turn something on or off when the RouterBOARD sees an ECHO request packet from any IP on my network

drmotaadam · January 11, 2023, 5:49pm

Hi, I am trying to make a monitoring script and it’s out of my scripting knowledge. The goal is to turn something on or off when the RouterBOARD sees an ECHO request packet from any IP on my network (I know that MK has netwatch but that won’t help me because I need something different).

I will give you an example: I will ping from my PC 10.1.1.1. The script will detect that I pinged that IP from my computer and will do something. I have already done something that works but it’s not ideal.

I am using this firewall raw rule: action=add-src-to-address-list address-list=Test address-list-timeout=1s chain=prerouting comment=Ether5-ON dst-address=10.1.1.1 icmp-options=8:0-255 protocol=icmp. Basically, it’s adding that IP (10.1.1.1) to the IP list. Then after that, I wrote a script that monitors that specific IP list and if it sees IP in it it will do something.

Script:

:do {

:local ip [[len [ip firewall address-list find list=“Ether5-OFF”]]];

if ($ip>0) do={
:log info message=“Ether5-OFF”;
/ip firewall filter enable 2;
/beep;}

delay 4s

} while=(true)

Yeah, it works but it’s not ideal because if someone sends more than one packet it will clog the router and the log is full of the same messages. The router is RB2011 with 6.48.6 (I had some problems with V7 on that). Because of that, I would like to bin that FW rule with an IP list and implement everything into one script.

And now the part that I need help with. I have no idea how to watch for that ping from the script. I had the idea to use a torch but don’t know how to implement it into the script.

drmotaadam · January 11, 2023, 7:47pm

I’ve tried something like that but it doesn’t work. There has to be some mistake in that.

:local targetIp “10.1.1.1”
:local running true

:do {
:local torchResult [/tool torch ip-protocol=icmp dst-address=$targetIp interface=ether5]
:foreach line in=$torchResult do={
:local fields [:toarray $line]
:if (($fields->1 = “icmp”) && ($fields->2 = $targetIp)) do={
:log info message=“ICMP Echo Request Packet Received”;
:set running false
}
}
:delay 1
} while=($running)

tomislav91 · January 11, 2023, 9:57pm

maybe something like this

:local running true
:do {
  /interface ethernet monitor numbers=ether5
  :local torchResult [/tool torch duration=0s icmp-query dst-address=10.1.1.1]
  :foreach line in=$torchResult do={
    :local fields [:toarray $line]
    :if ($fields->1 = "ICMP") do={
        :log info message="ICMP Echo Request Packet Received";
        :local running false
    }
  }
  :delay 1
} while=($running)

rextended · January 12, 2023, 9:00am

nice: duration=0s, so: how long does it ever run for?

and about this:

:local running true
:do {
[...]
        :local running false
[...]
  }
  :delay 1
} while=($running)

For me is an idiocy.
Better schedule the script every 1 second than create loops inside the device.
If for some reason the loop is interrupted, nothing start it again.

BartoszP · January 12, 2023, 3:17pm

IMHO “…“is an idiocy” could be written as " …should be rewritten to system-non-hogging version using scheduler instead of looping a delay”

rextended · January 12, 2023, 4:15pm

and not

???

drmotaadam · January 12, 2023, 6:19pm

Yeah, I am dumb, I forgot that there is a scheduler so I can let off the loop. But still, I have a problem with that code even though I cant see the mistake. I think that this is the right path to go.