gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(haproxy): Add AdGuard Home detection and improve service discovery

Browse Source 
- Add AdGuard Home to known services (port 3000, security category)
- Enhance _add_exposed_service to handle YAML config files
- Add process name detection and running status for known services
- Fix subshell issue in dynamic service detection (while loop)
- Add port deduplication between known and dynamic services
- Include description and process fields in service response

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-02-01 11:35:13 +01:00
parent 906c3e8988
commit 681382c7ff
2 changed files with 46 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
package/secubox/luci-app-haproxy/root/usr/libexec/rpcd/luci.haproxy
View File

@ -1507,6 +1507,10 @@ method_list_exposed_services() {
json_init json_init
json_add_array "services" json_add_array "services"
# Clear temp file for tracking known service ports
rm -f /tmp/.known_service_ports
touch /tmp/.known_service_ports
# Load known services from exposure config # Load known services from exposure config
if uci -q show secubox-exposure >/dev/null 2>&1; then if uci -q show secubox-exposure >/dev/null 2>&1; then
config_load "secubox-exposure" config_load "secubox-exposure"
@ -1515,16 +1519,21 @@ method_list_exposed_services() {
# Also scan listening ports for dynamic discovery # Also scan listening ports for dynamic discovery
if command -v netstat >/dev/null 2>&1; then if command -v netstat >/dev/null 2>&1; then
netstat -tlnp 2>/dev/null | grep LISTEN | while read line; do # Save netstat output to temp file to avoid subshell issues
netstat -tlnp 2>/dev/null | grep LISTEN > /tmp/.netstat_listen
while read line; do
local addr_port=$(echo "$line" | awk '{print $4}') local addr_port=$(echo "$line" | awk '{print $4}')
local port=$(echo "$addr_port" | awk -F: '{print $NF}') local port=$(echo "$addr_port" | awk -F: '{print $NF}')
local proc=$(echo "$line" | awk '{print $7}' | cut -d'/' -f2) local proc=$(echo "$line" | awk '{print $7}' | cut -d'/' -f2)
# Skip if already added from known services or common system ports # Skip common system ports
case "$port" in case "$port" in
22|53|80|443|8404) continue ;; 22|53|80|443|8404) continue ;;
esac esac
# Skip if already added from known services
grep -q "^${port}$" /tmp/.known_service_ports 2>/dev/null && continue
# Only add if process name is useful # Only add if process name is useful
if [ -n "$proc" ] && [ "$proc" != "-" ] && [ "$proc" != "unknown" ]; then if [ -n "$proc" ] && [ "$proc" != "-" ] && [ "$proc" != "unknown" ]; then
json_add_object json_add_object
@ -1534,22 +1543,30 @@ method_list_exposed_services() {
json_add_string "address" "127.0.0.1" json_add_string "address" "127.0.0.1"
json_add_string "category" "detected" json_add_string "category" "detected"
json_add_boolean "dynamic" 1 json_add_boolean "dynamic" 1
json_add_boolean "running" 1
json_close_object json_close_object
fi fi
done done < /tmp/.netstat_listen
rm -f /tmp/.netstat_listen
fi fi
# Cleanup
rm -f /tmp/.known_service_ports
json_close_array json_close_array
json_dump json_dump
} }
_add_exposed_service() { _add_exposed_service() {
local section="$1" local section="$1"
local default_port config_path category actual_port local default_port config_path config_file category process_name description actual_port running
config_get default_port "$section" default_port "" config_get default_port "$section" default_port ""
config_get config_path "$section" config_path "" config_get config_path "$section" config_path ""
config_get config_file "$section" config_file ""
config_get category "$section" category "app" config_get category "$section" category "app"
config_get process_name "$section" process_name ""
config_get description "$section" description ""
[ -z "$default_port" ] && return [ -z "$default_port" ] && return
@ -1560,6 +1577,21 @@ _add_exposed_service() {
[ -n "$configured_port" ] && actual_port="$configured_port" [ -n "$configured_port" ] && actual_port="$configured_port"
fi fi
# For YAML config files, try to extract port (e.g., AdGuardHome)
if [ -n "$config_file" ] && [ -f "$config_file" ]; then
local yaml_port=$(grep -E "^\s*port:\s*[0-9]+" "$config_file" 2>/dev/null | head -1 | awk '{print $2}')
[ -n "$yaml_port" ] && actual_port="$yaml_port"
fi
# Check if service is running by process name
running=0
if [ -n "$process_name" ]; then
pgrep -f "$process_name" >/dev/null 2>&1 && running=1
fi
# Track known service ports for dedup (stored in temp file)
echo "$actual_port" >> /tmp/.known_service_ports
json_add_object json_add_object
json_add_string "id" "$section" json_add_string "id" "$section"
json_add_string "name" "$section" json_add_string "name" "$section"
@ -1567,6 +1599,9 @@ _add_exposed_service() {
json_add_string "address" "127.0.0.1" json_add_string "address" "127.0.0.1"
json_add_string "category" "$category" json_add_string "category" "$category"
json_add_boolean "dynamic" 0 json_add_boolean "dynamic" 0
json_add_boolean "running" "$running"
[ -n "$description" ] && json_add_string "description" "$description"
[ -n "$process_name" ] && json_add_string "process" "$process_name"
json_close_object json_close_object
} }

7
package/secubox/secubox-app-exposure/files/etc/config/secubox-exposure
View File

@ -52,6 +52,13 @@ config known 'domoticz'
option config_type 'docker' option config_type 'docker'
option category 'app' option category 'app'
config known 'adguardhome'
option default_port '3000'
option config_file '/etc/adguardhome.yaml'
option process_name 'AdGuardHome'
option category 'security'
option description 'DNS filtering and ad blocking'
# Service exposure entries (dynamically managed) # Service exposure entries (dynamically managed)
# Example: # Example:
# config service 'gitea' # config service 'gitea'