view release on metacpan or  search on metacpan

lib/App/SilverSplash/IPTables.pm  view on Meta::CPAN

    # see if the mac address is in a rule
    my ($iptables_ip) = $iptables_rule =~
      m/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*?MAC\s+$uc_mac/i;

    my $chain = "_$type\_chain";
    if ( !$iptables_ip ) {

        warn("no rule for authed mac $mac, adding") if DEBUG;
        $class->$chain( 'A', $mac, $ip );

    }
    elsif ( $ip ne $iptables_ip ) {
        warn("iptables rules don't match, updating") if DEBUG;

        # dhcp lease probably expired, delete old rule, create new rule
        my $delete = "delete_from_$type\_chain";
        $class->$delete( $mac, $iptables_ip );
        $class->$chain( 'A', $mac, $ip );
    }
    elsif ( $ip eq $iptables_ip ) {

        # no-op
    }
    return 1;
}

sub paid_users {
    my ($class) = @_;

    return $class->users($Paid_mark);
}

sub ads_users {
    my ($class) = @_;

    return $class->users($Ads_mark);
}

sub users {
    my ( $class, $mark ) = @_;

    my @users =
      map { [ $_ =~ m/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*?MAC\s(\S+)\s/ ] }
      grep { $_ =~ m/(?:$mark)/ }
      split( '\n', `sudo $Iptables -t mangle --list` );

    return @users;
}

sub _paid_chain {
    my ( $class, $op, $mac, $ip ) = @_;
    iptables(
"-t mangle -$op slOUT -s $ip -m mac --mac-source $mac -j MARK $Mark_op $Paid_mark"
    );
    iptables("-t mangle -$op slINC -d $ip -j ACCEPT");
}

sub add_to_paid_chain {
    my ( $class, $mac, $ip ) = @_;

    my $esc_mac = URI::Escape::uri_escape($mac);

    # convert minutes to seconds
    my $stay = time() + 240 * 60;    # 4 hours
    $class->set( $mac => "$stay|paid" );

    warn("cache set $mac => $stay") if DEBUG;

    # add the mac to the paid chain
    return $class->_paid_chain( 'A', $mac, $ip );
}

sub delete_from_paid_chain {
    my ( $class, $mac, $ip ) = @_;

    return $class->_paid_chain( 'D', $mac, $ip );
}

sub check_paid_chain_for_mac {
    my ( $class, $mac ) = @_;

    return $class->_check_chain_for_mac( $Paid_mark, $mac );
}

sub _check_chain_for_mac {
    my ( $class, $mark, $mac ) = @_;

    $mac = uc($mac);

    my @lines = split( '\n', `sudo $Iptables -t mangle --list` );

    my $ip;
    foreach my $line (@lines) {

        next unless $line =~ m/^MARK/;
        last
          if ($ip) =
          $line =~ m/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*?MAC\s+$mac/i;
    }

    return unless $ip;
    return $ip;
}

sub check_ads_chain_for_mac {
    my ( $class, $mac ) = @_;

    return $class->_check_chain_for_mac( $Ads_mark, $mac );
}

sub add_to_ads_chain {
    my ( $class, $mac, $ip ) = @_;

    my $esc_mac = URI::Escape::uri_escape($mac);

    # convert minutes to seconds
    my $stay = time() + $Config->sl_visitor_limit * 60;
    $class->set( $mac => "$stay|ads" );

    warn("cache set $mac => $stay") if DEBUG;
    return $class->_ads_chain( 'A', $mac, $ip );
}

sub delete_from_ads_chain {
    my ( $class, $mac, $ip ) = @_;

    return $class->_ads_chain( 'D', $mac, $ip );
}

sub _ads_chain {
    my ( $class, $op, $mac, $ip ) = @_;

    iptables(
"-t mangle -$op slOUT -s $ip -m mac --mac-source $mac -j MARK $Mark_op $Ads_mark"
    );

    iptables("-t mangle -$op slINC -d $ip -j ACCEPT");
}

sub check_overage {
    my ( $class, $mac, $ip ) = @_;

    my $in  = `$Iptables -t mangle -n -v -x -L slINC`;
    my $out = `$Iptables -t mangle -n -v -x -L slOUT`;

    # check the megabyte limits first
    my ($bytes_in) = $in =~ m/\d+\s+(\d+).*?$ip/;
    return 1 if $bytes_in > $Config->sl_down_overage;

    my ($bytes_out) = $out =~ m/\d+\s+(\d+).*?$ip/;
    return 1 if $bytes_out > $Config->sl_up_overage;

    return;
}

1;