From cad104879cbc758717f6cbf18f2f1b8946078c19 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 24 Feb 2025 14:49:30 +0100 Subject: [PATCH 01/42] mod/notification-telegram: simplify the queue... ... and pass http-data as a complete sting. --- mod/notification-telegram.rsc | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc index 23ef942..be4a915 100644 --- a/mod/notification-telegram.rsc +++ b/mod/notification-telegram.rsc @@ -22,7 +22,6 @@ :global IsFullyConnected; :global LogPrint; - :global UrlEncode; :if ([ $IsFullyConnected ] = false) do={ $LogPrint debug $0 ("System is not fully connected, not flushing."); @@ -41,9 +40,7 @@ :do { :local Data ([ /tool/fetch check-certificate=yes-without-crl output=user http-method=post \ ("https://api.telegram.org/bot" . ($Message->"tokenid") . "/sendMessage") \ - http-data=("chat_id=" . ($Message->"chatid") . "&disable_notification=" . ($Message->"silent") . \ - "&reply_to_message_id=" . ($Message->"replyto") . "&disable_web_page_preview=true" . \ - "&parse_mode=MarkdownV2&text=" . [ $UrlEncode ($Message->"text") ]) as-value ]->"data"); + http-data=($Message->"http-data") as-value ]->"data"); :set ($TelegramQueue->$Id); :set ($TelegramMessageIDs->[ :tostr ([ :deserialize from=json value=$Data ]->"result"->"message_id") ]) 1; } on-error={ @@ -145,6 +142,9 @@ (($LenSum - [ :len $Text ]) * 100 / $LenSum) . "%_!") "plain" "_" ]); } + :local HTTPData ("chat_id=" . $ChatId . "&disable_notification=" . ($Notification->"silent") . \ + "&reply_to_message_id=" . ($Notification->"replyto") . "&disable_web_page_preview=true" . \ + "&parse_mode=MarkdownV2"); :do { :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); @@ -152,9 +152,7 @@ } :local Data ([ /tool/fetch check-certificate=yes-without-crl output=user http-method=post \ ("https://api.telegram.org/bot" . $TokenId . "/sendMessage") \ - http-data=("chat_id=" . $ChatId . "&disable_notification=" . ($Notification->"silent") . \ - "&reply_to_message_id=" . ($Notification->"replyto") . "&disable_web_page_preview=true" . \ - "&parse_mode=MarkdownV2&text=" . [ $UrlEncode $Text ]) as-value ]->"data"); + http-data=($HTTPData . "&text=" . [ $UrlEncode $Text ]) as-value ]->"data"); :set ($TelegramMessageIDs->[ :tostr ([ :deserialize from=json value=$Data ]->"result"->"message_id") ]) 1; } on-error={ $LogPrint info $0 ("Failed sending Telegram notification! Queuing..."); @@ -165,8 +163,8 @@ :set Text ($Text . "\n" . [ $SymbolForNotification "alarm-clock" ] . \ [ $EscapeMD ("This message was queued since _" . [ /system/clock/get date ] . \ " " . [ /system/clock/get time ] . "_ and may be obsolete.") "plain" "_" ]); - :set ($TelegramQueue->[ :len $TelegramQueue ]) { chatid=$ChatId; tokenid=$TokenId; - text=$Text; silent=($Notification->"silent"); replyto=($Notification->"replyto") }; + :set ($TelegramQueue->[ :len $TelegramQueue ]) { tokenid=$TokenId; + http-data=($HTTPData . "&text=" . [ $UrlEncode $Text ]) }; :if ([ :len [ /system/scheduler/find where name="_FlushTelegramQueue" ] ] = 0) do={ /system/scheduler/add name="_FlushTelegramQueue" interval=1m start-time=startup \ on-event=(":global FlushTelegramQueue; \$FlushTelegramQueue;"); From a22b62f58803141a3055db046363f4d41b12ea83 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 24 Feb 2025 14:57:26 +0100 Subject: [PATCH 02/42] mod/notification-telegram: support sending to group's topic... ... when a group has enabled the "Topics" feature. --- doc/mod/notification-telegram.md | 3 +++ global-config.rsc | 2 ++ mod/notification-telegram.rsc | 8 ++++++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/doc/mod/notification-telegram.md b/doc/mod/notification-telegram.md index b85d09c..8043716 100644 --- a/doc/mod/notification-telegram.md +++ b/doc/mod/notification-telegram.md @@ -58,6 +58,9 @@ Sending notifications to a group is possible as well. Add your bot and the *GetIDs Bot* to a group, then use the group's id (which starts with a dash) for `TelegramChatId`. Then remove *GetIDs Bot* from group. +Groups can enable the `Topics` feature. Use `TelegramThreadId` to send to a +specific topic in a group. + Usage and invocation -------------------- diff --git a/global-config.rsc b/global-config.rsc index b364a25..2524ded 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -33,6 +33,8 @@ :global TelegramChatId ""; #:global TelegramTokenId "123456:ABCDEF-GHI"; #:global TelegramChatId "12345678"; +# Use this to send notifications to a specific topic in group. +:global TelegramThreadId ""; # Using telegram-chat you have to define trusted chat ids (not group ids!) # or user names. Groups allow to chat with devices simultaneously. #:global TelegramChatIdsTrusted { diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc index be4a915..d04893f 100644 --- a/mod/notification-telegram.rsc +++ b/mod/notification-telegram.rsc @@ -68,6 +68,8 @@ :global TelegramChatIdOverride; :global TelegramMessageIDs; :global TelegramQueue; + :global TelegramThreadId; + :global TelegramThreadIdOverride; :global TelegramTokenId; :global TelegramTokenIdOverride; @@ -108,6 +110,8 @@ :local ChatId [ $EitherOr ($Notification->"chatid") \ [ $EitherOr ($TelegramChatIdOverride->($Notification->"origin")) $TelegramChatId ] ]; + :local ThreadId [ $EitherOr ($Notification->"threadid") \ + [ $EitherOr ($TelegramThreadIdOverride->($Notification->"origin")) $TelegramThreadId ] ]; :local TokenId [ $EitherOr ($TelegramTokenIdOverride->($Notification->"origin")) $TelegramTokenId ]; :if ([ :len $TokenId ] = 0 || [ :len $ChatId ] = 0) do={ @@ -143,8 +147,8 @@ } :local HTTPData ("chat_id=" . $ChatId . "&disable_notification=" . ($Notification->"silent") . \ - "&reply_to_message_id=" . ($Notification->"replyto") . "&disable_web_page_preview=true" . \ - "&parse_mode=MarkdownV2"); + "&reply_to_message_id=" . ($Notification->"replyto") . "&message_thread_id=" . $ThreadId . \ + "&disable_web_page_preview=true&parse_mode=MarkdownV2"); :do { :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); From 757fa60e6f37cc684abec5582d1b6051f6ef8d6d Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 25 Feb 2025 10:46:25 +0100 Subject: [PATCH 03/42] telegram-chat: make $IsReply a boolean... ... and check for correct data type. We need this for a group with topic feature enabled, as that variable is set there, but is is an array. --- telegram-chat.rsc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/telegram-chat.rsc b/telegram-chat.rsc index 10952a6..eacbbcb 100644 --- a/telegram-chat.rsc +++ b/telegram-chat.rsc @@ -97,7 +97,7 @@ :foreach Update in=($JSON->"result") do={ :set UpdateID ($Update->"update_id"); :local Message ($Update->"message"); - :local IsReply [ :len ($Message->"reply_to_message") ]; + :local IsReply ([ :typeof ($Message->"reply_to_message") ] = "string"); :local IsMyReply ($TelegramMessageIDs->[ :tostr ($Message->"reply_to_message"->"message_id") ]); :if (($IsMyReply = 1 || $TelegramChatOffset->0 > 0 || $Uptime > 5m) && $UpdateID >= $TelegramChatOffset->2) do={ :local Trusted false; @@ -130,7 +130,8 @@ " from update " . $UpdateID . "!"); :set Done true; } - :if ($Done = false && ($IsMyReply = 1 || ($IsReply = 0 && $TelegramChatActive = true)) && [ :len $Command ] > 0) do={ + :if ($Done = false && ($IsMyReply = 1 || ($IsReply = false && \ + $TelegramChatActive = true)) && [ :len $Command ] > 0) do={ :if ([ $ValidateSyntax $Command ] = true) do={ :local State ""; :local File ("tmpfs/telegram-chat/" . [ $GetRandom20CharAlNum 6 ]); From 7928c5f0543765e27379e39bbaff6bdb19638971 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 24 Feb 2025 15:31:34 +0100 Subject: [PATCH 04/42] telegram-chat: support reply in group's topic --- telegram-chat.rsc | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/telegram-chat.rsc b/telegram-chat.rsc index eacbbcb..07e3816 100644 --- a/telegram-chat.rsc +++ b/telegram-chat.rsc @@ -104,6 +104,7 @@ :local Chat ($Message->"chat"); :local From ($Message->"from"); :local Command ($Message->"text"); + :local ThreadId [ $IfThenElse ($Message->"is_topic_message") ($Message->"message_thread_id") "" ]; :foreach IdsTrusted in=($TelegramChatId, $TelegramChatIdsTrusted) do={ :if ($From->"id" = $IdsTrusted || $From->"username" = $IdsTrusted) do={ @@ -115,7 +116,8 @@ :local Done false; :if ($Command = "?") do={ $LogPrint info $ScriptName ("Sending notice for update " . $UpdateID . "."); - $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=true; replyto=($Message->"message_id"); \ + $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=true; \ + replyto=($Message->"message_id"); threadid=$ThreadId; \ subject=([ $SymbolForNotification "speech-balloon" ] . "Telegram Chat"); \ message=("Online" . [ $IfThenElse $TelegramChatActive " (and active!)" ] . ", awaiting your commands!") }); :set Done true; @@ -150,7 +152,8 @@ :set State ([ $SymbolForNotification "cross-mark" ] . "The command failed with an error!\n\n"); } :local Content ([ /file/read chunk-size=32768 file=$File as-value ]->"data"); - $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=true; replyto=($Message->"message_id"); \ + $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=true; \ + replyto=($Message->"message_id"); threadid=$ThreadId; \ subject=([ $SymbolForNotification "speech-balloon" ] . "Telegram Chat"); \ message=([ $SymbolForNotification "gear" ] . "Command:\n" . $Command . "\n\n" . \ $State . [ $IfThenElse ([ :len $Content ] > 0) \ @@ -159,7 +162,8 @@ $RmDir "tmpfs/telegram-chat"; } else={ $LogPrint info $ScriptName ("The command from update " . $UpdateID . " failed syntax validation!"); - $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=false; replyto=($Message->"message_id"); \ + $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=false; \ + replyto=($Message->"message_id"); threadid=$ThreadId; \ subject=([ $SymbolForNotification "speech-balloon" ] . "Telegram Chat"); \ message=([ $SymbolForNotification "gear" ] . "Command:\n" . $Command . "\n\n" . \ [ $SymbolForNotification "cross-mark" ] . "The command failed syntax validation!") }); @@ -171,7 +175,8 @@ " (ID " . $From->"id" . ") in update " . $UpdateID . "!"); :if ($Command ~ ("^! *" . [ $EscapeForRegEx $Identity ] . "\$")) do={ $LogPrint warning $ScriptName $MessageText; - $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=false; replyto=($Message->"message_id"); \ + $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=false; \ + replyto=($Message->"message_id"); threadid=$ThreadId; \ subject=([ $SymbolForNotification "speech-balloon" ] . "Telegram Chat"); \ message=("You are not trusted.") }); } else={ From e5de9de391283f64763ad16446fa2f6727191306 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 25 Feb 2025 12:19:49 +0100 Subject: [PATCH 05/42] notify on support for Telegram group topics --- global-functions.rsc | 2 +- news-and-changes.rsc | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/global-functions.rsc b/global-functions.rsc index 99e52f8..42782bc 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -15,7 +15,7 @@ # Git commit id & info, expected configuration version :global CommitId "unknown"; :global CommitInfo "unknown"; -:global ExpectedConfigVersion 133; +:global ExpectedConfigVersion 134; # global variables not to be changed by user :global GlobalFunctionsReady false; diff --git a/news-and-changes.rsc b/news-and-changes.rsc index 6f9e96e..a735ff7 100644 --- a/news-and-changes.rsc +++ b/news-and-changes.rsc @@ -58,6 +58,7 @@ 131="Enhanced certificate download to fallback to mkcert.org, so all (commonly trusted) root certificates are available now."; 132="Split off plugins from 'check-health', so the script works on all devices to monitor CPU and RAM. The supported plugins for sensors in hardware are installed automatically."; 133="Updated the default configuration for 'fw-addr-lists', deprecated lists were removed, a collective list was added."; + 134="Enhanced 'mod/notification-telegram' and 'telegram-chat' to support topics in groups."; }; # Migration steps to be applied on script updates From c33eb41c9cfb73e7e5b5ec7a3c37aa9e92ebc9cb Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 18 Dec 2024 17:50:56 +0100 Subject: [PATCH 06/42] global-functions: $DeviceInfo: add license level, re-order --- global-functions.rsc | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index 42782bc..b3166dc 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -309,16 +309,19 @@ ([ $FormatLine "Location" ($Snmp->"location") ] . "\n") ] . \ [ $IfThenElse ([ :len ($Snmp->"contact") ] > 0) \ ([ $FormatLine "Contact" ($Snmp->"contact") ] . "\n") ] . \ - [ $FormatLine "Board name" ($Resource->"board-name") ] . "\n" . \ - [ $FormatLine "Architecture" ($Resource->"architecture-name") ] . "\n" . \ + "Hardware:\n" . \ + [ $FormatLine " Board" ($Resource->"board-name") ] . "\n" . \ + [ $FormatLine " Arch" ($Resource->"architecture-name") ] . "\n" . \ [ $IfThenElse ($RouterBoard->"routerboard" = true) \ - ([ $FormatLine "Model" ($RouterBoard->"model") ] . \ + ([ $FormatLine " Model" ($RouterBoard->"model") ] . \ [ $IfThenElse ([ :len ($RouterBoard->"revision") ] > 0) \ (" " . $RouterBoard->"revision") ] . "\n" . \ - [ $FormatLine "Serial number" ($RouterBoard->"serial-number") ] . "\n") ] . \ - [ $IfThenElse ([ :len ($License->"level") ] > 0) \ - ([ $FormatLine "License" ($License->"level") ] . "\n") ] . \ + [ $FormatLine " Serial" ($RouterBoard->"serial-number") ] . "\n") ] . \ + [ $IfThenElse ([ :len ($License->"nlevel") ] > 0) \ + ([ $FormatLine " License" ("level " . ($License->"nlevel")) ] . "\n") ] . \ "RouterOS:\n" . \ + [ $IfThenElse ([ :len ($License->"level") ] > 0) \ + ([ $FormatLine " License" ("level " . ($License->"level")) ] . "\n") ] . \ [ $FormatLine " Channel" ($Update->"channel") ] . "\n" . \ [ $FormatLine " Installed" ($Update->"installed-version") ] . "\n" . \ [ $IfThenElse ([ :typeof ($Update->"latest-version") ] != "nothing" && \ From 4eafcaa3ace2be0f17618c90c0d320647dfd8e38 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 25 Feb 2025 21:26:52 +0100 Subject: [PATCH 07/42] telegram-chat: say hello when awaiting commands --- telegram-chat.rsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/telegram-chat.rsc b/telegram-chat.rsc index 07e3816..5db4860 100644 --- a/telegram-chat.rsc +++ b/telegram-chat.rsc @@ -119,7 +119,8 @@ $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=true; \ replyto=($Message->"message_id"); threadid=$ThreadId; \ subject=([ $SymbolForNotification "speech-balloon" ] . "Telegram Chat"); \ - message=("Online" . [ $IfThenElse $TelegramChatActive " (and active!)" ] . ", awaiting your commands!") }); + message=([ $IfThenElse ([ :len ($From->"first_name") ] > 0) ("Hello " . ($From->"first_name") . "!\n\n") ] . \ + "Online" . [ $IfThenElse $TelegramChatActive " (and active!)" ] . ", awaiting your commands!") }); :set Done true; } :if ($Done = false && [ :pick $Command 0 1 ] = "!") do={ From 53b13b295af835658dc4ef6192624b2ae898bab1 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 25 Feb 2025 21:33:08 +0100 Subject: [PATCH 08/42] mod/notification-telegram: introduce $GetTelegramChatId --- .../notification-telegram.d/getchatid.avif | Bin 0 -> 3896 bytes doc/mod/notification-telegram.md | 24 ++++++++----- global-functions.rsc | 2 +- mod/notification-telegram.rsc | 34 ++++++++++++++++++ news-and-changes.rsc | 1 + 5 files changed, 52 insertions(+), 9 deletions(-) create mode 100644 doc/mod/notification-telegram.d/getchatid.avif diff --git a/doc/mod/notification-telegram.d/getchatid.avif b/doc/mod/notification-telegram.d/getchatid.avif new file mode 100644 index 0000000000000000000000000000000000000000..779296915de91a9b21e2f05685e34a1539d9c73e GIT binary patch literal 3896 zcmbVJc|4Tw7Jp|9Gh>OdZ)4v{hOzJKWG|7Wg+Um*Axp}deNQA*iVO)U43+F6AqrWt z6pds=B~;9v(eHQf{oKFqz32U$=X}rdoO8a<3jlzKS6EaqHXP>#P=#g#a9*eY9M;R) z5M>AeAccT)VOUy@DxyA~{`fx-0D^HIVSnSl?V(^?Sipe;qMiyk{~!;VX956VfEJ-D z>;(WY1XBG24`dGj&~Pd?#Nh%DRyfG;Q=N0P650)HxDv`Z$Uo>{GT%Ql)U;_N&WonB zLVg_n+@A&jaLB_m)Z<_zZKy9U7#~cvmbhS#AgblWg$AFaTB^`VP!BX!*@AJAxPu4` z2BTVLY&gm|UW66_I6Q*<@qr%xkiMEiA36tD&r;sDf6eH37llaAqcE zUKSQ!Wl=#<<^NeI9RLCbuz{###Q-n@M27%TdH`YSp7fvt`9p<9lnz4A0ENLBnWzO# zY_yl614HQO=^@ld2VJ7(0SJPgT@+==z;PT46${~1j?cRd6E|w;^YZq=`G$s_508k9x{!D| zDLExIE&WRV)q=unMc0e(lvmuXBve)3d-$lashQZ)`napRr?>BU|G$mS)Kel&vf6{o-c>XPanEeMY1eF&U0-=LIX}mz-2pVw&gkBWI zz;1XPiVfiqQ;vsm8s*(?=!A=_*llpR<3|~}CD4nKn>1<%%>FxK3I7+fe-ir_uW5jp z4n+NVbO=Bn_&S*Y{&BaF0e3OOpVM>d|wQdGhlWObE4x{~dGl1#%7j7&IBA?^hq9@EAMf(v}&82eQ zTMn5iEnHXAIh+X&b~@kx{d+BE!Tk`6B+QBHy1K5vmB@i}ToZvh^Q>)EyC}|p4*d-d zB6Mc%o+*EpCFVpWxKe6w*j^z1;|uNWeW9pbGi`@Gi!mI;4Ag;{fTP zp(X=}N8)R}x0NnZm*+hTgV;}ZhjRMP^eA4u6XRvtwZ%L%9I`v9&24>atSLoW8#Ds9?|^c66Fl8h92pY@;%y zCQ!nn?tJQ!zRP24)!Qr*D~!aFWfJd9X%Jn*2f^)H=r}o+Sj5WZ8{i|V%+!7>q$rM6 zAT)t9#<+OpGMR^u%g*6S2*FS9v+Iuga&Lu-a8r9?Ao#S3d}Mf&`T2 z_e)i@jG^lrT_oERws^EJ4pt>vwwiS}f^D~x&HGRtx}ODpMUlUd%k@N`wLHXapN2#T zf)AM)NVogW-*S4T-=r9X-3-6azmO=Jsm##_qW~u_u$099@?% z8)I@z)~A0t@vtBGy6jxxXmiH0THz_z2k~~KuXe4r<E$g21Vzz|w*m z07@Z>uv!ei+1e2s8^q0tk4rxBI{9_(vr`_?Lr`F|{ zZccfR9-i|=z>7}x(UJRXt(HFImkQpL&yT<%Z)7`X+j36#K6%nMV#IbVMO!dI58Q$>A>&!4h@B4OElQ`)lay+c&+r5EO<_Mvdfz_yy+K{kg z$0uiYN(_>tt6jTuHLvF;$=p3ABOVvYry&98Y7*vma=LzA-YDEyNamDyc#53azWyV# zpmXt=?+2f# zs?s3?0x|8WQm4C+phNr#pRURcLkRNiz)EN-NoTWkGwc}Dw#x5@3`|v4$`m`m2-lFr>%28EHmp#dW47vt%qCV!IBpld4P5zj?9LSgy26=0 zwfuWHkj}#bbF>i`UdyvmQ>7!4_xwu&ndRjw9I|S#F??lUeJs5amf-fKhk79bu_c%v@a| zBXqj&RoYf*C~>RX-l|#IT+Hz-*{x*jhq!q%ET5fGQwljGE2wj7o`fsq=Sdr3(G6jb zw_10cbCXUdrB_DI2Kwua&(~%rXa>I1_$+HC;0N!;bHL}lw1hfuW{dpr3U)f=1}m?z zM`dv(<~>VZQ>;w0bILAW+MAfgTKW-H5iB=k1}ap| z^VGez7o{5}CG4@R`cCui7WiQ+SJg`k^tJONRbg%5Y% z&gbgI6&RR*{LN@CwY`XXJy6%}t;{&6*x$00lwlh48|W^F~k&M*4e zWly<$X|D0fFY?kAukRc#`#$qnEmOORBGU4F;b##bhSol9pYZ&qI#~3|t&4^glOZ;4 zk8I=VBA371=+WLT@SMH&WT(9Dm)9;7Wn&TmxJ`|&QkLEYl{hO}g-iDT%#REa9JbEu zvVGZIn-O_VJ^I~3a8?#2g_Km2+plMH_0zKM*NRl$)Kot?t`pby8&ABc5%ELlm0s=? z>ceV|3R~9NONUW1YcXbeGdGb#x3(6K^{F$HW93g9l-tGKjXK$Q=KZF9^m^R$_dCg_ z=$D=~HKt0&DUZ>c%@c?$7N^aeW&FFW%LS^^+XC8chk%n4)B^ssgQ1aTK z+WP31k`CJ`t2KkM+^~w!r=8jc+62{hwKc~3V=wt8?1FvwQ5c^LF}dw|hLE8x-r7Qb zC&LmXmqu*V2kRR#;0aej2Ml>~WAw^OP)dYzorsvzv@uV`Ob7fosHLWda7I?JGo0-n zM?+%0`g`qL?u+|N-BXA4mDsw9e(0X6!&@L(n%ZJV>YprKG3EBtlpJ_A>c$rqJli~M zPikvKkF?%AFC6C+2&reB(J0fO8Vu8Sn6ugy>NRx*pKqlMjuw``G}`Sw+h@{T$b(s` zuuMM^;?|e#mcevK8yo*g?`YFkffRgJjB(F(rMTKNUr6FBMIY98J)-+SHLgd)8~6Xo{UO}5R1XmToG zCnSAix+m}UePrg@%S?)PPV!eF7>~zkEv0RQtB%|kkDnLSx_owZcxz^5uDy1vp@V|&!>XuY$1kV_Pgs#xK<1uu|k3fL?1rsf}dTZkB73xjO3Lq zH<$tjuhlL{gL|s6LM0i$4D|=xcGg8$gLEw=PnjQQ9XQS}9cBOB&nF%!^3+^a%lq9L zO8VLjg%&{$BB8DVHugBr8y?7F$6>P^xE+>@0pd{tUlw9i;)UoigknML3 z@%b$`NsVc1&H!`nD@6u=OU=e-)+RNp$ahbHcfa2A3%u}V@J8em?FHEKZ}d9KMw=kF zTffMRtn9OciH?ealxRXhhb4u6_h!BMF1|l@%4aORqSKXk4pjGCy+mKajpN2cdRq-& z2Xf==8mW4hL8_kb4oisQj>>9`R}g40xa%QWd->9)N>7ujKW1;Z=g#13CY3jlgYgW} z!A>kvbsgQ8vMh)(*YROFG5lO=+}+xF8B00bk())D0w1O21?kh+)7SM!D_jNJpWP? zr2s$c>Qa4*;GmM*kqhsx>`HuqkME ℹī¸ **Info**: Copy relevant configuration from @@ -54,9 +61,10 @@ reload the configuration. ### Notifications to a group -Sending notifications to a group is possible as well. Add your bot and the -*GetIDs Bot* to a group, then use the group's id (which starts with a dash) -for `TelegramChatId`. Then remove *GetIDs Bot* from group. +Sending notifications to a group is possible as well. Add your bot to a group +and make it an admin (required for read access!) and send a message and run +`$GetTelegramChatId` again. Then use that chat id (which starts with a dash) +for `TelegramChatId`. Groups can enable the `Topics` feature. Use `TelegramThreadId` to send to a specific topic in a group. diff --git a/global-functions.rsc b/global-functions.rsc index b3166dc..43cd7f0 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -15,7 +15,7 @@ # Git commit id & info, expected configuration version :global CommitId "unknown"; :global CommitInfo "unknown"; -:global ExpectedConfigVersion 134; +:global ExpectedConfigVersion 135; # global variables not to be changed by user :global GlobalFunctionsReady false; diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc index d04893f..7782fcf 100644 --- a/mod/notification-telegram.rsc +++ b/mod/notification-telegram.rsc @@ -10,6 +10,7 @@ # https://rsc.eworm.de/doc/mod/notification-telegram.md :global FlushTelegramQueue; +:global GetTelegramChatId; :global NotificationFunctions; :global PurgeTelegramQueue; :global SendTelegram; @@ -58,6 +59,39 @@ :global ExitError; $ExitError false $0; } } +# get the chat id +:set GetTelegramChatId do={ :do { + :global TelegramTokenId; + + :global CertificateAvailable; + :global LogPrint; + + :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ + $LogPrint warning $0 ("Downloading required certificate failed."); + :return false; + } + + :local Data; + :do { + :set Data ([ /tool/fetch check-certificate=yes-without-crl output=user \ + ("https://api.telegram.org/bot" . $TelegramTokenId . "/getUpdates?offset=0" . \ + "&allowed_updates=%5B%22message%22%5D") as-value ]->"data"); + } on-error={ + $LogPrint warning $0 ("Fetching data failed!"); + :return false; + } + + :local JSON [ :deserialize from=json value=$Data ]; + :foreach Update in=($JSON->"result") do={ + $LogPrint info $0 ("The chat id is: " . ($Update->"message"->"chat"->"id")); + :return true; + } + + $LogPrint info $0 ("No message received."); +} on-error={ + :global ExitError; $ExitError false $0; +} } + # send notification via telegram - expects one array argument :set ($NotificationFunctions->"telegram") do={ :local Notification $1; diff --git a/news-and-changes.rsc b/news-and-changes.rsc index a735ff7..459326f 100644 --- a/news-and-changes.rsc +++ b/news-and-changes.rsc @@ -59,6 +59,7 @@ 132="Split off plugins from 'check-health', so the script works on all devices to monitor CPU and RAM. The supported plugins for sensors in hardware are installed automatically."; 133="Updated the default configuration for 'fw-addr-lists', deprecated lists were removed, a collective list was added."; 134="Enhanced 'mod/notification-telegram' and 'telegram-chat' to support topics in groups."; + 135="Introduced helper function '\$GetTelegramChatId' for 'mod/notification-telegram' which helps retrieve information."; }; # Migration steps to be applied on script updates From f6c2225f68fae8494d620dca0fc41b50a0450977 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 26 Feb 2025 13:37:57 +0100 Subject: [PATCH 09/42] check-certificates: catch and ignore import error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hmm... 🤨 When was that runtime error introduced? I *think* it worked before. --- check-certificates.rsc | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/check-certificates.rsc b/check-certificates.rsc index 0907395..94f23a7 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -59,10 +59,12 @@ :local DecryptionFailed true; :foreach PassPhrase in=$CertRenewPass do={ - :local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ]; - :if ($Result->"decryption-failures" = 0) do={ - :set DecryptionFailed false; - } + :do { + :local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ]; + :if ($Result->"decryption-failures" = 0) do={ + :set DecryptionFailed false; + } + } on-error={ } } $RmFile $CertFileName; From a6d4e7e82cc9870c6cfd1e0ee9724eb6129ce5ab Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 26 Feb 2025 18:03:17 +0100 Subject: [PATCH 10/42] check-certificates: drop dot from type... ... and add it in file name. --- check-certificates.rsc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/check-certificates.rsc b/check-certificates.rsc index 94f23a7..20ac2e2 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -50,8 +50,8 @@ :local Return false; - :foreach Type in={ ".pem"; ".p12" } do={ - :local CertFileName ([ $UrlEncode $FetchName ] . $Type); + :foreach Type in={ "pem"; "p12" } do={ + :local CertFileName ([ $UrlEncode $FetchName ] . "." . $Type); :do { /tool/fetch check-certificate=yes-without-crl http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \ ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value; From 3d40b4419d47f41edf5059c00c1ab575f49c6da1 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 26 Feb 2025 13:40:12 +0100 Subject: [PATCH 11/42] check-certificates: add more debug output --- check-certificates.rsc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/check-certificates.rsc b/check-certificates.rsc index 20ac2e2..6862015 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -58,10 +58,12 @@ $WaitForFile $CertFileName; :local DecryptionFailed true; - :foreach PassPhrase in=$CertRenewPass do={ + :foreach I,PassPhrase in=$CertRenewPass do={ :do { + $LogPrint debug $ScriptName ("Trying " . $I . ". passphrase... "); :local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ]; :if ($Result->"decryption-failures" = 0) do={ + $LogPrint debug $ScriptName ("Success!"); :set DecryptionFailed false; } } on-error={ } From 512c54bd590503af27e754c5c65c34b5307cf9c9 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 26 Feb 2025 13:55:09 +0100 Subject: [PATCH 12/42] check-certificates: ... and even more --- check-certificates.rsc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/check-certificates.rsc b/check-certificates.rsc index 6862015..6dff9ba 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -52,6 +52,9 @@ :foreach Type in={ "pem"; "p12" } do={ :local CertFileName ([ $UrlEncode $FetchName ] . "." . $Type); + $LogPrint debug $ScriptName ("Trying type '" . $Type . "' for '" . $CertName . \ + "' (file '" . $CertFileName . "')..."); + :do { /tool/fetch check-certificate=yes-without-crl http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \ ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value; From e833dfcf25175fb1d5c652dcf898c6332ce70404 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 26 Feb 2025 13:51:25 +0100 Subject: [PATCH 13/42] check-certificates: simplify return from function... ... and also break earch on success. --- check-certificates.rsc | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/check-certificates.rsc b/check-certificates.rsc index 6dff9ba..5065c33 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -48,8 +48,6 @@ :global UrlEncode; :global WaitForFile; - :local Return false; - :foreach Type in={ "pem"; "p12" } do={ :local CertFileName ([ $UrlEncode $FetchName ] . "." . $Type); $LogPrint debug $ScriptName ("Trying type '" . $Type . "' for '" . $CertName . \ @@ -84,13 +82,13 @@ $CertificateNameByCN [ /certificate/get $CertInChain common-name ]; } - :set Return true; + :return true; } on-error={ $LogPrint debug $ScriptName ("Could not download certificate file '" . $CertFileName . "'."); } } - :return $Return; + :return false; } :local FormatInfo do={ From 14195c51ca381063789ca58c760d70037328e600 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 26 Feb 2025 18:25:58 +0100 Subject: [PATCH 14/42] check-certificates: try PKCS#12 before PEM... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... as that is more likely to have a private key. Is that true? 🤨 --- check-certificates.rsc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-certificates.rsc b/check-certificates.rsc index 5065c33..be8e4df 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -48,7 +48,7 @@ :global UrlEncode; :global WaitForFile; - :foreach Type in={ "pem"; "p12" } do={ + :foreach Type in={ "p12"; "pem" } do={ :local CertFileName ([ $UrlEncode $FetchName ] . "." . $Type); $LogPrint debug $ScriptName ("Trying type '" . $Type . "' for '" . $CertName . \ "' (file '" . $CertFileName . "')..."); From b11be59b0824efac6df128fde46a529ced14a2d0 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 27 Feb 2025 10:44:53 +0100 Subject: [PATCH 15/42] README: quote the certificate file name --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a76d50f..fae6986 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,7 @@ file to your MikroTik device. Then we import the certificate. - /certificate/import file-name=isrg-root-x2.pem passphrase=""; + /certificate/import file-name="isrg-root-x2.pem" passphrase=""; Do not worry that the command is not shown - that happens because it contains a sensitive property, the passphrase. From e2fe653035ca2217dc56235de780f72dbb790e1d Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 26 Feb 2025 20:16:12 +0100 Subject: [PATCH 16/42] mod/notification-telegram: $GetTelegramChatId: use last message --- mod/notification-telegram.rsc | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc index 7782fcf..4528615 100644 --- a/mod/notification-telegram.rsc +++ b/mod/notification-telegram.rsc @@ -82,12 +82,15 @@ } :local JSON [ :deserialize from=json value=$Data ]; - :foreach Update in=($JSON->"result") do={ - $LogPrint info $0 ("The chat id is: " . ($Update->"message"->"chat"->"id")); - :return true; + :local Count [ :len ($JSON->"result") ]; + + :if ($Count = 0) do={ + $LogPrint info $0 ("No message received."); + :return false; } - $LogPrint info $0 ("No message received."); + :local Message ($JSON->"result"->($Count - 1)->"message"); + $LogPrint info $0 ("The chat id is: " . ($Message->"chat"->"id")); } on-error={ :global ExitError; $ExitError false $0; } } From f5189b8bd7ca01fb6e26414960764960a03066c4 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 27 Feb 2025 10:45:30 +0100 Subject: [PATCH 17/42] INITIAL-COMMANDS: quote the certificate file name --- INITIAL-COMMANDS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md index 424ef32..8b64d28 100644 --- a/INITIAL-COMMANDS.md +++ b/INITIAL-COMMANDS.md @@ -19,7 +19,7 @@ Run the complete base installation: { /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem" as-value; :delay 1s; - /certificate/import file-name=isrg-root-x2.pem passphrase=""; + /certificate/import file-name="isrg-root-x2.pem" passphrase=""; :if ([ :len [ /certificate/find where fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470" ] ] != 1) do={ :error "Something is wrong with your certificates!"; }; From 0c4fb42616f8015dd128ec7df1d1afce590d26ed Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 26 Feb 2025 20:18:12 +0100 Subject: [PATCH 18/42] mod/notification-telegram: $GetTelegramChatId: give thead id... ... if message was sent to group's topic. --- mod/notification-telegram.rsc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc index 4528615..68e913f 100644 --- a/mod/notification-telegram.rsc +++ b/mod/notification-telegram.rsc @@ -91,6 +91,9 @@ :local Message ($JSON->"result"->($Count - 1)->"message"); $LogPrint info $0 ("The chat id is: " . ($Message->"chat"->"id")); + :if (($Message->"is_topic_message") = true) do={ + $LogPrint info $0 ("The thread id is: " . ($Message->"message_thread_id")); + } } on-error={ :global ExitError; $ExitError false $0; } } From 33c02e06092eded4b3344a6eb22742c9be531fb2 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 3 Mar 2025 09:10:54 +0100 Subject: [PATCH 19/42] ipv6-update: ignore if prefix is no longer valid --- ipv6-update.rsc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ipv6-update.rsc b/ipv6-update.rsc index c6e3d65..beccde0 100644 --- a/ipv6-update.rsc +++ b/ipv6-update.rsc @@ -20,7 +20,9 @@ :global ScriptLock; :local NaAddress $"na-address"; + :local NaValid $"na-valid"; :local PdPrefix $"pd-prefix"; + :local PdValid $"pd-valid"; :if ([ $ScriptLock $ScriptName ] = false) do={ :set ExitOK true; @@ -39,6 +41,12 @@ :error false; } + :if ($PdValid != 1) do={ + $LogPrint info $ScriptName ("The prefix " . $PdPrefix . " is no longer valid. Ignoring."); + :set ExitOK true; + :error false; + } + :local Pool [ /ipv6/pool/get [ find where prefix=$PdPrefix ] name ]; :if ([ :len [ /ipv6/firewall/address-list/find where comment=("ipv6-pool-" . $Pool) ] ] = 0) do={ /ipv6/firewall/address-list/add list=("ipv6-pool-" . $Pool) address=:: comment=("ipv6-pool-" . $Pool) dynamic=yes; From 469f783a92c8e67088d70572157ff4cd7d47fcd8 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 3 Mar 2025 09:12:43 +0100 Subject: [PATCH 20/42] ipv6-update: check for availability of both variables --- ipv6-update.rsc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipv6-update.rsc b/ipv6-update.rsc index beccde0..94bd1bc 100644 --- a/ipv6-update.rsc +++ b/ipv6-update.rsc @@ -35,7 +35,7 @@ :error false; } - :if ([ :typeof $PdPrefix ] = "nothing") do={ + :if ([ :typeof $PdPrefix ] = "nothing" || [ :typeof $PdValid ] = "nothing") do={ $LogPrint error $ScriptName ("This script is supposed to run from ipv6 dhcp-client."); :set ExitOK true; :error false; From 3ccaafd1b38f4335aa28361778aa37db2ca22d5f Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 00:28:01 +0100 Subject: [PATCH 21/42] global-functions: $ScriptInstallUpdate: move code into block --- global-functions.rsc | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index 43cd7f0..8fcd56d 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1163,7 +1163,12 @@ } } - :if (!($ScriptInfo->"ignore" = true)) do={ + :do { + :if ($ScriptInfo->"ignore" = true) do={ + $LogPrint debug $0 ("Ignoring script '" . $ScriptVal->"name" . "', as requested."); + :error true; + } + :do { :local BaseUrl [ $EitherOr ($ScriptInfo->"base-url") $ScriptUpdatesBaseUrl ]; :local UrlSuffix [ $EitherOr ($ScriptInfo->"url-suffix") $ScriptUpdatesUrlSuffix ]; @@ -1182,10 +1187,9 @@ } else={ $LogPrint warning $0 ("Failed fetching script '" . $ScriptVal->"name" . "'!"); } + :error false; } - } - :do { :if ([ :len $SourceNew ] = 0) do={ $LogPrint debug $0 ("No update for script '" . $ScriptVal->"name" . "'."); :error false; From 0c1d96f89dfb4d209b0848d5ac2d81a640e0f056 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 00:18:43 +0100 Subject: [PATCH 22/42] global-functions: $ScriptInstallUpdate: get and compare checksums MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The file 'checksums.json' is generated when deploying to my web server... This should speed up the update a lot as it reduces downloads to a minimum. 🎉😁 --- global-functions.rsc | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/global-functions.rsc b/global-functions.rsc index 8fcd56d..8405c92 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1150,6 +1150,14 @@ :local ReloadGlobalConfig false; :local DeviceMode [ /system/device-mode/get ]; + :local CheckSums ({}); + :do { + :local Url ($ScriptUpdatesBaseUrl . "checksums.json" . $ScriptUpdatesUrlSuffix); + $LogPrint debug $0 ("Fetching checksums from url: " . $Url); + :set CheckSums [ :deserialize from=json ([ /tool/fetch check-certificate=yes-without-crl \ + http-header-field=({ [ $FetchUserAgentStr $0 ] }) $Url output=user as-value ]->"data") ]; + } on-error={ } + :foreach Script in=[ /system/script/find where source~"^#!rsc by RouterOS\r?\n" ] do={ :local ScriptVal [ /system/script/get $Script ]; :local ScriptInfo [ $ParseKeyValueStore ($ScriptVal->"comment") ]; @@ -1169,6 +1177,11 @@ :error true; } + :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = ($CheckSums->($ScriptVal->"name"))) do={ + $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); + :error true; + } + :do { :local BaseUrl [ $EitherOr ($ScriptInfo->"base-url") $ScriptUpdatesBaseUrl ]; :local UrlSuffix [ $EitherOr ($ScriptInfo->"url-suffix") $ScriptUpdatesUrlSuffix ]; From 10374afc182cd8b08e07a3d45890518e8b6be73c Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 01:37:42 +0100 Subject: [PATCH 23/42] global-functions: $ScriptInstallUpdate: support checksums for CRLF scripts --- global-functions.rsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/global-functions.rsc b/global-functions.rsc index 8405c92..d883aa0 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1177,7 +1177,8 @@ :error true; } - :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = ($CheckSums->($ScriptVal->"name"))) do={ + :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = ($CheckSums->($ScriptVal->"name")) || \ + [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = ($CheckSums->($ScriptVal->"name"))) do={ $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); :error true; } From c9de6d85790897a945910316a14db16b0435c41e Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 01:39:59 +0100 Subject: [PATCH 24/42] global-functions: $ScriptInstallUpdate: put checksum into variable --- global-functions.rsc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index d883aa0..a9fa938 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1177,8 +1177,9 @@ :error true; } - :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = ($CheckSums->($ScriptVal->"name")) || \ - [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = ($CheckSums->($ScriptVal->"name"))) do={ + :local CheckSum ($CheckSums->($ScriptVal->"name")); + :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = $CheckSum || \ + [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); :error true; } From b13360e4b86838d95cd8c9a1a4e2ea8d757dbb0f Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 01:53:04 +0100 Subject: [PATCH 25/42] global-functions: $ScriptInstallUpdate: simplify check This one should suffice... --- global-functions.rsc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index a9fa938..4c777a1 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1178,8 +1178,7 @@ } :local CheckSum ($CheckSums->($ScriptVal->"name")); - :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = $CheckSum || \ - [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ + :if ([ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); :error true; } From 1b46a5fd9bc69f4d609b28e7ff8d36717a3b9a8f Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 08:55:06 +0100 Subject: [PATCH 26/42] global-functions: $ScriptInstallUpdate: checksum only for same source So ignore if script is fetched from different base or with different suffix. --- global-functions.rsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/global-functions.rsc b/global-functions.rsc index 4c777a1..da31165 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1178,7 +1178,8 @@ } :local CheckSum ($CheckSums->($ScriptVal->"name")); - :if ([ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ + :if ([ :len ($ScriptInfo->"base-url") ] = 0 && [ :len ($ScriptInfo->"url-suffix") ] = 0 && \ + [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); :error true; } From e341e1c30ca4ff8b87bc757cc5c0effbc50a7ea6 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 15:02:31 +0100 Subject: [PATCH 27/42] global-functions: introduce $LogPrintVerbose ... ... which is a declared function, but has no code, intentionally. It can be called as a no-op by default. If you want this output set the function to be the same as $LogPrint: :set LogPrintVerbose $LogPrint; --- global-functions.rsc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/global-functions.rsc b/global-functions.rsc index da31165..911ff6a 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -55,6 +55,7 @@ :global IsTimeSync; :global LogPrint; :global LogPrintOnce; +:global LogPrintVerbose; :global MAX; :global MIN; :global MkDir; @@ -848,6 +849,8 @@ :return true; } +# The function $LogPrintVerbose is declared, but has no code, intentionally. + # get max value :set MAX do={ :if ($1 > $2) do={ :return $1; } From 6d718ec9877c3ecfc10681e85d050d15ed4d4b80 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 14:38:35 +0100 Subject: [PATCH 28/42] fw-addr-lists: use $LogPrintVerbose ... ... to reduce debug output and speed up execution. --- fw-addr-lists.rsc | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index d41dc04..af8c65d 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -24,6 +24,7 @@ :global HumanReadableNum; :global LogPrint; :global LogPrintOnce; + :global LogPrintVerbose; :global ScriptLock; :global WaitFullyConnected; @@ -120,14 +121,14 @@ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; :if ([ :typeof ($IPv4Addresses->$Address) ] = "time") do={ - $LogPrint debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ "' with " . ($IPv4Addresses->$Address) . ": " . $Address); /ip/firewall/address-list/set $Entry timeout=($IPv4Addresses->$Address); :set ($IPv4Addresses->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ - $LogPrint debug $ScriptName ("Removing IPv4 address from list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Removing IPv4 address from list '" . $FwListName . \ "': " . $Address); /ip/firewall/address-list/remove $Entry; :set CntRemove ($CntRemove + 1); @@ -139,14 +140,14 @@ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; :if ([ :typeof ($IPv6Addresses->$Address) ] = "time") do={ - $LogPrint debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ "' with " . ($IPv6Addresses->$Address) . ": " . $Address); /ipv6/firewall/address-list/set $Entry timeout=($IPv6Addresses->$Address); :set ($IPv6Addresses->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ - $LogPrint debug $ScriptName ("Removing IPv6 address from list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Removing IPv6 address from list '" . $FwListName . \ "': " . $Address); /ipv6/firewall/address-list/remove $Entry; :set CntRemove ($CntRemove + 1); @@ -155,7 +156,7 @@ } :foreach Address,Timeout in=$IPv4Addresses do={ - $LogPrint debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \ "' with " . $Timeout . ": " . $Address); :do { /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ @@ -169,7 +170,7 @@ } :foreach Address,Timeout in=$IPv6Addresses do={ - $LogPrint debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \ "' with " . $Timeout . ": " . $Address); :do { /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ From 7be26a07125b9c946859560bd59323f84feb9494 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 14:54:38 +0100 Subject: [PATCH 29/42] DEBUG: add info on $LogPrintVerbose --- DEBUG.md | 14 ++++++++++++++ global-functions.rsc | 1 + 2 files changed, 15 insertions(+) diff --git a/DEBUG.md b/DEBUG.md index 3d7f025..d5e9beb 100644 --- a/DEBUG.md +++ b/DEBUG.md @@ -44,6 +44,20 @@ instead. Disable or remote that setting to restore regular logging. +## Verbose output + +Specific scripts can generate huge amount of output. These do use a function +`$LogPrintVerbose`, which is declared, but has no code, intentionally. + +If you *really* want that output set the function to be the same as +`$LogPrint`: + + :set LogPrintVerbose $LogPrint; + +To revert that change just run: + + :set LogPrintVerbose; + --- [âŦ…ī¸ Go back to main README](README.md) [âŦ†ī¸ Go back to top](#top) diff --git a/global-functions.rsc b/global-functions.rsc index 911ff6a..8ae7bb8 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -850,6 +850,7 @@ } # The function $LogPrintVerbose is declared, but has no code, intentionally. +# https://rsc.eworm.de/DEBUG.md#verbose-output # get max value :set MAX do={ From fb343c99e399d679f3e2a22e76c14a5899024319 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 22:59:31 +0100 Subject: [PATCH 30/42] fw-addr-lists: put timeout into variable --- fw-addr-lists.rsc | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index af8c65d..331d2c6 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -120,10 +120,11 @@ :foreach Entry in=[ /ip/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; - :if ([ :typeof ($IPv4Addresses->$Address) ] = "time") do={ + :local TimeOut ($IPv4Addresses->$Address); + :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ - "' with " . ($IPv4Addresses->$Address) . ": " . $Address); - /ip/firewall/address-list/set $Entry timeout=($IPv4Addresses->$Address); + "' with " . $TimeOut . ": " . $Address); + /ip/firewall/address-list/set $Entry timeout=$TimeOut; :set ($IPv4Addresses->$Address); :set CntRenew ($CntRenew + 1); } else={ @@ -139,10 +140,11 @@ :foreach Entry in=[ /ipv6/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; - :if ([ :typeof ($IPv6Addresses->$Address) ] = "time") do={ + :local TimeOut ($IPv6Addresses->$Address); + :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ - "' with " . ($IPv6Addresses->$Address) . ": " . $Address); - /ipv6/firewall/address-list/set $Entry timeout=($IPv6Addresses->$Address); + "' with " . $TimeOut . ": " . $Address); + /ipv6/firewall/address-list/set $Entry timeout=$TimeOut; :set ($IPv6Addresses->$Address); :set CntRenew ($CntRenew + 1); } else={ From ea6de35699a5b62dfffcc583c1a7181e1a6a688f Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 23:00:50 +0100 Subject: [PATCH 31/42] fw-addr-lists: do not clean up Cleanup is important on renew (so the script does not attempt to re-add), but we do not care here. --- fw-addr-lists.rsc | 2 -- 1 file changed, 2 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index 331d2c6..70893e3 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -163,7 +163,6 @@ :do { /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ address=$Address timeout=$Timeout; - :set ($IPv4Addresses->$Address); :set CntAdd ($CntAdd + 1); } on-error={ $LogPrint warning $ScriptName ("Failed to add IPv4 address to list '" . $FwListName . \ @@ -177,7 +176,6 @@ :do { /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ address=$Address timeout=$Timeout; - :set ($IPv6Addresses->$Address); :set CntAdd ($CntAdd + 1); } on-error={ $LogPrint warning $ScriptName ("Failed to add IPv6 address to list '" . $FwListName . \ From 2f55bfaf009d726e1174b50887fdb8f9b4b57573 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 7 Mar 2025 12:21:22 +0100 Subject: [PATCH 32/42] fw-addr-lists: strip cidr for host addresses This makes sure the addresses match later when we read them from address-list for renew. --- fw-addr-lists.rsc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index 70893e3..fc53795 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -101,10 +101,16 @@ } :do { :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ + :if ($Address ~ "/32\$") do={ + :set Address [ :pick $Address 0 ([ :len $Address ] - 3) ]; + } :set ($IPv4Addresses->$Address) $TimeOut; :error true; } :if ($Address ~ "^[0-9a-zA-Z]*:[0-9a-zA-Z:\\.]+(/[0-9]{1,3})?\$") do={ + :if ($Address ~ "/128\$") do={ + :set Address [ :pick $Address 0 ([ :len $Address ] - 4) ]; + } :set ($IPv6Addresses->$Address) $TimeOut; :error true; } From e148df9e573801803e35d8dfaef277f571952fdc Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 23:05:45 +0100 Subject: [PATCH 33/42] fw-addr-lists: put addresses into "branches"... ... effectively adding another layer and some complexity, but: The addresses are sorted inside the array, and sorting less addresses in a branch saves a lot of processing power. So this is a lot faster now... --- fw-addr-lists.rsc | 65 +++++++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index fc53795..a97f7ed 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -100,23 +100,24 @@ :set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr")); } :do { + :local Branch [ :pick $Address 0 1 ]; :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ :if ($Address ~ "/32\$") do={ :set Address [ :pick $Address 0 ([ :len $Address ] - 3) ]; } - :set ($IPv4Addresses->$Address) $TimeOut; + :set ($IPv4Addresses->$Branch->$Address) $TimeOut; :error true; } :if ($Address ~ "^[0-9a-zA-Z]*:[0-9a-zA-Z:\\.]+(/[0-9]{1,3})?\$") do={ :if ($Address ~ "/128\$") do={ :set Address [ :pick $Address 0 ([ :len $Address ] - 4) ]; } - :set ($IPv6Addresses->$Address) $TimeOut; + :set ($IPv6Addresses->$Branch->$Address) $TimeOut; :error true; } :if ($Address ~ "^[\\.a-zA-Z0-9-]+\\.[a-zA-Z]{2,}\$") do={ - :set ($IPv4Addresses->$Address) $TimeOut; - :set ($IPv6Addresses->$Address) $TimeOut; + :set ($IPv4Addresses->$Branch->$Address) $TimeOut; + :set ($IPv6Addresses->$Branch->$Address) $TimeOut; :error true; } } on-error={ } @@ -126,12 +127,13 @@ :foreach Entry in=[ /ip/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; - :local TimeOut ($IPv4Addresses->$Address); + :local Branch [ :pick $Address 0 1 ]; + :local TimeOut ($IPv4Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ "' with " . $TimeOut . ": " . $Address); /ip/firewall/address-list/set $Entry timeout=$TimeOut; - :set ($IPv4Addresses->$Address); + :set ($IPv4Addresses->$Branch->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ @@ -146,12 +148,13 @@ :foreach Entry in=[ /ipv6/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; - :local TimeOut ($IPv6Addresses->$Address); + :local Branch [ :pick $Address 0 1 ]; + :local TimeOut ($IPv6Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ "' with " . $TimeOut . ": " . $Address); /ipv6/firewall/address-list/set $Entry timeout=$TimeOut; - :set ($IPv6Addresses->$Address); + :set ($IPv6Addresses->$Branch->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ @@ -163,29 +166,35 @@ } } - :foreach Address,Timeout in=$IPv4Addresses do={ - $LogPrintVerbose debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \ - "' with " . $Timeout . ": " . $Address); - :do { - /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ - address=$Address timeout=$Timeout; - :set CntAdd ($CntAdd + 1); - } on-error={ - $LogPrint warning $ScriptName ("Failed to add IPv4 address to list '" . $FwListName . \ - "': " . $Address); + :foreach BranchName,Branch in=$IPv4Addresses do={ + $LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName); + :foreach Address,Timeout in=$Branch do={ + $LogPrintVerbose debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \ + "' with " . $Timeout . ": " . $Address); + :do { + /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ + address=$Address timeout=$Timeout; + :set CntAdd ($CntAdd + 1); + } on-error={ + $LogPrint warning $ScriptName ("Failed to add IPv4 address to list '" . $FwListName . \ + "': " . $Address); + } } } - :foreach Address,Timeout in=$IPv6Addresses do={ - $LogPrintVerbose debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \ - "' with " . $Timeout . ": " . $Address); - :do { - /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ - address=$Address timeout=$Timeout; - :set CntAdd ($CntAdd + 1); - } on-error={ - $LogPrint warning $ScriptName ("Failed to add IPv6 address to list '" . $FwListName . \ - "': " . $Address); + :foreach BranchName,Branch in=$IPv6Addresses do={ + $LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName); + :foreach Address,Timeout in=$Branch do={ + $LogPrintVerbose debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \ + "' with " . $Timeout . ": " . $Address); + :do { + /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ + address=$Address timeout=$Timeout; + :set CntAdd ($CntAdd + 1); + } on-error={ + $LogPrint warning $ScriptName ("Failed to add IPv6 address to list '" . $FwListName . \ + "': " . $Address); + } } } From d71ea804b077d35183df318fb305b213fb961d27 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 7 Mar 2025 20:35:36 +0100 Subject: [PATCH 34/42] fw-addr-lists: two characters for branch Using one character for IPv4 is ok (1 to 9), but IPv6 global unicase (2000::/3) results in just two different characters (2 and 3). So let's use first two characters... --- fw-addr-lists.rsc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index a97f7ed..9ad5b3a 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -100,7 +100,7 @@ :set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr")); } :do { - :local Branch [ :pick $Address 0 1 ]; + :local Branch [ :pick $Address 0 2 ]; :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ :if ($Address ~ "/32\$") do={ :set Address [ :pick $Address 0 ([ :len $Address ] - 3) ]; @@ -127,7 +127,7 @@ :foreach Entry in=[ /ip/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; - :local Branch [ :pick $Address 0 1 ]; + :local Branch [ :pick $Address 0 2 ]; :local TimeOut ($IPv4Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ @@ -148,7 +148,7 @@ :foreach Entry in=[ /ipv6/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; - :local Branch [ :pick $Address 0 1 ]; + :local Branch [ :pick $Address 0 2 ]; :local TimeOut ($IPv6Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ From f0e6cbcfe1a0be05f30d37cd495d4dbea0888f07 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Sat, 8 Mar 2025 10:09:51 +0100 Subject: [PATCH 35/42] fw-addr-lists: get branch from calculated checksum The addresses were spread very uneven before. Let's calculate a checksum, and take the first two characters of that. The addresses are now spread evenly on 256 branches (0x00 to 0xff). --- fw-addr-lists.rsc | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index 9ad5b3a..f0940fe 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -37,6 +37,11 @@ } } + :local GetBranch do={ + :global EitherOr; + :return [ :pick [ :convert transform=md5 to=hex [ :pick $1 0 [ $EitherOr [ :find $1 "/" ] [ :len $1 ] ] ] ] 0 2 ]; + } + :if ([ $ScriptLock $ScriptName ] = false) do={ :set ExitOK true; :error false; @@ -100,7 +105,7 @@ :set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr")); } :do { - :local Branch [ :pick $Address 0 2 ]; + :local Branch [ $GetBranch $Address ]; :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ :if ($Address ~ "/32\$") do={ :set Address [ :pick $Address 0 ([ :len $Address ] - 3) ]; @@ -127,7 +132,7 @@ :foreach Entry in=[ /ip/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; - :local Branch [ :pick $Address 0 2 ]; + :local Branch [ $GetBranch $Address ]; :local TimeOut ($IPv4Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ @@ -148,7 +153,7 @@ :foreach Entry in=[ /ipv6/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; - :local Branch [ :pick $Address 0 2 ]; + :local Branch [ $GetBranch $Address ]; :local TimeOut ($IPv6Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ From eb59dd21caf8026748eada3aee137b8e3b6590b7 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 7 Mar 2025 17:33:51 +0100 Subject: [PATCH 36/42] check-routeros-update: check perpetual license... ... as these have to be renewed and can expire. --- check-routeros-update.rsc | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/check-routeros-update.rsc b/check-routeros-update.rsc index 361be34..8d200d2 100644 --- a/check-routeros-update.rsc +++ b/check-routeros-update.rsc @@ -66,6 +66,27 @@ :error "A reboot for update is already scheduled."; } + :local License [ /system/license/get ]; + :if ([ :typeof ($License->"deadline-at") ] = "str") do={ + :if ([ :len ($License->"next-renewal-at") ] = 0 && ($License->"limited-upgrades") = true) do={ + $LogPrint warning $ScriptName ("Your license expired on " . ($License->"deadline-at") . "!"); + $SendNotification2 ({ origin=$ScriptName; \ + subject=([ $SymbolForNotification "warning-sign" ] . "License expired!"); \ + message=("Your license expired on " . ($License->"deadline-at") . \ + ", can no longer update RouterOS on " . $Identity . "...") }); + :set ExitOK true; + :error false; + } + + :if ([ :totime ($License->"next-renewal-at") ] + 1w < [ :timestamp ]) do={ + $LogPrint warning $ScriptName ("Your license will expire on " . ($License->"deadline-at") . "!"); + $SendNotification2 ({ origin=$ScriptName; \ + subject=([ $SymbolForNotification "warning-sign" ] . "License about to expire!"); \ + message=("Your license failed to renew and is about to expire on " . \ + ($License->"deadline-at") . " on " . $Identity . "...") }); + } + } + $LogPrint debug $ScriptName ("Checking for updates..."); /system/package/update/check-for-updates without-paging as-value; :local Update [ /system/package/update/get ]; From 788400c4586b6a2e61c6e36acd10ab5d20da00c9 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 10 Mar 2025 16:29:06 +0100 Subject: [PATCH 37/42] fw-addr-lists: raw.githubusercontent.com requires 'USERTrust RSA Certification Authority' now --- certs/Makefile | 2 +- .../USERTrust-RSA-Certification-Authority.pem | 41 +++++++++++++++++++ global-config.rsc | 2 +- 3 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 certs/USERTrust-RSA-Certification-Authority.pem diff --git a/certs/Makefile b/certs/Makefile index 4e252b4..3ccad6e 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -15,7 +15,7 @@ DOMAINS_DUAL = \ git.eworm.de/ISRG-Root-X2 \ lists.blocklist.de/Certum-Trusted-Network-CA \ matrix.org/GTS-Root-R4 \ - raw.githubusercontent.com/DigiCert-Global-Root-G2 \ + raw.githubusercontent.com/USERTrust-RSA-Certification-Authority \ rsc.eworm.de/ISRG-Root-X2 \ upgrade.mikrotik.com/ISRG-Root-X1 DOMAINS_IPV4 = \ diff --git a/certs/USERTrust-RSA-Certification-Authority.pem b/certs/USERTrust-RSA-Certification-Authority.pem new file mode 100644 index 0000000..0fbeef6 --- /dev/null +++ b/certs/USERTrust-RSA-Certification-Authority.pem @@ -0,0 +1,41 @@ +# Issuer: CN=USERTrust RSA Certification Authority O=The USERTRUST Network +# Subject: CN=USERTrust RSA Certification Authority O=The USERTRUST Network +# Label: "USERTrust RSA Certification Authority" +# Serial: 2645093764781058787591871645665788717 +# MD5 Fingerprint: 1b:fe:69:d1:91:b7:19:33:a3:72:a8:0f:e1:55:e5:b5 +# SHA1 Fingerprint: 2b:8f:1b:57:33:0d:bb:a2:d0:7a:6c:51:f7:0e:e9:0d:da:b9:ad:8e +# SHA256 Fingerprint: e7:93:c9:b0:2f:d8:aa:13:e2:1c:31:22:8a:cc:b0:81:19:64:3b:74:9c:89:89:64:b1:74:6d:46:c3:d4:cb:d2 +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- diff --git a/global-config.rsc b/global-config.rsc index 2524ded..fa32b16 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -103,7 +103,7 @@ # cert="ISRG Root X2" }; { url="https://raw.githubusercontent.com/stamparm/ipsum/refs/heads/master/levels/4.txt"; # # higher level (decrease the numerical value) for more addresses, and vice versa - cert="DigiCert Global Root G2" }; + cert="USERTrust RSA Certification Authority" }; { url="https://www.dshield.org/block.txt"; cidr="/24"; cert="ISRG Root X1" }; { url="https://lists.blocklist.de/lists/strongips.txt"; From 97b99316b2f96fa9c5d2f539e31aa308e86c99b4 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 12 Mar 2025 10:31:11 +0100 Subject: [PATCH 38/42] netwatch-notify: increase timeout... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... as a timeout of one second expires immediately. 🤨 --- netwatch-notify.rsc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/netwatch-notify.rsc b/netwatch-notify.rsc index 8b05c5e..9a4c9d9 100644 --- a/netwatch-notify.rsc +++ b/netwatch-notify.rsc @@ -61,12 +61,12 @@ :global GetRandom20CharAlNum; :local FwAddrList ($ScriptName . "-" . [ $GetRandom20CharAlNum ]); - /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=1s; + /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=2s; :delay 20ms; :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ :return true; } - /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=1s; + /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=2s; :delay 20ms; :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ :return true; From 155542668719f9feaac45fdb786b2e5fc5fd1e71 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 12 Mar 2025 11:18:18 +0100 Subject: [PATCH 39/42] netwatch-notify: increase the timeout even more MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This interacts with the number of addresses in the address-list. Having a lot of addresses there (for exemple from script 'fw-addr-lists' 😜) makes the 'find' take longer. We have to make sure that 'find' succeeds before the address times out. As this does not hurt... Let's just bump to 10 seconds to be safe. --- netwatch-notify.rsc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/netwatch-notify.rsc b/netwatch-notify.rsc index 9a4c9d9..2a5050c 100644 --- a/netwatch-notify.rsc +++ b/netwatch-notify.rsc @@ -61,12 +61,12 @@ :global GetRandom20CharAlNum; :local FwAddrList ($ScriptName . "-" . [ $GetRandom20CharAlNum ]); - /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=2s; + /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; :delay 20ms; :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ :return true; } - /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=2s; + /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; :delay 20ms; :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ :return true; From b63e0fcb2fc282ac69cbef74b35bd40e8df5a464 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 12 Mar 2025 11:26:22 +0100 Subject: [PATCH 40/42] netwatch-notify: check matching address type only --- netwatch-notify.rsc | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/netwatch-notify.rsc b/netwatch-notify.rsc index 2a5050c..0b8a8dc 100644 --- a/netwatch-notify.rsc +++ b/netwatch-notify.rsc @@ -61,15 +61,19 @@ :global GetRandom20CharAlNum; :local FwAddrList ($ScriptName . "-" . [ $GetRandom20CharAlNum ]); - /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; - :delay 20ms; - :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ - :return true; + :if ([ :typeof [ :toip $Expected ] ] = "ip") do={ + /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; + :delay 20ms; + :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ + :return true; + } } - /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; - :delay 20ms; - :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ - :return true; + :if ([ :typeof [ :toip6 $Expected ] ] = "ip6") do={ + /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; + :delay 20ms; + :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ + :return true; + } } :return false; From 20bf609c44c2b4111bb387b36b955b8c3243fbf1 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 13 Mar 2025 10:51:39 +0100 Subject: [PATCH 41/42] check-routeros-update: fix condition for license check Turns out that `next-renewal-at` is moved forward when renewal failed, so it never matches the criteria. Just start complaining three weeks before deadline. --- check-routeros-update.rsc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-routeros-update.rsc b/check-routeros-update.rsc index 8d200d2..78161e4 100644 --- a/check-routeros-update.rsc +++ b/check-routeros-update.rsc @@ -78,7 +78,7 @@ :error false; } - :if ([ :totime ($License->"next-renewal-at") ] + 1w < [ :timestamp ]) do={ + :if ([ :totime ($License->"deadline-at") ] - 3w < [ :timestamp ]) do={ $LogPrint warning $ScriptName ("Your license will expire on " . ($License->"deadline-at") . "!"); $SendNotification2 ({ origin=$ScriptName; \ subject=([ $SymbolForNotification "warning-sign" ] . "License about to expire!"); \ From ce39b79f69f978a8de521643b07b9c19de02b06f Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 13 Mar 2025 11:50:38 +0100 Subject: [PATCH 42/42] capsman-download-packages: fix parameter for $RmFile The function can not handle ids, we have to pass a name instead. --- capsman-download-packages.capsman.rsc | 2 +- capsman-download-packages.template.rsc | 2 +- capsman-download-packages.wifi.rsc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/capsman-download-packages.capsman.rsc b/capsman-download-packages.capsman.rsc index 4387cb1..25c43f5 100644 --- a/capsman-download-packages.capsman.rsc +++ b/capsman-download-packages.capsman.rsc @@ -62,7 +62,7 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - $RmFile $Package; + $RmFile ($File->"name"); } } diff --git a/capsman-download-packages.template.rsc b/capsman-download-packages.template.rsc index 744494e..b269838 100644 --- a/capsman-download-packages.template.rsc +++ b/capsman-download-packages.template.rsc @@ -64,7 +64,7 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - $RmFile $Package; + $RmFile ($File->"name"); } } diff --git a/capsman-download-packages.wifi.rsc b/capsman-download-packages.wifi.rsc index a0c5e12..901bb0a 100644 --- a/capsman-download-packages.wifi.rsc +++ b/capsman-download-packages.wifi.rsc @@ -62,7 +62,7 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - $RmFile $Package; + $RmFile ($File->"name"); } }