I often find myself changing routes on my OS X system. Usually, however, I’m systematically adding the same routes over and over again, because they were automatically removed after a reboot, network change or whatever. Enter LocationChanger.

It’s basically just a LaunchAgent that gets called every time something network-related changes. Just add this content to ~/Library/LaunchAgents/LocationChanger.plist (or another name, if you prefer).

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
	"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>tech.inhelsinki.nl.locationchanger</string>
	<key>ProgramArguments</key>
	<array>
		<string>/Users/USERNAME/bin/locationchanger</string>
	</array>
	<key>WatchPaths</key>
	<array>
		<string>/Library/Preferences/SystemConfiguration</string>
	</array>
</dict>
</plist>

And either reboot or run launchctl load ~/Library/LaunchAgents/LocationChanger.plist.

This will execute the named script (~/bin/locationchanger) every time the network setup changes. In this script you can do whatever you want. Here are some snippets of code that I use:

#!/bin/bash

GROWL_TITLE="Network location detected"
PATH="$PATH:/usr/local/bin/" # for growlnotify

sleep 2 # Wait for things to settle

SSID="$( /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I |
    grep ' SSID:' | cut -d ':' -f 2 | tr -d ' ' )"
EN0IP=`ifconfig en0 | grep 'inet ' | cut -d' ' -f 2`
EN1IP=`ifconfig en1 | grep 'inet ' | cut -d' ' -f 2`

SSIDS_AROUND="$( /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -s |
    ( read HEADER; cat ) )"

logger "Location changer: SSID=$SSID; en0=$EN0IP; en1=$EN1IP;"

function bits_to_mask() {
    BITS="$1"
    if [ $BITS -le 0 ]; then
        echo "0"
        return
    fi
    case $BITS in
    1)    echo "128";;
    2)    echo "192";;
    3)    echo "224";;
    4)    echo "240";;
    5)    echo "248";;
    6)    echo "252";;
    7)    echo "254";;
    *)    echo "255";;
    esac
}
function bits_to_subnet() {
    BITS="${1:-32}"
    SN="$( bits_to_mask $BITS )"
    BITS="$(( $BITS - 8 ))"
    SN="$SN.$( bits_to_mask $BITS )"
    BITS="$(( $BITS - 8 ))"
    SN="$SN.$( bits_to_mask $BITS )"
    BITS="$(( $BITS - 8 ))"
    SN="$SN.$( bits_to_mask $BITS )"
    echo $SN
}
function add_routes() {
    GW="$1"
    while read r; do
        r="${r/\#*}" # remove comments
        if [ -z "$r" ]; then
            : # Do nothing on empty lines
        else
            # Does it look like "IP subnetmask" ?
            if echo "$r" |
               grep "^[[:space:]]*[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+[[:space:]]\+[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+[[:space:]]*$"; then
                ADDR="$( echo "$r" | cut -d' ' -f1 )"
                MASK="$( echo "$r" | cut -d' ' -f2 )"
                sudo route add -net -proto1 $ADDR $GW $MASK # proto1 is to recognize them when cleaning up

            # Does it look like "IP/mask"?
            elif echo "$r" |
                 grep "^[[:space:]]*[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+/[[:digit:]]\+[[:space:]]*$"; then
                ADDR="$( echo "$r" | cut -d/ -f1 )"
                MASK="$( bits_to_subnet $( echo "$r" | cut -sd/ -f2 ) )"
                sudo route add -net -proto1 $ADDR $GW $MASK # proto1 is to recognize them when cleaning up

            # Does it look like "IP"?
            elif echo "$r" |
                 grep "^[[:space:]]*[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+[[:space:]]*$"; then
                ADDR="$r"
                sudo route add -host -proto1 $ADDR $GW # proto1 is to recognize them when cleaning up

            else
                # probably a hostname
                host "$r" | grep "has address" | sed 's/.*has address //' | while read ip; do
                    sudo route add -host -proto1 $ip $GW
                done
            fi
        fi
    done
}
function cleanup_routes() {
    netstat -nrf inet | perl -ne '@f=split/ +/; print $_ if $f[2] =~ m/1/;' |
        while read r; do
            GW="$( echo "$r" | awk '{print $2}' )"
            if echo "$r" | awk '{print $1}' | grep '/' >/dev/null; then
                # IP/mask style
                ADDR="$( echo "$r" | cut -d' ' -f1 | cut -d/ -f1 )"
                ADDR="$( echo "$ADDR.0.0.0" | perl -pe 's/(\d+\.\d+\.\d+\.\d+)[\d.]*/$1/' )"
                BITS="$( echo "$r" | cut -d' ' -f1 | cut -d/ -f2 )"
                MASK="$( bits_to_subnet $BITS )"
                sudo route delete $ADDR $GW $MASK
            else
                # figure out mask from class
                ADDR="$( echo "$r" | cut -d' ' -f1 )"
                ADDR="$( echo "$ADDR.0.0.0" | perl -pe 's/(\d+\.\d+\.\d+\.\d+)[\d.]*/$1/' )"
                FIRST_OCTET="$( echo "$ADDR" | cut -d. -f1 )"
                if [ $FIRST_OCTET -lt 128 ]; then
                    MASK="255.0.0.0" # Class A
                elif [ $FIRST_OCTET -lt 192 ]; then
                    MASK="255.255.0.0" # Class B
                elif [ $FIRST_OCTET -lt 224 ]; then
                    MASK="255.255.255.0" # Class C
                elif [ $FIRST_OCTET -lt 240 ]; then
                    MASK="" # Class D
                else
                    MASK="" # Class E
                fi
                sudo route delete $ADDR $GW $MASK
            fi
        done
}

cleanup_routes

# Possible location scores
LOCATIONS=(other HOME WORK)

i=0; while [ $i -lt ${#LOCATIONS[@]} ]; do
    SCORE[$i]=0
    i=$(($i+1))
done
function location_to_index() {
    i=0; while [ $i -lt ${#LOCATIONS[@]} ]; do
        if [ "${LOCATIONS[$i]}" == "$1" ]; then
            echo $i
            return
        fi
        i=$(($i+1))
    done
    echo "Invalid location $1" >&2
}
function add_score() {
    LOC="$1"
    D="$2"
    I="$( location_to_index $LOC )"
    S="${SCORE[$I]}"
    S="$(( $S $D ))"
    SCORE[$I]=$S
}

# Am I connected to the WORK network?
REPLY="$( dig +timeout=1 +tries=1 @10.1.1.1 intranet.work.org )"
if [ $? -eq 0 ]; then
    # Got reply, is in NXDOMAIN or NOERROR?
    if echo "$REPLY" | grep "status: NOERROR" > /dev/null; then
        add_score WORK "+1"
    else
        add_score WORK "-1"
    fi
fi

# Is the WORK wifi around?
if echo "$SSIDS_AROUND" | grep "WORK" > /dev/null; then
    add_score WORK "+1"
fi

# Am I associated to home
if [ "$SSID" == "home" ]; then
    add_score HOME "+1"
else
    add_score HOME "-1"
fi

# Is neighbour around
if echo "$SSIDS_AROUND" | grep "neighbor" > /dev/null; then
    add_score HOME "+1"
fi

SCORES=""
MAX_SCORE=0
MAX_SCORE_INDEX=
i=0; while [ $i -lt ${#LOCATIONS[@]} ]; do
    SCORES="$SCORES ${LOCATIONS[$i]}=${SCORE[$i]}"
    if [ ${SCORE[$i]} -gt $MAX_SCORE ]; then
        MAX_SCORE=${SCORE[$i]}
        MAX_SCORE_INDEX=$i
    fi
    i=$(($i+1))
done
LOCATION=${LOCATIONS[$MAX_SCORE_INDEX]}
logger "Location scores:$SCORES"
logger "Conclusion: $LOCATION"

growlnotify -t "$GROWL_TITLE" -m - <<-EOT
    Scores:$SCORES

    Conclusion: $LOCATION
EOT

case $LOCATION in
WORK)
    # Is the VPN tunnel up?
    if ps ax | grep 'openvpn.*OUTSIDE' | grep -v grep >/dev/null; then
        # Route around firewall
        add_routes 192.168.102.5 <<-EOR
            # Amazon Web Services
            # Source: https://forums.aws.amazon.com/ann.jspa?annID=1408
            # US East (Northern Virginia):
            72.44.32.0/19
            67.202.0.0/18
            # ...
        EOR
    fi

    # Do I have the guest wifi to evade the firewall?
    if [ "$SSID" == "guest" ]; then
        # Route around firewall
        add_routes 192.168.0.1 <<-EOR
            irc.freenode.org
            news.gmane.org
        EOR
    fi

    ;;
esac

exit 0

Leave a Reply

Anti-Spam Quiz: