forked from wifinigel/wiperf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwiperf_switcher
executable file
·292 lines (252 loc) · 9.06 KB
/
wiperf_switcher
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
#! /bin/bash
#
# wiperf_switcher script to switch wiperf on/off
#
# Written by Nigel Bowden <[email protected]>.
#
# History:
#
# v0.01 - 8th Dec 2019 - Initial version
# v0.02 - 11th Dec 2019 - Fixed awk for multiple spaces, command ordrering, ufw rules
# v0.03 - 14th Dec 2019 - Lots of updates for eth0 static routes, wlan0 check etc.
# v0.04 - 11th Jan 2020 - Fixed WLANPi name to WLAN Pi.
# v0.05 0 27th Feb 2020 - added tcp/80 to ufw rules
set -e
NAME=wiperf_switcher
DESC="Script to switch wiperf on/off"
VERSION=0.04
STATUS_FILE="/home/wlanpi/wiperf/wiperf.on"
CFG_FILE="/home/wlanpi/wiperf/config.ini"
LOG_FILE="/home/wlanpi/wiperf/switcher.log"
ROUTE_FILE="/etc/network/if-up.d/route"
# Check we're root
if [[ $EUID -ne 0 ]]; then
err_msg="This script must be run as root"
echo $err_msg | tee $LOG_FILE
exit 1
fi
###############################################################################
#
# Activate wiperf:
#
# 1. Check wlan0 is available (wireless NIC plugged in)
# 2. Read in test interval & offset from config file
# 3. Check if our mgt interface is defined in config.ini
# 4. Check Splunk server IP set
# 5. Check whether we use eth0 at mgt interface (static route req if we are)
# 6. if we're using eth0 as mgt i/f:
# a. Check eth0 is up
# b. Figure out gateway used by eth0
# c. Write route to /etc/network/interfaces
# 7. Add fw rules to harden eth0 & wlan0
# 8. Add crontab entry to perform 5 min polling
# 9. Backup various existing files to allow restoration when wiperf
# deactivated
# 10. Remove a number of existing files that need to be replaced
# 11. Create links from deleted file locations to wiperf config files
# 12. Create status file to indicate wiperf is active
# 13. Reboot the wlanpi to ensure clean activation
#
# Note: /etc/sysctl.conf included to ensure forwarding
# cannot be accidentally be enabled in probe mode if
# has been changed by some other process
#
###############################################################################
wiperf_on () {
echo "Enabling wiperf..." | tee $LOG_FILE
# Check if wlan0 available before we start changing things
WLAN_IF=`ip a | grep wlan0` || true
if [ -z "$WLAN_IF" ]; then
echo "No WLAN Interface" | tee -a $LOG_FILE
exit 0
fi
echo "WLAN Interface ${WLAN_IF} is available" >> $LOG_FILE
# get test interval
TEST_INTERVAL=`cat /home/wlanpi/wiperf/config.ini | grep test_interval | awk -F'[:][[:space:]]*' '{print $2}'` || true
if [ -z "TEST_INTERVAL" ]; then
echo "No test interval in config" | tee -a $LOG_FILE
exit 0
fi
# get test offset value
TEST_OFFSET=`cat /home/wlanpi/wiperf/config.ini | grep test_offset | awk -F'[:][[:space:]]*' '{print $2}'` || true
if [ -z "TEST_OFFSET" ]; then
echo "No test offset in config" | tee -a $LOG_FILE
exit 0
fi
echo "Test offset from config file: ${TEST_OFFSET}" >> $LOG_FILE
# figure out the interface we send mgt traffic over
MGT_IF=`cat /home/wlanpi/wiperf/config.ini | grep mgt_if | awk -F'[:][[:space:]]*' '{print $2}'` || true
# check if we have a mgt interface
if [ -z "$MGT_IF" ]; then
echo "No mgt interface config" | tee -a $LOG_FILE
exit 0
fi
echo "Mgt interface from config file: ${MGT_IF}" >> $LOG_FILE
# figure out the Splunk IP
SPLUNK_IP=`cat /home/wlanpi/wiperf/config.ini | grep data_host | awk -F'[:][[:space:]]*' '{print $2}'` || true
# check if we have a Splunk IP
if [ -z "$SPLUNK_IP" ]; then
echo "No Splunk IP config" | tee -a $LOG_FILE
exit 0
fi
echo "Splunk server IP from config file: ${SPLUNK_IP}" >> $LOG_FILE
# If we're using Splunk via eth0, set up static route
if [ "$MGT_IF" == "eth0" ]; then
# Using eth0 - need to set static route back to Splunk if eth0 up
# is eth0 up...fail if not
ETH_STATUS=`ip a | grep eth0 | grep 'state UP'` || true
if [ -z "$ETH_STATUS" ]; then
echo "eth0 is down..." | tee -a $LOG_FILE
exit 0
fi
echo "Ethernet status: ${ETH_STATUS}" >> $LOG_FILE
# get def gw of eth0
#ETH_DEF_ROUTE=`ip route | grep eth0 | grep default | awk '{print $3}'` || true
ETH_DEF_ROUTE=`cat /var/lib/dhcp/dhclient.eth0.leases | grep 'option routers' | head -n1 | awk '{print $3}' | sed 's/.$//'` || true
# check if we got gateway OK
if [ -z "$ETH_DEF_ROUTE" ]; then
echo "Eth0 cannot get def gw" | tee -a $LOG_FILE
exit 0
fi
echo "Ethernet default route: ${ETH_DEF_ROUTE}" >> $LOG_FILE
# add static route to route file in /etc/network/if-up.d
# if route file exists, back it up
if [ -e "$ROUTE_FILE" ]; then
cp $ROUTE_FILE ${ROUTE_FILE}.orig
fi
# create /etc/network/if-up.d/route & chmod 755
echo "#!/bin/sh" > $ROUTE_FILE
STATIC_CMD="/bin/ip route add $SPLUNK_IP via $ETH_DEF_ROUTE dev eth0"
echo "Static route command: ${STATIC_CMD}" >> $LOG_FILE
echo $STATIC_CMD >> $ROUTE_FILE
chmod 755 $ROUTE_FILE
fi
# Add crontab entry
line="${TEST_OFFSET}-59/${TEST_INTERVAL} * * * * /usr/bin/python3 /home/wlanpi/wiperf/wi-perf.py > /home/wlanpi/wiperf/wiperf.log 2>&1"
(crontab -u wlanpi -l; echo "$line" ) | crontab -u wlanpi -
LAST_RESULT=$?
if [ $LAST_RESULT -ne 0 ]; then
echo "Cron add failed" | tee -a $LOG_FILE
exit 0
fi
echo "Cron command added: ${line}" >> $LOG_FILE
# Harden eth0 & wlan0 by adding fw rules - allow only ssh in on eth0 & wlan0
ufw insert 1 allow in on eth0 to any port ssh
ufw insert 2 allow in on eth0 to any port http
ufw insert 3 deny in on eth0
ufw insert 4 allow in on wlan0 to any port ssh
ufw insert 5 allow in on wlan0 to any port http
ufw insert 6 deny in on wlan0
#Backup existing config files
cp /etc/network/interfaces /etc/network/interfaces.probe
cp /etc/sysctl.conf /etc/sysctl.conf.probe
cp /etc/wpa_supplicant/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant.conf.probe
# Remove existing config files
rm /etc/network/interfaces
rm /etc/sysctl.conf
rm /etc/wpa_supplicant/wpa_supplicant.conf
# Link to wiperf config files
ln -s /home/wlanpi/wiperf/conf/etc/network/interfaces /etc/network/interfaces
ln -s /home/wlanpi/wiperf/conf/etc/sysctl.conf /etc/sysctl.conf
ln -s /home/wlanpi/wiperf/conf/etc/wpa_supplicant/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant.conf
touch $STATUS_FILE
echo "WLAN Pi will now reboot" | tee -a $LOG_FILE
sleep 1
reboot
}
###############################################################################
#
# Deactivate wiperf:
#
# 1. remove crontab entry to stop polling
# 2. Remove eth0 static route (if needed)
# 3. Remove fw rules added during mode switch
# 5. Remove links created during activation
# 6. Restore config files backed up during activation
# 7. Remove status file to indicate wiperf no longer active
# 8. Reboot wlanpi to provide clean restoration of services
#
###############################################################################
wiperf_off () {
#echo "Disabling wiperf..."
# Remove crontab entry
crontab -u wlanpi -l | grep -v 'wi-perf.py' | crontab -u wlanpi -
LAST_RESULT=$?
if [ $LAST_RESULT -ne 0 ]; then
echo "Cron remove failed" | tee $LOG_FILE
exit 0
fi
# figure out the interface we send mgt traffic over
MGT_IF=`cat /home/wlanpi/wiperf/config.ini | grep mgt_if | awk -F'[:][[:space:]]*' '{print $2}'` ||
# check if we have a mgt interface
if [ -z "$MGT_IF" ]; then
echo "No mgt interface in config file" | tee $LOG_FILE
exit 0
fi
if [ "$MGT_IF" == "eth0" ]; then
# Using eth0 - need to remove static route back to Splunk
# if route file backup exists restore it, otherwise, remove route file
if [ -e "${ROUTE_FILE}.orig" ]
then
cp "${ROUTE_FILE}.orig" $ROUTE_FILE
rm "${ROUTE_FILE}.orig"
else
rm $ROUTE_FILE
fi
fi
# Remove eth0 & wlan0 fw rules
# Harden eth0 & wlan0 by adding fw rules - allow only ssh in on eth0 & wlan0
ufw delete allow in on eth0 to any port ssh
ufw delete allow in on eth0 to any port http
ufw delete deny in on eth0
ufw delete allow in on wlan0 to any port ssh
ufw delete allow in on wlan0 to any port http
ufw delete deny in on wlan0
# Remove links to config files
unlink /etc/network/interfaces
unlink /etc/sysctl.conf
unlink /etc/wpa_supplicant/wpa_supplicant.conf
# Restore original config files
cp /etc/network/interfaces.probe /etc/network/interfaces
cp /etc/sysctl.conf.probe /etc/sysctl.conf
cp /etc/wpa_supplicant/wpa_supplicant.conf.probe /etc/wpa_supplicant/wpa_supplicant.conf
echo "WLAN Pi will now reboot"
if [ -e "$STATUS_FILE" ]; then
rm $STATUS_FILE
fi
sleep 1
reboot
}
status () {
if [ -e "$STATUS_FILE" ]; then
echo "wiperf is currently enabled"
exit 0
else
echo "wiperf is currently disabled"
exit 0
fi
}
version () {
N=/etc/wlanpiwiperf/$NAME
echo "Version: $N $VERSION" >&2
exit 1
}
case "$1" in
on)
wiperf_on
;;
off)
wiperf_off
;;
status)
status
;;
version)
version;;
*)
N=/etc/wlanpiwiperf/$NAME
echo "Usage: $N {on|off|status|version}" >&2
exit 1
;;
esac
exit 0