-
Notifications
You must be signed in to change notification settings - Fork 17
Home
Aker is an experimental module for selectively blocking MAC addresses based on a succinct schedule in MsgPack.
The primary goal for Aker is to accept a weekly schedule with the optional exceptions added to the schedule so that there is very little interaction between Aker and it's controlling agent. Aker will ultimately call another program (passed by command line arguments) with a list of MAC addresses to block at the time they should be blocked - replacing any previously existing schedule.
Ultimately Aker will choose either the weekly-schedule or the absolute-schedule to apply for any defined times. If both define a window that overlap, the absolute-schedule is chosen. Aker is designed to do what it's told & not to try to merge schedules.
Update coming with shorter names
Below is an example schema represented in JSON for clarity, then MsgPack for accuracy.
-
weekly-schedule- optional - This is the section of the document that describes the recurring weekly schedule. -
time- required - The number of seconds since the most recent Sunday midnight defining the starting time to block this list of MAC addresses. 12:00:01 AM istime=1. -
indexes- required - The list of indexes into themacsarray to apply during this window of time. -
macs- optional - The array with the full list of MAC addresses that can be blocked. -
absolute-schedule- optional - This is the section of the document that describes the window of time that replaces the normal weekly schedule. All times in the absolute schedule are considered contiguous and are required to fully express the schedule. At the point in time where the latestunix-timeentry is encountered, theabsolute-scheduleimmediately has no effect and theweekly-scheduleis applied. -
unix-time- required - The unix time (number of seconds since January 1, 1970) defining the starting time to block this list of MAC addresses.
{
"weekly-schedule": [
{ "time": 10, "indexes": [0, 1, 3] },
{ "time": 20, "indexes": [0] },
{ "time": 30, "indexes": [] }
],
"macs": [
"11:22:33:44:55:aa",
"22:33:44:55:66:bb",
"33:44:55:66:77:cc",
"44:55:66:77:88:dd"
],
"absolute-schedule": [
{ "unix-time": 1508213527, "indexes": [0, 2] }
]
}
Hex MsgPack:
0x83, 0xAF, 0x77, 0x65, 0x65, 0x6B, 0x6C, 0x79, 0x2D, 0x73, 0x63, 0x68,
0x65, 0x64, 0x75, 0x6C, 0x65, 0x93, 0x82, 0xA4, 0x74, 0x69, 0x6D, 0x65,
0x0A, 0xA7, 0x69, 0x6E, 0x64, 0x65, 0x78, 0x65, 0x73, 0x93, 0x00, 0x01,
0x03, 0x82, 0xA4, 0x74, 0x69, 0x6D, 0x65, 0x14, 0xA7, 0x69, 0x6E, 0x64,
0x65, 0x78, 0x65, 0x73, 0x91, 0x00, 0x82, 0xA4, 0x74, 0x69, 0x6D, 0x65,
0x1E, 0xA7, 0x69, 0x6E, 0x64, 0x65, 0x78, 0x65, 0x73, 0x90, 0xA4, 0x6D,
0x61, 0x63, 0x73, 0x94, 0xB1, 0x31, 0x31, 0x3A, 0x32, 0x32, 0x3A, 0x33,
0x33, 0x3A, 0x34, 0x34, 0x3A, 0x35, 0x35, 0x3A, 0x61, 0x61, 0xB1, 0x32,
0x32, 0x3A, 0x33, 0x33, 0x3A, 0x34, 0x34, 0x3A, 0x35, 0x35, 0x3A, 0x36,
0x36, 0x3A, 0x62, 0x62, 0xB1, 0x33, 0x33, 0x3A, 0x34, 0x34, 0x3A, 0x35,
0x35, 0x3A, 0x36, 0x36, 0x3A, 0x37, 0x37, 0x3A, 0x63, 0x63, 0xB1, 0x34,
0x34, 0x3A, 0x35, 0x35, 0x3A, 0x36, 0x36, 0x3A, 0x37, 0x37, 0x3A, 0x38,
0x38, 0x3A, 0x64, 0x64, 0xB1, 0x61, 0x62, 0x73, 0x6F, 0x6C, 0x75, 0x74,
0x65, 0x2D, 0x73, 0x63, 0x68, 0x65, 0x64, 0x75, 0x6C, 0x65, 0x91, 0x82,
0xA9, 0x75, 0x6E, 0x69, 0x78, 0x2D, 0x74, 0x69, 0x6D, 0x65, 0xCE, 0x59,
0xE5, 0x83, 0x17, 0xA7, 0x69, 0x6E, 0x64, 0x65, 0x78, 0x65, 0x73, 0x92,
0x00, 0x02
When defining the latest (aka last) entry in the absolute-schedule it is suggested to make the list of blocked MAC addresses match exactly the point in the weekly-schedule to avoid any possible surprises or confusion. At this exact moment in time, the weekly-schedule is in control.
If the weekly-schedule is not present, the default semantics are to not block any MAC addresses.
If the absolute-schedule is not present, there is no affect on the lists of blocked MAC addresses.
Don't want to hand encode from JSON to Msgpack? Neither do we! This tool makes the process simple & painless: