This commit is contained in:
Fijxu 2023-11-26 03:43:57 -03:00
commit edb38ff5cc
4983 changed files with 583086 additions and 0 deletions

2
.gitattributes vendored Normal file
View file

@ -0,0 +1,2 @@
*.squashfs filter=lfs diff=lfs merge=lfs -text
*.img filter=lfs diff=lfs merge=lfs -text

7
README.md Normal file
View file

@ -0,0 +1,7 @@
![](https://count.ayaya.beauty/get/@lol219321?theme=asoul)
---
Root files from the GPT-2741 GPON router. Extracted using the bundled sftp server (I don't remember correctly, but I used dd to copy the images to a file)
mtdblock3 and mtdblock5 were extracted using `binwalk -eB`. The other filesystems and partitions failed to extract automaticalle but they should be YAFFS2 filesystems.

Binary file not shown.

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

Binary file not shown.

Binary file not shown.

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

Binary file not shown.

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

Binary file not shown.

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

Binary file not shown.

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

Binary file not shown.

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1,566 @@
#!/bin/sh
#############################################################################
#
# MCAFEE CONFIDENTIAL
# Copyright ©2018 McAfee, LLC
#
# The source code contained or described herein and all documents related
# to the source code ("Material") are owned by McAfee or its
# suppliers or licensors. Title to the Material remains with McAfee
# or its suppliers and licensors. The Material contains trade
# secrets and proprietary and confidential information of McAfee or its
# suppliers and licensors. The Material is protected by worldwide copyright
# and trade secret laws and treaty provisions. No part of the Material may
# be used, copied, reproduced, modified, published, uploaded, posted,
# transmitted, distributed, or disclosed in any way without McAfee's prior
# express written permission.
#
# No license under any patent, copyright, trade secret or other intellectual
# property right is granted to or conferred upon you by disclosure or
# delivery of the Materials, either expressly, by implication, inducement,
# estoppel or otherwise. Any license under such intellectual property rights
# must be express and approved by McAfee in writing.
#
##############################################################################
#
# Used for matching the version
. /etc/shgw/shgw.version
#
# Load all the variables
. /etc/shgw/shgw.constants
. /etc/shgw/shgw.common
. /etc/shgw/shgw.env
. /etc/shgw/shgw.errno
. /etc/shgw/shgw_migrate
fn_trim_startup_log
${SHGW_LOG_TRIMMER} &
#
# Enable deep inspection debugging of this shell script
exec 3>&1 4>&2 1>> ${SHGW_STARTUP_LOG} 2>&1
set -x
fn_retry_cmd_upto_five_times() {
local _cmd=$1
local _ecode=$2
COUNT=1
while [ $COUNT -lt $SQL_FAILURE_RETRY_COUNT ]; do
eval $_cmd > /dev/null 2>&1
if [ $? -eq 0 ]; then
break
fi
sleep 1
COUNT=$((${COUNT} + 1))
done
if [ $COUNT -eq $SQL_FAILURE_RETRY_COUNT ]; then
fn_err_exit $_ecode
fi
}
create_debug_files(){
if [ ! -f ${SHGW_STARTUP_STATUS} ]; then
> ${SHGW_STARTUP_STATUS}
fi
if [ ! -f ${SHGW_ERROR_FILE} ]; then
> ${SHGW_ERROR_FILE}
fi
}
get_lan_ifaces() {
local _IFACE=""
LAN_INTERFACE_JSON_LIST=""
for _IFACE in ${LAN_INTERFACES}; do
if [ ! -z ${LAN_INTERFACE_JSON_LIST} ]; then
LAN_INTERFACE_JSON_LIST=${LAN_INTERFACE_JSON_LIST}','
fi
LAN_INTERFACE_JSON_LIST=${LAN_INTERFACE_JSON_LIST}'"'${_IFACE}'"'
done
if [ -z ${LAN_INTERFACE_JSON_LIST} ]; then
fn_err_exit ${NO_LAN_IFACE}
fi
LAN_INTERFACE_JSON_LIST='['${LAN_INTERFACE_JSON_LIST}']'
${ECHO} "[$(fn_time_now)] LAN_INTERFACES = ${LAN_INTERFACE_JSON_LIST} " >> ${SHGW_STARTUP_STATUS}
}
create_persistant_sqlite_db(){
${SHGW_ENCRYPT_SQL} "START" "PERSIST"
}
update_persistant_sqlite_db() {
if [ X"$mode" == X"softstart" ]; then
reset=0
${SHGW_ENCRYPT_SQL} "UPDATE_START" "${LAN_INTERFACE_JSON_LIST}" "${SHGW_VERSION}" "${IP_SKIP_JSON_LIST}" "${base_mac}" "${serial}" "${model}" "${country_code}" "${timezone}" "${WAN_INTERFACE_JSON_LIST}" "${DEFAULT_WAN_INTERFACE}" "${DEFAULT_DNS_SERVER_LIST}" "${LAN_IP_LIST}" "${LAN_IFACE_IP_LIST}" "${reset}"
elif [ X"$mode" == X"db_start" ]; then
reset=2
${SHGW_ENCRYPT_SQL} "UPDATE_START" "${LAN_INTERFACE_JSON_LIST}" "${SHGW_VERSION}" "${IP_SKIP_JSON_LIST}" "${base_mac}" "${serial}" "${model}" "${country_code}" "${timezone}" "${WAN_INTERFACE_JSON_LIST}" "${DEFAULT_WAN_INTERFACE}" "${DEFAULT_DNS_SERVER_LIST}" "${LAN_IP_LIST}" "${LAN_IFACE_IP_LIST}" "${reset}"
else
${SHGW_ENCRYPT_SQL} "UPDATE_START" "${LAN_INTERFACE_JSON_LIST}" "${SHGW_VERSION}" "${IP_SKIP_JSON_LIST}" "${base_mac}" "${serial}" "${model}" "${country_code}" "${timezone}" "${WAN_INTERFACE_JSON_LIST}" "${DEFAULT_WAN_INTERFACE}" "${DEFAULT_DNS_SERVER_LIST}" "${LAN_IP_LIST}" "${LAN_IFACE_IP_LIST}"
fi
}
check_persistant_db(){
local _need_to_create_db=0
if [ -f ${SHGW_PERSISTANT_DB} ]; then
local _shgw_version_from_sql=$(${SHGW_ENCRYPT_SQL} "GET" "VERSION" "shgw_config_store")
if [ "${_shgw_version_from_sql}" != "${SHGW_VERSION}" ]; then
fn_migrate_persistant_db
fi
else
# persistant db not found
_need_to_create_db=1
fi
if [ ${_need_to_create_db} -eq 1 ]; then
create_persistant_sqlite_db
fi
}
fetch_skip_ips() {
if [ ! -f ${IP_SKIP_LIST_FILE} ]; then
${ECHO} "[$(fn_time_now)] No Skip IPs file" >> ${SHGW_STARTUP_STATUS}
IP_SKIP_JSON_LIST='[""]'
else
IP_SKIP_JSON_LIST=""
while read line
do
if [ ! -z ${IP_SKIP_JSON_LIST} ]; then
IP_SKIP_JSON_LIST=${IP_SKIP_JSON_LIST}','
fi
IP_SKIP_JSON_LIST=${IP_SKIP_JSON_LIST}'"'${line}'"'
done < ${IP_SKIP_LIST_FILE}
if [ -z ${IP_SKIP_JSON_LIST} ]; then
${ECHO} "[$(fn_time_now)] No Skip IPs" >> ${SHGW_STARTUP_STATUS}
fi
IP_SKIP_JSON_LIST='['${IP_SKIP_JSON_LIST}']'
${ECHO} "[$(fn_time_now)] Skipping IPs = ${IP_SKIP_JSON_LIST} " >> ${SHGW_STARTUP_STATUS}
fi
}
__fetch_wan_and_dns_data() {
local line=${1}
local wan=""
local dns=""
local res=""
wan=$(${ECHO} ${line} | ${CUT} -d';' -f1)
dns=$(${ECHO} ${line} | ${CUT} -d';' -f2 | ${SED} 's/,/ /g')
dns_list=""
if [ ! -z "${dns}" ]; then
for i in ${dns}; do
if [ ! -z ${dns_list} ]; then
dns_list=${dns_list}','
fi
dns_list=${dns_list}'"'${i}'"'
done
res='{"interface":"'${wan}'","dns":['${dns_list}']}'
fi
${ECHO} $res
}
fetch_wan_interfaces() {
DEFAULT_WAN_INTERFACE=""
WAN_INTERFACE_JSON_LIST=''
if [ ! -f ${WAN_INFO} ]; then
${ECHO} "[$(fn_time_now)] No WAN Info file" >> ${SHGW_STARTUP_STATUS}
fn_err_exit ${NO_DEFAULT_WAN_IFACE}
else
while read line
do
if [ ! -z "$(${ECHO} ${line} | ${GREP} default)" ]; then
DEFAULT_WAN_INTERFACE=$(${ECHO} ${line} | ${AWK} '{print $2}')
else
dns_list=""
dns_list=$(__fetch_wan_and_dns_data ${line})
#fetch default DNS server
CUR_WAN_INTERFACE=$(${ECHO} ${dns_list} | ${CUT} -d':' -f2 | ${CUT} -d',' -f1 | ${SED} -e 's/"//g')
if [ X"$CUR_WAN_INTERFACE" = X"$DEFAULT_WAN_INTERFACE" ]; then
DEFAULT_DNS_SERVER_LIST=$(${ECHO} ${dns_list} | ${CUT} -d'[' -f2 | ${SED} -e 's/"//g' -e 's/]//g' -e 's/}//g')
fi
if [ ! -z ${dns_list} ]; then
if [ ! -z ${WAN_INTERFACE_JSON_LIST} ]; then
WAN_INTERFACE_JSON_LIST=${WAN_INTERFACE_JSON_LIST}','
fi
WAN_INTERFACE_JSON_LIST=${WAN_INTERFACE_JSON_LIST}${dns_list}
fi
fi
done < ${WAN_INFO}
fi
if [ -z ${DEFAULT_WAN_INTERFACE} ]; then
${ECHO} "[$(fn_time_now)] No Default WAN Interface" >> ${SHGW_STARTUP_STATUS}
fn_err_exit ${NO_DEFAULT_WAN_IFACE}
fi
# exit if there is no default DNS server
if [ -z ${DEFAULT_DNS_SERVER_LIST} ]; then
${ECHO} "[$(fn_time_now)] No Default DNS Server" >> ${SHGW_STARTUP_STATUS}
fn_err_exit ${NO_DEFAULT_DNS_SERVER_LIST}
fi
if [ -z ${WAN_INTERFACE_JSON_LIST} ]; then
${ECHO} "[$(fn_time_now)] No WAN Interfaces" >> ${SHGW_STARTUP_STATUS}
fn_err_exit ${NO_DEFAULT_WAN_IFACE}
fi
WAN_INTERFACE_JSON_LIST="["${WAN_INTERFACE_JSON_LIST}"]"
${ECHO} "[$(fn_time_now)] Default WAN Interfaces: ${DEFAULT_WAN_INTERFACE}" >> ${SHGW_STARTUP_STATUS}
${ECHO} "[$(fn_time_now)] Default DNS server list: ${DEFAULT_DNS_SERVER_LIST}" >> ${SHGW_STARTUP_STATUS}
${ECHO} "[$(fn_time_now)] WAN Interfaces: ${WAN_INTERFACE_JSON_LIST}" >> ${SHGW_STARTUP_STATUS}
}
__fetch_lan_and_ip_data() {
local line=${1}
local lan=""
local ip=""
local res=""
lan=$(${ECHO} ${line} | ${CUT} -d';' -f1)
ip=$(${ECHO} ${line} | ${CUT} -d';' -f2 | ${SED} 's/,/ /g')
ip_list=""
if [ ! -z "${ip}" ]; then
for i in ${ip}; do
if [ ! -z ${ip_list} ]; then
ip_list=${ip_list}','
fi
ip_list=${ip_list}'"'${i}'"'
done
res='{"interface":"'${lan}'","lan_ip":['${ip_list}']}'
fi
${ECHO} $res
}
fetch_lan_ip() {
local line=${1}
local ip=""
ip=$(${ECHO} ${line} | ${CUT} -d';' -f2 | ${SED} 's/,/ /g')
if [ ! -z "${ip}" ]; then
for i in ${ip}; do
if [ ! -z "$LAN_IP_LIST" ]; then
LAN_IP_LIST=${LAN_IP_LIST}','
fi
LAN_IP_LIST=${LAN_IP_LIST}'"'${i}'"'
done
else
LAN_IP_LIST='"192.168.1.1"'
fi
${ECHO} ${LAN_IP_LIST}
}
fetch_lan_interfaces() {
LAN_INTERFACES=""
LAN_IP_LIST=""
LAN_IFACE_IP_LIST=""
local lan=""
if [ ! -f ${LAN_INFO} ]; then
${ECHO} "[$(fn_time_now)] No LAN Info file" >> ${SHGW_STARTUP_STATUS}
LAN_INTERFACES="br0"
LAN_IP_LIST='"192.168.1.1"'
else
while read line
do
if [ ! -z "$LAN_INTERFACES" ]; then
LAN_INTERFACES=${LAN_INTERFACES}' '
fi
lan=$(${ECHO} ${line} | ${CUT} -d';' -f1)
LAN_INTERFACES=${LAN_INTERFACES}${lan}
if [ ! -z "$(${ECHO} ${line} | ${GREP} br0)" ]; then
LAN_IP_LIST=$(fetch_lan_ip ${line})
fi
ip_list=""
ip_list=$(__fetch_lan_and_ip_data ${line})
if [ ! -z ${ip_list} ]; then
if [ ! -z ${LAN_IFACE_IP_LIST} ]; then
LAN_IFACE_IP_LIST=${LAN_IFACE_IP_LIST}','
fi
LAN_IFACE_IP_LIST=${LAN_IFACE_IP_LIST}${ip_list}
fi
done < ${LAN_INFO}
fi
LAN_IP_LIST='['${LAN_IP_LIST}']'
LAN_IFACE_IP_LIST='['${LAN_IFACE_IP_LIST}']'
${ECHO} "[$(fn_time_now)] LAN Interfaces: ${LAN_INTERFACES}" >> ${SHGW_STARTUP_STATUS}
${ECHO} "[$(fn_time_now)] LAN IP for br0: ${LAN_IP_LIST}" >> ${SHGW_STARTUP_STATUS}
${ECHO} "[$(fn_time_now)] LAN IP for all interfcaes: ${LAN_IFACE_IP_LIST}" >> ${SHGW_STARTUP_STATUS}
}
fetch_and_update_gwinfo() {
if [ ! -f ${HGUINFO} ]; then
${ECHO} "[$(fn_time_now)] No HGU Info file" >> ${SHGW_STARTUP_STATUS}
fn_err_exit ${FETCH_BASE_MAC_FAILED}
else
serial=$(${ECHO} $(${CUT} -d ';' -f1 ${HGUINFO}))
model=$(${ECHO} $(${CUT} -d ';' -f2 ${HGUINFO}))
timezone=$(${ECHO} $(${CUT} -d ';' -f3 ${HGUINFO}))
country_code=$(${ECHO} $(${CUT} -d ';' -f4 ${HGUINFO}))
base_mac=$(${ECHO} $(${CUT} -d ';' -f5 ${HGUINFO}))
fi
if [ -z "${base_mac}" ]; then
fn_err_exit ${FETCH_BASE_MAC_FAILED}
fi
if [ -z ${serial} ]; then
${ECHO} "[$(fn_time_now)] Serial number is empty!"
serial="serial"
fi
if [ -z ${model} ]; then
${ECHO} "[$(fn_time_now)] Model number is empty!"
model="model"
fi
if [ -z ${country_code} ]; then
${ECHO} "[$(fn_time_now)] Country code is empty!"
country_code="ES" #Should we quit instead of this?
fi
# Timezone in Econet is a huge string need to understand
timezone=""
if [ -z ${timezone} ]; then
${ECHO} "[$(fn_time_now)] Timezone is empty!"
timezone="GMT"
fi
if [ -z ${tproxy_mark} ]; then
${ECHO} "[$(fn_time_now)] tproxy_mark is empty!"
tproxy_mark="0x4000"
fi
if [ -z ${tproxy_mask} ]; then
${ECHO} "[$(fn_time_now)] tproxy_mask is empty!"
tproxy_mask="0x4000"
fi
}
create_non_persistant_sqlite_db(){
fn_retry_query_upto_five_times "CREATE TABLE IF NOT EXISTS device_discovery_table(dev_id TEXT PRIMARY KEY, mac TEXT,ip_address TEXT,ip6_address TEXT,host_name TEXT,headless INTEGER,status INTEGER,last_seen INTEGER,trusted INTEGER);" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
fn_retry_query_upto_five_times "CREATE TABLE IF NOT EXISTS stats(key TEXT PRIMARY KEY, value TEXT);" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
fn_retry_query_upto_five_times "DELETE FROM stats;" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
fn_retry_query_upto_five_times "INSERT INTO stats VALUES('dns_stats', '{}');" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
fn_retry_query_upto_five_times "INSERT INTO stats VALUES('sys_stats', '{}');" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
fn_retry_query_upto_five_times "CREATE TABLE IF NOT EXISTS shgw_access_restrictions(status INTEGER, protocol TEXT, port INTEGER, source TEXT, devices TEXT);" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
}
delete_old_persistent_db() {
if [ -f ${SHGW_OLD_PERSISTANT_DB} ]; then
${RM} -f ${SHGW_OLD_PERSISTANT_DB}
fi
}
#------------------------------------start_server------------------------------
start_watchdogd() {
#Remove the o/p redirection done by exec
exec 1>&3 2>&4
${SHGW_WD_MONIT} &
#Add the o/p redirection
exec 3>&1 4>&2 1>> ${SHGW_STARTUP_LOG} 2>&1
wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
if [ ! -z $wd_pid ]; then
# request start
${KILL} -SIGUSR2 $wd_pid
fi
}
create_shgw_directories() {
${MKDIR} -p ${SHGW_NVRAM}
${MKDIR} -p ${SHGW_TMPFS_PATH}
}
check_tld_json_existence() {
if [ ! -f ${TLD_JSON_FILE} ];then
${CP} ${SHGW_PRIVATE}/shgw_tld_file.json ${SHGW_NVRAM}
${CHMOD} 666 ${TLD_JSON_FILE}
fi
}
set_time() {
rtm_util cfg igd time_ntp set 1 adm_state enable ip_intf 2 ntp_svr_1 211.22.103.157
}
#------------------------------------>MAIN<----------------------------------------
start_shg(){
delete_old_persistent_db
create_shgw_directories
fetch_wan_interfaces
fetch_lan_interfaces
get_lan_ifaces
check_persistant_db
fetch_and_update_gwinfo
#calc_gwinfo
fetch_skip_ips
update_persistant_sqlite_db
#set_time
${SHGW_ACCESS_RESTRICTION} "inbound_sec_start"
create_non_persistant_sqlite_db
${ECHO} "[$(fn_time_now)] Database created successfully" >> ${SHGW_STARTUP_STATUS}
check_tld_json_existence
start_watchdogd
}
force_start_shg() {
${SHGW_ENCRYPT_SQL} "UPDATE" "STOP_STATUS" "0"
start_shg
}
stop_shg(){
${SHGW_ACCESS_RESTRICTION} "inbound_sec_stop"
# request stop
wd_pid=$(ps | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
if [ ! -z $wd_pid ]; then
# request stop
${KILL} -SIGUSR1 $wd_pid
fi
}
force_stop_shg(){
${SHGW_ENCRYPT_SQL} "UPDATE" "STOP_STATUS" "1"
stop_shg
}
kill_shg() {
${ECHO} "Killing SHGW"
stop_shg
wd_monit_pid=$(${PS} | ${GREP} -i "shgw_wd_monit" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
if [ ! -z $wd_monit_pid ]; then
${ECHO} "Stopping monit!"
${KILL} -9 $wd_monit_pid
fi
wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
if [ ! -z $wd_pid ]; then
${ECHO} "Stopping watchdog!"
${KILL} -9 $wd_pid
fi
${RM} -rf ${SHGW_TMPFS_PATH}
${RM} -rf ${SHGW_STARTUP_STATUS}
${RM} -rf ${SHGW_STARTUP_LOG}
${RM} -rf ${SHGW_ERROR_FILE}
}
reset_shg() {
${ECHO} "Resetting SHGW!"
${SHGW_ROUTER_RESET} hard
wd_monit_pid=$(${PS} | ${GREP} -i "shgw_wd_monit" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
if [ ! -z $wd_monit_pid ]; then
${ECHO} "Stopping monit!"
${KILL} -9 $wd_monit_pid
fi
wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
if [ ! -z $wd_pid ]; then
${ECHO} "Stopping watchdog!"
${KILL} -9 $wd_pid
fi
# backup
${RM} -f ${SHGW_PERSISTANT_DB}
${ECHO} "Reset done!"
}
shgw_mode() {
if [ X"$mode" == X"start" ]; then
${ECHO} "SHGW start called!"
start_shg
elif [ X"$mode" == X"stop" ]; then
${ECHO} "SHGW stop called!"
stop_shg
elif [ X"$mode" == X"kill" ]; then
${ECHO} "SHGW kill called!"
kill_shg
elif [ X"$mode" == X"restart" ]; then
${ECHO} "SHGW restart called!"
stop_shg
sleep 3
start_shg
elif [ X"$mode" == X"force_start" ]; then
${ECHO} "SHGW force_start called!"
force_start_shg
elif [ X"$mode" == X"force_stop" ]; then
${ECHO} "SHGW force_stop called!"
force_stop_shg
elif [ X"$mode" == X"reset" ]; then
${ECHO} "SHGW reset called!"
reset_shg
elif [ X"$mode" == X"softstart" ]; then
${ECHO} "SHGW softstart called!"
start_shg
elif [ X"$mode" == X"db_start" ]; then
${ECHO} "SHGW DB start called!"
start_shg
else
${ECHO} "Usage: $0 [start|stop|kill|restart|force_start|force_stop|reset|softstart|db_start]"
fn_err_exit ${INVALID_MODE}
fi
${RM} -rf $STARTUP_LOCK
}
exit_if_running() {
# TODO : Add a fdlock implementaion
local mypid=$$
if ! [ -f "$STARTUP_LOCK" ]; then
${ECHO} $$ > $STARTUP_LOCK
return
fi
local pid_on_file=$(${CAT} "$STARTUP_LOCK")
[ X"$pid_on_file" == X"$mypid" ] && return
old_cmd_line=$(${CAT} /proc/$pid_on_file/cmdline 2>/dev/null)
[ "$?" != "0" ] && ${ECHO} $$ > $STARTUP_LOCK && return
${ECHO} "$old_cmd_line" | ${GREP} "shgw"
[ "$?" == "0" ] && ${ECHO} "Already running" && exit 127
${ECHO} $$ > $STARTUP_LOCK
}
#--------------------------------------------------------------------------------
${ECHO} "Called for: $1"
exit_if_running
create_debug_files
${ECHO} "[$(fn_time_now)] starting" >> ${SHGW_STARTUP_STATUS}
mode=$1
shgw_mode
${ECHO} "[$(fn_time_now)] done" >> ${SHGW_STARTUP_STATUS}

View file

@ -0,0 +1,252 @@
#!/bin/sh
#############################################################################
#
# MCAFEE CONFIDENTIAL
# Copyright ©2018 McAfee, LLC
#
# The source code contained or described herein and all documents related
# to the source code ("Material") are owned by McAfee or its
# suppliers or licensors. Title to the Material remains with McAfee
# or its suppliers and licensors. The Material contains trade
# secrets and proprietary and confidential information of McAfee or its
# suppliers and licensors. The Material is protected by worldwide copyright
# and trade secret laws and treaty provisions. No part of the Material may
# be used, copied, reproduced, modified, published, uploaded, posted,
# transmitted, distributed, or disclosed in any way without McAfee's prior
# express written permission.
#
# No license under any patent, copyright, trade secret or other intellectual
# property right is granted to or conferred upon you by disclosure or
# delivery of the Materials, either expressly, by implication, inducement,
# estoppel or otherwise. Any license under such intellectual property rights
# must be express and approved by McAfee in writing.
#
##############################################################################
. /etc/shgw/shgw.constants
. /etc/shgw/shgw.common
. /etc/shgw/shgw.errno
. /etc/shgw/shgw.env
get_wan_iface(){
WAN_IFACE=$(fn_get_wan_iface)
}
flush_ipv4_tables() {
${IPTABLES} -w -F SHP_MGT_CONSOLE_B -t filter
${IPTABLES} -w -F SHP_MGT_CONSOLE_A -t filter
${IPTABLES} -w -F SHP_WAN_BLOCK -t filter
${IPTABLES} -w -F SHP_WAN_ALLOW -t filter
}
flush_ipv4_ipset() {
${IPSET} -F SHP_MGT_CONSOLE_SET_A
${IPSET} -F SHP_WAN_ALLOW_SET
}
flush_ipv6_tables() {
${IP6TABLES} -w -F SHP_MGT_CONSOLE_B -t filter
${IP6TABLES} -w -F SHP_MGT_CONSOLE_A -t filter
${IP6TABLES} -w -F SHP_WAN_BLOCK -t filter
${IP6TABLES} -w -F SHP_WAN_ALLOW -t filter
${IP6TABLES} -w -F SHGW_EXCLUSION_WAN_IPV6 -t filter
${IP6TABLES} -w -F SHGW_EXCLUSION_IPV6 -t filter
}
flush_ipv6_ipset() {
${IPSET} -F SHP_MGT_CONSOLE_SET_A_IP6
${IPSET} -F SHP_WAN_ALLOW_SET_IP6
}
add_ipsets_to_iptables() {
${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET dst,dst -t filter -i ${WAN_IFACE} -p tcp -j ACCEPT
${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A src,dst -t filter -j ACCEPT
${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
${IPTABLES} -w -I SHP_WAN_BLOCK -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
${IPTABLES} -w -I SHP_MGT_CONSOLE_B -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
${IP6TABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET_IP6 dst,dst -i ${WAN_IFACE} -p tcp -t filter -j ACCEPT
${IP6TABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A_IP6 src,dst -t filter -j ACCEPT
}
check_and_run_script() {
flush_ipv4_tables
flush_ipv6_tables
add_ipsets_to_iptables
if [ -f ${SHGW_INBOUND_SEC_SCRIPT} ]; then
${CHMOD} +x ${SHGW_INBOUND_SEC_SCRIPT}
${SHGW_INBOUND_SEC_SCRIPT}
${RM} -f ${SHGW_INBOUND_SEC_SCRIPT}
fi
}
#Creates 4 user defined chains and inserts rules
create_ip4table_chains() {
${IPTABLES} -w -N SHP_WAN_BLOCK -t filter
${IPTABLES} -w -N SHP_WAN_ALLOW -t filter
${IPSET} -N SHP_WAN_ALLOW_SET hash:ip,port
insert_filter_forward_ipset_ip4targets
${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET dst,dst -t filter -i ${WAN_IFACE} -p tcp -j ACCEPT
${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
${IPTABLES} -w -I SHP_WAN_BLOCK -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
${IPTABLES} -w -N SHP_MGT_CONSOLE_B -t filter
${IPTABLES} -w -N SHP_MGT_CONSOLE_A -t filter
${IPSET} -N SHP_MGT_CONSOLE_SET_A hash:ip,port
insert_filter_input_ipset_ip4targets
${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A src,dst -t filter -j ACCEPT
${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
${IPTABLES} -w -I SHP_MGT_CONSOLE_B -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
}
remove_ip4table_chains() {
flush_ipv4_tables
flush_ipv4_ipset
remove_filter_input_ipset_ip4targets
${IPSET} -X SHP_MGT_CONSOLE_SET_A
${IPTABLES} -w -X SHP_MGT_CONSOLE_B -t filter
${IPTABLES} -w -X SHP_MGT_CONSOLE_A -t filter
remove_filter_forward_ipset_ip4targets
${IPSET} -X SHP_WAN_ALLOW_SET
${IPTABLES} -w -X SHP_WAN_BLOCK -t filter
${IPTABLES} -w -X SHP_WAN_ALLOW -t filter
}
# Insert IP4 targets in INPUT chain for ipset interception
insert_filter_input_ipset_ip4targets() {
${IPTABLES} -w -I INPUT -t filter -j SHP_MGT_CONSOLE_B
${IPTABLES} -w -I INPUT -t filter -j SHP_MGT_CONSOLE_A
}
# Insert IP6 targets in INPUT chain for ipset interception
insert_filter_input_ipset_ip6targets() {
${IP6TABLES} -w -I INPUT -t filter -j SHGW_EXCLUSION_IPV6
${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_IPV6 -j SHP_MGT_CONSOLE_B
${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_IPV6 -j SHP_MGT_CONSOLE_A
}
# Insert IP4 targets in FORWARD chain for ipset interception
insert_filter_forward_ipset_ip4targets() {
${IPTABLES} -w -I FORWARD -t filter -j SHP_WAN_BLOCK
${IPTABLES} -w -I FORWARD -t filter -j SHP_WAN_ALLOW
}
# Insert IP6 targets in FORWARD chain for ipset interception
insert_filter_forward_ipset_ip6targets() {
${IP6TABLES} -w -I FORWARD -t filter -j SHGW_EXCLUSION_WAN_IPV6
${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_WAN_IPV6 -j SHP_WAN_BLOCK
${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_WAN_IPV6 -j SHP_WAN_ALLOW
}
# Remove IP4 targets from INPUT chain for ipset interception
remove_filter_input_ipset_ip4targets() {
${IPTABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_B
${IPTABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_A
}
# Remove IP6 targets from INPUT chain for ipset interception
remove_filter_input_ipset_ip6targets() {
${IP6TABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_B
${IP6TABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_A
}
# Remove IP4 targets from FORWARD chain for ipset interception
remove_filter_forward_ipset_ip4targets() {
${IPTABLES} -w -D FORWARD -t filter -j SHP_WAN_BLOCK
${IPTABLES} -w -D FORWARD -t filter -j SHP_WAN_ALLOW
}
# Remove IP6 targets from FORWARD chain for ipset interception
remove_filter_forward_ipset_ip6targets() {
${IP6TABLES} -w -D FORWARD -t filter -j SHP_WAN_BLOCK
${IP6TABLES} -w -D FORWARD -t filter -j SHP_WAN_ALLOW
}
#Creates 4 user defined chains and inserts rules
create_ip6table_chains() {
${IP6TABLES} -w -N SHP_WAN_BLOCK -t filter
${IP6TABLES} -w -N SHP_WAN_ALLOW -t filter
${IP6TABLES} -w -N SHGW_EXCLUSION_WAN_IPV6 -t filter
${IPSET} -N SHP_WAN_ALLOW_SET_IP6 hash:ip,port family inet6
insert_filter_forward_ipset_ip6targets
${IP6TABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET_IP6 dst,dst -i ${WAN_IFACE} -p tcp -t filter -j ACCEPT
${IP6TABLES} -w -N SHP_MGT_CONSOLE_B -t filter
${IP6TABLES} -w -N SHP_MGT_CONSOLE_A -t filter
${IPSET} -N SHP_MGT_CONSOLE_SET_A_IP6 hash:ip,port family inet6
insert_filter_input_ipset_ip6targets
${IP6TABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A_IP6 src,dst -t filter -j ACCEPT
}
remove_ip6table_chains() {
flush_ipv6_tables
flush_ipv6_ipset
remove_filter_input_ipset_ip6targets
${IPSET} -X SHP_MGT_CONSOLE_SET_A_IP6
${IP6TABLES} -w -X SHP_MGT_CONSOLE_B -t filter
${IP6TABLES} -w -X SHP_MGT_CONSOLE_A -t filter
remove_filter_forward_ipset_ip6targets
${IPSET} -X SHP_WAN_ALLOW_SET_IP6
${IP6TABLES} -w -X SHP_WAN_BLOCK -t filter
${IP6TABLES} -w -X SHP_WAN_ALLOW -t filter
${IP6TABLES} -w -X SHGW_EXCLUSION_WAN_IPV6 -t filter
}
#Main
get_wan_iface
case $1 in
inbound_sec_start)
remove_ip4table_chains
remove_ip6table_chains
create_ip4table_chains
create_ip6table_chains
;;
inbound_sec_stop)
remove_ip4table_chains
remove_ip6table_chains
;;
add_rules)
check_and_run_script
;;
flush_ipset)
flush_ipv4_ipset
flush_ipv6_ipset
;;
halt_ipset)
remove_filter_input_ipset_ip4targets
remove_filter_input_ipset_ip6targets
remove_filter_forward_ipset_ip4targets
remove_filter_forward_ipset_ip6targets
;;
resume_ipset)
remove_filter_input_ipset_ip4targets
remove_filter_input_ipset_ip6targets
remove_filter_forward_ipset_ip4targets
remove_filter_forward_ipset_ip6targets
insert_filter_input_ipset_ip4targets
insert_filter_input_ipset_ip6targets
insert_filter_forward_ipset_ip4targets
insert_filter_forward_ipset_ip6targets
;;
esac

Binary file not shown.

Binary file not shown.

View file

@ -0,0 +1,63 @@
#!/bin/sh
. /etc/shgw/shgw.constants
_temp_file="${TMPFS_PATH}/temp_hard_blk"
case $1 in
get)
$ECHO "object:Device.WiFi.AccessPoint.1.X_LANTIQ_COM_Vendor: :GET" > ${_temp_file}
$ECHO "param:MACAddressControlList: :" >> ${_temp_file}
$ECHO "object:Device.WiFi.AccessPoint.2.X_LANTIQ_COM_Vendor: :GET" >> ${_temp_file}
$ECHO "param:MACAddressControlList: :" >> ${_temp_file}
${CALTEST} -g ${_temp_file} 2>&1 | ${GREP} ${PARAMVALUE} | ${AWK} 'FNR == 3 {print $3}' | ${TR} -d '""' > /var/.shgw/temp_caltest
${CALTEST} -g ${_temp_file} 2>&1 | ${GREP} ${PARAMVALUE} | ${AWK} 'FNR == 4 {print $3}' | ${TR} -d '""' >> /var/.shgw/temp_caltest
;;
set)
case $2 in
block)
$ECHO "object:Device.WiFi.AccessPoint.1.X_LANTIQ_COM_Vendor: :MODIFY" > ${_temp_file}
$ECHO "param:MACAddressControlList: :$3" >> ${_temp_file}
$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
$ECHO "object:Device.WiFi.AccessPoint.2.X_LANTIQ_COM_Vendor: :MODIFY" >> ${_temp_file}
$ECHO "param:MACAddressControlList: :$4" >> ${_temp_file}
$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
${CALTEST} -s ${_temp_file}
;;
unblock)
$ECHO "object:Device.WiFi.AccessPoint.1.X_LANTIQ_COM_Vendor: :MODIFY" > ${_temp_file}
if [ ${#3} -le 1 ]
then
$ECHO "param:MACAddressControlList: :\"" >> ${_temp_file}
$ECHO "param:MACAddressControlMode: :Disabled" >> ${_temp_file}
else
$ECHO "param:MACAddressControlList: :${3}" >> ${_temp_file}
$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
fi
$ECHO "object:Device.WiFi.AccessPoint.2.X_LANTIQ_COM_Vendor: :MODIFY" >> ${_temp_file}
if [ ${#4} -le 1 ]
then
$ECHO "param:MACAddressControlList: :\"" >> ${_temp_file}
$ECHO "param:MACAddressControlMode: :Disabled" >> ${_temp_file}
else
$ECHO "param:MACAddressControlList: :${4}" >> ${_temp_file}
$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
fi
${CALTEST} -s ${_temp_file}
;;
esac
;;
esac

Binary file not shown.

View file

@ -0,0 +1,43 @@
#############################################################################
#
# MCAFEE CONFIDENTIAL
# Copyright ©2018 McAfee, LLC
#
# The source code contained or described herein and all documents related
# to the source code ("Material") are owned by McAfee or its
# suppliers or licensors. Title to the Material remains with McAfee
# or its suppliers and licensors. The Material contains trade
# secrets and proprietary and confidential information of McAfee or its
# suppliers and licensors. The Material is protected by worldwide copyright
# and trade secret laws and treaty provisions. No part of the Material may
# be used, copied, reproduced, modified, published, uploaded, posted,
# transmitted, distributed, or disclosed in any way without McAfee's prior
# express written permission.
#
# No license under any patent, copyright, trade secret or other intellectual
# property right is granted to or conferred upon you by disclosure or
# delivery of the Materials, either expressly, by implication, inducement,
# estoppel or otherwise. Any license under such intellectual property rights
# must be express and approved by McAfee in writing.
#
##############################################################################
#
#
# Date : 09/Apr/2019
##############################################################################
. /etc/shgw/shgw.common
. /etc/shgw/shgw.constants
#TODO: Make this file as one stop for trimming all kind of log files except shgw.log
# Trim shgw error log file
fn_trim_error_log() {
${TAIL} -n ${NO_ERROR_LOG_LINES} ${SHGW_ERROR_FILE} > ${SHGW_ERROR_FILE_TMP}
${CAT} ${SHGW_ERROR_FILE_TMP} > ${SHGW_ERROR_FILE}
${RM} -f ${SHGW_ERROR_FILE_TMP}
}
fn_trim_error_log

View file

@ -0,0 +1,105 @@
#!/bin/sh
#############################################################################
#
# MCAFEE CONFIDENTIAL
# Copyright ©2018 McAfee, LLC
#
# The source code contained or described herein and all documents related
# to the source code ("Material") are owned by McAfee or its
# suppliers or licensors. Title to the Material remains with McAfee
# or its suppliers and licensors. The Material contains trade
# secrets and proprietary and confidential information of McAfee or its
# suppliers and licensors. The Material is protected by worldwide copyright
# and trade secret laws and treaty provisions. No part of the Material may
# be used, copied, reproduced, modified, published, uploaded, posted,
# transmitted, distributed, or disclosed in any way without McAfee's prior
# express written permission.
#
# No license under any patent, copyright, trade secret or other intellectual
# property right is granted to or conferred upon you by disclosure or
# delivery of the Materials, either expressly, by implication, inducement,
# estoppel or otherwise. Any license under such intellectual property rights
# must be express and approved by McAfee in writing.
#
##############################################################################
. /etc/shgw/shgw.constants
#This script is called after SHGW stop is performed from code
#Do not change this implementation
delete_database() {
${RM} -f ${SHGW_PERSISTANT_DB}
${RM} -f ${TLD_JSON_FILE}
${RM} -f ${BOTNET_FEED_FILE}
${RM} -f ${SHGW_NON_PERSISTANT_DB}
${RM} -f ${SHGW_LOG_FILE}
${RM} -rf ${SHGW_TMPFS_PATH}
${RM} -f ${TEMP_HARD_BLK}
}
delete_shgw_debug_data_files() {
${RM} -f ${SHGW_TMPFS_PATH}/shgw_debug_data*
}
hard_reset() {
delete_database
}
kill_wd_monit_del_db() {
wd_monit_pid=$(${PS} | ${GREP} -i "shgw_wd_monit" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
if [ ! -z $wd_monit_pid ]; then
${ECHO} "Stopping monit!"
${KILL} -9 $wd_monit_pid
fi
wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
if [ ! -z $wd_pid ]; then
${ECHO} "Stopping watchdog!"
${KILL} -9 $wd_pid
fi
delete_database
}
soft_reset() {
kill_wd_monit_del_db
${SHGW_STARTUP_SCRIPT} softstart &
}
db_reset() {
kill_wd_monit_del_db
delete_shgw_debug_data_files
#Try to restart N number of times. After that don't restart SHP till reboot
if [ -f ${SHGW_DB_FAIL_COUNT} ]; then
COUNT=`${CAT} ${SHGW_DB_FAIL_COUNT}`
COUNT=$((COUNT+1))
else
COUNT=0
fi
${ECHO} $COUNT > ${SHGW_DB_FAIL_COUNT}
if [ $COUNT -lt $SQL_DB_MAX_FAIL_COUNT ]; then
${SHGW_STARTUP_SCRIPT} db_start &
else
${RM} -f ${SHGW_DB_FAIL_COUNT}
${ECHO} "Max Reset tried. Exit now" && exit 127
fi
}
#Main
reset_type=$1
if [ X"$reset_type" == X"hard" ]; then
${ECHO} "Hard reset called!" >> ${SHGW_STARTUP_STATUS}
hard_reset
elif [ X"$reset_type" == X"soft" ]; then
${ECHO} "Soft reset called!" >> ${SHGW_STARTUP_STATUS}
soft_reset
elif [ X"$reset_type" == X"db_fail" ]; then
${ECHO} "DB reset called!" >> ${SHGW_STARTUP_STATUS}
db_reset
fi

View file

@ -0,0 +1,75 @@
#!/bin/sh
#############################################################################
#
# MCAFEE CONFIDENTIAL
# Copyright ©2018 McAfee, LLC
#
# The source code contained or described herein and all documents related
# to the source code ("Material") are owned by McAfee or its
# suppliers or licensors. Title to the Material remains with McAfee
# or its suppliers and licensors. The Material contains trade
# secrets and proprietary and confidential information of McAfee or its
# suppliers and licensors. The Material is protected by worldwide copyright
# and trade secret laws and treaty provisions. No part of the Material may
# be used, copied, reproduced, modified, published, uploaded, posted,
# transmitted, distributed, or disclosed in any way without McAfee's prior
# express written permission.
#
# No license under any patent, copyright, trade secret or other intellectual
# property right is granted to or conferred upon you by disclosure or
# delivery of the Materials, either expressly, by implication, inducement,
# estoppel or otherwise. Any license under such intellectual property rights
# must be express and approved by McAfee in writing.
#
##############################################################################
. /etc/shgw/shgw.constants
. /etc/shgw/shgw.env
SCAN_FILE="${SHGW_TMPFS_PATH}/ndp_scan_file"
NDP_LOCK_FILE="${SHGW_TMPFS_PATH}/ndp_lock_file"
ping_on_multicast() {
local _LAN_IFACES=$(fn_get_lan_ifaces)
local _IFACE=""
for _IFACE in ${_LAN_IFACES}; do
${PING6} -I ${_IFACE} -c 2 ${LOCAL_MULTICAST_ADDRESS} > /dev/null 2>&1
done
}
parse_ndp_cache() {
local _LAN_IFACES=$(fn_get_lan_ifaces)
local _IFACE=""
for _IFACE in ${_LAN_IFACES}; do
${IP} -6 neigh \
| ${GREP} ${_IFACE} \
| ${GREP} -vi fail \
| ${AWK} '{print $5,$1}' >> ${SCAN_FILE} 2> /dev/null
done
}
empty_scan_file() {
> ${SCAN_FILE}
}
exit_if_running() {
if [ -f "$NDP_LOCK_FILE" ]; then
${ECHO} "Already running" && exit 127
fi
${ECHO} $$ > ${NDP_LOCK_FILE}
}
remove_ndp_lock_file() {
${RM} ${NDP_LOCK_FILE}
}
#
# Main
exit_if_running
empty_scan_file
ping_on_multicast
parse_ndp_cache
remove_ndp_lock_file

View file

@ -0,0 +1,49 @@
#!/bin/sh
#############################################################################
#
# MCAFEE CONFIDENTIAL
# Copyright ©2018 McAfee, LLC
#
# The source code contained or described herein and all documents related
# to the source code ("Material") are owned by McAfee or its
# suppliers or licensors. Title to the Material remains with McAfee
# or its suppliers and licensors. The Material contains trade
# secrets and proprietary and confidential information of McAfee or its
# suppliers and licensors. The Material is protected by worldwide copyright
# and trade secret laws and treaty provisions. No part of the Material may
# be used, copied, reproduced, modified, published, uploaded, posted,
# transmitted, distributed, or disclosed in any way without McAfee's prior
# express written permission.
#
# No license under any patent, copyright, trade secret or other intellectual
# property right is granted to or conferred upon you by disclosure or
# delivery of the Materials, either expressly, by implication, inducement,
# estoppel or otherwise. Any license under such intellectual property rights
# must be express and approved by McAfee in writing.
#
##############################################################################
#############################################################################
# Print the SHGW version details
# The version details are generated by build system
#
# Date: 23/03/2016
#############################################################################
. /etc/shgw/shgw.version
echo
echo "System Version : ${SHGW_SYSTEM_VERSION}"
echo "Version : ${SHGW_VERSION}"
echo "Version Date : ${SHGW_VERSION_DATE}"
echo "Build Date : ${SHGW_BUILD_DATE}"
if [ ! -z ${SHGW_BUILD_NUMBER} ]; then
echo "Build Number : ${SHGW_BUILD_NUMBER}"
fi
if [ ! -z ${SHGW_BUILD_BRANCH} ]; then
echo "GIT Branch : ${SHGW_BUILD_BRANCH}"
fi
echo

Binary file not shown.

View file

@ -0,0 +1,272 @@
#!/bin/sh
#############################################################################
#
# MCAFEE CONFIDENTIAL
# Copyright ©2018 McAfee, LLC
#
# The source code contained or described herein and all documents related
# to the source code ("Material") are owned by McAfee or its
# suppliers or licensors. Title to the Material remains with McAfee
# or its suppliers and licensors. The Material contains trade
# secrets and proprietary and confidential information of McAfee or its
# suppliers and licensors. The Material is protected by worldwide copyright
# and trade secret laws and treaty provisions. No part of the Material may
# be used, copied, reproduced, modified, published, uploaded, posted,
# transmitted, distributed, or disclosed in any way without McAfee's prior
# express written permission.
#
# No license under any patent, copyright, trade secret or other intellectual
# property right is granted to or conferred upon you by disclosure or
# delivery of the Materials, either expressly, by implication, inducement,
# estoppel or otherwise. Any license under such intellectual property rights
# must be express and approved by McAfee in writing.
#
##############################################################################
trap fn_on_sigterm SIGTERM
. /etc/shgw/shgw.constants
. /etc/shgw/shgw.common
. /etc/shgw/shgw.env
LAN_INTERFACES=$(fn_get_lan_ifaces)
if [ -z ${LAN_INTERFACES} ]; then
${ECHO} "No Lan interfaces! Exiting from dpwrap" >> ${SHGW_STARTUP_LOG} 2>&1
exit 0
fi
SHGW_DNSPROXY_PID=0
fn_kill_dpwrap_if_running() {
if [ -f ${SHGW_DPWRAP_LOCK} ]; then
${ECHO} "[$(fn_time_now)] Pid of the previous dpwarp that is running - $(${CAT} ${SHGW_DPWRAP_LOCK}). Going to kill it!" >> ${SHGW_STARTUP_LOG} 2>&1
kill -SIGKILL $(${CAT} ${SHGW_DPWRAP_LOCK})
fi
${ECHO} $$ > ${SHGW_DPWRAP_LOCK}
${ECHO} "[$(fn_time_now)] Pid of the current dpwrap - $(${CAT} ${SHGW_DPWRAP_LOCK})]" >> ${SHGW_STARTUP_LOG} 2>&1
}
fn_shgw_ipv4_tproxy_setup() {
local _IFACE=""
${IPTABLES} -w -t mangle -N SHGW_DNS > /dev/null 2>&1
for _IFACE in ${LAN_INTERFACES}; do
${IPTABLES} -w -t mangle -A SHGW_DNS \
-i ${_IFACE} \
-p udp --dport 53 \
-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK} --on-port ${SHGW_REQ_PORT} > /dev/null 2>&1
done
${IPTABLES} -w -t mangle -I PREROUTING -j SHGW_DNS > /dev/null 2>&1
${IP} rule add fwmark ${SHGW_TPROXY_MARK} lookup ${SHGW_TABLE} ${SHGW_IPV4_RULE_PREF} > /dev/null 2>&1
${IP} route add local 0.0.0.0/0 dev lo table ${SHGW_TABLE} > /dev/null 2>&1
}
fn_shgw_ipv4_tproxy_cleanup() {
local _IFACE=""
for _IFACE in ${LAN_INTERFACES}; do
fn_run_until_failure "${IPTABLES} -w -t mangle -D SHGW_DNS \
-i ${_IFACE} \
-p udp --dport 53 \
-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK} --on-port ${SHGW_REQ_PORT}"
done
fn_run_until_failure "${IPTABLES} -w -t mangle -D PREROUTING -j SHGW_DNS"
${IPTABLES} -w -t mangle -F SHGW_DNS > /dev/null 2>&1
${IPTABLES} -w -t mangle -X SHGW_DNS > /dev/null 2>&1
${IP} route del local 0.0.0.0/0 dev lo table ${SHGW_TABLE} > /dev/null 2>&1
fn_run_until_failure "${IP} rule del fwmark ${SHGW_TPROXY_MARK} lookup ${SHGW_TABLE} ${SHGW_IPV4_RULE_PREF}"
}
fn_shgw_ipv6_tproxy_setup() {
local _IFACE=""
${IP6TABLES} -w -t mangle -N SHGW_DNS > /dev/null 2>&1
for _IFACE in ${LAN_INTERFACES}; do
${IP6TABLES} -w -t mangle -A SHGW_DNS \
-i ${_IFACE} \
-p udp --dport 53 \
-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK6} --on-port ${SHGW_REQ_PORT} > /dev/null 2>&1
done
${IP6TABLES} -w -t mangle -I PREROUTING -j SHGW_DNS > /dev/null 2>&1
${IP} -6 rule add fwmark ${SHGW_TPROXY_MARK6} lookup ${SHGW_TABLE6} ${SHGW_IPV6_RULE_PREF} > /dev/null 2>&1
${IP} -6 route add local ::/0 dev lo table ${SHGW_TABLE6} > /dev/null 2>&1
}
fn_shgw_ipv6_tproxy_cleanup() {
local _IFACE=""
for _IFACE in ${LAN_INTERFACES}; do
fn_run_until_failure "${IP6TABLES} -w -t mangle -D SHGW_DNS \
-i ${_IFACE} \
-p udp --dport 53 \
-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK6} --on-port ${SHGW_REQ_PORT}"
done
fn_run_until_failure "${IP6TABLES} -w -t mangle -D PREROUTING -j SHGW_DNS"
${IP6TABLES} -w -t mangle -F SHGW_DNS > /dev/null 2>&1
${IP6TABLES} -w -t mangle -X SHGW_DNS > /dev/null 2>&1
${IP} -6 route del local ::/0 dev lo table ${SHGW_TABLE6} > /dev/null 2>&1
fn_run_until_failure "${IP} -6 rule del fwmark ${SHGW_TPROXY_MARK6} lookup ${SHGW_TABLE6} ${SHGW_IPV6_RULE_PREF}"
}
fn_on_sigterm() {
fn_shgw_ipset_cleanup
fn_shgw_ipv6_tproxy_cleanup
fn_shgw_ipv4_tproxy_cleanup
fn_kill_if_running
${ECHO} "[$(fn_time_now)] Trap handler.Dnsproxy exited!" >> ${SHGW_STARTUP_LOG} 2>&1
exit 0
}
fn_kill_if_running() {
dp_pids=$(${PS} | ${GREP} shgw_dnsproxy | ${GREP} -v grep | ${AWK} '{ print $1 }')
if [ ! -z "$dp_pids" ]; then
for dp_pid in $dp_pids; do
${KILL} -s KILL $dp_pid
done
fi
}
fn_launch_and_wait() {
${ECHO} "[$(fn_time_now)]" >> ${SHGW_STARTUP_LOG} 2>&1
${IPTABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
${IP6TABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
fn_kill_if_running
${IPTABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
${IP6TABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
$SHGW_DNSPROXY &
SHGW_DNSPROXY_PID=$!
wait $SHGW_DNSPROXY_PID
${ECHO} "[$(fn_time_now)] Dnsproxy exited!" >> ${SHGW_STARTUP_LOG} 2>&1
}
fn_shgw_ipset_cleanup() {
## RULES UNDER NAT TABLE
${IPTABLES} -w -t nat -F SHGW_HOST_REPUTATION > /dev/null 2>&1
${IPTABLES} -w -t nat -F SHGW_PC_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -F SHGW_PC_PENDING > /dev/null 2>&1
${IPTABLES} -w -t nat -F SHGW_PC_ASK > /dev/null 2>&1
${IPTABLES} -w -t nat -F SHGW_PC_TIME_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -F SHGW_EULA_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -F SHGW_DEVICE_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -F SHGW_NETWORK_PAUSE > /dev/null 2>&1
${IPTABLES} -w -t nat -F SHGW_WHITELIST > /dev/null 2>&1
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_PENDING > /dev/null 2>&1
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_ASK > /dev/null 2>&1
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_EULA_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_WHITELIST > /dev/null 2>&1
${IPTABLES} -w -t nat -D ${SHGW_PREROUTING_CHAIN} -j SHGW_IPSET > /dev/null 2>&1
${IPTABLES} -w -t nat -X SHGW_HOST_REPUTATION > /dev/null 2>&1
${IPTABLES} -w -t nat -X SHGW_PC_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -X SHGW_PC_PENDING > /dev/null 2>&1
${IPTABLES} -w -t nat -X SHGW_PC_ASK > /dev/null 2>&1
${IPTABLES} -w -t nat -X SHGW_PC_TIME_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -X SHGW_EULA_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -X SHGW_DEVICE_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -X SHGW_NETWORK_PAUSE > /dev/null 2>&1
${IPTABLES} -w -t nat -X SHGW_WHITELIST > /dev/null 2>&1
${IPTABLES} -w -t nat -X SHGW_IPSET > /dev/null 2>&1
## RULES UNDER FILTER TABLE
${IPTABLES} -w -t filter -F SHGW_HOST_REPUTATION > /dev/null 2>&1
${IPTABLES} -w -t filter -F SHGW_PC_TIME_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t filter -F SHGW_DEVICE_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t filter -F SHGW_NETWORK_PAUSE > /dev/null 2>&1
${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
${IPTABLES} -w -t filter -D ${SHGW_FORWARD_CHAIN} -j SHGW_IPSET > /dev/null 2>&1
${IPTABLES} -w -t filter -X SHGW_HOST_REPUTATION > /dev/null 2>&1
${IPTABLES} -w -t filter -X SHGW_PC_TIME_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t filter -X SHGW_DEVICE_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t filter -X SHGW_NETWORK_PAUSE > /dev/null 2>&1
${IPTABLES} -w -t filter -X SHGW_IPSET > /dev/null 2>&1
${IPSET} destroy SHGW_HOST_REPUTATION > /dev/null 2>&1 ##Set name and Iptable chain name are same
${IPSET} destroy SHGW_HOST_REPUTATION_DST > /dev/null 2>&1
${IPSET} destroy SHGW_PC_BLOCK > /dev/null 2>&1
${IPSET} destroy SHGW_PC_PENDING > /dev/null 2>&1
${IPSET} destroy SHGW_PC_ASK > /dev/null 2>&1
${IPSET} destroy SHGW_PC_TIME_BLOCK > /dev/null 2>&1
${IPSET} destroy SHGW_EULA_BLOCK > /dev/null 2>&1
${IPSET} destroy SHGW_DEVICE_BLOCK > /dev/null 2>&1
${IPSET} destroy SHGW_NETWORK_PAUSE > /dev/null 2>&1
${IPSET} destroy SHGW_WHITELIST > /dev/null 2>&1
}
##Creating custom iptable chains for matching the shgw ipsets
fn_shgw_ipset_setup() {
## RULES UNDER NAT TABLE
${IPTABLES} -w -t nat -N SHGW_IPSET > /dev/null 2>&1
${IPTABLES} -w -t nat -N SHGW_WHITELIST > /dev/null 2>&1
${IPTABLES} -w -t nat -N SHGW_NETWORK_PAUSE > /dev/null 2>&1
${IPTABLES} -w -t nat -N SHGW_DEVICE_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -N SHGW_EULA_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -N SHGW_PC_TIME_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -N SHGW_PC_ASK > /dev/null 2>&1
${IPTABLES} -w -t nat -N SHGW_PC_PENDING > /dev/null 2>&1
${IPTABLES} -w -t nat -N SHGW_PC_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -N SHGW_HOST_REPUTATION > /dev/null 2>&1
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_WHITELIST > /dev/null 2>&1
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_EULA_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_ASK > /dev/null 2>&1
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_PENDING > /dev/null 2>&1
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
${IPTABLES} -w -t nat -I ${SHGW_PREROUTING_CHAIN} -j SHGW_IPSET > /dev/null 2>&1
## RULES UNDER FILTER TABLE
${IPTABLES} -w -t filter -N SHGW_IPSET > /dev/null 2>&1
${IPTABLES} -w -t filter -N SHGW_NETWORK_PAUSE > /dev/null 2>&1
${IPTABLES} -w -t filter -N SHGW_DEVICE_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t filter -N SHGW_PC_TIME_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t filter -N SHGW_HOST_REPUTATION > /dev/null 2>&1
${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
${IPTABLES} -w -t filter -I ${SHGW_FORWARD_CHAIN} -j SHGW_IPSET > /dev/null 2>&1
}
# main
${ECHO} "Starting dpwrap" >> ${SHGW_STARTUP_LOG} 2>&1
fn_trim_startup_log
fn_kill_dpwrap_if_running
fn_shgw_ipv6_tproxy_cleanup
fn_shgw_ipv6_tproxy_setup
fn_shgw_ipv4_tproxy_cleanup
fn_shgw_ipv4_tproxy_setup
fn_shgw_ipset_cleanup
fn_shgw_ipset_setup
fn_launch_and_wait
fn_shgw_ipset_cleanup
fn_shgw_ipv4_tproxy_cleanup
fn_shgw_ipv6_tproxy_cleanup
${IPTABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
${IP6TABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
${ECHO} "Stopping dpwrap" >> ${SHGW_STARTUP_LOG} 2>&1

View file

@ -0,0 +1,83 @@
#!/bin/sh
#############################################################################
#
# MCAFEE CONFIDENTIAL
# Copyright ©2018 McAfee, LLC
#
# The source code contained or described herein and all documents related
# to the source code ("Material") are owned by McAfee or its
# suppliers or licensors. Title to the Material remains with McAfee
# or its suppliers and licensors. The Material contains trade
# secrets and proprietary and confidential information of McAfee or its
# suppliers and licensors. The Material is protected by worldwide copyright
# and trade secret laws and treaty provisions. No part of the Material may
# be used, copied, reproduced, modified, published, uploaded, posted,
# transmitted, distributed, or disclosed in any way without McAfee's prior
# express written permission.
#
# No license under any patent, copyright, trade secret or other intellectual
# property right is granted to or conferred upon you by disclosure or
# delivery of the Materials, either expressly, by implication, inducement,
# estoppel or otherwise. Any license under such intellectual property rights
# must be express and approved by McAfee in writing.
#
##############################################################################
# A script to monitor if watchdogd is running or not
#
# Author : Eswar Yaganti
# Date : 10-Mar-2016
. /etc/shgw/shgw.constants
. /etc/shgw/shgw.common
MONIT_PID_FILE=${SHGW_TMPFS_PATH}/.shgw_wd_monit_pid
start_and_monitor_WD() {
wd_died=0
while true ; do
fn_trim_startup_log
${SHGW_LOG_TRIMMER} &
wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
if [ ! -z ${wd_pid} ]; then
${ECHO} "[$$] $0 killing previous WD, pid=${wd_pid}, at `uptime`"
${ECHO} "[$$] $0 killing previous WD, pid=${wd_pid}, at `uptime`" >> ${SHGW_STARTUP_LOG}
${KILL} -9 ${wd_pid}
${SLEEP} 2
fi
${ECHO} "[$$] $0 starting ${SHGW_WD} ${SHGW_WD_CONF}, at `uptime`"
${ECHO} "[$$] $0 starting ${SHGW_WD} ${SHGW_WD_CONF}, at `uptime`" >> ${SHGW_STARTUP_LOG}
${SHGW_WD} ${SHGW_WD_CONF} ${wd_died} 2>>${SHGW_ERROR_FILE} &
SHGW_WD_PID=$!
wait ${SHGW_WD_PID}
# Is this required?
${SLEEP} 2
wd_died=1
done
}
exit_if_running() {
if [ ! -f ${MONIT_PID_FILE} ]; then
${ECHO} "[$$] Fresh instance at `uptime`"
${ECHO} "[$$] Fresh instance at `uptime`" >> ${SHGW_STARTUP_LOG}
${ECHO} $$ > ${MONIT_PID_FILE}
else
_PID=$(${CAT} ${MONIT_PID_FILE})
if [ ! -z $(${CAT} /proc/${_PID}/cmdline | ${GREP} shgw_wd_monit) ];then
${ECHO} "[$$] Another instance running, pids=[${_PID}] at `uptime`"
${ECHO} "[$$] Another instance running, pids=[${_PID}] at `uptime`" >> ${SHGW_STARTUP_LOG}
exit 1
else
${ECHO} "[$$] Overwriting ${MONIT_PID_FILE} at `uptime`"
${ECHO} "[$$] Overwriting ${MONIT_PID_FILE} at `uptime`" >> ${SHGW_STARTUP_LOG}
${ECHO} $$ > ${MONIT_PID_FILE}
fi
fi
}
exit_if_running
start_and_monitor_WD

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

Binary file not shown.

View file

@ -0,0 +1,8 @@
#!/bin/sh
prefix=
exec_prefix=${prefix}
bindir=${exec_prefix}/bin
sysconfdir=/etc
localstatedir=${prefix}/var
${bindir}/pdbtool merge -r --glob \*.pdb -D ${sysconfdir}/patterndb.d -p ${localstatedir}/patterndb.xml

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
busybox

View file

@ -0,0 +1 @@
/dev/null

View file

@ -0,0 +1 @@
/dev/null

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show more