#!/bin/sh
#
# a simple script to check, if there was no smb traffic for the specified
# number of minutes - then it unmounts the crypto partition
#
# you may want to adjust the function "filter_ipt_rules" according to
# your setup
#
# any Parameter are ignored
# 
# this script has to run as root - as it invokes iptables
#
# the iptables rules to detect smb traffic could look like the following:
#   iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
#   iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
#
# called by:
#	- cron (/etc/cron.d/cryptobox
#

set -eu

# parse config file
. /etc/cryptobox/cryptobox.conf


############# some functions ##################

filter_ipt_rules()
# get the input rules for smb datagram traffic
{
	iptables -L INPUT -vnx | grep -E "udp dpt:138|tcp dpt:139"
}


function check_for_traffic()
{
	local traffic_yes=0
	# fallback if no rules were found
	# extract the number of packets and calculate the sum
	filter_ipt_rules | sed 's/  */ /g' | cut -d " " -f 3 | while read a
		do	[ "$a" -gt 0 ] && echo "$a"
	  done | grep -q "" && traffic_yes=1
	iptables -Z INPUT
	[ "$traffic_yes" = "1" ]
}


################### main ######################

# break, if crypto partition is not mounted
"$CB_SCRIPT" is_crypto_mounted || exit 0

# break, if idle timer is turned off
MAX_IDLE_COUNTER=$("$CB_SCRIPT" get_config timeout)
[ "$MAX_IDLE_COUNTER" -eq 0 ] && exit 0

# config test
[ -z "`filter_ipt_rules`" ] && echo "[`basename $0`]: Could not find a matching iptables rule!" >>"$LOG_FILE" && exit 1

# read current idle counter
if [ -e "$IDLE_COUNTER_FILE" ]
	then	current_count=$(<$IDLE_COUNTER_FILE)
	else	current_count=0
  fi

# update counter
if check_for_traffic
  then	echo 0
  else	echo $((current_count + 1))
 fi >"$IDLE_COUNTER_FILE"

# unmount crypto partition, if the threshold was reached
if [ "$(<$IDLE_COUNTER_FILE)" -ge "$MAX_IDLE_COUNTER" ]
	then	"$CB_SCRIPT" crypto-down >>"$LOG_FILE" 2>&1
		echo "0" >"$IDLE_COUNTER_FILE"
  fi