function status()
{
$sock = new sockets();
$status = base64_decode($sock->getFrameWork("chilli.php?status=yes"));
$ini = new Bs_IniHandler();
$ini->loadString($status);
$APP_HAARP = DAEMON_STATUS_ROUND("APP_HOTSPOT", $ini, null, 1);
$APP_HOTSPOT_DNSMASQ = DAEMON_STATUS_ROUND("APP_HOTSPOT_DNSMASQ", $ini, null, 1);
$tpl = new templates();
echo $tpl->_ENGINE_parse_body($APP_HAARP);
echo $tpl->_ENGINE_parse_body($APP_HOTSPOT_DNSMASQ);
$ChilliConf = unserialize(base64_decode($sock->GET_INFO("ChilliConf")));
$ChilliConf = GetInterfaceArray($ChilliConf);
$wan_ip = $ChilliConf["HS_WANIF_IP"];
$lan_ip = $ChilliConf["HS_UAMLISTEN"];
if ($ChilliConf["HS_LANIF"] == null) {
$CHILLI_ERROR_SAME_NETS = $tpl->_ENGINE_parse_body("{CHILLI_HS_LANIF_NULL}");
echo "<p class=text-error>{$CHILLI_ERROR_SAME_NETS}</p>";
}
if ($ChilliConf["HS_WANIF"] == null) {
$CHILLI_ERROR_SAME_NETS = $tpl->_ENGINE_parse_body("{CHILLI_HS_WANIF_NULL}");
echo "<p class=text-error>{$CHILLI_ERROR_SAME_NETS}</p>";
}
$PR = explode(".", $lan_ip);
$lan = "{$PR[0]}.{$PR[1]}.{$PR[2]}.0";
$PR = explode(".", $wan_ip);
$wan = "{$PR[0]}.{$PR[1]}.{$PR[2]}.0";
if ($lan == $wan) {
$CHILLI_ERROR_SAME_NETS = $tpl->_ENGINE_parse_body("{CHILLI_ERROR_SAME_NETS}");
$CHILLI_ERROR_SAME_NETS = str_replace("%a", $lan, $CHILLI_ERROR_SAME_NETS);
$CHILLI_ERROR_SAME_NETS = str_replace("%b", $wan, $CHILLI_ERROR_SAME_NETS);
echo "<p class=text-error>{$CHILLI_ERROR_SAME_NETS}</p>";
}
if ($ChilliConf["HS_UAMFREEWEB"] == 0) {
$ChilliConf["HS_UAMFREEWEB"] = null;
}
if (trim($ChilliConf["HS_UAMFREEWEB"]) == null) {
$CHILLI_ERROR_NO_FREEWEB = $tpl->_ENGINE_parse_body("{CHILLI_ERROR_NO_FREEWEB}");
echo "<p class=text-error>{$CHILLI_ERROR_NO_FREEWEB}</p>";
}
}
function up_sh($ChilliConf = array())
{
if (count($ChilliConf) < 5) {
$sock = new sockets();
$ChilliConf = unserialize(base64_decode($sock->GET_INFO("ChilliConf")));
$ChilliConf = GetInterfaceArray($ChilliConf);
}
$squidport = intval($ChilliConf["SQUID_HTTP_PORT"]);
$f[] = "#!/bin/sh";
$f[] = "";
$f[] = "TUNTAP=\$(basename \$DEV)";
$f[] = "UNDO_FILE=/var/run/chilli.\$TUNTAP.sh";
$f[] = "";
$f[] = ". /etc/chilli/functions";
$f[] = "";
$f[] = "[ -e \"\$UNDO_FILE\" ] && sh \$UNDO_FILE 2>/dev/null";
$f[] = "rm -f \$UNDO_FILE 2>/dev/null";
$f[] = "";
$f[] = "ipt() {";
$f[] = " opt=\$1; shift";
$f[] = " echo \"iptables -D \$*\" >> \$UNDO_FILE";
$f[] = " iptables \$opt \$*";
$f[] = "}";
$f[] = "";
$f[] = "ipt_in() {";
$f[] = " ipt -I INPUT -i \$TUNTAP \$*";
$f[] = "}";
$f[] = "";
$f[] = "if [ -n \"\$TUNTAP\" ]";
$f[] = "then";
$f[] = " # ifconfig \$TUNTAP mtu \$MTU";
$f[] = " if [ \"\$KNAME\" != \"\" ]";
$f[] = " then";
$f[] = "\tipt -I FORWARD -i \$DHCPIF -m coova --name \$KNAME -j ACCEPT ";
$f[] = "\tipt -I FORWARD -o \$DHCPIF -m coova --name \$KNAME --dest -j ACCEPT";
$f[] = "\tipt -I FORWARD -i \$TUNTAP -j ACCEPT";
$f[] = "\tipt -I FORWARD -o \$TUNTAP -j ACCEPT";
$f[] = "\t[ -n \"\$DHCPLISTEN\" ] && ifconfig \$DHCPIF \$DHCPLISTEN";
$f[] = " else";
$f[] = "\tif [ \"\$LAYER3\" != \"1\" ]";
$f[] = "\tthen";
$f[] = "\t [ -n \"\$UAMPORT\" -a \"\$UAMPORT\" != \"0\" ] && \\";
$f[] = "\t\tipt_in -p tcp -m tcp --dport \$UAMPORT --dst \$ADDR -j ACCEPT";
$f[] = "\t ";
$f[] = "\t [ -n \"\$UAMUIPORT\" -a \"\$UAMUIPORT\" != \"0\" ] && \\";
$f[] = "\t\tipt_in -p tcp -m tcp --dport \$UAMUIPORT --dst \$ADDR -j ACCEPT";
$f[] = "\t ";
$f[] = "\t [ -n \"\$HS_TCP_PORTS\" ] && {";
$f[] = "\t\tfor port in \$HS_TCP_PORTS; do";
$f[] = "\t\t ipt_in -p tcp -m tcp --dport \$port --dst \$ADDR -j ACCEPT";
$f[] = "\t\tdone";
$f[] = "\t }";
$f[] = "\t ";
$f[] = "\t ipt_in -p udp -d 255.255.255.255 --destination-port 67:68 -j ACCEPT";
$f[] = "\t ipt_in -p udp -d \$ADDR --destination-port 67:68 -j ACCEPT";
$f[] = "\t ipt_in -p udp --dst \$ADDR --dport 53 -j ACCEPT";
$f[] = "\t ipt_in -p icmp --dst \$ADDR -j ACCEPT";
$f[] = "\t ";
$f[] = "\t ipt -A INPUT -i \$TUNTAP --dst \$ADDR -j DROP";
$f[] = "\t ";
$f[] = "\t ipt -I INPUT -i \$DHCPIF -j DROP";
$f[] = "\tfi";
$f[] = "\t";
$f[] = "\tipt -I FORWARD -i \$DHCPIF -j DROP";
$f[] = "\tipt -I FORWARD -o \$DHCPIF -j DROP";
$f[] = "\t";
$f[] = "\tipt -I FORWARD -i \$TUNTAP -j ACCEPT";
$f[] = "\tipt -I FORWARD -o \$TUNTAP -j ACCEPT";
$f[] = "\t";
$f[] = " # Help out conntrack to not get confused";
$f[] = " # (stops masquerading from working)";
$f[] = " #ipt -I PREROUTING -t raw -j NOTRACK -i \$DHCPIF";
$f[] = " #ipt -I OUTPUT -t raw -j NOTRACK -o \$DHCPIF";
$f[] = "\t";
$f[] = " # Help out MTU issues with PPPoE or Mesh";
$f[] = "\tipt -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu";
$f[] = "\tipt -I FORWARD -t mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu";
$f[] = "\t";
$f[] = "\t[ \"\$HS_LAN_ACCESS\" != \"on\" -a \"\$HS_LAN_ACCESS\" != \"allow\" ] && \\";
$f[] = "\t ipt -I FORWARD -i \$TUNTAP \\! -o \$HS_WANIF -j DROP";
$f[] = "\t";
$f[] = "\t[ \"\$HS_LOCAL_DNS\" = \"on\" ] && \\";
$f[] = "\t ipt -I PREROUTING -t nat -i \$TUNTAP -p udp --dport 53 -j DNAT --to-destination \$ADDR";
$f[] = " fi";
$f[] = "fi";
$f[] = "";
$f[] = "# site specific stuff optional";
$f[] = "[ -e /etc/chilli/ipup.sh ] && . /etc/chilli/ipup.sh";
$f[] = "";
@file_put_contents("/etc/chilli/up.sh", @implode("\n", $f));
@chmod("/etc/chilli/up.sh", 0755);
$f = array();
$f[] = "#!/bin/sh";
$f[] = "# Custom rules for Hotspot";
$f[] = "# TRANS PROXY";
$f[] = "# ipt -I PREROUTING -t nat -p tcp -s 10.1.0.0/24 -d 10.1.0.1 --dport {$squidport} -j DROP";
$f[] = "# ipt -I PREROUTING -t nat -i \$IF -p tcp -s 10.1.0.0/24 -d ! 10.1.0.1 --dport 80 -j REDIRECT --to {$squidport}";
$f[] = "";
$f[] = " # Redirect to Squid proxy (drop direct attempts to proxy)";
$f[] = " ipt -I PREROUTING -t mangle -p tcp -s \$NET/\$MASK -d \$ADDR --dport {$squidport} -j DROP";
$f[] = " ipt -I PREROUTING -t nat -i {$ChilliConf["HS_LANIF"]} -p tcp -s \$NET/\$MASK ! -d \$ADDR --dport 80 -j REDIRECT --to {$squidport}";
$f[] = " # Look at using this rule?";
$f[] = " # ipt -I PREROUTING -t nat -i {$ChilliConf["HS_LANIF"]} -p tcp -s \$NET/\$MASK ! -d \$ADDR --dport 80 -j DNAT --to 192.168.8.22:3128";
$f[] = " ";
$f[] = " # Redirect DNS to local server # Coova Chilli seems to take care of this";
$f[] = "# ipt -I PREROUTING -t nat -i {$ChilliConf["HS_LANIF"]} -p tcp -s \$NET/\$MASK ! -d \$ADDR --dport 53 -j REDIRECT --to 53";
$f[] = "# ipt -I PREROUTING -t nat -i {$ChilliConf["HS_LANIF"]} -p udp -s \$NET/\$MASK ! -d \$ADDR --dport 53 -j REDIRECT --to 53 ";
$f[] = "# MASQUERADE";
$f[] = " ipt -I POSTROUTING -t nat -o {$ChilliConf["HS_LANIF"]} -j MASQUERADE";
$f[] = "";
@file_put_contents("/etc/chilli/ipup.sh", @implode("\n", $f));
@chmod("/etc/chilli/ipup.sh", 0755);
}
