* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. a6ba20538291d9860815316dcbcf1387dec3004d
@ 2013-06-10 10:32 git
0 siblings, 0 replies; only message in thread
From: git @ 2013-06-10 10:32 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 13818 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via a6ba20538291d9860815316dcbcf1387dec3004d (commit)
via 7362887f518fa367057edb9f9747907b3aa107c1 (commit)
via d9ebb7009b6bad768ca0a478a2bd8f3fa4fdf6a0 (commit)
via cfbc9ca7e93ee79650fc29651b3909cf3de13243 (commit)
via 79518a2f26e822a2f3c23bf6dc2983bd0a850e0c (commit)
via 0a7e8edfe1c6aa55e8e31bf511a618dc502ae686 (commit)
via fcbf5eef0b6e557608340f5fd5a7ec1fc99943f3 (commit)
via 62a77cbfbe2c5cb835c533eb78b7760edd1e7e1d (commit)
via b2e333d4cf47bb0f88b6f2a128050fab89a95eca (commit)
via a19ff965bb6b586d56907cb77bdc0f70b2b3c459 (commit)
via 3d1fbbb02842bdc386bccd163e81b72956fa13c0 (commit)
from 2d528f3446dac6c8acdb75d9c76f621318d74c98 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a6ba20538291d9860815316dcbcf1387dec3004d
Merge: 2d528f3 7362887
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 10 12:32:08 2013 +0200
Merge branch 'beyond-next' into next
commit 7362887f518fa367057edb9f9747907b3aa107c1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 10 12:31:30 2013 +0200
lcd4linux: Fix md5 checksum.
commit d9ebb7009b6bad768ca0a478a2bd8f3fa4fdf6a0
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Jun 3 13:06:05 2013 +0200
lcd4linux: updated lcd4linux to new SVN-1200 Version with samsungSPF display driver
commit cfbc9ca7e93ee79650fc29651b3909cf3de13243
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Jun 4 14:19:36 2013 +0200
Update motion to 3.2.12
commit 79518a2f26e822a2f3c23bf6dc2983bd0a850e0c
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Jun 3 13:06:05 2013 +0200
Replace libjpeg with libjpeg-turbo-1.3.0
commit 0a7e8edfe1c6aa55e8e31bf511a618dc502ae686
Merge: 86fa8e6 fcbf5ee
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 6 10:59:41 2013 +0200
Merge remote-tracking branch 'amarx/pre-firewall' into beyond-next
commit fcbf5eef0b6e557608340f5fd5a7ec1fc99943f3
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Wed Jun 5 22:16:19 2013 +0200
pre-firewall: added ovpnnat to firewallscript
commit 62a77cbfbe2c5cb835c533eb78b7760edd1e7e1d
Merge: b2e333d 9999b25
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Wed Jun 5 22:11:44 2013 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into pre-firewall
commit b2e333d4cf47bb0f88b6f2a128050fab89a95eca
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Jun 3 15:22:50 2013 +0200
Pre-Firewall: added OVPNNAT to POSTROUTING Chain
commit a19ff965bb6b586d56907cb77bdc0f70b2b3c459
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu May 30 21:49:32 2013 +0200
openvpnctrl: Fixes and improvements.
Handle invalid data and make the code more robust.
commit 3d1fbbb02842bdc386bccd163e81b72956fa13c0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 29 17:16:37 2013 +0200
openvpnctrl: SNAT transfer networks.
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/libjpeg | 18 ++++++-
lfs/lcd4linux | 13 +++--
lfs/libjpeg | 8 +--
lfs/motion | 4 +-
make.sh | 2 +-
src/initscripts/init.d/firewall | 2 +
src/misc-progs/openvpnctrl.c | 113 +++++++++++++++++++++++++++++++++++++++-
7 files changed, 143 insertions(+), 17 deletions(-)
Difference in files:
diff --git a/config/rootfiles/common/libjpeg b/config/rootfiles/common/libjpeg
index 770185f..7ceb697 100644
--- a/config/rootfiles/common/libjpeg
+++ b/config/rootfiles/common/libjpeg
@@ -2,18 +2,32 @@
#usr/bin/djpeg
#usr/bin/jpegtran
#usr/bin/rdjpgcom
+#usr/bin/tjbench
#usr/bin/wrjpgcom
#usr/include/jconfig.h
#usr/include/jerror.h
#usr/include/jmorecfg.h
#usr/include/jpeglib.h
+#usr/include/turbojpeg.h
#usr/lib/libjpeg.a
#usr/lib/libjpeg.la
-usr/lib/libjpeg.so
+#usr/lib/libjpeg.so
usr/lib/libjpeg.so.62
-usr/lib/libjpeg.so.62.0.0
+usr/lib/libjpeg.so.62.1.0
+#usr/lib/libturbojpeg.a
+#usr/lib/libturbojpeg.la
+#usr/lib/libturbojpeg.so
+usr/lib/libturbojpeg.so.0
+usr/lib/libturbojpeg.so.0.0.0
#usr/man/man1/cjpeg.1
#usr/man/man1/djpeg.1
#usr/man/man1/jpegtran.1
#usr/man/man1/rdjpgcom.1
#usr/man/man1/wrjpgcom.1
+#usr/share/doc/README
+#usr/share/doc/README-turbo.txt
+#usr/share/doc/example.c
+#usr/share/doc/libjpeg.txt
+#usr/share/doc/structure.txt
+#usr/share/doc/usage.txt
+#usr/share/doc/wizard.txt
diff --git a/lfs/lcd4linux b/lfs/lcd4linux
index b31b961..a736381 100644
--- a/lfs/lcd4linux
+++ b/lfs/lcd4linux
@@ -24,15 +24,15 @@
include Config
-VER = 0.11.0-svn1158-dpf
+VER = 0.11.0-svn1200-dpf
THISAPP = lcd4linux-$(VER)
-DL_FILE = $(THISAPP).tar.xz
+DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
+DIR_APP = $(DIR_SRC)/lcd4linux
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = lcd4linux
-PAK_VER = 4
+PAK_VER = 5
DEPS = "dpfhack libmpdclient"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0b7eba14a92ae5d51a3ab99948192b8d
+$(DL_FILE)_MD5 = 5b76a26879849dbd52a5bcfda4107ea4
install : $(TARGET)
@@ -76,8 +76,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lcd4linux-scaletext-dpf.patch
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure --with-plugins=all,!qnaplog,!dbus --prefix=/usr
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
diff --git a/lfs/libjpeg b/lfs/libjpeg
index 24d4b89..5e07859 100644
--- a/lfs/libjpeg
+++ b/lfs/libjpeg
@@ -24,12 +24,12 @@
include Config
-VER = v6b
+VER = 1.3.0
-THISAPP = jpegsrc.$(VER)
+THISAPP = libjpeg-turbo-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/jpeg-6b
+DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libjpeg
PAK_VER = ipfire-beta1
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dbd5f3b47ed13132f04c685d608a7547
+$(DL_FILE)_MD5 = e1e65cc711a1ade1322c06ad4a647741
install : $(TARGET)
diff --git a/lfs/motion b/lfs/motion
index fa99ea0..39c6b73 100644
--- a/lfs/motion
+++ b/lfs/motion
@@ -24,7 +24,7 @@
include Config
-VER = 3.2.11
+VER = 3.2.12
THISAPP = motion-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3a26c00f3250eacf6fa93c7a7e0249d9
+$(DL_FILE)_MD5 = 1ba0065ed50509aaffb171594c689f46
install : $(TARGET)
diff --git a/make.sh b/make.sh
index b20d352..af76c59 100755
--- a/make.sh
+++ b/make.sh
@@ -462,6 +462,7 @@ buildipfire() {
ipfiremake libnet
ipfiremake libnl
ipfiremake libidn
+ ipfiremake nasm
ipfiremake libjpeg
ipfiremake libexif
ipfiremake libpng
@@ -523,7 +524,6 @@ buildipfire() {
ipfiremake logwatch
ipfiremake misc-progs
ipfiremake nano
- ipfiremake nasm
ipfiremake URI
ipfiremake HTML-Tagset
ipfiremake HTML-Parser
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index b6dd7d5..844618a 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -183,7 +183,9 @@ case "$1" in
/sbin/iptables -A FORWARD -j IPSECFORWARD
/sbin/iptables -A FORWARD -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL FORWARD"
/sbin/iptables -A OUTPUT -j IPSECOUTPUT
+ /sbin/iptables -t nat -N OVPNNAT
/sbin/iptables -t nat -N IPSECNAT
+ /sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
# Outgoing Firewall
diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index e7b128a..e366294 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -4,6 +4,8 @@
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
#include <fcntl.h>
#include "setuid.h"
#include "libsmooth.h"
@@ -25,13 +27,17 @@ char enableorange[STRING_SIZE] = "off";
char OVPNRED[STRING_SIZE] = "OVPN";
char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
-char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.2";
+char OVPNNAT[STRING_SIZE] = "OVPNNAT";
+char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.3";
struct connection_struct {
char name[STRING_SIZE];
char type[STRING_SIZE];
char proto[STRING_SIZE];
char status[STRING_SIZE];
+ char local_subnet[STRING_SIZE];
+ char transfer_subnet[STRING_SIZE];
+ char role[STRING_SIZE];
int port;
struct connection_struct *next;
};
@@ -132,6 +138,12 @@ connection *getConnections() {
strcpy(conn_curr->name, result);
} else if (count == 4) {
strcpy(conn_curr->type, result);
+ } else if (count == 7) {
+ strcpy(conn_curr->role, result);
+ } else if (count == 9) {
+ strcpy(conn_curr->local_subnet, result);
+ } else if (count == 28) {
+ strcpy(conn_curr->transfer_subnet, result);
} else if (count == 29) {
strcpy(conn_curr->proto, result);
} else if (count == 30) {
@@ -257,6 +269,13 @@ void flushChain(char *chain) {
safe_system(str);
}
+void flushChainNAT(char *chain) {
+ char str[STRING_SIZE];
+
+ sprintf(str, "/sbin/iptables -t nat -F %s", chain);
+ executeCommand(str);
+}
+
void deleteChainReference(char *chain) {
char str[STRING_SIZE];
@@ -339,6 +358,85 @@ void createAllChains(void) {
}
}
+char* calcTransferNetAddress(const connection* conn) {
+ char *subnetmask = strdup(conn->transfer_subnet);
+ char *address = strsep(&subnetmask, "/");
+
+ in_addr_t _address = inet_addr(address);
+ in_addr_t _subnetmask = inet_addr(subnetmask);
+ _address &= _subnetmask;
+
+ if (strcmp(conn->role, "server") == 0) {
+ _address += 1 << 24;
+ } else if (strcmp(conn->role, "client") == 0) {
+ _address += 2 << 24;
+ } else {
+ goto ERROR;
+ }
+
+ struct in_addr address_info;
+ address_info.s_addr = _address;
+
+ return inet_ntoa(address_info);
+
+ERROR:
+ fprintf(stderr, "Could not determine transfer net address: %s\n", conn->name);
+
+ free(address);
+ return NULL;
+}
+
+char* getLocalSubnetAddress(const connection* conn) {
+ kv = initkeyvalues();
+ if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) {
+ fprintf(stderr, "Cannot read ethernet settings\n");
+ exit(1);
+ }
+
+ const char *zones[] = {"GREEN", "BLUE", "ORANGE", NULL};
+ char *zone = NULL;
+
+ // Get net address of the local openvpn subnet.
+ char *subnetmask = strdup(conn->local_subnet);
+ char *address = strsep(&subnetmask, "/");
+
+ if ((address == NULL) || (subnetmask == NULL)) {
+ goto ERROR;
+ }
+
+ in_addr_t _address = inet_addr(address);
+ in_addr_t _subnetmask = inet_addr(subnetmask);
+
+ in_addr_t _netaddr = (_address & _subnetmask);
+ in_addr_t _broadcast = (_address | ~_subnetmask);
+
+ char zone_address_key[STRING_SIZE];
+ char zone_address[STRING_SIZE];
+ in_addr_t zone_addr;
+
+ int i = 0;
+ while (zones[i]) {
+ zone = zones[i++];
+ snprintf(zone_address_key, STRING_SIZE, "%s_ADDRESS", zone);
+
+ if (!findkey(kv, zone_address_key, zone_address))
+ continue;
+
+ zone_addr = inet_addr(zone_address);
+ if ((zone_addr > _netaddr) && (zone_addr < _broadcast)) {
+ freekeyvalues(kv);
+
+ return strdup(zone_address);
+ }
+ }
+
+ERROR:
+ fprintf(stderr, "Could not determine local subnet address: %s\n", conn->name);
+
+ freekeyvalues(kv);
+ return NULL;
+}
+
void setFirewallRules(void) {
char protocol[STRING_SIZE] = "";
char dport[STRING_SIZE] = "";
@@ -372,6 +470,7 @@ void setFirewallRules(void) {
flushChain(OVPNRED);
flushChain(OVPNBLUE);
flushChain(OVPNORANGE);
+ flushChainNAT(OVPNNAT);
// set firewall rules
if (!strcmp(enablered, "on") && strlen(redif))
@@ -386,11 +485,23 @@ void setFirewallRules(void) {
// set firewall rules for n2n connections
char command[STRING_SIZE];
+ char *local_subnet_address = NULL;
+ char *transfer_subnet_address = NULL;
while (conn != NULL) {
if (strcmp(conn->type, "net") == 0) {
sprintf(command, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %d -j ACCEPT",
OVPNRED, redif, conn->proto, conn->port);
executeCommand(command);
+
+ local_subnet_address = getLocalSubnetAddress(conn);
+ transfer_subnet_address = calcTransferNetAddress(conn);
+
+ if ((!local_subnet_address) || (!transfer_subnet_address))
+ continue;
+
+ snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
+ OVPNNAT, transfer_subnet_address, local_subnet_address);
+ executeCommand(command);
}
conn = conn->next;
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-06-10 10:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-06-10 10:32 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. a6ba20538291d9860815316dcbcf1387dec3004d git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox