[git.ipfire.org] IPFire 2.x development tree branch, next, updated. a6ba20538291d9860815316dcbcf1387dec3004d

10 Jun 2013

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
       via  a6ba20538291d9860815316dcbcf1387dec3004d (commit)
       via  7362887f518fa367057edb9f9747907b3aa107c1 (commit)
       via  d9ebb7009b6bad768ca0a478a2bd8f3fa4fdf6a0 (commit)
       via  cfbc9ca7e93ee79650fc29651b3909cf3de13243 (commit)
       via  79518a2f26e822a2f3c23bf6dc2983bd0a850e0c (commit)
       via  0a7e8edfe1c6aa55e8e31bf511a618dc502ae686 (commit)
       via  fcbf5eef0b6e557608340f5fd5a7ec1fc99943f3 (commit)
       via  62a77cbfbe2c5cb835c533eb78b7760edd1e7e1d (commit)
       via  b2e333d4cf47bb0f88b6f2a128050fab89a95eca (commit)
       via  a19ff965bb6b586d56907cb77bdc0f70b2b3c459 (commit)
       via  3d1fbbb02842bdc386bccd163e81b72956fa13c0 (commit)
      from  2d528f3446dac6c8acdb75d9c76f621318d74c98 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a6ba20538291d9860815316dcbcf1387dec3004d
Merge: 2d528f3 7362887
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Mon Jun 10 12:32:08 2013 +0200
Merge branch 'beyond-next' into next
commit 7362887f518fa367057edb9f9747907b3aa107c1
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Mon Jun 10 12:31:30 2013 +0200
lcd4linux: Fix md5 checksum.
commit d9ebb7009b6bad768ca0a478a2bd8f3fa4fdf6a0
Author: Alexander Marx amarx@ipfire.org
Date:   Mon Jun 3 13:06:05 2013 +0200
lcd4linux: updated lcd4linux to new SVN-1200 Version with samsungSPF display driver
commit cfbc9ca7e93ee79650fc29651b3909cf3de13243
Author: Alexander Marx amarx@ipfire.org
Date:   Tue Jun 4 14:19:36 2013 +0200
Update motion to 3.2.12
commit 79518a2f26e822a2f3c23bf6dc2983bd0a850e0c
Author: Alexander Marx amarx@ipfire.org
Date:   Mon Jun 3 13:06:05 2013 +0200
Replace libjpeg with libjpeg-turbo-1.3.0
commit 0a7e8edfe1c6aa55e8e31bf511a618dc502ae686
Merge: 86fa8e6 fcbf5ee
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Jun 6 10:59:41 2013 +0200
Merge remote-tracking branch 'amarx/pre-firewall' into beyond-next
commit fcbf5eef0b6e557608340f5fd5a7ec1fc99943f3
Author: Alexander Marx amarx@ipfire.org
Date:   Wed Jun 5 22:16:19 2013 +0200
pre-firewall: added ovpnnat to firewallscript
commit 62a77cbfbe2c5cb835c533eb78b7760edd1e7e1d
Merge: b2e333d 9999b25
Author: Alexander Marx amarx@ipfire.org
Date:   Wed Jun 5 22:11:44 2013 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into pre-firewall
commit b2e333d4cf47bb0f88b6f2a128050fab89a95eca
Author: Alexander Marx amarx@ipfire.org
Date:   Mon Jun 3 15:22:50 2013 +0200
Pre-Firewall: added OVPNNAT to POSTROUTING Chain
commit a19ff965bb6b586d56907cb77bdc0f70b2b3c459
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu May 30 21:49:32 2013 +0200
openvpnctrl: Fixes and improvements.
Handle invalid data and make the code more robust.
commit 3d1fbbb02842bdc386bccd163e81b72956fa13c0
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Wed May 29 17:16:37 2013 +0200
openvpnctrl: SNAT transfer networks.
-----------------------------------------------------------------------
Summary of changes:
 config/rootfiles/common/libjpeg |  18 ++++++-
 lfs/lcd4linux                   |  13 +++--
 lfs/libjpeg                     |   8 +--
 lfs/motion                      |   4 +-
 make.sh                         |   2 +-
 src/initscripts/init.d/firewall |   2 +
 src/misc-progs/openvpnctrl.c    | 113 +++++++++++++++++++++++++++++++++++++++-
 7 files changed, 143 insertions(+), 17 deletions(-)
Difference in files:

diff --git a/config/rootfiles/common/libjpeg b/config/rootfiles/common/libjpeg
index 770185f..7ceb697 100644
--- a/config/rootfiles/common/libjpeg
+++ b/config/rootfiles/common/libjpeg
@@ -2,18 +2,32 @@
 #usr/bin/djpeg
 #usr/bin/jpegtran
 #usr/bin/rdjpgcom
+#usr/bin/tjbench
 #usr/bin/wrjpgcom
 #usr/include/jconfig.h
 #usr/include/jerror.h
 #usr/include/jmorecfg.h
 #usr/include/jpeglib.h
+#usr/include/turbojpeg.h
 #usr/lib/libjpeg.a
 #usr/lib/libjpeg.la
-usr/lib/libjpeg.so
+#usr/lib/libjpeg.so
 usr/lib/libjpeg.so.62
-usr/lib/libjpeg.so.62.0.0
+usr/lib/libjpeg.so.62.1.0
+#usr/lib/libturbojpeg.a
+#usr/lib/libturbojpeg.la
+#usr/lib/libturbojpeg.so
+usr/lib/libturbojpeg.so.0
+usr/lib/libturbojpeg.so.0.0.0
 #usr/man/man1/cjpeg.1
 #usr/man/man1/djpeg.1
 #usr/man/man1/jpegtran.1
 #usr/man/man1/rdjpgcom.1
 #usr/man/man1/wrjpgcom.1
+#usr/share/doc/README
+#usr/share/doc/README-turbo.txt
+#usr/share/doc/example.c
+#usr/share/doc/libjpeg.txt
+#usr/share/doc/structure.txt
+#usr/share/doc/usage.txt
+#usr/share/doc/wizard.txt
diff --git a/lfs/lcd4linux b/lfs/lcd4linux
index b31b961..a736381 100644
--- a/lfs/lcd4linux
+++ b/lfs/lcd4linux
@@ -24,15 +24,15 @@
include Config
-VER        = 0.11.0-svn1158-dpf
+VER        = 0.11.0-svn1200-dpf
THISAPP    = lcd4linux-$(VER)
-DL_FILE    = $(THISAPP).tar.xz
+DL_FILE    = $(THISAPP).tar.gz
 DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/$(THISAPP)
+DIR_APP    = $(DIR_SRC)/lcd4linux
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = lcd4linux
-PAK_VER    = 4
+PAK_VER    = 5
DEPS       = "dpfhack libmpdclient"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0b7eba14a92ae5d51a3ab99948192b8d
+$(DL_FILE)_MD5 = 5b76a26879849dbd52a5bcfda4107ea4
install : $(TARGET)
@@ -76,8 +76,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    @$(PREBUILD)
-	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lcd4linux-scaletext-dpf.patch
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
    cd $(DIR_APP) && ./configure  --with-plugins=all,!qnaplog,!dbus --prefix=/usr
    cd $(DIR_APP) && make
    cd $(DIR_APP) && make install
diff --git a/lfs/libjpeg b/lfs/libjpeg
index 24d4b89..5e07859 100644
--- a/lfs/libjpeg
+++ b/lfs/libjpeg
@@ -24,12 +24,12 @@
include Config
-VER        = v6b
+VER        = 1.3.0
-THISAPP    = jpegsrc.$(VER)
+THISAPP    = libjpeg-turbo-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
 DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/jpeg-6b
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = libjpeg
 PAK_VER    = ipfire-beta1
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dbd5f3b47ed13132f04c685d608a7547
+$(DL_FILE)_MD5 = e1e65cc711a1ade1322c06ad4a647741
install : $(TARGET)
diff --git a/lfs/motion b/lfs/motion
index fa99ea0..39c6b73 100644
--- a/lfs/motion
+++ b/lfs/motion
@@ -24,7 +24,7 @@
include Config
-VER        = 3.2.11
+VER        = 3.2.12
THISAPP    = motion-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3a26c00f3250eacf6fa93c7a7e0249d9
+$(DL_FILE)_MD5 = 1ba0065ed50509aaffb171594c689f46
install : $(TARGET)
diff --git a/make.sh b/make.sh
index b20d352..af76c59 100755
--- a/make.sh
+++ b/make.sh
@@ -462,6 +462,7 @@ buildipfire() {
   ipfiremake libnet
   ipfiremake libnl
   ipfiremake libidn
+  ipfiremake nasm
   ipfiremake libjpeg
   ipfiremake libexif
   ipfiremake libpng
@@ -523,7 +524,6 @@ buildipfire() {
   ipfiremake logwatch
   ipfiremake misc-progs
   ipfiremake nano
-  ipfiremake nasm
   ipfiremake URI
   ipfiremake HTML-Tagset
   ipfiremake HTML-Parser
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index b6dd7d5..844618a 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -183,7 +183,9 @@ case "$1" in
    /sbin/iptables -A FORWARD -j IPSECFORWARD
    /sbin/iptables -A FORWARD -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL FORWARD"
    /sbin/iptables -A OUTPUT -j IPSECOUTPUT
+	/sbin/iptables -t nat -N OVPNNAT
    /sbin/iptables -t nat -N IPSECNAT
+	/sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
    /sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
# Outgoing Firewall
diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index e7b128a..e366294 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -4,6 +4,8 @@
 #include <unistd.h>
 #include <stdlib.h>
 #include <sys/types.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
 #include <fcntl.h>
 #include "setuid.h"
 #include "libsmooth.h"
@@ -25,13 +27,17 @@ char enableorange[STRING_SIZE] = "off";
 char OVPNRED[STRING_SIZE] = "OVPN";
 char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
 char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
-char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.2";
+char OVPNNAT[STRING_SIZE] = "OVPNNAT";
+char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.3";
struct connection_struct {
    char name[STRING_SIZE];
    char type[STRING_SIZE];
    char proto[STRING_SIZE];
    char status[STRING_SIZE];
+	char local_subnet[STRING_SIZE];
+	char transfer_subnet[STRING_SIZE];
+	char role[STRING_SIZE];
    int port;
    struct connection_struct *next;
 };
@@ -132,6 +138,12 @@ connection *getConnections() {
    			strcpy(conn_curr->name, result);
    		} else if (count == 4) {
    			strcpy(conn_curr->type, result);
+			} else if (count == 7) {
+				strcpy(conn_curr->role, result);
+			} else if (count == 9) {
+				strcpy(conn_curr->local_subnet, result);
+			} else if (count == 28) {
+				strcpy(conn_curr->transfer_subnet, result);
    		} else if (count == 29) {
    			strcpy(conn_curr->proto, result);
    		} else if (count == 30) {
@@ -257,6 +269,13 @@ void flushChain(char *chain) {
    safe_system(str);
 }
+void flushChainNAT(char *chain) {
+	char str[STRING_SIZE];
+
+	sprintf(str, "/sbin/iptables -t nat -F %s", chain);
+	executeCommand(str);
+}
+
 void deleteChainReference(char *chain) {
    char str[STRING_SIZE];
@@ -339,6 +358,85 @@ void createAllChains(void) {
    }
 }
+char* calcTransferNetAddress(const connection* conn) {
+	char *subnetmask = strdup(conn->transfer_subnet);
+	char *address = strsep(&subnetmask, "/");
+
+	in_addr_t _address    = inet_addr(address);
+	in_addr_t _subnetmask = inet_addr(subnetmask);
+	_address &= _subnetmask;
+
+	if (strcmp(conn->role, "server") == 0) {
+		_address += 1 << 24;
+	} else if (strcmp(conn->role, "client") == 0) {
+		_address += 2 << 24;
+	} else {
+		goto ERROR;
+	}
+
+	struct in_addr address_info;
+	address_info.s_addr = _address;
+
+	return inet_ntoa(address_info);
+
+ERROR:
+	fprintf(stderr, "Could not determine transfer net address: %s\n", conn->name);
+
+	free(address);
+	return NULL;
+}
+
+char* getLocalSubnetAddress(const connection* conn) {
+	kv = initkeyvalues();
+	if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) {
+		fprintf(stderr, "Cannot read ethernet settings\n");
+		exit(1);
+	}
+
+	const char *zones[] = {"GREEN", "BLUE", "ORANGE", NULL};
+	char *zone = NULL;
+
+	// Get net address of the local openvpn subnet.
+	char *subnetmask = strdup(conn->local_subnet);
+	char *address = strsep(&subnetmask, "/");
+
+	if ((address == NULL) || (subnetmask == NULL)) {
+		goto ERROR;
+	}
+
+	in_addr_t _address    = inet_addr(address);
+	in_addr_t _subnetmask = inet_addr(subnetmask);
+
+	in_addr_t _netaddr    = (_address &  _subnetmask);
+	in_addr_t _broadcast  = (_address | ~_subnetmask);
+
+	char zone_address_key[STRING_SIZE];
+	char zone_address[STRING_SIZE];
+	in_addr_t zone_addr;
+
+	int i = 0;
+	while (zones[i]) {
+		zone = zones[i++];
+		snprintf(zone_address_key, STRING_SIZE, "%s_ADDRESS", zone);
+
+		if (!findkey(kv, zone_address_key, zone_address))
+			continue;
+
+		zone_addr = inet_addr(zone_address);
+		if ((zone_addr > _netaddr) && (zone_addr < _broadcast)) {
+			freekeyvalues(kv);
+
+			return strdup(zone_address);
+		}
+	}
+
+ERROR:
+	fprintf(stderr, "Could not determine local subnet address: %s\n", conn->name);
+
+	freekeyvalues(kv);
+	return NULL;
+}
+
 void setFirewallRules(void) {
    char protocol[STRING_SIZE] = "";
    char dport[STRING_SIZE] = "";
@@ -372,6 +470,7 @@ void setFirewallRules(void) {
    flushChain(OVPNRED);
    flushChain(OVPNBLUE);
    flushChain(OVPNORANGE);
+	flushChainNAT(OVPNNAT);
// set firewall rules
    if (!strcmp(enablered, "on") && strlen(redif))
@@ -386,11 +485,23 @@ void setFirewallRules(void) {
// set firewall rules for n2n connections
    char command[STRING_SIZE];
+	char *local_subnet_address = NULL;
+	char *transfer_subnet_address = NULL;
    while (conn != NULL) {
    	if (strcmp(conn->type, "net") == 0) {
    		sprintf(command, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %d -j ACCEPT",
    			OVPNRED, redif, conn->proto, conn->port);
    		executeCommand(command);
+
+			local_subnet_address = getLocalSubnetAddress(conn);
+			transfer_subnet_address = calcTransferNetAddress(conn);
+
+			if ((!local_subnet_address) || (!transfer_subnet_address))
+				continue;
+
+			snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
+				OVPNNAT, transfer_subnet_address, local_subnet_address);
+			executeCommand(command);
    	}
conn = conn->next;
hooks/post-receive
--
IPFire 2.x development tree

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. a6ba20538291d9860815316dcbcf1387dec3004d