include setup.sh in distribution

[rrq/hourglass.git] / setup.sh

#!/bin/bash
#
# This is a control script to start and stop the network activity
# listening.

CONF="hourglass.conf"
function getcfg() {
    grep -E "\\s*[^;#]$1]\\s*=" $CONF | sed 's/.*=\s*(.*)/\1/;s/\s*$//'
}

NET="$(getcfg listener.ip)"
TAP="$(getcfg listener.tap)"
SET="$(getcfg ipset.table)"

cd $(dirname $0)

RULE=( ! -o $TAP -j TEE --gateway $NET.2 --oif $TAP )
case "$CMD" in
    start)
        # start the blocking rule
        if iptables-save | grep -qs "match-set $SET" ; then
            : # all fine
        else
            if ipset list $SET >& /dev/null ; then
                : # The set exists
            else
                ipset create $SET hash:net
            fi
            iptables -A FORWARD -p tcp --dport 53 -j ACCEPT
            iptables -A FORWARD -p udp --dport 53 -j ACCEPT
            iptables -A FORWARD -m set --match-set $SET src -j DROP
        fi
        # Start the traffic listener
        if ifconfig $TAP >& /dev/null ; then
            echo "Already started"
        else
            date >> /tmp/hourglass-listener.log
            newlisp listener.lsp >> /tmp/hourglass-listener.log 2>&1 &
            while sleep 1 ; do
                ifconfig $TAP >& /dev/null && break
                echo $TAP not up yet
            done
            ifconfig $TAP $NET.1 up
            iptables -t mangle -A FORWARD -p tcp --dport 53 -j RETURN
            iptables -t mangle -A FORWARD -p udp --dport 53 -j RETURN
            iptables -t mangle -A FORWARD ${RULE[@]}
        fi
        ;;
    stop)
        iptables -t mangle -F FORWARD
        if ifconfig $TAP >& /dev/null ; then
            pkill -2 -f listener.lsp
        else
            echo "Already stopped"
        fi
        ipset flush $SET
        ;;
    *)
        echo "Unknown: $CMD"
        ;;
esac