routeros-scripts/collect-wireless-mac.template

88 lines
3.9 KiB
Text
Raw Normal View History

#!rsc by RouterOS
2018-07-10 12:01:41 +00:00
# RouterOS script: collect-wireless-mac%TEMPL%
2023-01-02 22:33:49 +00:00
# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
2018-07-05 13:29:26 +00:00
#
# collect wireless mac adresses in access list
2020-03-27 20:43:01 +00:00
# https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
2018-07-05 13:29:26 +00:00
#
# provides: lease-script, order=40
#
2018-07-10 12:01:41 +00:00
# !! This is just a template! Replace '%PATH%' with 'caps-man'
# !! or 'interface wireless'!
2018-07-05 13:29:26 +00:00
:local 0 "collect-wireless-mac%TEMPL%";
:global GlobalFunctionsReady;
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
global: variable names are CamelCase ___ _ ___ __ / _ )(_)__ _ / _/__ _/ /_ / _ / / _ `/ / _/ _ `/ __/ /____/_/\_, / /_/ \_,_/\__/ _ __ /___/ _ __ | | / /___ __________ (_)___ ____ _/ / | | /| / / __ `/ ___/ __ \/ / __ \/ __ `/ / | |/ |/ / /_/ / / / / / / / / / / /_/ /_/ |__/|__/\__,_/_/ /_/ /_/_/_/ /_/\__, (_) /____/ RouterOS has some odd behavior when it comes to variable names. Let's have a look at the interfaces: [admin@MikroTik] > / interface print where name=en1 Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 That looks ok. Now we use a script: { :local interface "en1"; / interface print where name=$interface; } And the result... [admin@MikroTik] > { :local interface "en1"; {... / interface print where name=$interface; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 ... still looks ok. We make a little modification to the script: { :local name "en1"; / interface print where name=$name; } And the result: [admin@MikroTik] > { :local name "en1"; {... / interface print where name=$name; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 1 S en2 ether 1500 1598 2 S en3 ether 1500 1598 3 S en4 ether 1500 1598 4 S en5 ether 1500 1598 5 R br-local bridge 1500 1598 Ups! The filter has no effect! That happens whenever the variable name ($name) matches the property name (name=). And another modification: { :local type "en1"; / interface print where name=$type; } And the result: [admin@MikroTik] > { :local type "en1"; {... / interface print where name=$type; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU Ups! Nothing? Even if the variable name ($type) matches whatever property name (type=) things go wrong. The answer from MikroTik support (in Ticket#2019010222000454): > This is how scripting works in RouterOS and we will not fix it. To get around this we use variable names in CamelCase. Let's hope Mikrotik never ever introduces property names in CamelCase... *fingers crossed*
2019-01-03 16:45:43 +00:00
:global Identity;
2018-07-05 13:29:26 +00:00
:global EitherOr;
2018-12-26 23:48:56 +00:00
:global GetMacVendor;
:global LogPrintExit2;
2019-02-21 17:37:19 +00:00
:global ScriptLock;
:global SendNotification2;
:global SymbolForNotification;
2019-02-21 17:37:19 +00:00
$ScriptLock $0 false 10;
:if ([ :len [ /%PATH%/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
/%PATH%/access-list/add comment="--- collected above ---" disabled=yes;
$LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- collected above ---'.") false;
2018-07-05 13:29:26 +00:00
}
:local PlaceBefore ([ /%PATH%/access-list/find where comment="--- collected above ---" disabled ]->0);
2018-07-05 13:29:26 +00:00
:foreach Reg in=[ /%PATH%/registration-table/find ] do={
:local RegVal;
:do {
:set RegVal [ /%PATH%/registration-table/get $Reg ];
} on-error={
$LogPrintExit2 debug $0 ("Device already gone... Ignoring.") false;
}
:if ([ :len ($RegVal->"mac-address") ] > 0) do={
:local AccessList ([ /%PATH%/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
:if ([ :len $AccessList ] > 0) do={
$LogPrintExit2 debug $0 ("MAC address " . $RegVal->"mac-address" . " already known: " . \
[ /%PATH%/access-list/get $AccessList comment ]) false;
}
:if ([ :len $AccessList ] = 0) do={
:local Address "no dhcp lease";
:local DnsName "no dhcp lease";
:local HostName "no dhcp lease";
:local Lease ([ /ip/dhcp-server/lease/find where mac-address=($RegVal->"mac-address") dynamic=yes status=bound ]->0);
:if ([ :len $Lease ] > 0) do={
:set Address [ /ip/dhcp-server/lease/get $Lease address ];
:set HostName [ $EitherOr [ /ip/dhcp-server/lease/get $Lease host-name ] "no hostname" ];
:set DnsName "no dns name";
:local DnsRec ([ /ip/dns/static/find where address=$Address ]->0);
:if ([ :len $DnsRec ] > 0) do={
:set DnsName [ /ip/dns/static/get $DnsRec name ];
}
2019-11-25 16:07:45 +00:00
}
:set ($RegVal->"ssid") [ /interface/wireless/get [ find where name=($RegVal->"interface") ] ssid ];
:local DateTime ([ /system/clock/get date ] . " " . [ /system/clock/get time ]);
:local Vendor [ $GetMacVendor ($RegVal->"mac-address") ];
:local Message ("MAC address " . $RegVal->"mac-address" . " (" . $Vendor . ", " . $HostName . ") " . \
"first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface");
$LogPrintExit2 info $0 $Message false;
/%PATH%/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
$SendNotification2 ({ origin=$0; \
subject=([ $SymbolForNotification "mobile-phone" ] . $RegVal->"mac-address" . " connected to " . $RegVal->"ssid"); \
message=("A device with unknown MAC address connected to " . $RegVal->"ssid" . " on " . $Identity . ".\n\n" . \
"Controller: " . $Identity . "\n" . \
"Interface: " . $RegVal->"interface" . "\n" . \
"SSID: " . $RegVal->"ssid" . "\n" . \
"MAC: " . $RegVal->"mac-address" . "\n" . \
"Vendor: " . $Vendor . "\n" . \
"Hostname: " . $HostName . "\n" . \
"Address: " . $Address . "\n" . \
"DNS name: " . $DnsName . "\n" . \
"Date: " . $DateTime) });
2018-07-05 13:29:26 +00:00
}
} else={
$LogPrintExit2 debug $0 ("No mac address available... Ignoring.") false;
2018-07-05 13:29:26 +00:00
}
}