From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 306516d99a8333ca7d91adba835c206ebbaf9b9b
Date: Mon, 04 Aug 2025 15:44:28 +0000 (UTC) [thread overview]
Message-ID: <4bwgph5xFMz2xN7@people01.haj.ipfire.org> (raw)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 306516d99a8333ca7d91adba835c206ebbaf9b9b (commit)
via 52d53e52737f05ff8cba02c3245bcb74d1b8cfbe (commit)
via 993d5838f31ceeef8bc103b177e6a95f371f36c3 (commit)
via a5a1b2c2c16473990b9eee81cf9502af369bcdf6 (commit)
via dd67715a493e372936d815cd9d46904fa4681073 (commit)
via 5152d450ff943eeea0be1c0aa1bcc87e1c89755a (commit)
via 991e99a4fbfca7f1992c4d57b2686a58bde05ef7 (commit)
via 5c903c529978dff6c100819dff785ffc9b507a0b (commit)
via f5f70cb85c1537de6f760869f20cb29abc0a95f4 (commit)
via 8aa06d9fc3f7024611b00f00ca02ce14392d1e33 (commit)
via c8540f81307e1027e05dc5e8953f0b722ad44233 (commit)
from 0105e8685da8dac43690d7e47ed8531550ce5863 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 306516d99a8333ca7d91adba835c206ebbaf9b9b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Aug 4 16:24:29 2025 +0200
ovpnmain.cgi: Fix layout issues when editing N2N
No functional changes.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 52d53e52737f05ff8cba02c3245bcb74d1b8cfbe
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 29 14:50:17 2025 +0000
core197: Ship bonding changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 993d5838f31ceeef8bc103b177e6a95f371f36c3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 29 14:42:20 2025 +0000
network: Ensure that we only run once at a time
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a5a1b2c2c16473990b9eee81cf9502af369bcdf6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 29 14:42:19 2025 +0000
network: Add support for some more auxiliary zones
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit dd67715a493e372936d815cd9d46904fa4681073
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 29 14:42:18 2025 +0000
network: Fail if no master device has been configured for slave zones
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5152d450ff943eeea0be1c0aa1bcc87e1c89755a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 29 14:42:17 2025 +0000
network: Rename the bridge hotplug script
Since it is now creating more than just bridges, this had to have a new
name.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 991e99a4fbfca7f1992c4d57b2686a58bde05ef7
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 29 14:42:16 2025 +0000
network: Add support for bonds
This is a bare-minimum implementation to realise this. It changes the
bridge script because the two of them have quite a bit in common, so we
should avoid further code duplication.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5c903c529978dff6c100819dff785ffc9b507a0b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 29 14:42:15 2025 +0000
linux: Don't create bond0 when bonding is being loaded
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f5f70cb85c1537de6f760869f20cb29abc0a95f4
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 29 14:38:20 2025 +0000
firewall: Completely throw away any output when restarting Tor
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8aa06d9fc3f7024611b00f00ca02ce14392d1e33
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 29 14:36:54 2025 +0000
initscripts: Fix process check for processes with PID file
This check tests whether a process is still alive, but it fails for
those processes when we are using a PID file.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c8540f81307e1027e05dc5e8953f0b722ad44233
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 29 14:34:28 2025 +0000
arpwatch: New package
This allows to receive an email notification if a new host is detected
on a network.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/includes/arpwatch | 2 +
config/rootfiles/common/aarch64/linux | 1 +
config/rootfiles/common/riscv64/linux | 1 +
config/rootfiles/common/udev | 2 +-
config/rootfiles/common/x86_64/linux | 1 +
config/rootfiles/core/197/filelists/files | 4 +
config/rootfiles/core/197/update.sh | 1 +
config/rootfiles/packages/arpwatch | 5 +
config/udev/60-net.rules | 4 +-
...work-hotplug-bridges => network-hotplug-master} | 111 +++++---
config/udev/network-hotplug-rename | 4 +-
html/cgi-bin/ovpnmain.cgi | 280 +++++++++++----------
lfs/{frr => arpwatch} | 73 +++---
lfs/linux | 3 +
lfs/udev | 4 +-
make.sh | 1 +
src/initscripts/packages/{openvmtools => arpwatch} | 68 ++---
src/initscripts/system/firewall | 2 +-
src/initscripts/system/functions | 6 +-
src/paks/{haproxy => arpwatch}/install.sh | 8 +-
src/paks/{default => arpwatch}/uninstall.sh | 1 +
src/paks/{amazon-ssm-agent => arpwatch}/update.sh | 0
src/patches/arpwatch/53_stop-using-_getshort.patch | 25 ++
23 files changed, 373 insertions(+), 234 deletions(-)
create mode 100644 config/backup/includes/arpwatch
create mode 100644 config/rootfiles/packages/arpwatch
rename config/udev/{network-hotplug-bridges => network-hotplug-master} (61%)
copy lfs/{frr => arpwatch} (71%)
copy src/initscripts/packages/{openvmtools => arpwatch} (66%)
copy src/paks/{haproxy => arpwatch}/install.sh (90%)
copy src/paks/{default => arpwatch}/uninstall.sh (98%)
copy src/paks/{amazon-ssm-agent => arpwatch}/update.sh (100%)
create mode 100644 src/patches/arpwatch/53_stop-using-_getshort.patch
Difference in files:
diff --git a/config/backup/includes/arpwatch b/config/backup/includes/arpwatch
new file mode 100644
index 0000000000..3316475307
--- /dev/null
+++ b/config/backup/includes/arpwatch
@@ -0,0 +1,2 @@
+/etc/sysconfig/arpwatch
+/var/lib/arpwatch
diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux
index 9b848d2117..7d3124685a 100644
--- a/config/rootfiles/common/aarch64/linux
+++ b/config/rootfiles/common/aarch64/linux
@@ -573,6 +573,7 @@ boot/dtb-KVER
#boot/dtb-KVER/synaptics/berlin4ct-stb.dtb
boot/vmlinuz-KVER
#etc/cpufreq-bench.conf
+etc/modprobe.d/bonding.conf
etc/modprobe.d/ipv6.conf
#lib/modules
#lib/modules/KVER
diff --git a/config/rootfiles/common/riscv64/linux b/config/rootfiles/common/riscv64/linux
index bf0deb05ff..4cb6a0dda9 100644
--- a/config/rootfiles/common/riscv64/linux
+++ b/config/rootfiles/common/riscv64/linux
@@ -13,6 +13,7 @@ boot/dtb-KVER
#boot/dtb-KVER/starfive/jh7110-starfive-visionfive-2-v1.3b.dtb
boot/vmlinuz-KVER
#etc/cpufreq-bench.conf
+etc/modprobe.d/bonding.conf
etc/modprobe.d/ipv6.conf
#lib/modules
#lib/modules/KVER
diff --git a/config/rootfiles/common/udev b/config/rootfiles/common/udev
index 3eea437188..94da6f7722 100644
--- a/config/rootfiles/common/udev
+++ b/config/rootfiles/common/udev
@@ -49,7 +49,7 @@ lib/udev/hwdb.d
lib/udev/iocost
lib/udev/mtd_probe
lib/udev/network-aqm
-lib/udev/network-hotplug-bridges
+lib/udev/network-hotplug-master
lib/udev/network-hotplug-rename
lib/udev/network-hotplug-vlan
lib/udev/network-offloading
diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux
index c58d0a4bb6..66484034d8 100644
--- a/config/rootfiles/common/x86_64/linux
+++ b/config/rootfiles/common/x86_64/linux
@@ -2,6 +2,7 @@ boot/System.map-KVER
boot/config-KVER
boot/vmlinuz-KVER
#etc/cpufreq-bench.conf
+etc/modprobe.d/bonding.conf
etc/modprobe.d/ipv6.conf
#lib/modules
#lib/modules/KVER
diff --git a/config/rootfiles/core/197/filelists/files b/config/rootfiles/core/197/filelists/files
index a38e3118f8..b49f7d984a 100644
--- a/config/rootfiles/core/197/filelists/files
+++ b/config/rootfiles/core/197/filelists/files
@@ -1,4 +1,5 @@
etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
+etc/modprobe.d/bonding.conf
etc/rc.d/init.d/cpupower
etc/rc.d/init.d/firewall
etc/rc.d/init.d/functions
@@ -11,6 +12,9 @@ etc/rc.d/rc3.d/S51openvpn-n2n
etc/rc.d/rc6.d/K10openvpn-rw
etc/rc.d/rc6.d/K11openvpn-n2n
etc/rc.d/rcsysinit.d/S46cpupower
+lib/udev/network-hotplug-master
+lib/udev/network-hotplug-rename
+lib/udev/rules.d/60-net.rules
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/services.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
diff --git a/config/rootfiles/core/197/update.sh b/config/rootfiles/core/197/update.sh
index 8e109d140d..dc91494993 100644
--- a/config/rootfiles/core/197/update.sh
+++ b/config/rootfiles/core/197/update.sh
@@ -93,6 +93,7 @@ rm -rvf \
rm -vf \
/etc/rc.d/init.d/networking/red.down/10-ovpn \
/etc/rc.d/init.d/networking/red.up/50-ovpn \
+ /lib/udev/network-hotplug-bridge \
/usr/lib/libbtrfs.so.0.? \
/usr/lib/libbtrfsutil.so.1.?
diff --git a/config/rootfiles/packages/arpwatch b/config/rootfiles/packages/arpwatch
new file mode 100644
index 0000000000..d173da2698
--- /dev/null
+++ b/config/rootfiles/packages/arpwatch
@@ -0,0 +1,5 @@
+etc/rc.d/init.d/arpwatch
+usr/sbin/arpsnmp
+usr/sbin/arpwatch
+#var/lib/arpwatch
+var/lib/arpwatch/ethercodes.dat
diff --git a/config/udev/60-net.rules b/config/udev/60-net.rules
index fff7513bc1..f4850b9dd5 100644
--- a/config/udev/60-net.rules
+++ b/config/udev/60-net.rules
@@ -6,5 +6,5 @@ ACTION=="add", SUBSYSTEM=="net", PROGRAM="/lib/udev/network-hotplug-rename", RES
# that has just come up.
ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-vlan"
-# Call a script that will set up zones as bridges
-ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-bridges"
+# Call a script that will set up interfaces that have a master interface (bridges, bonding, ..)
+ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-master"
diff --git a/config/udev/network-hotplug-bridges b/config/udev/network-hotplug-master
similarity index 61%
rename from config/udev/network-hotplug-bridges
rename to config/udev/network-hotplug-master
index 39faeb5a9e..ed9cd58c3f 100644
--- a/config/udev/network-hotplug-bridges
+++ b/config/udev/network-hotplug-master
@@ -25,13 +25,19 @@
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+# Only run this script once at a time
+if [ -z "${LOCKED}" ]; then
+ export LOCKED=1
+ exec flock "${0}" "${0}" "$@"
+fi
+
detect_zone() {
local intf="${INTERFACE%?}"
intf="${intf%phys}"
intf="${intf^^}"
local zone
- for zone in GREEN BLUE ORANGE RED; do
+ for zone in GREEN BLUE ORANGE RED INTF0 INTF1 INTF2 INTF3; do
# Try to find if INTERFACE is the *phys version of a zone
if [ "${intf}" = "${zone}" ]; then
echo "${zone}"
@@ -71,57 +77,92 @@ ZONE=$(detect_zone)
# Cannot proceed if we could not find a zone
if [ -z "${ZONE}" ]; then
- logger "Could not find a bridged zone for ${INTERFACE}"
+ logger "Could not find a master zone for ${INTERFACE}"
exit 0
fi
# Determine the mode of this zone
MODE="$(get_value "${ZONE}_MODE")"
-# The name of the virtual bridge
-BRIDGE="$(get_value "${ZONE}_DEV")"
+# Exit if there is no MODE
+if [ -z "${MODE}" ]; then
+ exit 0
+fi
+
+# The name of the virtual master interface
+MASTER="$(get_value "${ZONE}_DEV")"
+
+# Fail if no master device has been configured
+if [ -z "${MASTER}" ]; then
+ logger "No ${ZONE}_DEV configured"
+ exit 1
+fi
+
+# Fetch the MTU
MTU="$(get_value "${ZONE}_MTU")"
-STP="$(get_value "${ZONE}_STP")"
-STP_PRIORITY="$(get_value "${ZONE}_STP_PRIORITY")"
+
+# Set default MTU if nothing is set
+if [ -z "${MTU}" ]; then
+ MTU=1500
+fi
+
+# Fetch the MAC address of the master interface
+ADDRESS="$(get_value "${ZONE}_MACADDR")"
+
+# If no address has been configured, generate a random one
+if [ -z "${ADDRESS}" ]; then
+ ADDRESS="$(random_mac_address)"
+fi
case "${MODE}" in
- bridge)
- # Set default MTU if nothing is set
- if [ -z "${MTU}" ]; then
- MTU=1500
+ # Bond
+ bond)
+ BOND_MODE="$(get_value "${ZONE}_BOND_MODE")"
+ if [ -z "${BOND_MODE}" ]; then
+ BOND_MODE="802.3ad"
+ fi
+
+ # Check for some valid BOND_MODE
+ case "${BOND_MODE}" in
+ balance-rr|active-backup|balance-xor|broadcast|802.3ad|balance-tlb|balance-alb)
+ ;;
+ *)
+ logger "Invalid bond mode ${BOND_MODE} for ${MASTER}. Falling back to 802.3ad"
+ BOND_MODE="802.3ad"
+ ;;
+ esac
+
+ # Create the master interface if it does not exist
+ if [ ! -d "/sys/class/net/${MASTER}" ]; then
+ if ! ip link add "${MASTER}" address "${ADDRESS}" mtu "${MTU}" \
+ type bond mode "${BOND_MODE}"; then
+ logger "Failed to create bonding interface ${MASTER}"
+ exit 1
+ fi
fi
+ ;;
+
+ # Bridge
+ bridge)
+ # Fetch spanning tree settings
+ STP="$(get_value "${ZONE}_STP")"
+ STP_PRIORITY="$(get_value "${ZONE}_STP_PRIORITY")"
# We need to check if $STP_PRIORITY has a valid value if not set it
if [ -z "${STP_PRIORITY}" ]; then
STP_PRIORITY=16384
fi
- ADDRESS="$(get_value "${ZONE}_MACADDR")"
- [ -n "${ADDRESS}" ] || ADDRESS="$(random_mac_address)"
-
# We need to create the bridge if it doesn't exist, yet
- if [ ! -d "/sys/class/net/${BRIDGE}" ]; then
- ip link add "${BRIDGE}" address "${ADDRESS}" mtu "${MTU}" type bridge \
+ if [ ! -d "/sys/class/net/${MASTER}" ]; then
+ ip link add "${MASTER}" address "${ADDRESS}" mtu "${MTU}" type bridge \
$([ "${STP}" = "on" ] && echo "stp_state 1 priority ${STP_PRIORITY}" )
- #ip link set "${BRIDGE}" up
fi
# Try setting wireless interfaces into master mode
if [ -d "/sys/class/net/${INTERFACE}/phy80211" ]; then
iw dev "${INTERFACE}" set type __ap
fi
-
- # Attempt to set the MTU
- ip link set dev "${INTERFACE}" mtu "${MTU}"
-
- # Attach the physical device
- logger "Attach ${INTERFACE} to ${BRIDGE}"
- ip link set dev "${INTERFACE}" master "${BRIDGE}"
- ip link set dev "${INTERFACE}" up
- ;;
-
- "")
- exit 0
;;
*)
@@ -129,3 +170,17 @@ case "${MODE}" in
exit 1
;;
esac
+
+# Attempt to set the MTU
+ip link set dev "${INTERFACE}" mtu "${MTU}"
+
+# Ensure the physical interface is down
+ip link set dev "${INTERFACE}" down
+
+# Attach the physical device
+logger "Attach ${INTERFACE} to ${MASTER}"
+ip link set dev "${INTERFACE}" master "${MASTER}"
+ip link set dev "${INTERFACE}" up
+
+# Done!
+exit 0
diff --git a/config/udev/network-hotplug-rename b/config/udev/network-hotplug-rename
index 7c81bdb781..b4e694ed34 100644
--- a/config/udev/network-hotplug-rename
+++ b/config/udev/network-hotplug-rename
@@ -57,7 +57,7 @@ fi
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
# Standard zones
-ZONES="RED GREEN ORANGE BLUE"
+ZONES="RED GREEN ORANGE BLUE INTF0 INTF1 INTF2 INTF3"
# Determine the address of INTERFACE
ADDRESS="$(</sys/class/net/${INTERFACE}/address)"
@@ -78,7 +78,7 @@ for zone in ${ZONES}; do
# If a matching interface has been found we will
# print the name to which udev will rename it.
case "${!mode}" in
- bridge)
+ bond|bridge)
counter=0
for slave in ${!slaves}; do
if [ "${slave,,}" = "${ADDRESS,,}" ]; then
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 0be4ea0b2d..1fe0978c6f 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -4560,7 +4560,38 @@ if ($cgiparams{'TYPE'} eq 'net') {
<input type="text" name="NAME" value="$cgiparams{'NAME'}" $readonly/>
</td>
</tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'remark title'}
+ </td>
+ <td>
+ <input type="text" name="REMARK" value="$cgiparams{'REMARK'}" />
+ </td>
+ </tr>
+END
+
+ if ($cgiparams{'TYPE'} eq 'host') {
+ print <<END;
+ <tr>
+ <td>
+ $Lang::tr{'enabled'}
+ </td>
+ <td>
+ <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} />
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'enable otp'}
+ </td>
+ <td>
+ <input type='checkbox' name='OTP_STATE' $checked{'OTP_STATE'}{'on'} />
+ </td>
+ </tr>
END
+ }
if ($cgiparams{'TYPE'} eq 'net') {
# If GCM ciphers are in usage, HMAC menu is disabled
@@ -4572,105 +4603,144 @@ END
};
print <<END;
- <td width='25%'> </td>
- <td width='25%'> </td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
- <td><select name='SIDE'>
- <option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
- <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option>
- </select>
- </td>
-
- <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
- <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td>
- </tr>
+ <tr>
+ <td>$Lang::tr{'Act as'}</td>
+ <td>
+ <select name='SIDE'>
+ <option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
+ <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option>
+ </select>
+ </td>
+ </tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'} <img src='/blob.gif' alt='*' /></td>
- <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
+ <tr>
+ <td>$Lang::tr{'remote host/ip'}:</td>
+ <td>
+ <input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' />
+ </td>
+ </tr>
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'} <img src='/blob.gif' alt='*' /></td>
- <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td>
- </tr>
+ <tr>
+ <td>$Lang::tr{'local subnet'} <img src='/blob.gif' alt='*' /></td>
+ <td>
+ <input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' />
+ </td>
+ </tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'} <img src='/blob.gif' alt='*' /></td>
- <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
+ <tr>
+ <td>$Lang::tr{'remote subnet'} <img src='/blob.gif' alt='*' /></td>
+ <td>
+ <input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' />
+ </td>
+ </tr>
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
- <td><select name='PROTOCOL'>
- <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
- <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
- </tr>
+ <tr>
+ <td>$Lang::tr{'ovpn subnet'} <img src='/blob.gif' alt='*' /></td>
+ <td>
+ <input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' />
+ </td>
+ </tr>
- <tr>
- <td class='boldbase'>$Lang::tr{'destination port'}: <img src='/blob.gif' alt='*' /></td>
- <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
+ <tr>
+ <td>$Lang::tr{'protocol'}</td>
+ <td>
+ <select name='PROTOCOL'>
+ <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
+ <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option>
+ </select>
+ </td>
+ </tr>
- <td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}):</td>
- <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
- </tr>
+ <tr>
+ <td>$Lang::tr{'destination port'}: <img src='/blob.gif' alt='*' /></td>
+ <td>
+ <input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' />
+ </td>
+ </tr>
- <tr><td colspan=4><hr /></td></tr><tr>
+ <tr>
+ <td>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}):</td>
+ <td>
+ <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' />
+ </td>
+ </tr>
+ </table>
- <tr>
- <td class='base'><b>$Lang::tr{'MTU settings'}</b></td>
- </tr>
+ <h6>
+ $Lang::tr{'MTU settings'}
+ </h6>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td>
- <td><input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
- <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
- </tr>
+ <table class="form">
+ <tr>
+ <td>$Lang::tr{'MTU'}</td>
+ <td>
+ <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' />
+ </td>
+ </tr>
- <tr><td class='boldbase' nowrap='nowrap'>fragment:</td>
- <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
- <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
- </tr>
+ <tr>
+ <td>fragment:</td>
+ <td>
+ <input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' />
+ </td>
+ </tr>
- <tr><td class='boldbase' nowrap='nowrap'>mssfix:</td>
- <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
- <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
- </tr>
+ <tr>
+ <td>mssfix:</td>
+ <td>
+ <input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} />
+ </td>
+ </tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
- <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
- </tr>
+ <tr>
+ <td>$Lang::tr{'comp-lzo'}</td>
+ <td>
+ <input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} />
+ </td>
+ </tr>
+ </table>
-<tr><td colspan=4><hr /></td></tr><tr>
- <tr>
- <td class='base'><b>$Lang::tr{'ovpn crypto settings'}:</b></td>
- </tr>
+ <h6>
+ $Lang::tr{'ovpn crypto settings'}:
+ </h6>
- <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
- <td><select name='DCIPHER' id="n2ncipher" required>
- <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
- <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
- <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
- <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option>
- <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
- <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
- <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
- <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- </select>
- </td>
-
- <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
- <td><select name='DAUTH' id="n2nhmac" $hmacdisabled>
- <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
- <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
- <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
- <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
- <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- </select>
- </td>
- </tr>
- <tr><td colspan=4><hr /></td></tr><tr>
+ <table class="form">
+ <tr>
+ <td>$Lang::tr{'cipher'}</td>
+ <td>
+ <select name='DCIPHER' id="n2ncipher" required>
+ <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
+ <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
+ <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
+ <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
+ <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option>
+ <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td>$Lang::tr{'ovpn ha'}:</td>
+ <td>
+ <select name='DAUTH' id="n2nhmac" $hmacdisabled>
+ <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
+ <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
+ <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
+ <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ </select>
+ </td>
+ </tr>
+ </table>
END
;
@@ -4690,48 +4760,6 @@ print<<END;
END
}
- # Remark
- print <<END;
- <tr>
- <td>
- $Lang::tr{'remark title'}
- </td>
- <td>
- <input type="text" name="REMARK" value="$cgiparams{'REMARK'}" />
- </td>
- </tr>
-END
-
- # Enabled?
- if ($cgiparams{'TYPE'} eq 'host') {
- print <<END;
- <tr>
- <td>
- $Lang::tr{'enabled'}
- </td>
- <td>
- <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} />
- </td>
- </tr>
-END
- }
-
- # OTP?
- if ($cgiparams{'TYPE'} eq 'host') {
- print <<END;
- <tr>
- <td>
- $Lang::tr{'enable otp'}
- </td>
- <td>
- <input type='checkbox' name='OTP_STATE' $checked{'OTP_STATE'}{'on'} />
- </td>
- </tr>
-END
- }
-
- print "</table>";
-
if ($cgiparams{'TYPE'} eq 'host') {
print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>";
my %vpnnet=();
diff --git a/lfs/arpwatch b/lfs/arpwatch
new file mode 100644
index 0000000000..0ccfa66a25
--- /dev/null
+++ b/lfs/arpwatch
@@ -0,0 +1,116 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+SUMMARY = Monitoring tool for ARP traffic on a network
+
+VER = 3.8
+ETHERCODES_DATE = 20200628
+
+# From: https://ee.lbl.gov/downloads/arpwatch/
+
+THISAPP = arpwatch-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = arpwatch
+PAK_VER = 1
+
+DEPS =
+
+SERVICES = arpwatch
+
+# Enable debugging code
+CFLAGS += -DDEBUG=1
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE) ethercodes.dat-$(ETHERCODES_DATE).xz
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 2ec0360ed12722e09cfccd06a1ab48ed77ea017d9ebf182cf2792dac53b61b1f0d6b5895fe30ec4d6b9e05d78aa75762775e548573f7bd5b2918ce8ca775eed3
+ethercodes.dat-$(ETHERCODES_DATE).xz_BLAKE2 = e702b9109ef3ccce73e2637f96126bf19e7dfa533774c0bd623042b3609f147981263b84397ec155a65ae12fa57247c32644e1e7e57c2c749ef768156d853027
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+ # Fix compilation issues
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/arpwatch/53_stop-using-_getshort.patch
+ cd $(DIR_APP) && sed -i '1i#include <time.h>' report.c
+
+ # Don't install the initscript
+ cd $(DIR_APP) && sed -i '/@HAVE_FREEBSD_TRUE@/d' Makefile.in
+
+ # Build!
+ cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+
+ # Install initscripts
+ $(call INSTALL_INITSCRIPTS,$(SERVICES))
+
+ # Install the data directory
+ -mkdir -pv /var/lib/arpwatch
+
+ # Install ethercodes.dat
+ xz -dvv \
+ < $(DIR_DL)/ethercodes.dat-$(ETHERCODES_DATE).xz \
+ > /var/lib/arpwatch/ethercodes.dat
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/linux b/lfs/linux
index 52f8cb4279..118a0fcf22 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -232,6 +232,9 @@ endif
# Disable ipv6 at runtime
echo "options ipv6 disable_ipv6=1" > /etc/modprobe.d/ipv6.conf
+ # Do not automatically create bond0 when bonding is being loaded
+ echo "options bonding max_bonds=0" > /etc/modprobe.d/bonding.conf
+
# build cpupower utility
cd $(DIR_APP)/tools/power/cpupower && make $(MAKETUNING)
cd $(DIR_APP)/tools/power/cpupower && make install
diff --git a/lfs/udev b/lfs/udev
index 19e0557a30..2b1be02cd5 100644
--- a/lfs/udev
+++ b/lfs/udev
@@ -148,8 +148,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
/lib/udev/network-hotplug-rename
install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-vlan \
/lib/udev/network-hotplug-vlan
- install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-bridges \
- /lib/udev/network-hotplug-bridges
+ install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-master \
+ /lib/udev/network-hotplug-master
install -v -m 644 $(DIR_SRC)/config/udev/60-net.rules \
/lib/udev/rules.d
diff --git a/make.sh b/make.sh
index 56fd9be22b..c3de610b9b 100755
--- a/make.sh
+++ b/make.sh
@@ -2089,6 +2089,7 @@ build_system() {
lfsmake2 inotify-tools
lfsmake2 grub-btrfs
lfsmake2 fort-validator
+ lfsmake2 arpwatch
lfsmake2 linux
lfsmake2 rtl8812au
diff --git a/src/initscripts/packages/arpwatch b/src/initscripts/packages/arpwatch
new file mode 100644
index 0000000000..09dcdf1ba7
--- /dev/null
+++ b/src/initscripts/packages/arpwatch
@@ -0,0 +1,81 @@
+#!/bin/sh
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+# Optionally load the configuration file
+if [ -r "/etc/sysconfig/arpwatch" ]; then
+ . /etc/sysconfig/arpwatch
+fi
+
+case "${1}" in
+ start)
+ args=(
+ -D /var/lib/arpwatch
+ )
+
+ # Add the watcher
+ if [ -n "${WATCHER}" ]; then
+ args+=( "-w" "${WATCHER}" )
+ fi
+
+ # Add the watchee
+ if [ -n "${WATCHEE}" ]; then
+ args+=( "-W" "${WATCHEE}" )
+ fi
+
+ for intf in ${INTERFACES}; do
+ boot_mesg "Starting ARP Watch on ${intf}..."
+
+ # Create the data file for this interface
+ if [ ! -e "/var/lib/arpwatch/${intf}.dat" ]; then
+ : > "/var/lib/arpwatch/${intf}.dat"
+ fi
+
+ PIDFILE="/var/run/arpwatch-${intf}.pid" \
+ loadproc -f \
+ /usr/sbin/arpwatch "${args[@]}" \
+ -P "/var/run/arpwatch-${intf}.pid" \
+ -f "/var/lib/arpwatch/${intf}.dat" \
+ -i "${intf}"
+ done
+ ;;
+
+ stop)
+ for intf in ${INTERFACES}; do
+ boot_mesg "Stopping ARP Watch on ${intf}..."
+ PIDFILE="/var/run/arpwatch-${intf}.pid" \
+ killproc /usr/sbin/arpwatch
+ done
+ ;;
+
+ restart)
+ ${0} stop
+ sleep 1
+ ${0} start
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|restart}"
+ exit 1
+ ;;
+esac
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 304c7c3cc9..45b4bd56af 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -434,7 +434,7 @@ iptables_init() {
# If a Tor relay is enabled apply firewall rules
if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
- /usr/local/bin/torctrl restart 1> /dev/null
+ /usr/local/bin/torctrl restart &>/dev/null
fi
# POLICY CHAIN
diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions
index 85eb3e975b..c4b7cb39e6 100644
--- a/src/initscripts/system/functions
+++ b/src/initscripts/system/functions
@@ -620,7 +620,11 @@ killproc()
done
if [ -z "${killsig}" ]; then
- pidofproc -s "${1}"
+ if [ -z "${pidfile}" ]; then
+ pidofproc -s "${1}"
+ else
+ pidofproc -s -p "${pidfile}" "${1}"
+ fi
# Program was terminated
if [ "$?" != "0" ]; then
diff --git a/src/paks/arpwatch/install.sh b/src/paks/arpwatch/install.sh
new file mode 100644
index 0000000000..12ff2ab360
--- /dev/null
+++ b/src/paks/arpwatch/install.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+extract_files
+restore_backup ${NAME}
+
+start_service ${NAME}
+
+# Enable autostart
+ln -vsf ../init.d/arpwatch /etc/rc.d/rc0.d/K12arpwatch
+ln -vsf ../init.d/arpwatch /etc/rc.d/rc3.d/S64arpwatch
+ln -vsf ../init.d/arpwatch /etc/rc.d/rc6.d/K12arpwatch
diff --git a/src/paks/arpwatch/uninstall.sh b/src/paks/arpwatch/uninstall.sh
new file mode 100644
index 0000000000..e27cc13451
--- /dev/null
+++ b/src/paks/arpwatch/uninstall.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+stop_service ${NAME}
+make_backup ${NAME}
+remove_files
+rm -rfv /etc/rc.d/rc*.d/*arpwatch
diff --git a/src/paks/arpwatch/update.sh b/src/paks/arpwatch/update.sh
new file mode 100644
index 0000000000..99776659c3
--- /dev/null
+++ b/src/paks/arpwatch/update.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007-2020 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+extract_backup_includes
+./uninstall.sh
+./install.sh
diff --git a/src/patches/arpwatch/53_stop-using-_getshort.patch b/src/patches/arpwatch/53_stop-using-_getshort.patch
new file mode 100644
index 0000000000..da83f4b438
--- /dev/null
+++ b/src/patches/arpwatch/53_stop-using-_getshort.patch
@@ -0,0 +1,25 @@
+Description: replace private function _getshort with ns_get16
+ _getshort is a private function, triggers a build log warning because it's
+ not present in any header file. We switch to the functionally equivalent
+ ns_get16.
+Author: Lukas Schwaighofer <lukas@schwaighofer.name>
+
+---
+ dns.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/dns.c
++++ b/dns.c
+@@ -115,10 +115,10 @@
+ (u_char *)cp, (char *)bp, buflen)) < 0)
+ break;
+ cp += n;
+- type = _getshort(cp);
++ type = ns_get16(cp);
+ cp += sizeof(u_short); /* class */
+ cp += sizeof(u_short) + sizeof(u_int32_t);
+- n = _getshort(cp);
++ n = ns_get16(cp);
+ cp += sizeof(u_short);
+ if (type == T_HINFO) {
+ /* Unpack */
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2025-08-04 15:44 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4bwgph5xFMz2xN7@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox