From 76b5c49e5477fe1793796b140dbad2a6482a9c98 Mon Sep 17 00:00:00 2001
From: lars <lars@systemausfall.org>
Date: Wed, 18 May 2005 17:27:51 +0000
Subject: [PATCH] return packets are counted DEBUG_MODE added

---
 web-splash/CHANGELOG            |  9 +++++++++
 web-splash/ipkg/control         |  2 +-
 web-splash/splash-functions.inc | 31 +++++++++++++++++++++++++------
 web-splash/web-splash.conf      | 12 ++++++++++--
 web-splash/web-splash.sh        |  5 +++++
 5 files changed, 50 insertions(+), 9 deletions(-)
 create mode 100644 web-splash/CHANGELOG

diff --git a/web-splash/CHANGELOG b/web-splash/CHANGELOG
new file mode 100644
index 0000000..f3b9da0
--- /dev/null
+++ b/web-splash/CHANGELOG
@@ -0,0 +1,9 @@
+Version 0.2
+ * counter for returned packets added
+ * enhanced installation and removal
+ * DEBUG mode
+  --- 18. May 02005 - Lars Kruse ---
+
+Version 0.1
+ * basic functionality provided
+  --- 17. May 02005 - Lars Kruse ---
diff --git a/web-splash/ipkg/control b/web-splash/ipkg/control
index 4109891..df229c2 100644
--- a/web-splash/ipkg/control
+++ b/web-splash/ipkg/control
@@ -1,6 +1,6 @@
 Package: web-splash
 Priority: optional
-Version: 0.1-3
+Version: 0.2
 Architecture: mipsel
 Maintainer: Lars Kruse <devel@sumpfralle.de>
 Section: net
diff --git a/web-splash/splash-functions.inc b/web-splash/splash-functions.inc
index 56014dd..77881c0 100644
--- a/web-splash/splash-functions.inc
+++ b/web-splash/splash-functions.inc
@@ -11,26 +11,45 @@ remove_old()
 	$IPT -t nat -F $CHAIN_FORWARD_CHECK 2>/dev/null && $IPT -t nat -D PREROUTING -i $IF_SRC -j $CHAIN_FORWARD_CHECK
 	$IPT -t nat -F $CHAIN_REDIRECT 2>/dev/null && $IPT -t nat -D PREROUTING -i $IF_SRC -j $CHAIN_REDIRECT
 	$IPT -t nat -F $CHAIN_SERVICES 2>/dev/null && $IPT -t nat -D PREROUTING -i $IF_SRC -j $CHAIN_SERVICES
+
+	# remove the rule from FORWARD
+	$IPT -F $CHAIN_RETURN 2>/dev/null && $IPT -D FORWARD -o $IF_SRC -j $CHAIN_RETURN
 	
-	# empty and remove chains if they exist
+	# empty and remove chains if they exist (from POSTROUTING)
 	for a in $CHAIN_FORWARD_ACTION $CHAIN_FORWARD_CHECK $CHAIN_REDIRECT $CHAIN_SERVICES
 		do	$IPT -t nat -F $a 2>/dev/null && $IPT -t nat -X $a
 			true
 	  done
+
+	# empty and remove chains if they exist (from FORWARD)
+	for a in $CHAIN_RETURN
+		do	$IPT -F $a 2>/dev/null && $IPT -X $a
+			true
+	  done
 }
 
 
 init_chains()
 {
-	# create chains
+	# create chains (in nat table)
 	for a in $CHAIN_FORWARD_ACTION $CHAIN_FORWARD_CHECK $CHAIN_REDIRECT $CHAIN_SERVICES
 		do	$IPT -t nat -N $a
 	  done
 	
-	# all packets from the specified interface go to the general chain
-	$IPT -t nat -A PREROUTING -i $IF_SRC -j $CHAIN_SERVICES
-	$IPT -t nat -A PREROUTING -i $IF_SRC -j $CHAIN_FORWARD_CHECK
-	$IPT -t nat -A PREROUTING -i $IF_SRC -j $CHAIN_REDIRECT
+	# create chains (in filter table)
+	for a in $CHAIN_RETURN
+		do	$IPT -N $a
+	  done
+	
+	# all packets from the specified interface go to the web-splash-chains first
+	# "-I" means insert before every other chain -> inserting reverse ordered
+	$IPT -t nat -I PREROUTING -i $IF_SRC -j $CHAIN_REDIRECT
+	$IPT -t nat -I PREROUTING -i $IF_SRC -j $CHAIN_FORWARD_CHECK
+	$IPT -t nat -I PREROUTING -i $IF_SRC -j $CHAIN_SERVICES
+
+	# add a "counting" chain for return packets
+	# it does nothing - except providing a counter for returned bytes
+	$IPT -I FORWARD -o $IF_SRC -j $CHAIN_RETURN
 
 	# rules for CHAIN_REDIRECT
 	$IPT -t nat -A $CHAIN_REDIRECT -p tcp --dport 80 -j DNAT --to-destination $INTERN_IP
diff --git a/web-splash/web-splash.conf b/web-splash/web-splash.conf
index 4fb2ce6..407a296 100644
--- a/web-splash/web-splash.conf
+++ b/web-splash/web-splash.conf
@@ -20,14 +20,19 @@ ALLOW_IP_LIST=""
 DENY_IP_LIST=""
 
 # templates for the rules to manage forwarding rules (_IP_ will be substituted by the host's IP)
-RULE_ADD='$IPT -t nat -I $CHAIN_FORWARD_CHECK -s _IP_ -j $CHAIN_FORWARD_ACTION'
-RULE_DEL='$IPT -t nat -D $CHAIN_FORWARD_CHECK -s _IP_ -j $CHAIN_FORWARD_ACTION'
+# the first line adds the PREROUTING-ACCEPT rule
+# the second line adds the counter rule
+RULE_ADD='$IPT -t nat -I $CHAIN_FORWARD_CHECK -s _IP_ -j $CHAIN_FORWARD_ACTION;
+	  $IPT -I $CHAIN_RETURN -d _IP_'
+RULE_DEL='$IPT -t nat -D $CHAIN_FORWARD_CHECK -s _IP_ -j $CHAIN_FORWARD_ACTION;
+	  $IPT -D $CHAIN_RETURN -d _IP_'
 
 # the iptables chain, that contains all forwarded ips
 CHAIN_FORWARD_CHECK=web_splash_forward_check
 CHAIN_FORWARD_ACTION=web_splash_forward_action
 CHAIN_REDIRECT=web_splash_redirect
 CHAIN_SERVICES=web_splash_services
+CHAIN_RETURN=web_splash_return
 
 # the iptables action for bad packets (e.g. DROP or REJECT)
 REJECT_ACTION=DROP
@@ -39,3 +44,6 @@ IPT=/sbin/iptables
 # path to the web-splash scripts
 SPLASH_LIB=/usr/lib
 SPLASH_BIN=/usr/bin
+
+# activate DEBUG mode 0/1 (only for testing - it produces ugly output)
+SPLASH_DEBUG=0
diff --git a/web-splash/web-splash.sh b/web-splash/web-splash.sh
index a6dc7af..6812810 100755
--- a/web-splash/web-splash.sh
+++ b/web-splash/web-splash.sh
@@ -11,6 +11,11 @@ set -ue
 . /etc/web-splash.conf
 . "$SPLASH_LIB/splash-functions.inc"
 
+
+# check for DEBUG mode
+[ "$SPLASH_DEBUG" -eq 1 ] && set -x
+
+
 ACTION="--help"
 [ $# -gt 0 ] && ACTION="$1"