LSP = $(filter-out $(MAIN),$(wildcard *.lsp))
BIN = hourglass hourglass-web
DOCS = hourglass-guide.html hourglass-guide.pdf
+IMGS = $(wildcard *.png)
OTHER = setup.sh hourglass.conf
VERSION = 0.1
hourglass: $(MAIN) $(LSP)
packnl -w $@ $^
-hourglass-web:
+hourglass-web: manager siteconfig.lsp
$(MAKE) -C manager
mv manager/$@ $@
-hourglass-$(VERSION).tgz: $(BIN) $(OTHER) $(DOCS)
+hourglass-$(VERSION).tgz: $(BIN) $(OTHER) $(DOCS) $(IMGS)
tar czf $@ $^
%.html: %.adoc
asciidoctor $< > $@
-hourglass-guide.pdf: $(wildcard *.png)
-
-%.pdf: %.adoc
+%.pdf: %.adoc | $(IMGS)
asciidoctor-pdf $< > $@
clean:
+ $(MAKE) -C manager clean
rm -f $(BIN) hourglass-$(VERSION).tgz
# default. Then make a TUNSETIFF call to initialize it (as
# IFF_TAP|IFF_NO_PI).
(constant
- 'listener-log-ip SITE:listener.ip
+ 'listener-log-ip SITE:listener.log.ip
'IFNAME SITE:listener.tap
'PORTS SITE:listener.ports
'IFD (open SITE:tundev "u")
(define (udp-handler) ; buffer ihl
(let ((ports (map ntohs (unpack "uu" ((+ ihl 14) buffer)))))
- (when (intersect ports PORTS) (mark-active (date-value)))))
-
+ (when PORTS (intersect ports PORTS) (mark-active (date-value)))))
+
# Handle an IPv4 packet. It recognises the IPv4 protocol concerned,
# and dispatches to the associated handler, if any.
(define (ipv4-handler) ; buffer
hourglass-web: $(MAIN) $(LSP) $(TMPL) $(OTHER)
packnl -w $@ $^
+
+clean:
+ rm -f hourglass-web siteconfig.lsp
;; this file as a packnl embedding that will use that X part of its
;; name to determine th actual script.
-(load "siteconfig.lsp")
-
-(write-line 2 (string (date-value) " " (main-args)))
+;(write-line 2 (string (date-value) " " (main-args)))
(unless (ends-with (main-args 0) ".cgi")
+ (load "siteconfig.lsp")
(if (exists file? (list (main-args 1)
(string (main-args 1) ".lsp")))
(load $it)
(write-line 2 (string "Unknown command " (main-args 1))))
(exit 0))
-
;; This script is executed in (protected) subdirectory www
(change-dir "..")
+(load "siteconfig.lsp")
+
;; Needs an HTTP_AUTHORIZATION environment variable
(when (empty? (setf AUTH (env "HTTP_AUTHORIZATION")))
+ ;(write-line 2 "needs auth")
(write-line 1 (read-file "tmpl/unauthorized.http"))
(exit 0))
-;; Must find that value in .htpasswd
-(unless (ref (6 AUTH) (parse (read-file ".htpasswd") "\n"))
+;; Must find that value in wui.passwd
+(constant 'PASSWD SITE:wui.passwd)
+(unless (ref (6 AUTH) (parse (read-file PASSWD) "\n"))
(write-line 1 (read-file "tmpl/unauthorized.http"))
(exit 0))
SCRIPT (role-script)
)
(env "REMOTE_USER" REMOTE_USER)
-(env "ROLE" ROLE)
+;(env "ROLE" ROLE)
(unless (file? SCRIPT)
(write 1 "\nBroken.\n")
(exit 0))
+;(write-line 2 (string (list "script" SCRIPT)))
(load SCRIPT)
(exit 0)
(let ((data "")(b "") (c '()) (v nil))
(while (read 0 b 1000) (extend data b))
(setf v (map (fn (x) (parse x "=")) (parse data "&")))
- (push (list 'gap (int-parse (lookup "gap" v))) c -1)
- (push (list 'clip (int-parse (lookup "clip" v))) c -1)
(for (i 1 7)
(push (list i
(mode-parse (lookup (string "mode" i) v))
(constant
'CONTROLFILE SITE:control.dat
+ 'GAP SITE:control.activity.gap
+ 'CLIP control.activity.clip
)
(setf UPDATE "")
(load "controls-update.lsp")
)
-(constant
- 'CONTROL (read-expr (read-file CONTROLFILE))
- 'GAP (or (lookup 'gap CONTROL) 5)
- 'CLIP (or (lookup 'clip CONTROL) 5)
- 'TIMES (map (fn (n) (or (assoc n CONTROL) '(1 timed (7 0) (3 0) (19 0))))
- (sequence 1 7))
- )
+(define (time-row n)
+ (or (assoc n CONTROL) (cons n (copy '(timed (7 0) (3 0) (19 0))))))
(setf
DAYS '(0 "Mon" "Tue" "Wed" "Thu" "Fri" "Sat" "Sun")
- gap-options '(0 1 2 5 10 15 30)
- clip-options '(0 200 500 800 1000 1200 1500 2000)
+ CONTROL (read-expr (read-file CONTROLFILE))
+ TIMES (map time-row (sequence 1 7))
mode-options '("opened" "timed" "closed")
start-options '()
end-options '()
limit-options '()
)
-(dotimes (h 24) (dolist (m '(0 30))
- (push (format "%02d:%02d" h m) start-options -1)))
-(dotimes (h 24) (dolist (m '(0 30))
- (push (format "%02d:%02d" h m) end-options -1)))
-(for (h 1 8) (dolist (m '(0 30))
- (push (format "%02d:%02d" h m) limit-options -1)))
+
+(dotimes (h 24)
+ (dolist (m '(0 30))
+ (push (format "%02d:%02d" h m) start-options -1)))
+(dotimes (h 24)
+ (dolist (m '(0 30))
+ (push (format "%02d:%02d" h m) end-options -1)))
+(for (h 1 8)
+ (dolist (m '(0 30))
+ (push (format "%02d:%02d" h m) limit-options -1)))
(println "Status 200 OK\nContent-Type: text/html\n\n")
(println (expand-file "tmpl/controls-form.html" ))
(load "expand-string.lsp")
-(write-line 2 (string "index.lsp"))
-(write-line 2 (string (expand-file "tmpl/index-page.html")))
(println "Status 200 OK\nContent-Type: text/html\n\n")
(println (expand-file "tmpl/index-page.html"))
(exit 0)
Status: 401 Unauthorized
WWW-Authenticate: Basic realm="Hourglass"
+
+This site needs authentication.
}
#history {
width: 80%;
- height: 120px;
+ height: 220px;
}
#controls {
width: 60%;
- height: 430px;
+ height: 330px;
// border: none;
}
#form_submit {
CONF="hourglass.conf"
function getcfg() {
- grep -E "\\s*[^;#]$1]\\s*=" $CONF | sed 's/.*=\s*(.*)/\1/;s/\s*$//'
+ awk -v K="$1" '$1==K {print;exit;}' $CONF |
+ sed 's/^[^=]*=\s*//;s/\s*$//'
}
-
-NET="$(getcfg listener.ip)"
+NET="$(getcfg listener.net)"
TAP="$(getcfg listener.tap)"
SET="$(getcfg ipset.table)"
+CMD="${1-start}"
+
+cat <<EOF
+NET=$NET:
+TAP=$TAP:
+SET=$SET:
+EOF
cd $(dirname $0)
else
ipset create $SET hash:net
fi
- iptables -A FORWARD -p tcp --dport 53 -j ACCEPT
- iptables -A FORWARD -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -m set --match-set $SET src -j DROP
fi
# Start the traffic listener
echo "Already started"
else
date >> /tmp/hourglass-listener.log
- newlisp listener.lsp >> /tmp/hourglass-listener.log 2>&1 &
+ ./hourglass listener >> /tmp/hourglass-listener.log 2>&1 &
while sleep 1 ; do
ifconfig $TAP >& /dev/null && break
- echo $TAP not up yet
+ echo $TAP not up yet >&2
done
ifconfig $TAP $NET.1 up
- iptables -t mangle -A FORWARD -p tcp --dport 53 -j RETURN
- iptables -t mangle -A FORWARD -p udp --dport 53 -j RETURN
iptables -t mangle -A FORWARD ${RULE[@]}
fi
;;
stop)
- iptables -t mangle -F FORWARD
if ifconfig $TAP >& /dev/null ; then
- pkill -2 -f listener.lsp
+ pkill -2 -f "hourglass listener"
else
echo "Already stopped"
fi
ipset flush $SET
+ iptables -t mangle -D FORWARD ${RULE[@]}
;;
*)
echo "Unknown: $CMD"
(define (set-int K V) (set K (int V 0 10)))
(define (set-ints K V)
- (map (curry set-int K) (clean empty? (parse V "\\s*,?\\s*" 0))))
+ (set K (map int (clean empty? (parse V "(\\s+|\\s*,\\s*)" 0)))))
(define (set-list K V)
- (map (curry set K) (clean empty? (parse V "\\s*,?\\s*" 0))))
+ (set K (clean empty? (parse V "(\\s+|\\s*,\\s*)" 0))))
(constant
'FILE "hourglass.conf"
'KEYS '(
("listener.ports" set-ints)
- ("listener.ip" set)
+ ("listener.net" set)
+ ("listener.log.ip" set)
("listener.activity.dir" set)
("listener.tap" set)
)
(define (setting LINE)
- (when (regex "^\\s([^;#][^=]*)=(.*)" LINE 0)
+ (when (regex "^\\s*([^;#][^=]*)=(.*)" LINE 0)
(let ((KV (map trim (list $1 $2))))
- (if (lookup (KV 0) KEYS) (apply $it (list (sym (KV 0)) (KV 1)))))))
+ (if (lookup (KV 0) KEYS)
+ (let ((SET $it) (K (sym (KV 0))) (V (KV 1)))
+ ;(write-line 2 (string (list K V)))
+ (apply SET (list K V)))))))
(map setting (parse (or (read-file FILE) "") "\n"))
projects / rrq / hourglass.git / commitdiff
