Starting a script on network traffic from specific MAC addresses

[knicki]

Is it possible to start a script when the router (or the switch) sees any network traffic from some devices in my network?

I want to wake up my NAS at an early stage of the boot process of my PC to access the LDAP server on the NAS for logging in to the PC. The other scenario is to wake up the NAS automatically at the same time a media player is started.

The threats about WOL I found in this forum, or the info in the wiki have given some hints to me. But since I have no real idea how to write a script that could solve my problem, I have to ask the experts.

 

[RMerlin]

Switched traffic isn't visible from the software side, so that's most likely not possible.

 

[knicki]

I more or less expected this answer.

What kind of network traffic can be seen by the router? Something like DHCP requests? I don`t know how often a Windows clients asks the DHCP server für a new IP address.

Any idea on setting up a script that will wake up my NAS will be welcome.

 

[ColinTaylor]

What kind of network traffic can be seen by the router? Something like DHCP requests? I don`t know how often a Windows clients asks the DHCP server für a new IP address

That's an interesting idea. You will get a DHCP request every time your PC powers up. Maybe you could create a script like the following that sends a WOL packet to your NAS when dnsmasq detects the MAC address of your PC.

For dnsmasq:

--dhcp-script=<path>
Whenever a new DHCP lease is created, or an old one destroyed, or a TFTP file transfer completes, the executable specified by this option is run. <path> must be an absolute pathname, no PATH search occurs. The arguments to the process are "add", "old" or "del", the MAC address of the host (or DUID for IPv6) , the IP address, and the hostname, if known. "add" means a lease has been created, "del" means it has been destroyed, "old" is a notification of an existing lease when dnsmasq starts or a change to MAC address or hostname of an existing lease (also, lease length or expiry and client-id, if leasefile-ro is set). If the MAC address is from a network type other than ethernet, it will have the network type prepended, eg "06-01:23:45:67:89:ab" for token ring. The process is run as root (assuming that dnsmasq was originally run as root) even if dnsmasq is configured to change UID to an unprivileged user.

I created a script called /jffs/scripts/test.sh as follows:

#!/bin/sh

logger $0 $1 $2 $3 $4 $5 $6 $7 $8

Then:

# killall dnsmasq
# dnsmasq --log-async --dhcp-script=/jffs/scripts/test.sh

Here is the syslog of my mobile phone:

<turn on phone>
Dec 30 23:49:19 dnsmasq-dhcp[2033]: DHCPREQUEST(br0) 192.168.1.96 50:a4:c8:14:3b:e3
Dec 30 23:49:19 dnsmasq-dhcp[2033]: DHCPACK(br0) 192.168.1.96 50:a4:c8:14:3b:e3 GT-I8160
Dec 30 23:49:19 admin: /jffs/scripts/test.sh add 50:a4:c8:14:3b:e3 192.168.1.96 GT-I8160
<disconnect phone>
<reconnect phone>
Dec 30 23:49:59 dnsmasq-dhcp[2033]: DHCPREQUEST(br0) 192.168.1.96 50:a4:c8:14:3b:e3
Dec 30 23:49:59 dnsmasq-dhcp[2033]: DHCPACK(br0) 192.168.1.96 50:a4:c8:14:3b:e3 GT-I8160
Dec 30 23:49:59 admin: /jffs/scripts/test.sh old 50:a4:c8:14:3b:e3 192.168.1.96 GT-I8160

 

[enrysan0]

hi,
I created /jffs/configs/dnsmasq.conf.add and added this line:

dhcp-script=/jffs/scripts/dhcpscript.sh

to append dhcp-script=/jffs/scripts/dhcpscript.sh to dnsmasq config file

so every time a device add/old/del a lease dnsmasq properly run the script

now:
do you know how to let dnsmasq to fire the script only for add (or only old or only del) specific MAC address?

I don't understand in the man page of dnsmasq the syntax i have to use:

-6 --dhcp-script=<path>
Whenever a new DHCP lease is created, or an old one destroyed, or a TFTP file transfer completes, the executable specified by this option is run. <path> must be an absolute pathname, no PATH search occurs. The arguments to the process are "add", "old" or "del", the MAC address of the host (or DUID for IPv6) , the IP address, and the hostname, if known. "add" means a lease has been created, "del" means it has been destroyed, "old" is a notification of an existing lease when dnsmasq starts or a change to MAC address or hostname of an existing lease (also, lease length or expiry and client-id, if leasefile-ro is set). If the MAC address is from a network type other than ethernet, it will have the network type prepended, eg "06-01:23:45:67:89:ab" for token ring. The process is run as root (assuming that dnsmasq was originally run as root) even if dnsmasq is configured to change UID to an unprivileged user.
The environment is inherited from the invoker of dnsmasq, with some or all of the following variables added

For both IPv4 and IPv6:

DNSMASQ_DOMAIN if the fully-qualified domain name of the host is known, this is set to the domain part. (Note that the hostname passed to the script as an argument is never fully-qualified.)

If the client provides a hostname, DNSMASQ_SUPPLIED_HOSTNAME

If the client provides user-classes, DNSMASQ_USER_CLASS0..DNSMASQ_USER_CLASSn

If dnsmasq was compiled with HAVE_BROKEN_RTC, then the length of the lease (in seconds) is stored in DNSMASQ_LEASE_LENGTH, otherwise the time of lease expiry is stored in DNSMASQ_LEASE_EXPIRES. The number of seconds until lease expiry is always stored in DNSMASQ_TIME_REMAINING.

If a lease used to have a hostname, which is removed, an "old" event is generated with the new state of the lease, ie no name, and the former name is provided in the environment variable DNSMASQ_OLD_HOSTNAME.

DNSMASQ_INTERFACE stores the name of the interface on which the request arrived; this is not set for "old" actions when dnsmasq restarts.

DNSMASQ_RELAY_ADDRESS is set if the client used a DHCP relay to contact dnsmasq and the IP address of the relay is known.

DNSMASQ_TAGS contains all the tags set during the DHCP transaction, separated by spaces.

DNSMASQ_LOG_DHCP is set if --log-dhcp is in effect.

For IPv4 only:

DNSMASQ_CLIENT_ID if the host provided a client-id.

DNSMASQ_CIRCUIT_ID, DNSMASQ_SUBSCRIBER_ID, DNSMASQ_REMOTE_ID if a DHCP relay-agent added any of these options.
  If the client provides vendor-class, DNSMASQ_VENDOR_CLASS.

For IPv6 only:

If the client provides vendor-class, DNSMASQ_VENDOR_CLASS_ID, containing the IANA enterprise id for the class, and DNSMASQ_VENDOR_CLASS0..DNSMASQ_VENDOR_CLASSn for the data.

DNSMASQ_SERVER_DUID containing the DUID of the server: this is the same for every call to the script.

DNSMASQ_IAID containing the IAID for the lease. If the lease is a temporary allocation, this is prefixed to 'T'.

DNSMASQ_MAC containing the MAC address of the client, if known.

Note that the supplied hostname, vendorclass and userclass data is only supplied for "add" actions or "old" actions when a host resumes an existing lease, since these data are not held in dnsmasq's lease database.

All file descriptors are closed except stdin, stdout and stderr which are open to /dev/null (except in debug mode).

The script is not invoked concurrently: at most one instance of the script is ever running (dnsmasq waits for an instance of script to exit before running the next). Changes to the lease database are which require the script to be invoked are queued awaiting exit of a running instance. If this queueing allows multiple state changes occur to a single lease before the script can be run then earlier states are discarded and the current state of that lease is reflected when the script finally runs.

At dnsmasq startup, the script will be invoked for all existing leases as they are read from the lease file. Expired leases will be called with "del" and others with "old". When dnsmasq receives a HUP signal, the script will be invoked for existing leases with an "old " event.

There are two further actions which may appear as the first argument to the script, "init" and "tftp". More may be added in the future, so scripts should be written to ignore unknown actions. "init" is described below in --leasefile-ro The "tftp" action is invoked when a TFTP file transfer completes: the arguments are the file size in bytes, the address to which the file was sent, and the complete pathname of the file.

Thanks

 

[ColinTaylor]

do you know how to let dnsmasq to fire the script only for add (or only old or only del) specific MAC address?

You can't stop the script from running. You just need to put some conditional logic in the script. i.e.

if [ "$1" = "add" ]
then
    echo "Do something here"
fi

if [ "$2" = "50:a4:c8:14:3b:e3" ]
then
    echo "Do something else here"
fi