From 33c02e06092eded4b3344a6eb22742c9be531fb2 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 3 Mar 2025 09:10:54 +0100 Subject: [PATCH 01/24] ipv6-update: ignore if prefix is no longer valid --- ipv6-update.rsc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ipv6-update.rsc b/ipv6-update.rsc index c6e3d65..beccde0 100644 --- a/ipv6-update.rsc +++ b/ipv6-update.rsc @@ -20,7 +20,9 @@ :global ScriptLock; :local NaAddress $"na-address"; + :local NaValid $"na-valid"; :local PdPrefix $"pd-prefix"; + :local PdValid $"pd-valid"; :if ([ $ScriptLock $ScriptName ] = false) do={ :set ExitOK true; @@ -39,6 +41,12 @@ :error false; } + :if ($PdValid != 1) do={ + $LogPrint info $ScriptName ("The prefix " . $PdPrefix . " is no longer valid. Ignoring."); + :set ExitOK true; + :error false; + } + :local Pool [ /ipv6/pool/get [ find where prefix=$PdPrefix ] name ]; :if ([ :len [ /ipv6/firewall/address-list/find where comment=("ipv6-pool-" . $Pool) ] ] = 0) do={ /ipv6/firewall/address-list/add list=("ipv6-pool-" . $Pool) address=:: comment=("ipv6-pool-" . $Pool) dynamic=yes; From 469f783a92c8e67088d70572157ff4cd7d47fcd8 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 3 Mar 2025 09:12:43 +0100 Subject: [PATCH 02/24] ipv6-update: check for availability of both variables --- ipv6-update.rsc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipv6-update.rsc b/ipv6-update.rsc index beccde0..94bd1bc 100644 --- a/ipv6-update.rsc +++ b/ipv6-update.rsc @@ -35,7 +35,7 @@ :error false; } - :if ([ :typeof $PdPrefix ] = "nothing") do={ + :if ([ :typeof $PdPrefix ] = "nothing" || [ :typeof $PdValid ] = "nothing") do={ $LogPrint error $ScriptName ("This script is supposed to run from ipv6 dhcp-client."); :set ExitOK true; :error false; From 3ccaafd1b38f4335aa28361778aa37db2ca22d5f Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 00:28:01 +0100 Subject: [PATCH 03/24] global-functions: $ScriptInstallUpdate: move code into block --- global-functions.rsc | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index 43cd7f0..8fcd56d 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1163,7 +1163,12 @@ } } - :if (!($ScriptInfo->"ignore" = true)) do={ + :do { + :if ($ScriptInfo->"ignore" = true) do={ + $LogPrint debug $0 ("Ignoring script '" . $ScriptVal->"name" . "', as requested."); + :error true; + } + :do { :local BaseUrl [ $EitherOr ($ScriptInfo->"base-url") $ScriptUpdatesBaseUrl ]; :local UrlSuffix [ $EitherOr ($ScriptInfo->"url-suffix") $ScriptUpdatesUrlSuffix ]; @@ -1182,10 +1187,9 @@ } else={ $LogPrint warning $0 ("Failed fetching script '" . $ScriptVal->"name" . "'!"); } + :error false; } - } - :do { :if ([ :len $SourceNew ] = 0) do={ $LogPrint debug $0 ("No update for script '" . $ScriptVal->"name" . "'."); :error false; From 0c1d96f89dfb4d209b0848d5ac2d81a640e0f056 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 00:18:43 +0100 Subject: [PATCH 04/24] global-functions: $ScriptInstallUpdate: get and compare checksums MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The file 'checksums.json' is generated when deploying to my web server... This should speed up the update a lot as it reduces downloads to a minimum. ๐ŸŽ‰๐Ÿ˜ --- global-functions.rsc | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/global-functions.rsc b/global-functions.rsc index 8fcd56d..8405c92 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1150,6 +1150,14 @@ :local ReloadGlobalConfig false; :local DeviceMode [ /system/device-mode/get ]; + :local CheckSums ({}); + :do { + :local Url ($ScriptUpdatesBaseUrl . "checksums.json" . $ScriptUpdatesUrlSuffix); + $LogPrint debug $0 ("Fetching checksums from url: " . $Url); + :set CheckSums [ :deserialize from=json ([ /tool/fetch check-certificate=yes-without-crl \ + http-header-field=({ [ $FetchUserAgentStr $0 ] }) $Url output=user as-value ]->"data") ]; + } on-error={ } + :foreach Script in=[ /system/script/find where source~"^#!rsc by RouterOS\r?\n" ] do={ :local ScriptVal [ /system/script/get $Script ]; :local ScriptInfo [ $ParseKeyValueStore ($ScriptVal->"comment") ]; @@ -1169,6 +1177,11 @@ :error true; } + :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = ($CheckSums->($ScriptVal->"name"))) do={ + $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); + :error true; + } + :do { :local BaseUrl [ $EitherOr ($ScriptInfo->"base-url") $ScriptUpdatesBaseUrl ]; :local UrlSuffix [ $EitherOr ($ScriptInfo->"url-suffix") $ScriptUpdatesUrlSuffix ]; From 10374afc182cd8b08e07a3d45890518e8b6be73c Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 01:37:42 +0100 Subject: [PATCH 05/24] global-functions: $ScriptInstallUpdate: support checksums for CRLF scripts --- global-functions.rsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/global-functions.rsc b/global-functions.rsc index 8405c92..d883aa0 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1177,7 +1177,8 @@ :error true; } - :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = ($CheckSums->($ScriptVal->"name"))) do={ + :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = ($CheckSums->($ScriptVal->"name")) || \ + [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = ($CheckSums->($ScriptVal->"name"))) do={ $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); :error true; } From c9de6d85790897a945910316a14db16b0435c41e Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 01:39:59 +0100 Subject: [PATCH 06/24] global-functions: $ScriptInstallUpdate: put checksum into variable --- global-functions.rsc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index d883aa0..a9fa938 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1177,8 +1177,9 @@ :error true; } - :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = ($CheckSums->($ScriptVal->"name")) || \ - [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = ($CheckSums->($ScriptVal->"name"))) do={ + :local CheckSum ($CheckSums->($ScriptVal->"name")); + :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = $CheckSum || \ + [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); :error true; } From b13360e4b86838d95cd8c9a1a4e2ea8d757dbb0f Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 01:53:04 +0100 Subject: [PATCH 07/24] global-functions: $ScriptInstallUpdate: simplify check This one should suffice... --- global-functions.rsc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index a9fa938..4c777a1 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1178,8 +1178,7 @@ } :local CheckSum ($CheckSums->($ScriptVal->"name")); - :if ([ :convert transform=md5 to=hex ($ScriptVal->"source") ] = $CheckSum || \ - [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ + :if ([ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); :error true; } From 1b46a5fd9bc69f4d609b28e7ff8d36717a3b9a8f Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 5 Mar 2025 08:55:06 +0100 Subject: [PATCH 08/24] global-functions: $ScriptInstallUpdate: checksum only for same source So ignore if script is fetched from different base or with different suffix. --- global-functions.rsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/global-functions.rsc b/global-functions.rsc index 4c777a1..da31165 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1178,7 +1178,8 @@ } :local CheckSum ($CheckSums->($ScriptVal->"name")); - :if ([ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ + :if ([ :len ($ScriptInfo->"base-url") ] = 0 && [ :len ($ScriptInfo->"url-suffix") ] = 0 && \ + [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); :error true; } From e341e1c30ca4ff8b87bc757cc5c0effbc50a7ea6 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 15:02:31 +0100 Subject: [PATCH 09/24] global-functions: introduce $LogPrintVerbose ... ... which is a declared function, but has no code, intentionally. It can be called as a no-op by default. If you want this output set the function to be the same as $LogPrint: :set LogPrintVerbose $LogPrint; --- global-functions.rsc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/global-functions.rsc b/global-functions.rsc index da31165..911ff6a 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -55,6 +55,7 @@ :global IsTimeSync; :global LogPrint; :global LogPrintOnce; +:global LogPrintVerbose; :global MAX; :global MIN; :global MkDir; @@ -848,6 +849,8 @@ :return true; } +# The function $LogPrintVerbose is declared, but has no code, intentionally. + # get max value :set MAX do={ :if ($1 > $2) do={ :return $1; } From 6d718ec9877c3ecfc10681e85d050d15ed4d4b80 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 14:38:35 +0100 Subject: [PATCH 10/24] fw-addr-lists: use $LogPrintVerbose ... ... to reduce debug output and speed up execution. --- fw-addr-lists.rsc | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index d41dc04..af8c65d 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -24,6 +24,7 @@ :global HumanReadableNum; :global LogPrint; :global LogPrintOnce; + :global LogPrintVerbose; :global ScriptLock; :global WaitFullyConnected; @@ -120,14 +121,14 @@ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; :if ([ :typeof ($IPv4Addresses->$Address) ] = "time") do={ - $LogPrint debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ "' with " . ($IPv4Addresses->$Address) . ": " . $Address); /ip/firewall/address-list/set $Entry timeout=($IPv4Addresses->$Address); :set ($IPv4Addresses->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ - $LogPrint debug $ScriptName ("Removing IPv4 address from list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Removing IPv4 address from list '" . $FwListName . \ "': " . $Address); /ip/firewall/address-list/remove $Entry; :set CntRemove ($CntRemove + 1); @@ -139,14 +140,14 @@ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; :if ([ :typeof ($IPv6Addresses->$Address) ] = "time") do={ - $LogPrint debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ "' with " . ($IPv6Addresses->$Address) . ": " . $Address); /ipv6/firewall/address-list/set $Entry timeout=($IPv6Addresses->$Address); :set ($IPv6Addresses->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ - $LogPrint debug $ScriptName ("Removing IPv6 address from list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Removing IPv6 address from list '" . $FwListName . \ "': " . $Address); /ipv6/firewall/address-list/remove $Entry; :set CntRemove ($CntRemove + 1); @@ -155,7 +156,7 @@ } :foreach Address,Timeout in=$IPv4Addresses do={ - $LogPrint debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \ "' with " . $Timeout . ": " . $Address); :do { /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ @@ -169,7 +170,7 @@ } :foreach Address,Timeout in=$IPv6Addresses do={ - $LogPrint debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \ + $LogPrintVerbose debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \ "' with " . $Timeout . ": " . $Address); :do { /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ From 7be26a07125b9c946859560bd59323f84feb9494 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 14:54:38 +0100 Subject: [PATCH 11/24] DEBUG: add info on $LogPrintVerbose --- DEBUG.md | 14 ++++++++++++++ global-functions.rsc | 1 + 2 files changed, 15 insertions(+) diff --git a/DEBUG.md b/DEBUG.md index 3d7f025..d5e9beb 100644 --- a/DEBUG.md +++ b/DEBUG.md @@ -44,6 +44,20 @@ instead. Disable or remote that setting to restore regular logging. +## Verbose output + +Specific scripts can generate huge amount of output. These do use a function +`$LogPrintVerbose`, which is declared, but has no code, intentionally. + +If you *really* want that output set the function to be the same as +`$LogPrint`: + + :set LogPrintVerbose $LogPrint; + +To revert that change just run: + + :set LogPrintVerbose; + --- [โฌ…๏ธ Go back to main README](README.md) [โฌ†๏ธ Go back to top](#top) diff --git a/global-functions.rsc b/global-functions.rsc index 911ff6a..8ae7bb8 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -850,6 +850,7 @@ } # The function $LogPrintVerbose is declared, but has no code, intentionally. +# https://rsc.eworm.de/DEBUG.md#verbose-output # get max value :set MAX do={ From fb343c99e399d679f3e2a22e76c14a5899024319 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 22:59:31 +0100 Subject: [PATCH 12/24] fw-addr-lists: put timeout into variable --- fw-addr-lists.rsc | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index af8c65d..331d2c6 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -120,10 +120,11 @@ :foreach Entry in=[ /ip/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; - :if ([ :typeof ($IPv4Addresses->$Address) ] = "time") do={ + :local TimeOut ($IPv4Addresses->$Address); + :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ - "' with " . ($IPv4Addresses->$Address) . ": " . $Address); - /ip/firewall/address-list/set $Entry timeout=($IPv4Addresses->$Address); + "' with " . $TimeOut . ": " . $Address); + /ip/firewall/address-list/set $Entry timeout=$TimeOut; :set ($IPv4Addresses->$Address); :set CntRenew ($CntRenew + 1); } else={ @@ -139,10 +140,11 @@ :foreach Entry in=[ /ipv6/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; - :if ([ :typeof ($IPv6Addresses->$Address) ] = "time") do={ + :local TimeOut ($IPv6Addresses->$Address); + :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ - "' with " . ($IPv6Addresses->$Address) . ": " . $Address); - /ipv6/firewall/address-list/set $Entry timeout=($IPv6Addresses->$Address); + "' with " . $TimeOut . ": " . $Address); + /ipv6/firewall/address-list/set $Entry timeout=$TimeOut; :set ($IPv6Addresses->$Address); :set CntRenew ($CntRenew + 1); } else={ From ea6de35699a5b62dfffcc583c1a7181e1a6a688f Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 23:00:50 +0100 Subject: [PATCH 13/24] fw-addr-lists: do not clean up Cleanup is important on renew (so the script does not attempt to re-add), but we do not care here. --- fw-addr-lists.rsc | 2 -- 1 file changed, 2 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index 331d2c6..70893e3 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -163,7 +163,6 @@ :do { /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ address=$Address timeout=$Timeout; - :set ($IPv4Addresses->$Address); :set CntAdd ($CntAdd + 1); } on-error={ $LogPrint warning $ScriptName ("Failed to add IPv4 address to list '" . $FwListName . \ @@ -177,7 +176,6 @@ :do { /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ address=$Address timeout=$Timeout; - :set ($IPv6Addresses->$Address); :set CntAdd ($CntAdd + 1); } on-error={ $LogPrint warning $ScriptName ("Failed to add IPv6 address to list '" . $FwListName . \ From 2f55bfaf009d726e1174b50887fdb8f9b4b57573 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 7 Mar 2025 12:21:22 +0100 Subject: [PATCH 14/24] fw-addr-lists: strip cidr for host addresses This makes sure the addresses match later when we read them from address-list for renew. --- fw-addr-lists.rsc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index 70893e3..fc53795 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -101,10 +101,16 @@ } :do { :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ + :if ($Address ~ "/32\$") do={ + :set Address [ :pick $Address 0 ([ :len $Address ] - 3) ]; + } :set ($IPv4Addresses->$Address) $TimeOut; :error true; } :if ($Address ~ "^[0-9a-zA-Z]*:[0-9a-zA-Z:\\.]+(/[0-9]{1,3})?\$") do={ + :if ($Address ~ "/128\$") do={ + :set Address [ :pick $Address 0 ([ :len $Address ] - 4) ]; + } :set ($IPv6Addresses->$Address) $TimeOut; :error true; } From e148df9e573801803e35d8dfaef277f571952fdc Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 6 Mar 2025 23:05:45 +0100 Subject: [PATCH 15/24] fw-addr-lists: put addresses into "branches"... ... effectively adding another layer and some complexity, but: The addresses are sorted inside the array, and sorting less addresses in a branch saves a lot of processing power. So this is a lot faster now... --- fw-addr-lists.rsc | 65 +++++++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index fc53795..a97f7ed 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -100,23 +100,24 @@ :set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr")); } :do { + :local Branch [ :pick $Address 0 1 ]; :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ :if ($Address ~ "/32\$") do={ :set Address [ :pick $Address 0 ([ :len $Address ] - 3) ]; } - :set ($IPv4Addresses->$Address) $TimeOut; + :set ($IPv4Addresses->$Branch->$Address) $TimeOut; :error true; } :if ($Address ~ "^[0-9a-zA-Z]*:[0-9a-zA-Z:\\.]+(/[0-9]{1,3})?\$") do={ :if ($Address ~ "/128\$") do={ :set Address [ :pick $Address 0 ([ :len $Address ] - 4) ]; } - :set ($IPv6Addresses->$Address) $TimeOut; + :set ($IPv6Addresses->$Branch->$Address) $TimeOut; :error true; } :if ($Address ~ "^[\\.a-zA-Z0-9-]+\\.[a-zA-Z]{2,}\$") do={ - :set ($IPv4Addresses->$Address) $TimeOut; - :set ($IPv6Addresses->$Address) $TimeOut; + :set ($IPv4Addresses->$Branch->$Address) $TimeOut; + :set ($IPv6Addresses->$Branch->$Address) $TimeOut; :error true; } } on-error={ } @@ -126,12 +127,13 @@ :foreach Entry in=[ /ip/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; - :local TimeOut ($IPv4Addresses->$Address); + :local Branch [ :pick $Address 0 1 ]; + :local TimeOut ($IPv4Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ "' with " . $TimeOut . ": " . $Address); /ip/firewall/address-list/set $Entry timeout=$TimeOut; - :set ($IPv4Addresses->$Address); + :set ($IPv4Addresses->$Branch->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ @@ -146,12 +148,13 @@ :foreach Entry in=[ /ipv6/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; - :local TimeOut ($IPv6Addresses->$Address); + :local Branch [ :pick $Address 0 1 ]; + :local TimeOut ($IPv6Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ "' with " . $TimeOut . ": " . $Address); /ipv6/firewall/address-list/set $Entry timeout=$TimeOut; - :set ($IPv6Addresses->$Address); + :set ($IPv6Addresses->$Branch->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ @@ -163,29 +166,35 @@ } } - :foreach Address,Timeout in=$IPv4Addresses do={ - $LogPrintVerbose debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \ - "' with " . $Timeout . ": " . $Address); - :do { - /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ - address=$Address timeout=$Timeout; - :set CntAdd ($CntAdd + 1); - } on-error={ - $LogPrint warning $ScriptName ("Failed to add IPv4 address to list '" . $FwListName . \ - "': " . $Address); + :foreach BranchName,Branch in=$IPv4Addresses do={ + $LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName); + :foreach Address,Timeout in=$Branch do={ + $LogPrintVerbose debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \ + "' with " . $Timeout . ": " . $Address); + :do { + /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ + address=$Address timeout=$Timeout; + :set CntAdd ($CntAdd + 1); + } on-error={ + $LogPrint warning $ScriptName ("Failed to add IPv4 address to list '" . $FwListName . \ + "': " . $Address); + } } } - :foreach Address,Timeout in=$IPv6Addresses do={ - $LogPrintVerbose debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \ - "' with " . $Timeout . ": " . $Address); - :do { - /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ - address=$Address timeout=$Timeout; - :set CntAdd ($CntAdd + 1); - } on-error={ - $LogPrint warning $ScriptName ("Failed to add IPv6 address to list '" . $FwListName . \ - "': " . $Address); + :foreach BranchName,Branch in=$IPv6Addresses do={ + $LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName); + :foreach Address,Timeout in=$Branch do={ + $LogPrintVerbose debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \ + "' with " . $Timeout . ": " . $Address); + :do { + /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ + address=$Address timeout=$Timeout; + :set CntAdd ($CntAdd + 1); + } on-error={ + $LogPrint warning $ScriptName ("Failed to add IPv6 address to list '" . $FwListName . \ + "': " . $Address); + } } } From d71ea804b077d35183df318fb305b213fb961d27 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 7 Mar 2025 20:35:36 +0100 Subject: [PATCH 16/24] fw-addr-lists: two characters for branch Using one character for IPv4 is ok (1 to 9), but IPv6 global unicase (2000::/3) results in just two different characters (2 and 3). So let's use first two characters... --- fw-addr-lists.rsc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index a97f7ed..9ad5b3a 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -100,7 +100,7 @@ :set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr")); } :do { - :local Branch [ :pick $Address 0 1 ]; + :local Branch [ :pick $Address 0 2 ]; :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ :if ($Address ~ "/32\$") do={ :set Address [ :pick $Address 0 ([ :len $Address ] - 3) ]; @@ -127,7 +127,7 @@ :foreach Entry in=[ /ip/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; - :local Branch [ :pick $Address 0 1 ]; + :local Branch [ :pick $Address 0 2 ]; :local TimeOut ($IPv4Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ @@ -148,7 +148,7 @@ :foreach Entry in=[ /ipv6/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; - :local Branch [ :pick $Address 0 1 ]; + :local Branch [ :pick $Address 0 2 ]; :local TimeOut ($IPv6Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ From f0e6cbcfe1a0be05f30d37cd495d4dbea0888f07 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Sat, 8 Mar 2025 10:09:51 +0100 Subject: [PATCH 17/24] fw-addr-lists: get branch from calculated checksum The addresses were spread very uneven before. Let's calculate a checksum, and take the first two characters of that. The addresses are now spread evenly on 256 branches (0x00 to 0xff). --- fw-addr-lists.rsc | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index 9ad5b3a..f0940fe 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -37,6 +37,11 @@ } } + :local GetBranch do={ + :global EitherOr; + :return [ :pick [ :convert transform=md5 to=hex [ :pick $1 0 [ $EitherOr [ :find $1 "/" ] [ :len $1 ] ] ] ] 0 2 ]; + } + :if ([ $ScriptLock $ScriptName ] = false) do={ :set ExitOK true; :error false; @@ -100,7 +105,7 @@ :set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr")); } :do { - :local Branch [ :pick $Address 0 2 ]; + :local Branch [ $GetBranch $Address ]; :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ :if ($Address ~ "/32\$") do={ :set Address [ :pick $Address 0 ([ :len $Address ] - 3) ]; @@ -127,7 +132,7 @@ :foreach Entry in=[ /ip/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; - :local Branch [ :pick $Address 0 2 ]; + :local Branch [ $GetBranch $Address ]; :local TimeOut ($IPv4Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ @@ -148,7 +153,7 @@ :foreach Entry in=[ /ipv6/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; - :local Branch [ :pick $Address 0 2 ]; + :local Branch [ $GetBranch $Address ]; :local TimeOut ($IPv6Addresses->$Branch->$Address); :if ([ :typeof $TimeOut ] = "time") do={ $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ From eb59dd21caf8026748eada3aee137b8e3b6590b7 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 7 Mar 2025 17:33:51 +0100 Subject: [PATCH 18/24] check-routeros-update: check perpetual license... ... as these have to be renewed and can expire. --- check-routeros-update.rsc | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/check-routeros-update.rsc b/check-routeros-update.rsc index 361be34..8d200d2 100644 --- a/check-routeros-update.rsc +++ b/check-routeros-update.rsc @@ -66,6 +66,27 @@ :error "A reboot for update is already scheduled."; } + :local License [ /system/license/get ]; + :if ([ :typeof ($License->"deadline-at") ] = "str") do={ + :if ([ :len ($License->"next-renewal-at") ] = 0 && ($License->"limited-upgrades") = true) do={ + $LogPrint warning $ScriptName ("Your license expired on " . ($License->"deadline-at") . "!"); + $SendNotification2 ({ origin=$ScriptName; \ + subject=([ $SymbolForNotification "warning-sign" ] . "License expired!"); \ + message=("Your license expired on " . ($License->"deadline-at") . \ + ", can no longer update RouterOS on " . $Identity . "...") }); + :set ExitOK true; + :error false; + } + + :if ([ :totime ($License->"next-renewal-at") ] + 1w < [ :timestamp ]) do={ + $LogPrint warning $ScriptName ("Your license will expire on " . ($License->"deadline-at") . "!"); + $SendNotification2 ({ origin=$ScriptName; \ + subject=([ $SymbolForNotification "warning-sign" ] . "License about to expire!"); \ + message=("Your license failed to renew and is about to expire on " . \ + ($License->"deadline-at") . " on " . $Identity . "...") }); + } + } + $LogPrint debug $ScriptName ("Checking for updates..."); /system/package/update/check-for-updates without-paging as-value; :local Update [ /system/package/update/get ]; From 788400c4586b6a2e61c6e36acd10ab5d20da00c9 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 10 Mar 2025 16:29:06 +0100 Subject: [PATCH 19/24] fw-addr-lists: raw.githubusercontent.com requires 'USERTrust RSA Certification Authority' now --- certs/Makefile | 2 +- .../USERTrust-RSA-Certification-Authority.pem | 41 +++++++++++++++++++ global-config.rsc | 2 +- 3 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 certs/USERTrust-RSA-Certification-Authority.pem diff --git a/certs/Makefile b/certs/Makefile index 4e252b4..3ccad6e 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -15,7 +15,7 @@ DOMAINS_DUAL = \ git.eworm.de/ISRG-Root-X2 \ lists.blocklist.de/Certum-Trusted-Network-CA \ matrix.org/GTS-Root-R4 \ - raw.githubusercontent.com/DigiCert-Global-Root-G2 \ + raw.githubusercontent.com/USERTrust-RSA-Certification-Authority \ rsc.eworm.de/ISRG-Root-X2 \ upgrade.mikrotik.com/ISRG-Root-X1 DOMAINS_IPV4 = \ diff --git a/certs/USERTrust-RSA-Certification-Authority.pem b/certs/USERTrust-RSA-Certification-Authority.pem new file mode 100644 index 0000000..0fbeef6 --- /dev/null +++ b/certs/USERTrust-RSA-Certification-Authority.pem @@ -0,0 +1,41 @@ +# Issuer: CN=USERTrust RSA Certification Authority O=The USERTRUST Network +# Subject: CN=USERTrust RSA Certification Authority O=The USERTRUST Network +# Label: "USERTrust RSA Certification Authority" +# Serial: 2645093764781058787591871645665788717 +# MD5 Fingerprint: 1b:fe:69:d1:91:b7:19:33:a3:72:a8:0f:e1:55:e5:b5 +# SHA1 Fingerprint: 2b:8f:1b:57:33:0d:bb:a2:d0:7a:6c:51:f7:0e:e9:0d:da:b9:ad:8e +# SHA256 Fingerprint: e7:93:c9:b0:2f:d8:aa:13:e2:1c:31:22:8a:cc:b0:81:19:64:3b:74:9c:89:89:64:b1:74:6d:46:c3:d4:cb:d2 +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- diff --git a/global-config.rsc b/global-config.rsc index 2524ded..fa32b16 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -103,7 +103,7 @@ # cert="ISRG Root X2" }; { url="https://raw.githubusercontent.com/stamparm/ipsum/refs/heads/master/levels/4.txt"; # # higher level (decrease the numerical value) for more addresses, and vice versa - cert="DigiCert Global Root G2" }; + cert="USERTrust RSA Certification Authority" }; { url="https://www.dshield.org/block.txt"; cidr="/24"; cert="ISRG Root X1" }; { url="https://lists.blocklist.de/lists/strongips.txt"; From 97b99316b2f96fa9c5d2f539e31aa308e86c99b4 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 12 Mar 2025 10:31:11 +0100 Subject: [PATCH 20/24] netwatch-notify: increase timeout... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... as a timeout of one second expires immediately. ๐Ÿคจ --- netwatch-notify.rsc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/netwatch-notify.rsc b/netwatch-notify.rsc index 8b05c5e..9a4c9d9 100644 --- a/netwatch-notify.rsc +++ b/netwatch-notify.rsc @@ -61,12 +61,12 @@ :global GetRandom20CharAlNum; :local FwAddrList ($ScriptName . "-" . [ $GetRandom20CharAlNum ]); - /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=1s; + /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=2s; :delay 20ms; :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ :return true; } - /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=1s; + /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=2s; :delay 20ms; :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ :return true; From 155542668719f9feaac45fdb786b2e5fc5fd1e71 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 12 Mar 2025 11:18:18 +0100 Subject: [PATCH 21/24] netwatch-notify: increase the timeout even more MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This interacts with the number of addresses in the address-list. Having a lot of addresses there (for exemple from script 'fw-addr-lists' ๐Ÿ˜œ) makes the 'find' take longer. We have to make sure that 'find' succeeds before the address times out. As this does not hurt... Let's just bump to 10 seconds to be safe. --- netwatch-notify.rsc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/netwatch-notify.rsc b/netwatch-notify.rsc index 9a4c9d9..2a5050c 100644 --- a/netwatch-notify.rsc +++ b/netwatch-notify.rsc @@ -61,12 +61,12 @@ :global GetRandom20CharAlNum; :local FwAddrList ($ScriptName . "-" . [ $GetRandom20CharAlNum ]); - /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=2s; + /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; :delay 20ms; :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ :return true; } - /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=2s; + /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; :delay 20ms; :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ :return true; From b63e0fcb2fc282ac69cbef74b35bd40e8df5a464 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 12 Mar 2025 11:26:22 +0100 Subject: [PATCH 22/24] netwatch-notify: check matching address type only --- netwatch-notify.rsc | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/netwatch-notify.rsc b/netwatch-notify.rsc index 2a5050c..0b8a8dc 100644 --- a/netwatch-notify.rsc +++ b/netwatch-notify.rsc @@ -61,15 +61,19 @@ :global GetRandom20CharAlNum; :local FwAddrList ($ScriptName . "-" . [ $GetRandom20CharAlNum ]); - /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; - :delay 20ms; - :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ - :return true; + :if ([ :typeof [ :toip $Expected ] ] = "ip") do={ + /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; + :delay 20ms; + :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ + :return true; + } } - /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; - :delay 20ms; - :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ - :return true; + :if ([ :typeof [ :toip6 $Expected ] ] = "ip6") do={ + /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; + :delay 20ms; + :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ + :return true; + } } :return false; From 20bf609c44c2b4111bb387b36b955b8c3243fbf1 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 13 Mar 2025 10:51:39 +0100 Subject: [PATCH 23/24] check-routeros-update: fix condition for license check Turns out that `next-renewal-at` is moved forward when renewal failed, so it never matches the criteria. Just start complaining three weeks before deadline. --- check-routeros-update.rsc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-routeros-update.rsc b/check-routeros-update.rsc index 8d200d2..78161e4 100644 --- a/check-routeros-update.rsc +++ b/check-routeros-update.rsc @@ -78,7 +78,7 @@ :error false; } - :if ([ :totime ($License->"next-renewal-at") ] + 1w < [ :timestamp ]) do={ + :if ([ :totime ($License->"deadline-at") ] - 3w < [ :timestamp ]) do={ $LogPrint warning $ScriptName ("Your license will expire on " . ($License->"deadline-at") . "!"); $SendNotification2 ({ origin=$ScriptName; \ subject=([ $SymbolForNotification "warning-sign" ] . "License about to expire!"); \ From ce39b79f69f978a8de521643b07b9c19de02b06f Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 13 Mar 2025 11:50:38 +0100 Subject: [PATCH 24/24] capsman-download-packages: fix parameter for $RmFile The function can not handle ids, we have to pass a name instead. --- capsman-download-packages.capsman.rsc | 2 +- capsman-download-packages.template.rsc | 2 +- capsman-download-packages.wifi.rsc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/capsman-download-packages.capsman.rsc b/capsman-download-packages.capsman.rsc index 4387cb1..25c43f5 100644 --- a/capsman-download-packages.capsman.rsc +++ b/capsman-download-packages.capsman.rsc @@ -62,7 +62,7 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - $RmFile $Package; + $RmFile ($File->"name"); } } diff --git a/capsman-download-packages.template.rsc b/capsman-download-packages.template.rsc index 744494e..b269838 100644 --- a/capsman-download-packages.template.rsc +++ b/capsman-download-packages.template.rsc @@ -64,7 +64,7 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - $RmFile $Package; + $RmFile ($File->"name"); } } diff --git a/capsman-download-packages.wifi.rsc b/capsman-download-packages.wifi.rsc index a0c5e12..901bb0a 100644 --- a/capsman-download-packages.wifi.rsc +++ b/capsman-download-packages.wifi.rsc @@ -62,7 +62,7 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - $RmFile $Package; + $RmFile ($File->"name"); } }