webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

FritzCard-Module installiert.

Browse Source 
OpenSwan2 fit gemacht.
Ueberfluessige Modem-Treiber entfernt.


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@383 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
This commit is contained in:
ms
2007-01-07 12:15:14 +00:00
parent 32fdd7d9be
commit 05207d6927
25 changed files with 468 additions and 1655 deletions
Download Patch File Download Diff File Expand all files Collapse all files

341
src/initscripts/init.d/red
View File

@@ -18,8 +18,6 @@
#
# (c) The SmoothWall Team
#
# $Id: rc.red,v 1.29.2.56 2005/12/17 08:49:01 gespinasse Exp $
# Clean up our environment (we're running SUID!)
delete @ENV{qw(IFS CDPATH ENV BASH_ENV PATH)};
@@ -76,20 +74,9 @@ sub doupdatesettings {
system('/sbin/modprobe', '-r', 'br2684');
system('/sbin/modprobe', '-r', 'clip');
if ($pppsettings{'TYPE'} ne '3cp4218usbadsl') { system('/sbin/modprobe', '-r', '3cp4218');}
if ($pppsettings{'TYPE'} ne 'alcatelusbk') { system('/sbin/modprobe', '-r', 'speedtch');}
if ($pppsettings{'TYPE'} ne 'amedynusbadsl') { system('/sbin/modprobe', '-r', 'amedyn');}
if ($pppsettings{'TYPE'} ne 'bewanadsl') {
system('/sbin/modprobe', '-r', 'unicorn_pci_atm', 'unicorn_usb_atm');}
if ($pppsettings{'TYPE'} ne 'conexantpciadsl') { system('/sbin/modprobe', '-r', 'CnxADSL');}
if ($pppsettings{'TYPE'} ne 'conexantusbadsl') { system('/sbin/modprobe', '-r', 'cxacru');}
if ($pppsettings{'TYPE'} ne 'eagleusbadsl') { system('/sbin/modprobe', '-r', 'eagle-usb');}
if ($pppsettings{'TYPE'} ne 'fritzdsl') {
system('/sbin/modprobe', '-r', 'fcdsl', 'fcdsl2', 'fcdslsl', 'fcdslusb', 'fcdslslusb');}
if ($pppsettings{'TYPE'} ne 'pulsardsl') { system('/sbin/modprobe', '-r', 'pulsar');}
sleep 1;
if ($pppsettings{'TYPE'} !=~ /^(3cp4218usbadsl|alcatelusbk|amedynusbadsl|bewanadsl|conexantpciadsl|pulsardsl)$/) {
system('/sbin/modprobe', '-r', 'atm');
# remove existing default route (for static address) if it was been changed from setup or web interface SF1175052
system ('/sbin/route del default 2>/dev/null');
@@ -105,7 +92,7 @@ open STDOUT, '>/dev/null' or die "Can't write to /dev/null";
if ($ARGV[0] eq 'start') {
if (-e "${General::swroot}/red/active" ||
-e '/var/run/ppp-ipcop.pid')
-e '/var/run/ppp-ipfire.pid')
{
&General::log ("ERROR: Can't start RED when it's still active");
exit 1;
@@ -213,21 +200,11 @@ if ($ARGV[0] eq 'start') {
}
if ($pppsettings{'TYPE'} eq 'modem') { &domodemdial(); }
elsif ($pppsettings{'TYPE'} eq 'serial') { &doserialdial(); }
elsif ($pppsettings{'TYPE'} eq 'serial') { &doserialdial(); }
elsif ($pppsettings{'TYPE'} eq 'isdn') { &doisdndial(); }
elsif ($pppsettings{'TYPE'} eq 'pppoe') { &dopppoedial(); }
elsif ($pppsettings{'TYPE'} eq 'pppoe') { &dopppoedial(); }
elsif ($pppsettings{'TYPE'} eq 'pptp') { &dopptpdial(); }
elsif ($pppsettings{'TYPE'} eq 'alcatelusbk') { &doalcatelusbkdial(); }
elsif ($pppsettings{'TYPE'} eq 'alcatelusb') { &doalcatelusbdial(); }
elsif ($pppsettings{'TYPE'} eq 'pulsardsl') { &dopulsardsldial(); }
elsif ($pppsettings{'TYPE'} eq 'eciadsl') { &doeciadsldial(); }
elsif ($pppsettings{'TYPE'} eq 'fritzdsl') { &dofritzdsldial(); }
elsif ($pppsettings{'TYPE'} eq 'bewanadsl') { &dobewanadsldial(); }
elsif ($pppsettings{'TYPE'} eq 'eagleusbadsl') { &doeagleusbadsldial(); }
elsif ($pppsettings{'TYPE'} eq 'conexantusbadsl') { &doconexantusbadsldial(); }
elsif ($pppsettings{'TYPE'} eq 'conexantpciadsl') { &doconexantpciadsldial(); }
elsif ($pppsettings{'TYPE'} eq 'amedynusbadsl') { &doamedynusbadsldial(); }
elsif ($pppsettings{'TYPE'} eq '3cp4218usbadsl') { &do3cp4218usbadsldial(); }
if (-e "${General::swroot}/ppp/updatesettings") {
# erase update mark only after specific script had run, allowing specific script to treat the update
@@ -270,7 +247,7 @@ elsif ($ARGV[0] eq 'stop')
unlink "${General::swroot}/red/redial";
# Kill PPPD
if (open(FILE, "/var/run/ppp-ipcop.pid")) {
if (open(FILE, "/var/run/ppp-ipfire.pid")) {
my $pid = <FILE>;
close FILE;
chomp ($pid);
@@ -305,17 +282,7 @@ elsif ($ARGV[0] eq 'stop')
}
if ($pppsettings{'TYPE'} eq 'isdn') { system('/etc/rc.d/rc.isdn','stop'); }
if ($pppsettings{'TYPE'} eq 'eciadsl') { system('/etc/rc.d/rc.eciadsl', 'stop'); }
if ($pppsettings{'TYPE'} eq 'alcatelusbk') { system('/etc/rc.d/rc.alcatelusbk', 'stop'); }
if ($pppsettings{'TYPE'} eq 'alcatelusb') { system('/etc/rc.d/rc.alcatelusb', 'stop'); }
if ($pppsettings{'TYPE'} eq 'amedynusbadsl') { system('/etc/rc.d/rc.amedynusbadsl', 'stop'); }
if ($pppsettings{'TYPE'} eq 'bewanadsl') { system('/etc/rc.d/rc.bewanadsl', 'stop'); }
if ($pppsettings{'TYPE'} eq 'conexantpciadsl') { system('/etc/rc.d/rc.conexantpciadsl', 'stop'); }
if ($pppsettings{'TYPE'} eq 'conexantusbadsl') { system('/etc/rc.d/rc.conexantusbadsl', 'stop'); }
if ($pppsettings{'TYPE'} eq 'eagleusbadsl') { system('/etc/rc.d/rc.eagleusbadsl', 'stop'); }
if ($pppsettings{'TYPE'} eq 'fritzdsl') { system ('/etc/rc.d/rc.fritzdsl','stop'); }
if ($pppsettings{'TYPE'} eq 'pulsardsl') { system('/etc/rc.d/rc.pulsardsl', 'stop'); }
if ($pppsettings{'TYPE'} eq '3cp4218usbadsl') { system('/etc/rc.d/rc.3cp4218usbadsl', 'stop'); }
if ( ( $netsettings{'CONFIG_TYPE'} =~ /^(2|3|6|7)$/ && $netsettings{'RED_TYPE'} eq 'STATIC') ||
( $netsettings{'CONFIG_TYPE'} =~ /^(0|1|4|5)$/ && $pppsettings{'PROTOCOL'} eq 'RFC1483' &&
@@ -333,17 +300,7 @@ exit 0;
sub docleanup
{
if ($pppsettings{'TYPE'} eq 'alcatelusbk') { system('/etc/rc.d/rc.alcatelusbk', 'cleanup'); }
if ($pppsettings{'TYPE'} eq 'alcatelusb') { system('/etc/rc.d/rc.alcatelusb', 'cleanup'); }
if ($pppsettings{'TYPE'} eq 'eciadsl') { system('/etc/rc.d/rc.eciadsl', 'cleanup'); }
if ($pppsettings{'TYPE'} eq 'pulsardsl') { system('/etc/rc.d/rc.pulsardsl', 'cleanup'); }
if ($pppsettings{'TYPE'} eq 'fritzdsl') { system ('/etc/rc.d/rc.fritzdsl','cleanup'); }
if ($pppsettings{'TYPE'} eq 'bewanadsl') { system('/etc/rc.d/rc.bewanadsl', 'cleanup'); }
if ($pppsettings{'TYPE'} eq 'eagleusbadsl') { system('/etc/rc.d/rc.eagleusbadsl', 'cleanup'); }
if ($pppsettings{'TYPE'} eq 'conexantusbadsl') { system('/etc/rc.d/rc.conexantusbadsl', 'cleanup'); }
if ($pppsettings{'TYPE'} eq 'conexantpciadsl') { system('/etc/rc.d/rc.conexantpciadsl', 'cleanup'); }
if ($pppsettings{'TYPE'} eq 'amedynusbadsl') { system('/etc/rc.d/rc.amedynusbadsl', 'cleanup'); }
if ($pppsettings{'TYPE'} eq '3cp4218usbadsl') { system('/etc/rc.d/rc.3cp4218usbadsl', 'cleanup'); }
}
sub domodemdial
@@ -497,7 +454,7 @@ sub doisdndial
'defaultroute','user',$pppsettings{'USERNAME'},
'name',$pppsettings{'USERNAME'},
'active-filter','outbound and not icmp[0] == 3 and not tcp[13] & 4 != 0',
'pidfile','/var/run/ppp-ipcop.pid','/dev/ippp0','/dev/ippp1');
'pidfile','/var/run/ppp-ipfire.pid','/dev/ippp0','/dev/ippp1');
if ($pppsettings{'DEBUG'} eq 'on') {
push(@pppcommand, ('debug'));
}
@@ -523,7 +480,7 @@ sub doisdndial
'defaultroute','user',$pppsettings{'USERNAME'},
'name',$pppsettings{'USERNAME'},
'active-filter','outbound and not icmp[0] == 3 and not tcp[13] & 4 != 0',
'pidfile','/var/run/ppp-ipcop.pid','/dev/ippp0');
'pidfile','/var/run/ppp-ipfire.pid','/dev/ippp0');
if ($pppsettings{'DEBUG'} eq 'on') {
push(@pppcommand, ('debug'));
}
@@ -703,158 +660,6 @@ sub dopptpdial
system (@pppcommand);
}
sub doalcatelusbdial
{
if (system ('/etc/rc.d/rc.alcatelusb','start')) {
&General::log( "ERROR: Failed to connect to Alcatel USB modem");
exit 1;
}
if ($pppsettings{'PROTOCOL'} eq 'RFC1483') {
if (open(FILE, ">${General::swroot}/red/device")) { print FILE 'tap0'; close FILE; }
$netsettings{'RED_DEV'} = 'tap0';
&dopppoedial();
} else {
# PPPoA
my @pppcommand = ('/usr/sbin/pppd', 'pty');
my @pppoacommand = ('/usr/sbin/pppoa3','-c','-m','1','-vpi',$pppsettings{'VPI'},'-vci',$pppsettings{'VCI'});
push(@pppcommand, "@pppoacommand");
if ($pppsettings{'DNS'} eq 'Automatic') {
push(@pppcommand, ('usepeerdns'));
}
if ($pppsettings{'AUTH'} eq 'pap') {
push(@pppcommand, ('-chap'));
} elsif ($pppsettings{'AUTH'} eq 'chap') {
push(@pppcommand, ('-pap'));
}
if ($pppsettings{'RECONNECTION'} ne 'persistent') {
if ($pppsettings{'TIMEOUT'} != 0) {
my $seconds = $pppsettings{'TIMEOUT'} * 60;
push(@pppcommand, ('idle', "$seconds"));
}
if ($pppsettings{'RECONNECTION'} eq 'dialondemand') {
push (@pppcommand, ('demand','nopersist','connect','/bin/true'));
}
push (@pppcommand,
('active-filter',
'outbound and not icmp[0] == 3 and not tcp[13] & 4 != 0 ' ));
}
push(@pppcommand, ('noipdefault', 'defaultroute', 'sync', 'user',
$pppsettings{'USERNAME'}, 'ipcp-accept-local', 'ipcp-accept-remote', 'passive',
'noaccomp', 'nopcomp', 'noccp', 'novj', 'nobsdcomp',
'nodeflate', 'lcp-echo-interval', '20', 'lcp-echo-failure', '3',
'lcp-max-configure', '50', 'maxfail', $pppsettings{'MAXRETRIES'}));
if ($pppsettings{'DEBUG'} eq 'on') {
push(@pppcommand, ('debug'));
}
system (@pppcommand);
}
}
sub doeciadsldial
{
if (system ('/etc/rc.d/rc.eciadsl','start')) {
&General::log ("ERROR: ECI ADSL failed to start");
exit 1;
}
if ($pppsettings {'PROTOCOL'} eq 'RFC1483') {
if ($pppsettings {'ENCAP'} =~ /^(0|1)$/) {
$iface = "tap0";
} else {
$iface = "tun0";
}
if (open(FILE, ">${General::swroot}/red/iface")) { print FILE $iface; close FILE; }
if ($pppsettings {'METHOD'} =~ /^(PPPOE|PPPOE_PLUGIN)$/) {
if (open(FILE, ">${General::swroot}/red/device")) { print FILE $iface; close FILE; }
$netsettings{'RED_DEV'} = $iface;
&dopppoedial();
} elsif ($pppsettings{'METHOD'} eq 'STATIC') {
my @staticcommand = ('/sbin/ifconfig');
push(@staticcommand, ($iface, $pppsettings{'IP'},'netmask', $pppsettings{'NETMASK'}));
if ($pppsettings{'BROADCAST'} ne '') {
push(@staticcommand, ('broadcast', $pppsettings{'BROADCAST'}));
}
system (@staticcommand);
system ("/sbin/route","add","default","gw",$pppsettings{'GATEWAY'});
system ("/bin/touch", "${General::swroot}/red/active");
if (open(FILE, ">${General::swroot}/red/iface")) { print FILE $iface; close FILE; }
} elsif ($pppsettings {'METHOD'} eq 'DHCP') {
# FIXME dhcp does not support tun0 interface (routed IP)
dodhcpdial($iface,$pppsettings{'DHCP_HOSTNAME'});
}
} else {
# PPPoA
my ($VID2, $PID2, $CHIP, $ALTP, $ECIMODE);
open (MODEMS, "/etc/eciadsl/modems.db") or die 'Unable to open modems database.';
while (my $line = <MODEMS>) {
$line =~ s/\s*\t+\s*/|/g;
$line =~ /^(.+)\|(.+)\|(.+)\|(.+)\|(.+)\|(.+)\|(.+)\|(.+)$/;
if ( $1 eq $pppsettings{'MODEM'} ) {
$VID2=$4 ; $PID2=$5; $CHIP=$6; $ALTP=$8;
}
}
close (MODEMS);
if ( $VID2 eq '') {
&General::log("$pppsettings{'MODEM'} not found in modems.db");
exit 1;
}
if ( $CHIP eq '' ) {
&General::log ("error in modems.db reading for $pppsettings{'MODEM'}");
exit 1;
}
if ($pppsettings {'ENCAP'} eq '1') {
$ECIMODE = "LLC_RFC2364";
} else {
$ECIMODE = "VCM_RFC2364";
}
my @pppcommand = ('/usr/sbin/pppd', 'pty');
my @pppoecicommand = ("/usr/sbin/eciadsl-pppoeci",'-alt', "$ALTP",'-vpi',$pppsettings{'VPI'},'-vci',$pppsettings{'VCI'},
'-vendor',"0x$VID2",'-product',"0x$PID2",'-mode',$ECIMODE);
push(@pppcommand, "@pppoecicommand");
if ($pppsettings{'DNS'} eq 'Automatic') {
push(@pppcommand, ('usepeerdns'));
}
if ($pppsettings{'AUTH'} eq 'pap') {
push(@pppcommand, ('-chap'));
} elsif ($pppsettings{'AUTH'} eq 'chap') {
push(@pppcommand, ('-pap'));
}
if ($pppsettings{'RECONNECTION'} ne 'persistent') {
if ($pppsettings{'TIMEOUT'} != 0) {
my $seconds = $pppsettings{'TIMEOUT'} * 60;
push(@pppcommand, ('idle', "$seconds"));
}
if ($pppsettings{'RECONNECTION'} eq 'dialondemand') {
push (@pppcommand, ('demand','nopersist','connect','/bin/true'));
}
push (@pppcommand,
('active-filter',
'outbound and not icmp[0] == 3 and not tcp[13] & 4 != 0 ' ));
}
push(@pppcommand, ('noipdefault', 'defaultroute', 'sync', 'user',
$pppsettings{'USERNAME'}, 'ipcp-accept-local', 'ipcp-accept-remote', 'passive',
'noaccomp', 'nopcomp', 'noccp', 'novj', 'nobsdcomp',
'nodeflate', 'lcp-echo-interval', '20', 'lcp-echo-failure', '3',
'lcp-max-configure', '50', 'maxfail', $pppsettings{'MAXRETRIES'}));
if ($pppsettings{'DEBUG'} eq 'on') {
push(@pppcommand, ('debug'));
}
system (@pppcommand);
}
}
sub dofritzdsldial
{
my $controller;
@@ -926,140 +731,6 @@ sub dofritzdsldial
system (@pppcommand);
}
sub doeagleusbadsldial
{
if (system ('/etc/rc.d/rc.eagleusbadsl','start')) {
&General::log ("ERROR: EAGLE-USB ADSL MODEM failed to start");
exit 1;
}
$iface=`/usr/sbin/eaglectrl -i 2>/dev/null | /usr/bin/tr -d '\012'`;
$iface =~ /([a-zA-Z0-9]*)/; $iface = $1;
if ($pppsettings {'PROTOCOL'} eq 'RFC1483') {
if (open(FILE, ">${General::swroot}/red/iface")) { print FILE $iface; close FILE; }
if ($pppsettings {'METHOD'} =~ /^(PPPOE|PPPOE_PLUGIN)$/) {
if (open(FILE, ">${General::swroot}/red/device")) { print FILE $iface; close FILE; }
$netsettings{'RED_DEV'} = $iface;
&dopppoedial();
} elsif ($pppsettings{'METHOD'} eq 'STATIC') {
my @staticcommand = ('/sbin/ifconfig');
push(@staticcommand, ($iface, $pppsettings{'IP'},'netmask', $pppsettings{'NETMASK'}));
if ($pppsettings{'BROADCAST'} ne '') {
push(@staticcommand, ('broadcast', $pppsettings{'BROADCAST'}));
}
system (@staticcommand);
system ("/sbin/route","add","default","gw",$pppsettings{'GATEWAY'});
system ("/bin/touch", "${General::swroot}/red/active");
} elsif ($pppsettings {'METHOD'} eq 'DHCP') {
dodhcpdial($iface,$pppsettings{'DHCP_HOSTNAME'});
}
} else {
# PPPoA
if (open(FILE, ">${General::swroot}/red/device")) { print FILE $iface; close FILE; }
$netsettings{'RED_DEV'} = $iface;
my @pppcommand = ('/usr/sbin/pppd','pty');
push(@pppcommand,"/usr/sbin/pppoa -I $iface ");
if ($pppsettings{'DNS'} eq 'Automatic') { push(@pppcommand, ('usepeerdns'));}
if ($pppsettings{'AUTH'} eq 'pap') {
push(@pppcommand, ('-chap'));
} elsif ($pppsettings{'AUTH'} eq 'chap') {
push(@pppcommand, ('-pap'));
}
if ($pppsettings{'RECONNECTION'} ne 'persistent') {
if ($pppsettings{'TIMEOUT'} != 0) {
my $seconds = $pppsettings{'TIMEOUT'} * 60;
push(@pppcommand, ('idle', "$seconds"));
}
if ($pppsettings{'RECONNECTION'} eq 'dialondemand') {
push (@pppcommand, ('demand','nopersist','connect','/bin/true'));
}
push (@pppcommand,
('active-filter',
'outbound and not icmp[0] == 3 and not tcp[13] & 4 != 0 ' ));
}
push(@pppcommand, ('noipdefault', 'defaultroute', 'user',
$pppsettings{'USERNAME'}, 'ipcp-accept-local', 'ipcp-accept-remote', 'passive',
'noaccomp', 'nopcomp', 'noccp', 'novj', 'nobsdcomp',
'nodeflate', 'lcp-echo-interval', '20', 'lcp-echo-failure', '3',
'lcp-max-configure', '50', 'maxfail', $pppsettings{'MAXRETRIES'}));
if ($pppsettings{'DEBUG'} eq 'on') {
push(@pppcommand, ('debug'));
}
system (@pppcommand);
}
}
sub dopulsardsldial
{
if (system ('/etc/rc.d/rc.pulsardsl','start')) {
&General::log ("ERROR: PULSAR ADSL modem failed to start");
exit 1;
}
doatmdial();
}
sub dobewanadsldial
{
if (system ('/etc/rc.d/rc.bewanadsl','start')) {
&General::log ("ERROR: Bewan ADSL MODEM failed to start");
exit 1;
}
doatmdial();
}
sub doalcatelusbkdial
{
if (system ('/etc/rc.d/rc.alcatelusbk','start')) {
&General::log ("ERROR: Alcatel USB kernel mode driver failed to start");
exit 1;
}
doatmdial();
}
sub doconexantusbadsldial
{
if (system ('/etc/rc.d/rc.conexantusbadsl','start')) {
&General::log ("ERROR: Conexant USB ADSL modem failed to start");
exit 1;
}
doatmdial();
}
sub doconexantpciadsldial
{
if (system ('/etc/rc.d/rc.conexantpciadsl','start')) {
&General::log ("ERROR: Conexant PCI ADSL modem failed to start");
exit 1;
}
doatmdial();
}
sub doamedynusbadsldial
{
if (system ('/etc/rc.d/rc.amedynusbadsl','start')) {
&General::log ("ERROR: Zyxel 630-11/Asus AAM6000UG USB ADSL modem failed to start");
exit 1;
}
doatmdial();
}
sub do3cp4218usbadsldial
{
if (system ('/etc/rc.d/rc.3cp4218usbadsl','start')) {
&General::log ("ERROR: 3Com USB AccessRunner modem failed to start");
exit 1;
}
doatmdial();
}
sub doatmdial
{
my $ENCAP;

657
src/misc-progs/ipsecctrl.c
View File

@@ -1,332 +1,325 @@
/*
*
* File originally from the Smoothwall project
* (c) 2001 Smoothwall Team
*
* $Id: ipsecctrl.c,v 1.5.2.14 2005/05/15 12:58:28 rkerr Exp $
*
*/
#include "libsmooth.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <signal.h>
#include "setuid.h"
void usage() {
fprintf (stderr, "Usage:\n");
fprintf (stderr, "\tipsecctrl S [connectionkey]\n");
fprintf (stderr, "\tipsecctrl D [connectionkey]\n");
fprintf (stderr, "\tipsecctrl R\n");
fprintf (stderr, "\t\tS : Start/Restart Connection\n");
fprintf (stderr, "\t\tD : Stop Connection\n");
fprintf (stderr, "\t\tR : Reload Certificates and Secrets\n");
}
void loadalgmodules() {
safe_system("/sbin/modprobe ipsec_3des");
safe_system("/sbin/modprobe ipsec_aes");
safe_system("/sbin/modprobe ipsec_blowfish");
safe_system("/sbin/modprobe ipsec_md5");
safe_system("/sbin/modprobe ipsec_serpent");
safe_system("/sbin/modprobe ipsec_sha1");
safe_system("/sbin/modprobe ipsec_sha2");
safe_system("/sbin/modprobe ipsec_twofish");
}
void ipsecrules(char *chain, char *interface)
{
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -A %s -p 47 -i %s -j ACCEPT", chain, interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p 50 -i %s -j ACCEPT", chain, interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p 51 -i %s -j ACCEPT", chain, interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p udp -i %s --sport 500 --dport 500 -j ACCEPT", chain, interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p udp -i %s --dport 4500 -j ACCEPT", chain, interface);
safe_system(str);
}
void addaliasinterfaces(char *configtype, char *redtype, char *redif, char *enablered, char*enableblue)
{
FILE *file = NULL;
char s[STRING_SIZE];
char *sptr;
char *aliasip=NULL;
char *enabled=NULL;
char *comment=NULL;
int count=0;
int alias=0;
int add=0;
if ( strcmp(enablered, "on") == 0 )
add += 1;
if ( strcmp(enableblue, "on") == 0 )
add += 1;
/* Check for CONFIG_TYPE=2 or 3 i.e. RED ethernet present. If not,
* exit gracefully. This is not an error... */
if (!((strcmp(configtype, "2")==0) || (strcmp(configtype, "3")==0) || (strcmp(configtype, "6")==0) || (strcmp(configtype, "7")==0)))
return;
/* Now check the RED_TYPE - aliases only work with STATIC. */
if (!(strcmp(redtype, "STATIC")==0))
return;
/* Now set up the new aliases from the config file */
if (!(file = fopen(CONFIG_ROOT "/ethernet/aliases", "r")))
{
fprintf(stderr, "Unable to open aliases configuration file\n");
return;
}
while (fgets(s, STRING_SIZE, file) != NULL && (add+alias) < 16)
{
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
sptr = strtok(s, ",");
count = 0;
aliasip = NULL;
enabled = NULL;
comment = NULL;
while (sptr)
{
if (count == 0)
aliasip = sptr;
if (count == 1)
enabled = sptr;
else
comment = sptr;
count++;
sptr = strtok(NULL, ",");
}
if (!(aliasip && enabled))
continue;
if (!VALID_IP(aliasip))
{
fprintf(stderr, "Bad alias : %s\n", aliasip);
return;
}
if (strcmp(enabled, "on") == 0)
{
memset(s, 0, STRING_SIZE);
snprintf(s, STRING_SIZE-1, "/usr/sbin/ipsec tncfg --attach --virtual ipsec%d --physical %s:%d >/dev/null", alias+add, redif, alias);
safe_system(s);
alias++;
}
}
}
int main(int argc, char *argv[]) {
int count;
char s[STRING_SIZE];
char configtype[STRING_SIZE];
char redtype[STRING_SIZE] = "";
char command[STRING_SIZE];
char *result;
char *key;
char *enabled;
char *name;
char *type;
char *running;
FILE *file = NULL;
struct keyvalue *kv = NULL;
char enablered[STRING_SIZE] = "off";
char enableblue[STRING_SIZE] = "off";
char redif[STRING_SIZE] = "";;
char blueif[STRING_SIZE] = "";
FILE *ifacefile = NULL;
if (!(initsetuid()))
exit(1);
if (argc < 2) {
usage();
exit(1);
}
/* FIXME: workaround for pclose() issue - still no real idea why
* this is happening */
signal(SIGCHLD, SIG_DFL);
/* Init the keyvalue structure */
kv=initkeyvalues();
/* Read in the current values */
if (!readkeyvalues(kv, CONFIG_ROOT "/vpn/settings"))
{
fprintf(stderr, "Cannot read vpn settings\n");
exit(1);
}
findkey(kv, "ENABLED", enablered);
findkey(kv, "ENABLED_BLUE", enableblue);
freekeyvalues(kv);
kv=initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
{
fprintf(stderr, "Cannot read ethernet settings\n");
exit(1);
}
if (!findkey(kv, "CONFIG_TYPE", configtype))
{
fprintf(stderr, "Cannot read CONFIG_TYPE\n");
exit(1);
}
findkey(kv, "RED_TYPE", redtype);
findkey(kv, "BLUE_DEV", blueif);
freekeyvalues(kv);
memset(redif, 0, STRING_SIZE);
if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))
{
if (fgets(redif, STRING_SIZE, ifacefile))
{
if (redif[strlen(redif) - 1] == '\n')
redif[strlen(redif) - 1] = '\0';
}
fclose (ifacefile);
ifacefile = NULL;
if (!VALID_DEVICE(redif))
{
memset(redif, 0, STRING_SIZE);
}
}
safe_system("/sbin/iptables -F IPSECRED");
if (!strcmp(enablered, "on") && strlen(redif)) {
ipsecrules("IPSECRED", redif);
}
safe_system("/sbin/iptables -F IPSECBLUE");
if (!strcmp(enableblue, "on")) {
if (VALID_DEVICE(blueif))
ipsecrules("IPSECBLUE", blueif);
else
{
fprintf(stderr, "IPSec enabled on blue but blue interface is invalid or not found\n");
exit(1);
}
}
/* Only shutdown pluto if it really is running */
if (argc == 2) {
if (strcmp(argv[1], "D") == 0) {
int fd;
/* Get pluto pid */
if ((fd = open("/var/run/pluto.pid", O_RDONLY)) != -1) {
safe_system("/etc/rc.d/ipsec stop 2> /dev/null >/dev/null");
close(fd);
}
}
}
if ((strcmp(enablered, "on") || !strlen(redif)) && strcmp(enableblue, "on"))
exit(0);
if (argc == 2) {
if (strcmp(argv[1], "S") == 0) {
loadalgmodules();
safe_system("/usr/sbin/ipsec tncfg --clear >/dev/null");
safe_system("/etc/rc.d/ipsec restart >/dev/null");
addaliasinterfaces(configtype, redtype, redif, enablered, enableblue);
} else if (strcmp(argv[1], "R") == 0) {
safe_system("/usr/sbin/ipsec auto --rereadall");
} else {
fprintf(stderr, "Bad arg\n");
usage();
exit(1);
}
} else if (strspn(argv[2], NUMBERS) == strlen(argv[2])) {
if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
fprintf(stderr, "Couldn't open vpn settings file");
exit(1);
}
while (fgets(s, STRING_SIZE, file) != NULL) {
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
running = strdup (s);
result = strsep(&running, ",");
count = 0;
key = NULL;
name = NULL;
enabled = NULL;
type = NULL;
while (result) {
if (count == 0)
key = result;
if (count == 1)
enabled = result;
if (count == 2)
name = result;
if (count == 4)
type = result;
count++;
result = strsep(&running, ",");
}
if (strcmp(key, argv[2]) != 0)
continue;
if (!(name && enabled))
continue;
if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {
fprintf(stderr, "Bad connection name: %s\n", name);
goto EXIT;
}
if (! (strcmp(type, "host") == 0 || strcmp(type, "net") == 0)) {
fprintf(stderr, "Bad connection type: %s\n", type);
goto EXIT;
}
if (strcmp(argv[1], "S") == 0 && strcmp(enabled, "on") == 0) {
safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --replace %s >/dev/null", name);
safe_system(command);
if (strcmp(type, "net") == 0) {
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --asynchronous --up %s >/dev/null", name);
safe_system(command);
}
} else if (strcmp(argv[1], "D") == 0) {
safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --down %s >/dev/null", name);
safe_system(command);
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --delete %s >/dev/null", name);
safe_system(command);
}
}
} else {
fprintf(stderr, "Bad arg\n");
usage();
exit(1);
}
EXIT:
if (file)
fclose(file);
return 0;
}
/*
*
* File originally from the Smoothwall project
* (c) 2001 Smoothwall Team
*
* $Id: ipsecctrl.c,v 1.5.2.14 2005/05/15 12:58:28 rkerr Exp $
*
*/
#include "libsmooth.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <signal.h>
#include "setuid.h"
void usage() {
fprintf (stderr, "Usage:\n");
fprintf (stderr, "\tipsecctrl S [connectionkey]\n");
fprintf (stderr, "\tipsecctrl D [connectionkey]\n");
fprintf (stderr, "\tipsecctrl R\n");
fprintf (stderr, "\t\tS : Start/Restart Connection\n");
fprintf (stderr, "\t\tD : Stop Connection\n");
fprintf (stderr, "\t\tR : Reload Certificates and Secrets\n");
}
void loadalgmodules() {
safe_system("/sbin/modprobe ipsec");
}
void ipsecrules(char *chain, char *interface)
{
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -A %s -p 47 -i %s -j ACCEPT", chain, interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p 50 -i %s -j ACCEPT", chain, interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p 51 -i %s -j ACCEPT", chain, interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p udp -i %s --sport 500 --dport 500 -j ACCEPT", chain, interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p udp -i %s --dport 4500 -j ACCEPT", chain, interface);
safe_system(str);
}
void addaliasinterfaces(char *configtype, char *redtype, char *redif, char *enablered, char*enableblue)
{
FILE *file = NULL;
char s[STRING_SIZE];
char *sptr;
char *aliasip=NULL;
char *enabled=NULL;
char *comment=NULL;
int count=0;
int alias=0;
int add=0;
if ( strcmp(enablered, "on") == 0 )
add += 1;
if ( strcmp(enableblue, "on") == 0 )
add += 1;
/* Check for CONFIG_TYPE=2 or 3 i.e. RED ethernet present. If not,
* exit gracefully. This is not an error... */
if (!((strcmp(configtype, "2")==0) || (strcmp(configtype, "3")==0) || (strcmp(configtype, "6")==0) || (strcmp(configtype, "7")==0)))
return;
/* Now check the RED_TYPE - aliases only work with STATIC. */
if (!(strcmp(redtype, "STATIC")==0))
return;
/* Now set up the new aliases from the config file */
if (!(file = fopen(CONFIG_ROOT "/ethernet/aliases", "r")))
{
fprintf(stderr, "Unable to open aliases configuration file\n");
return;
}
while (fgets(s, STRING_SIZE, file) != NULL && (add+alias) < 16)
{
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
sptr = strtok(s, ",");
count = 0;
aliasip = NULL;
enabled = NULL;
comment = NULL;
while (sptr)
{
if (count == 0)
aliasip = sptr;
if (count == 1)
enabled = sptr;
else
comment = sptr;
count++;
sptr = strtok(NULL, ",");
}
if (!(aliasip && enabled))
continue;
if (!VALID_IP(aliasip))
{
fprintf(stderr, "Bad alias : %s\n", aliasip);
return;
}
if (strcmp(enabled, "on") == 0)
{
memset(s, 0, STRING_SIZE);
snprintf(s, STRING_SIZE-1, "/usr/sbin/ipsec tncfg --attach --virtual ipsec%d --physical %s:%d >/dev/null", alias+add, redif, alias);
safe_system(s);
alias++;
}
}
}
int main(int argc, char *argv[]) {
int count;
char s[STRING_SIZE];
char configtype[STRING_SIZE];
char redtype[STRING_SIZE] = "";
char command[STRING_SIZE];
char *result;
char *key;
char *enabled;
char *name;
char *type;
char *running;
FILE *file = NULL;
struct keyvalue *kv = NULL;
char enablered[STRING_SIZE] = "off";
char enableblue[STRING_SIZE] = "off";
char redif[STRING_SIZE] = "";;
char blueif[STRING_SIZE] = "";
FILE *ifacefile = NULL;
if (!(initsetuid()))
exit(1);
if (argc < 2) {
usage();
exit(1);
}
/* FIXME: workaround for pclose() issue - still no real idea why
* this is happening */
signal(SIGCHLD, SIG_DFL);
/* Init the keyvalue structure */
kv=initkeyvalues();
/* Read in the current values */
if (!readkeyvalues(kv, CONFIG_ROOT "/vpn/settings"))
{
fprintf(stderr, "Cannot read vpn settings\n");
exit(1);
}
findkey(kv, "ENABLED", enablered);
findkey(kv, "ENABLED_BLUE", enableblue);
freekeyvalues(kv);
kv=initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
{
fprintf(stderr, "Cannot read ethernet settings\n");
exit(1);
}
if (!findkey(kv, "CONFIG_TYPE", configtype))
{
fprintf(stderr, "Cannot read CONFIG_TYPE\n");
exit(1);
}
findkey(kv, "RED_TYPE", redtype);
findkey(kv, "BLUE_DEV", blueif);
freekeyvalues(kv);
memset(redif, 0, STRING_SIZE);
if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))
{
if (fgets(redif, STRING_SIZE, ifacefile))
{
if (redif[strlen(redif) - 1] == '\n')
redif[strlen(redif) - 1] = '\0';
}
fclose (ifacefile);
ifacefile = NULL;
if (!VALID_DEVICE(redif))
{
memset(redif, 0, STRING_SIZE);
}
}
safe_system("/sbin/iptables -F IPSECRED");
if (!strcmp(enablered, "on") && strlen(redif)) {
ipsecrules("IPSECRED", redif);
}
safe_system("/sbin/iptables -F IPSECBLUE");
if (!strcmp(enableblue, "on")) {
if (VALID_DEVICE(blueif))
ipsecrules("IPSECBLUE", blueif);
else
{
fprintf(stderr, "IPSec enabled on blue but blue interface is invalid or not found\n");
exit(1);
}
}
/* Only shutdown pluto if it really is running */
if (argc == 2) {
if (strcmp(argv[1], "D") == 0) {
int fd;
/* Get pluto pid */
if ((fd = open("/var/run/pluto.pid", O_RDONLY)) != -1) {
safe_system("/etc/rc.d/init.d/ipsec stop 2> /dev/null >/dev/null");
close(fd);
}
}
}
if ((strcmp(enablered, "on") || !strlen(redif)) && strcmp(enableblue, "on"))
exit(0);
if (argc == 2) {
if (strcmp(argv[1], "S") == 0) {
loadalgmodules();
safe_system("/usr/sbin/ipsec tncfg --clear >/dev/null");
safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null");
addaliasinterfaces(configtype, redtype, redif, enablered, enableblue);
} else if (strcmp(argv[1], "R") == 0) {
safe_system("/usr/sbin/ipsec auto --rereadall");
} else {
fprintf(stderr, "Bad arg\n");
usage();
exit(1);
}
} else if (strspn(argv[2], NUMBERS) == strlen(argv[2])) {
if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
fprintf(stderr, "Couldn't open vpn settings file");
exit(1);
}
while (fgets(s, STRING_SIZE, file) != NULL) {
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
running = strdup (s);
result = strsep(&running, ",");
count = 0;
key = NULL;
name = NULL;
enabled = NULL;
type = NULL;
while (result) {
if (count == 0)
key = result;
if (count == 1)
enabled = result;
if (count == 2)
name = result;
if (count == 4)
type = result;
count++;
result = strsep(&running, ",");
}
if (strcmp(key, argv[2]) != 0)
continue;
if (!(name && enabled))
continue;
if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {
fprintf(stderr, "Bad connection name: %s\n", name);
goto EXIT;
}
if (! (strcmp(type, "host") == 0 || strcmp(type, "net") == 0)) {
fprintf(stderr, "Bad connection type: %s\n", type);
goto EXIT;
}
if (strcmp(argv[1], "S") == 0 && strcmp(enabled, "on") == 0) {
safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --replace %s >/dev/null", name);
safe_system(command);
if (strcmp(type, "net") == 0) {
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --asynchronous --up %s >/dev/null", name);
safe_system(command);
}
} else if (strcmp(argv[1], "D") == 0) {
safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --down %s >/dev/null", name);
safe_system(command);
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --delete %s >/dev/null", name);
safe_system(command);
}
}
} else {
fprintf(stderr, "Bad arg\n");
usage();
exit(1);
}
EXIT:
if (file)
fclose(file);
return 0;
}

17
src/patches/fritz-dsl-gcc-4-fix.patch Normal file
View File

@@ -0,0 +1,17 @@
--- src/tools.h~ 2007-01-02 18:28:19.000000000 +0100
+++ src/tools.h 2007-01-06 18:12:16.000000000 +0100
@@ -71,12 +71,12 @@
/*---------------------------------------------------------------------------*\
\*---------------------------------------------------------------------------*/
-static inline unsigned long atomic_xchg (
+/* static inline unsigned long atomic_xchg (
volatile atomic_t * v,
unsigned value
) {
return __xchg (value, &v->counter, sizeof (unsigned));
-} /* atomic_xchg */
+} */ /* atomic_xchg */
/*---------------------------------------------------------------------------*\
\*---------------------------------------------------------------------------*/

19
src/patches/fritz-fcdslusb-owner.patch Normal file
View File

@@ -0,0 +1,19 @@
--- main.c~ 2005-08-05 00:00:00.000000000 +0200
+++ main.c 2007-01-06 19:00:26.000000000 +0100
@@ -77,8 +77,14 @@
static struct usb_driver usb_driver = {
- .owner = THIS_MODULE,
- .name = TARGET,
+#ifndef OLD_USB_DRIVER
+ .driver = {
+#endif
+ .owner = THIS_MODULE,
+ .name = TARGET,
+#ifndef OLD_USB_DRIVER
+ },
+#endif
.id_table = usb_id_table,
.probe = usb_probe,
.disconnect = usb_disconnect,