You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
1.9 KiB
74 lines
1.9 KiB
#!/bin/sh |
|
# |
|
# a simple script to check, if there was no smb traffic for the specified |
|
# number of minutes - then it unmounts the crypto partition |
|
# |
|
# you may want to adjust the function "filter_ipt_rules" according to |
|
# your setup |
|
# |
|
# any Parameter are ignored |
|
# |
|
# this script has to run as root - as it invokes iptables |
|
# |
|
# the iptables rules to detect smb traffic could look like the following: |
|
# iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT |
|
# iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT |
|
# |
|
# called by: |
|
# - cron (/etc/cron.d/cryptobox |
|
# |
|
|
|
set -eu |
|
|
|
# parse config file |
|
. /etc/cryptobox/cryptobox.conf |
|
|
|
|
|
############# some functions ################## |
|
|
|
filter_ipt_rules() |
|
# get the input rules for smb datagram traffic |
|
{ |
|
iptables -L INPUT -vnx | grep -E "tcp upt:138|udp dpt:139" |
|
} |
|
|
|
|
|
function count_traffic() |
|
{ |
|
local sum=0 |
|
# fallback if no rules were found |
|
echo "$sum" |
|
# extract the number of packets and calculate the sum |
|
filter_ipt_rules | sed 's/ */ /g' | cut -d " " -f 3 | while read a |
|
do sum=$((sum+a)) |
|
echo "$sum" |
|
done | tail -1 |
|
# sorry for the echo-tail-voodoo - i did not know it better :) |
|
iptables -Z INPUT |
|
} |
|
|
|
|
|
################### main ###################### |
|
|
|
# break, if crypto partition is not mounted |
|
"$CB_SCRIPT" is_crypto_mounted || exit 0 |
|
|
|
# break, if idle timer is turned off |
|
MAX_IDLE_COUNTER=$("$CB_SCRIPT" get_config timeout) |
|
[ "$MAX_IDLE_COUNTER" -eq 0 ] && exit 0 |
|
|
|
# config test |
|
[ -z "`filter_ipt_rules`" ] && echo "[`basename $0`]: Could not find a matching iptables rule!" >>"$LOG_FILE" && exit 1 |
|
|
|
# init idle_counter file, if it does not exist |
|
[ ! -e "$IDLE_COUNTER_FILE" ] && echo "0" >"$IDLE_COUNTER_FILE" |
|
|
|
# return true if it was idle |
|
if [ "$(count_traffic)" -eq 0 ] |
|
then echo "$(( $(<$IDLE_COUNTER_FILE) +1))" |
|
else echo 0 |
|
fi >"$IDLE_COUNTER_FILE" |
|
|
|
# unmount crypto partition, if the threshold was reached |
|
[ "$(<$IDLE_COUNTER_FILE)" -ge "$MAX_IDLE_COUNTER" ] && \ |
|
"$CB_SCRIPT" crypto-umount >>"$LOG_FILE" 2>&1
|
|
|