cryptonas/cbox-tree.d/usr/lib/cryptobox/check_smb_idle.sh

#!/bin/sh
#
# a simple script to check, if there was no smb traffic for the specified
# number of minutes - then it unmounts the crypto partition
#
# you may want to adjust the function "filter_ipt_rules" according to
# your setup
#
# any Parameter are ignored
# 
# this script has to run as root - as it invokes iptables
#
# the iptables rules to detect smb traffic could look like the following:
#   iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
#   iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
#
# called by:
#	- cron (/etc/cron.d/cryptobox
#

set -eu

# parse config file
. /etc/cryptobox/cryptobox.conf


############# some functions ##################

filter_ipt_rules()
# get the input rules for smb datagram traffic
{
	iptables -L INPUT -vnx | grep -E "tcp upt:138|udp dpt:139"
}


function count_traffic()
{
	local sum=0
	# fallback if no rules were found
	echo "$sum"
	# extract the number of packets and calculate the sum
	filter_ipt_rules | sed 's/  */ /g' | cut -d " " -f 3 | while read a
		do	sum=$((sum+a))
			echo "$sum"
	  done | tail -1
	# sorry for the echo-tail-voodoo - i did not know it better :)
	iptables -Z INPUT
}


################### main ######################

# break, if crypto partition is not mounted
"$CB_SCRIPT" is_crypto_mounted || exit 0

# break, if idle timer is turned off
MAX_IDLE_COUNTER=$("$CB_SCRIPT" get_config timeout)
[ "$MAX_IDLE_COUNTER" -eq 0 ] && exit 0

# config test
[ -z "`filter_ipt_rules`" ] && echo "[`basename $0`]: Could not find a matching iptables rule!" >>"$LOG_FILE" && exit 1

# init idle_counter file, if it does not exist
[ ! -e "$IDLE_COUNTER_FILE" ] && echo "0" >"$IDLE_COUNTER_FILE"

# return true if it was idle
if [ "$(count_traffic)" -eq 0 ]
  then	echo "$(( $(<$IDLE_COUNTER_FILE) +1))"
  else	echo 0
 fi >"$IDLE_COUNTER_FILE"

# unmount crypto partition, if the threshold was reached
[ "$(<$IDLE_COUNTER_FILE)" -ge "$MAX_IDLE_COUNTER" ] && \
	"$CB_SCRIPT" crypto-umount >>"$LOG_FILE" 2>&1