webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-26 19:00:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into check_mk

Browse Source
This commit is contained in:
Timo Eissler
2013-10-20 00:46:53 +02:00
parent f974c1d4bc cd010e09a3
commit 2d490a7304
297 changed files with 19284 additions and 2869 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1613
src/hwdata/pci.ids
View File

File diff suppressed because it is too large Load Diff

6
src/hwdata/usb.ids
View File

@@ -9,8 +9,8 @@
# The latest version can be obtained from
# http://www.linux-usb.org/usb.ids
#
# Version: 2013.03.25
# Date: 2013-03-25 20:34:03
# Version: 2013.05.24
# Date: 2013-05-24 20:34:03
#
# Vendors, devices and interfaces. Please keep sorted.
@@ -9812,6 +9812,8 @@
0955 NVidia Corp.
7030 Tegra 3 (recovery mode)
7100 Notion Ink Adam
b400 SHIELD (debug)
b401 SHIELD
0956 BSquare Corp.
0957 Agilent Technologies, Inc.
0200 E-Video DC-350 Camera

28
src/initscripts/init.d/console
View File

@@ -21,19 +21,21 @@ eval $(/usr/local/bin/readhash /var/ipfire/main/settings)
FONT="lat0-16"
KEYMAP_CORRECTIONS="euro2"
if [ "$LANGUAGE" == "de" ]; then
LEGACY_CHARSET="iso-8859-15"
#FONT="LatArCyrHeb-16 -m 8859-15"
FONT="lat0-16 -m 8859-15"
fi
if [ "$LANGUAGE" == "pl" ]; then
FONT="lat2-16"
fi
if [ "$LANGUAGE" == "ru" ]; then
FONT="LatArCyrHeb-16"
fi
case "${LANGUAGE}" in
# German
de)
LEGACY_CHARSET="iso-8859-15"
FONT="lat0-16 -m 8859-15"
;;
# Polish
pl)
FONT="lat2-16"
;;
# Russish/Turkish
ru|tr)
FONT="LatArCyrHeb-16"
;;
esac
UNICODE="1"
BROKEN_COMPOSE="0"

29
src/initscripts/init.d/dnsmasq
View File

@@ -22,8 +22,31 @@ fi
SHOW_SRV=1
function dns_forward_args() {
local file="${1}"
# Do nothing if file is empty.
[ -s "${file}" ] || return
local cmdline
local enabled zone server remark
while IFS="," read -r enabled zone server remark; do
# Line must be enabled.
[ "${enabled}" = "on" ] || continue
cmdline="${cmdline} --server=/${zone}/${server}"
done < ${file}
echo "${cmdline}"
}
case "${1}" in
start)
# kill already running copy of dnsmasq...
killproc /usr/sbin/dnsmasq 2>&1 > /dev/null
boot_mesg "Starting Domain Name Service Proxy..."
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
@@ -44,8 +67,12 @@ case "${1}" in
fi
fi
[ -e "/var/ipfire/red/active" ] && ARGS="$ARGS -r /var/ipfire/red/resolv.conf"
ARGS="$ARGS --domain=`cat /var/ipfire/main/settings |grep DOMAIN |cut -d = -f 2`"
# Add custom forward dns zones.
ARGS="${ARGS} $(dns_forward_args /var/ipfire/dnsforward/config)"
ARGS="$ARGS $CUSTOM_ARGS"
loadproc /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $ARGS

6
src/initscripts/init.d/firewall
View File

@@ -183,9 +183,15 @@ case "$1" in
/sbin/iptables -A FORWARD -j IPSECFORWARD
/sbin/iptables -A FORWARD -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL FORWARD"
/sbin/iptables -A OUTPUT -j IPSECOUTPUT
/sbin/iptables -t nat -N OVPNNAT
/sbin/iptables -t nat -N IPSECNAT
/sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
# TOR
/sbin/iptables -N TOR_INPUT
/sbin/iptables -A INPUT -j TOR_INPUT
# Outgoing Firewall
/sbin/iptables -A FORWARD -j OUTGOINGFWMAC

46
src/initscripts/init.d/keepalived Normal file
View File

@@ -0,0 +1,46 @@
#!/bin/sh
########################################################################
# Begin $rc_base/init.d/keepalived
#
# Description : keepalive daemon initscript
#
########################################################################
. /etc/sysconfig/rc
. ${rc_functions}
[ -r "/etc/sysconfig/keepalive" ] && . /etc/sysconfig/keepalive
case "${1}" in
start)
boot_mesg "Starting keepalive daemon..."
loadproc /usr/sbin/keepalived ${KEEPALIVED_OPTIONS}
;;
stop)
boot_mesg "Stopping keepalive daemon..."
killproc /usr/sbin/keepalived
;;
reload)
boot_mesg "Reloading keepalive daemon..."
reloadproc /etc/sbin/keepalived
;;
restart)
${0} stop
sleep 1
${0} start
;;
status)
statusproc /usr/sbin/keepalived
;;
*)
echo "Usage: ${0} {start|stop|reload|restart|status}"
exit 1
;;
esac
# End $rc_base/init.d/keepalived

71
src/initscripts/init.d/lcdproc Normal file
View File

@@ -0,0 +1,71 @@
#!/bin/sh
########################################################################
# Begin $rc_base/init.d/lcdproc
#
# Description :
#
# Authors :
#
# Version : 00.00
#
# Notes :
#
########################################################################
. /etc/sysconfig/rc
. ${rc_functions}
CLIENT="lcdproc"
CONFIG_FILE="/etc/sysconfig/lcdproc"
# Read the configuration file if any.
[ -e "${CONFIG_FILE}" ] && . ${CONFIG_FILE}
case "${1}" in
start)
boot_mesg "Starting LCDd..."
loadproc /usr/sbin/LCDd -c /etc/lcdproc/LCDd.conf 2>/dev/null
case "${CLIENT}" in
lcdproc)
boot_mesg "Starting lcdproc..."
loadproc /usr/bin/lcdproc -c /etc/lcdproc/lcdproc.conf 2>/dev/null
;;
vc)
boot_mesg "Starting LCD virtual console..."
loadproc /usr/bin/lcdvc -c /etc/lcdproc/lcdvc.conf 2>/dev/null
;;
esac
;;
stop)
boot_mesg "Stopping LCDd..."
killproc /usr/sbin/LCDd
boot_mesg "Stopping lcdproc..."
killproc /usr/bin/lcdproc
boot_mesg "Stopping LCD virtual console..."
killproc /usr/bin/lcdvc
;;
restart)
${0} stop
sleep 1
${0} start
;;
status)
statusproc /usr/sbin/LCDd
statusproc /usr/bin/lcdproc
statusproc /usr/bin/lcdvc
;;
*)
echo "Usage: ${0} {start|stop|restart|status}"
exit 1
;;
esac
# End $rc_base/init.d/lcdproc

7
src/initscripts/init.d/network-vlans
View File

@@ -31,13 +31,18 @@ eval $(/usr/local/bin/readhash ${CONFIG_FILE})
# This is start or stop.
action=${1}
for interface in green0 blue0 orange0; do
for interface in green0 red0 blue0 orange0; do
case "${interface}" in
green*)
PARENT_DEV=${GREEN_PARENT_DEV}
VLAN_ID=${GREEN_VLAN_ID}
MAC_ADDRESS=${GREEN_MAC_ADDRESS}
;;
red*)
PARENT_DEV=${RED_PARENT_DEV}
VLAN_ID=${RED_VLAN_ID}
MAC_ADDRESS=${RED_MAC_ADDRESS}
;;
blue*)
PARENT_DEV=${BLUE_PARENT_DEV}
VLAN_ID=${BLUE_VLAN_ID}

147
src/initscripts/init.d/networking/functions.network Normal file
View File

@@ -0,0 +1,147 @@
#!/bin/sh
#
########################################################################
# Begin
#
# Description : A collection of functions for the IPFire network scripts
#
# Authors : IPFire Development Team <developers@ipfire.org>
#
# Version : 01.00
#
# Notes :
#
########################################################################
. /etc/sysconfig/rc
. $rc_functions
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
eval $(/usr/local/bin/readhash /var/ipfire/dns/settings)
dhcpcd_get_pid() {
# This function returns the pid of a dhcpcd by a given
# network device, if a pidfile exists.
local device="$1"
local pidfile="/var/run/dhcpcd-${device}.pid"
# Check if a pid file exists.
if [ -f "${pidfile}" ] ; then
# Get the pid from the file.
local pid="$(<"${pidfile}")"
echo "${pid}"
fi
}
dhcpcd_is_running() {
# This functions checks if a dhcpcd is running by a given pid.
local pid="$1"
# Check if a dhcpcd is running.
if [ -n "${pid}" -a -d "/proc/${pid}" ]; then
# Return "0" (True) if a dhcpcd is running.
return 0
fi
# Return 1 (False) no dhcpcd is running.
return 1
}
dhcpcd_start() {
# This function will start a dhcpcd on a speciefied device.
local device="$1"
local dhcp_start=""
boot_mesg -n "Starting dhcpcd on the ${device} interface..."
# Check if a dhcpcd is already running.
local pid="$(dhcpcd_get_pid "${device}")"
if dhcpcd_is_running "${pid}"; then
boot_mesg "dhcpcd already running!" ${WARNING}
echo_warning
exit 2
fi
# Check if a DHCP hostname has been set.
if [ -n "${RED_DHCP_HOSTNAME}" ]; then
dhcp_start+="-h ${RED_DHCP_HOSTNAME}"
fi
# Start dhcpcd.
/sbin/dhcpcd "${device}" "${dhcp_start}" >/dev/null 2>&1
ret="$?"
if [ "${ret}" -eq 0 ]; then
. /var/ipfire/dhcpc/dhcpcd-"${device}".info
echo ""
echo_ok
boot_mesg " DHCP Assigned Settings for ${device}:"
boot_mesg_flush
boot_mesg " IP Address: $ip_address"
boot_mesg_flush
if [ -n "${RED_DHCP_HOSTNAME}" ]; then
boot_mesg " Hostname: $RED_DHCP_HOSTNAME"
boot_mesg_flush
fi
boot_mesg " Subnet Mask: $subnet_mask"
boot_mesg_flush
boot_mesg " Default Gateway: $routers"
boot_mesg_flush
boot_mesg " DNS Server: $domain_name_servers"
boot_mesg_flush
else
echo ""
$(exit "${ret}")
evaluate_retval
fi
}
dhcpcd_stop() {
# This function stops a previously started dhcpcd on a given device.
local device="$1"
local dhcp_stop="-k"
local leaseinfo="/var/ipfire/dhcpc/dhcpcd-${device}.info"
boot_mesg -n "Stopping dhcpcd on the ${device} interface..."
# Check if a dhcpcd is running.
local pid="$(dhcpcd_get_pid "${device}")"
if ! dhcpcd_is_running "${pid}"; then
boot_mesg " Not running." ${WARNING}
echo_warning
exit 1
fi
# Stop dhcpcd.
/sbin/dhcpcd "${device}" "${dhcp_stop}" &> /dev/null
ret="$?"
# Wait until dhcpd has stopped.
while [ -d "/proc/${pid}" ]; do
sleep 1
done
# Display console message, depended on the exit code
# of the stopped dhcpcd.
if [ "${ret}" -eq 0 ]; then
boot_mesg
echo_ok
elif [ "${ret}" -eq 1 ]; then
boot_mesg "failed to stop dhcpcd!" ${WARNING}
echo_warning
else
boot_mesg
echo_failure
fi
}

139
src/initscripts/init.d/networking/red
View File

@@ -17,6 +17,7 @@
. /etc/sysconfig/rc
. ${rc_functions}
. /etc/init.d/networking/functions.network
#Define some defaults
INET_VLAN=7
@@ -77,11 +78,6 @@ if [ "${TYPE}" == "STATIC" ]; then
fi
fi
PIDFILE="/var/run/dhcpcd-${DEVICE}.pid"
LEASEINFO="/var/ipfire/dhcpc/dhcpcd-${DEVICE}.info"
DHCP_START=" "
DHCP_STOP="-k "
case "${1}" in
start)
if [ "${DEVICE}" != "${GREEN_DEV}" ] && [ "${DEVICE}" != "" ]; then
@@ -137,87 +133,24 @@ case "${1}" in
/usr/local/bin/setaliases
elif [ "${TYPE}" == "DHCP" ]; then
# Add firewall rules to allow comunication with the dhcp server on red.
iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i ${DEVICE} -j ACCEPT
iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i ${DEVICE} -j ACCEPT
if [ -e $LEASEINFO ]; then
boot_mesg -n "Stopping dhcpcd on the ${DEVICE} interface..."
. $LEASEINFO
if [ "$dhcp_lease_time" = "4294967295" ]; then
# do nothing, just echo ok
echo ""
echo_ok
else
if [ -n "$DHCP_STOP" ]; then
/sbin/dhcpcd ${DEVICE} $DHCP_STOP &> /dev/null
RET="$?"
if [ "$RET" -eq 0 ]; then
echo ""
echo_ok
elif [ "$RET" -eq 1 ]; then
boot_mesg "dhcpcd not running!" ${WARNING}
echo_warning
else
echo ""
echo_failure
fi
else
echo ""
killproc dhcpcd
fi
fi
fi
boot_mesg -n "Starting dhcpcd on the ${DEVICE} interface..."
echo -n "${DEVICE}" > /var/ipfire/red/iface
# Check if the wlan-client is used on red.
# To determine this we check if a wpa_supplicant is running.
pid="$(pidof wpa_supplicant)"
if [ -z "${pid}" ]; then
# No wpa_supplicant is running. So it's save to start dhcpcd.
dhcpcd_start "${DEVICE}"
fi
## Create & Enable vnstat
/usr/bin/vnstat -u -i ${DEVICE} -r --enable --force > /dev/null 2>&1
# Test to see if there is a stale pid file
if [ -f "$PIDFILE" ]; then
ps `cat "$PIDFILE"` | grep dhcpcd > /dev/null
if [ $? != 0 ]; then
rm -f /var/run/dhcpcd-${DEVICE}.pid > /dev/null
else
boot_mesg "dhcpcd already running!" ${WARNING}
echo_warning
exit 2
fi
fi
iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i ${DEVICE} -j ACCEPT
iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i ${DEVICE} -j ACCEPT
if [ -n "${RED_DHCP_HOSTNAME}" ]; then
DHCP_START+="-h ${RED_DHCP_HOSTNAME} "
fi
/sbin/dhcpcd ${DEVICE} ${DHCP_START} >/dev/null 2>&1
RET="$?"
if [ "$RET" = "0" ]; then
. /var/ipfire/dhcpc/dhcpcd-${DEVICE}.info
echo ""
echo_ok
boot_mesg " DHCP Assigned Settings for ${DEVICE}:"
boot_mesg_flush
boot_mesg " IP Address: $ip_address"
boot_mesg_flush
if [ -n "${RED_DHCP_HOSTNAME}" ]; then
boot_mesg " Hostname: $RED_DHCP_HOSTNAME"
boot_mesg_flush
fi
boot_mesg " Subnet Mask: $subnet_mask"
boot_mesg_flush
boot_mesg " Default Gateway: $routers"
boot_mesg_flush
boot_mesg " DNS Server: $domain_name_servers"
boot_mesg_flush
else
echo ""
$(exit "$RET")
evaluate_retval
fi
elif [ "$TYPE" == "PPPOE" ]; then
if ( ps ax | grep -q [p]ppd ); then
@@ -455,10 +388,18 @@ case "${1}" in
### Standard PPP options we always use
#
PPP_STD_OPTIONS="$PLUGOPTS $DNS defaultroute noipdefault noauth"
PPP_STD_OPTIONS+=" default-asyncmap hide-password nodetach mtu ${MTU}"
PPP_STD_OPTIONS+=" mru ${MRU} noaccomp nodeflate nopcomp novj novjccomp"
PPP_STD_OPTIONS+=" default-asyncmap hide-password nodetach"
PPP_STD_OPTIONS+=" noaccomp nodeflate nopcomp novj novjccomp"
PPP_STD_OPTIONS+=" nobsdcomp user ${USERNAME} lcp-echo-interval 20"
PPP_STD_OPTIONS+=" lcp-echo-failure 5 ${AUTH}"
if [ -n "${MTU}" ]; then
PPP_STD_OPTIONS="${PPP_STD_OPTIONS} mtu ${MTU}"
fi
if [ -n "${MRU}" ]; then
PPP_STD_OPTIONS="${PPP_STD_OPTIONS} mru ${MRU}"
fi
### Debugging
#
@@ -525,33 +466,15 @@ case "${1}" in
# Add a NaN value to ppp0 rrd to supress spikes at reconnect
rrdtool update $RRDLOG/collectd/localhost/interface/if_octets-ppp0.rrd \
$(date +%s):: > /dev/null 2>&1
fi
if [ -e $LEASEINFO ]; then
boot_mesg -n "Stopping dhcpcd on the ${DEVICE} interface..."
. $LEASEINFO
if [ "$dchp_lease_time" = "4294967295" ]; then
# do nothing, just echo ok
echo ""
echo_ok
else
if [ -n "$DHCP_STOP" ]; then
/sbin/dhcpcd ${DEVICE} $DHCP_STOP &> /dev/null
RET="$?"
if [ "$RET" -eq 0 ]; then
echo ""
echo_ok
elif [ "$RET" -eq 1 ]; then
boot_mesg "dhcpcd not running!" ${WARNING}
echo_warning
else
echo ""
echo_failure
fi
else
echo ""
killproc dhcpcd
fi
elif [ "$TYPE" == "DHCP" ]; then
# Check if the wlan-client is used on red.
# To determine this we check if a wpa_supplicant is running.
pid="$(pidof wpa_supplicant)"
if [ -z "${pid}" ]; then
# Stop dhcpcd.
dhcpcd_stop "${DEVICE}"
fi
fi

50
src/initscripts/init.d/networking/wpa_supplicant.exe Normal file
View File

@@ -0,0 +1,50 @@
#!/bin/bash
########################################################################
# Begin
#
# Description : wpa_supplicant Script
#
# Authors : IPFire Development Team <developers@ipfire.org>
#
# Version : 01.00
#
# Notes : This script starts/stops the dhclient if a WPA/WPA2
# connection to an AP successfull has been established
# or disconnected.
#
########################################################################
. /etc/sysconfig/rc
. ${rc_functions}
. /etc/init.d/networking/functions.network
# Gather required information from wpa_cli.
device="$1"
wpa_state="$2"
# Check if the RED device has been configured to use DHCP or exit immediately.
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
if [ ! "${RED_TYPE}" == "DHCP" ] ; then
exit 0
fi
case "${wpa_state}" in
CONNECTED)
# Start dhcpcd.
dhcpcd_start "${device}"
exit 0
;;
DISCONNECTED)
# Stop dhcpcd.
dhcpcd_stop "${device}"
exit 0
;;
*)
# When we ever got here, there is a really big problem.
exit 1
;;
esac

43
src/initscripts/init.d/pound
View File

@@ -1,43 +1,23 @@
#!/bin/sh
########################################################################
# Begin $rc_base/init.d/pound
#
# Description : pound reverse-proxy
#
########################################################################
. /etc/sysconfig/rc
. ${rc_functions}
PATH=/bin:/usr/bin:/sbin:/usr/sbin
test -x /usr/sbin/pound || exit 0
# For configuration of the init script use the file
# /etc/sysconfig/pound, do not edit this init script.
# Set run_pound to 1 to start pound or 0 to disable it.
run_pound=0
# Specify additional pound options here (see manpage).
pound_options=""
# Specify module to load
pound_module="none"
[ -e /etc/sysconfig/pound ] && . /etc/sysconfig/pound
DAEMON=/usr/sbin/pound
case "${1}" in
start)
boot_mesg "Starting pound ..."
if [ $run_pound = 1 ]
then
# do we have to load a module?
[ ${pound_module:-none} != "none" ] && /sbin/modprobe $pound_module
loadproc $DAEMON $pound_options
fi
boot_mesg "Starting pound reverse-proxy..."
loadproc /usr/sbin/pound
;;
stop)
boot_mesg "Stopping pound ..."
killproc $DAEMON
boot_mesg "Stopping pound reverse-proxy..."
killproc /usr/sbin/pound
;;
restart)
@@ -47,7 +27,7 @@ case "${1}" in
;;
status)
statusproc $DAEMON
statusproc /usr/sbin/pound
;;
*)
@@ -56,3 +36,4 @@ case "${1}" in
;;
esac
# End $rc_base/init.d/pound

27
src/initscripts/init.d/squid
View File

@@ -86,10 +86,31 @@ case "$1" in
boot_mesg "Stopping Squid Proxy Server..."
squid -k shutdown >/dev/null 2>&1
evaluate_retval
killproc /usr/bin/squidGuard >/dev/null
killproc /usr/sbin/updxlrator >/dev/null
killproc /usr/bin/squidclamav >/dev/null
# Stop squidGuard, updxlrator, squidclamav
# and redirect_wrappers.
killproc /usr/bin/squidGuard >/dev/null &
killproc /usr/sbin/updxlrator >/dev/null &
killproc /usr/bin/squidclamav >/dev/null &
killproc /usr/sbin/redirect_wrapper >/dev/null &
# Wait until all redirectors have been stopped.
wait
# If squid is still running, wait up to 30 seconds
# before we go on to kill it.
counter=30
while [ ${counter} -gt 0 ]; do
statusproc /usr/sbin/squid >/dev/null && break;
sleep 1
counter=$(( ${counter} - 1))
done
# Kill squid service, if still running.
killproc /usr/sbin/squid >/dev/null
# Trash remain pid file from squid.
rm -rf /var/run/squid.pid
fi
;;

88
src/initscripts/init.d/tor Normal file
View File

@@ -0,0 +1,88 @@
#!/bin/sh
########################################################################
# Begin $rc_base/init.d/tor
#
# Description : Anonymizing overlay network for TCP
#
########################################################################
. /etc/sysconfig/rc
. ${rc_functions}
eval $(/usr/local/bin/readhash /var/ipfire/tor/settings)
function tor_is_enabled() {
[ "${TOR_ENABLED}" = "on" ] || [ "${TOR_RELAY_ENABLED}" = "on" ]
}
function setup_firewall() {
# Flush all rules.
flush_firewall
if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_PORT}" -j ACCEPT
fi
}
function flush_firewall() {
# Flush all rules.
iptables -F TOR_INPUT
}
case "${1}" in
start)
tor_is_enabled || exit 0
# Setup firewall.
setup_firewall
boot_mesg "Starting tor..."
loadproc /usr/bin/tor \
--runasdaemon 1 \
--defaults-torrc /usr/share/tor/defaults-torrc \
-f /etc/tor/torrc \
--quiet
;;
stop)
# Flush firewall.
flush_firewall
boot_mesg "Stopping tor..."
killproc /usr/bin/tor
;;
reload)
# Setup firewall.
setup_firewall
boot_mesg "Reloading tor..."
reloadproc /usr/bin/tor
;;
restart)
${0} stop
sleep 1
${0} start
;;
reload-or-restart)
# Reload the process if it is already running. Otherwise, restart.
if pidofproc -s /usr/bin/tor; then
$0 reload
else
$0 restart
fi
;;
status)
statusproc /usr/bin/tor
;;
*)
echo "Usage: ${0} {start|stop|reload|restart|reload-or-restart|status}"
exit 1
;;
esac
# End $rc_base/init.d/tor

283
src/initscripts/init.d/wlanclient Normal file
View File

@@ -0,0 +1,283 @@
#!/bin/sh
########################################################################
# Begin $rc_base/init.d/wlan_client
#
# Description : Wireless client initscript
#
########################################################################
. /etc/sysconfig/rc
. ${rc_functions}
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
WIRELESS_CONFIG="/var/ipfire/ethernet/wireless"
function device_is_wireless() {
local device=${1}
if [ -d "/sys/class/net/${device}/wireless" ]; then
return 0
fi
return 1
}
function wpa_supplicant_make_config() {
local device=${1}
local config=${2}
shift 2
# Check if device is wireless.
local wireless="false"
if device_is_wireless ${device}; then
wireless="true"
fi
# Write a configuration file header.
(
echo "#"
echo "# THIS FILE IS AUTOMATICALLY GENERATED AND"
echo "# ANY CUSTOM CHANGES WILL BE OVERWRITTEN!"
echo "#"
echo
echo "ctrl_interface=/var/run/wpa_supplicant"
echo
) > ${config}
local items=0
local line
while IFS="," read -ra line; do
# Skip commented lines.
[ "${line:0:1}" = "#" ] && continue
# Skip disabled entries.
[ "${line[2]}" = "on" ] || continue
wpa_supplicant_config_line \
${device} ${config} \
--wireless="${wireless}" \
--mode="${line[3]}" \
--wpa-mode="${line[4]}" \
--ssid="${line[5]}" \
--psk="${line[6]}" \
--priority="${line[7]}"
items=$(( ${items} + 1 ))
done < ${WIRELESS_CONFIG}
# Return exit code 2, when there are no entries in the
# configuration file.
if [ "${items}" = "0" ]; then
return 2
fi
return 0
}
function wpa_supplicant_config_line() {
local device=${1}
local config=${2}
shift 2
local auth_alg
local proto
local key_mgmt
local pairwise
local group
local mode
local priority
local psk
local ssid
local wep_tx_keyidx
local wep_key0
local wireless="true"
local wpa_mode
while [ $# -gt 0 ]; do
case "${1}" in
--mode=*)
mode=${1#--mode=}
;;
--priority=*)
priority=${1#--priority=}
;;
--psk=*)
psk=${1#--psk=}
;;
--ssid=*)
ssid=${1#--ssid=}
;;
--wireless=*)
wireless=${1#--wireless=}
;;
--wpa-mode=*)
wpa_mode=${1#--wpa-mode=}
;;
esac
shift
done
case "${mode}" in
WPA2)
auth_alg="OPEN"
proto="RSN"
key_mgmt="WPA-PSK"
;;
WPA)
auth_alg="OPEN"
proto="WPA"
key_mgmt="WPA-PSK"
;;
WEP)
auth_alg="SHARED"
key_mgmt="NONE"
wep_tx_keyidx=0
wep_key0=${psk}
psk=""
;;
NONE)
auth_alg="OPEN"
key_mgmt="NONE"
;;
*)
# Unsupported mode.
return 1
;;
esac
if [ "${mode}" = "WPA" -o "${mode}" = "WPA2" ]; then
case "${wpa_mode}" in
CCMP-CCMP)
pairwise="CCMP"
group="CCMP"
;;
CCMP-TKIP)
pairwise="CCMP"
group="TKIP"
;;
TKIP-TKIP)
pairwise="TKIP"
group="TKIP"
;;
*)
pairwise="CCMP TKIP"
group="CCMP TKIP"
;;
esac
fi
(
echo "network={"
if [ -n "${ssid}" ]; then
echo " ssid=\"${ssid}\""
fi
if [ "${wireless}" = "true" ]; then
echo " scan_ssid=1"
fi
if [ -n "${auth_alg}" ]; then
echo " auth_alg=${auth_alg}"
fi
if [ -n "${key_mgmt}" ]; then
echo " key_mgmt=${key_mgmt}"
fi
if [ -n "${psk}" ]; then
echo " psk=\"${psk}\""
fi
if [ -n "${wep_tx_keyidx}" ]; then
echo " wep_tx_keyidx=${wep_tx_keyidx}"
fi
if [ -n "${wep_key0}" ]; then
echo " wep_key0=\"${wep_key0}\""
fi
if [ -n "${proto}" ]; then
echo " proto=${proto}"
fi
if [ -n "${pairwise}" -a -n "${group}" ]; then
echo " pairwise=${pairwise}"
echo " group=${group}"
fi
if [ -n "${priority}" ]; then
echo " priority=${priority}"
fi
echo "}"
echo
) >> ${config}
}
function wpa_supplicant_start() {
local device=${1}
local config="/etc/wpa_supplicant.conf"
# Write configuration file.
wpa_supplicant_make_config ${device} ${config}
[ $? -eq 0 ] || return 0
# Build wpa_supplicant command line.
local wpa_suppl_cmd="wpa_supplicant -B -qqq -i${device} -c${config}"
if device_is_wireless ${device}; then
wpa_suppl_cmd="${wpa_suppl_cmd} -Dwext"
else
wpa_suppl_cmd="${wpa_suppl_cmd} -Dwired"
fi
# Run the shiz.
boot_mesg "Starting wireless client on ${RED_DEV}..."
loadproc ${wpa_suppl_cmd}
# Run wpa_cli to handle reconnection events.
boot_mesg "Starting wireless event handler on ${RED_DEV}..."
wpa_cli -B -a /etc/rc.d/init.d/networking/wpa_supplicant.exe
}
function wpa_supplicant_stop() {
boot_mesg "Stopping wireless event handler on ${RED_DEV}..."
killproc wpa_cli
# wpa_cli does not send a disconnect event when get stopped.
# So we manually have to send it to the wpa_supplicant.exe.
/etc/rc.d/init.d/networking/wpa_supplicant.exe "${RED_DEV}" DISCONNECTED
boot_mesg "Stopping wireless client on ${RED_DEV}..."
killproc wpa_supplicant
# Tidy up /tmp directory.
rm -f /tmp/wpa_ctrl_*
}
case "${1}" in
start)
if [ -n "${RED_DEV}" ] && device_is_wireless ${RED_DEV}; then
wpa_supplicant_start ${RED_DEV}
fi
;;
stop)
if [ -n "${RED_DEV}" ] && device_is_wireless ${RED_DEV}; then
wpa_supplicant_stop
fi
;;
restart)
${0} stop
sleep 1
${0} start
;;
status)
statusproc wpa_supplicant
;;
*)
echo "Usage: ${0} {start|stop|restart|status}"
exit 1
;;
esac
# End $rc_base/init.d/wlan_client

7
src/install+setup/install/main.c
View File

@@ -38,15 +38,16 @@ extern char *fr_tr[];
extern char *nl_tr[];
extern char *pl_tr[];
extern char *ru_tr[];
extern char *tr_tr[];
int main(int argc, char *argv[])
{
char discl_msg[40000] = "Disclaimer\n";
char *langnames[] = { "Deutsch", "English", "Français", "Español", "Nederlands", "Polski", "Русский", NULL };
char *shortlangnames[] = { "de", "en", "fr", "es", "nl", "pl", "ru", NULL };
char **langtrs[] = { de_tr, en_tr, fr_tr, es_tr, nl_tr, pl_tr, ru_tr, NULL };
char *langnames[] = { "Deutsch", "English", "Français", "Español", "Nederlands", "Polski", "Русский", "Türkçe", NULL };
char *shortlangnames[] = { "de", "en", "fr", "es", "nl", "pl", "ru", "tr", NULL };
char **langtrs[] = { de_tr, en_tr, fr_tr, es_tr, nl_tr, pl_tr, ru_tr, tr_tr, NULL };
char hdletter;
char harddrive[30], sourcedrive[5]; /* Device holder. */
char harddrive_info[STRING_SIZE]; /* Additional infos about target */

24
src/install+setup/install/mountsource.sh
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -19,18 +19,22 @@
# #
###############################################################################
#lfs patch source here...
version=FullIPFireVersion
#
echo "Scanning source media"
# scan all Block devices
for DEVICE in `find /sys/block/* -maxdepth 0 ! -name fd* ! -name loop* ! -name ram* -exec basename {} \;`
do
mount /dev/${DEVICE} /cdrom 2> /dev/null
if [ -n "$(ls /cdrom/ipfire-*.tlz 2>/dev/null)" ]; then
if [ -n "$(ls /cdrom/${version}.media 2>/dev/null)" ]; then
echo -n ${DEVICE} > /tmp/source_device
echo "Found tarball on ${DEVICE}"
echo "Found ${version} on ${DEVICE}"
exit 0
else
echo "Found no tarballs on ${DEVICE} - SKIP"
echo "not found on ${DEVICE} - SKIP"
fi
umount /cdrom 2> /dev/null
done
@@ -40,12 +44,12 @@ for DEVICE in `find /sys/block/* -maxdepth 0 ! -name fd* ! -name loop* ! -name r
do
for DEVICEP in $(ls /dev/${DEVICE}? | sed "s/\/dev\///" 2> /dev/null);do
mount /dev/${DEVICEP} /cdrom 2> /dev/null
if [ -n "$(ls /cdrom/ipfire-*.tlz 2>/dev/null)" ]; then
if [ -n "$(ls /cdrom/${version}.media 2>/dev/null)" ]; then
echo -n ${DEVICEP} > /tmp/source_device
echo "Found tarball on ${DEVICEP}"
echo "Found ${version} on ${DEVICEP}"
exit 0
else
echo "Found no tarballs on ${DEVICEP} - SKIP"
echo "not found on ${DEVICEP} - SKIP"
fi
umount /cdrom 2> /dev/null
done
@@ -56,12 +60,12 @@ for DEVICE in `find /sys/block/* -maxdepth 0 ! -name fd* ! -name loop* ! -name r
do
for DEVICEP in $(ls /dev/${DEVICE}p? | sed "s/\/dev\///");do
mount /dev/${DEVICEP} /cdrom 2> /dev/null
if [ -n "$(ls /cdrom/ipfire-*.tlz 2>/dev/null)" ]; then
if [ -n "$(ls /cdrom/${version}.media 2>/dev/null)" ]; then
echo -n ${DEVICEP} > /tmp/source_device
echo "Found tarball on ${DEVICEP}"
echo "Found ${version} on ${DEVICEP}"
exit 0
else
echo "Found no tarballs on ${DEVICEP} - SKIP"
echo "not found on ${DEVICEP} - SKIP"
fi
umount /cdrom 2> /dev/null
done

1
src/install+setup/libsmooth/main.c
View File

@@ -347,6 +347,7 @@ int replace(char filename1[], char *from, char *to)
#include "lang_pl.c"
#include "lang_ru.c"
#include "lang_nl.c"
#include "lang_tr.c"
#endif
// returns a pointer to the actual running version number of IPFire.

2
src/install+setup/setup/keymap.c
View File

@@ -69,7 +69,7 @@ int handlekeymap(void)
return 0;
}
strcpy(keymap, "/lib/kbd/keymaps/i386/qwertz/de-latin1-nodeadkeys.map.gz");
strcpy(keymap, "/lib/kbd/keymaps/i386/qwerty/us.map.gz");
findkey(kv, "KEYMAP", keymap);
choice = 0;

5
src/install+setup/setup/main.c
View File

@@ -27,6 +27,7 @@ extern char *es_tr[];
extern char *pl_tr[];
extern char *ru_tr[];
extern char *nl_tr[];
extern char *tr_tr[];
int main(int argc, char *argv[])
{
@@ -34,8 +35,8 @@ int main(int argc, char *argv[])
char *shortlangnames[] = { "en", NULL };
char **langtrs[] = { en_tr, NULL };
#else
char *shortlangnames[] = { "de", "en", "fr", "es", "nl", "pl", "ru", NULL };
char **langtrs[] = { de_tr, en_tr, fr_tr, es_tr, nl_tr, pl_tr, ru_tr, NULL };
char *shortlangnames[] = { "de", "en", "fr", "es", "nl", "pl", "ru", "tr", NULL };
char **langtrs[] = { de_tr, en_tr, fr_tr, es_tr, nl_tr, pl_tr, ru_tr, tr_tr, NULL };
#endif
int choice;
char *sections[11]; /* need to fill this out AFTER knowning lang */

12
src/misc-progs/Makefile
View File

@@ -33,7 +33,8 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \
redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
getconntracktable
getconntracktable wirelessclient dnsmasqctrl torctrl
SUID_UPDX = updxsetperms
install : all
install -m 755 $(PROGS) /usr/local/bin
@@ -157,3 +158,12 @@ rebuildroutes: rebuildroutes.c setuid.o ../install+setup/libsmooth/varval.o
getconntracktable: getconntracktable.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ getconntracktable.c setuid.o ../install+setup/libsmooth/varval.o -o $@
wirelessclient: wirelessclient.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ wirelessclient.c setuid.o ../install+setup/libsmooth/varval.o -o $@
dnsmasqctrl: dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
torctrl: torctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ torctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@

34
src/misc-progs/dnsmasqctrl.c Normal file
View File

@@ -0,0 +1,34 @@
/* This file is part of the IPFire Firewall.
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include "setuid.h"
int main(int argc, char *argv[]) {
if (!(initsetuid()))
exit(1);
if (argc < 2) {
fprintf(stderr, "\nNo argument given.\n\ndnsmasqctrl (restart)\n\n");
exit(1);
}
if (strcmp(argv[1], "restart") == 0) {
safe_system("/etc/rc.d/init.d/dnsmasq restart");
} else {
fprintf(stderr, "\nBad argument given.\n\ndnsmasqctrl (restart)\n\n");
exit(1);
}
return 0;
}

16
src/misc-progs/ipsecctrl.c
View File

@@ -144,8 +144,8 @@ void turn_connection_on(char *name, char *type) {
"/usr/sbin/ipsec down %s >/dev/null", name);
safe_system(command);
// Reload the configuration into the daemon.
safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
// Reload the configuration into the daemon (#10339).
ipsec_reload();
// Bring the connection up again.
snprintf(command, STRING_SIZE - 1,
@@ -169,7 +169,15 @@ void turn_connection_off (char *name) {
safe_system(command);
// Reload, so the connection is dropped.
safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
ipsec_reload();
}
void ipsec_reload() {
/* Re-read all configuration files and secrets and
* reload the daemon (#10339).
*/
safe_system("/usr/sbin/ipsec rereadall >/dev/null 2>&1");
safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
}
int main(int argc, char *argv[]) {
@@ -193,7 +201,7 @@ int main(int argc, char *argv[]) {
}
if (strcmp(argv[1], "R") == 0) {
safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
ipsec_reload();
exit(0);
}

116
src/misc-progs/openvpnctrl.c
View File

@@ -4,6 +4,8 @@
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <fcntl.h>
#include "setuid.h"
#include "libsmooth.h"
@@ -25,13 +27,17 @@ char enableorange[STRING_SIZE] = "off";
char OVPNRED[STRING_SIZE] = "OVPN";
char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.2";
char OVPNNAT[STRING_SIZE] = "OVPNNAT";
char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.3";
struct connection_struct {
char name[STRING_SIZE];
char type[STRING_SIZE];
char proto[STRING_SIZE];
char status[STRING_SIZE];
char local_subnet[STRING_SIZE];
char transfer_subnet[STRING_SIZE];
char role[STRING_SIZE];
int port;
struct connection_struct *next;
};
@@ -132,6 +138,12 @@ connection *getConnections() {
strcpy(conn_curr->name, result);
} else if (count == 4) {
strcpy(conn_curr->type, result);
} else if (count == 7) {
strcpy(conn_curr->role, result);
} else if (count == 9) {
strcpy(conn_curr->local_subnet, result);
} else if (count == 28) {
strcpy(conn_curr->transfer_subnet, result);
} else if (count == 29) {
strcpy(conn_curr->proto, result);
} else if (count == 30) {
@@ -257,6 +269,13 @@ void flushChain(char *chain) {
safe_system(str);
}
void flushChainNAT(char *chain) {
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -t nat -F %s", chain);
executeCommand(str);
}
void deleteChainReference(char *chain) {
char str[STRING_SIZE];
@@ -339,6 +358,89 @@ void createAllChains(void) {
}
}
char* calcTransferNetAddress(const connection* conn) {
char *subnetmask = strdup(conn->transfer_subnet);
char *address = strsep(&subnetmask, "/");
if ((address == NULL) || (subnetmask == NULL)) {
goto ERROR;
}
in_addr_t _address = inet_addr(address);
in_addr_t _subnetmask = inet_addr(subnetmask);
_address &= _subnetmask;
if (strcmp(conn->role, "server") == 0) {
_address += 1 << 24;
} else if (strcmp(conn->role, "client") == 0) {
_address += 2 << 24;
} else {
goto ERROR;
}
struct in_addr address_info;
address_info.s_addr = _address;
return inet_ntoa(address_info);
ERROR:
fprintf(stderr, "Could not determine transfer net address: %s\n", conn->name);
free(address);
return NULL;
}
char* getLocalSubnetAddress(const connection* conn) {
kv = initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) {
fprintf(stderr, "Cannot read ethernet settings\n");
exit(1);
}
const char *zones[] = {"GREEN", "BLUE", "ORANGE", NULL};
char *zone = NULL;
// Get net address of the local openvpn subnet.
char *subnetmask = strdup(conn->local_subnet);
char *address = strsep(&subnetmask, "/");
if ((address == NULL) || (subnetmask == NULL)) {
goto ERROR;
}
in_addr_t _address = inet_addr(address);
in_addr_t _subnetmask = inet_addr(subnetmask);
in_addr_t _netaddr = (_address & _subnetmask);
in_addr_t _broadcast = (_address | ~_subnetmask);
char zone_address_key[STRING_SIZE];
char zone_address[STRING_SIZE];
in_addr_t zone_addr;
int i = 0;
while (zones[i]) {
zone = zones[i++];
snprintf(zone_address_key, STRING_SIZE, "%s_ADDRESS", zone);
if (!findkey(kv, zone_address_key, zone_address))
continue;
zone_addr = inet_addr(zone_address);
if ((zone_addr > _netaddr) && (zone_addr < _broadcast)) {
freekeyvalues(kv);
return strdup(zone_address);
}
}
ERROR:
fprintf(stderr, "Could not determine local subnet address: %s\n", conn->name);
freekeyvalues(kv);
return NULL;
}
void setFirewallRules(void) {
char protocol[STRING_SIZE] = "";
char dport[STRING_SIZE] = "";
@@ -372,6 +474,7 @@ void setFirewallRules(void) {
flushChain(OVPNRED);
flushChain(OVPNBLUE);
flushChain(OVPNORANGE);
flushChainNAT(OVPNNAT);
// set firewall rules
if (!strcmp(enablered, "on") && strlen(redif))
@@ -386,11 +489,22 @@ void setFirewallRules(void) {
// set firewall rules for n2n connections
char command[STRING_SIZE];
char *local_subnet_address = NULL;
char *transfer_subnet_address = NULL;
while (conn != NULL) {
if (strcmp(conn->type, "net") == 0) {
sprintf(command, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %d -j ACCEPT",
OVPNRED, redif, conn->proto, conn->port);
executeCommand(command);
local_subnet_address = getLocalSubnetAddress(conn);
transfer_subnet_address = calcTransferNetAddress(conn);
if ((local_subnet_address) && (transfer_subnet_address)) {
snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
OVPNNAT, transfer_subnet_address, local_subnet_address);
executeCommand(command);
}
}
conn = conn->next;

36
src/misc-progs/torctrl.c Normal file
View File

@@ -0,0 +1,36 @@
/* This file is part of the IPFire Firewall.
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include "setuid.h"
int main(int argc, char *argv[]) {
if (!(initsetuid()))
exit(1);
if (argc < 2) {
fprintf(stderr, "\nNo argument given.\n\ntorctrl (restart|stop)\n\n");
exit(1);
}
if (strcmp(argv[1], "restart") == 0) {
safe_system("/etc/rc.d/init.d/tor reload-or-restart");
} else if (strcmp(argv[1], "stop") == 0) {
safe_system("/etc/rc.d/init.d/tor stop");
} else {
fprintf(stderr, "\nBad argument given.\n\ntorctrl (restart|stop)\n\n");
exit(1);
}
return 0;
}

26
src/misc-progs/wirelessclient.c Normal file
View File

@@ -0,0 +1,26 @@
/* IPFire helper program - wirelessclient
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*/
#include <stdio.h>
#include <stdlib.h>
#include "setuid.h"
int main(int argc, char *argv[]) {
if (!(initsetuid()))
exit(1);
if (strcmp(argv[1], "restart") == 0) {
safe_system("/etc/rc.d/init.d/wlanclient restart >/dev/null 2>&1");
return 0;
}
if (strcmp(argv[1], "status") == 0) {
safe_system("/usr/sbin/wpa_cli status verbose");
return 0;
}
return 0;
}

2
src/pakfire/pakfire.conf
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2011 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #

27
src/paks/igmpproxy/install.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
extract_files
restore_backup ${NAME}
start_service --background ${NAME}

28
src/paks/igmpproxy/uninstall.sh Normal file
View File

@@ -0,0 +1,28 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
stop_service ${NAME}
extract_backup_includes
make_backup ${NAME}
remove_files

26
src/paks/igmpproxy/update.sh Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
./uninstall.sh
./install.sh

2
src/paks/linux-xen/install.sh
View File

@@ -24,7 +24,7 @@
. /opt/pakfire/lib/functions.sh
extract_files
#
KVER=2.6.32.60
KVER=2.6.32.61
ROOT=`mount | grep " / " | cut -d" " -f1`
ROOTUUID=`blkid -c /dev/null -sUUID $ROOT | cut -d'"' -f2`
if [ ! -z $ROOTUUID ]; then

19
src/paks/squidclamav/update.sh
View File

@@ -28,11 +28,26 @@ extract_files
VERSION=$(cat /opt/pakfire/db/installed/meta-squidclamav | grep Release | cut -d" " -f2)
if [ "$VERSION" -gt "10" ]; then
restore_backup ${NAME}
restore_backup ${NAME}
fi
if [ "$VERSION" -lt "11" ]; then
sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf
sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf
fi
if [ "$VERSION" -lt "16" ]; then
sed -i /etc/squidclamav.conf \
-e "s/proxy none//g" \
-e "s/^#squid_ip 127\.0\.0\.1/squid_ip 127\.0\.0\.1/g" \
-e "s/^#squid_port 3128/squid_port 800/g" \
-e "s/^#trust_cache 1/trust_cache 1/g"
# Fix permissions.
chmod 664 /etc/squidclamav.conf
chown root.nobody /etc/squidclamav.conf
# Regenerate configuration files.
perl /srv/web/ipfire/cgi-bin/proxy.cgi
fi
/etc/init.d/squid restart

20
src/patches/arm-dont-require-distutils.patch Normal file
View File

@@ -0,0 +1,20 @@
diff -Nur arm.vanilla/src/util/hostnames.py arm/src/util/hostnames.py
--- arm.vanilla/src/util/hostnames.py 2012-04-29 05:59:24.000000000 +0200
+++ arm/src/util/hostnames.py 2013-07-31 17:59:19.245591564 +0200
@@ -30,7 +30,6 @@
import threading
import itertools
import Queue
-import distutils.sysconfig
from util import log, sysTools
@@ -264,7 +263,7 @@
# 'socket.gethostbyaddr'. The following checks if the system has the
# gethostbyname_r function, which determines if python resolutions can be
# done in parallel or not. If so, this is preferable.
- isSocketResolutionParallel = distutils.sysconfig.get_config_var("HAVE_GETHOSTBYNAME_R")
+ isSocketResolutionParallel = True #distutils.sysconfig.get_config_var("HAVE_GETHOSTBYNAME_R")
self.useSocketResolution = CONFIG["queries.hostnames.useSocketModule"] and isSocketResolutionParallel
for _ in range(CONFIG["queries.hostnames.poolSize"]):

7
src/patches/bitstream-makefile.patch Normal file
View File

@@ -0,0 +1,7 @@
--- Makefile.org 2013-06-14 12:59:46.000000000 +0200
+++ Makefile 2013-06-14 13:00:01.000000000 +0200
@@ -1,4 +1,4 @@
-PREFIX ?= /usr/local
+PREFIX ?= /usr
INCLUDE = $(subst //,/,$(DESTDIR)/$(PREFIX)/include/bitstream)
VERSION = 1.0

38
src/patches/compat-drivers-3.8-1-u-kref_get_unless_zero.patch Normal file
View File

@@ -0,0 +1,38 @@
--- compat-drivers-3.8-1-u/include/linux/compat-3.8.h.orig 2013-05-16 20:35:27.046386772 +0200
+++ compat-drivers-3.8-1-u/include/linux/compat-3.8.h 2013-05-16 20:35:39.219767618 +0200
@@ -24,35 +24,6 @@
/* This backports:
*
- * commit 4b20db3de8dab005b07c74161cb041db8c5ff3a7
- * Author: Thomas Hellstrom <thellstrom@vmware.com>
- * Date: Tue Nov 6 11:31:49 2012 +0000
- *
- * kref: Implement kref_get_unless_zero v3
- */
-/**
- * kref_get_unless_zero - Increment refcount for object unless it is zero.
- * @kref: object.
- *
- * Return non-zero if the increment succeeded. Otherwise return 0.
- *
- * This function is intended to simplify locking around refcounting for
- * objects that can be looked up from a lookup structure, and which are
- * removed from that lookup structure in the object destructor.
- * Operations on such objects require at least a read lock around
- * lookup + kref_get, and a write lock around kref_put + remove from lookup
- * structure. Furthermore, RCU implementations become extremely tricky.
- * With a lookup followed by a kref_get_unless_zero *with return value check*
- * locking in the kref_put path can be deferred to the actual removal from
- * the lookup structure and RCU lookups become trivial.
- */
-static inline int __must_check kref_get_unless_zero(struct kref *kref)
-{
- return atomic_add_unless(&kref->refcount, 1, 0);
-}
-
-/* This backports:
- *
* commit 83e68189745ad931c2afd45d8ee3303929233e7f
* Author: Matt Fleming <matt.fleming@intel.com>
* Date: Wed Nov 14 09:42:35 2012 +0000

11
src/patches/compat-drivers-3.8-arm_missing_vmalloc.patch
View File

@@ -1,11 +0,0 @@
diff -Naur compat-drivers-3.8-1-u.org/drivers/net/ethernet/atheros/alx/alx_main.c compat-drivers-3.8-1-u/drivers/net/ethernet/atheros/alx/alx_main.c
--- compat-drivers-3.8-1-u.org/drivers/net/ethernet/atheros/alx/alx_main.c 2013-02-20 14:24:50.000000000 +0100
+++ compat-drivers-3.8-1-u/drivers/net/ethernet/atheros/alx/alx_main.c 2013-03-03 12:41:04.000000000 +0100
@@ -26,6 +26,7 @@
#include <linux/bitops.h>
#include <linux/netdevice.h>
#include <linux/etherdevice.h>
+#include <linux/vmalloc.h>
#include "alx_reg.h"
#include "alx_hw.h"

79
src/patches/igmpproxy-001-Send-IGMP-packets-with-IP-Router-Alert-option-RFC-21.patch Normal file
View File

@@ -0,0 +1,79 @@
From fed8c3db10bc9d3a1e799a774924c00522595d0c Mon Sep 17 00:00:00 2001
From: Evgeny Yurchenko <evg.yurch@rogers.com>
Date: Mon, 4 Jan 2010 05:13:59 +0500
Subject: [PATCH] Send IGMP packets with IP Router Alert option [RFC 2113] included in IP header
---
src/igmp.c | 17 ++++++++++++-----
src/igmpproxy.h | 1 +
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/igmp.c b/src/igmp.c
index a0cd27d..b547688 100644
--- a/src/igmp.c
+++ b/src/igmp.c
@@ -67,7 +67,7 @@ void initIgmp() {
* - Checksum (let the kernel fill it in)
*/
ip->ip_v = IPVERSION;
- ip->ip_hl = sizeof(struct ip) >> 2;
+ ip->ip_hl = (sizeof(struct ip) + 4) >> 2; /* +4 for Router Alert option */
ip->ip_tos = 0xc0; /* Internet Control */
ip->ip_ttl = MAXTTL; /* applies to unicasts only */
ip->ip_p = IPPROTO_IGMP;
@@ -213,7 +213,7 @@ void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, i
ip = (struct ip *)send_buf;
ip->ip_src.s_addr = src;
ip->ip_dst.s_addr = dst;
- ip_set_len(ip, MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen);
+ ip_set_len(ip, IP_HEADER_RAOPT_LEN + IGMP_MINLEN + datalen);
if (IN_MULTICAST(ntohl(dst))) {
ip->ip_ttl = curttl;
@@ -221,13 +221,20 @@ void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, i
ip->ip_ttl = MAXTTL;
}
- igmp = (struct igmp *)(send_buf + MIN_IP_HEADER_LEN);
+ /* Add Router Alert option */
+ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[0] = IPOPT_RA;
+ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[1] = 0x04;
+ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[2] = 0x00;
+ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[3] = 0x00;
+
+ igmp = (struct igmp *)(send_buf + IP_HEADER_RAOPT_LEN);
igmp->igmp_type = type;
igmp->igmp_code = code;
igmp->igmp_group.s_addr = group;
igmp->igmp_cksum = 0;
igmp->igmp_cksum = inetChksum((u_short *)igmp,
- IGMP_MINLEN + datalen);
+ IP_HEADER_RAOPT_LEN + datalen);
+
}
/*
@@ -257,7 +264,7 @@ void sendIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, in
#endif
sdst.sin_addr.s_addr = dst;
if (sendto(MRouterFD, send_buf,
- MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen, 0,
+ IP_HEADER_RAOPT_LEN + IGMP_MINLEN + datalen, 0,
(struct sockaddr *)&sdst, sizeof(sdst)) < 0) {
if (errno == ENETDOWN)
my_log(LOG_ERR, errno, "Sender VIF was down.");
diff --git a/src/igmpproxy.h b/src/igmpproxy.h
index 0de7791..4df8a79 100644
--- a/src/igmpproxy.h
+++ b/src/igmpproxy.h
@@ -64,6 +64,7 @@
#define MAX_IP_PACKET_LEN 576
#define MIN_IP_HEADER_LEN 20
#define MAX_IP_HEADER_LEN 60
+#define IP_HEADER_RAOPT_LEN 24
#define MAX_MC_VIFS 32 // !!! check this const in the specific includes
--
1.7.2.5

43
src/patches/igmpproxy-002-Change-default-interface-state-to-disabled-wrt-29458.patch Normal file
View File

@@ -0,0 +1,43 @@
From 85e240727305b156097ee7aa0f0c4473a136291f Mon Sep 17 00:00:00 2001
From: Constantin Baranov <const@mimas.ru>
Date: Tue, 23 Feb 2010 21:08:02 +0400
Subject: [PATCH] Change default interface state to disabled (wrt #2945877)
---
src/ifvc.c | 2 +-
src/igmpproxy.c | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/ifvc.c b/src/ifvc.c
index 545b3b4..9d7ee97 100644
--- a/src/ifvc.c
+++ b/src/ifvc.c
@@ -139,7 +139,7 @@ void buildIfVc() {
IfDescEp->allowednets->subnet_addr = subnet;
// Set the default params for the IF...
- IfDescEp->state = IF_STATE_DOWNSTREAM;
+ IfDescEp->state = IF_STATE_DISABLED;
IfDescEp->robustness = DEFAULT_ROBUSTNESS;
IfDescEp->threshold = DEFAULT_THRESHOLD; /* ttl limit */
IfDescEp->ratelimit = DEFAULT_RATELIMIT;
diff --git a/src/igmpproxy.c b/src/igmpproxy.c
index 1ece15a..35000c7 100644
--- a/src/igmpproxy.c
+++ b/src/igmpproxy.c
@@ -186,8 +186,10 @@ int igmpProxyInit() {
}
}
- addVIF( Dp );
- vifcount++;
+ if (Dp->state != IF_STATE_DISABLED) {
+ addVIF( Dp );
+ vifcount++;
+ }
}
}
--
1.7.2.5

164
src/patches/igmpproxy-003-Restrict-igmp-reports-for-downstream-interfaces-wrt-.patch Normal file
View File

@@ -0,0 +1,164 @@
From 65f777e7f66b55239d935c1cf81bb5abc0f6c89f Mon Sep 17 00:00:00 2001
From: Grinch <grinch79@users.sourceforge.net>
Date: Sun, 16 Aug 2009 19:58:26 +0500
Subject: [PATCH] Restrict igmp reports for downstream interfaces (wrt #2833339)
atm all igmp membership reports are forwarded to the upstream interface.
Unfortunately some ISP Providers restrict some multicast groups (esp. those
that are defined as local link groups and that are not supposed to be
forwarded to the wan, i.e 224.0.0.0/24). Therefore there should be some
kind of black oder whitelisting.
As whitelisting can be accomplished quite easy I wrote a litte patch, which
is attached to this request.
---
doc/igmpproxy.conf.5.in | 19 +++++++++++++++++++
src/config.c | 23 ++++++++++++++++++++++-
src/igmpproxy.h | 1 +
src/request.c | 20 ++++++++++++++++----
4 files changed, 58 insertions(+), 5 deletions(-)
diff --git a/doc/igmpproxy.conf.5.in b/doc/igmpproxy.conf.5.in
index a4ea7d0..56efa22 100644
--- a/doc/igmpproxy.conf.5.in
+++ b/doc/igmpproxy.conf.5.in
@@ -116,6 +116,25 @@ This is especially useful for the upstream interface, since the source for multi
traffic is often from a remote location. Any number of altnet parameters can be specified.
.RE
+.B whitelist
+.I networkaddr
+.RS
+Defines a whitelist for multicast groups. The network address must be in the following
+format 'a.b.c.d/n'. If you want to allow one single group use a network mask of /32,
+i.e. 'a.b.c.d/32'.
+
+By default all multicast groups are allowed on any downstream interface. If at least one
+whitelist entry is defined, all igmp membership reports for not explicitly whitelisted
+multicast groups will be ignored and therefore not be served by igmpproxy. This is especially
+useful, if your provider does only allow a predefined set of multicast groups. These whitelists
+are only obeyed by igmpproxy itself, they won't prevent any other igmp client running on the
+same machine as igmpproxy from requesting 'unallowed' multicast groups.
+
+You may specify as many whitelist entries as needed. Although you should keep it as simple as
+possible, as this list is parsed for every membership report and therefore this increases igmp
+response times. Often used or large groups should be defined first, as parsing ends as soon as
+a group matches an entry.
+.RE
.SH EXAMPLE
## Enable quickleave
diff --git a/src/config.c b/src/config.c
index 5a96ce0..d72619f 100644
--- a/src/config.c
+++ b/src/config.c
@@ -46,6 +46,9 @@ struct vifconfig {
// Keep allowed nets for VIF.
struct SubnetList* allowednets;
+
+ // Allowed Groups
+ struct SubnetList* allowedgroups;
// Next config in list...
struct vifconfig* next;
@@ -202,6 +205,8 @@ void configureVifs() {
// Insert the configured nets...
vifLast->next = confPtr->allowednets;
+ Dp->allowedgroups = confPtr->allowedgroups;
+
break;
}
}
@@ -215,7 +220,7 @@ void configureVifs() {
*/
struct vifconfig *parsePhyintToken() {
struct vifconfig *tmpPtr;
- struct SubnetList **anetPtr;
+ struct SubnetList **anetPtr, **agrpPtr;
char *token;
short parseError = 0;
@@ -239,6 +244,7 @@ struct vifconfig *parsePhyintToken() {
tmpPtr->threshold = 1;
tmpPtr->state = IF_STATE_DOWNSTREAM;
tmpPtr->allowednets = NULL;
+ tmpPtr->allowedgroups = NULL;
// Make a copy of the token to store the IF name
tmpPtr->name = strdup( token );
@@ -248,6 +254,7 @@ struct vifconfig *parsePhyintToken() {
// Set the altnet pointer to the allowednets pointer.
anetPtr = &tmpPtr->allowednets;
+ agrpPtr = &tmpPtr->allowedgroups;
// Parse the rest of the config..
token = nextConfigToken();
@@ -266,6 +273,20 @@ struct vifconfig *parsePhyintToken() {
anetPtr = &(*anetPtr)->next;
}
}
+ else if(strcmp("whitelist", token)==0) {
+ // Whitelist
+ token = nextConfigToken();
+ my_log(LOG_DEBUG, 0, "Config: IF: Got whitelist token %s.", token);
+
+ *agrpPtr = parseSubnetAddress(token);
+ if(*agrpPtr == NULL) {
+ parseError = 1;
+ my_log(LOG_WARNING, 0, "Unable to parse subnet address.");
+ break;
+ } else {
+ agrpPtr = &(*agrpPtr)->next;
+ }
+ }
else if(strcmp("upstream", token)==0) {
// Upstream
my_log(LOG_DEBUG, 0, "Config: IF: Got upstream token.");
diff --git a/src/igmpproxy.h b/src/igmpproxy.h
index 4dabd1c..0de7791 100644
--- a/src/igmpproxy.h
+++ b/src/igmpproxy.h
@@ -145,6 +145,7 @@ struct IfDesc {
short Flags;
short state;
struct SubnetList* allowednets;
+ struct SubnetList* allowedgroups;
unsigned int robustness;
unsigned char threshold; /* ttl limit */
unsigned int ratelimit;
diff --git a/src/request.c b/src/request.c
index e3589f6..89b91de 100644
--- a/src/request.c
+++ b/src/request.c
@@ -82,10 +82,22 @@ void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type) {
my_log(LOG_DEBUG, 0, "Should insert group %s (from: %s) to route table. Vif Ix : %d",
inetFmt(group,s1), inetFmt(src,s2), sourceVif->index);
- // The membership report was OK... Insert it into the route table..
- insertRoute(group, sourceVif->index);
-
-
+ // If we don't have a whitelist we insertRoute and done
+ if(sourceVif->allowedgroups == NULL)
+ {
+ insertRoute(group, sourceVif->index);
+ return;
+ }
+ // Check if this Request is legit on this interface
+ struct SubnetList *sn;
+ for(sn = sourceVif->allowedgroups; sn != NULL; sn = sn->next)
+ if((group & sn->subnet_mask) == sn->subnet_addr)
+ {
+ // The membership report was OK... Insert it into the route table..
+ insertRoute(group, sourceVif->index);
+ return;
+ }
+ my_log(LOG_INFO, 0, "The group address %s may not be requested from this interface. Ignoring.", inetFmt(group, s1));
} else {
// Log the state of the interface the report was recieved on.
my_log(LOG_INFO, 0, "Mebership report was recieved on %s. Ignoring.",
--
1.7.2.5

62
src/patches/igmpproxy-004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch Normal file
View File

@@ -0,0 +1,62 @@
From bcd7c648e86d97263c931de53a008c9629e7797e Mon Sep 17 00:00:00 2001
From: Stefan Becker <stefan.becker@nokia.com>
Date: Fri, 11 Dec 2009 21:08:57 +0200
Subject: [PATCH] Restrict igmp reports forwarding to upstream interface
Utilize the new "whitelist" keyword also on the upstream interface definition.
If specified then only whitelisted multicast groups will be forwarded upstream.
This can be used to avoid publishing private multicast groups to the world,
e.g. SSDP from a UPnP server on the internal network.
---
doc/igmpproxy.conf.5.in | 5 +++++
src/rttable.c | 17 +++++++++++++++++
2 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/doc/igmpproxy.conf.5.in b/doc/igmpproxy.conf.5.in
index 56efa22..d916f05 100644
--- a/doc/igmpproxy.conf.5.in
+++ b/doc/igmpproxy.conf.5.in
@@ -134,6 +134,11 @@ You may specify as many whitelist entries as needed. Although you should keep it
possible, as this list is parsed for every membership report and therefore this increases igmp
response times. Often used or large groups should be defined first, as parsing ends as soon as
a group matches an entry.
+
+You may also specify whitelist entries for the upstream interface. Only igmp membership reports
+for explicitely whitelisted multicast groups will be sent out on the upstream interface. This
+is useful if you want to use multicast groups only between your downstream interfaces, like SSDP
+from a UPnP server.
.RE
.SH EXAMPLE
diff --git a/src/rttable.c b/src/rttable.c
index f0701a8..77dd791 100644
--- a/src/rttable.c
+++ b/src/rttable.c
@@ -117,6 +117,23 @@ void sendJoinLeaveUpstream(struct RouteTable* route, int join) {
my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF.");
}
+ // Check if there is a white list for the upstram VIF
+ if (upstrIf->allowedgroups != NULL) {
+ uint32_t group = route->group;
+ struct SubnetList* sn;
+
+ // Check if this Request is legit to be forwarded to upstream
+ for(sn = upstrIf->allowedgroups; sn != NULL; sn = sn->next)
+ if((group & sn->subnet_mask) == sn->subnet_addr)
+ // Forward is OK...
+ break;
+
+ if (sn == NULL) {
+ my_log(LOG_INFO, 0, "The group address %s may not be forwarded upstream. Ignoring.", inetFmt(group, s1));
+ return;
+ }
+ }
+
// Send join or leave request...
if(join) {
--
1.7.2.5

120
src/patches/igmpproxy-100-use-monotic-clock-instead-of-time-of-day.patch Normal file
View File

@@ -0,0 +1,120 @@
From d0e66e0719ae8eb549f7cc220fdc66575d3db332 Mon Sep 17 00:00:00 2001
From: Jonas Gorski <jonas.gorski@gmail.com>
Date: Thu, 29 Mar 2012 17:01:11 +0200
Subject: [PATCH 4/4] use monotic clock instead of time of day
The time of day might chance e.g. by daylight savings time during the
runtime, which causes timers to fire repeatedly for a long time.
Contributed by T-Labs, Deutsche Telekom Innovation Laboratories
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
---
configure.ac | 2 ++
src/igmpproxy.c | 26 +++++++++++++-------------
src/igmpproxy.h | 3 ++-
3 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/configure.ac b/configure.ac
index 85beb08..bd84eba 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,6 +25,8 @@ AC_CHECK_MEMBERS([struct sockaddr_in.sin_len], [], [], [[
#include <netinet/in.h>
]])
+AC_SEARCH_LIBS([clock_gettime],[rt])
+
AC_CONFIG_FILES([
Makefile
doc/Makefile
diff --git a/src/igmpproxy.c b/src/igmpproxy.c
index 35000c7..3a9ccad 100644
--- a/src/igmpproxy.c
+++ b/src/igmpproxy.c
@@ -234,13 +234,13 @@ void igmpProxyRun() {
int MaxFD, Rt, secs;
fd_set ReadFDS;
socklen_t dummy = 0;
- struct timeval curtime, lasttime, difftime, tv;
+ struct timespec curtime, lasttime, difftime, tv;
// The timeout is a pointer in order to set it to NULL if nessecary.
- struct timeval *timeout = &tv;
+ struct timespec *timeout = &tv;
// Initialize timer vars
- difftime.tv_usec = 0;
- gettimeofday(&curtime, NULL);
+ difftime.tv_nsec = 0;
+ clock_gettime(CLOCK_MONOTONIC, &curtime);
lasttime = curtime;
// First thing we send a membership query in downstream VIF's...
@@ -263,7 +263,7 @@ void igmpProxyRun() {
if(secs == -1) {
timeout = NULL;
} else {
- timeout->tv_usec = 0;
+ timeout->tv_nsec = 0;
timeout->tv_sec = secs;
}
@@ -274,7 +274,7 @@ void igmpProxyRun() {
FD_SET( MRouterFD, &ReadFDS );
// wait for input
- Rt = select( MaxFD +1, &ReadFDS, NULL, NULL, timeout );
+ Rt = pselect( MaxFD +1, &ReadFDS, NULL, NULL, timeout, NULL );
// log and ignore failures
if( Rt < 0 ) {
@@ -307,20 +307,20 @@ void igmpProxyRun() {
*/
if (Rt == 0) {
curtime.tv_sec = lasttime.tv_sec + secs;
- curtime.tv_usec = lasttime.tv_usec;
+ curtime.tv_nsec = lasttime.tv_nsec;
Rt = -1; /* don't do this next time through the loop */
} else {
- gettimeofday(&curtime, NULL);
+ clock_gettime(CLOCK_MONOTONIC, &curtime);
}
difftime.tv_sec = curtime.tv_sec - lasttime.tv_sec;
- difftime.tv_usec += curtime.tv_usec - lasttime.tv_usec;
- while (difftime.tv_usec > 1000000) {
+ difftime.tv_nsec += curtime.tv_nsec - lasttime.tv_nsec;
+ while (difftime.tv_nsec > 1000000000) {
difftime.tv_sec++;
- difftime.tv_usec -= 1000000;
+ difftime.tv_nsec -= 1000000000;
}
- if (difftime.tv_usec < 0) {
+ if (difftime.tv_nsec < 0) {
difftime.tv_sec--;
- difftime.tv_usec += 1000000;
+ difftime.tv_nsec += 1000000000;
}
lasttime = curtime;
if (secs == 0 || difftime.tv_sec > 0)
diff --git a/src/igmpproxy.h b/src/igmpproxy.h
index 4df8a79..36a4f04 100644
--- a/src/igmpproxy.h
+++ b/src/igmpproxy.h
@@ -44,12 +44,13 @@
#include <string.h>
#include <fcntl.h>
#include <stdbool.h>
+#include <time.h>
#include <sys/socket.h>
#include <sys/un.h>
-#include <sys/time.h>
#include <sys/ioctl.h>
#include <sys/param.h>
+#include <sys/select.h>
#include <net/if.h>
#include <netinet/in.h>
--
1.7.2.5

714
src/patches/jwhois-4.0-conf_update.patch Normal file
View File

@@ -0,0 +1,714 @@
diff -up jwhois-4.0/example/jwhois.conf.orig jwhois-4.0/example/jwhois.conf
--- jwhois-4.0/example/jwhois.conf.orig 2007-03-26 11:12:08.000000000 +0200
+++ jwhois-4.0/example/jwhois.conf 2010-12-20 14:26:06.450882316 +0100
@@ -17,6 +17,11 @@ whois-servers {
type = regex;
#
+ # Catch ENUM domains
+ #
+ "\\([0-9]\\.\\)+e164\\.arpa" = "struct enum-blocks";
+
+ #
# You can use the special value `struct' to redirect the query
# to another block which optionally can use another type of matching.
# Here we use it to have IPv4 numbers matched using CIDR blocks instead
@@ -27,6 +32,7 @@ whois-servers {
"^CORE-[0-9]+$" = "struct handles";
"^CO[CH]O-[0-9]+$" = "struct handles";
".*-[A-Z]+$" = "struct handles";
+ ".*-6BONE$" = "struct handles";
#
# Catch AS numbers
@@ -81,6 +87,7 @@ whois-servers {
# Pseudo-ccTLDs must be listed above gTLDs
#
"\\.ae\\.org$" = "whois.centralnic.net";
+ "\\.ar\\.com$" = "whois.centralnic.com";
"\\.br\\.com$" = "whois.centralnic.net";
"\\.cn\\.com$" = "whois.centralnic.net";
"\\.de\\.com$" = "whois.centralnic.net";
@@ -103,17 +110,30 @@ whois-servers {
"\\.uy\\.com$" = "whois.centralnic.net";
"\\.web\\.com$" = "whois.centralnic.net";
"\\.za\\.com$" = "whois.centralnic.net";
+ "\\.za\\.net$" = "whois.za.net";
+ "\\.za\\.org$" = "whois.za.org";
"\\.ac$" = "whois.nic.ac";
- "\\.ae$" = "whois.uaenic.ae";
+ "\\.ae$" = "whois.aeda.net.ae";
+ "\\.co\\.ae$" = "whois.aeda.net.ae";
+ "\\.net\\.ae$" = "whois.aeda.net.ae";
+ "\\.org\\.ae$" = "whois.aeda.net.ae";
+ "\\.sch\\.ae$" = "whois.aeda.net.ae";
+ "\\.ac\\.ae$" = "whois.aeda.net.ae";
+ "\\.mil\\.ae$" = "whois.aeda.net.ae";
+ "\\.gov\\.ae$" = "whois.aeda.net.ae";
+ "\\.1\\.7\\.9\\.e164\\.arpa$" = "whois.aeda.net.ae";
"\\.aero$" = "whois.aero";
- "\\.af$" = "whois.nic.af";
+ "\\.af$" = "whois.cocca.cx";
"\\.ag$" = "whois.nic.ag";
- "\\.ai$" = "whois.offshore.ai";
- "\\.al$" = "whois.ripe.net";
+ "\\.ai$" = "whois.ai";
+ "\\.al$" = "www.ert.gov.al";
"\\.am$" = "whois.amnic.net";
+ "\\.edu\\.ar$" = "www.riu.edu.ar";
"\\.ar$" = "www.nic.ar";
+ "\\.arpa$" = "whois.iana.org";
"\\.as$" = "whois.nic.as";
+ "\\.asia$" = "whois.nic.asia";
"\\.at$" = "whois.nic.at";
"\\.asn\\.au$" = "whois.ausregistry.net.au";
"\\.com\\.au$" = "whois.ausregistry.net.au";
@@ -125,30 +145,40 @@ whois-servers {
"\\.ba$" = "whois.ripe.net";
"\\.be$" = "whois.dns.be";
"\\.bg$" = "whois.register.bg";
- "\\.bi$" = "www.nic.bi";
- "\\.biz$" = "whois.neulevel.biz";
+ "\\.bi$" = "whois.nic.bi";
+ "\\.biz$" = "whois.biz";
"\\.bj$" = "whois.nic.bj";
"\\.bm$" = "rwhois.ibl.bm 4321";
+ "\\.bo$" = "whois.nic.bo";
"\\.br$" = "whois.nic.br";
+ "\\.bs$" = "www.register.bs";
"\\.bv$" = "whois.ripe.net";
- "\\.by$" = "whois.ripe.net";
+ "\\.by$" = "www.domain.by";
"\\.bz$" = "whois.belizenic.bz";
+ "\\.co\\.ca$" = "whois.co.ca";
"\\.ca$" = "whois.cira.ca";
"\\.cat$" = "whois.cat";
- "\\.cc$" = "whois.nic.cc";
+ "\\.cc$" {
+ whois-server = "ccwhois.verisign-grs.com";
+ query-format = "domain $*";
+ }
"\\.cd$" = "whois.nic.cd";
"\\.cg$" = "www.nic.cg";
"\\.ch$" = "whois.nic.ch";
"\\.ci$" = "whois.nic.ci";
"\\.ck$" = "whois.nic.ck";
"\\.cl$" = "whois.nic.cl";
+ "\\.co\\.cm$" = "whois.netcom.cm";
+ "\\.com\\.cm$" = "whois.netcom.cm";
+ "\\.net\\.cm$" = "whois.netcom.cm";
"\\.edu\\.cn$" = "whois.edu.cn";
- "\\.cn$" = "whois.cnnic.net.cn";
+ "\\.cn$" = "whois.cnnic.cn";
"\\.com$" {
whois-server = "whois.verisign-grs.com";
query-format = "domain $*";
}
"\\.coop$" = "whois.nic.coop";
+ "\\.cu$" = "www.nic.cu";
"\\.cx$" = "whois.nic.cx";
"\\.cy$" = "whois.ripe.net";
"\\.cz$" = "whois.nic.cz";
@@ -156,12 +186,15 @@ whois-servers {
whois-server = "whois.denic.de";
query-format = "-C UTF-8 -T dn,ace $*";
}
- "\\.dk$" = "whois.dk-hostmaster.dk";
+ "\\.dk$" {
+ whois-server = "whois.dk-hostmaster.dk";
+ query-format = "--show-handles $*";
+ }
"\\.dm$" = "whois.nic.dm";
"\\.do$" = "whois.nic.do";
- "\\.dz$" = "whois.ripe.net";
+ "\\.dz$" = "www.nic.dz";
"\\.ec$" = "www.nic.ec";
- "\\.edu$" = "whois.educause.net";
+ "\\.edu$" = "whois.educause.edu";
"\\.ee$" = "whois.eenet.ee";
"\\.eg$" = "whois.ripe.net";
"\\.es$" = "www.nic.es";
@@ -171,17 +204,20 @@ whois-servers {
"\\.fm$" = "www.dot.fm";
"\\.fo$" = "whois.ripe.net";
"\\.fr$" = "whois.nic.fr";
- "\\.gi$" = "www.nic.gi";
+ "\\.gd$" = "whois.adamsnames.com";
+ "\\.gi$" = "whois2.afilias-grs.net";
"\\.gov$" = "whois.nic.gov";
- "\\.gg$" = "whois.isles.net";
+ "\\.gg$" = "whois.gg";
"\\.gm$" = "whois.ripe.net";
"\\.gp$" = "whois.nic.gp";
"\\.gr$" = "whois.ripe.net";
- "\\.gs$" = "203.119.12.22";
+ "\\.gs$" = "whois.nic.gs";
"\\.gt$" = "www.gt";
- "\\.hk$" = "whois.hkdnr.net.hk";
+ "\\.hk$" = "whois.hkirc.hk";
"\\.hm$" = "whois.registry.hm";
+ "\\.hn$" = "whois2.afilias-grs.net";
"\\.hr$" = "www.dns.hr";
+ "\\.ht$" = "whois.nic.ht";
"\\.hu$" = "whois.nic.hu";
"\\.id$" = "whois.idnic.net.id";
"\\.ie$" = "whois.domainregistry.ie";
@@ -195,69 +231,94 @@ whois-servers {
"\\.is$" = "whois.isnic.is";
"\\.it$" = "whois.nic.it";
"\\.je$" = "whois.isles.net";
+ "\\.jobs$" {
+ whois-server = "jobswhois.verisign-grs.com";
+ query-format = "domain $*";
+ }
"\\.jp$" {
whois-server = "whois.jprs.jp";
query-format = "$* /e";
}
+ "\\.ke$" = "whois.kenic.or.ke";
+ "\\.kp$" = "whois.kcce.kp";
"\\.kg$" = "whois.domain.kg";
- "\\.ki$" = "whois.nic.ki";
+ "\\.ki$" = "whois.cocca.cx";
"\\.kr$" = "whois.krnic.net";
"\\.kz$" = "whois.nic.kz";
"\\.la$" = "whois.nic.la";
"\\.lb$" = "cgi.aub.edu.lb";
+ "\\.lc$" = "whois2.afilias-grs.net";
"\\.li$" = "whois.nic.li";
"\\.lk$" = "whois.nic.lk";
"\\.lt$" = "whois.domreg.lt";
"\\.lu$" = "whois.dns.lu";
"\\.lv$" = "whois.nic.lv";
"\\.ly$" = "whois.nic.ly";
- "\\.ma$" = "whois.ripe.net";
+ "\\.ma$" = "whois.iam.net.ma";
+ "\\.md$" = "whois.nic.md";
+ "\\.me$" = "whois.nic.me";
"\\.mil$" = "whois.nic.mil";
"\\.mk$" = "whois.ripe.net";
"\\.mm$" = "whois.nic.mm";
+ "\\.mn$" = "whois2.afilias-grs.net";
"\\.mobi$" = "whois.dotmobiregistry.net";
- "\\.ms$" = "whois.adamsnames.tc";
- "\\.mt$" = "www.um.edu.mt";
+ "\\.ms$" = "whois.nic.ms";
+ "\\.mt$" = "whois.nic.org.mt";
"\\.mu$" = "whois.nic.mu";
"\\.museum$" = "whois.museum";
"\\.mw$" = "www.tarsus.net";
"\\.mx$" = "whois.nic.mx";
- "\\.my$" = "whois.mynic.net.my";
+ "\\.my$" = "whois.domainregistry.my";
"\\.na$" = "whois.na-nic.com.na";
- "\\.name$" = "whois.nic.name";
+ "\\.name$" {
+ whois-server = "whois.nic.name";
+ query-format = "domain = $*";
+ }
"\\.net$" {
whois-server = "whois.verisign-grs.com";
query-format = "domain $*";
}
- "\\.ng$" = "whois.rg.net";
+ "\\.nf$" = "whois.cocca.cx";
+ "\\.ng$" = "whois.nic.net.ng";
"\\.nl$" = "whois.domain-registry.nl";
"\\.no$" = "whois.norid.no";
"\\.nu$" = "whois.nic.nu";
"\\.nz$" = "whois.srs.net.nz";
"\\.org$" = "whois.publicinterestregistry.net";
- "\\.pe$" = "whois.nic.pe";
+ "\\.pa$" = "www.nic.pa";
+ "\\.pe$" = "kero.yachay.pe";
"\\.pk$" = "pknic.net.pk";
"\\.pl$" = "whois.dns.pl";
"\\.pm$" = "whois.nic.pm";
+ "\\.pr$" = "whois.nic.pr";
"\\.pro$" = "whois.registrypro.pro";
+ "\\.ps$" = "www.nic.ps";
"\\.pt$" = "whois.dns.pt";
"\\.pw$" = "whois.nic.pw";
"\\.re$" = "whois.nic.re";
"\\.ro$" = "whois.rotld.ro";
+ "\\.edu\.ru$" = "whois.informika.ru";
"\\.ru$" = "whois.ripn.net";
"\\.rw$" = "www.nic.rw";
"\\.sa$" = "saudinic.net.sa";
+ "\\.sb$" = "whois.nic.sb";
+ "\\.sc$" = "whois2.afilias-grs.net";
"\\.se$" = "whois.iis.se";
- "\\.sg$" = "whois.nic.net.sg";
+ "\\.sg$" = "whois.sgnic.sg";
"\\.sh$" = "whois.nic.sh";
"\\.si$" = "whois.arnes.si";
"\\.sj$" = "whois.ripe.net";
- "\\.sk$" = "whois.ripe.net";
+ "\\.sk$" = "whois.sk-nic.sk";
+ "\\.sl$" = "whois.nic.sl";
"\\.sm$" = "whois.ripe.net";
+ "\\.sn$" = "whois.nic.sn";
+ "\\.so$" = "whois.nic.so";
"\\.sr$" = "whois.register.sr";
"\\.st$" = "whois.nic.st";
"\\.su$" = "whois.ripn.net";
+ "\\.sv$" = "www.svnet.org.sv";
"\\.tc$" = "whois.adamsnames.tc";
+ "\\.tel$" = "whois.nic.tel";
"\\.tf$" = "whois.afnic.fr";
"\\.tg$" = "www.nic.tg";
"\\.th$" = "whois.thnic.net";
@@ -268,8 +329,12 @@ whois-servers {
"\\.tn$" = "whois.ripe.net";
"\\.to$" = "whois.tonic.to";
"\\.tr$" = "whois.nic.tr";
+ "\\.travel$" = "whois.nic.travel";
"\\.tt$" = "www.nic.tt";
- "\\.tv$" = "whois.nic.tv";
+ "\\.tv$" {
+ whois-server = "tvwhois.verisign-grs.com";
+ query-format = "domain $*";
+ }
"\\.tw$" = "whois.twnic.net";
"\\.ua$" = "whois.com.ua";
"\\.ug$" = "whois.co.ug";
@@ -279,9 +344,12 @@ whois-servers {
"\\.fed\\.us$" = "whois.nic.gov";
"\\.us$" = "whois.nic.us";
"\\.com\\.uy$" = "dns.antel.net.uy";
- "\\.uy$" = "www.rau.edu.uy"; # is a whois server
- "\\.uz$" = "www.noc.uz";
+ "\\.uy$" = "whois.nic.org.uy";
+ "\\.co\\.uz$" = "whois.reg.uz";
+ "\\.com\\.uz$" = "whois.reg.uz";
+ "\\.uz$" = "whois.cctld.uz";
"\\.va$" = "whois.ripe.net";
+ "\\.vc$" = "whois2.afilias-grs.net";
"\\.ve$" = "whois.nic.ve";
"\\.vi$" = "www.nic.vi";
"\\.vg$" = "whois.adamsnames.tc";
@@ -289,12 +357,15 @@ whois-servers {
"\\.vu$" = "www.vunic.vu";
"\\.wf$" = "whois.nic.wf";
"\\.ws$" = "whois.worldsite.ws";
+ "\\.xn--mgbaam7a8h$" = "whois.aeda.net.ae";
"\\.yt$" = "whois.nic.yt";
- "\\.yu$" = "whois.ripe.net";
+ "\\.yu$" = "www.nic.yu";
"\\.ac\\.za$" = "whois.ac.za";
"\\.org\\.za$" = "rwhois.org.za 4321";
"\\.co\\.za$" = "whois.co.za";
+ "\\.nom\\.za$" = "www.nom.za";
# "\\.za$" = "whois.frd.ac.za";
+ "\\.co\\.zw$" = "www.zispa.co.zw";
#
# Specify different port numbers to connect to by postfixing the IP
@@ -311,6 +382,16 @@ whois-servers {
}
#
+# enum-blocks
+#
+enum-blocks {
+ type = regex;
+
+ "\\.9\\.4\\.e164\\.arpa$" = "whois.enum.denic.de";
+ "\\.1\\.6\\.e164\\.arpa$" = "whois-check.enum.com.au";
+}
+
+#
# cidr-blocks contains a list of all known CIDR blocks assigned to
# RIPE or APNIC. Default all queries to ARIN which has most other blocks.
#
@@ -580,7 +661,7 @@ cidr-blocks {
cidr6-blocks {
type = cidr6;
- "2001:0000::/23" = "whois.iana.org";
+ "2001:0000::/23" = "whois.iana.org"; # correct, but nothing usable is returned
"2001:0200::/23" = "whois.apnic.net";
"2001:0400::/23" = "whois.arin.net";
"2001:0600::/23" = "whois.ripe.net";
@@ -593,13 +674,13 @@ cidr6-blocks {
"2001:1600::/23" = "whois.ripe.net";
"2001:1800::/23" = "whois.arin.net";
"2001:1A00::/23" = "whois.ripe.net";
- "2001:1C00::/23" = "whois.ripe.net";
- "2001:1E00::/23" = "whois.ripe.net";
+ "2001:1C00::/22" = "whois.ripe.net";
"2001:2000::/20" = "whois.ripe.net";
"2001:3000::/21" = "whois.ripe.net";
"2001:3800::/22" = "whois.ripe.net";
+ "2001:3C00::/22" = "whois.arin.net"; # not correct, but shows better information
"2001:4000::/23" = "whois.ripe.net";
- "2001:4200::/23" = "whois.arin.net";
+ "2001:4200::/23" = "whois.afrinic.net";
"2001:4400::/23" = "whois.apnic.net";
"2001:4600::/23" = "whois.ripe.net";
"2001:4800::/23" = "whois.arin.net";
@@ -610,23 +691,47 @@ cidr6-blocks {
"2001:A000::/20" = "whois.apnic.net";
"2001:B000::/20" = "whois.apnic.net";
+ "2002:0000::/16" = "whois.arin.net"; # not correct, but shows better information
+
"2003:0000::/18" = "whois.ripe.net";
- "2400:0000::/19" = "whois.apnic.net";
- "2400:2000::/19" = "whois.apnic.net";
- "2400:4000::/21" = "whois.apnic.net";
- "2404:0000::/23" = "whois.apnic.net";
-
- "2600:0000::/22" = "whois.arin.net";
- "2604:0000::/22" = "whois.arin.net";
- "2608:0000::/22" = "whois.arin.net";
- "260C:0000::/22" = "whois.arin.net";
+ "2400:0000::/12" = "whois.apnic.net";
+
+ "2600:0000::/12" = "whois.arin.net";
"2610:0000::/23" = "whois.arin.net";
+ "2620:0000::/23" = "whois.arin.net";
+
+ "2800:0000::/12" = "whois.lacnic.net";
- "2800:0000::/23" = "whois.lacnic.net";
+ "2C00:0000::/12" = "whois.afrinic.net";
- "2A00:0000::/21" = "whois.ripe.net";
- "2A01:0000::/16" = "whois.ripe.net";
+ #
+ # IPv6 blocks by carriers used for SixXS;
+ # see e.g. http://www.sixxs.net/pops/
+ #
+ "2001:0610::/32" = "whois.sixxs.net";
+ "2001:06A0::/32" = "whois.sixxs.net";
+ "2001:06A8::/32" = "whois.sixxs.net";
+ "2001:06F8::/32" = "whois.sixxs.net";
+ "2001:0770::/32" = "whois.sixxs.net";
+ "2001:07B8::/32" = "whois.sixxs.net";
+ "2001:0808::/32" = "whois.sixxs.net";
+ "2001:0838::/32" = "whois.sixxs.net";
+ "2001:0960::/32" = "whois.sixxs.net";
+ "2001:0A60::/32" = "whois.sixxs.net";
+ "2001:0AD0::/32" = "whois.sixxs.net";
+ "2001:0B18::/32" = "whois.sixxs.net";
+ "2001:1418::/32" = "whois.sixxs.net";
+ "2001:14B8::/32" = "whois.sixxs.net";
+ "2001:15C0::/32" = "whois.sixxs.net";
+ "2001:16D8::/32" = "whois.sixxs.net";
+ "2001:1938::/32" = "whois.sixxs.net";
+ "2001:4830::/32" = "whois.sixxs.net";
+ "2001:4978::/32" = "whois.sixxs.net";
+ "2001:41E0::/32" = "whois.sixxs.net";
+ "2001:4428::/32" = "whois.sixxs.net";
+ "2A01:0198::/32" = "whois.sixxs.net";
+ "2A01:0348::/32" = "whois.sixxs.net";
#
# Experimental IPv6 network 6bone (RFC2471)
@@ -662,7 +767,7 @@ handles {
".*-NICAT$" = "whois.nic.at";
".*-CZ$" = "whois.nic.cz";
".*-NICIR$" = "whois.nic.ir";
- ".*-UYNIC$" = "www.rau.edu.uy";
+ ".*-UYNIC$" = "whois.nic.org.uy";
".*-ITNIC$" = "whois.nic.it";
".*-FRNIC$" = "whois.nic.fr";
".*-LACNIC$" = "whois.lacnic.net";
@@ -671,6 +776,49 @@ handles {
whois-server = "saudinic.net.sa";
query-format = "PERSON $*";
}
+ ".*-SIXXS$" = "whois.sixxs.net";
+ ".*-6BONE$" = "whois.6bone.net";
+ ".*-IRNIC$" = "whois.nic.ir";
+ ".*-RIPN$" = "whois.ripn.net";
+ ".*-AFRINIC$" = "whois.afrinic.net";
+ "^C[0-9]+-LRMS$" {
+ whois-server = "whois.afilias.info";
+ query-format = "CONTACT ID $*";
+ }
+ "^D[0-9]+-LRMS$" {
+ whois-server = "whois.afilias.info";
+ query-format = "DOMAIN ID $*";
+ }
+ "^H[0-9]+-LRMS$" {
+ whois-server = "whois.afilias.info";
+ query-format = "HOST ID $*";
+ }
+ "^R[0-9]+-LRMS$" {
+ whois-server = "whois.afilias.info";
+ query-format = "REGISTRAR ID $*";
+ }
+ ".*-KENIC$" = "whois.kenic.or.ke";
+ ".*-UANIC$" = "whois.com.ua";
+ ".*-COOP$" {
+ whois-server = "whois.nic.coop";
+ query-format = "CONTACT $*";
+ }
+ ".*CONTACT-NAME$" {
+ whois-server = "whois.nic.name";
+ query-format = "contact = $*";
+ }
+ ".*REGISTRAR-NAME$" {
+ whois-server = "whois.nic.name";
+ query-format = "registrar = $*";
+ }
+ "^C[0-9]+-AERO$" {
+ whois-server = "whois.aero";
+ query-format = "CONTACT ID $*";
+ }
+ "^D[0-9]+-AERO$" {
+ whois-server = "whois.aero";
+ query-format = "DOMAIN ID $*";
+ }
}
#
@@ -678,11 +826,6 @@ handles {
# each host.
#
server-options {
- "rwhois\\.nic\\.ve" {
- rwhois = true;
- rwhois-display = "dump";
- rwhois-limit = 10;
- }
"rwhois\\.exodus\\.net" {
rwhois = true;
}
@@ -754,13 +897,6 @@ server-options {
form-element = "name";
}
- "www\\.um\\.edu\\.mt" {
- http = "true";
- http-method = "GET";
- http-action = "/cgi-bin/nic/whois";
- form-element = "domain";
- }
-
"www\\.gt" {
http = "true";
http-method = "GET";
@@ -777,13 +913,6 @@ server-options {
query-format = "Upit=${+2}"; # All but last domain segment
}
- "whois\\.offshore\\.ai" {
- http = "true";
- http-method = "POST";
- http-action = "/cgi-bin/whois.pl";
- form-element = "domain-name";
- }
-
"www\\.io\\.io" {
http = "true";
http-method = "GET";
@@ -813,11 +942,12 @@ server-options {
form-element = "query";
}
- "www\\.nic\\.bi" {
- http = "true";
- http-method = "POST";
- http-action = "/cgi-bin/whoisbi.pl"; # Formatting problems in Lynx
- form-element = "DOMAINWHOIS";
+ "whois\\.nic\\.bi" {
+ http = "true"; # I can't connect on port 43
+ http-method = "GET";
+ http-action = "/register/whois.hei";
+ form-element = "query";
+ form-extra = "type=domain";
}
"www\\.nic\\.cg" {
@@ -848,13 +978,6 @@ server-options {
form-element = "name";
}
- "www\\.noc\\.uz" {
- http = "true";
- http-method = "POST";
- http-action = "/whois.php4";
- form-element = "dname";
- }
-
"www\\.nic\\.vi" {
http = "true";
http-method = "POST";
@@ -878,9 +1001,9 @@ server-options {
"www\\.nic\\.tg" {
http = "true";
- http-method = "GET";
- http-action = "/moteur/info_dom.php";
- form-element = "domaine";
+ http-method = "POST";
+ http-action = "/nictg/indexplus.php?pg=verifdom&op=whois";
+ query-format = "tosearch=${+2}&typedom=.tg";
}
"cgi\\.aub\\.edu\\.lb" {
@@ -910,33 +1033,152 @@ server-options {
form-element = "nombre";
}
- "www\\.denic\\.de" {
- http = "true";
- http-method = "POST";
- http-action = "/en/whois/data.jsp";
- form-element = "domainname";
- form-extra = "service=WhoisData&lang=en&submit=Accept";
- }
"whois\\.denic\\.de" {
whois-server = "whois.denic.de";
query-format = "-C UTF-8 -T dn,ace $*";
answer-charset = "UTF-8";
}
+
+ "whois\\.enum\\.denic\\.de" {
+ whois-server = "whois.enum.denic.de";
+ query-format = "-C UTF-8 -T dn $*";
+ answer-charset = "UTF-8";
+ }
+
"whois\\.nic\\.ad\\.jp" {
query-format = "$*/e";
}
+
"whois\\.nic\\.ch" {
answer-charset = "UTF-8";
}
+
"whois\\.nic\\.li" {
answer-charset = "UTF-8";
}
+
"whois\\.centralnic\\.*" {
whois-redirect = ".*Whois Server: \\(.*\\)";
}
+
".*\\.verisign-grs\\.com" {
whois-redirect = ".*Whois Server: \\(.*\\)";
}
+
+ "whois\\.sixxs\\.net" {
+ whois-redirect = ".*ReferralServer: whois:\/\/\\(.*\\)";
+ }
+
+ "whois2\\.afilias-grs\\.net" {
+ whois-redirect = "Whois Server:\\(.*\\)";
+ }
+
+ "whois\\.registrar\\.telekom\\.de" {
+ query-format = "full $*";
+ }
+
+ "whois\\.rrpproxy\\.net" {
+ answer-charset = "UTF-8";
+ }
+
+ "www\\.nom\\.za" {
+ http = "true";
+ http-method = "POST";
+ http-action = "/do.php";
+ query-format = "chkDomain=${+3}&chkAvail=Check";
+ }
+
+ "www\\.nic\\.pa" {
+ http = "true";
+ http-method = "GET";
+ http-action = "/egh/whois.php";
+ form-element = "nombre_d";
+ }
+
+ "www\\.nic\\.dz" {
+ http = "true";
+ http-method = "POST";
+ http-action = "/index.php?option=com_content&task=view&id=37&Itemid=51";
+ form-element = "domain_name";
+ }
+
+ "www\\.nic\\.yu" {
+ http = "true";
+ http-method = "GET";
+ http-action = "/cgi-bin/checkavail.cgi";
+ form-element = "domain";
+ }
+
+ "whois\\.dotster\\.com" {
+ answer-charset = "UTF-8";
+ }
+
+ "www\\.ert\\.gov\\.al" {
+ http = "true";
+ http-method = "POST";
+ http-action = "/ert_eng/domain_res.html";
+ query-format = "Domain=${+2}";
+ }
+
+ "www\\.nic\\.cu" {
+ http = "true";
+ http-method = "GET";
+ http-action = "/dom_det.php";
+ form-element = "domsrch";
+ }
+
+ "www\\.nic\\.ps" {
+ http = "true";
+ http-method = "GET";
+ http-action = "/whois/domain_whois.php";
+ form-element = "dname";
+ }
+
+ "www\\.svnet\\.org\\.sv" {
+ http = "true";
+ http-method = "POST";
+ http-action = "/registro/consultas/whois.php";
+ form-element = "subdominio";
+ }
+
+ "www\\.zispa\\.co\\.zw" {
+ http = "true";
+ http-method = "GET";
+ http-action = "/cgi-bin/search";
+ form-element = "domain";
+ }
+
+ "www\\.riu\\.edu\\.ar" {
+ http = "true";
+ http-method = "POST";
+ http-action = "/cgi-bin/verdom.pl.nuevo";
+ query-format = "username=${+3}";
+ }
+
+ "www\\.register\\.bs" {
+ http = "true";
+ http-method = "POST";
+ http-action = "/cgi-bin/search.pl";
+ form-element = "name";
+ }
+
+ "www\\.domain\\.by" {
+ http = "true";
+ http-method = "POST";
+ http-action = "/cgi-bin/registry.cgi";
+ query-format = "domain=${+2}&lang=e&mode=slquest";
+ }
+
+ "www\\.nic\\.ac" {
+ http = "true";
+ http-method = "GET";
+ http-action = "/cgi-bin/whois";
+ form-element = "textfield";
+ }
+
+ "whois\\.1api\\.net" {
+ answer-charset = "UTF-8";
+ }
}
#

163
src/patches/jwhois-4.0-conf_update2.patch Normal file
View File

@@ -0,0 +1,163 @@
Patch by Robert Scheck <robert@fedoraproject.org> for jwhois >= 4.0, which adds various new
IDN top-level-domains, updates some whois servers of ccTLDs and corrects the answer charset
setting for some whois servers, too.
--- jwhois-4.0/example/jwhois.conf 2011-05-22 20:36:19.000000000 +0200
+++ jwhois-4.0/example/jwhois.conf.conf_update2 2011-05-22 23:46:21.000000000 +0200
@@ -122,7 +122,6 @@
"\\.ac\\.ae$" = "whois.aeda.net.ae";
"\\.mil\\.ae$" = "whois.aeda.net.ae";
"\\.gov\\.ae$" = "whois.aeda.net.ae";
- "\\.1\\.7\\.9\\.e164\\.arpa$" = "whois.aeda.net.ae";
"\\.aero$" = "whois.aero";
"\\.af$" = "whois.cocca.cx";
"\\.ag$" = "whois.nic.ag";
@@ -192,7 +191,7 @@
}
"\\.dm$" = "whois.nic.dm";
"\\.do$" = "whois.nic.do";
- "\\.dz$" = "www.nic.dz";
+ "\\.dz$" = "whois.nic.dz";
"\\.ec$" = "www.nic.ec";
"\\.edu$" = "whois.educause.edu";
"\\.ee$" = "whois.eenet.ee";
@@ -243,7 +242,7 @@
"\\.kp$" = "whois.kcce.kp";
"\\.kg$" = "whois.domain.kg";
"\\.ki$" = "whois.cocca.cx";
- "\\.kr$" = "whois.krnic.net";
+ "\\.kr$" = "whois.kr";
"\\.kz$" = "whois.nic.kz";
"\\.la$" = "whois.nic.la";
"\\.lb$" = "cgi.aub.edu.lb";
@@ -292,13 +291,14 @@
"\\.pm$" = "whois.nic.pm";
"\\.pr$" = "whois.nic.pr";
"\\.pro$" = "whois.registrypro.pro";
- "\\.ps$" = "www.nic.ps";
+ "\\.ps$" = "whois.pnina.ps";
"\\.pt$" = "whois.dns.pt";
"\\.pw$" = "whois.nic.pw";
"\\.re$" = "whois.nic.re";
"\\.ro$" = "whois.rotld.ro";
+ "\\.rs$" = "whois.rnids.rs";
"\\.edu\.ru$" = "whois.informika.ru";
- "\\.ru$" = "whois.ripn.net";
+ "\\.ru$" = "whois.tcinet.ru";
"\\.rw$" = "www.nic.rw";
"\\.sa$" = "saudinic.net.sa";
"\\.sb$" = "whois.nic.sb";
@@ -317,6 +317,7 @@
"\\.st$" = "whois.nic.st";
"\\.su$" = "whois.ripn.net";
"\\.sv$" = "www.svnet.org.sv";
+ "\\.sy$" = "whois.tld.sy";
"\\.tc$" = "whois.adamsnames.tc";
"\\.tel$" = "whois.nic.tel";
"\\.tf$" = "whois.afnic.fr";
@@ -335,7 +336,7 @@
whois-server = "tvwhois.verisign-grs.com";
query-format = "domain $*";
}
- "\\.tw$" = "whois.twnic.net";
+ "\\.tw$" = "whois.twnic.net.tw";
"\\.ua$" = "whois.com.ua";
"\\.ug$" = "whois.co.ug";
"\\.ac\\.uk$" = "whois.ja.net";
@@ -357,9 +358,25 @@
"\\.vu$" = "www.vunic.vu";
"\\.wf$" = "whois.nic.wf";
"\\.ws$" = "whois.worldsite.ws";
+ "\\.xn--3e0b707e$" = "whois.kr";
+ "\\.xn--90a3ac$" = "whois.rnids.rs";
+ "\\.xn--clchc0ea0b2g2a9gcd$" = "whois.sgnic.sg";
+ "\\.xn--fiqs8s$" = "cwhois.cnnic.cn";
+ "\\.xn--fiqz9s$" = "cwhois.cnnic.cn";
+ "\\.xn--fzc2c9e2c$" = "whois.nic.lk";
+ "\\.xn--j6w193g$" = "whois.hkirc.hk";
+ "\\.xn--kprw13d$" = "whois.twnic.net.tw";
+ "\\.xn--kpry57d$" = "whois.twnic.net.tw";
+ "\\.xn--lgbbat1ad8j$" = "whois.nic.dz";
"\\.xn--mgbaam7a8h$" = "whois.aeda.net.ae";
+ "\\.xn--mgberp4a5d4ar$" = "whois.nic.net.sa";
+ "\\.xn--o3cw4h$" = "whois.thnic.co.th";
+ "\\.xn--ogbpf8fl$" = "whois.tld.sy";
+ "\\.xn--p1ai$" = "whois.tcinet.ru";
+ "\\.xn--xkc2al3hye2a$" = "whois.nic.lk";
+ "\\.xn--yfro4i67o$" = "whois.sgnic.sg";
+ "\\.xn--ygbi2ammx$" = "whois.pnina.ps";
"\\.yt$" = "whois.nic.yt";
- "\\.yu$" = "www.nic.yu";
"\\.ac\\.za$" = "whois.ac.za";
"\\.org\\.za$" = "rwhois.org.za 4321";
"\\.co\\.za$" = "whois.co.za";
@@ -389,6 +406,7 @@
"\\.9\\.4\\.e164\\.arpa$" = "whois.enum.denic.de";
"\\.1\\.6\\.e164\\.arpa$" = "whois-check.enum.com.au";
+ "\\.1\\.7\\.9\\.e164\\.arpa$" = "whois.aeda.net.ae";
}
#
@@ -1095,20 +1113,6 @@
form-element = "nombre_d";
}
- "www\\.nic\\.dz" {
- http = "true";
- http-method = "POST";
- http-action = "/index.php?option=com_content&task=view&id=37&Itemid=51";
- form-element = "domain_name";
- }
-
- "www\\.nic\\.yu" {
- http = "true";
- http-method = "GET";
- http-action = "/cgi-bin/checkavail.cgi";
- form-element = "domain";
- }
-
"whois\\.dotster\\.com" {
answer-charset = "UTF-8";
}
@@ -1127,13 +1131,6 @@
form-element = "domsrch";
}
- "www\\.nic\\.ps" {
- http = "true";
- http-method = "GET";
- http-action = "/whois/domain_whois.php";
- form-element = "dname";
- }
-
"www\\.svnet\\.org\\.sv" {
http = "true";
http-method = "POST";
@@ -1179,6 +1176,26 @@
"whois\\.1api\\.net" {
answer-charset = "UTF-8";
}
+
+ "whois\\.kr" {
+ answer-charset = "EUC-KR";
+ }
+
+ "whois\\.nic\\.or\\.kr" {
+ answer-charset = "EUC-KR";
+ }
+
+ "whois\\.nic\\.dz" {
+ answer-charset = "UTF-8";
+ }
+
+ "whois\\.nic\\.lk" {
+ answer-charset = "ISO-8859-11";
+ }
+
+ "whois\\.iana\\.org" {
+ answer-charset = "UTF-8";
+ }
}
#

58
src/patches/jwhois-4.0-connect.patch Normal file
View File

@@ -0,0 +1,58 @@
This fixes somewhat reversed logic of trying to connect to WHOIS server.
Tue Nov 20 2007, Lubomir Kundrak <lkundrak@redhat.com>
--- jwhois-4.0/src/utils.c.connect 2007-06-26 09:00:20.000000000 +0200
+++ jwhois-4.0/src/utils.c 2007-11-20 17:05:33.000000000 +0100
@@ -247,7 +247,7 @@ make_connect(const char *host, int port)
{
return -1;
}
- while (res)
+ for (; res; res = res->ai_next)
{
sa = res->ai_addr;
sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
@@ -266,15 +266,15 @@ make_connect(const char *host, int port)
flags = fcntl(sockfd, F_GETFL, 0);
if (fcntl(sockfd, F_SETFL, flags|O_NONBLOCK) == -1)
{
+ close (sockfd);
return -1;
}
-
error = connect(sockfd, res->ai_addr, res->ai_addrlen);
-
if (error < 0 && errno != EINPROGRESS)
{
- break;
+ close (sockfd);
+ continue;
}
FD_ZERO(&fdset);
@@ -283,18 +283,20 @@ make_connect(const char *host, int port)
error = select(FD_SETSIZE, NULL, &fdset, NULL, &timeout);
if (error == 0)
{
- break;
+ close (sockfd);
+ return -1;
}
retlen = sizeof(retval);
error = getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &retval, &retlen);
if (error < 0 || retval)
{
- break;
+ close (sockfd);
+ return -1;
}
- res = res->ai_next;
+
+ break;
}
- if (error < 0 || retval) return -1;
#endif
return sockfd;

12
src/patches/jwhois-4.0-fclose.patch Normal file
View File

@@ -0,0 +1,12 @@
diff -up jwhois-4.0/src/init.c_old jwhois-4.0/src/init.c
--- jwhois-4.0/src/init.c_old 2007-06-26 08:59:17.000000000 +0200
+++ jwhois-4.0/src/init.c 2009-01-27 15:49:35.000000000 +0100
@@ -283,6 +283,8 @@ parse_args(int *argc, char ***argv)
if (in)
jconfig_parse_file(in);
+ fclose(in);
+
if (verbose>1)
{
printf("[Debug: Cache = %s]\n", cache?"On":"Off");

43
src/patches/jwhois-4.0-idna.patch Normal file
View File

@@ -0,0 +1,43 @@
diff -up jwhois-4.0/src/jwhois.c.orig jwhois-4.0/src/jwhois.c
--- jwhois-4.0/src/jwhois.c.orig 2007-06-26 08:59:35.000000000 +0200
+++ jwhois-4.0/src/jwhois.c 2011-05-24 12:29:37.398892451 +0200
@@ -98,7 +98,7 @@ main(int argc, char **argv)
/* Parse remaining arguments and place them into the wq
structure. */
- while (optind < argc)
+ while (optind < argc-1)
{
count += strlen(argv[optind])+1;
if (!qstring)
@@ -116,19 +116,25 @@ main(int argc, char **argv)
strcat(qstring, " ");
optind++;
}
- qstring[strlen(qstring)-1] = '\0';
#ifdef LIBIDN
- rc = idna_to_ascii_lz(qstring, &idn, 0);
+ rc = idna_to_ascii_lz(argv[optind], &idn, 0);
if (rc != IDNA_SUCCESS)
{
- printf("[IDN encoding of '%s' failed with error code %d]\n", qstring, rc);
+ printf("[IDN encoding of '%s' failed with error code %d]\n", argv[optind], rc);
exit(1);
}
- wq.query = strdup(idn);
+ qstring = realloc(qstring, count+strlen(idn)+1);
+ memcpy(qstring+count,
+ idn,
+ strlen(idn)+1);
free(idn);
#else
- wq.query = qstring;
+ qstring = realloc(qstring, count+strlen(argv[optind])+1);
+ memcpy(qstring+count,
+ argv[optind],
+ strlen(argv[optind])+1);
#endif
+ wq.query = qstring;
if (ghost)
{

15
src/patches/jwhois-4.0-ipv6match.patch Normal file
View File

@@ -0,0 +1,15 @@
When IPv6 address mask did not end on an octed boundary, the the opposite
part of last byte of host address was taken into account when a match was
attempted. -- Lubomir Kundrak <lkundrak@redhat.com>
--- jwhois-4.0/src/lookup.c.ipv6-match 2007-12-04 17:09:57.000000000 +0100
+++ jwhois-4.0/src/lookup.c 2007-12-04 17:10:20.000000000 +0100
@@ -149,7 +149,7 @@ static int ipv6_address_is_in_network(co
}
/* i == bits / 8 */
if (bits % 8 != 0
- && (addr->s6_addr[i] & (0xFFu << (bits % 8))) != net->s6_addr[i])
+ && (addr->s6_addr[i] & (0xFFu << 8-(bits % 8))) != net->s6_addr[i])
return 0;
return 1;
}

15
src/patches/jwhois-4.0-multi-homed.patch Normal file
View File

@@ -0,0 +1,15 @@
diff -up jwhois-4.0/src/utils.c.orig jwhois-4.0/src/utils.c
--- jwhois-4.0/src/utils.c.orig 2010-09-29 16:19:24.453608330 +0200
+++ jwhois-4.0/src/utils.c 2010-09-29 16:20:10.686608189 +0200
@@ -292,7 +292,10 @@ make_connect(const char *host, int port)
if (error < 0 || retval)
{
close (sockfd);
- return -1;
+ if (retval == ENETUNREACH)
+ continue;
+ else
+ return -1;
}
break;

27
src/patches/jwhois-4.0-select.patch Normal file
View File

@@ -0,0 +1,27 @@
diff -ur jwhois-4.0.old/src/whois.c jwhois-4.0/src/whois.c
--- jwhois-4.0.old/src/whois.c 2007-06-26 03:00:29.000000000 -0400
+++ jwhois-4.0/src/whois.c 2009-04-29 11:42:56.000000000 -0400
@@ -115,6 +115,7 @@
unsigned int count, start_count;
int ret;
char data[MAXBUFSIZE];
+ fd_set rfds;
count = 0;
@@ -124,7 +125,15 @@
do
{
+ FD_ZERO(&rfds);
+ FD_SET(fd, &rfds);
+ ret = select(fd + 1, &rfds, NULL, NULL, NULL);
+
+ if (ret <= 0)
+ return -1;
+
ret = read(fd, data, MAXBUFSIZE-1);
+
if (ret >= 0)
{
count += ret;

11
src/patches/lcdproc-0.5.6-menuitem.patch Normal file
View File

@@ -0,0 +1,11 @@
--- server/menuitem.c 2012/04/25 19:53:15 1.37
+++ server/menuitem.c 2013/01/17 21:27:27 1.38
@@ -33,6 +33,8 @@
#define MAX_NUMERIC_LEN 40
+extern Menu *main_menu; /* Access to the main menu */
+
char *error_strs[] = {"", "Out of range", "Too long", "Too short", "Invalid Address"};
char *menuitemtypenames[] = {"menu", "action", "checkbox", "ring", "slider", "numeric", "alpha", "ip"};
char *menueventtypenames[] = {"select", "update", "plus", "minus", "enter", "leave"};

12
src/patches/multicat-makefile.patch Normal file
View File

@@ -0,0 +1,12 @@
--- Makefile.orig 2013-06-14 12:39:11.000000000 +0200
+++ Makefile 2013-06-14 12:39:20.000000000 +0200
@@ -13,7 +13,7 @@
OBJ_LASTS = lasts.o
OBJ_MULTICAT_VALIDATE = multicat_validate.o util.o
-PREFIX ?= /usr/local
+PREFIX ?= /usr
BIN = $(DESTDIR)/$(PREFIX)/bin
MAN = $(DESTDIR)/$(PREFIX)/share/man/man1

14
src/patches/oinkmaster-2.0-add_community_rules.patch Normal file
View File

@@ -0,0 +1,14 @@
diff -Naur oinkmaster-2.0.org/oinkmaster.pl oinkmaster-2.0/oinkmaster.pl
--- oinkmaster-2.0.org/oinkmaster.pl 2007-04-20 05:20:32.000000000 +0200
+++ oinkmaster-2.0/oinkmaster.pl 2013-07-15 16:46:40.000000000 +0200
@@ -1159,6 +1159,10 @@
}
}
+ # hack for community-ruleset.
+ if (-d "$dir/community-rules") {
+ move("$dir/community-rules","$dir/$rules_dir");
+ }
# Make sure that non-empty rules directory existed in archive.
# We permit empty rules directory if min_files is set to 0 though.
clean_exit("$url: no \"$rules_dir\" directory found in tar file.")

54
src/patches/squid-3.1-10486.patch Normal file
View File

@@ -0,0 +1,54 @@
------------------------------------------------------------
revno: 10486
revision-id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
parent: squid3@treenet.co.nz-20130109021503-hqg7ufldrudpzr9l
fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3790
author: Reinhard Sojka <reinhard.sojka@parlament.gv.at>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: SQUID_3_1
timestamp: Fri 2013-02-22 04:13:25 -0700
message:
Bug 3790: cachemgr.cgi crash with authentication
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# testament_sha1: 121adf68a9c3b2eca766cfb768256b6b57d9816b
# timestamp: 2013-02-22 11:17:18 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# base_revision_id: squid3@treenet.co.nz-20130109021503-\
# hqg7ufldrudpzr9l
#
# Begin patch
=== modified file 'tools/cachemgr.cc'
--- tools/cachemgr.cc 2013-01-08 23:11:51 +0000
+++ tools/cachemgr.cc 2013-02-22 11:13:25 +0000
@@ -1162,7 +1162,6 @@
{
static char buf[1024];
size_t stringLength = 0;
- const char *str64;
if (!req->passwd)
return "";
@@ -1171,15 +1170,12 @@
req->user_name ? req->user_name : "",
req->passwd);
- str64 = base64_encode(buf);
-
- stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64);
+ stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", base64_encode(buf));
assert(stringLength < sizeof(buf));
- snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", str64);
+ snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf));
- xxfree(str64);
return buf;
}

73
src/patches/squid-3.1-10487.patch Normal file
View File

@@ -0,0 +1,73 @@
------------------------------------------------------------
revno: 10487
revision-id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
parent: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
author: Nathan Hoad <nathan@getoffmalawn.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: SQUID_3_1
timestamp: Wed 2013-07-10 06:47:48 -0600
message:
Protect against buffer overrun in DNS query generation
see SQUID-2013:2.
This bug has been present as long as the internal DNS component however
most code reaching this point is passing through URL validation first.
With Squid-3.2 Host header verification using DNS directly we may have
problems.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0
# timestamp: 2013-07-10 12:48:57 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# base_revision_id: squid3@treenet.co.nz-20130222111325-\
# zizr296kq3te4g7h
#
# Begin patch
=== modified file 'src/dns_internal.cc'
--- src/dns_internal.cc 2011-10-11 02:12:56 +0000
+++ src/dns_internal.cc 2013-07-10 12:47:48 +0000
@@ -1532,22 +1532,26 @@
void
idnsALookup(const char *name, IDNSCB * callback, void *data)
{
- unsigned int i;
+ size_t nameLength = strlen(name);
+
+ // Prevent buffer overflow on q->name
+ if (nameLength > NS_MAXDNAME) {
+ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details.");
+ callback(data, NULL, 0, "Internal error");
+ return;
+ }
+
+ if (idnsCachedLookup(name, callback, data))
+ return;
+
+ idns_query *q = cbdataAlloc(idns_query);
+ q->id = idnsQueryID();
int nd = 0;
- idns_query *q;
-
- if (idnsCachedLookup(name, callback, data))
- return;
-
- q = cbdataAlloc(idns_query);
-
- q->id = idnsQueryID();
-
- for (i = 0; i < strlen(name); i++)
+ for (unsigned int i = 0; i < nameLength; ++i)
if (name[i] == '.')
nd++;
- if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') {
+ if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') {
q->do_searchpath = 1;
} else {
q->do_searchpath = 0;

13
src/patches/squidclamav-5.11-dont_use_ipv6.patch Normal file
View File

@@ -0,0 +1,13 @@
diff -Nur a/src/squidclamav.c b/src/squidclamav.c
--- a/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100
+++ b/src/squidclamav.c 2013-07-06 19:10:56.375292374 +0200
@@ -413,6 +413,9 @@
/* Suppress error: SSL certificate problem, verify that the CA cert is OK */
curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0);
+
+ /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */
+ curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
}
}
/* create a squidguard child process and setup pipes */

14
src/patches/tcpdump-4.0.0-noINET.patch
View File

@@ -1,14 +0,0 @@
--- tcpdump-4.0.0.orig/print-enc.c 2008-09-01 09:44:22.000000000 +0700
+++ tcpdump-4.0.0/print-enc.c 2008-11-10 21:40:52.000000000 +0700
@@ -77,9 +77,11 @@
case AF_INET:
ip_print(gndo, p, length);
break;
+#ifdef INTE6
case AF_INET6:
ip6_print(p, length);
break;
+#endif
}
out:

63
src/scripts/setddns.pl
View File

@@ -115,8 +115,10 @@ if ($ip ne $ipcache) {
next; # do not update, go to test next service
}
}
my @service = split(/\./, "$settings{'SERVICE'}");
$settings{'SERVICE'} = "$service[0]";
if ($settings{'SERVICE'} ne "dns.lightningwirelabs.com") {
my @service = split(/\./, "$settings{'SERVICE'}");
$settings{'SERVICE'} = "$service[0]";
}
if ($settings{'SERVICE'} eq 'no-ip') {
open(F, ">${General::swroot}/ddns/noipsettings");
flock F, 2;
@@ -148,6 +150,27 @@ if ($ip ne $ipcache) {
}
}
elsif ($settings{'SERVICE'} eq 'all-inkl') {
my %proxysettings;
&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
}
my ($out, $response) = Net::SSLeay::get_https("dyndns.kasserver.com", 443, "/", Net::SSLeay::make_headers(
'User-Agent' => 'IPFire', 'Authorization' => 'Basic ' . encode_base64("$settings{'LOGIN'}:$settings{'PASSWORD'}")
));
# Valid response are 'ok' 'nochange'
if ($response =~ m%HTTP/1\.. 200 OK%) {
&General::log("Dynamic DNS ip-update for $settings{'HOSTNAME'}.$settings{'DOMAIN'} : success");
$success++;
} else {
&General::log("Dynamic DNS ip-update for $settings{'HOSTNAME'}.$settings{'DOMAIN'} : failure (could not connect to server, check your credentials)");
}
}
elsif ($settings{'SERVICE'} eq 'cjb') {
# use proxy ?
my %proxysettings;
@@ -236,6 +259,42 @@ if ($ip ne $ipcache) {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server, check your credentials)");
}
}
elsif ($settings{'SERVICE'} eq 'dns.lightningwirelabs.com') {
# use proxy ?
my %proxysettings;
&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
}
if ($settings{'HOSTNAME'} eq '') {
$settings{'HOSTDOMAIN'} = $settings{'DOMAIN'};
} else {
$settings{'HOSTDOMAIN'} = "$settings{'HOSTNAME'}.$settings{'DOMAIN'}";
}
my $authstring;
if ($settings{'LOGIN'} eq "token") {
$authstring = "token=$settings{'PASSWORD'}";
} else {
$authstring = "username=$settings{'LOGIN'}&password=$settings{'PASSWORD'}";
}
my $user_agent = &General::MakeUserAgent();
my ($out, $response) = Net::SSLeay::get_https("dns.lightningwirelabs.com", 443,
"/update?hostname=$settings{'HOSTDOMAIN'}&address4=$ip&$authstring",
Net::SSLeay::make_headers('User-Agent' => $user_agent)
);
# Valid response are 'ok' 'nochange'
if ($response =~ m%HTTP/1\.. 200 OK%) {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : success");
$success++;
} else {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server, check your credentials)");
}
}
elsif ($settings{'SERVICE'} eq 'enom') {
# use proxy ?
my %proxysettings;