|
1
|
#!/bin/sh
|
|
2
|
#
|
|
3
|
# ping_hosts.sh
|
|
4
|
#
|
|
5
|
# part of pfSense (https://www.pfsense.org)
|
|
6
|
# Copyright (c) 2006-2016 Rubicon Communications, LLC (Netgate)
|
|
7
|
# All rights reserved.
|
|
8
|
#
|
|
9
|
# Redistribution and use in source and binary forms, with or without
|
|
10
|
# modification, are permitted provided that the following conditions are met:
|
|
11
|
#
|
|
12
|
# 1. Redistributions of source code must retain the above copyright notice,
|
|
13
|
# this list of conditions and the following disclaimer.
|
|
14
|
#
|
|
15
|
# 2. Redistributions in binary form must reproduce the above copyright
|
|
16
|
# notice, this list of conditions and the following disclaimer in
|
|
17
|
# the documentation and/or other materials provided with the
|
|
18
|
# distribution.
|
|
19
|
#
|
|
20
|
# 3. All advertising materials mentioning features or use of this software
|
|
21
|
# must display the following acknowledgment:
|
|
22
|
# "This product includes software developed by the pfSense Project
|
|
23
|
# for use in the pfSense® software distribution. (http://www.pfsense.org/).
|
|
24
|
#
|
|
25
|
# 4. The names "pfSense" and "pfSense Project" must not be used to
|
|
26
|
# endorse or promote products derived from this software without
|
|
27
|
# prior written permission. For written permission, please contact
|
|
28
|
# coreteam@pfsense.org.
|
|
29
|
#
|
|
30
|
# 5. Products derived from this software may not be called "pfSense"
|
|
31
|
# nor may "pfSense" appear in their names without prior written
|
|
32
|
# permission of the Electric Sheep Fencing, LLC.
|
|
33
|
#
|
|
34
|
# 6. Redistributions of any form whatsoever must retain the following
|
|
35
|
# acknowledgment:
|
|
36
|
#
|
|
37
|
# "This product includes software developed by the pfSense Project
|
|
38
|
# for use in the pfSense software distribution (http://www.pfsense.org/).
|
|
39
|
#
|
|
40
|
# THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
|
|
41
|
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
42
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
43
|
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
|
|
44
|
# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
45
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
46
|
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
47
|
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
48
|
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
49
|
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
50
|
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
51
|
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
52
|
|
|
53
|
# Format of file should be delimited by |
|
|
54
|
# Field 1: Source IP
|
|
55
|
# Field 2: Destination IP
|
|
56
|
# Field 3: Ping count
|
|
57
|
# Field 4: Script to run when service is down
|
|
58
|
# Field 5: Script to run once service is restored
|
|
59
|
# Field 6: Ping time threshold
|
|
60
|
# Field 7: Wan ping time threshold
|
|
61
|
# Field 8: Address family
|
|
62
|
|
|
63
|
# Read in ipsec ping hosts and check the CARP status
|
|
64
|
# Only perform this check if there are IPsec hosts to ping, see
|
|
65
|
# https://redmine.pfsense.org/issues/8172
|
|
66
|
if [ -f /var/db/ipsecpinghosts -a -s /var/db/ipsecpinghosts ]; then
|
|
67
|
IPSECHOSTS="/var/db/ipsecpinghosts"
|
|
68
|
CURRENTIPSECHOSTS="/var/db/currentipsecpinghosts"
|
|
69
|
IFVPNSTATE=`ifconfig $IFVPN | grep "carp: BACKUP vhid" | wc -l`
|
|
70
|
if [ $IFVPNSTATE -gt 1 ]; then
|
|
71
|
echo -e "CARP interface in BACKUP (not pinging ipsec hosts)"
|
|
72
|
rm -f $CURRENTIPSECHOSTS
|
|
73
|
touch $CURRENTIPSECHOSTS
|
|
74
|
else
|
|
75
|
echo -e "CARP interface is MASTER or non CARP (pinging ipsec hosts)"
|
|
76
|
cat < $IPSECHOSTS > $CURRENTIPSECHOSTS
|
|
77
|
fi
|
|
78
|
fi
|
|
79
|
|
|
80
|
# General file meant for user consumption
|
|
81
|
if [ -f /var/db/hosts ]; then
|
|
82
|
HOSTS="/var/db/hosts"
|
|
83
|
fi
|
|
84
|
|
|
85
|
# Package specific ping requests
|
|
86
|
if [ -f /var/db/pkgpinghosts ]; then
|
|
87
|
PKGHOSTS="/var/db/pkgpinghosts"
|
|
88
|
fi
|
|
89
|
|
|
90
|
# Make sure at least one of these has contents, otherwise cat will be stuck waiting on input
|
|
91
|
if [ ! -z "${PKGHOSTS}" -o ! -z "${HOSTS}" -o ! -z "${CURRENTIPSECHOSTS}" ]; then
|
|
92
|
cat $PKGHOSTS $HOSTS $CURRENTIPSECHOSTS >/tmp/tmpHOSTS
|
|
93
|
else
|
|
94
|
# Nothing to do!
|
|
95
|
exit
|
|
96
|
fi
|
|
97
|
|
|
98
|
if [ ! -d /var/db/pingstatus ]; then
|
|
99
|
/bin/mkdir -p /var/db/pingstatus
|
|
100
|
fi
|
|
101
|
|
|
102
|
if [ ! -d /var/db/pingmsstatus ]; then
|
|
103
|
/bin/mkdir -p /var/db/pingmsstatus
|
|
104
|
fi
|
|
105
|
|
|
106
|
PINGHOSTS=`cat /tmp/tmpHOSTS`
|
|
107
|
|
|
108
|
PINGHOSTCOUNT=`cat /tmp/tmpHOSTS | wc -l`
|
|
109
|
|
|
110
|
if [ "$PINGHOSTCOUNT" -lt "1" ]; then
|
|
111
|
exit
|
|
112
|
fi
|
|
113
|
|
|
114
|
for TOPING in $PINGHOSTS ; do
|
|
115
|
echo "PROCESSING $TOPING"
|
|
116
|
SRCIP=`echo $TOPING | cut -d"|" -f1`
|
|
117
|
DSTIP=`echo $TOPING | cut -d"|" -f2`
|
|
118
|
COUNT=`echo $TOPING | cut -d"|" -f3`
|
|
119
|
FAILURESCRIPT=`echo $TOPING | cut -d"|" -f4`
|
|
120
|
SERVICERESTOREDSCRIPT=`echo $TOPING | cut -d"|" -f5`
|
|
121
|
THRESHOLD=`echo $TOPING | cut -d"|" -f6`
|
|
122
|
WANTHRESHOLD=`echo $TOPING | cut -d"|" -f7`
|
|
123
|
AF=`echo $TOPING | cut -d"|" -f8`
|
|
124
|
if [ "$AF" == "inet6" ]; then
|
|
125
|
PINGCMD=ping6
|
|
126
|
else
|
|
127
|
PINGCMD=ping
|
|
128
|
fi
|
|
129
|
echo Processing $DSTIP
|
|
130
|
# Look for a service being down
|
|
131
|
# Read in previous status
|
|
132
|
PREVIOUSSTATUS=""
|
|
133
|
if [ -f "/var/db/pingstatus/${DSTIP}" ]; then
|
|
134
|
PREVIOUSSTATUS=`cat /var/db/pingstatus/$DSTIP`
|
|
135
|
fi
|
|
136
|
$PINGCMD -c $COUNT -S $SRCIP $DSTIP
|
|
137
|
if [ $? -eq 0 ]; then
|
|
138
|
# Host is up
|
|
139
|
if [ "$PREVIOUSSTATUS" != "UP" ]; then
|
|
140
|
# Service restored
|
|
141
|
echo "UP" > /var/db/pingstatus/$DSTIP
|
|
142
|
if [ "$SERVICERESTOREDSCRIPT" != "" ]; then
|
|
143
|
echo "$DSTIP is UP, previous state was DOWN .. Running $SERVICERESTOREDSCRIPT"
|
|
144
|
echo "$DSTIP is UP, previous state was DOWN .. Running $SERVICERESTOREDSCRIPT" | logger -p daemon.info -i -t PingMonitor
|
|
145
|
sh -c $SERVICERESTOREDSCRIPT
|
|
146
|
fi
|
|
147
|
fi
|
|
148
|
else
|
|
149
|
# Host is down
|
|
150
|
if [ "$PREVIOUSSTATUS" != "DOWN" ]; then
|
|
151
|
# Service is down
|
|
152
|
echo "DOWN" > /var/db/pingstatus/$DSTIP
|
|
153
|
if [ "$FAILURESCRIPT" != "" ]; then
|
|
154
|
echo "$DSTIP is DOWN, previous state was UP .. Running $FAILURESCRIPT"
|
|
155
|
echo "$DSTIP is DOWN, previous state was UP .. Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
|
|
156
|
sh -c $FAILURESCRIPT
|
|
157
|
fi
|
|
158
|
fi
|
|
159
|
fi
|
|
160
|
echo "Checking ping time $DSTIP"
|
|
161
|
# Look at ping values themselves
|
|
162
|
PINGTIME=`$PINGCMD -c 1 -S $SRCIP $DSTIP | awk '{ print $7 }' | grep time | cut -d "=" -f2`
|
|
163
|
echo "Ping returned $?"
|
|
164
|
echo $PINGTIME > /var/db/pingmsstatus/$DSTIP
|
|
165
|
if [ "$THRESHOLD" != "" ]; then
|
|
166
|
if [ $(echo "${PINGTIME} > ${THRESHOLD}" | /usr/bin/bc) -eq 1 ]; then
|
|
167
|
echo "$DSTIP has exceeded ping threshold $PINGTIME / $THRESHOLD .. Running $FAILURESCRIPT"
|
|
168
|
echo "$DSTIP has exceeded ping threshold $PINGTIME / $THRESHOLD .. Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
|
|
169
|
sh -c $FAILURESCRIPT
|
|
170
|
fi
|
|
171
|
fi
|
|
172
|
# Wan ping time threshold
|
|
173
|
#WANTIME=`rrdtool fetch /var/db/rrd/wan-quality.rrd AVERAGE -r 120 -s -1min -e -1min | grep ":" | cut -f3 -d" " | cut -d"e" -f1`
|
|
174
|
echo "Checking wan ping time $WANTIME"
|
|
175
|
echo $WANTIME > /var/db/wanaverage
|
|
176
|
if [ "$WANTHRESHOLD" != "" -a "$WANTIME" != "" ]; then
|
|
177
|
if [ $(echo "${WANTIME} > ${WANTHRESHOLD}" | /usr/bin/bc) -eq 1 ]; then
|
|
178
|
echo "$DSTIP has exceeded wan ping threshold $WANTIME / $WANTHRESHOLD .. Running $FAILURESCRIPT"
|
|
179
|
echo "$DSTIP has exceeded wan ping threshold $WANTIME / $WANTHRESHOLD .. Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
|
|
180
|
sh -c $FAILURESCRIPT
|
|
181
|
fi
|
|
182
|
fi
|
|
183
|
sleep 1
|
|
184
|
done
|
|
185
|
|
|
186
|
exit 0
|
|
187
|
|