This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, openvpn-n2n has been updated via 39877197d6f99832c9732edcf72a11fbddf43a30 (commit) via 0708113765903d21a5479e5462c6383e0812caf3 (commit) from 86ec950263487aeebbb73c77f3840738904f419f (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 39877197d6f99832c9732edcf72a11fbddf43a30 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 25 11:47:42 2011 +0200
openvpnctrl: Implement support to kill connections.
commit 0708113765903d21a5479e5462c6383e0812caf3 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 25 10:59:47 2011 +0200
openvpnctrl: Update firewall rules when starting a n2n connection.
This makes sure, that all rules (esp. for new connections) are up and running.
-----------------------------------------------------------------------
Summary of changes: src/misc-progs/openvpnctrl.c | 74 ++++++++++++++++++++++++++++++++++++----- 1 files changed, 65 insertions(+), 9 deletions(-)
Difference in files: diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c index e6a8d3f..847a3e2 100644 --- a/src/misc-progs/openvpnctrl.c +++ b/src/misc-progs/openvpnctrl.c @@ -1,3 +1,4 @@ +#include <signal.h> #include <stdio.h> #include <string.h> #include <unistd.h> @@ -24,7 +25,7 @@ char enableorange[STRING_SIZE] = "off"; char OVPNRED[STRING_SIZE] = "OVPN"; char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_"; char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_"; -char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.0"; +char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.2";
struct connection_struct { char name[STRING_SIZE]; @@ -46,9 +47,9 @@ void exithandler(void) void usage(void) { #ifdef ovpndebug - printf("Wrapper for OpenVPN v%s-debug\n", WRAPPERVERSION); + printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION); #else - printf("Wrapper for OpenVPN v%s\n", WRAPPERVERSION); + printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION); #endif printf("openvpnctrl <option>\n"); printf(" Valid options are:\n"); @@ -198,7 +199,7 @@ void executeCommand(char *command) { void setChainRules(char *chain, char *interface, char *protocol, char *port) { char str[STRING_SIZE]; - + sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, interface, protocol, port); executeCommand(str); sprintf(str, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain); @@ -342,6 +343,11 @@ void setFirewallRules(void) { // read connection configuration connection *conn = getConnections();
+ // Flush all chains. + flushChain(OVPNRED); + flushChain(OVPNBLUE); + flushChain(OVPNORANGE); + // set firewall rules if (!strcmp(enablered, "on") && strlen(redif)) setChainRules(OVPNRED, redif, protocol, dport); @@ -351,10 +357,10 @@ void setFirewallRules(void) { setChainRules(OVPNORANGE, orangeif, protocol, dport);
// set firewall rules for n2n connections - char port[STRING_SIZE]; + char *port; while (conn) { sprintf(port, "%d", conn->port); - setChainRules(OVPNRED, redif, &conn->proto, &port); + setChainRules(OVPNRED, redif, conn->proto, port); conn = conn->next; } } @@ -403,13 +409,63 @@ void startNet2Net(char *name) { exit(1); }
+ char configfile[STRING_SIZE]; + snprintf(configfile, STRING_SIZE - 1, CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf", + conn->name, conn->name); + + FILE *fp = fopen(configfile, "r"); + if (fp == NULL) { + fprintf(stderr, "Could not find configuration file for connection '%s' at '%s'.\n", + conn->name, configfile); + exit(2); + } + fclose(fp); + + // Make sure all firewall rules are up to date. + setFirewallRules(); + char command[STRING_SIZE]; - sprintf(command, "/usr/sbin/openvpn --config " CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf", conn->name, conn->name); + sprintf(command, "/usr/sbin/openvpn --config %s", configfile); executeCommand(command); }
-void killNet2Net(char *conn) { - printf("TO BE DONE %s\n", conn); +void killNet2Net(char *name) { + connection *conn = NULL; + connection *conn_iter; + + conn_iter = getConnections(); + + while (conn_iter) { + if (strcmp(conn_iter->name, name) == 0) { + conn = conn_iter; + break; + } + conn_iter = conn_iter->next; + } + + if (conn == NULL) { + fprintf(stderr, "Connection not found.\n"); + exit(1); + } + + char pidfile[STRING_SIZE]; + snprintf(&pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name); + + FILE *fp = fopen(pidfile, "r"); + if (fp == NULL) { + fprintf(stderr, "Could not determine PID for connection '%s'.\n", conn->name); + fprintf(stderr, "PID file not found: '%s'\n", pidfile); + exit(1); + } + + int pid; + fscanf(fp, "%d", &pid); + fclose(fp); + + fprintf(stderr, "Killing PID %d.\n", pid); + kill(pid, SIGTERM); + + exit(0); }
void displayopenvpn(void) {
hooks/post-receive -- IPFire 2.x development tree