#!/bin/bash 

#########################################################################################
# Copyright (C) 2009 Leon Ward 
# OpenFPC - Part of the OpenFPC - (Full Packet Capture) project
#
# Contact: leon@rm-rf.co.uk
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#########################################################################################

# ---------------- Nothing to do below here -------------
# List of config files to try in order

CONFIG_FILES="./openfpc.conf /etc/openfpc/openfpc.conf /opt/openfpc/openfpc.conf"

for i in $CONFIG_FILES
do
	if [ -f $i ]
	then
		echo "[*] Reading configuration file $i"
		source $i
		break
	fi
done

FILENAME="buffer"    	# IMPORTANT the - is used to determine what is filename and what is file number!
			# Make sure that there is only one - and it is at the end of the filename
IAM=$(whoami)
DATE=$(date)
PATH=$PATH:/sbin:/usr/sbin
TCPDUMPOPTS="-Z root" 	
openfpcver=0.1a
PID_FILE=openfpc-dl
PID_PATH=/var/run
FILENAME=openfpc-pcap

if [ "$DONE_CONFIG" != 1 ]
then
	echo -e "[!] Configuration not complete, unable to read config from $CONFIG_FILES \n    Have you run ./install-opefpc ?"
	exit 1
fi


if [ "$MULTI_BUFFER" == "1" ] 
then
	CURRENT=$(cat $CURRENT_FILE 2>/dev/null) || CURRENT="SINGLE"
else
	CURRENT="SINGLE"
fi

#sudo tcpdump -n -i eth1 -s 0 -C 50  -W 20 -w /var/tmp/buffer-

function die()
{
	echo $1
	exit 1
}

function clean()
{
	if [ "$IAM" != "root" ]
	then
		die "[!] Must be root"
	fi
	# Remove all non-current pcap buffers to free up disk space
	echo [!] Are you sure you want to delete these old pcap buffers?
	RMFILES=$(ls $BUFFER_PATH/$FILENAME* |grep -v $CURRENT)
	echo "$RMFILES"
	echo "---------------"
	read -p "Hit CTRL+C to stop, enter to delete (current buffer will not be affected)"
	rm $RMFILES
}

function start()
{
	if [ "$IAM" != "root" ]
	then
		die "[!] Must be root"
	fi

	if [ -f $PID_PATH/$PID_FILE ] 
	then
		DPID=$(cat $PID_PATH/$PID_FILE)
		ps aux |grep $DPID |grep -v grep > /dev/null && die "[!] Daemonlogger already running"
	fi 

	if [ -d $BUFFER_PATH ]
	then
		touch $BUFFER_PATH/ok || dir "[!] Cant write to buffer path $BUFFER_PATH."
		rm $BUFFER_PATH/ok || die "Cant remove ok file in buffer path - Strange."
	else
		mkdir --parent $BUFFER_PATH || die "[!] Cant mkdir buffer location $BUFFER_PATH"
	fi
	
	ifconfig $INTERFACE > /dev/null 2>&1 || die "[!] Unable to find device $INTERFACE."
	# It looks like daemonlogger expects to find SOMETHING to unlink in $LOGDIR when it gets 
	# close to -M value. Lets give it a little something, I think this will pevent a lot
	# of questions from confused users. Strange I know, but hey.

	touch $LOG/openfpc-pcap.0
	CMD="$DAEMONLOGGER -d \
		-i $INTERFACE \
		-l $LOG \
		-M $DISK_SPACE \
		-s $FILE_SIZE \
		-p $PID_FILE \
		-P $PID_PATH \
		-n openfpc-pcap "

	$CMD || die "Unable to start daemonlogger"
	sleep 1
	[ -f $LOG/openfpc-pcap.0 ] && rm $LOG/openfpc-pcap.0
	
	if [ -f $PID_PATH/$PID_FILE ] 
	then
		DPID=$(cat $PID_PATH/$PID_FILE) || die "[!] Error: Unable to read pid file"
		if ps aux |grep $DPID |grep -v grep  > /dev/null
		then
			echo 
			echo "[-] It looks like daemonlogger has started successfully"
		else
			echo
			echo "[!] Error: It looks like something went wrong starting daemonlogger"
			echo "    OpenFPC requires daemonlogger version 1.2.1 or above"
			echo "    You could also try to run the following command to work out what went wrong"
			echo $CMD
		fi
	else 
		die "[!] Error: I don't think daemonlogger is running! No PID file $PID_PATH/$PID_FILE found"
	fi 
	echo "[*] Traffic buffer (Daemonlogger) started on $DATE"
}


function stop()
{
	if [ "$IAM" != "root" ]
	then
		die "[!] Must be root"
	fi

	if [ -f $PID_PATH/$PID_FILE ] 
	then
		DPID=$(cat $PID_PATH/$PID_FILE) || die "[!] Cant read PID file $PID_PATH/$PID_FILE"
	else 
		die "[!] Wont stop. I don't think daemonlogger is running! No PID file $PID_PATH/$PID_FILE found"
	fi 

	kill $DPID 
	echo "[*] Traffic buffer (Daemonlogger) $DPID stopped"
}

function status()
{
	if ls $BUFFER_PATH/$FILENAME* > /dev/null 2>&1
	then
		FIRSTBUFFER=$(ls -tr $BUFFER_PATH/$FILENAME*|head -n 1)
		FIRSTPACKET=$(tcpdump -n -r $FIRSTBUFFER -c 1 -tttt 2>/dev/null |awk '{print $1 " " $2}')
		NOW=$(date +%Y-%m-%d\ %H:%M:%S)
		LASTBUFFER=$(ls -t $BUFFER_PATH/$FILENAME*|head -n 1)
		EPOC_FIRST=$(date -d "$FIRSTPACKET" +%s)
		EPOC_LAST=$(date -d "$NOW" +%s)
		let EPOC_DELTA=($EPOC_LAST-$EPOC_FIRST)/60/60
		SIZE=$(du $BUFFER_PATH -h | awk '{print $1}')
		USED=$(df $BUFER_PATH -h |grep ^/ |awk '{print $5}')
		DPID=$(cat $PID_PATH/$PID_FILE) || DPID="NONE_NOT_RUNNING"

		if ps aux |grep $DPID > /dev/null 
		then
			echo "[*] Traffic buffer (Daemonlogger) running with pid $PID "
		else
			echo "[!] Traffic buffer (Daemonlogger) not running"
		fi
		echo -e " - Time now 		    $NOW"
		echo -e " - Oldest packet	    $FIRSTPACKET"
		echo -e " - Oldest File		    $FIRSTBUFFER"
		echo -e " - Using File		    $LASTBUFFER"
		echo -e " - Time Window		    ~ $EPOC_DELTA hours"
		echo -e " - Disk space used	    $SIZE"
		echo -e " - Partition utilization    $USED"
	else
		echo "[!] No current buffers found in $BUFFER_PATH - Have you started it yet?"
	fi
}


case $1 in 
	start)
		start
	;;
	stop)
		stop
	;;
	clean)
		clean	
	;;
	restart)
		stop
		sleep 2
		start	
	;;
	status)
		status
	;;
	*)
		echo -e " Usage"
		echo -e " --------------"
		echo -e " openfpc start"
		echo -e " openfpc stop"
		echo -e " openfpc status - Show buffer status"	
		echo -e " openfpc clean  - Delete old buffers"	
	;;
esac
