X-Git-Url: https://git.rrq.au/?a=blobdiff_plain;f=setup.sh;h=951d3aca0e7b33408f7293dab3f5e5ca1d8da6fb;hb=a6009c7c04d72e861737a3cdf1e327eada42dcb3;hp=e4bcc646bbbd9836ca991e2fca5ccfdb4bff595a;hpb=05a9c528d8aee0373f52fa1bc72250e7f3625e76;p=rrq%2Fhourglass.git

diff --git a/setup.sh b/setup.sh
index e4bcc64..951d3ac 100755
--- a/setup.sh
+++ b/setup.sh
@@ -1,34 +1,62 @@
 #!/bin/bash
+#
+# This is a control script to start and stop the network activity
+# listening.
 
-CMD=${1-start}
-NET=192.168.249
-TAP=tap0
+CONF="hourglass.conf"
+function getcfg() {
+    awk -v K="$1" '$1==K {print;exit;}' $CONF |
+	sed 's/^[^=]*=\s*//;s/\s*$//'
+}
+NET="$(getcfg listener.net)"
+TAP="$(getcfg listener.tap)"
+SET="$(getcfg ipset.table)"
+CMD="${1-start}"
+
+cat <<EOF
+NET=$NET:
+TAP=$TAP:
+SET=$SET:
+EOF
 
 cd $(dirname $0)
 
 RULE=( ! -o $TAP -j TEE --gateway $NET.2 --oif $TAP )
 case "$CMD" in
     start)
+	# start the blocking rule
+	if iptables-save | grep -qs "match-set $SET" ; then
+	    : # all fine
+	else
+	    if ipset list $SET >& /dev/null ; then
+		: # The set exists
+	    else
+		ipset create $SET hash:net
+	    fi
+	    iptables -A FORWARD -m set --match-set $SET src -j DROP
+	fi
+	# Start the traffic listener
 	if ifconfig $TAP >& /dev/null ; then
 	    echo "Already started"
 	else
 	    date >> /tmp/hourglass-listener.log
-	    newlisp listener.lsp >> /tmp/hourglass-listener.log 2>&1 &
+	    ./hourglass listener >> /tmp/hourglass-listener.log 2>&1 &
 	    while sleep 1 ; do
 		ifconfig $TAP >& /dev/null && break
-		echo $TAP not up yet
+		echo $TAP not up yet >&2
 	    done
 	    ifconfig $TAP $NET.1 up
 	    iptables -t mangle -A FORWARD ${RULE[@]}
 	fi
 	;;
     stop)
-	iptables -t mangle -F FORWARD
 	if ifconfig $TAP >& /dev/null ; then
-	    pkill -2 -f listener.lsp
+	    pkill -2 -f "hourglass listener"
 	else
 	    echo "Already stopped"
 	fi
+	ipset flush $SET
+	iptables -t mangle -D FORWARD ${RULE[@]}
 	;;
     *)
 	echo "Unknown: $CMD"