This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 2746e7014edf38f9cd9fd6df7205e51ae0c1c54f (commit) via 44b5666bc74f839158af79d215d00a7232b8a3dd (commit) from fd4da55b68527cfef08eeffbb39915cf2ee01ed9 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 2746e7014edf38f9cd9fd6df7205e51ae0c1c54f Merge: 44b5666bc74f839158af79d215d00a7232b8a3dd fd4da55b68527cfef08eeffbb39915cf2ee01ed9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jun 25 22:55:30 2010 +0200
Merge branch 'master' of ssh://arne_f@ipfire.org/pub/git/ipfire-2.x
commit 44b5666bc74f839158af79d215d00a7232b8a3dd Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jun 25 22:52:43 2010 +0200
Fix ipseccrtl, add 10min restart of unrouted connections to vpn-watch.
-----------------------------------------------------------------------
Summary of changes: src/misc-progs/ipsecctrl.c | 21 ++++++++++++--------- src/scripts/vpn-watch | 30 +++++++++++++++++++++--------- 2 files changed, 33 insertions(+), 18 deletions(-)
Difference in files: diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c index 2e8ca53..51f6b5a 100644 --- a/src/misc-progs/ipsecctrl.c +++ b/src/misc-progs/ipsecctrl.c @@ -141,16 +141,11 @@ int decode_line (char *s, issue ipsec commmands to turn on connection 'name' */ void turn_connection_on (char *name, char *type) { - char command[STRING_SIZE]; - FILE *file = NULL; - - if (file = fopen("/var/run/vpn-watch.pid", "r")) { - safe_system("kill -9 $(cat /var/run/vpn-watch.pid)"); - safe_system("unlink /var/run/vpn-watch.pid"); - close(file); - } +/* + if you find a way to start a single connection without changing all add it + here. Change also vpn-watch. +*/ safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null"); - safe_system("/usr/local/bin/vpn-watch &"); } /* issue ipsec commmands to turn off connection 'name' @@ -193,6 +188,12 @@ int main(int argc, char *argv[]) {
/* Get vpnwatch pid */
+ + if ((argc == 2) && (file = fopen("/var/run/vpn-watch.pid", "r"))) { + safe_system("kill -9 $(cat /var/run/vpn-watch.pid)"); + safe_system("unlink /var/run/vpn-watch.pid"); + close(file); + }
/* FIXME: workaround for pclose() issue - still no real idea why * this is happening */ @@ -338,6 +339,8 @@ int main(int argc, char *argv[]) {
// start the system if ((argc == 2) && strcmp(argv[1], "S") == 0) { + safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null"); + safe_system("/usr/local/bin/vpn-watch &"); exit(0); }
diff --git a/src/scripts/vpn-watch b/src/scripts/vpn-watch index 3f7757a..0c5f62d 100755 --- a/src/scripts/vpn-watch +++ b/src/scripts/vpn-watch @@ -1,6 +1,6 @@ #!/usr/bin/perl ################################################## -##### VPN-Watch.pl Version 0.4c ##### +##### VPN-Watch.pl Version 0.5 ##### ################################################## # # # VPN-Watch is part of the IPFire Firewall # @@ -24,13 +24,17 @@ if ( -e $file ){ }
system("echo $$ > $file"); - +my $round=0; while ( $i == 0){ if ($debug){logger("We will wait 60 seconds before next action.");} sleep(60); - - if (open(FILE, "<${General::swroot}/vpn/config")) { - @vpnsettings = <FILE>; + + $round++; + + # Reset roundcounter after 10 min. To do established check. + if ($round > 9) { $round=0 } + + if (open(FILE, "<${General::swroot}/vpn/config")) { @vpnsettings = <FILE>; close(FILE); unless(@vpnsettings) {exit 1;} } @@ -50,12 +54,21 @@ foreach (@vpnsettings){
my $remoteip = `/usr/bin/ping -c 1 $remotehostname 2>/dev/null | head -n1 | awk '{print $3}' | tr -d '()' | tr -d ':'`;chomp($remoteip); if ($remoteip eq ""){next;if ($debug){logger("Unable to resolve $remotehostname.");}} - my $ipmatch= `echo "$status" | grep $remoteip | grep $settings[2]`; + my $ipmatch= `echo "$status" | grep '$remoteip' | grep '$settings[2]'`; + my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`;
if ( $ipmatch eq '' ){ - logger("Remote IP for host $remotehostname-$remoteip has changed, restarting ipsec."); - system("/usr/local/bin/ipsecctrl S"); + logger("Remote IP for host $remotehostname($remoteip) has changed, restarting ipsec."); + system("/usr/local/bin/ipsecctrl S $settings[0]"); last; #all connections will reloaded + #remove this if ipsecctrl can restart single con again + } + if ( ($round = 0) && ($established eq '')) { + logger("Connection to $remotehostname($remoteip) not erouted, restarting ipsec."); + system("/usr/local/bin/ipsecctrl S $settings[0]"); + last; #all connections will reloaded + #remove this if ipsecctrl can restart single con again + } } if ($debug){logger("All connections may be fine nothing was done.");} @@ -65,4 +78,3 @@ sub logger { my $log = shift; system("logger -t vpnwatch "$log""); } -
hooks/post-receive -- IPFire 2.x development tree