#!/bin/sh
export CHESHIRE=/usr/local/cheshire

##
# Reaper
#
# To be called periodically from cron to expire old or stale iptables
# entries.
#
# Be sure to set CHESHIRE above to wherever you installed the package.
##
 
export PATH=$CHESHIRE/bin:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin

#
# Import the configuration here.  One good optimization would be to do this
# once, and propagate the environment to a child that does the work (rather
# than eval on every hit.)  If you bootstrap yourself, comment this out for
# greater speed.
#
eval `$CHESHIRE/bin/bootstrap $CHESHIRE/cheshire.conf`

#
# DoS sanity check here:  > max files in $DataDir, then ditch
#

if [ ! -f $DataDir/* ]; then	# Nothing to do...
  exit
fi

if [ "$LogFacility" == "syslog" ]; then
  LOG="logger -p $SyslogFacility.$SyslogPriority -t $SyslogIdent"
  LOGPOST=""
else 
  LOG="echo `date`"
  LOGPOST="1>&2" # print to STDERR
fi


for FILE in $DataDir/*; do
  #
  # Calculate DELTA by subtracting the current date from the timestamp
  # in the MAC file
  #
  DELTA=$((`date +'%s'` - `awk '{print $3}' < $FILE`))

  #
  # If DELTA is greater or equal than LoginTimeout, or if DELTA is negative,
  # then boot 'em
  #
  if [ $DELTA -ge $LoginTimeout -o $DELTA -lt "0" ]; then
    IP=`awk '{print $1}' < $FILE`
    MAC=`awk '{print $2}' < $FILE`
    
    eval $LOG Forced logout: $MAC $IP $LOGPOST
    $CHESHIRE/libexec/access.fw deny $MAC $IP Member
    rm -f $FILE
  fi

  #
  # Multiple IP address detection goes here
  #

  #
  # ping timeout goes here
  #

done

