webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 19:55:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/next'

Browse Source
This commit is contained in:
Arne Fitzenreiter
2013-08-11 11:51:40 +02:00
parent 7b1db453c0 028c88f46f
commit 9e78ce6142
63 changed files with 2573 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/backup/includes/tor Normal file
View File

@@ -0,0 +1,4 @@
/etc/tor
/var/ipfire/tor
/var/lib/tor/fingerprint
/var/lib/tor/keys

1
config/backup/includes/vdr
View File

@@ -1 +1,2 @@
/etc/vdr
/etc/sysconfig/vdr

6
config/menu/EX-tor.menu Normal file
View File

@@ -0,0 +1,6 @@
$subipfire->{'50.tor'} = {
'caption' => $Lang::tr{'tor'},
'uri' => '/cgi-bin/tor.cgi',
'title' => $Lang::tr{'tor'},
'enabled' => 1,
};

2
config/ovpn/verify
View File

@@ -49,7 +49,7 @@ if (-f "${General::swroot}/ovpn/ovpnconfig"){
exit 0 if ($cn eq $CN);
# Compatibility code for incorrectly saved CNs.
$cn =~ s/\ /_/;
$cn =~ s/\ /_/g;
exit 0 if ($cn eq $CN);
}
}

1
config/rootfiles/common/armv5tel/initscripts
View File

@@ -126,6 +126,7 @@ etc/rc.d/init.d/teamspeak
etc/rc.d/init.d/template
#etc/rc.d/init.d/tftpd
etc/rc.d/init.d/tmpfs
#etc/rc.d/init.d/tor
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/upnpd

1
config/rootfiles/common/configroot
View File

@@ -91,6 +91,7 @@ var/ipfire/menu.d/70-log.menu
#var/ipfire/menu.d/EX-imspector.menu
#var/ipfire/menu.d/EX-mpfire.menu
#var/ipfire/menu.d/EX-samba.menu
#var/ipfire/menu.d/EX-tor.menu
#var/ipfire/menu.d/EX-tripwire.menu
#var/ipfire/menu.d/EX-wlanap.menu
var/ipfire/modem

2
config/rootfiles/common/daq
View File

@@ -21,7 +21,7 @@ usr/lib/daq
#usr/lib/libdaq.la
#usr/lib/libdaq.so
usr/lib/libdaq.so.2
usr/lib/libdaq.so.2.0.0
usr/lib/libdaq.so.2.0.1
#usr/lib/libdaq_static.a
#usr/lib/libdaq_static.la
#usr/lib/libdaq_static_modules.a

4
config/rootfiles/common/gperf Normal file
View File

@@ -0,0 +1,4 @@
#usr/bin/gperf
#usr/share/doc/gperf.html
#usr/share/info/gperf.info
#usr/share/man/man1/gperf.1

1
config/rootfiles/common/i586/initscripts
View File

@@ -128,6 +128,7 @@ etc/rc.d/init.d/teamspeak
etc/rc.d/init.d/template
#etc/rc.d/init.d/tftpd
etc/rc.d/init.d/tmpfs
#etc/rc.d/init.d/tor
#etc/rc.d/init.d/transmission
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry

1
config/rootfiles/common/misc-progs
View File

@@ -32,6 +32,7 @@ usr/local/bin/squidctrl
usr/local/bin/sshctrl
usr/local/bin/syslogdctrl
usr/local/bin/timectrl
#usr/local/bin/torctrl
#usr/local/bin/tripwirectrl
usr/local/bin/updxlratorctrl
usr/local/bin/upnpctrl

14
config/rootfiles/common/strongswan
View File

@@ -31,6 +31,11 @@ usr/lib/ipsec/libradius.so.0.0.0
usr/lib/ipsec/libstrongswan.so
usr/lib/ipsec/libstrongswan.so.0
usr/lib/ipsec/libstrongswan.so.0.0.0
#usr/lib/ipsec/libtls.a
#usr/lib/ipsec/libtls.la
usr/lib/ipsec/libtls.so
usr/lib/ipsec/libtls.so.0
usr/lib/ipsec/libtls.so.0.0.0
#usr/lib/ipsec/plugins
usr/lib/ipsec/plugins/libstrongswan-aes.so
usr/lib/ipsec/plugins/libstrongswan-attr.so
@@ -39,7 +44,12 @@ usr/lib/ipsec/plugins/libstrongswan-constraints.so
usr/lib/ipsec/plugins/libstrongswan-curl.so
usr/lib/ipsec/plugins/libstrongswan-des.so
usr/lib/ipsec/plugins/libstrongswan-dnskey.so
usr/lib/ipsec/plugins/libstrongswan-eap-identity.so
usr/lib/ipsec/plugins/libstrongswan-eap-mschapv2.so
usr/lib/ipsec/plugins/libstrongswan-eap-peap.so
usr/lib/ipsec/plugins/libstrongswan-eap-radius.so
usr/lib/ipsec/plugins/libstrongswan-eap-tls.so
usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so
usr/lib/ipsec/plugins/libstrongswan-fips-prf.so
usr/lib/ipsec/plugins/libstrongswan-gmp.so
usr/lib/ipsec/plugins/libstrongswan-hmac.so
@@ -51,18 +61,22 @@ usr/lib/ipsec/plugins/libstrongswan-openssl.so
usr/lib/ipsec/plugins/libstrongswan-pem.so
usr/lib/ipsec/plugins/libstrongswan-pgp.so
usr/lib/ipsec/plugins/libstrongswan-pkcs1.so
usr/lib/ipsec/plugins/libstrongswan-pkcs12.so
usr/lib/ipsec/plugins/libstrongswan-pkcs7.so
usr/lib/ipsec/plugins/libstrongswan-pkcs8.so
usr/lib/ipsec/plugins/libstrongswan-pubkey.so
usr/lib/ipsec/plugins/libstrongswan-random.so
usr/lib/ipsec/plugins/libstrongswan-rc2.so
usr/lib/ipsec/plugins/libstrongswan-resolve.so
usr/lib/ipsec/plugins/libstrongswan-revocation.so
usr/lib/ipsec/plugins/libstrongswan-sha1.so
usr/lib/ipsec/plugins/libstrongswan-sha2.so
usr/lib/ipsec/plugins/libstrongswan-socket-default.so
usr/lib/ipsec/plugins/libstrongswan-sshkey.so
usr/lib/ipsec/plugins/libstrongswan-stroke.so
usr/lib/ipsec/plugins/libstrongswan-updown.so
usr/lib/ipsec/plugins/libstrongswan-x509.so
usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so
usr/lib/ipsec/plugins/libstrongswan-xauth-generic.so
usr/lib/ipsec/plugins/libstrongswan-xcbc.so
#usr/libexec/ipsec

17
config/rootfiles/core/72/exclude Normal file
View File

@@ -0,0 +1,17 @@
srv/web/ipfire/html/proxy.pac
boot/config.txt
etc/udev/rules.d/30-persistent-network.rules
etc/collectd.custom
etc/shadow
etc/ipsec.conf
etc/ipsec.secrets
etc/ipsec.user.conf
etc/ipsec.user.secrets
var/log/cache
var/updatecache
etc/localtime
etc/ssh/ssh_config
etc/ssh/sshd_config
etc/ssl/openssl.cnf
var/state/dhcp/dhcpd.leases
etc/snort/snort.conf

1
config/rootfiles/core/72/filelists/daq Symbolic link
View File

@@ -0,0 +1 @@
../../../common/daq

11
config/rootfiles/core/72/filelists/files Normal file
View File

@@ -0,0 +1,11 @@
etc/system-release
etc/issue
etc/rc.d/init.d/firewall
srv/web/ipfire/cgi-bin/ddns.cgi
srv/web/ipfire/cgi-bin/ids.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
usr/local/bin/openvpnctrl
usr/local/bin/setddns.pl
var/ipfire/langs
var/ipfire/ovpn/verify

1
config/rootfiles/core/72/filelists/i586/strongswan-padlock Symbolic link
View File

@@ -0,0 +1 @@
../../../../common/i586/strongswan-padlock

1
config/rootfiles/core/72/filelists/snort Symbolic link
View File

@@ -0,0 +1 @@
../../../common/snort

1
config/rootfiles/core/72/filelists/squid Symbolic link
View File

@@ -0,0 +1 @@
../../../common/squid

1
config/rootfiles/core/72/filelists/strongswan Symbolic link
View File

@@ -0,0 +1 @@
../../../common/strongswan

1
config/rootfiles/core/72/meta Normal file
View File

@@ -0,0 +1 @@
DEPS=""

69
config/rootfiles/core/72/update.sh Normal file
View File

@@ -0,0 +1,69 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 3 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2013 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
#
# Remove old core updates from pakfire cache to save space...
core=72
for (( i=1; i<=$core; i++ ))
do
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done
#
#Stop services
/etc/init.d/ipsec stop
/etc/init.d/snort stop
/etc/init.d/squid stop
#
#Extract files
extract_files
#
#Start services
/etc/init.d/squid start
/etc/init.d/snort start
if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
/etc/init.d/ipsec start
fi
#
#Update Language cache
perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
sync
# This update need a reboot...
#touch /var/run/need_reboot
#
#Finish
/etc/init.d/fireinfo start
sendprofile
#Don't report the exitcode last command
exit 0

166
config/rootfiles/packages/arm Normal file
View File

@@ -0,0 +1,166 @@
usr/bin/arm
#usr/share/arm
#usr/share/arm-1.4.5.0-py2.7.egg-info
usr/share/arm/TorCtl
usr/share/arm/TorCtl/GeoIPSupport.py
usr/share/arm/TorCtl/GeoIPSupport.pyc
usr/share/arm/TorCtl/PathSupport.py
usr/share/arm/TorCtl/PathSupport.pyc
usr/share/arm/TorCtl/SQLSupport.py
usr/share/arm/TorCtl/SQLSupport.pyc
usr/share/arm/TorCtl/ScanSupport.py
usr/share/arm/TorCtl/ScanSupport.pyc
usr/share/arm/TorCtl/StatsSupport.py
usr/share/arm/TorCtl/StatsSupport.pyc
usr/share/arm/TorCtl/TorCtl.py
usr/share/arm/TorCtl/TorCtl.pyc
usr/share/arm/TorCtl/TorUtil.py
usr/share/arm/TorCtl/TorUtil.pyc
usr/share/arm/TorCtl/__init__.py
usr/share/arm/TorCtl/__init__.pyc
usr/share/arm/TorCtl/example.py
usr/share/arm/TorCtl/example.pyc
usr/share/arm/__init__.py
usr/share/arm/__init__.pyc
usr/share/arm/cli
usr/share/arm/cli/__init__.py
usr/share/arm/cli/__init__.pyc
usr/share/arm/cli/configPanel.py
usr/share/arm/cli/configPanel.pyc
usr/share/arm/cli/connections
usr/share/arm/cli/connections/__init__.py
usr/share/arm/cli/connections/__init__.pyc
usr/share/arm/cli/connections/circEntry.py
usr/share/arm/cli/connections/circEntry.pyc
usr/share/arm/cli/connections/connEntry.py
usr/share/arm/cli/connections/connEntry.pyc
usr/share/arm/cli/connections/connPanel.py
usr/share/arm/cli/connections/connPanel.pyc
usr/share/arm/cli/connections/countPopup.py
usr/share/arm/cli/connections/countPopup.pyc
usr/share/arm/cli/connections/descriptorPopup.py
usr/share/arm/cli/connections/descriptorPopup.pyc
usr/share/arm/cli/connections/entries.py
usr/share/arm/cli/connections/entries.pyc
usr/share/arm/cli/controller.py
usr/share/arm/cli/controller.pyc
usr/share/arm/cli/graphing
usr/share/arm/cli/graphing/__init__.py
usr/share/arm/cli/graphing/__init__.pyc
usr/share/arm/cli/graphing/bandwidthStats.py
usr/share/arm/cli/graphing/bandwidthStats.pyc
usr/share/arm/cli/graphing/connStats.py
usr/share/arm/cli/graphing/connStats.pyc
usr/share/arm/cli/graphing/graphPanel.py
usr/share/arm/cli/graphing/graphPanel.pyc
usr/share/arm/cli/graphing/resourceStats.py
usr/share/arm/cli/graphing/resourceStats.pyc
usr/share/arm/cli/headerPanel.py
usr/share/arm/cli/headerPanel.pyc
usr/share/arm/cli/interpretorPanel.py
usr/share/arm/cli/interpretorPanel.pyc
usr/share/arm/cli/logPanel.py
usr/share/arm/cli/logPanel.pyc
usr/share/arm/cli/menu
usr/share/arm/cli/menu/__init__.py
usr/share/arm/cli/menu/__init__.pyc
usr/share/arm/cli/menu/actions.py
usr/share/arm/cli/menu/actions.pyc
usr/share/arm/cli/menu/item.py
usr/share/arm/cli/menu/item.pyc
usr/share/arm/cli/menu/menu.py
usr/share/arm/cli/menu/menu.pyc
usr/share/arm/cli/popups.py
usr/share/arm/cli/popups.pyc
usr/share/arm/cli/torrcPanel.py
usr/share/arm/cli/torrcPanel.pyc
usr/share/arm/cli/wizard.py
usr/share/arm/cli/wizard.pyc
usr/share/arm/gui
usr/share/arm/gui/__init__.py
usr/share/arm/gui/__init__.pyc
usr/share/arm/gui/arm.xml
usr/share/arm/gui/configPanel.py
usr/share/arm/gui/configPanel.pyc
usr/share/arm/gui/connections
usr/share/arm/gui/connections/__init__.py
usr/share/arm/gui/connections/__init__.pyc
usr/share/arm/gui/connections/circEntry.py
usr/share/arm/gui/connections/circEntry.pyc
usr/share/arm/gui/connections/connEntry.py
usr/share/arm/gui/connections/connEntry.pyc
usr/share/arm/gui/connections/connPanel.py
usr/share/arm/gui/connections/connPanel.pyc
usr/share/arm/gui/controller.py
usr/share/arm/gui/controller.pyc
usr/share/arm/gui/generalPanel.py
usr/share/arm/gui/generalPanel.pyc
usr/share/arm/gui/graphing
usr/share/arm/gui/graphing/__init__.py
usr/share/arm/gui/graphing/__init__.pyc
usr/share/arm/gui/graphing/bandwidthStats.py
usr/share/arm/gui/graphing/bandwidthStats.pyc
usr/share/arm/gui/graphing/graphPanel.py
usr/share/arm/gui/graphing/graphPanel.pyc
usr/share/arm/gui/logPanel.py
usr/share/arm/gui/logPanel.pyc
usr/share/arm/prereq.py
usr/share/arm/prereq.pyc
#usr/share/arm/resources
#usr/share/arm/resources/arm.1
#usr/share/arm/resources/exitNotice
#usr/share/arm/resources/exitNotice/how_tor_works_thumb.png
#usr/share/arm/resources/exitNotice/index.html
#usr/share/arm/resources/startTor
#usr/share/arm/resources/tor-arm.desktop
#usr/share/arm/resources/tor-arm.svg
#usr/share/arm/resources/torConfigDesc.txt
#usr/share/arm/resources/torrcOverride
#usr/share/arm/resources/torrcOverride/override.c
#usr/share/arm/resources/torrcOverride/override.h
#usr/share/arm/resources/torrcOverride/override.py
#usr/share/arm/resources/torrcTemplate.txt
usr/share/arm/settings.cfg
usr/share/arm/starter.py
usr/share/arm/starter.pyc
usr/share/arm/test.py
usr/share/arm/test.pyc
#usr/share/arm/uninstall
usr/share/arm/util
usr/share/arm/util/__init__.py
usr/share/arm/util/__init__.pyc
usr/share/arm/util/conf.py
usr/share/arm/util/conf.pyc
usr/share/arm/util/connections.py
usr/share/arm/util/connections.pyc
usr/share/arm/util/enum.py
usr/share/arm/util/enum.pyc
usr/share/arm/util/gtkTools.py
usr/share/arm/util/gtkTools.pyc
usr/share/arm/util/hostnames.py
usr/share/arm/util/hostnames.pyc
usr/share/arm/util/log.py
usr/share/arm/util/log.pyc
usr/share/arm/util/panel.py
usr/share/arm/util/panel.pyc
usr/share/arm/util/procName.py
usr/share/arm/util/procName.pyc
usr/share/arm/util/procTools.py
usr/share/arm/util/procTools.pyc
usr/share/arm/util/sysTools.py
usr/share/arm/util/sysTools.pyc
usr/share/arm/util/textInput.py
usr/share/arm/util/textInput.pyc
usr/share/arm/util/torConfig.py
usr/share/arm/util/torConfig.pyc
usr/share/arm/util/torInterpretor.py
usr/share/arm/util/torInterpretor.pyc
usr/share/arm/util/torTools.py
usr/share/arm/util/torTools.pyc
usr/share/arm/util/uiTools.py
usr/share/arm/util/uiTools.pyc
usr/share/arm/version.py
usr/share/arm/version.pyc
#usr/share/doc/arm
#usr/share/doc/arm/armrc.sample
#usr/share/man/man1/arm.1.gz

31
config/rootfiles/packages/tor Normal file
View File

@@ -0,0 +1,31 @@
#etc/logrotate.d
etc/logrotate.d/tor
etc/rc.d/init.d/tor
#etc/tor
etc/tor/tor-tsocks.conf
etc/tor/torrc
srv/web/ipfire/cgi-bin/tor.cgi
usr/bin/tor
usr/bin/tor-gencert
usr/bin/tor-resolve
#usr/bin/torify
usr/local/bin/torctrl
#usr/share/doc/tor
#usr/share/doc/tor/tor-gencert.html
#usr/share/doc/tor/tor-resolve.html
#usr/share/doc/tor/tor.html
#usr/share/doc/tor/torify.html
#usr/share/man/man1/tor-gencert.1
#usr/share/man/man1/tor-resolve.1
#usr/share/man/man1/tor.1
#usr/share/man/man1/torify.1
usr/share/tor
usr/share/tor/defaults-torrc
usr/share/tor/geoip
var/ipfire/backup/addons/includes/tor
var/ipfire/menu.d/EX-tor.menu
var/ipfire/tor
var/ipfire/tor/settings
var/ipfire/tor/torrc
var/lib/tor
var/log/tor

3
config/tor/defaults-torrc Normal file
View File

@@ -0,0 +1,3 @@
DataDirectory /var/lib/tor
User nobody
Log notice syslog

13
config/tor/tor.logrotate Normal file
View File

@@ -0,0 +1,13 @@
/var/log/tor/*.log {
daily
rotate 5
compress
delaycompress
missingok
notifempty
create 0640 nobody nobody
sharedscripts
postrotate
/etc/init.d/tor reload >/dev/null 2>&1 || :
endscript
}

2
config/vdr/vdr.sysconfig
View File

@@ -3,7 +3,7 @@
# The "master" options. Some examples of options you may want to set
# here are -r, -t, and --rcu. See the vdr(1) man page for more info.
#
VDR_OPTIONS=(--vfat)
VDR_OPTIONS=(--vfat --log=1)
# VDR_PLUGIN_ORDER is a space separated list of plugins that should be
# loaded in a specific order. This affects eg. the order the plugins'

4
doc/language_issues.de
View File

@@ -406,6 +406,10 @@ WARNING: translation string unused: to email adr
WARNING: translation string unused: to install an update
WARNING: translation string unused: to warn email bad
WARNING: translation string unused: too long 80 char max
WARNING: translation string unused: tor accounting period daily
WARNING: translation string unused: tor accounting period monthly
WARNING: translation string unused: tor accounting period weekly
WARNING: translation string unused: tor exit country
WARNING: translation string unused: traffic back
WARNING: translation string unused: traffic calc time
WARNING: translation string unused: traffic calc time bad

6
doc/language_issues.en
View File

@@ -437,6 +437,12 @@ WARNING: translation string unused: to email adr
WARNING: translation string unused: to install an update
WARNING: translation string unused: to warn email bad
WARNING: translation string unused: too long 80 char max
WARNING: translation string unused: tor accounting period daily
WARNING: translation string unused: tor accounting period monthly
WARNING: translation string unused: tor accounting period weekly
WARNING: translation string unused: tor bridge enabled
WARNING: translation string unused: tor errmsg invalid node id
WARNING: translation string unused: tor exit country
WARNING: translation string unused: traffic back
WARNING: translation string unused: traffic calc time
WARNING: translation string unused: traffic calc time bad

51
doc/language_issues.es
View File

@@ -549,6 +549,13 @@ WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: dnsforward
WARNING: untranslated string: dnsforward add a new entry
WARNING: untranslated string: dnsforward configuration
WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
@@ -618,6 +625,50 @@ WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
WARNING: untranslated string: static routes
WARNING: untranslated string: system information
WARNING: untranslated string: tor
WARNING: untranslated string: tor accounting
WARNING: untranslated string: tor accounting bytes
WARNING: untranslated string: tor accounting bytes left
WARNING: untranslated string: tor accounting interval
WARNING: untranslated string: tor accounting limit
WARNING: untranslated string: tor accounting period
WARNING: untranslated string: tor acls
WARNING: untranslated string: tor allowed subnets
WARNING: untranslated string: tor bandwidth burst
WARNING: untranslated string: tor bandwidth rate
WARNING: untranslated string: tor bandwidth settings
WARNING: untranslated string: tor bandwidth unlimited
WARNING: untranslated string: tor common settings
WARNING: untranslated string: tor configuration
WARNING: untranslated string: tor connected relays
WARNING: untranslated string: tor contact info
WARNING: untranslated string: tor enabled
WARNING: untranslated string: tor errmsg invalid accounting limit
WARNING: untranslated string: tor errmsg invalid ip or mask
WARNING: untranslated string: tor errmsg invalid relay address
WARNING: untranslated string: tor errmsg invalid relay name
WARNING: untranslated string: tor errmsg invalid relay port
WARNING: untranslated string: tor errmsg invalid socks port
WARNING: untranslated string: tor exit country any
WARNING: untranslated string: tor exit nodes
WARNING: untranslated string: tor relay address
WARNING: untranslated string: tor relay configuration
WARNING: untranslated string: tor relay enabled
WARNING: untranslated string: tor relay external address
WARNING: untranslated string: tor relay fingerprint
WARNING: untranslated string: tor relay mode
WARNING: untranslated string: tor relay mode bridge
WARNING: untranslated string: tor relay mode exit
WARNING: untranslated string: tor relay mode private bridge
WARNING: untranslated string: tor relay mode relay
WARNING: untranslated string: tor relay nickname
WARNING: untranslated string: tor relay port
WARNING: untranslated string: tor socks port
WARNING: untranslated string: tor stats
WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uptime load average
WARNING: untranslated string: visit us at
WARNING: untranslated string: vpn keyexchange

51
doc/language_issues.fr
View File

@@ -549,6 +549,13 @@ WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: dns address deleted txt
WARNING: untranslated string: dnsforward
WARNING: untranslated string: dnsforward add a new entry
WARNING: untranslated string: dnsforward configuration
WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
@@ -603,6 +610,50 @@ WARNING: untranslated string: server restart
WARNING: untranslated string: snort working
WARNING: untranslated string: static routes
WARNING: untranslated string: system information
WARNING: untranslated string: tor
WARNING: untranslated string: tor accounting
WARNING: untranslated string: tor accounting bytes
WARNING: untranslated string: tor accounting bytes left
WARNING: untranslated string: tor accounting interval
WARNING: untranslated string: tor accounting limit
WARNING: untranslated string: tor accounting period
WARNING: untranslated string: tor acls
WARNING: untranslated string: tor allowed subnets
WARNING: untranslated string: tor bandwidth burst
WARNING: untranslated string: tor bandwidth rate
WARNING: untranslated string: tor bandwidth settings
WARNING: untranslated string: tor bandwidth unlimited
WARNING: untranslated string: tor common settings
WARNING: untranslated string: tor configuration
WARNING: untranslated string: tor connected relays
WARNING: untranslated string: tor contact info
WARNING: untranslated string: tor enabled
WARNING: untranslated string: tor errmsg invalid accounting limit
WARNING: untranslated string: tor errmsg invalid ip or mask
WARNING: untranslated string: tor errmsg invalid relay address
WARNING: untranslated string: tor errmsg invalid relay name
WARNING: untranslated string: tor errmsg invalid relay port
WARNING: untranslated string: tor errmsg invalid socks port
WARNING: untranslated string: tor exit country any
WARNING: untranslated string: tor exit nodes
WARNING: untranslated string: tor relay address
WARNING: untranslated string: tor relay configuration
WARNING: untranslated string: tor relay enabled
WARNING: untranslated string: tor relay external address
WARNING: untranslated string: tor relay fingerprint
WARNING: untranslated string: tor relay mode
WARNING: untranslated string: tor relay mode bridge
WARNING: untranslated string: tor relay mode exit
WARNING: untranslated string: tor relay mode private bridge
WARNING: untranslated string: tor relay mode relay
WARNING: untranslated string: tor relay nickname
WARNING: untranslated string: tor relay port
WARNING: untranslated string: tor socks port
WARNING: untranslated string: tor stats
WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: upload new ruleset
WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter file ext block

51
doc/language_issues.nl
View File

@@ -513,6 +513,13 @@ WARNING: untranslated string: age sminute
WARNING: untranslated string: age ssecond
WARNING: untranslated string: bytes
WARNING: untranslated string: ccd iroute2
WARNING: untranslated string: dnsforward
WARNING: untranslated string: dnsforward add a new entry
WARNING: untranslated string: dnsforward configuration
WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: qos enter bandwidths
@@ -520,6 +527,50 @@ WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: tor
WARNING: untranslated string: tor accounting
WARNING: untranslated string: tor accounting bytes
WARNING: untranslated string: tor accounting bytes left
WARNING: untranslated string: tor accounting interval
WARNING: untranslated string: tor accounting limit
WARNING: untranslated string: tor accounting period
WARNING: untranslated string: tor acls
WARNING: untranslated string: tor allowed subnets
WARNING: untranslated string: tor bandwidth burst
WARNING: untranslated string: tor bandwidth rate
WARNING: untranslated string: tor bandwidth settings
WARNING: untranslated string: tor bandwidth unlimited
WARNING: untranslated string: tor common settings
WARNING: untranslated string: tor configuration
WARNING: untranslated string: tor connected relays
WARNING: untranslated string: tor contact info
WARNING: untranslated string: tor enabled
WARNING: untranslated string: tor errmsg invalid accounting limit
WARNING: untranslated string: tor errmsg invalid ip or mask
WARNING: untranslated string: tor errmsg invalid relay address
WARNING: untranslated string: tor errmsg invalid relay name
WARNING: untranslated string: tor errmsg invalid relay port
WARNING: untranslated string: tor errmsg invalid socks port
WARNING: untranslated string: tor exit country any
WARNING: untranslated string: tor exit nodes
WARNING: untranslated string: tor relay address
WARNING: untranslated string: tor relay configuration
WARNING: untranslated string: tor relay enabled
WARNING: untranslated string: tor relay external address
WARNING: untranslated string: tor relay fingerprint
WARNING: untranslated string: tor relay mode
WARNING: untranslated string: tor relay mode bridge
WARNING: untranslated string: tor relay mode exit
WARNING: untranslated string: tor relay mode private bridge
WARNING: untranslated string: tor relay mode relay
WARNING: untranslated string: tor relay nickname
WARNING: untranslated string: tor relay port
WARNING: untranslated string: tor socks port
WARNING: untranslated string: tor stats
WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uptime load average
WARNING: untranslated string: wlan client
WARNING: untranslated string: wlan client advanced settings

51
doc/language_issues.pl
View File

@@ -549,6 +549,13 @@ WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: dnsforward
WARNING: untranslated string: dnsforward add a new entry
WARNING: untranslated string: dnsforward configuration
WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
@@ -618,6 +625,50 @@ WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
WARNING: untranslated string: static routes
WARNING: untranslated string: system information
WARNING: untranslated string: tor
WARNING: untranslated string: tor accounting
WARNING: untranslated string: tor accounting bytes
WARNING: untranslated string: tor accounting bytes left
WARNING: untranslated string: tor accounting interval
WARNING: untranslated string: tor accounting limit
WARNING: untranslated string: tor accounting period
WARNING: untranslated string: tor acls
WARNING: untranslated string: tor allowed subnets
WARNING: untranslated string: tor bandwidth burst
WARNING: untranslated string: tor bandwidth rate
WARNING: untranslated string: tor bandwidth settings
WARNING: untranslated string: tor bandwidth unlimited
WARNING: untranslated string: tor common settings
WARNING: untranslated string: tor configuration
WARNING: untranslated string: tor connected relays
WARNING: untranslated string: tor contact info
WARNING: untranslated string: tor enabled
WARNING: untranslated string: tor errmsg invalid accounting limit
WARNING: untranslated string: tor errmsg invalid ip or mask
WARNING: untranslated string: tor errmsg invalid relay address
WARNING: untranslated string: tor errmsg invalid relay name
WARNING: untranslated string: tor errmsg invalid relay port
WARNING: untranslated string: tor errmsg invalid socks port
WARNING: untranslated string: tor exit country any
WARNING: untranslated string: tor exit nodes
WARNING: untranslated string: tor relay address
WARNING: untranslated string: tor relay configuration
WARNING: untranslated string: tor relay enabled
WARNING: untranslated string: tor relay external address
WARNING: untranslated string: tor relay fingerprint
WARNING: untranslated string: tor relay mode
WARNING: untranslated string: tor relay mode bridge
WARNING: untranslated string: tor relay mode exit
WARNING: untranslated string: tor relay mode private bridge
WARNING: untranslated string: tor relay mode relay
WARNING: untranslated string: tor relay nickname
WARNING: untranslated string: tor relay port
WARNING: untranslated string: tor socks port
WARNING: untranslated string: tor stats
WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uptime load average
WARNING: untranslated string: visit us at
WARNING: untranslated string: vpn keyexchange

51
doc/language_issues.ru
View File

@@ -542,6 +542,13 @@ WARNING: untranslated string: ccd used
WARNING: untranslated string: community rules
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: disk access per
WARNING: untranslated string: dnsforward
WARNING: untranslated string: dnsforward add a new entry
WARNING: untranslated string: dnsforward configuration
WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: emerging rules
WARNING: untranslated string: extrahd because there is already a device mounted
WARNING: untranslated string: extrahd cant umount
@@ -583,6 +590,50 @@ WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
WARNING: untranslated string: static routes
WARNING: untranslated string: tor
WARNING: untranslated string: tor accounting
WARNING: untranslated string: tor accounting bytes
WARNING: untranslated string: tor accounting bytes left
WARNING: untranslated string: tor accounting interval
WARNING: untranslated string: tor accounting limit
WARNING: untranslated string: tor accounting period
WARNING: untranslated string: tor acls
WARNING: untranslated string: tor allowed subnets
WARNING: untranslated string: tor bandwidth burst
WARNING: untranslated string: tor bandwidth rate
WARNING: untranslated string: tor bandwidth settings
WARNING: untranslated string: tor bandwidth unlimited
WARNING: untranslated string: tor common settings
WARNING: untranslated string: tor configuration
WARNING: untranslated string: tor connected relays
WARNING: untranslated string: tor contact info
WARNING: untranslated string: tor enabled
WARNING: untranslated string: tor errmsg invalid accounting limit
WARNING: untranslated string: tor errmsg invalid ip or mask
WARNING: untranslated string: tor errmsg invalid relay address
WARNING: untranslated string: tor errmsg invalid relay name
WARNING: untranslated string: tor errmsg invalid relay port
WARNING: untranslated string: tor errmsg invalid socks port
WARNING: untranslated string: tor exit country any
WARNING: untranslated string: tor exit nodes
WARNING: untranslated string: tor relay address
WARNING: untranslated string: tor relay configuration
WARNING: untranslated string: tor relay enabled
WARNING: untranslated string: tor relay external address
WARNING: untranslated string: tor relay fingerprint
WARNING: untranslated string: tor relay mode
WARNING: untranslated string: tor relay mode bridge
WARNING: untranslated string: tor relay mode exit
WARNING: untranslated string: tor relay mode private bridge
WARNING: untranslated string: tor relay mode relay
WARNING: untranslated string: tor relay nickname
WARNING: untranslated string: tor relay port
WARNING: untranslated string: tor socks port
WARNING: untranslated string: tor stats
WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uptime load average
WARNING: untranslated string: visit us at
WARNING: untranslated string: vpn keyexchange

51
doc/language_issues.tr
View File

@@ -510,12 +510,63 @@ WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
WARNING: untranslated string: dnsforward
WARNING: untranslated string: dnsforward add a new entry
WARNING: untranslated string: dnsforward configuration
WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: tor
WARNING: untranslated string: tor accounting
WARNING: untranslated string: tor accounting bytes
WARNING: untranslated string: tor accounting bytes left
WARNING: untranslated string: tor accounting interval
WARNING: untranslated string: tor accounting limit
WARNING: untranslated string: tor accounting period
WARNING: untranslated string: tor acls
WARNING: untranslated string: tor allowed subnets
WARNING: untranslated string: tor bandwidth burst
WARNING: untranslated string: tor bandwidth rate
WARNING: untranslated string: tor bandwidth settings
WARNING: untranslated string: tor bandwidth unlimited
WARNING: untranslated string: tor common settings
WARNING: untranslated string: tor configuration
WARNING: untranslated string: tor connected relays
WARNING: untranslated string: tor contact info
WARNING: untranslated string: tor enabled
WARNING: untranslated string: tor errmsg invalid accounting limit
WARNING: untranslated string: tor errmsg invalid ip or mask
WARNING: untranslated string: tor errmsg invalid relay address
WARNING: untranslated string: tor errmsg invalid relay name
WARNING: untranslated string: tor errmsg invalid relay port
WARNING: untranslated string: tor errmsg invalid socks port
WARNING: untranslated string: tor exit country any
WARNING: untranslated string: tor exit nodes
WARNING: untranslated string: tor relay address
WARNING: untranslated string: tor relay configuration
WARNING: untranslated string: tor relay enabled
WARNING: untranslated string: tor relay external address
WARNING: untranslated string: tor relay fingerprint
WARNING: untranslated string: tor relay mode
WARNING: untranslated string: tor relay mode bridge
WARNING: untranslated string: tor relay mode exit
WARNING: untranslated string: tor relay mode private bridge
WARNING: untranslated string: tor relay mode relay
WARNING: untranslated string: tor relay nickname
WARNING: untranslated string: tor relay port
WARNING: untranslated string: tor socks port
WARNING: untranslated string: tor stats
WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: wlan client
WARNING: untranslated string: wlan client advanced settings
WARNING: untranslated string: wlan client and

220
doc/language_missings
View File

@@ -60,6 +60,13 @@
< ccd used
< deprecated fs warn
< dns address deleted txt
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
< dnsforward edit an entry
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
< fireinfo ipfire version
< fireinfo is disabled
< fireinfo is enabled
@@ -109,6 +116,54 @@
< snort working
< static routes
< system information
< tor
< tor accounting
< tor accounting bytes
< tor accounting bytes left
< tor accounting interval
< tor accounting limit
< tor accounting period
< tor accounting period daily
< tor accounting period monthly
< tor accounting period weekly
< tor acls
< tor allowed subnets
< tor bandwidth burst
< tor bandwidth rate
< tor bandwidth settings
< tor bandwidth unlimited
< tor common settings
< tor configuration
< tor connected relays
< tor contact info
< tor enabled
< tor errmsg invalid accounting limit
< tor errmsg invalid ip or mask
< tor errmsg invalid relay address
< tor errmsg invalid relay name
< tor errmsg invalid relay port
< tor errmsg invalid socks port
< tor exit country
< tor exit country any
< tor exit nodes
< tor relay address
< tor relay configuration
< tor relay enabled
< tor relay external address
< tor relay fingerprint
< tor relay mode
< tor relay mode bridge
< tor relay mode exit
< tor relay mode private bridge
< tor relay mode relay
< tor relay nickname
< tor relay port
< tor socks port
< tor stats
< tor traffic limit hard
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
< upload new ruleset
@@ -224,6 +279,13 @@
< ccd subnet
< ccd used
< deprecated fs warn
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
< dnsforward edit an entry
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
< fireinfo ipfire version
< fireinfo is disabled
< fireinfo is enabled
@@ -289,6 +351,54 @@
< Set time on boot
< static routes
< system information
< tor
< tor accounting
< tor accounting bytes
< tor accounting bytes left
< tor accounting interval
< tor accounting limit
< tor accounting period
< tor accounting period daily
< tor accounting period monthly
< tor accounting period weekly
< tor acls
< tor allowed subnets
< tor bandwidth burst
< tor bandwidth rate
< tor bandwidth settings
< tor bandwidth unlimited
< tor common settings
< tor configuration
< tor connected relays
< tor contact info
< tor enabled
< tor errmsg invalid accounting limit
< tor errmsg invalid ip or mask
< tor errmsg invalid relay address
< tor errmsg invalid relay name
< tor errmsg invalid relay port
< tor errmsg invalid socks port
< tor exit country
< tor exit country any
< tor exit nodes
< tor relay address
< tor relay configuration
< tor relay enabled
< tor relay external address
< tor relay fingerprint
< tor relay mode
< tor relay mode bridge
< tor relay mode exit
< tor relay mode private bridge
< tor relay mode relay
< tor relay nickname
< tor relay port
< tor socks port
< tor stats
< tor traffic limit hard
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
< uptime
@@ -380,6 +490,13 @@
< ccd subnet
< ccd used
< deprecated fs warn
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
< dnsforward edit an entry
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
< extrahd because there is already a device mounted
< extrahd cant umount
< extrahd install or load driver
@@ -421,6 +538,54 @@
< qos enter bandwidths
< server restart
< static routes
< tor
< tor accounting
< tor accounting bytes
< tor accounting bytes left
< tor accounting interval
< tor accounting limit
< tor accounting period
< tor accounting period daily
< tor accounting period monthly
< tor accounting period weekly
< tor acls
< tor allowed subnets
< tor bandwidth burst
< tor bandwidth rate
< tor bandwidth settings
< tor bandwidth unlimited
< tor common settings
< tor configuration
< tor connected relays
< tor contact info
< tor enabled
< tor errmsg invalid accounting limit
< tor errmsg invalid ip or mask
< tor errmsg invalid relay address
< tor errmsg invalid relay name
< tor errmsg invalid relay port
< tor errmsg invalid socks port
< tor exit country
< tor exit country any
< tor exit nodes
< tor relay address
< tor relay configuration
< tor relay enabled
< tor relay external address
< tor relay fingerprint
< tor relay mode
< tor relay mode bridge
< tor relay mode exit
< tor relay mode private bridge
< tor relay mode relay
< tor relay nickname
< tor relay port
< tor socks port
< tor stats
< tor traffic limit hard
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
< uptime
@@ -515,6 +680,13 @@
< day-graph
< deprecated fs warn
< disk access per
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
< dnsforward edit an entry
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
< Edit an existing route
< extrahd because there is already a device mounted
< extrahd cant umount
@@ -558,6 +730,54 @@
< qos enter bandwidths
< server restart
< static routes
< tor
< tor accounting
< tor accounting bytes
< tor accounting bytes left
< tor accounting interval
< tor accounting limit
< tor accounting period
< tor accounting period daily
< tor accounting period monthly
< tor accounting period weekly
< tor acls
< tor allowed subnets
< tor bandwidth burst
< tor bandwidth rate
< tor bandwidth settings
< tor bandwidth unlimited
< tor common settings
< tor configuration
< tor connected relays
< tor contact info
< tor enabled
< tor errmsg invalid accounting limit
< tor errmsg invalid ip or mask
< tor errmsg invalid relay address
< tor errmsg invalid relay name
< tor errmsg invalid relay port
< tor errmsg invalid socks port
< tor exit country
< tor exit country any
< tor exit nodes
< tor relay address
< tor relay configuration
< tor relay enabled
< tor relay external address
< tor relay fingerprint
< tor relay mode
< tor relay mode bridge
< tor relay mode exit
< tor relay mode private bridge
< tor relay mode relay
< tor relay nickname
< tor relay port
< tor socks port
< tor stats
< tor traffic limit hard
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
< uptime

2
html/cgi-bin/ddns.cgi
View File

@@ -232,6 +232,7 @@ if ($settings{'ACTION'} eq '')
&Header::openbigbox('100%', 'left', '', $errormessage);
my %checked =(); # Checkbox manipulations
$checked{'SERVICE'}{'all-inkl.com'} = '';
$checked{'SERVICE'}{'cjb.net'} = '';
$checked{'SERVICE'}{'dhs.org'} = '';
$checked{'SERVICE'}{'dnspark.com'} = '';
@@ -327,6 +328,7 @@ print <<END
<tr>
<td width='25%' class='base'>$Lang::tr{'service'}:</td>
<td width='25%'><select size='1' name='SERVICE'>
<option $checked{'SERVICE'}{'all-inkl.com'}>all-inkl.com</option>
<option $checked{'SERVICE'}{'cjb.net'}>cjb.net</option>
<option $checked{'SERVICE'}{'dhs.org'}>dhs.org</option>
<option $checked{'SERVICE'}{'dnspark.com'}>dnspark.com</option>

2
html/cgi-bin/ids.cgi
View File

@@ -263,7 +263,7 @@ if (-e "/etc/snort/snort.conf") {
####################### End added for snort rules control #################################
if ($snortsettings{'RULES'} eq 'subscripted') {
$url=" http://www.snort.org/sub-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
$url=" http://www.snort.org/sub-rules/snortrules-snapshot-2953.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'registered') {
$url=" http://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'community') {

69
html/cgi-bin/ovpnmain.cgi
View File

@@ -127,21 +127,6 @@ sub sizeformat{
return("$newsize $units[$i]");
}
sub valid_dns_host {
my $hostname = $_[0];
unless ($hostname) { return "No hostname"};
my $res = new Net::DNS::Resolver;
my $query = $res->search("$hostname");
if ($query) {
foreach my $rr ($query->answer) {
## Potential bug - we are only looking at A records:
return 0 if $rr->type eq "A";
}
} else {
return $res->errorstring;
}
}
sub cleanssldatabase
{
if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
@@ -982,7 +967,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
print SERVERCONF "persist-key\n";
print SERVERCONF "script-security 2\n";
print SERVERCONF "# IP/DNS for remote Server Gateway\n";
if ($cgiparams{'REMOTE'} ne '') {
print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
}
print SERVERCONF "float\n";
print SERVERCONF "# IP adresses of the VPN Subnet\n";
print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
@@ -2339,6 +2328,9 @@ ADV_ERROR:
if ($cgiparams{'LOG_VERB'} eq '') {
$cgiparams{'LOG_VERB'} = '3';
}
if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
$cgiparams{'PMTU_DISCOVERY'} = 'off';
}
$checked{'CLIENT2CLIENT'}{'off'} = '';
$checked{'CLIENT2CLIENT'}{'on'} = '';
$checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
@@ -3520,6 +3512,14 @@ if ($cgiparams{'TYPE'} eq 'net') {
goto VPNCONF_ERROR;
}
# Check if the input for the transfer net is valid.
if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
$errormessage = $Lang::tr{'ccd err invalidnet'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
goto VPNCONF_ERROR;
}
if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
$errormessage = $Lang::tr{'openvpn subnet is used'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
@@ -3603,34 +3603,38 @@ if ($cgiparams{'TYPE'} eq 'net') {
}
}
if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
# Check if a remote host/IP has been set for the client.
if ($cgiparams{'REMOTE'} eq '' && $cgiparams{'SIDE'} ne 'server') {
$errormessage = $Lang::tr{'invalid input for remote host/ip'};
# Check if this is a N2N connection and drop temporary config.
if ($cgiparams{'TYPE'} eq 'net') {
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
}
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
}
goto VPNCONF_ERROR;
}
if ($cgiparams{'REMOTE'}) {
# Check if a remote host/IP has been configured - the field can be empty on the server side.
if ($cgiparams{'REMOTE'} ne '') {
# Check if the given IP is valid - otherwise check if it is a valid domain.
if (! &General::validip($cgiparams{'REMOTE'})) {
# Check for a valid domain.
if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
$errormessage = $Lang::tr{'invalid input for remote host/ip'};
if ($cgiparams{'TYPE'} eq 'net') {
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
}
goto VPNCONF_ERROR;
} else {
if (&valid_dns_host($cgiparams{'REMOTE'})) {
$warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}";
if ($cgiparams{'TYPE'} eq 'net') {
}
}
# Check if this is a N2N connection and drop temporary config.
if ($cgiparams{'TYPE'} eq 'net') {
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
}
goto VPNCONF_ERROR;
}
}
}
if ($cgiparams{'TYPE'} ne 'host') {
unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
$errormessage = $Lang::tr{'local subnet is invalid'};
@@ -4147,6 +4151,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
$cgiparams{'PMTU_DISCOVERY'} = 'off';
}
$checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';

902
html/cgi-bin/tor.cgi Normal file
View File

@@ -0,0 +1,902 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
use Locale::Country;
# enable only the following on debugging purpose
use warnings;
use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
undef (@dummy);
my @bandwidth_limits = (
1000 * 1024, # 1G
500 * 1024,
200 * 1024,
100 * 1024, # 100M
64 * 1024,
50 * 1024,
25 * 1024,
20 * 1024,
16 * 1024,
10 * 1024,
8 * 1024,
4 * 1024,
2 * 1024,
1024, # 1M
512,
256,
160
);
my @accounting_periods = ('daily', 'weekly', 'monthly');
my $TOR_CONTROL_PORT = 9051;
our %netsettings = ();
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
our %settings = ();
$settings{'TOR_ENABLED'} = 'off';
$settings{'TOR_SOCKS_PORT'} = 9050;
$settings{'TOR_EXIT_COUNTRY'} = '';
$settings{'TOR_USE_EXIT_NODES'} = '';
$settings{'TOR_ALLOWED_SUBNETS'} = "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}";
if (&Header::blue_used()) {
$settings{'TOR_ALLOWED_SUBNETS'} .= ",$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}";
}
$settings{'TOR_RELAY_ENABLED'} = 'off';
$settings{'TOR_RELAY_MODE'} = 'exit';
$settings{'TOR_RELAY_ADDRESS'} = '';
$settings{'TOR_RELAY_PORT'} = 9001;
$settings{'TOR_RELAY_NICKNAME'} = '';
$settings{'TOR_RELAY_CONTACT_INFO'} = '';
$settings{'TOR_RELAY_BANDWIDTH_RATE'} = 0;
$settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
$settings{'TOR_RELAY_ACCOUNTING_LIMIT'} = 0;
$settings{'TOR_RELAY_ACCOUNTING_PERIOD'} = 'daily';
$settings{'ACTION'} = '';
my $errormessage = '';
my $warnmessage = '';
&Header::showhttpheaders();
# Get GUI values.
&Header::getcgihash(\%settings);
# Create tor command connection.
our $torctrl = &TorConnect();
# Toggle enable/disable field.
if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
if ($settings{'TOR_RELAY_NICKNAME'} ne '') {
if ($settings{'TOR_RELAY_NICKNAME'} !~ /^[a-zA-Z0-9]+$/) {
$errormessage = "$Lang::tr{'tor errmsg invalid relay name'}: $settings{'TOR_RELAY_NICKNAME'}";
}
}
if (!&General::validport($settings{'TOR_SOCKS_PORT'})) {
$errormessage = "$Lang::tr{'tor errmsg invalid socks port'}: $settings{'TOR_SOCKS_PORT'}";
}
if (!&General::validport($settings{'TOR_RELAY_PORT'})) {
$errormessage = "$Lang::tr{'tor errmsg invalid relay port'}: $settings{'TOR_RELAY_PORT'}";
}
if ($settings{'TOR_RELAY_ADDRESS'} ne '') {
if ((!&General::validfqdn($settings{'TOR_RELAY_ADDRESS'})) && (!&General::validip($settings{'TOR_RELAY_ADDRESS'}))) {
$errormessage = "$Lang::tr{'tor errmsg invalid relay address'}: $settings{'TOR_RELAY_ADDRESS'}";
}
}
if ($settings{'TOR_RELAY_ACCOUNTING_LIMIT'} !~ /^\d+$/) {
$errormessage = "$Lang::tr{'tor errmsg invalid accounting limit'}: $settings{'TOR_RELAY_ACCOUNTING_LIMIT'}";
}
my @temp = split(/[\n,]/,$settings{'TOR_ALLOWED_SUBNETS'});
$settings{'TOR_ALLOWED_SUBNETS'} = "";
foreach (@temp) {
s/^\s+//g; s/\s+$//g;
if ($_) {
unless (&General::validipandmask($_)) {
$errormessage = "$Lang::tr{'tor errmsg invalid ip or mask'}: $_";
}
$settings{'TOR_ALLOWED_SUBNETS'} .= $_.",";
}
}
@temp = split(/[\n,]/,$settings{'TOR_USE_EXIT_NODES'});
$settings{'TOR_USE_EXIT_NODES'} = "";
foreach (@temp) {
s/^\s+//g; s/\s+$//g;
if ($_) {
$settings{'TOR_USE_EXIT_NODES'} .= $_.",";
}
}
# Burst bandwidth must be less or equal to bandwidth rate.
if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} == 0) {
$settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
} elsif ($settings{'TOR_RELAY_BANDWIDTH_BURST'} < $settings{'TOR_RELAY_BANDWIDTH_RATE'}) {
$settings{'TOR_RELAY_BANDWIDTH_BURST'} = $settings{'TOR_RELAY_BANDWIDTH_RATE'};
}
if ($errormessage eq '') {
# Write configuration settings to file.
&General::writehash("${General::swroot}/tor/settings", \%settings);
# Update configuration files.
&BuildConfiguration();
}
} else {
# Load settings from file.
&General::readhash("${General::swroot}/tor/settings", \%settings);
}
&showMainBox();
# Close Tor control connection.
&TorClose($torctrl);
# Functions
sub showMainBox() {
my %checked = ();
my %selected = ();
$checked{'TOR_ENABLED'}{'on'} = '';
$checked{'TOR_ENABLED'}{'off'} = '';
$checked{'TOR_ENABLED'}{$settings{'TOR_ENABLED'}} = 'checked';
$checked{'TOR_RELAY_ENABLED'}{'on'} = '';
$checked{'TOR_RELAY_ENABLED'}{'off'} = '';
$checked{'TOR_RELAY_ENABLED'}{$settings{'TOR_RELAY_ENABLED'}} = 'checked';
&Header::openpage($Lang::tr{'tor configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<font class='base'>$errormessage&nbsp;</font>\n";
&Header::closebox();
}
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
&Header::openbox('100%', 'left', $Lang::tr{'tor configuration'});
print <<END;
<table width='100%'>
<tr>
<td colspan='4' class='base'><b>$Lang::tr{'tor common settings'}</b></td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'tor enabled'}:</td>
<td width='30%'><input type='checkbox' name='TOR_ENABLED' $checked{'TOR_ENABLED'}{'on'} /></td>
<td width='25%' class='base'>$Lang::tr{'tor socks port'}:</td>
<td width='20%'><input type='text' name='TOR_SOCKS_PORT' value='$settings{'TOR_SOCKS_PORT'}' size='5' /></td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'tor relay enabled'}:</td>
<td width='30%'><input type='checkbox' name='TOR_RELAY_ENABLED' $checked{'TOR_RELAY_ENABLED'}{'on'} /></td>
<td width='25%' class='base'></td>
<td width='20%'></td>
</tr>
</table>
END
my @temp = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
$settings{'TOR_ALLOWED_SUBNETS'} = join("\n", @temp);
@temp = split(",", $settings{'TOR_USE_EXIT_NODES'});
$settings{'TOR_USE_EXIT_NODES'} = join("\n", @temp);
print <<END;
<br>
<hr size='1'>
<br>
<table width='100%'>
<tr>
<td colspan='4' class='base'><b>$Lang::tr{'tor acls'}</b></td>
</tr>
<tr>
<td colspan='2' class='base' width='55%'>
$Lang::tr{'tor allowed subnets'}:
</td>
<td colspan='2' width='45%'></td>
</tr>
<tr>
<td colspan='2' class='base' width='55%'>
<textarea name='TOR_ALLOWED_SUBNETS' cols='32' rows='3' wrap='off'>$settings{'TOR_ALLOWED_SUBNETS'}</textarea>
</td>
<td colspan='2' width='45%'></td>
</tr>
</table>
<br>
<hr size='1'>
<br>
<table width='100%'>
<tr>
<td colspan='4' class='base'><b>$Lang::tr{'tor exit nodes'}</b></td>
</tr>
<tr>
<td colspan='2' class='base' width='55%'></td>
<td colspan='2' class='base' width='45%'>$Lang::tr{'tor use exit nodes'}:</td>
</tr>
<tr>
<td width='50%' colspan='2'>
<select name='TOR_EXIT_COUNTRY'>
<option value=''>- $Lang::tr{'tor exit country any'} -</option>
END
my @country_names = Locale::Country::all_country_names();
foreach my $country_name (sort @country_names) {
my $country_code = Locale::Country::country2code($country_name);
$country_code = uc($country_code);
print "<option value='$country_code'>$country_name ($country_code)</option>\n";
}
print <<END;
</select>
</td>
<td width='50%' colspan='2'>
<textarea name='TOR_USE_EXIT_NODES' cols='32' rows='3' wrap='off'>$settings{'TOR_USE_EXIT_NODES'}</textarea>
</td>
</tr>
</table>
<br><br>
END
&Header::closebox();
# Tor relay box
$selected{'TOR_RELAY_MODE'}{'bridge'} = '';
$selected{'TOR_RELAY_MODE'}{'exit'} = '';
$selected{'TOR_RELAY_MODE'}{'private-bridge'} = '';
$selected{'TOR_RELAY_MODE'}{'relay'} = '';
$selected{'TOR_RELAY_MODE'}{$settings{'TOR_RELAY_MODE'}} = 'selected';
$selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'} = '';
foreach (@bandwidth_limits) {
$selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_} = '';
}
$selected{'TOR_RELAY_BANDWIDTH_RATE'}{$settings{'TOR_RELAY_BANDWIDTH_RATE'}} = 'selected';
$selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'} = '';
foreach (@bandwidth_limits) {
$selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_} = '';
}
$selected{'TOR_RELAY_BANDWIDTH_BURST'}{$settings{'TOR_RELAY_BANDWIDTH_BURST'}} = 'selected';
foreach (@accounting_periods) {
$selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_} = '';
}
$selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$settings{'TOR_RELAY_ACCOUNTING_PERIOD'}} = 'selected';
&Header::openbox('100%', 'left', $Lang::tr{'tor relay configuration'});
print <<END;
<table width='100%'>
<tr>
<td width='25%' class='base'>$Lang::tr{'tor relay mode'}:</td>
<td width='30%'>
<select name='TOR_RELAY_MODE'>
<option value='exit' $selected{'TOR_RELAY_MODE'}{'exit'}>$Lang::tr{'tor relay mode exit'}</option>
<option value='relay' $selected{'TOR_RELAY_MODE'}{'relay'}>$Lang::tr{'tor relay mode relay'}</option>
<option value='bridge' $selected{'TOR_RELAY_MODE'}{'bridge'}>$Lang::tr{'tor relay mode bridge'}</option>
<option value='private-bridge' $selected{'TOR_RELAY_MODE'}{'private-bridge'}>$Lang::tr{'tor relay mode private bridge'}</option>
</select>
</td>
<td width='25%' class='base'>$Lang::tr{'tor relay nickname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='20%'>
<input type='text' name='TOR_RELAY_NICKNAME' value='$settings{'TOR_RELAY_NICKNAME'}' />
</td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'tor relay address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='30%'>
<input type='text' name='TOR_RELAY_ADDRESS' value='$settings{'TOR_RELAY_ADDRESS'}' />
</td>
<td width='25%' class='base'>$Lang::tr{'tor relay port'}:</td>
<td width='20%'>
<input type='text' name='TOR_RELAY_PORT' value='$settings{'TOR_RELAY_PORT'}' size='5' />
</td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'tor contact info'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='75%' colspan='3'>
<input type='text' name='TOR_RELAY_CONTACT_INFO' value='$settings{'TOR_RELAY_CONTACT_INFO'}' style='width: 98%;' />
</td>
</tr>
</table>
<hr size='1'>
<table width='100%'>
<tr>
<td colspan='4' class='base'><b>$Lang::tr{'tor bandwidth settings'}</b></td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'tor bandwidth rate'}:</td>
<td width='30%' class='base'>
<select name='TOR_RELAY_BANDWIDTH_RATE'>
END
foreach (@bandwidth_limits) {
if ($_ >= 1024) {
print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
} else {
print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>$_ kBit/s</option>\n";
}
}
print <<END;
<option value='0' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
</select>
</td>
<td width='25%' class='base'>$Lang::tr{'tor accounting limit'}:</td>
<td width='20%'>
<input type='text' name='TOR_RELAY_ACCOUNTING_LIMIT' value='$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}' size='12' />
</td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'tor bandwidth burst'}:</td>
<td width='20%' class='base'>
<select name='TOR_RELAY_BANDWIDTH_BURST'>
END
foreach (@bandwidth_limits) {
if ($_ >= 1024) {
print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
} else {
print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>$_ kBit/s</option>\n";
}
}
print <<END;
<option value='0' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
</select>
</td>
<td width='25%' class='base'>$Lang::tr{'tor accounting period'}:</td>
<td width='20%'>
<select name='TOR_RELAY_ACCOUNTING_PERIOD'>
END
foreach (@accounting_periods) {
print "<option value='$_' $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_}>$Lang::tr{'tor accounting period '.$_}</option>";
}
print <<END;
</select>
</td>
</tr>
</table>
END
&Header::closebox();
print <<END;
<table width='100%'>
<tr>
<td>
<img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'this field may be blank'}</font>
</td>
<td align='right'>&nbsp;</td>
</tr>
</table>
<hr>
<table width='100%'>
<tr>
<td>&nbsp;</td>
<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
<td>&nbsp;</td>
</tr>
</table>
END
# If we have a control connection, show the stats.
if ($torctrl) {
&Header::openbox('100%', 'left', $Lang::tr{'tor stats'});
my @traffic = &TorTrafficStats($torctrl);
if (@traffic) {
print <<END;
<table width='100%'>
END
if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
my $fingerprint = &TorRelayFingerprint($torctrl);
if ($fingerprint) {
print <<END;
<tr>
<td width='40%' class='base'>$Lang::tr{'tor relay fingerprint'}:</td>
<td width='60%'>
<a href='https://atlas.torproject.org/#details/$fingerprint' target='_blank'>$fingerprint</a>
</td>
</tr>
END
}
}
my $address = TorGetInfo($torctrl, "address");
if ($address) {
print <<END;
<tr>
<td width='40%' class='base'>$Lang::tr{'tor relay external address'}:</td>
<td width='60%'>$address</td>
</tr>
END
}
print <<END;
<tr>
<td width='40%'>$Lang::tr{'tor traffic read written'}:</td>
END
print "<td width='60%'>" . &FormatBytes($traffic[0]) ."/". &FormatBytes($traffic[1]) . "</td>";
print <<END;
</tr>
</table>
END
}
my $accounting = &TorAccountingStats($torctrl);
if ($accounting) {
print <<END;
<table width='100%'>
<tr>
<td colspan='2' class='base'><b>$Lang::tr{'tor accounting'}</b></td>
</tr>
END
if ($accounting->{'hibernating'} eq "hard") {
print <<END;
<tr>
<td class='base' colspan='2' bgcolor="$Header::colourred" align='center'>
<font color='white'>$Lang::tr{'tor traffic limit hard'}</font>
</td>
</tr>
END
} elsif ($accounting->{'hibernating'} eq "soft") {
print <<END;
<tr>
<td class='base' colspan='2' bgcolor="$Header::colourorange" align='center'>
<font color='white'>$Lang::tr{'tor traffic limit soft'}</font>
</td>
</tr>
END
}
print <<END;
<tr>
<td width='40%' class='base'>$Lang::tr{'tor accounting interval'}</td>
<td width='60%'>
$accounting->{'interval-start'} - $accounting->{'interval-end'}
</td>
</tr>
<tr>
<td width='40%' class='base'>$Lang::tr{'tor accounting bytes'}</td>
<td width='60%'>
END
print &FormatBytes($accounting->{'bytes_read'}) . "/" . &FormatBytes($accounting->{'bytes_written'});
print " (" . &FormatBytes($accounting->{'bytes-left_read'}) . "/" . &FormatBytes($accounting->{'bytes-left_written'});
print " $Lang::tr{'tor accounting bytes left'})";
print <<END;
</td>
</tr>
</table>
END
}
my @nodes = &TorORConnStatus($torctrl);
if (@nodes) {
my $nodes_length = scalar @nodes;
print <<END;
<table width='100%'>
<tr>
<td width='40%' class='base'><b>$Lang::tr{'tor connected relays'}</b></td>
<td width='60%' colspan='2'>($nodes_length)</td>
</tr>
END
foreach my $node (@nodes) {
print <<END;
<tr>
<td width='40%'>
<a href='https://atlas.torproject.org/#details/$node->{'fingerprint'}' target='_blank'>
$node->{'name'}
</a>
</td>
<td width='30%'>
END
if (exists($node->{'country_code'})) {
print "<a href='country.cgi#$node->{'country_code'}'><img src='/images/flags/$node->{'country_code'}.png' border='0' align='absmiddle' alt='$node->{'country_code'}'></a>";
}
print <<END;
<a href='ipinfo.cgi?ip=$node->{'address'}'>$node->{'address'}</a>:$node->{'port'}
</td>
<td width='30%' align='right'>
~$node->{'bandwidth_string'}
</td>
</tr>
END
}
print "</table>";
}
&Header::closebox();
}
print "</form>\n";
&Header::closebigbox();
&Header::closepage();
}
sub BuildConfiguration() {
my %settings = ();
&General::readhash("${General::swroot}/tor/settings", \%settings);
my $torrc = "${General::swroot}/tor/torrc";
open(FILE, ">$torrc");
# Global settings.
print FILE "ControlPort $TOR_CONTROL_PORT\n";
if ($settings{'TOR_ENABLED'} eq 'on') {
my $strict_nodes = 0;
print FILE "SocksPort 0.0.0.0:$settings{'TOR_SOCKS_PORT'}\n";
my @subnets = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
foreach (@subnets) {
print FILE "SocksPolicy accept $_\n" if (&General::validipandmask($_));
}
print FILE "SocksPolicy reject *\n" if (@subnets);
if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
$strict_nodes = 1;
print FILE "ExitNodes {$settings{'TOR_EXIT_COUNTRY'}}\n";
}
if ($settings{'TOR_USE_EXIT_NODES'} ne '') {
$strict_nodes = 1;
my @nodes = split(",", $settings{'TOR_USE_EXIT_NODES'});
foreach (@nodes) {
print FILE "ExitNode $_\n";
}
}
if ($strict_nodes > 0) {
print FILE "StrictNodes 1\n";
}
}
if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
# Reject access to private networks.
print FILE "ExitPolicyRejectPrivate 1\n";
print FILE "ORPort $settings{'TOR_RELAY_PORT'}\n";
if ($settings{'TOR_RELAY_ADDRESS'} ne '') {
print FILE "Address $settings{'TOR_RELAY_ADDRESS'}\n";
}
if ($settings{'TOR_RELAY_NICKNAME'} ne '') {
print FILE "Nickname $settings{'TOR_RELAY_NICKNAME'}\n";
}
if ($settings{'TOR_RELAY_CONTACT_INFO'} ne '') {
print FILE "ContactInfo $settings{'TOR_RELAY_CONTACT_INFO'}\n";
}
# Limit to bridge mode.
my $is_bridge = 0;
if ($settings{'TOR_RELAY_MODE'} eq 'bridge') {
$is_bridge++;
# Private bridge.
} elsif ($settings{'TOR_RELAY_MODE'} eq 'private-bridge') {
$is_bridge++;
print FILE "PublishServerDescriptor 0\n";
# Exit node.
} elsif ($settings{'TOR_RELAY_MODE'} eq 'exit') {
print FILE "ExitPolicy accept *:*\n";
# Relay only.
} elsif ($settings{'TOR_RELAY_MODE'} eq 'relay') {
print FILE "ExitPolicy reject *:*\n";
}
if ($is_bridge > 0) {
print FILE "BridgeRelay 1\n";
print FILE "Exitpolicy reject *:*\n";
}
if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} > 0) {
print FILE "RelayBandwidthRate ";
print FILE $settings{'TOR_RELAY_BANDWIDTH_RATE'} / 8;
print FILE " KB\n";
if ($settings{'TOR_RELAY_BANDWIDTH_BURST'} > 0) {
print FILE "RelayBandwidthBurst ";
print FILE $settings{'TOR_RELAY_BANDWIDTH_BURST'} / 8;
print FILE " KB\n";
}
}
if ($settings{'TOR_RELAY_ACCOUNTING_LIMIT'} > 0) {
print FILE "AccountingMax ".$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}." MB\n";
if ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'daily') {
print FILE "AccountingStart day 00:00\n";
} elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'weekly') {
print FILE "AccountingStart week 1 00:00\n";
} elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'monthly') {
print FILE "AccountingStart month 1 00:00\n";
}
}
}
close(FILE);
# Restart the service.
if (($settings{'TOR_ENABLED'} eq 'on') || ($settings{'TOR_RELAY_ENABLED'} eq 'on')) {
system("/usr/local/bin/torctrl restart &>/dev/null");
} else {
system("/usr/local/bin/torctrl stop &>/dev/null");
}
}
sub TorConnect() {
my $socket = new IO::Socket::INET(
Proto => 'tcp', PeerAddr => '127.0.0.1', PeerPort => $TOR_CONTROL_PORT,
) or return;
$socket->autoflush(1);
# Authenticate.
&TorSendCommand($socket, "AUTHENTICATE");
return $socket;
}
sub TorSendCommand() {
my ($socket, $cmd) = @_;
# Replace line ending with \r\n.
chomp $cmd;
$cmd .= "\r\n";
$socket->send($cmd);
my @output = ();
while (my $line = <$socket>) {
# Skip empty lines.
if ($line =~ /^.\r\n$/) {
next;
}
# Command has been successfully executed.
if ($line =~ /250 OK/) {
last;
# Error.
} elsif ($line =~ /^5\d+/) {
last;
} else {
# Remove line endings.
$line =~ s/\r\n$//;
push(@output, $line);
}
}
return @output;
}
sub TorSendCommandOneLine() {
my ($tor, $cmd) = @_;
my @output = &TorSendCommand($tor, $cmd);
return $output[0];
}
sub TorGetInfo() {
my ($tor, $cmd) = @_;
my $output = &TorSendCommandOneLine($tor, "GETINFO ".$cmd);
my ($key, $value) = split("=", $output);
return $value;
}
sub TorClose() {
my $socket = shift;
if ($socket) {
$socket->shutdown(2);
}
}
sub TorTrafficStats() {
my $tor = shift;
my $output_read = &TorGetInfo($tor, "traffic/read");
my $output_written = &TorGetInfo($tor, "traffic/written");
return ($output_read, $output_written);
}
sub TorRelayFingerprint() {
my $tor = shift;
return &TorGetInfo($tor, "fingerprint");
}
sub TorORConnStatus() {
my $tor = shift;
my @nodes = ();
my @output = &TorSendCommand($tor, "GETINFO orconn-status");
foreach (@output) {
$_ =~ s/^250[\+-]orconn-status=//;
next if ($_ eq "");
last if ($_ eq ".");
next unless ($_ =~ /^\$/);
my @line = split(" ", $_);
my @node = split(/[=~]/, $line[0]);
my $node = &TorNodeDescription($tor, $node[0]);
if ($node) {
push(@nodes, $node);
}
}
# Sort by names.
@nodes = sort { $a->{'name'} cmp $b->{'name'} } @nodes;
return @nodes;
}
sub TorNodeDescription() {
my ($tor, $fingerprint) = @_;
$fingerprint =~ s/\$//;
my $node = {
fingerprint => $fingerprint,
exit_node => 0,
};
my @output = &TorSendCommand($tor, "GETINFO ns/id/$node->{'fingerprint'}");
foreach (@output) {
# Router
if ($_ =~ /^r (\w+) (.*) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (\d+)/) {
$node->{'name'} = $1;
$node->{'address'} = $3;
$node->{'port'} = $4;
my $country_code = &TorGetInfo($tor, "ip-to-country/$node->{'address'}");
$node->{'country_code'} = $country_code;
# Flags
} elsif ($_ =~ /^s (.*)$/) {
$node->{'flags'} = split(" ", $1);
foreach my $flag ($node->{'flags'}) {
if ($flag eq "Exit") {
$node->{'exit_node'}++;
}
}
# Bandwidth
} elsif ($_ =~ /^w Bandwidth=(\d+)/) {
$node->{'bandwidth'} = $1 * 8;
$node->{'bandwidth_string'} = &FormatBitsPerSecond($node->{'bandwidth'});
}
}
if (exists($node->{'name'})) {
return $node;
}
}
sub TorAccountingStats() {
my $tor = shift;
my $ret = {};
my $enabled = &TorGetInfo($tor, "accounting/enabled");
if ($enabled ne '1') {
return;
}
my @cmds = ("hibernating", "interval-start", "interval-end");
foreach (@cmds) {
$ret->{$_} = &TorGetInfo($tor, "accounting/$_");
}
my @cmds = ("bytes", "bytes-left");
foreach (@cmds) {
my $output = &TorGetInfo($tor, "accounting/$_");
my @bytes = split(" ", $output);
$ret->{$_."_read"} = $bytes[0];
$ret->{$_."_written"} = $bytes[1];
}
return $ret;
}
sub FormatBytes() {
my $bytes = shift;
my @units = ("B", "KB", "MB", "GB", "TB");
my $units_index = 0;
while (($units_index <= $#units) && ($bytes >= 1024)) {
$units_index++;
$bytes /= 1024;
}
return sprintf("%.2f %s", $bytes, $units[$units_index]);
}
sub FormatBitsPerSecond() {
my $bits = shift;
my @units = ("Bit/s", "KBit/s", "MBit/s", "GBit/s", "TBit/s");
my $units_index = 0;
while (($units_index <= $#units) && ($bits >= 1024)) {
$units_index++;
$bits /= 1024;
}
return sprintf("%.2f %s", $bits, $units[$units_index]);
}

30
html/cgi-bin/vpnmain.cgi
View File

@@ -316,9 +316,16 @@ sub writeipsecfiles {
foreach my $j (@ints) {
foreach my $k (@groups) {
if ($comma != 0) { print CONF ","; } else { $comma = 1; }
print CONF "$i-$j-modp$k";
}
my @l = split("", $k);
if ($l[0] eq "e") {
shift @l;
print CONF "$i-$j-ecp".join("", @l);
} else {
print CONF "$i-$j-modp$k";
}
}
}
}
if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms?
print CONF "!\n";
@@ -339,7 +346,12 @@ sub writeipsecfiles {
foreach my $k (@groups) {
if ($comma != 0) { print CONF ","; } else { $comma = 1; }
if ($pfs eq "on") {
$modp = "-modp$k";
my @l = split("", $k);
if ($l[0] eq "e") {
$modp = "";
} else {
$modp = "-modp$k";
}
} else {
$modp = "";
}
@@ -411,7 +423,7 @@ sub writeipsecfiles {
# Hook to regenerate the configuration files.
if ($ENV{"REMOTE_ADDR"} eq "") {
writeipsecfiles;
writeipsecfiles();
exit(0);
}
@@ -1828,7 +1840,7 @@ END
#use default advanced value
$cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[18];
$cgiparams{'IKE_INTEGRITY'} = 'sha2_256|sha|md5'; #[19];
$cgiparams{'IKE_GROUPTYPE'} = '8192|6144|4096|3072|2048|1536|1024'; #[20];
$cgiparams{'IKE_GROUPTYPE'} = '4096|3072|2048|1536|1024'; #[20];
$cgiparams{'IKE_LIFETIME'} = '3'; #[16];
$cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[21];
$cgiparams{'ESP_INTEGRITY'} = 'sha2_256|sha1|md5'; #[22];
@@ -2111,7 +2123,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) {
if ($val !~ /^(e521|e384|e256|e224|e192|1024|1536|2048|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2147,6 +2159,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
}
}
if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
$cgiparams{'ESP_GROUPTYPE'} !~ /^ecp(192|224|256|384|512)$/ &&
$cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
@@ -2305,6 +2318,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<td class='boldbase' align='right' valign='top'>$Lang::tr{'ike grouptype'}</td><td class='boldbase' valign='top'>
<select name='IKE_GROUPTYPE' multiple='multiple' size='4'>
<option value='e521' $checked{'IKE_GROUPTYPE'}{'e521'}>ECP-521</option>
<option value='e384' $checked{'IKE_GROUPTYPE'}{'e384'}>ECP-384</option>
<option value='e256' $checked{'IKE_GROUPTYPE'}{'e256'}>ECP-256</option>
<option value='e224' $checked{'IKE_GROUPTYPE'}{'e224'}>ECP-224</option>
<option value='e192' $checked{'IKE_GROUPTYPE'}{'e192'}>ECP-192</option>
<option value='8192' $checked{'IKE_GROUPTYPE'}{'8192'}>MODP-8192</option>
<option value='6144' $checked{'IKE_GROUPTYPE'}{'6144'}>MODP-6144</option>
<option value='4096' $checked{'IKE_GROUPTYPE'}{'4096'}>MODP-4096</option>

0
html/cgi-bin/wirelessclient.cgi Executable file → Normal file
View File

48
langs/de/cgi-bin/de.pl
View File

@@ -1797,6 +1797,54 @@
'tone' => 'Ton',
'tone dial' => 'Tonwahl:',
'too long 80 char max' => ' ist zu lang, es sind maximal 80 Zeichen erlaubt',
'tor' => 'Tor',
'tor accounting' => 'Accounting',
'tor accounting bytes' => 'Traffic (empfangen/gesendet)',
'tor accounting bytes left' => 'übrig',
'tor accounting interval' => 'Intervall (UTC)',
'tor accounting limit' => 'Übertragungslimit (MB)',
'tor accounting period' => 'Accounting-Periode',
'tor accounting period daily' => 'täglich',
'tor accounting period monthly' => 'monatlich',
'tor accounting period weekly' => 'wöchentlich',
'tor acls' => 'Zugriffskontrolle',
'tor allowed subnets' => 'Erlaubte Subnetze (eins pro Zeile)',
'tor bandwidth burst' => 'Max. Spitzenwert (Burst)',
'tor bandwidth rate' => 'Max. Bandbreite',
'tor bandwidth settings' => 'Bandbreiteneinstellungen',
'tor bandwidth unlimited' => 'unlimitiert',
'tor common settings' => 'Einstellungen',
'tor configuration' => 'Tor-Konfiguration',
'tor connected relays' => 'Verbundene Relays',
'tor contact info' => 'Kontaktinformationen',
'tor enabled' => 'Tor einschalten',
'tor errmsg invalid accounting limit' => 'Ungültiges Accounting-Limit',
'tor errmsg invalid ip or mask' => 'Ungültiges IP-Subnetz',
'tor errmsg invalid relay address' => 'Ungültige Relay-Adresse',
'tor errmsg invalid relay name' => 'Ungültiger Relay-Nickname.',
'tor errmsg invalid relay port' => 'Ungültiger Relay-Port',
'tor errmsg invalid socks port' => 'Ungültiger SOCKS-Port',
'tor exit country' => 'Exit-Land',
'tor exit country any' => 'Beliebig',
'tor exit nodes' => 'Exit-Nodes',
'tor relay address' => 'Relay-Adresse',
'tor relay configuration' => 'Tor-Relay-Konfiguration',
'tor relay enabled' => 'Tor-Relay einschalten',
'tor relay external address' => 'Externe Relay-Adresse',
'tor relay fingerprint' => 'Relay-Fingerabdruck',
'tor relay mode' => 'Relay-Modues',
'tor relay mode bridge' => 'Bridge',
'tor relay mode exit' => 'Exit-Node',
'tor relay mode private bridge' => 'private Bridge',
'tor relay mode relay' => 'Nur Relay',
'tor relay nickname' => 'Relay-Nickname',
'tor relay port' => 'Relay-Port',
'tor socks port' => 'SOCKS-Port',
'tor stats' => 'Statistiken',
'tor traffic limit hard' => 'Das Übertragungslimit wurde erreicht.',
'tor traffic limit soft' => 'Das Übertragungslimit wurde fast erreicht. Es werden keine neuen Verbindungen akzeptiert.',
'tor traffic read written' => 'Gesamter Traffic (empfangen/gesendet)',
'tor use exit nodes' => 'Nur diese Exit-Nodes benutzen (eins pro Zeile)',
'total connection time' => 'Verbindungszeit',
'total hits for log section' => 'Gesamte Treffer für Log Sektion',
'traffic back' => 'Zurück',

50
langs/en/cgi-bin/en.pl
View File

@@ -1831,6 +1831,56 @@
'tone' => 'Tone',
'tone dial' => 'Tone dial:',
'too long 80 char max' => ' is too long, maximum allowed is 80 characters',
'tor' => 'Tor',
'tor accounting' => 'Accounting',
'tor accounting bytes' => 'Traffic (read/written)',
'tor accounting bytes left' => 'left',
'tor accounting interval' => 'Interval (UTC)',
'tor accounting limit' => 'Accounting limit (MB)',
'tor accounting period' => 'Accounting period',
'tor accounting period daily' => 'daily',
'tor accounting period monthly' => 'monthly',
'tor accounting period weekly' => 'weekly',
'tor acls' => 'Access Control',
'tor allowed subnets' => 'Allowed subnets (one per line)',
'tor bandwidth burst' => 'Max. burst',
'tor bandwidth rate' => 'Max. rate',
'tor bandwidth settings' => 'Bandwidth Settings',
'tor bandwidth unlimited' => 'unlimited',
'tor bridge enabled' => 'Enable Tor bridge',
'tor common settings' => 'Common Settings',
'tor configuration' => 'Tor Configuration',
'tor connected relays' => 'Connected relays',
'tor contact info' => 'Contact Info',
'tor enabled' => 'Enable Tor',
'tor errmsg invalid accounting limit' => 'Invalid accounting limit',
'tor errmsg invalid ip or mask' => 'Invalid IP subnet',
'tor errmsg invalid node id' => 'Invalid node ID',
'tor errmsg invalid relay address' => 'Invalid relay address',
'tor errmsg invalid relay name' => 'Invalid relay nickname',
'tor errmsg invalid relay port' => 'Invalid relay port',
'tor errmsg invalid socks port' => 'Invalid SOCKS port',
'tor exit country' => 'Exit country',
'tor exit country any' => 'Any country',
'tor exit nodes' => 'Exit Nodes',
'tor relay address' => 'Relay address',
'tor relay configuration' => 'Tor Relay Configuration',
'tor relay enabled' => 'Enable Tor Relay',
'tor relay external address' => 'Relay external address',
'tor relay fingerprint' => 'Relay fingerprint',
'tor relay mode' => 'Relay mode',
'tor relay mode bridge' => 'Bridge',
'tor relay mode exit' => 'Exit-Node',
'tor relay mode private bridge' => 'Private bridge',
'tor relay mode relay' => 'Relay only',
'tor relay nickname' => 'Relay nickname',
'tor relay port' => 'Relay port',
'tor socks port' => 'SOCKS port',
'tor stats' => 'Statistics',
'tor traffic limit hard' => 'Traffic limit has been reached.',
'tor traffic limit soft' => 'Traffic limit almost reached. Not accepting any new connections.',
'tor traffic read written' => 'Total traffic (read/written)',
'tor use exit nodes' => 'Use only these exit nodes (one per line)',
'total connection time' => 'Total connection time',
'total hits for log section' => 'Total hits for log section',
'traffic back' => 'Back',

83
lfs/arm Normal file
View File

@@ -0,0 +1,83 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 1.4.5.0
THISAPP = arm-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/arm
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = arm
PAK_VER = 1
DEPS = ""
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = f85f306e50b90796ab7097d948e8fcf2
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
dist:
@$(PAK)
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/arm-dont-require-distutils.patch
cd $(DIR_APP) && ./install
@rm -rf $(DIR_APP)
@$(POSTBUILD)

6
lfs/daq
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 2.0.0
VER = 2.0.1
THISAPP = daq-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = a00855a153647df76d47f1ea454f74ae
$(DL_FILE)_MD5 = 044aa3663d44580d005293eeb8ccf175
install : $(TARGET)

76
lfs/gperf Normal file
View File

@@ -0,0 +1,76 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 IPFire Development Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 3.0.4
THISAPP = gperf-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = c1f1db32fb6598d6a93e6e88796a8632
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)

6
lfs/samba
View File

@@ -24,7 +24,7 @@
include Config
VER = 3.6.16
VER = 3.6.17
THISAPP = samba-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
PAK_VER = 50
PAK_VER = 51
DEPS = "cups"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 12c6785802813c2c5bf66e5c4c4e1d93
$(DL_FILE)_MD5 = c67c3330545c8f1f7ee26e017c28439b
install : $(TARGET)

5
lfs/snort
View File

@@ -24,7 +24,7 @@
include Config
VER = 2.9.5
VER = 2.9.5.3
THISAPP = snort-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = f5fc0e176afca5989d47509478758fc7
$(DL_FILE)_MD5 = f99465c0734a6173bfca899dcb72266b
install : $(TARGET)
@@ -75,6 +75,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--enable-linux-smp-stats --enable-smb-alerts \
--enable-gre --enable-mpls --enable-targetbased \
--enable-decoder-preprocessor-rules --enable-ppm \
--enable-non-ether-decoders \
--enable-perfprofiling --enable-zlib --enable-active-response \
--enable-normalizer --enable-reload --enable-react --enable-flexresp3
cd $(DIR_APP) && make

3
lfs/squid
View File

@@ -71,6 +71,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xjf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.1-10486.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.1-10487.patch
cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls \
--datadir=/usr/lib/squid \
--mandir=/usr/share/man --libexecdir=/usr/lib/squid \

17
lfs/strongswan
View File

@@ -24,12 +24,12 @@
include Config
VER = 5.0.4
VER = 5.1.0
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
DIR_APP = $(DIR_SRC)/strongswan-$(VER)
TARGET = $(DIR_INFO)/$(THISAPP)
ifeq "$(MACHINE)" "i586"
@@ -46,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 7085ac1d28dcc250096553fa51c3a4ea
$(DL_FILE)_MD5 = c1cd0a3ba9960f590cae28c8470800e8
install : $(TARGET)
@@ -79,15 +79,22 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-4.5.3_ipfire.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
cd $(DIR_APP) && ./configure \
--prefix="/usr" \
--sysconfdir="/etc" \
--enable-curl \
--enable-openssl \
--enable-xauth-eap \
--enable-eap-radius \
--enable-eap-tls \
--enable-eap-ttls \
--enable-eap-peap \
--enable-eap-mschapv2 \
--enable-eap-identity \
$(PADLOCK)
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt"
cd $(DIR_APP) && make install
# Remove all library files we don't want or need.

113
lfs/tor Normal file
View File

@@ -0,0 +1,113 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 0.2.3.25
THISAPP = tor-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tor
PAK_VER = 1
DEPS = "libevent2"
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = a1c364189a9a66ed9daa8e6436489daf
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
dist:
@$(PAK)
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && \
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--with-tor-user=nobody \
--with-tor-group=nobody
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
# Install configuration files.
mkdir -pv /var/ipfire/tor /var/lib/tor /var/log/tor
touch /var/ipfire/tor/settings
mv /etc/tor/torrc.sample /var/ipfire/tor/torrc
ln -svf /var/ipfire/tor/torrc /etc/tor/torrc
# Adjust ownerships.
chown -R nobody:nobody /var/lib/tor /var/ipfire/tor
# Logrotate
mkdir -pv /etc/logrotate.d
install -v -m 644 $(DIR_SRC)/config/tor/tor.logrotate \
/etc/logrotate.d/tor
# Defaults
mkdir -pv /usr/share/tor
install -v -m 644 $(DIR_SRC)/config/tor/defaults-torrc \
/usr/share/tor/defaults-torrc
install -v -m 644 $(DIR_SRC)/config/backup/includes/tor \
/var/ipfire/backup/addons/includes/tor
@rm -rf $(DIR_APP)
@$(POSTBUILD)

6
lfs/transmission
View File

@@ -24,7 +24,7 @@
include Config
VER = 2.80
VER = 2.81
THISAPP = transmission-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = transmission
PAK_VER = 7
PAK_VER = 8
DEPS = "libevent2"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 2bde600d4b0a75d0bd3784550d59a8af
$(DL_FILE)_MD5 = db1ad10ecff07150486dab2365ccb3a8
install : $(TARGET)

2
lfs/vdr
View File

@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = vdr
PAK_VER = 6
PAK_VER = 7
DEPS = "vdr_streamdev"

7
make.sh
View File

@@ -25,8 +25,8 @@
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.13" # Version number
CORE="71" # Core Level (Filename)
PAKFIRE_CORE="71" # Core Level (PAKFIRE)
CORE="72" # Core Level (Filename)
PAKFIRE_CORE="72" # Core Level (PAKFIRE)
GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
@@ -333,6 +333,7 @@ buildbase() {
lfsmake2 gettext
lfsmake2 grep
lfsmake2 groff
lfsmake2 gperf
lfsmake2 gzip
lfsmake2 inetutils
lfsmake2 iproute2
@@ -779,6 +780,8 @@ buildipfire() {
ipfiremake perl-File-Tail
ipfiremake perl-TimeDate
ipfiremake swatch
ipfiremake tor
ipfiremake arm
echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild
cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild
echo >> $BASEDIR/build/var/ipfire/firebuild

4
src/initscripts/init.d/firewall
View File

@@ -188,6 +188,10 @@ case "$1" in
/sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
# TOR
/sbin/iptables -N TOR_INPUT
/sbin/iptables -A INPUT -j TOR_INPUT
# Outgoing Firewall
/sbin/iptables -A FORWARD -j OUTGOINGFWMAC

82
src/initscripts/init.d/tor Normal file
View File

@@ -0,0 +1,82 @@
#!/bin/sh
########################################################################
# Begin $rc_base/init.d/tor
#
# Description : Anonymizing overlay network for TCP
#
########################################################################
. /etc/sysconfig/rc
. ${rc_functions}
function setup_firewall() {
eval $(/usr/local/bin/readhash /var/ipfire/tor/settings)
# Flush all rules.
flush_firewall
if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_PORT}" -j ACCEPT
fi
}
function flush_firewall() {
# Flush all rules.
iptables -F TOR_INPUT
}
case "${1}" in
start)
# Setup firewall.
setup_firewall
boot_mesg "Starting tor..."
loadproc /usr/bin/tor \
--runasdaemon 1 \
--defaults-torrc /usr/share/tor/defaults-torrc \
-f /etc/tor/torrc \
--quiet
;;
stop)
# Flush firewall.
flush_firewall
boot_mesg "Stopping tor..."
killproc /usr/bin/tor
;;
reload)
# Setup firewall.
setup_firewall
boot_mesg "Reloading tor..."
reloadproc /usr/bin/tor
;;
restart)
${0} stop
sleep 1
${0} start
;;
reload-or-restart)
# Reload the process if it is already running. Otherwise, restart.
if pidofproc -s /usr/bin/tor; then
$0 reload
else
$0 restart
fi
;;
status)
statusproc /usr/bin/tor
;;
*)
echo "Usage: ${0} {start|stop|reload|restart|reload-or-restart|status}"
exit 1
;;
esac
# End $rc_base/init.d/tor

5
src/misc-progs/Makefile
View File

@@ -33,7 +33,7 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \
redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
getconntracktable wirelessclient dnsmasqctrl
getconntracktable wirelessclient dnsmasqctrl torctrl
SUID_UPDX = updxsetperms
install : all
@@ -164,3 +164,6 @@ wirelessclient: wirelessclient.c setuid.o ../install+setup/libsmooth/varval.o
dnsmasqctrl: dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
torctrl: torctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ torctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@

16
src/misc-progs/ipsecctrl.c
View File

@@ -144,8 +144,8 @@ void turn_connection_on(char *name, char *type) {
"/usr/sbin/ipsec down %s >/dev/null", name);
safe_system(command);
// Reload the configuration into the daemon.
safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
// Reload the configuration into the daemon (#10339).
ipsec_reload();
// Bring the connection up again.
snprintf(command, STRING_SIZE - 1,
@@ -169,7 +169,15 @@ void turn_connection_off (char *name) {
safe_system(command);
// Reload, so the connection is dropped.
safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
ipsec_reload();
}
void ipsec_reload() {
/* Re-read all configuration files and secrets and
* reload the daemon (#10339).
*/
safe_system("/usr/sbin/ipsec rereadall >/dev/null 2>&1");
safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
}
int main(int argc, char *argv[]) {
@@ -193,7 +201,7 @@ int main(int argc, char *argv[]) {
}
if (strcmp(argv[1], "R") == 0) {
safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
ipsec_reload();
exit(0);
}

15
src/misc-progs/openvpnctrl.c
View File

@@ -362,6 +362,10 @@ char* calcTransferNetAddress(const connection* conn) {
char *subnetmask = strdup(conn->transfer_subnet);
char *address = strsep(&subnetmask, "/");
if ((address == NULL) || (subnetmask == NULL)) {
goto ERROR;
}
in_addr_t _address = inet_addr(address);
in_addr_t _subnetmask = inet_addr(subnetmask);
_address &= _subnetmask;
@@ -496,12 +500,11 @@ void setFirewallRules(void) {
local_subnet_address = getLocalSubnetAddress(conn);
transfer_subnet_address = calcTransferNetAddress(conn);
if ((!local_subnet_address) || (!transfer_subnet_address))
continue;
snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
OVPNNAT, transfer_subnet_address, local_subnet_address);
executeCommand(command);
if ((local_subnet_address) && (transfer_subnet_address)) {
snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
OVPNNAT, transfer_subnet_address, local_subnet_address);
executeCommand(command);
}
}
conn = conn->next;

36
src/misc-progs/torctrl.c Normal file
View File

@@ -0,0 +1,36 @@
/* This file is part of the IPFire Firewall.
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include "setuid.h"
int main(int argc, char *argv[]) {
if (!(initsetuid()))
exit(1);
if (argc < 2) {
fprintf(stderr, "\nNo argument given.\n\ntorctrl (restart|stop)\n\n");
exit(1);
}
if (strcmp(argv[1], "restart") == 0) {
safe_system("/etc/rc.d/init.d/tor reload-or-restart");
} else if (strcmp(argv[1], "stop") == 0) {
safe_system("/etc/rc.d/init.d/tor stop");
} else {
fprintf(stderr, "\nBad argument given.\n\ntorctrl (restart|stop)\n\n");
exit(1);
}
return 0;
}

20
src/patches/arm-dont-require-distutils.patch Normal file
View File

@@ -0,0 +1,20 @@
diff -Nur arm.vanilla/src/util/hostnames.py arm/src/util/hostnames.py
--- arm.vanilla/src/util/hostnames.py 2012-04-29 05:59:24.000000000 +0200
+++ arm/src/util/hostnames.py 2013-07-31 17:59:19.245591564 +0200
@@ -30,7 +30,6 @@
import threading
import itertools
import Queue
-import distutils.sysconfig
from util import log, sysTools
@@ -264,7 +263,7 @@
# 'socket.gethostbyaddr'. The following checks if the system has the
# gethostbyname_r function, which determines if python resolutions can be
# done in parallel or not. If so, this is preferable.
- isSocketResolutionParallel = distutils.sysconfig.get_config_var("HAVE_GETHOSTBYNAME_R")
+ isSocketResolutionParallel = True #distutils.sysconfig.get_config_var("HAVE_GETHOSTBYNAME_R")
self.useSocketResolution = CONFIG["queries.hostnames.useSocketModule"] and isSocketResolutionParallel
for _ in range(CONFIG["queries.hostnames.poolSize"]):

54
src/patches/squid-3.1-10486.patch Normal file
View File

@@ -0,0 +1,54 @@
------------------------------------------------------------
revno: 10486
revision-id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
parent: squid3@treenet.co.nz-20130109021503-hqg7ufldrudpzr9l
fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3790
author: Reinhard Sojka <reinhard.sojka@parlament.gv.at>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: SQUID_3_1
timestamp: Fri 2013-02-22 04:13:25 -0700
message:
Bug 3790: cachemgr.cgi crash with authentication
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# testament_sha1: 121adf68a9c3b2eca766cfb768256b6b57d9816b
# timestamp: 2013-02-22 11:17:18 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# base_revision_id: squid3@treenet.co.nz-20130109021503-\
# hqg7ufldrudpzr9l
#
# Begin patch
=== modified file 'tools/cachemgr.cc'
--- tools/cachemgr.cc 2013-01-08 23:11:51 +0000
+++ tools/cachemgr.cc 2013-02-22 11:13:25 +0000
@@ -1162,7 +1162,6 @@
{
static char buf[1024];
size_t stringLength = 0;
- const char *str64;
if (!req->passwd)
return "";
@@ -1171,15 +1170,12 @@
req->user_name ? req->user_name : "",
req->passwd);
- str64 = base64_encode(buf);
-
- stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64);
+ stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", base64_encode(buf));
assert(stringLength < sizeof(buf));
- snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", str64);
+ snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf));
- xxfree(str64);
return buf;
}

73
src/patches/squid-3.1-10487.patch Normal file
View File

@@ -0,0 +1,73 @@
------------------------------------------------------------
revno: 10487
revision-id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
parent: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
author: Nathan Hoad <nathan@getoffmalawn.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: SQUID_3_1
timestamp: Wed 2013-07-10 06:47:48 -0600
message:
Protect against buffer overrun in DNS query generation
see SQUID-2013:2.
This bug has been present as long as the internal DNS component however
most code reaching this point is passing through URL validation first.
With Squid-3.2 Host header verification using DNS directly we may have
problems.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0
# timestamp: 2013-07-10 12:48:57 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# base_revision_id: squid3@treenet.co.nz-20130222111325-\
# zizr296kq3te4g7h
#
# Begin patch
=== modified file 'src/dns_internal.cc'
--- src/dns_internal.cc 2011-10-11 02:12:56 +0000
+++ src/dns_internal.cc 2013-07-10 12:47:48 +0000
@@ -1532,22 +1532,26 @@
void
idnsALookup(const char *name, IDNSCB * callback, void *data)
{
- unsigned int i;
+ size_t nameLength = strlen(name);
+
+ // Prevent buffer overflow on q->name
+ if (nameLength > NS_MAXDNAME) {
+ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details.");
+ callback(data, NULL, 0, "Internal error");
+ return;
+ }
+
+ if (idnsCachedLookup(name, callback, data))
+ return;
+
+ idns_query *q = cbdataAlloc(idns_query);
+ q->id = idnsQueryID();
int nd = 0;
- idns_query *q;
-
- if (idnsCachedLookup(name, callback, data))
- return;
-
- q = cbdataAlloc(idns_query);
-
- q->id = idnsQueryID();
-
- for (i = 0; i < strlen(name); i++)
+ for (unsigned int i = 0; i < nameLength; ++i)
if (name[i] == '.')
nd++;
- if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') {
+ if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') {
q->do_searchpath = 1;
} else {
q->do_searchpath = 0;

21
src/scripts/setddns.pl
View File

@@ -150,6 +150,27 @@ if ($ip ne $ipcache) {
}
}
elsif ($settings{'SERVICE'} eq 'all-inkl') {
my %proxysettings;
&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
}
my ($out, $response) = Net::SSLeay::get_https("dyndns.kasserver.com", 443, "/", Net::SSLeay::make_headers(
'User-Agent' => 'IPFire', 'Authorization' => 'Basic ' . encode_base64("$settings{'LOGIN'}:$settings{'PASSWORD'}")
));
# Valid response are 'ok' 'nochange'
if ($response =~ m%HTTP/1\.. 200 OK%) {
&General::log("Dynamic DNS ip-update for $settings{'HOSTNAME'}.$settings{'DOMAIN'} : success");
$success++;
} else {
&General::log("Dynamic DNS ip-update for $settings{'HOSTNAME'}.$settings{'DOMAIN'} : failure (could not connect to server, check your credentials)");
}
}
elsif ($settings{'SERVICE'} eq 'cjb') {
# use proxy ?
my %proxysettings;