You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

737 lines
24 KiB

  1. #!/bin/sh
  2. #################################################
  3. # function library used by adblock-update.sh #
  4. # written by Dirk Brenken (openwrt@brenken.org) #
  5. #################################################
  6. #####################################
  7. # f_envload: load adblock environment
  8. #
  9. f_envload()
  10. {
  11. # source in openwrt function library
  12. #
  13. if [ -r "/lib/functions.sh" ]
  14. then
  15. . "/lib/functions.sh" 2>/dev/null
  16. else
  17. rc=110
  18. f_log "openwrt function library not found" "${rc}"
  19. f_exit
  20. fi
  21. # source in openwrt network library
  22. #
  23. if [ -r "/lib/functions/network.sh" ]
  24. then
  25. . "/lib/functions/network.sh" 2>/dev/null
  26. else
  27. rc=115
  28. f_log "openwrt network library not found" "${rc}"
  29. f_exit
  30. fi
  31. # get list with all installed openwrt packages
  32. #
  33. pkg_list="$(opkg list-installed 2>/dev/null)"
  34. if [ -z "${pkg_list}" ]
  35. then
  36. rc=120
  37. f_log "empty openwrt package list" "${rc}"
  38. f_exit
  39. fi
  40. }
  41. ######################################################
  42. # f_envparse: parse adblock config and set environment
  43. #
  44. f_envparse()
  45. {
  46. # set initial defaults,
  47. # may be overwritten by setting appropriate adblock config options in global section of /etc/config/adblock
  48. #
  49. adb_wanif="wan"
  50. adb_lanif="lan"
  51. adb_port="65535"
  52. adb_nullipv4="192.0.2.1"
  53. adb_nullipv6="::ffff:c000:0201"
  54. adb_maxtime="60"
  55. adb_maxloop="20"
  56. adb_blacklist="/etc/adblock/adblock.blacklist"
  57. adb_whitelist="/etc/adblock/adblock.whitelist"
  58. # function to read/set global options by callback,
  59. # prepare list items and build option list for all others
  60. #
  61. config_cb()
  62. {
  63. local type="${1}"
  64. local name="${2}"
  65. if [ "${type}" = "adblock" ]
  66. then
  67. option_cb()
  68. {
  69. local option="${1}"
  70. local value="${2}"
  71. eval "${option}=\"${value}\""
  72. }
  73. else
  74. option_cb()
  75. {
  76. local option="${1}"
  77. local value="${2}"
  78. local opt_out="$(printf "${option}" | sed -n '/.*_ITEM[0-9]$/p; /.*_LENGTH$/p; /enabled/p' 2>/dev/null)"
  79. if [ -z "${opt_out}" ]
  80. then
  81. all_options="${all_options} ${option}"
  82. fi
  83. }
  84. list_cb()
  85. {
  86. local list="${1}"
  87. local value="${2}"
  88. if [ "${list}" = "adb_catlist" ]
  89. then
  90. adb_cat_shalla="${adb_cat_shalla} ${value}"
  91. fi
  92. }
  93. fi
  94. }
  95. # function to iterate through option list, read/set all options in "enabled" sections
  96. #
  97. parse_config()
  98. {
  99. local config="${1}"
  100. config_get switch "${config}" "enabled"
  101. if [ "${switch}" = "1" ]
  102. then
  103. for option in ${all_options}
  104. do
  105. config_get value "${config}" "${option}"
  106. if [ -n "${value}" ]
  107. then
  108. local opt_src="$(printf "${option}" | sed -n '/^adb_src_[a-z0-9]*$/p' 2>/dev/null)"
  109. if [ -n "${opt_src}" ]
  110. then
  111. adb_sources="${adb_sources} ${value}"
  112. else
  113. eval "${option}=\"${value}\""
  114. fi
  115. fi
  116. done
  117. fi
  118. }
  119. # load adblock config and start parsing functions
  120. #
  121. config_load adblock
  122. config_foreach parse_config service
  123. config_foreach parse_config source
  124. # set more script defaults (can't be overwritten by adblock config options)
  125. #
  126. adb_cnt=0
  127. adb_minspace=20000
  128. adb_unique=1
  129. adb_tmpfile="$(mktemp -tu 2>/dev/null)"
  130. adb_tmpdir="$(mktemp -p /tmp -d 2>/dev/null)"
  131. adb_dnsdir="/tmp/dnsmasq.d"
  132. adb_dnsprefix="adb_list"
  133. adb_prechain_ipv4="prerouting_rule"
  134. adb_fwdchain_ipv4="forwarding_rule"
  135. adb_outchain_ipv4="output_rule"
  136. adb_prechain_ipv6="PREROUTING"
  137. adb_fwdchain_ipv6="forwarding_rule"
  138. adb_outchain_ipv6="output_rule"
  139. unset adb_srclist
  140. unset adb_revsrclist
  141. # set adblock source ruleset definitions
  142. #
  143. rset_start="sed -r 's/[[:space:]]|[\[!#/:;_].*|[0-9\.]*localhost.*//g; s/[\^#/:;_\.\t ]*$//g'"
  144. rset_end="sed '/^[#/:;_\s]*$/d'"
  145. rset_adaway="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}"
  146. rset_blacklist="${rset_start} | ${rset_end}"
  147. rset_disconnect="${rset_start} | ${rset_end}"
  148. rset_dshield="${rset_start} | ${rset_end}"
  149. rset_feodo="${rset_start} | ${rset_end}"
  150. rset_malware="${rset_start} | ${rset_end}"
  151. rset_malwarelist="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}"
  152. rset_palevo="${rset_start} | ${rset_end}"
  153. rset_shalla="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}$//g' | ${rset_end}"
  154. rset_spam404="${rset_start} | sed 's/^\|\|//g' | ${rset_end}"
  155. rset_whocares="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}"
  156. rset_winhelp="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}"
  157. rset_yoyo="${rset_start} | sed 's/,/\n/g' | ${rset_end}"
  158. rset_zeus="${rset_start} | ${rset_end}"
  159. # get logical wan update interfaces (with default route) and their device names
  160. #
  161. while [ $((adb_cnt)) -le $((adb_maxloop)) ]
  162. do
  163. network_find_wan adb_wanif4 2>/dev/null
  164. network_find_wan6 adb_wanif6 2>/dev/null
  165. if [ -z "${adb_wanif4}" ] && [ -z "${adb_wanif6}" ]
  166. then
  167. network_flush_cache
  168. elif [ "${adb_wanif4}" = "${adb_lanif}" ] || [ "${adb_wanif6}" = "${adb_lanif}" ]
  169. then
  170. rc=125
  171. f_log "LAN only (${adb_lanif}) network, no valid IPv4/IPv6 wan update interface found" "${rc}"
  172. f_exit
  173. else
  174. network_get_device adb_wandev4 "${adb_wanif4}" 2>/dev/null
  175. network_get_device adb_wandev6 "${adb_wanif6}" 2>/dev/null
  176. break
  177. fi
  178. if [ $((adb_cnt)) -ge $((adb_maxloop)) ]
  179. then
  180. rc=125
  181. f_log "no valid IPv4/IPv6 wan update interface found" "${rc}"
  182. f_exit
  183. fi
  184. adb_cnt=$((adb_cnt + 1))
  185. sleep 1
  186. done
  187. # get lan ip addresses
  188. #
  189. network_get_ipaddr adb_ipv4 "${adb_lanif}" 2>/dev/null
  190. network_get_ipaddr6 adb_ipv6 "${adb_lanif}" 2>/dev/null
  191. if [ -z "${adb_ipv4}" ] && [ -z "${adb_ipv6}" ]
  192. then
  193. rc=130
  194. f_log "no valid IPv4/IPv6 configuration for given logical LAN interface found (${adb_lanif}), please set 'adb_lanif' manually" "${rc}"
  195. f_exit
  196. fi
  197. # read system ntp server names
  198. #
  199. adb_ntpsrv="$(uci get system.ntp.server 2>/dev/null)"
  200. }
  201. #################################################
  202. # f_envcheck: check/set environment prerequisites
  203. #
  204. f_envcheck()
  205. {
  206. # check general package dependencies
  207. #
  208. f_depend "uhttpd"
  209. f_depend "wget"
  210. f_depend "iptables"
  211. f_depend "kmod-ipt-nat"
  212. # check ipv6 related package dependencies
  213. #
  214. if [ -n "${adb_wanif6}" ]
  215. then
  216. check="$(printf "${pkg_list}" | grep "^ip6tables -" 2>/dev/null)"
  217. if [ -z "${check}" ]
  218. then
  219. f_log "package 'ip6tables' not found, IPv6 support wíll be disabled"
  220. unset adb_wanif6
  221. else
  222. check="$(printf "${pkg_list}" | grep "^kmod-ipt-nat6 -" 2>/dev/null)"
  223. if [ -z "${check}" ]
  224. then
  225. f_log "package 'kmod-ipt-nat6' not found, IPv6 support wíll be disabled"
  226. unset adb_wanif6
  227. fi
  228. fi
  229. fi
  230. # check ca-certificates package and set wget parms accordingly
  231. #
  232. check="$(printf "${pkg_list}" | grep "^ca-certificates -" 2>/dev/null)"
  233. if [ -z "${check}" ]
  234. then
  235. wget_parm="--no-config --no-check-certificate --quiet --tries=1 --no-cache --no-cookies --max-redirect=0"
  236. else
  237. wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0"
  238. fi
  239. # check adblock blacklist/whitelist configuration
  240. #
  241. if [ ! -r "${adb_blacklist}" ]
  242. then
  243. rc=135
  244. f_log "adblock blacklist not found (${adb_blacklist})" "${rc}"
  245. f_exit
  246. elif [ ! -r "${adb_whitelist}" ]
  247. then
  248. rc=135
  249. f_log "adblock whitelist not found (${adb_whitelist})" "${rc}"
  250. f_exit
  251. fi
  252. # check adblock temp directory
  253. #
  254. if [ -n "${adb_tmpdir}" ] && [ -d "${adb_tmpdir}" ]
  255. then
  256. f_space "${adb_tmpdir}"
  257. if [ "${space_ok}" = "false" ]
  258. then
  259. rc=140
  260. f_log "not enough space in '${adb_tmpdir}', please supersize your temp directory" "${rc}"
  261. f_exit
  262. fi
  263. else
  264. rc=140
  265. f_log "temp directory not found" "${rc}"
  266. f_exit
  267. fi
  268. # check total and swap memory
  269. #
  270. mem_total="$(grep -F "MemTotal" "/proc/meminfo" 2>/dev/null | grep -o "[0-9]*" 2>/dev/null)"
  271. mem_free="$(grep -F "MemFree" "/proc/meminfo" 2>/dev/null | grep -o "[0-9]*" 2>/dev/null)"
  272. swap_total="$(grep -F "SwapTotal" "/proc/meminfo" 2>/dev/null | grep -o "[0-9]*" 2>/dev/null)"
  273. if [ $((mem_total)) -le 64000 ] && [ $((swap_total)) -eq 0 ]
  274. then
  275. adb_unique=0
  276. f_log "not enough memory, overall sort/unique processing will be disabled"
  277. f_log "please consider adding an external swap device to supersize your temp directory (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})"
  278. fi
  279. # check backup configuration
  280. #
  281. if [ -n "${adb_backupdir}" ] && [ -d "${adb_backupdir}" ]
  282. then
  283. f_space "${adb_backupdir}"
  284. if [ "${space_ok}" = "false" ]
  285. then
  286. f_log "backup/restore will be disabled"
  287. backup_ok="false"
  288. else
  289. f_log "backup/restore will be enabled"
  290. backup_ok="true"
  291. fi
  292. else
  293. backup_ok="false"
  294. f_log "backup/restore will be disabled"
  295. fi
  296. # check log configuration
  297. #
  298. adb_logdir="${adb_logfile%/*}"
  299. if [ -n "${adb_logdir}" ] && [ -d "${adb_logdir}" ]
  300. then
  301. f_space "${adb_logdir}"
  302. if [ "${space_ok}" = "false" ]
  303. then
  304. f_log "not enough space in '${adb_logdir}', logging will be disabled"
  305. log_ok="false"
  306. else
  307. f_log "logging will be enabled"
  308. log_ok="true"
  309. fi
  310. else
  311. log_ok="false"
  312. f_log "logging will be disabled"
  313. fi
  314. # check ipv4/iptables configuration
  315. #
  316. if [ -n "${adb_wanif4}" ]
  317. then
  318. f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-pre" "-p tcp -d ${adb_nullipv4} --dport 80 -j REDIRECT --to-ports ${adb_port}"
  319. f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-dns" "-p udp --dport 53 -j REDIRECT"
  320. f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-dns" "-p tcp --dport 53 -j REDIRECT"
  321. f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adblock-fwd" "-d ${adb_nullipv4} -j REJECT"
  322. f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adblock-out" "-d ${adb_nullipv4} -j REJECT"
  323. fi
  324. # check ipv6/ip6tables configuration
  325. #
  326. if [ -n "${adb_wanif6}" ]
  327. then
  328. f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-pre" "-p tcp -d ${adb_nullipv6} --dport 80 -j REDIRECT --to-ports ${adb_port}"
  329. f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-dns" "-p udp --dport 53 -j REDIRECT"
  330. f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-dns" "-p tcp --dport 53 -j REDIRECT"
  331. f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adblock-fwd" "-d ${adb_nullipv6} -j REJECT"
  332. f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adblock-out" "-d ${adb_nullipv6} -j REJECT"
  333. fi
  334. # check volatile adblock uhttpd instance configuration
  335. #
  336. rc="$(ps | grep "[u]httpd.*\-h /www/adblock" >/dev/null 2>&1; printf ${?})"
  337. if [ $((rc)) -ne 0 ]
  338. then
  339. if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
  340. then
  341. uhttpd -h "/www/adblock" -k 0 -N 100 -T 5 -D -E "/adblock.html" -p "${adb_ipv4}:${adb_port}" -p "[${adb_ipv6}]:${adb_port}">/dev/null 2>&1
  342. rc=${?}
  343. if [ $((rc)) -eq 0 ]
  344. then
  345. f_log "created volatile uhttpd instance (${adb_ipv4}:${adb_port}, [${adb_ipv6}]:${adb_port})"
  346. else
  347. f_log "failed to initialize volatile uhttpd instance (${adb_ipv4}:${adb_port}, [${adb_ipv6}]:${adb_port})" "${rc}"
  348. f_restore
  349. fi
  350. elif [ -n "${adb_wanif4}" ]
  351. then
  352. uhttpd -h "/www/adblock" -k 0 -N 100 -T 5 -D -E "/adblock.html" -p "${adb_ipv4}:${adb_port}" >/dev/null 2>&1
  353. rc=${?}
  354. if [ $((rc)) -eq 0 ]
  355. then
  356. f_log "created volatile uhttpd instance (${adb_ipv4}:${adb_port})"
  357. else
  358. f_log "failed to initialize volatile uhttpd instance (${adb_ipv4}:${adb_port})" "${rc}"
  359. f_restore
  360. fi
  361. elif [ -n "${adb_wanif6}" ]
  362. then
  363. uhttpd -h "/www/adblock" -k 0 -N 100 -T 5 -D -E "/adblock.html" -p "[${adb_ipv6}]:${adb_port}" >/dev/null 2>&1
  364. rc=${?}
  365. if [ $((rc)) -eq 0 ]
  366. then
  367. f_log "created volatile uhttpd instance ([${adb_ipv6}]:${adb_port})"
  368. else
  369. f_log "failed to initialize volatile uhttpd instance ([${adb_ipv6}]:${adb_port})" "${rc}"
  370. f_restore
  371. fi
  372. fi
  373. fi
  374. # wait for active wan update interface
  375. #
  376. while [ $((adb_cnt)) -le $((adb_maxloop)) ]
  377. do
  378. for interface in ${adb_wanif}
  379. do
  380. network_get_device adb_wandev "${interface}" 2>/dev/null
  381. if [ -z "${adb_wandev}" ] || [ ! -d "/sys/class/net/${adb_wandev}" ]
  382. then
  383. if [ -n "${adb_wandev4}" ]
  384. then
  385. adb_wandev="${adb_wandev4}"
  386. else
  387. adb_wandev="${adb_wandev6}"
  388. fi
  389. if [ -z "${adb_wandev}" ] || [ ! -d "/sys/class/net/${adb_wandev}" ]
  390. then
  391. rc=145
  392. f_log "no valid network device for given logical WAN interface found, please set 'adb_wanif' manually" "${rc}"
  393. f_restore
  394. fi
  395. fi
  396. check="$(cat /sys/class/net/${adb_wandev}/operstate 2>/dev/null)"
  397. if [ "${check}" = "up" ]
  398. then
  399. f_log "get active wan update interface/device (${adb_wanif}/${adb_wandev})"
  400. break 2
  401. elif [ $((adb_cnt)) -eq $((adb_maxloop)) ]
  402. then
  403. rc=145
  404. f_log "wan update interface/device not running (${adb_wanif}/${adb_wandev})" "${rc}"
  405. f_restore
  406. fi
  407. adb_cnt=$((adb_cnt + 1))
  408. sleep 1
  409. done
  410. done
  411. # wait for ntp sync
  412. #
  413. if [ -n "${adb_ntpsrv}" ]
  414. then
  415. unset ntp_pool
  416. for srv in ${adb_ntpsrv}
  417. do
  418. ntp_pool="${ntp_pool} -p ${srv}"
  419. done
  420. /usr/sbin/ntpd -nq ${ntp_pool} >/dev/null 2>&1
  421. rc=${?}
  422. if [ $((rc)) -eq 0 ]
  423. then
  424. f_log "get ntp time sync"
  425. else
  426. rc=0
  427. f_log "ntp time sync failed"
  428. fi
  429. fi
  430. # set dnsmasq defaults
  431. #
  432. if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
  433. then
  434. adb_dnsformat="awk -v ipv4="${adb_nullipv4}" -v ipv6="${adb_nullipv6}" '{print \"address=/\"\$0\"/\"ipv4\"\n\"\"address=/\"\$0\"/\"ipv6}'"
  435. elif [ -n "${adb_wanif4}" ]
  436. then
  437. adb_dnsformat="awk -v ipv4="${adb_nullipv4}" '{print \"address=/\"\$0\"/\"ipv4}'"
  438. elif [ -n "${adb_wanif6}" ]
  439. then
  440. adb_dnsformat="awk -v ipv6="${adb_nullipv6}" '{print \"address=/\"\$0\"/\"ipv6}'"
  441. fi
  442. # remove no longer used opkg package list
  443. #
  444. unset pkg_list
  445. }
  446. ######################################
  447. # f_depend: check package dependencies
  448. #
  449. f_depend()
  450. {
  451. local package="${1}"
  452. check="$(printf "${pkg_list}" | grep "^${package} -" 2>/dev/null)"
  453. if [ -z "${check}" ]
  454. then
  455. rc=150
  456. f_log "package '${package}' not found" "${rc}"
  457. f_exit
  458. fi
  459. }
  460. ##############################################
  461. # f_firewall: set iptables rules for ipv4/ipv6
  462. #
  463. f_firewall()
  464. {
  465. local ipt
  466. local iptv4="/usr/sbin/iptables"
  467. local iptv6="/usr/sbin/ip6tables"
  468. local proto="${1}"
  469. local table="${2}"
  470. local ctype="${3}"
  471. local chain="${4}"
  472. local notes="${5}"
  473. local rules="${6}"
  474. # select appropriate iptables executable
  475. #
  476. if [ "${proto}" = "IPv4" ]
  477. then
  478. ipt="${iptv4}"
  479. else
  480. ipt="${iptv6}"
  481. fi
  482. # check whether iptables rule already applied and proceed accordingly
  483. #
  484. rc="$("${ipt}" -w -t "${table}" -C "${chain}" -m comment --comment "${notes}" ${rules} >/dev/null 2>&1; printf ${?})"
  485. if [ $((rc)) -ne 0 ]
  486. then
  487. "${ipt}" -w -t "${table}" -"${ctype}" "${chain}" -m comment --comment "${notes}" ${rules} >/dev/null 2>&1
  488. rc=${?}
  489. if [ $((rc)) -eq 0 ]
  490. then
  491. f_log "created volatile ${proto} firewall rule in '${chain}' chain (${notes})"
  492. else
  493. f_log "failed to initialize volatile ${proto} firewall rule in '${chain}' chain (${notes})" "${rc}"
  494. f_restore
  495. fi
  496. fi
  497. }
  498. ###################################################
  499. # f_log: log messages to stdout, syslog and logfile
  500. #
  501. f_log()
  502. {
  503. local log_msg="${1}"
  504. local log_rc="${2}"
  505. local class="info "
  506. # log to different output devices, set log class accordingly
  507. #
  508. if [ -n "${log_msg}" ]
  509. then
  510. if [ $((log_rc)) -ne 0 ]
  511. then
  512. class="error"
  513. log_rc=", rc: ${log_rc}"
  514. log_msg="${log_msg}${log_rc}"
  515. fi
  516. /usr/bin/logger -t "adblock[${pid}] ${class}" "${log_msg}"
  517. if [ -t 1 ]
  518. then
  519. printf "%s\n" "adblock[${pid}] ${class}: ${log_msg}"
  520. fi
  521. if [ "${log_ok}" = "true" ]
  522. then
  523. printf "%s\n" "$(/bin/date "+%d.%m.%Y %H:%M:%S") adblock[${pid}] ${class}: ${log_msg}" >> "${adb_logfile}"
  524. fi
  525. fi
  526. }
  527. ################################################
  528. # f_space: check mount points/space requirements
  529. #
  530. f_space()
  531. {
  532. local mp="${1}"
  533. # check relevant mount points in a subshell
  534. #
  535. if [ -d "${mp}" ]
  536. then
  537. df "${mp}" 2>/dev/null |\
  538. tail -n1 2>/dev/null |\
  539. while read filesystem overall used available scrap
  540. do
  541. av_space="${available}"
  542. if [ $((av_space)) -eq 0 ]
  543. then
  544. rc=155
  545. f_log "no space left on device/not mounted (${mp})"
  546. exit ${rc}
  547. elif [ $((av_space)) -lt $((adb_minspace)) ]
  548. then
  549. rc=155
  550. f_log "not enough space left on device (${mp})"
  551. exit ${rc}
  552. fi
  553. done
  554. # subshell return code handling, set space trigger accordingly
  555. #
  556. rc=${?}
  557. if [ $((rc)) -ne 0 ]
  558. then
  559. rc=0
  560. space_ok="false"
  561. fi
  562. fi
  563. }
  564. ##################################################################
  565. # f_restore: restore last adblock list backups and restart dnsmasq
  566. #
  567. f_restore()
  568. {
  569. local removal_done
  570. local restore_done
  571. # remove bogus adblock lists
  572. #
  573. if [ -n "${adb_revsrclist}" ]
  574. then
  575. find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrclist} \) -exec rm -f "{}" \; 2>/dev/null
  576. rc=${?}
  577. if [ $((rc)) -ne 0 ]
  578. then
  579. f_log "error during removal of bogus adblock lists" "${rc}"
  580. f_exit
  581. else
  582. removal_done="true"
  583. f_log "all bogus adblock lists removed"
  584. fi
  585. fi
  586. # restore backups
  587. #
  588. if [ "${backup_ok}" = "true" ] && [ -d "${adb_backupdir}" ] && [ "$(printf "${adb_backupdir}/${adb_dnsprefix}."*)" != "${adb_backupdir}/${adb_dnsprefix}.*" ]
  589. then
  590. for file in ${adb_backupdir}/${adb_dnsprefix}.*
  591. do
  592. filename="${file##*/}"
  593. cp -pf "${file}" "${adb_dnsdir}" 2>/dev/null
  594. rc=${?}
  595. if [ $((rc)) -ne 0 ]
  596. then
  597. f_log "error during restore of adblock list (${filename})" "${rc}"
  598. f_exit
  599. fi
  600. restore_done="true"
  601. done
  602. f_log "all available backups restored"
  603. else
  604. f_log "no backups found, nothing to restore"
  605. fi
  606. # (re-)try dnsmasq restart without bogus adblock lists / with backups
  607. #
  608. if [ "${restore_done}" = "true" ] || [ "${removal_done}" = "true" ]
  609. then
  610. /etc/init.d/dnsmasq restart >/dev/null 2>&1
  611. sleep 2
  612. dns_status="$(ps 2>/dev/null | grep "[d]nsmasq" 2>/dev/null)"
  613. if [ -n "${dns_status}" ]
  614. then
  615. rc=0
  616. if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
  617. then
  618. adb_count="$(($(head -qn -4 "${adb_dnsdir}/${adb_dnsprefix}."* 2>/dev/null | wc -l) / 2))"
  619. else
  620. adb_count="$(head -qn -4 "${adb_dnsdir}/${adb_dnsprefix}."* 2>/dev/null | wc -l)"
  621. fi
  622. f_log "adblock lists with overall ${adb_count} domains loaded"
  623. else
  624. rc=160
  625. f_log "dnsmasq restart failed, please check 'logread' output" "${rc}"
  626. fi
  627. fi
  628. f_exit
  629. }
  630. ###################################
  631. # f_exit: delete (temporary) files,
  632. # generate statistics and exit
  633. #
  634. f_exit()
  635. {
  636. local ipv4_prerouting
  637. local ipv4_forward
  638. local ipv4_output
  639. local ipv6_prerouting
  640. local ipv6_forward
  641. local ipv6_output
  642. local iptv4="/usr/sbin/iptables"
  643. local iptv6="/usr/sbin/ip6tables"
  644. # delete temporary files & directories
  645. #
  646. if [ -f "${adb_tmpfile}" ]
  647. then
  648. rm -f "${adb_tmpfile}" >/dev/null 2>&1
  649. fi
  650. if [ -d "${adb_tmpdir}" ]
  651. then
  652. rm -rf "${adb_tmpdir}" >/dev/null 2>&1
  653. fi
  654. # final log message and iptables statistics
  655. #
  656. if [ $((rc)) -eq 0 ]
  657. then
  658. if [ -n "${adb_wanif4}" ]
  659. then
  660. ipv4_prerouting="$(${iptv4} -t nat -vnL | grep -F "adblock-pre" | grep -Eo "[0-9]+" | head -n1)"
  661. ipv4_forward="$(${iptv4} -vnL | grep -F "adblock-fwd" | grep -Eo "[0-9]+" | head -n1)"
  662. ipv4_output="$(${iptv4} -vnL | grep -F "adblock-out" | grep -Eo "[0-9]+" | head -n1)"
  663. fi
  664. if [ -n "${adb_wanif6}" ]
  665. then
  666. ipv6_prerouting="$(${iptv6} -t nat -vnL | grep -F "adblock-pre" | grep -Eo "[0-9]+" | head -n1)"
  667. ipv6_forward="$(${iptv6} -vnL | grep -F "adblock-fwd" | grep -Eo "[0-9]+" | head -n1)"
  668. ipv6_output="$(${iptv6} -vnL | grep -F "adblock-out" | grep -Eo "[0-9]+" | head -n1)"
  669. fi
  670. if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
  671. then
  672. f_log "adblock firewall statistics (IPv4/IPv6):"
  673. f_log "${ipv4_prerouting}/${ipv6_prerouting} packets redirected in PREROUTING chain"
  674. f_log "${ipv4_forward}/${ipv6_forward} packets rejected in FORWARD chain"
  675. f_log "${ipv4_output}/${ipv6_output} packets rejected in OUTPUT chain"
  676. elif [ -n "${adb_wanif4}" ]
  677. then
  678. f_log "adblock firewall statistics (IPv4):"
  679. f_log "${ipv4_prerouting} packets redirected in PREROUTING chain"
  680. f_log "${ipv4_forward} packets rejected in FORWARD chain"
  681. f_log "${ipv4_output} packets rejected in OUTPUT chain"
  682. elif [ -n "${adb_wanif6}" ]
  683. then
  684. f_log "${ipv6_prerouting} packets redirected in PREROUTING chain"
  685. f_log "${ipv6_forward} packets rejected in FORWARD chain"
  686. f_log "${ipv6_output} packets rejected in OUTPUT chain"
  687. fi
  688. f_log "domain adblock processing finished successfully (${adb_version}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
  689. else
  690. f_log "domain adblock processing failed (${adb_version}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
  691. fi
  692. exit ${rc}
  693. }