;
restart|reload|force-reload) # reload is same thing as reload
stop_redirection
start_redirection
exit 0
;;
stop)
stop_redirection
exit 0
;;
status)
status_redirection
exit 0
;;
version)
version_redirection
exit 0
;;
help)
usage_redirection
help_redirection
exit 0
;;
*)
usage_redirection
exit 0
;;
esac
exit 0
freenetis/branches/1.1/application/vendors/redirection/man/freenetis-redirection.8
.\" Manpage for freenetis-redirection.
.\" Contact ondrej.fibich@gmail.com.in to correct errors or typos.
.TH man 8 "09 September 2013" "1.0" "freenetis-redirection man page"
.SH NAME
freenetis-redirection \- redirection IP policy demon for FreenetIS
.SH SYNOPSIS
freenetis-redirection action [log_file]
.SH DESCRIPTION
freenetis-redirection demon is a part of FreenetIS redirection and it serves for redirection IP policy of IS FreenetIS. This script should not be used directly.
.SH OPTIONS
The freenetis-redirection should not be run directly. It is commonly managed by an init.d script.
It takes at least one argument action which may contains following values:
start - creates firewall rules and ipsets for redirection
stop - deletes firewall rules and ipsets for redirection
restart - deletes and recreates firewall rules and ipsets for redirection
sync - sync content of ipsets with FreenetIS
run - complete redirection in endless loop
version - print version
help - prints help for redirection
It can also take a second parameter that is a file that is used for logging.
.SH AUTHOR
Michal Kliment <kliment@freenetis.org>,
Roman Sevcik <sevcik.roman@slfree.net>
freenetis/branches/1.1/application/vendors/redirection/man/freenetis-http-302-redirection.1
.\" Manpage for freenetis-http-302-redirection.1.
.\" Contact ondrej.fibich@gmail.com.in to correct errors or typos.
.TH man 1 "09 September 2013" "1.0" "freenetis-http-302-redirection man page"
.SH NAME
freenetis-http-302-redirection \- HTTP redirector for FreenetIS redirection
.SH SYNOPSIS
freenetis-http-302-redirection port freenetis_path [log_file]
.SH DESCRIPTION
freenetis-http-302-redirection is a part of FreenetIS redirection it servers for listening on a port and redirect all its traffic to FreenetIS. This script should not be used directly.
.SH OPTIONS
The freenetis-http-302-redirection should not be run directly. It is commonly managed by an freenetis-redirection(8) demon.
It takes following arguments:
port Port number on which it listens for incoming HTTP connections
freenetis_path URL to base path of FreenetIS
log_file Optional file for logging
.SH AUTHOR
Ondrej Fibich <ondrej.fibich@gmail.com>
freenetis/branches/1.1/application/vendors/redirection/test/http-302-redirection-test.sh
#!/bin/bash
################################################################################
#
# Test script that access some web pages (should be run on a redirected device)
#
################################################################################
WWWs=('http://seznam.cz' 'http://google.com')
while true
do
for url in "${WWWs[@]}"
do
echo `date +"%Y-%m-%d %H:%M:%S"`" Connecting to: $url" 1>&2
out=`wget -q -O - "$url"`
echo `date +"%Y-%m-%d %H:%M:%S"`" Downloaded (\$? = $?)"
echo ""
done
done
freenetis/branches/1.1/application/vendors/redirection/freenetis-http-302-redirection.py
#!/usr/bin/env python
################################################################################
#
# Script for redirecting with HTTP 302 code for FreenetIS redirection
#
# version: 0.1.2
# author: Ondrej Fibich <ondrej.fibich@gmail.com>
#
################################################################################
import datetime
import re
import signal
import sys
import socket
import thread
import logging
import time
########## Classes of script ###################################################
##
# Handles connections
#
class ConnectionHandler:
##
# Initialize socket and other required variables
#
def __init__(self, port, target_url):
# patterns for retrieving of response
self.pattern_http_header = re.compile("GET (.*) HTTP/")
self.pattern_http_host = re.compile("Host: (.*)\r\n")
self.pattern_url = re.compile("^(https?)://([\w-]+\.)+[\w-]+(/[\w -./?\%&=]*)?$")
# variables
self.target_url = target_url
self.port = port
self.listener = None
self.on = False # inicator of running
##
# Is on?
#
def is_on(self):
return self.on
##
# Open socket
#
def open(self):
if not self.listener:
self.listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # server socket
self.listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # repeatly used
self.listener.bind(("", self.port)) # bind socket to port
self.listener.listen(25) # max connection in same time
self.on = True
# debug
logging.info("FreenetIS HTTP 302 Redirector is active (port: %d)\n" % (self.port))
##
# Close socket
#
def close(self):
if self.listener:
self.listener.close()
logging.info("Closing socket")
##
# Signal hadler
#
def signal_handler(self, signum, frame):
logging.info("Catch signal %d." % (signum))
self.on = False
##
# Thread for processing of request and for creating and sending of response.
# @param conn Client connection
#
def _client_thread(self, conn):
try:
# set timeout of blocking operations
conn.settimeout(5.0) # 5 secounds
# download header
start_time = time.time()
request_header = conn.recv(1024)
if not request_header:
request_header = "" # even if nothing received, redirect
# header content variables
origin_host = ""
origin_path = ""
# read header
m_http_header = self.pattern_http_header.search(request_header)
if m_http_header:
origin_path = m_http_header.group(1)
m_origin_path = self.pattern_http_host.search(request_header)
if m_origin_path:
origin_host = "http://" + m_origin_path.group(1).strip()
# make URL
origin = origin_host + origin_path
# debug
logging.info("Origin: %s" % (origin))
# check readed data if wring set some other common url
if not self.pattern_url.match(origin):
origin = "http://www.google.com"
# make redir URL
url = self.target_url + origin
# send our https redirect
conn.send("HTTP/1.1 302 Moved temporarily\r\n" +
"Location: " + url + "\r\n" +
"Connection: close\r\n" +
"Cache-control: private\r\n\r\n" +
"<html><body>Moved temporarily. Please go to <a href=\"" + url + "\">" + url + "</a> for this service.</body></html>\r\n\r\n")
# debug
logging.info("Redirecting to %s took: %lf" % (url, time.time() - start_time))
finally:
# close connecting
conn.close()
# debug
logging.info("Closing connection.\n")
##
# Listens for incoming connection (every 1ms).
# On new connection a 302 redirect is sended and then the connection is closed.
#
def run(self):
# new connection?
client_socket, client_addr = self.listener.accept()
# debug
logging.info("Accepting connection from: %s:%d." % (client_addr[0], client_addr[1]))
# invoke thread
thread.start_new_thread(self._client_thread, (client_socket,))
########## Working loop ########################################################
# load arguments
if len(sys.argv) == 4:
logging.basicConfig(level=logging.DEBUG, format='[%(levelname)s] %(asctime)s %(message)s', datefmt='%Y-%m-%d %H:%M:%S', filename=sys.argv[3].strip(), filemode="w")
elif len(sys.argv) == 3:
logging.basicConfig(level=logging.DEBUG, format='[%(levelname)s] %(asctime)s %(message)s', datefmt='%Y-%m-%d %H:%M:%S')
else:
logging.critical("Wrong args count.. Terminating")
sys.exit(1)
# port
try:
port = int(sys.argv[1].strip())
except ValueError:
logging.critical("First argument has to be a port number.. Terminating")
sys.exit(2)
# url for redirect
if not re.match("^(https?)://(([\w-]+\.)+[\w-]+|localhost)(/[\w -./?\%&=]*)?$", sys.argv[2].strip()):
logging.critical("Second argument has to be a URL.. Terminating")
sys.exit(3)
target = sys.argv[2].strip().rstrip("/") + "/redirection/?redirect_to="
# init
connections = ConnectionHandler(port, target)
# connect
try:
connections.open()
except socket.error, msg:
connections.close()
logging.critical("Cannot create/bind socket, error (" + str(msg[0]) + "): " + str(msg[1]))
sys.exit(4)
# set signal handlers
signal.signal(signal.SIGINT, connections.signal_handler)
signal.signal(signal.SIGABRT, connections.signal_handler)
# endless loop for receiving of connections (do not stop even on error)
try:
while connections.is_on():
try:
connections.run()
except Exception as e: # on any error
logging.critical("An error occured: %s" % (e))
finally:
# close connection
connections.close()
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/templates
Template: freenetis-redirection/path_freenetis
Type: string
Default: http://localhost/freenetis
Description: FreenetIS URL:
Base path to running FreenetIS instance (e.g. http://freenet.org/is)
Description-cs.UTF-8: FreenetIS URL:
Cesta ke kořenu běžící instalace FreenetISu (např. http://freenet.org/is)
Template: freenetis-redirection/hack_reload
Type: boolean
Default: true
Description: Hack for propper working of loading package?
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/debianization.sh
#!/bin/sh
################################################################################
# Script for debianization of FreenetIS redirection and QoS package
# (c) Ondrej Fibich, 2012
#
# Takes two arguments (version of package - FreenetIS and debian version).
#
################################################################################
if [ $# -ne 2 ]; then
echo "Wrong arg count.. Terminating"
exit 1
fi
NAME=freenetis-redirection
VERSION=$1
DEBIAN=$2
# create dirs ##################################################################
mkdir deb_packages/tmp
cd deb_packages/tmp
mkdir -m 755 DEBIAN
mkdir -m 755 etc
mkdir -m 755 etc/init.d
mkdir -m 755 etc/freenetis
mkdir -m 755 usr
mkdir -m 755 usr/sbin
mkdir -m 755 usr/share
mkdir -m 755 usr/share/doc
mkdir -m 755 usr/share/doc/${NAME}
mkdir -m 755 usr/share/man
mkdir -m 755 usr/share/man/man1
mkdir -m 755 usr/share/man/man8
# doc ##########################################################################
# change log
cat ../../${NAME}/changelog >> usr/share/doc/${NAME}/changelog
# debian change log is same
cp usr/share/doc/${NAME}/changelog usr/share/doc/${NAME}/changelog.Debian
# copyright
echo "This package was debianized by Ondrej Fibich <ondrej.fibich@gmail.com> on `date -R`" >> usr/share/doc/${NAME}/copyright
echo "It was downloaded from <http://freenetis.org/>\n" >> usr/share/doc/${NAME}/copyright
echo "Copyright:" >> usr/share/doc/${NAME}/copyright
cat ../../../../../AUTHORS >> usr/share/doc/${NAME}/copyright
echo "\nLicense:" >> usr/share/doc/${NAME}/copyright
cat ../../../../../COPYING >> usr/share/doc/${NAME}/copyright
echo "\nOn Debian systems, the complete text of the GNU General" >> usr/share/doc/${NAME}/copyright
echo "Public License can be found in \`/usr/share/common-licenses/GPL-3'.\n" >> usr/share/doc/${NAME}/copyright
echo -n "The Debian packaging is (C) `date +%Y`, Ondrej Fibich <ondrej.fibich@gmail.com> and" >> usr/share/doc/${NAME}/copyright
echo " it is licensed under the GPL, see above.\n" >> usr/share/doc/${NAME}/copyright
# man pages
cp ../../../redirection/man/freenetis-redirection.8 usr/share/man/man8/
cp ../../../redirection/man/freenetis-http-302-redirection.1 usr/share/man/man1/
# rights
chmod 644 usr/share/doc/${NAME}/changelog usr/share/doc/${NAME}/changelog.Debian \
usr/share/doc/${NAME}/copyright usr/share/man/man8/freenetis-redirection.8 \
usr/share/man/man1/freenetis-http-302-redirection.1
# compress doc
gzip --best usr/share/doc/${NAME}/changelog
gzip --best usr/share/doc/${NAME}/changelog.Debian
gzip --best usr/share/man/man8/freenetis-redirection.8
gzip --best usr/share/man/man1/freenetis-http-302-redirection.1
# copy content of package ######################################################
cp ../../../redirection/freenetis-redirection.init.sh etc/init.d/${NAME}
cp ../../../redirection/freenetis-redirection.sh usr/sbin/freenetis-redirection
cp ../../../redirection/freenetis-http-302-redirection.py usr/sbin/freenetis-http-302-redirection
cp ../../../redirection/freenetis-redirection.conf etc/freenetis/
# count size
SIZE=`du -s etc usr | cut -f1 | paste -sd+ | bc`
# calculate checksum ###########################################################
find * -type f ! -regex '^DEBIAN/.*' -exec md5sum {} \; >> DEBIAN/md5sums
# create info files ############################################################
# create package info
echo "Package: ${NAME}" >> DEBIAN/control
echo "Version: ${VERSION}-${DEBIAN}" >> DEBIAN/control
echo "Installed-Size: ${SIZE}" >> DEBIAN/control
if [ "$DEBIAN" = lenny ] || [ "$DEBIAN" = squeeze ]; then
echo "Depends: coreutils (>= 6.10-6), ipset, wget (>= 1.11-4.1), grep (>= 2.5.3), procps, python, ipset-source, module-assistant, lsb-release" >> DEBIAN/control
else
echo "Depends: coreutils (>= 6.10-6), ipset, wget (>= 1.11-4.1), grep (>= 2.5.3), procps, python, lsb-release" >> DEBIAN/control
fi
cat ../../${NAME}/control >> DEBIAN/control
# scripts ######################################################################
cat ../../${NAME}/postinst >> DEBIAN/postinst
cat ../../${NAME}/prerm >> DEBIAN/prerm
cat ../../${NAME}/postrm >> DEBIAN/postrm
cat ../../${NAME}/templates >> DEBIAN/templates
cat ../../${NAME}/config >> DEBIAN/config
cp -a -f ../../${NAME}/conffiles DEBIAN/conffiles
chmod 644 DEBIAN/control DEBIAN/md5sums DEBIAN/templates DEBIAN/conffiles \
etc/freenetis/freenetis-redirection.conf
chmod 755 DEBIAN/prerm DEBIAN/postinst DEBIAN/postrm DEBIAN/config etc/init.d/${NAME} \
usr/sbin/freenetis-redirection usr/sbin/freenetis-http-302-redirection
# create deb ###################################################################
# change owner of files to root (security)
cd ..
sudo chown -hR root:root *
# make package
sudo dpkg-deb -b tmp ${NAME}_${VERSION}+${DEBIAN}.deb
# clean-up mess ################################################################
# clean
sudo rm -rf tmp
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/changelog
freenetis-redirection (2.2.0) stable; urgency=high
* HTTP redirector supports localhost
* man pages for all scripts
* DEB package fixes (#768)
-- Ondrej Fibich <ondrej.fibich@gmail.com> Tue, 10 Sep 2013 10:57:19 +0200
freenetis-redirection (2.1.0) stable; urgency=high
* Printing of version (#642)
* Support for multiple input interfaces (#683)
-- Michal Kliment <kliment@freenetis.org> Tue, 9 July 2013 14:21:03 +0200
freenetis-redirection (2.0.0) stable; urgency=high
* Support for debian wheezy (#261)
* Checking of working modules during running and its repairment (#549)
* start-stop-deamon (#568)
-- Ondrej Fibich <ondrej.fibich@gmail.com> Wed, 29 May 2013 15:53:03 +0200
freenetis-redirection (1.9.3) stable; urgency=high
* Improved building of ipset on squeeze (#454)
-- Ondrej Fibich <ondrej.fibich@gmail.com> Wed, 23 Jan 2013 14:31:56 +0100
freenetis-redirection (1.9.2) stable; urgency=high
* Fixes wrong initialization ipset rules (#399)
* Fixes printing of error message if socket cannot be open in HTTP redirector (#399)
-- Ondrej Fibich <ondrej.fibich@gmail.com> Tue, 23 Oct 2012 10:32:03 +0200
freenetis-redirection (1.9.1) stable; urgency=high
* Fixes starting of HTTP redirector
-- Ondrej Fibich <ondrej.fibich@gmail.com> Mon, 13 Aug 2012 12:58:52 +0200
freenetis-redirection (1.9.0) stable; urgency=low
* First release
-- Ondrej Fibich <ondrej.fibich@gmail.com> Tue, 07 Aug 2012 15:05:33 +0200
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/control
Priority: optional
Section: web
Pre-Depends: debconf (>= 0.5) | debconf-2.0
Suggests: freenetis
Architecture: all
Maintainer: Ondrej Fibich <ondrej.fibich@gmail.com>
Homepage: http://www.freenetis.org
Description: FreenetIS redirection:
FreenetIS redirection is tool which depends on FreenetIS and it is used for
restriction of traffic. Restrictions are activated in the FreenetIS
and they may be applicated on clouds, subnets, members or a single IP address.
Devices that are not registered in the FreenetIS are automatically restricted.
System administrators may edit messages that are displayed to restricted
users instead of web pages that they have requested.
Description-cs.UTF-8: FreenetIS přesměrování:
FreenetIS přesměrování je nástroj, který je závyslí na FreenetISu, a je používán
pro omezení provozu. Omezení jsou aktivována ve FreenetISu a mohou být
aplikovány na oblasti, podsítě, členy nebo jednotlivé IP adresy.
zařízení, které nejsou zaregistrovány ve FreenetISu jsou automaticky omezeny.
Systémový administrátoři mohou editovat zprávy, které jsou zobrazeny omezeným
uživatelům namísto webových stránek, které požadovaly.
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/postrm
#!/bin/sh
# FreenetIS-redirection DEB: actions before uninstalling of package
set -e
. /usr/share/debconf/confmodule
NAME=freenetis-redirection
CONFIGFILE=/etc/freenetis/freenetis-redirection.conf
# disable startup from update-rc.d
update-rc.d -f freenetis-redirection remove
# remove all configuration if purge
if [ "$1" = purge ]; then
# remove defconf values
if [ -e /usr/share/debconf/confmodule ]; then
db_purge
fi
# remove config files
rm -f $CONFIGFILE
# remove dir if empty
[ "$(ls -A /etc/freenetis)" ] || rm -rf /etc/freenetis
fi
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/conffiles
/etc/freenetis/freenetis-redirection.conf
/etc/init.d/freenetis-redirection
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/config
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
CONFIGFILE=/etc/freenetis/freenetis-redirection.conf
# Load config file, if it exists.
if [ -e $CONFIGFILE ]; then
. $CONFIGFILE || true
db_get freenetis-redirection/hack_reload
if [ "$RET" = true ]; then
db_set freenetis-redirection/path_freenetis "$PATH_FN"
fi
fi
# h@ck for not reloading variables from config file (enabled again by postinst)
db_set freenetis-redirection/hack_reload false
# Ask questions.
db_input critical freenetis-redirection/path_freenetis || true
db_go || true
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/postinst
#!/bin/bash
# FreenetIS-redirection DEB: actions after installing of package
set -e
. /usr/share/debconf/confmodule
NAME=freenetis-redirection
CONFIGFILE=/etc/freenetis/freenetis-redirection.conf
# Quit if config file is missing.
if [ ! -e $CONFIGFILE ]; then
echo "$CONFIGFILE not founded!"
exit 1
fi
. $CONFIGFILE
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
# Substitute in the values from the debconf db.
# There are obvious optimizations possible here.
# The cp before the sed ensures we do not mess up
# the config file’s ownership and permissions.
db_get freenetis-redirection/path_freenetis
PATH_FN="$RET"
# check path
if [ -z "$PATH_FN" ]; then
echo "Empty path to FreenetIS instance, configuration failed!"
exit 3
fi
# check path format
if [[ ! "$PATH_FN" =~ $url_regex ]]; then
echo "Wrong format of the path to FreenetIS instance, configuration failed!"
exit 3
fi
cp -a -f $CONFIGFILE $CONFIGFILE.tmp
# If the admin deleted or commented some variables but then set
# them via debconf, (re-)add them to the conffile.
test -z "$PATH_FN" || grep -Eq '^ *PATH_FN=' $CONFIGFILE || echo "PATH_FN=" >> $CONFIGFILE
PATH_FN_ESCAPED="${PATH_FN//\//\\/}"
sed -e "s/^ *PATH_FN=.*/PATH_FN=\"$PATH_FN_ESCAPED\"/" < $CONFIGFILE > $CONFIGFILE.tmp
mv -f $CONFIGFILE.tmp $CONFIGFILE
# Make post install things
# 1) Startup at boot
# set on fire after boot
update-rc.d freenetis-redirection defaults
exit 0
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/prerm
#!/bin/sh
# FreenetIS-redirection DEB: actions before uninstalling of package
set -e
. /usr/share/debconf/confmodule
NAME=freenetis-redirection
... Rozdílový soubor je zkrácen, protože jeho délka přesahuje max. limit.

Také k dispozici: Unified diff