|
|
- #!/bin/sh
- # function library used by adblock-update.sh
- # written by Dirk Brenken (dev@brenken.org)
-
- # set initial defaults
- #
- LC_ALL=C
- PATH="/usr/sbin:/usr/bin:/sbin:/bin"
- adb_hotplugif=""
- adb_lanif="lan"
- adb_nullport="65534"
- adb_nullportssl="65535"
- adb_nullipv4="198.18.0.1"
- adb_nullipv6="::ffff:c612:0001"
- adb_whitelist="/etc/adblock/adblock.whitelist"
- adb_whitelist_rset="\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\"^\"\$1\"\\\|[.]\"\$1)}"
- adb_dnsdir="/tmp/dnsmasq.d"
- adb_dnshidedir="${adb_dnsdir}/.adb_hidden"
- adb_dnsprefix="adb_list"
- adb_count=0
- adb_minspace=12000
- adb_forcedns=1
- adb_fetchttl=5
- adb_restricted=0
- adb_uci="$(which uci)"
-
- # f_envload: load adblock environment
- #
- f_envload()
- {
- # source in system function library
- #
- if [ -r "/lib/functions.sh" ]
- then
- . "/lib/functions.sh"
- else
- rc=-10
- f_log "system function library not found, please check your installation"
- f_exit
- fi
-
- # source in system network library
- #
- if [ -r "/lib/functions/network.sh" ]
- then
- . "/lib/functions/network.sh"
- else
- rc=-10
- f_log "system network library not found, please check your installation"
- f_exit
- fi
-
- # check opkg availability
- #
- if [ -f "/var/lock/opkg.lock" ]
- then
- rc=-10
- f_log "adblock installation finished successfully, 'opkg' currently locked by package installer"
- f_exit
- fi
-
- # uci function to parse global section by callback
- #
- config_cb()
- {
- local type="${1}"
- if [ "${type}" = "adblock" ]
- then
- option_cb()
- {
- local option="${1}"
- local value="${2}"
- eval "${option}=\"${value}\""
- }
- else
- reset_cb
- fi
- }
-
- # uci function to parse 'service' and 'source' sections
- #
- parse_config()
- {
- local value opt section="${1}" options="enabled adb_dir adb_src adb_src_rset adb_src_cat"
- if [ "${section}" != "backup" ]
- then
- eval "adb_sources=\"${adb_sources} ${section}\""
- fi
- for opt in ${options}
- do
- config_get value "${section}" "${opt}"
- if [ -n "${value}" ]
- then
- eval "${opt}_${section}=\"${value}\""
- fi
- done
- }
-
- # load adblock config and start parsing functions
- #
- config_load adblock
- config_foreach parse_config service
- config_foreach parse_config source
-
- # get network basics
- #
- network_get_ipaddr adb_ipv4 "${adb_lanif}"
- network_get_ipaddr6 adb_ipv6 "${adb_lanif}"
- network_get_device adb_landev "${adb_lanif}"
- network_find_wan adb_wanif4
- network_find_wan6 adb_wanif6
- }
-
- # f_envcheck: check/set environment prerequisites
- #
- f_envcheck()
- {
- local check
-
- # check 'enabled' & 'version' config options
- #
- if [ -z "${adb_enabled}" ] || [ -z "${adb_cfgver}" ] || [ "${adb_cfgver%%.*}" != "${adb_mincfgver%%.*}" ]
- then
- rc=-1
- f_log "outdated adblock config (${adb_mincfgver} vs. ${adb_cfgver}), please run '/etc/init.d/adblock cfgup' to update your configuration"
- f_exit
- elif [ "${adb_cfgver#*.}" != "${adb_mincfgver#*.}" ]
- then
- outdated_ok="true"
- fi
- if [ "${adb_enabled}" != "1" ]
- then
- rc=-10
- f_log "adblock is currently disabled, please set adblock.global.adb_enabled=1' to use this service"
- f_exit
- fi
-
- # get list with all installed packages
- #
- pkg_list="$(opkg list-installed)"
- if [ -z "${pkg_list}" ]
- then
- rc=-1
- f_log "empty 'opkg' package list, please check your installation"
- f_exit
- fi
- adb_sysver="$(printf "${pkg_list}" | grep "^base-files -")"
- adb_sysver="${adb_sysver##*-}"
-
- # get lan ip addresses
- #
- if [ -z "${adb_ipv4}" ] && [ -z "${adb_ipv6}" ]
- then
- rc=-1
- f_log "no valid IPv4/IPv6 configuration found (${adb_lanif}), please set 'adb_lanif' manually"
- f_exit
- fi
-
- # check logical update interfaces (with default route)
- #
- if [ -z "${adb_wanif4}" ] && [ -z "${adb_wanif6}" ]
- then
- adb_wanif4="${adb_lanif}"
- fi
-
- # check AP mode
- #
- if [ "${adb_wanif4}" = "${adb_lanif}" ] || [ "${adb_wanif6}" = "${adb_lanif}" ]
- then
- adb_nullipv4="${adb_ipv4}"
- adb_nullipv6="${adb_ipv6}"
- if [ -n "$(${adb_uci} -q get uhttpd.main.listen_http | grep -Fo "80")" ] ||
- [ -n "$(${adb_uci} -q get uhttpd.main.listen_https | grep -Fo "443")" ]
- then
- rc=-1
- f_log "AP mode detected, please set local LuCI instance to ports <> 80/443"
- f_exit
- elif [ ! -f "/etc/init.d/dnsmasq" ]
- then
- rc=-1
- f_log "please enable the local dnsmasq instance to use adblock"
- f_exit
- elif [ ! -f "/var/run/fw3.state" ]
- then
- rc=-1
- f_log "please enable the local firewall to use adblock"
- f_exit
- else
- apmode_ok="true"
- fi
- else
- apmode_ok="false"
- check="$(${adb_uci} -q get bcp38.@bcp38[0].enabled)"
- if [ "${check}" = "1" ]
- then
- if [ -n "$(${adb_uci} -q get bcp38.@bcp38[0].match | grep -Fo "${adb_nullipv4%.*}")" ]
- then
- rc=-1
- f_log "please whitelist '${adb_nullipv4}' in your bcp38 configuration to use adblock"
- f_exit
- fi
- fi
- fi
-
- # check general package dependencies
- #
- f_depend "busybox"
- f_depend "uci"
- f_depend "uhttpd"
- f_depend "iptables"
- f_depend "kmod-ipt-nat"
-
- # check ipv6 related package dependencies
- #
- if [ -n "${adb_wanif6}" ]
- then
- f_depend "ip6tables" "true"
- if [ "${package_ok}" = "false" ]
- then
- f_log "package 'ip6tables' not found, IPv6 support will be disabled"
- unset adb_wanif6
- else
- f_depend "kmod-ipt-nat6" "true"
- if [ "${package_ok}" = "false" ]
- then
- f_log "package 'kmod-ipt-nat6' not found, IPv6 support will be disabled"
- unset adb_wanif6
- fi
- fi
- fi
-
- # check uclient-fetch/wget dependencies
- #
- f_depend "uclient-fetch" "true"
- if [ "${package_ok}" = "true" ]
- then
- f_depend "libustream-polarssl" "true"
- if [ "${package_ok}" = "false" ]
- then
- f_depend "libustream-\(mbedtls\|openssl\|cyassl\)" "true"
- if [ "${package_ok}" = "true" ]
- then
- adb_fetch="$(which uclient-fetch)"
- fetch_parm="-q --timeout=${adb_fetchttl}"
- response_parm="--spider"
- fi
- fi
- fi
- if [ -z "${adb_fetch}" ]
- then
- f_depend "wget" "true"
- if [ "${package_ok}" = "true" ]
- then
- adb_fetch="$(which wget)"
- fetch_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=${adb_fetchttl} --connect-timeout=${adb_fetchttl} --read-timeout=${adb_fetchttl}"
- response_parm="--spider --server-response"
- else
- rc=-1
- f_log "please install 'uclient-fetch' or 'wget' with ssl support to use adblock"
- f_exit
- fi
- fi
-
- # check ca-certificate package and set fetch parm accordingly
- #
- f_depend "ca-certificates" "true"
- if [ "${package_ok}" = "false" ]
- then
- fetch_parm="${fetch_parm} --no-check-certificate"
- fi
-
- # start normal processing/logging
- #
- f_log "domain adblock processing started (${adb_scriptver}, ${adb_sysver}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
-
- # log partially outdated config
- #
- if [ "${outdated_ok}" = "true" ]
- then
- f_log "partially outdated adblock config (${adb_mincfgver} vs. ${adb_cfgver}), please run '/etc/init.d/adblock cfgup' to update your configuration"
- fi
-
- # log ap mode
- #
- if [ "${apmode_ok}" = "true" ]
- then
- f_log "AP mode enabled"
- fi
-
- # set/log restricted mode
- #
- if [ "${adb_restricted}" = "1" ]
- then
- adb_uci="$(which true)"
- f_log "Restricted mode enabled"
- fi
-
- # check dns hideout directory
- #
- if [ -d "${adb_dnshidedir}" ]
- then
- mv_done="$(find "${adb_dnshidedir}" -maxdepth 1 -type f -name "${adb_dnsprefix}*" -print -exec mv -f "{}" "${adb_dnsdir}" \;)"
- else
- mkdir -p -m 660 "${adb_dnshidedir}"
- fi
-
- # check adblock temp directory
- #
- adb_tmpfile="$(mktemp -tu)"
- adb_tmpdir="$(mktemp -p /tmp -d)"
- if [ -n "${adb_tmpdir}" ] && [ -d "${adb_tmpdir}" ]
- then
- f_space "${adb_tmpdir}"
- if [ "${space_ok}" = "false" ]
- then
- if [ $((av_space)) -le 2000 ]
- then
- rc=105
- f_log "not enough free space in '${adb_tmpdir}' (avail. ${av_space} kb)"
- f_exit
- else
- f_log "not enough free space to handle all block list sources at once in '${adb_tmpdir}' (avail. ${av_space} kb)"
- fi
- fi
- else
- rc=110
- f_log "temp directory not found"
- f_exit
- fi
-
- # check memory
- #
- mem_total="$(awk '$1 ~ /^MemTotal/ {printf $2}' "/proc/meminfo")"
- mem_free="$(awk '$1 ~ /^MemFree/ {printf $2}' "/proc/meminfo")"
- mem_swap="$(awk '$1 ~ /^SwapTotal/ {printf $2}' "/proc/meminfo")"
- if [ $((mem_total)) -le 64000 ] && [ $((mem_swap)) -eq 0 ]
- then
- mem_ok="false"
- f_log "not enough free memory, overall sort processing will be disabled (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})"
- else
- mem_ok="true"
- fi
-
- # check backup configuration
- #
- if [ "${enabled_backup}" = "1" ] && [ -d "${adb_dir_backup}" ]
- then
- f_space "${adb_dir_backup}"
- if [ "${space_ok}" = "false" ]
- then
- f_log "not enough free space in '${adb_dir_backup}'(avail. ${av_space} kb), backup/restore will be disabled"
- backup_ok="false"
- else
- f_log "backup/restore will be enabled"
- backup_ok="true"
- fi
- else
- backup_ok="false"
- f_log "backup/restore will be disabled"
- fi
-
- # set dnsmasq defaults
- #
- if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
- then
- adb_dnsformat="awk -v ipv4="${adb_nullipv4}" -v ipv6="${adb_nullipv6}" '{print \"address=/\"\$0\"/\"ipv4\"\n\"\"address=/\"\$0\"/\"ipv6}'"
- elif [ -n "${adb_wanif4}" ]
- then
- adb_dnsformat="awk -v ipv4="${adb_nullipv4}" '{print \"address=/\"\$0\"/\"ipv4}'"
- else
- adb_dnsformat="awk -v ipv6="${adb_nullipv6}" '{print \"address=/\"\$0\"/\"ipv6}'"
- fi
-
- # check volatile iptables configuration
- #
- if [ -n "${adb_wanif4}" ]
- then
- if [ "${apmode_ok}" = "false" ]
- then
- if [ "${adb_forcedns}" = "1" ] && [ -n "${adb_landev}" ]
- then
- f_firewall "IPv4" "nat" "prerouting_rule" "adb-dns" "1" "dns" "-p udp --dport 53 -j DNAT --to-destination ${adb_ipv4}:53"
- f_firewall "IPv4" "nat" "prerouting_rule" "adb-dns" "2" "dns" "-p tcp --dport 53 -j DNAT --to-destination ${adb_ipv4}:53"
- fi
- f_firewall "IPv4" "filter" "forwarding_rule" "adb-fwd" "1" "fwd" "-p tcp -j REJECT --reject-with tcp-reset"
- f_firewall "IPv4" "filter" "forwarding_rule" "adb-fwd" "2" "fwd" "-j REJECT --reject-with icmp-host-unreachable"
- f_firewall "IPv4" "filter" "output_rule" "adb-out" "1" "out" "-p tcp -j REJECT --reject-with tcp-reset"
- f_firewall "IPv4" "filter" "output_rule" "adb-out" "2" "out" "-j REJECT --reject-with icmp-host-unreachable"
- fi
- f_firewall "IPv4" "nat" "prerouting_rule" "adb-nat" "1" "nat" "-p tcp --dport 80 -j DNAT --to-destination ${adb_ipv4}:${adb_nullport}"
- f_firewall "IPv4" "nat" "prerouting_rule" "adb-nat" "2" "nat" "-p tcp --dport 443 -j DNAT --to-destination ${adb_ipv4}:${adb_nullportssl}"
- fi
- if [ -n "${adb_wanif6}" ]
- then
- if [ "${apmode_ok}" = "false" ]
- then
- if [ "${adb_forcedns}" = "1" ] && [ -n "${adb_landev}" ]
- then
- f_firewall "IPv6" "nat" "PREROUTING" "adb-dns" "1" "dns" "-p udp --dport 53 -j DNAT --to-destination [${adb_ipv6}]:53"
- f_firewall "IPv6" "nat" "PREROUTING" "adb-dns" "2" "dns" "-p tcp --dport 53 -j DNAT --to-destination [${adb_ipv6}]:53"
- fi
- f_firewall "IPv6" "filter" "forwarding_rule" "adb-fwd" "1" "fwd" "-p tcp -j REJECT --reject-with tcp-reset"
- f_firewall "IPv6" "filter" "forwarding_rule" "adb-fwd" "2" "fwd" "-j REJECT --reject-with icmp6-addr-unreachable"
- f_firewall "IPv6" "filter" "output_rule" "adb-out" "1" "out" "-p tcp -j REJECT --reject-with tcp-reset"
- f_firewall "IPv6" "filter" "output_rule" "adb-out" "2" "out" "-j REJECT --reject-with icmp6-addr-unreachable"
- fi
- f_firewall "IPv6" "nat" "PREROUTING" "adb-nat" "1" "nat" "-p tcp --dport 80 -j DNAT --to-destination [${adb_ipv6}]:${adb_nullport}"
- f_firewall "IPv6" "nat" "PREROUTING" "adb-nat" "2" "nat" "-p tcp --dport 443 -j DNAT --to-destination [${adb_ipv6}]:${adb_nullportssl}"
- fi
- if [ "${firewall_ok}" = "true" ]
- then
- f_log "created volatile firewall rulesets"
- fi
-
- # check volatile uhttpd instance configuration
- #
- if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
- then
- f_uhttpd "adbIPv4+6_80" "1" "-p ${adb_ipv4}:${adb_nullport} -p [${adb_ipv6}]:${adb_nullport}"
- f_uhttpd "adbIPv4+6_443" "0" "-p ${adb_ipv4}:${adb_nullportssl} -p [${adb_ipv6}]:${adb_nullportssl}"
- elif [ -n "${adb_wanif4}" ]
- then
- f_uhttpd "adbIPv4_80" "1" "-p ${adb_ipv4}:${adb_nullport}"
- f_uhttpd "adbIPv4_443" "0" "-p ${adb_ipv4}:${adb_nullportssl}"
- else
- f_uhttpd "adbIPv6_80" "1" "-p [${adb_ipv6}]:${adb_nullport}"
- f_uhttpd "adbIPv6_443" "0" "-p [${adb_ipv6}]:${adb_nullportssl}"
- fi
- if [ "${uhttpd_ok}" = "true" ]
- then
- f_log "created volatile uhttpd instances"
- fi
-
- # check whitelist entries
- #
- if [ -s "${adb_whitelist}" ]
- then
- awk "${adb_whitelist_rset}" "${adb_whitelist}" > "${adb_tmpdir}/tmp.whitelist"
- fi
-
- # remove temporary package list
- #
- unset pkg_list
- }
-
- # f_depend: check package dependencies
- #
- f_depend()
- {
- local check
- local package="${1}"
- local check_only="${2}"
- package_ok="true"
-
- check="$(printf "${pkg_list}" | grep "^${package} -")"
- if [ "${check_only}" = "true" ] && [ -z "${check}" ]
- then
- package_ok="false"
- elif [ -z "${check}" ]
- then
- rc=-1
- f_log "package '${package}' not found"
- f_exit
- fi
- }
-
- # f_firewall: set iptables rules for ipv4/ipv6
- #
- f_firewall()
- {
- local ipt="iptables"
- local nullip="${adb_nullipv4}"
- local proto="${1}"
- local table="${2}"
- local chsrc="${3}"
- local chain="${4}"
- local chpos="${5}"
- local notes="adb-${6}"
- local rules="${7}"
-
- # select appropriate iptables executable for IPv6
- #
- if [ "${proto}" = "IPv6" ]
- then
- ipt="ip6tables"
- nullip="${adb_nullipv6}"
- fi
-
- # check whether iptables chain already exist
- #
- rc="$("${ipt}" -w -t "${table}" -nL "${chain}" >/dev/null 2>&1; printf ${?})"
- if [ $((rc)) -ne 0 ]
- then
- "${ipt}" -w -t "${table}" -N "${chain}"
- "${ipt}" -w -t "${table}" -A "${chain}" -m comment --comment "${notes}" -j RETURN
- if [ "${chain}" = "adb-dns" ]
- then
- "${ipt}" -w -t "${table}" -A "${chsrc}" -i "${adb_landev}+" -m comment --comment "${notes}" -j "${chain}"
- else
- "${ipt}" -w -t "${table}" -A "${chsrc}" -d "${nullip}" -m comment --comment "${notes}" -j "${chain}"
- fi
- rc=${?}
- if [ $((rc)) -ne 0 ]
- then
- f_log "failed to initialize volatile ${proto} firewall chain '${chain}'"
- f_exit
- fi
- fi
-
- # check whether iptables rule already exist
- #
- rc="$("${ipt}" -w -t "${table}" -C "${chain}" -m comment --comment "${notes}" ${rules} >/dev/null 2>&1; printf ${?})"
- if [ $((rc)) -ne 0 ]
- then
- "${ipt}" -w -t "${table}" -I "${chain}" "${chpos}" -m comment --comment "${notes}" ${rules}
- rc=${?}
- if [ $((rc)) -eq 0 ]
- then
- firewall_ok="true"
- else
- f_log "failed to initialize volatile ${proto} firewall rule '${notes}'"
- f_exit
- fi
- fi
- }
-
- # f_uhttpd: start uhttpd instances
- #
- f_uhttpd()
- {
- local check
- local realm="${1}"
- local timeout="${2}"
- local ports="${3}"
-
- check="$(pgrep -f "uhttpd -h /www/adblock -N 25 -T ${timeout} -r ${realm}")"
- if [ -z "${check}" ]
- then
- uhttpd -h "/www/adblock" -N 25 -T "${timeout}" -r "${realm}" -k 0 -t 0 -R -D -S -E "/index.html" ${ports}
- rc=${?}
- if [ $((rc)) -eq 0 ]
- then
- uhttpd_ok="true"
- else
- f_log "failed to initialize volatile uhttpd instance (${realm})"
- f_exit
- fi
- fi
- }
-
- # f_space: check mount points/space requirements
- #
- f_space()
- {
- local mp="${1}"
- space_ok="true"
-
- if [ -d "${mp}" ]
- then
- av_space="$(df "${mp}" | tail -n1 | awk '{printf $4}')"
- if [ $((av_space)) -lt $((adb_minspace)) ]
- then
- space_ok="false"
- fi
- fi
- }
-
- # f_cntconfig: calculate counters in config
- #
- f_cntconfig()
- {
- local src_name
- local count=0
-
- for src_name in $(ls -ASr "${adb_dnsdir}/${adb_dnsprefix}"*)
- do
- count="$(wc -l < "${src_name}")"
- src_name="${src_name##*.}"
- if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
- then
- count=$((count / 2))
- fi
- "${adb_uci}" -q set "adblock.${src_name}.adb_src_count=${count}"
- adb_count=$((adb_count + count))
- done
- "${adb_uci}" -q set "adblock.global.adb_overall_count=${adb_count}"
- }
-
- # f_rmconfig: remove volatile config entries
- #
- f_rmconfig()
- {
- local opt
- local options="adb_src_timestamp adb_src_count"
- local section="${1}"
-
- "${adb_uci}" -q delete "adblock.global.adb_overall_count"
- "${adb_uci}" -q delete "adblock.global.adb_dnstoggle"
- "${adb_uci}" -q delete "adblock.global.adb_percentage"
- "${adb_uci}" -q delete "adblock.global.adb_lastrun"
- for opt in ${options}
- do
- "${adb_uci}" -q delete "adblock.${section}.${opt}"
- done
- }
-
- # f_rmdns: remove dns block lists and backups
- #
- f_rmdns()
- {
- rm_dns="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}*" -print -exec rm -f "{}" \;)"
- if [ -n "${rm_dns}" ]
- then
- rm -rf "${adb_dnshidedir}"
- if [ "${enabled_backup}" = "1" ] && [ -d "${adb_dir_backup}" ]
- then
- rm -f "${adb_dir_backup}/${adb_dnsprefix}"*.gz
- fi
- /etc/init.d/dnsmasq restart
- fi
- }
-
- # f_rmuhttpd: remove uhttpd instances
- #
- f_rmuhttpd()
- {
- rm_uhttpd="$(pgrep -f "uhttpd -h /www/adblock")"
- if [ -n "${rm_uhttpd}" ]
- then
- for pid in ${rm_uhttpd}
- do
- kill -9 "${pid}"
- done
- fi
- }
-
- # f_rmfirewall: remove firewall rulsets
- #
- f_rmfirewall()
- {
- rm_fw="$(iptables -w -t nat -vnL | grep -Fo "adb-")"
- if [ -n "${rm_fw}" ]
- then
- iptables-save -t nat | grep -Fv -- "adb-" | iptables-restore
- iptables-save -t filter | grep -Fv -- "adb-" | iptables-restore
- if [ -n "$(lsmod | grep -Fo "ip6table_nat")" ]
- then
- ip6tables-save -t nat | grep -Fv -- "adb-" | ip6tables-restore
- ip6tables-save -t filter | grep -Fv -- "adb-" | ip6tables-restore
- fi
- fi
- }
-
- # f_log: log messages to stdout and syslog
- #
- f_log()
- {
- local log_parm
- local log_msg="${1}"
- local class="info "
-
- # check for terminal session
- #
- if [ -t 1 ]
- then
- log_parm="-s"
- fi
-
- # log to different output devices and set log class accordingly
- #
- if [ -n "${log_msg}" ]
- then
- if [ $((rc)) -gt 0 ]
- then
- class="error"
- fi
- logger ${log_parm} -t "adblock[${adb_pid}] ${class}" "${log_msg}" 2>&1
- fi
- }
-
- # f_statistics: adblock runtime statistics
- f_statistics()
- {
- local ipv4_blk=0 ipv4_all=0 ipv4_pct=0
- local ipv6_blk=0 ipv6_all=0 ipv6_pct=0
-
- if [ -n "${adb_wanif4}" ]
- then
- ipv4_blk="$(iptables -t nat -vxnL adb-nat | awk '$3 ~ /^DNAT$/ {sum += $1} END {printf sum}')"
- ipv4_all="$(iptables -t nat -vxnL PREROUTING | awk '$3 ~ /^(delegate_prerouting|prerouting_rule)$/ {sum += $1} END {printf sum}')"
- if [ $((ipv4_all)) -gt 0 ] && [ $((ipv4_blk)) -gt 0 ] && [ $((ipv4_all)) -gt $((ipv4_blk)) ]
- then
- ipv4_pct="$(printf "${ipv4_blk}" | awk -v all="${ipv4_all}" '{printf( "%5.2f\n",$1/all*100)}')"
- elif [ $((ipv4_all)) -lt $((ipv4_blk)) ]
- then
- iptables -t nat -Z adb-nat
- fi
- fi
- if [ -n "${adb_wanif6}" ]
- then
- ipv6_blk="$(ip6tables -t nat -vxnL adb-nat | awk '$3 ~ /^DNAT$/ {sum += $1} END {printf sum}')"
- ipv6_all="$(ip6tables -t nat -vxnL PREROUTING | awk '$3 ~ /^(adb-nat|DNAT)$/ {sum += $1} END {printf sum}')"
- if [ $((ipv6_all)) -gt 0 ] && [ $((ipv6_blk)) -gt 0 ] && [ $((ipv6_all)) -gt $((ipv6_blk)) ]
- then
- ipv6_pct="$(printf "${ipv6_blk}" | awk -v all="${ipv6_all}" '{printf( "%5.2f\n",$1/all*100)}')"
- elif [ $((ipv6_all)) -lt $((ipv6_blk)) ]
- then
- ip6tables -t nat -Z adb-nat
- fi
- fi
- "${adb_uci}" -q set "adblock.global.adb_percentage=${ipv4_pct}%/${ipv6_pct}%"
- f_log "firewall statistics (IPv4/IPv6): ${ipv4_pct}%/${ipv6_pct}% of all packets in prerouting chain are ad related & blocked"
- }
-
- # f_exit: delete temporary files, generate statistics and exit
- #
- f_exit()
- {
- local lastrun="$(date "+%d.%m.%Y %H:%M:%S")"
-
- if [ "${adb_restricted}" = "1" ]
- then
- adb_uci="$(which true)"
- fi
-
- # delete temp files & directories
- #
- rm -f "${adb_tmpfile}"
- rm -rf "${adb_tmpdir}"
-
- # tidy up on error
- #
- if [ $((rc)) -lt 0 ] || [ $((rc)) -gt 0 ]
- then
- f_rmdns
- f_rmuhttpd
- f_rmfirewall
- config_foreach f_rmconfig source
- if [ $((rc)) -eq -1 ]
- then
- "${adb_uci}" -q set "adblock.global.adb_lastrun=${lastrun} => runtime error, please check the log!"
- fi
- fi
-
- # final log message and iptables statistics
- #
- if [ $((rc)) -eq 0 ]
- then
- f_statistics
- "${adb_uci}" -q set "adblock.global.adb_lastrun=${lastrun}"
- f_log "domain adblock processing finished successfully (${adb_scriptver}, ${adb_sysver}, ${lastrun})"
- elif [ $((rc)) -gt 0 ]
- then
- f_log "domain adblock processing failed (${adb_scriptver}, ${adb_sysver}, ${lastrun})"
- else
- rc=0
- fi
- "${adb_uci}" -q commit "adblock"
- rm -f "${adb_pidfile}"
- exit ${rc}
- }
|