#!/bin/sh
#
# Could be better, but it's working as expected
#
# 
#
# chkconfig: 345 65 35
#
# description: Startup/shutdown script for Wifidog captive portal
# processname: wifidog

# Date    : 2004-08-25
# Version : 1.0

IPT=/usr/sbin/iptables
WD_DIR=/usr/bin
OPTIONS=""

case "$1" in
  start)
    echo "Starting Wifidog ... "
    if $WD_DIR/wdctl status 2> /dev/null
    then
	echo "FAILED:  Wifidog already running"
    else
        $0 test-module
	if $WD_DIR/wifidog $OPTIONS
	then
		echo "OK"
	else
		echo "FAILED:  Wifidog exited with non 0 status"
	fi
    fi
    ;;
  restart)
    $0 stop
    sleep 2
    $0 start
    ;;
  reload)
    $0 stop
    sleep 2
    $0 start
    ;;
  stop)
    echo "Stopping Wifidog ... "
    if $WD_DIR/wdctl status 2> /dev/null
    then
       	if $WD_DIR/wdctl stop
	then
		echo "OK"
	else
		echo "FAILED:  wdctl stop exited with non 0 status"
	fi
       
    else
       echo "FAILED:  Wifidog was not running"
    fi
    ;;
  status)
    $WD_DIR/wdctl status
    ;;
  debug|test-module)

    ### Test ipt_mark with iptables
    test_ipt_mark () {
      IPTABLES_OK=$($IPT -A FORWARD -m mark --mark 2 -j ACCEPT 2>&1 | grep "No chain.target.match")
      if [ -z "$IPTABLES_OK" ]; then
        $IPT -D FORWARD -m mark --mark 2 -j ACCEPT 2>&1
        echo 1
      else
        echo 0
      fi
    }
    ### Test ipt_mac with iptables
    test_ipt_mac () {
      IPTABLES_OK=$($IPT -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1 | grep "No chain.target.match")
      if [ -z "$IPTABLES_OK" ]; then
        $IPT -D INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1
        echo 1
      else
        echo 0
      fi
    }

    ### Test ipt_REDIRECT with iptables
    test_ipt_REDIRECT () {
      IPTABLES_OK=$($IPT -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 2060 2>&1 | grep "No chain.target.match")
      if [ -z "$IPTABLES_OK" ]; then
        $IPT -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 2060 2>&1
        echo 1
      else
        echo 0
      fi
    }

    ### Find a module on disk
    module_exists () {
    echo " Looking for a module on disk"
      EXIST=$(find /lib/modules/`uname -r` -name $1.*o 2>/dev/null)
      if [ -n "$EXIST" ]; then
        echo 1
      else
        echo 0
      fi
    }

    ### Test if a module is in memory
    module_in_memory () {
      MODULE=$(lsmod | grep $1 | awk '{print $1}')
      if [ "$MODULE" = "$1" ]; then
        echo 1
      else
        echo 0
      fi
    }

    echo "Testing for iptables modules"

    echo "  Testing ipt_mac"
    TEST_IPT_MAC=$(test_ipt_mac)
    if [ "$TEST_IPT_MAC" = "0" ]; then
      echo "   iptables is not working with ipt_mac"
      echo "   Scanning disk for ipt_mac module"
      TEST_IPT_MAC_MODULE_EXISTS=$(module_exists "ipt_mac")
      if [ "$TEST_IPT_MAC_MODULE_EXISTS" = "0" ]; then
        echo "   ipt_mac module is missing, please install it (kernel or module)"
        exit
      else
        echo "   ipt_mac module exists, trying to load"
        insmod ipt_mac > /dev/null
        TEST_IPT_MAC_MODULE_MEMORY=$(module_in_memory "ipt_mac")
        if [ "$TEST_IPT_MAC_MODULE_MEMORY" = "0" ]; then
          echo "  Error: ipt_mac not loaded"
          exit
        else
          echo "  ipt_mac loaded sucessfully"
        fi
      fi
    else
      echo "   ipt_mac  module is working"
    fi

    echo "  Testing ipt_mark"
    TEST_IPT_MARK=$(test_ipt_mark)
    if [ "$TEST_IPT_MARK" = "0" ]; then
      echo "   iptables is not working with ipt_mark"
      echo "   Scanning disk for ipt_mark module"
      TEST_IPT_MARK_MODULE_EXISTS=$(module_exists "ipt_mark")
      if [ "$TEST_IPT_MARK_MODULE_EXISTS" = "0" ]; then
        echo "   iptables ipt_mark module missing, please install it (kernel or module)"
        exit
      else
        echo "   ipt_mark module exists, trying to load"
        insmod ipt_mark
        TEST_IPT_MARK_MODULE_MEMORY=$(module_in_memory "ipt_mark")
        if [ "$TEST_IPT_MARK_MODULE_MEMORY" = "0" ]; then
          echo "   Error: ipt_mark not loaded"
          exit
        else
          echo "   ipt_mark loaded sucessfully"
        fi
      fi
      else
    echo "   ipt_mark module is working"
    fi

##TODO:  This will not test if required iptables userspace (iptables-mod-nat on Kamikaze) is installed
    echo "  Testing ipt_REDIRECT"
    TEST_IPT_MAC=$(test_ipt_REDIRECT)
    if [ "$TEST_IPT_MAC" = "0" ]; then
      echo "   iptables is not working with ipt_REDIRECT"
      echo "   Scanning disk for ipt_REDIRECT module"
      TEST_IPT_MAC_MODULE_EXISTS=$(module_exists "ipt_REDIRECT")
      if [ "$TEST_IPT_MAC_MODULE_EXISTS" = "0" ]; then
        echo "   ipt_REDIRECT module is missing, please install it (kernel or module)"
        exit
      else
        echo "   ipt_REDIRECT module exists, trying to load"
        insmod ipt_REDIRECT > /dev/null
        TEST_IPT_MAC_MODULE_MEMORY=$(module_in_memory "ipt_REDIRECT")
        if [ "$TEST_IPT_MAC_MODULE_MEMORY" = "0" ]; then
          echo "  Error: ipt_REDIRECT not loaded"
          exit
        else
          echo "  ipt_REDIRECT loaded sucessfully"
        fi
      fi
    else
      echo "   ipt_REDIRECT  module is working"
    fi

    ;;

  *)
   echo "Usage: $0 {start|stop|restart|reload|status|test-module}"
   exit 1
   ;;
esac


