webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-26 19:00:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into asterisk-update

Browse Source
This commit is contained in:
Dirk Wagner
2014-05-19 12:56:38 +02:00
parent 28b8e0ec07 30b1c1c728
commit c10ef4bd39
135 changed files with 9380 additions and 4324 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1480
src/hwdata/pci.ids
View File

File diff suppressed because it is too large Load Diff

91
src/hwdata/usb.ids
View File

@@ -9,8 +9,8 @@
# The latest version can be obtained from
# http://www.linux-usb.org/usb.ids
#
# Version: 2013.08.21
# Date: 2013-08-21 20:34:03
# Version: 2014.02.03
# Date: 2014-02-03 20:34:03
#
# Vendors, devices and interfaces. Please keep sorted.
@@ -26,10 +26,12 @@
0002 Ingram
0003 Club Mac
0004 Nebraska Furniture Mart
0011 Unknown manufacturer
7788 Flash mass storage drive
0053 Planex
5301 GW-US54ZGL 802.11bg
0079 DragonRise Inc.
0006 Generic USB Joystick
0006 PC TWIN SHOCK Gamepad
0011 Gamepad
0105 Trust International B.V.
145f NW-3100 802.11b/g 54Mbps Wireless Network Adapter [zd1211]
@@ -37,8 +39,10 @@
0112 Card Reader
017c MLK
145f Trust Deskset
0200 TP-Link
0201 MA180 UMTS Modem
0204 Chipsbank Microelectronics Co., Ltd
6025 CBM2080 Flash drive controller
6025 CBM2080 / CBM2090 Flash drive controller
6026 CBM1180 Flash drive controller
0218 Hangzhou Worlde
0301 MIDI Port
@@ -105,6 +109,7 @@
2107 AVR Dragon
2109 STK541 ZigBee Development Board
210d XPLAIN evaluation kit (CDC ACM)
2110 AVR JTAGICE3 Debugger and Programmer
2122 XMEGA-A1 Explained evaluation kit
2310 EVK11xx evaluation board
2fe4 ATxmega32A4U DFU bootloader
@@ -191,6 +196,8 @@
0412 Printing Support
0417 LaserJet 1200 series
0423 HS-COMBO Cardreader
042a LaserJet M1132 MFP
0441 HP Prime Calculator
0504 DeskJet 885c
0505 ScanJet 2100c
0507 DVD+RW
@@ -338,7 +345,7 @@
2311 OfficeJet d series
2312 OfficeJet Pro L7700
2317 LaserJet 4350
231d 4 GB Flash Drive
231d Broadcom 2070 Bluetooth Combo
2402 PhotoSmart 7700 series
2404 Deskjet F2280 series
2405 ScanJet 4070 PhotoSmart
@@ -349,6 +356,7 @@
2504 DeskJet F4200 series
2505 ScanJet 3770
2512 OfficeJet Pro L7300
2514 4-port hub
2517 LaserJet 2410
251d Gobi 2000 Wireless Modem
2524 LP3065 30" Monitor Hub
@@ -424,6 +432,7 @@
3b11 PSC 1300 series
3b17 LaserJet M1005 MFP
3c02 PhotoSmart 7350
3c05 Scanjet Professional 1000 Mobile Scanner
3c11 PSC 1358
3c17 EWS UPD
3d02 PhotoSmart 7350~
@@ -473,6 +482,7 @@
5017 EWS UPD
5111 PhotoSmart 3200 series
5211 PhotoSmart 3300 series
5307 v165w Stick
5311 OfficeJet 6300
5312 Officejet Pro 8500A
5411 OfficeJet 4300
@@ -692,12 +702,20 @@
8028 Dev board JTAG (FT232H based)
8040 4 Port Hub
8070 7 Port Hub
8140 Vehicle Explorer Interface
8210 MGTimer - MGCC (Vic) Timing System
8370 7 Port Hub
8371 PS/2 Keyboard And Mouse
8372 FT8U100AX Serial Port
8a28 Rainforest Automation ZigBee Controller
8a98 TIAO Multi-Protocol Adapter
8b28 Alpermann+Velte TCI70
8b29 Alpermann+Velte TC60 CLS
8b2a Alpermann+Velte Rubidium Q1
8b2b Alpermann+Velte TCD
8b2c Alpermann+Velte TCC70
9133 CallerID
9135 Rotary Pub alarm
9e90 Marvell OpenRD Base/Client
9f80 Ewert Energy Systems CANdapter
a6d0 Texas Instruments XDS100v2 JTAG / BeagleBone A3
@@ -730,6 +748,7 @@
c8bc Alpermann+Velte Rubidium S1
c8bd Alpermann+Velte Rubidium T1
c8be Alpermann+Velte Rubidium D1
c8bf Alpermann+Velte TC60 RLV
cc48 Tactrix OpenPort 1.3 Mitsubishi
cc49 Tactrix OpenPort 1.3 Subaru
cc4a Tactrix OpenPort 1.3 Universal
@@ -1000,6 +1019,7 @@
4000 InkJet Color Printer
4021 Photo Printer 6800
4022 1400 Digital Photo Printer
402e 605 Photo Printer
4034 805 Photo Printer
4056 ESP 7200 Series AiO
4109 EasyShare Printer Dock Series 3
@@ -1012,6 +1032,7 @@
6004 i60
6005 i80
040b Weltrend Semiconductor
0a68 Func MS-3 gaming mouse [WT6573F MCU]
6510 Weltrend Bar Code Reader
6520 XBOX Xploder
6533 Speed-Link Competition Pro
@@ -1240,6 +1261,7 @@
4056 Live! Cam Video IM Pro
4057 Live! Cam Optia
4058 Live! Cam Optia AF
405f WebCam Vista (VF0330)
4061 Live! Cam Notebook Pro [VF0400]
4063 Live! Cam Video IM Pro
4068 Live! Cam Notebook [VF0470]
@@ -1659,6 +1681,7 @@
4a4d Flatron 915FT Plus Monitor
7001 MF-PD100 Soul Digital MP3 Player
7013 MP3 Player
70d7 Mouse Scanner LSM-150 [LG Smart Scan Mouse]
70f5 External HDD
8484 LPC-U30 Webcam II
8585 LPC-UC35 Webcam
@@ -1714,6 +1737,7 @@
b10a T.16000M Joystick
b203 360 Modena Pro Wheel
b300 Firestorm Dual Power
b303 FireStorm Dual Analog 2
b304 Firestorm Dual Power
b307 vibrating Upad
b30b Wireless VibrationPad
@@ -1771,6 +1795,7 @@
0151 Super Flash 1GB / GXT 64MB Flash Drive
0162 SiS162 usb Wireless LAN Adapter
0163 802.11 Wireless LAN Adapter
0817 SiS-184-ASUS-4352.17 touch panel
5401 Wireless Adapter RO80211GS-USB
0458 KYE Systems Corp. (Mouse Systems)
0001 Mouse
@@ -1863,6 +1888,7 @@
705c Genius iSlim 1300AF
7079 FaceCam 2025R
707f TVGo DVB-T03 [RTL2832]
7088 WideCam 1050
0459 Adobe Systems, Inc.
045a SONICblue, Inc.
07da Supra Express 56K modem
@@ -2153,6 +2179,8 @@
076d LifeCam HD-5000
0772 LifeCam Studio
0779 LifeCam HD-3000
0780 Comfort Curve Keyboard 3000
0797 Optical Mouse 200
930a ISOUSB.SYS Intel 82930 Isochronous IO Test Board
ffca Catalina
fff8 Keyboard
@@ -2227,7 +2255,7 @@
0467 AT&T Paradyne
0468 Wieson Technologies Co., Ltd
046a Cherry GmbH
0001 My3000 Keyboard
0001 Keyboard
0003 My3000 Hub
0004 CyBoard Keyboard
0005 XX33 SmartCard Reader Keyboard
@@ -2444,12 +2472,14 @@
c061 RX1500 Laser Mouse
c062 M-UAS144 [LS1 Laser Mouse]
c063 DELL Laser Mouse
c064 M110 corded optical mouse (M-B0001)
c066 G9x Laser Mouse
c068 G500 Laser Mouse
c069 M500 Laser Mouse
c06a USB Optical Mouse
c06b G700 Wireless Gaming Mouse
c06c Optical Mouse
c077 M105 Optical Mouse
c101 UltraX Media Remote
c110 Harmony 785/885 Remote
c111 Harmony 525 Remote
@@ -2460,6 +2490,7 @@
c124 Harmony 300 Remote
c125 Harmony 200 Remote
c126 Harmony Link
c12b Harmony Touch Remote
c201 WingMan Extreme Joystick with Throttle
c202 WingMan Formula
c207 WingMan Extreme Digital 3D
@@ -2489,12 +2520,18 @@
c225 G11/G15 Keyboard / G keys
c226 G15 Refresh Keyboard
c227 G15 Refresh Keyboard
c228 G19 Gaming Keyboard
c229 G19 Gaming Keyboard Macro Interface
c22a Gaming Keyboard G110
c22b Gaming Keyboard G110 G-keys
c22d G510 Gaming Keyboard
c22e G510 Gaming Keyboard onboard audio
c245 G400 Optical Mouse
c246 Gaming Mouse G300
c248 G105 Gaming Keyboard
c24a G600 Gaming Mouse
c24d G710 Gaming Keyboard
c24e G500s Laser Gaming Mouse
c281 WingMan Force
c283 WingMan Force 3D
c285 WingMan Strike Force 3D
@@ -2854,6 +2891,8 @@
0014 InTouch Module
a006 External Disk 1.5TB
a007 External Disk USB 3.0
a009 Stor.E Basics
d010 External Disk 3TB
0481 Zenith Data Systems
0482 Kyocera Corp.
000e FS-1020D Printer
@@ -2885,6 +2924,7 @@
5000 ST Micro/Ergenic ERG BT-002 Bluetooth Adapter
5001 ST Micro Bluetooth Device
5710 Joystick in FS Mode
5720 STM microSD Flash Device
5721 Hantek DDS-3X25 Arbitrary Waveform Generator
5740 STM32F407
7270 ST Micro Serial Bridge
@@ -2917,6 +2957,8 @@
9006 IT9135 BDA Afatech DVB-T HDTV Dongle
9009 Zolid HD DVD Maker
9135 Zolid Mini DVB-T Stick
9503 ITE it9503 feature-limited DVB-T transmission chip [ccHDtv]
9507 ITE it9507 full featured DVB-T transmission chip [ccHDtv]
048f Eicon Tech.
0490 United Microelectronics Corp.
0491 Capetronic
@@ -3607,6 +3649,7 @@
31e4 PowerShot SX20 IS
31e5 Digital IXUS 200 IS
31e6 PowerShot SD940 IS DIGITAL ELPH / Digital IXUS 120 IS / IXY DIGITAL 220 IS
31e7 SELPHY CP790
31ea EOS Rebel T2i / EOS 550D / EOS Kiss X4
31ee SELPHY ES40
31ef PowerShot A495
@@ -3664,8 +3707,14 @@
325c PowerShot SX500 IS
325f PowerShot SX280 HS
3260 PowerShot SX270 HS
3262 PowerShot A2600
3264 PowerShot A1400
3265 Powershot ELPH 130 IS / IXUS 140
3268 PowerShot ELPH 330 HS / IXUS 255 HS
3271 PowerShot A2500
3276 PowerShot SX170 IS
3277 PowerShot SX510 HS
327d Powershot ELPH 115 IS / IXUS 132
04aa DaeWoo Telecom, Ltd
04ab Chromatic Research
04ac Micro Audiometrics Corp.
@@ -3740,6 +3789,7 @@
0424 D3000
0425 D300S
0428 D7000
0429 D5100
042a D800 (ptp)
0f03 PD-10 Wireless Printer Adapter
4000 Coolscan LS 40 ED
@@ -3768,6 +3818,7 @@
4427 Portable CD ROM
4482 Serial Converter
4485 Serial Converter
4524 40 Character Vacuum Fluorescent Display
4525 Double sided CRT
4535 4610 Suremark Printer
4550 NVRAM (128 KB)
@@ -4109,6 +4160,7 @@
10e7 fi-5900C
10fe S500
1150 fi-6230
201d SATA 3.0 6Gbit/s Adaptor [GROOVY]
04c6 Toshiba America Electronic Components
04c7 Micro Macro Technologies
04c8 Konica Corp.
@@ -4122,6 +4174,7 @@
072c Revio KD20M
072d Revio KD410Z
04ca Lite-On Technology Corp.
004f SK-9020 keyboard
1766 HID Monitor Controls
2004 Bluetooth 4.0 [Broadcom BCM20702A0]
9304 Hub
@@ -4288,11 +4341,13 @@
1400 PS/2 keyboard + mouse controller
1503 Shortboard Lefty
1603 Keyboard
1702 Keyboard LKS02
2013 Keyboard [Das Keyboard]
2221 Keyboard
2323 Keyboard
2519 Shenzhen LogoTech 2.4GHz receiver
2832 1channel Telephone line recorder
2834 HT82A834R Audio MCU
a055 Keyboard
04da Panasonic (Matsushita)
0901 LS-120 Camera
@@ -4444,6 +4499,7 @@
5151 SCR338 Keyboard Smart Card Reader
5292 SCL011 RFID reader
5410 SCR35xx Smart Card Reader
5591 SCL3711-NFC&RW
e000 SCRx31 Reader
e001 SCR331 SmartCard Reader
e003 SPR532 PinPad SmartCard Reader
@@ -4708,6 +4764,7 @@
0760 Acer KU-0760 Keyboard
0841 HP Multimedia Keyboard
0860 2.4G Multimedia Wireless Kit
1121 Periboard 717 Mini Wireless Keyboard
a001 E-Video DC-100 Camera
a120 ORITE CCD Webcam(PC370R)
a121 ORITE CCD Webcam(PC370R)
@@ -4770,6 +4827,7 @@
b330 Asus 720p CMOS webcam
b354 UVC 1.00 device HD UVC WebCam
04f3 Elan Microelectronics Corp.
000a Touchscreen
0103 ActiveJet K-2024 Multimedia Keyboard
01a4 Wireless Keyboard
0210 Optical Mouse
@@ -5120,6 +5178,8 @@
1004 F9L1004 802.11n Surf N300 XR Wireless Adapter [Realtek RTL8192CU]
1102 F7D1102 N150/Surf Micro Wireless Adapter v1000 [Realtek RTL8188CUS]
1103 F9L1103 N750 DB 802.11abgn 2x3:3 [Ralink RT3573]
1106 F9L1106v1 802.11a/b/g/n/ac Wireless Adapter [Broadcom BCM43526]
1109 F9L1109v1 802.11a/b/g/n/ac Wireless Adapter [Realtek RTL8812AU]
11f2 ISY Wireless Micro Adapter IWL 2000 [RTL8188CUS]
1202 F5U120-PC Parallel Printer Port
1203 F5U120-PC Serial Port
@@ -5524,6 +5584,7 @@
0440 DSC-H55
0485 MHS-PM5 HD camcorder
04cb WALKMAN NWZ-E354
06bb WALKMAN NWZ-F805
1000 Wireless Buzz! Receiver
054d Try Corp.
054e Proside Corp.
@@ -9637,8 +9698,8 @@
0001 Hard Drive Adapter (TPP)
0002 SigmaDrive Adapter (TPP)
0906 Faraday Technology Corp.
0908 ShenZhen SANZHAI Technology Co.,Ltd
2701 Spy Pen VGA
0908 Siemens AG
2701 ShenZhen SANZHAI Technology Co.,Ltd Spy Pen VGA
0909 Audio-Technica Corp.
090a Trumpion Microelectronics, Inc.
1001 T33520 Flash Card Controller
@@ -12779,6 +12840,8 @@
0ff7 CHI SHING Computer Accessories Co., Ltd
0ffc Clavia DMI AB
0021 Nord Stage 2
0ffd EarlySense
ff00 OEM
0fff Aopen, Inc.
1000 Speed Tech Corp.
1001 Ritronics Components (S) Pte., Ltd
@@ -15344,6 +15407,8 @@
1b59 K.S. Terminals Inc.
1b5a Chao Zhou Kai Yuan Electric Co., Ltd.
1b65 The Hong Kong Standards and Testing Centre Ltd.
1b71 Fushicai
3002 USBTV007 Video Grabber [EasyCAP]
1b72 ATERGI TECHNOLOGY CO., LTD.
1b73 Fresco Logic
1000 xHC1 Controller
@@ -15881,6 +15946,9 @@
648b TEW-648UBM 802.11n 150Mbps Micro Wireless N Adapter [Realtek RTL8188CUS]
2101 ActionStar
0201 SIIG 4-to-2 Printer Switch
2149 Advanced Silicon S.A.
211b Touchscreen Controller
2703 TS58xxA/TC56xxA [CoolTouch]
2162 Creative (?)
2031 Network Blaster Wireless Adapter
500c DE5771 Modem Blaster
@@ -15899,10 +15967,17 @@
4050 AirStick joystick
2227 SAMWOO Enterprise
3105 SKYDATA SKD-U100
2232 Silicon Motion
1005 WebCam SCB-0385N
1028 WebCam SC-03FFL11939N
1029 WebCam SC-13HDL11939N
1037 WebCam SC-03FFM12339N
2233 RadioShack Corporation
6323 USB Electronic Scale
2237 Kobo Inc.
4161 eReader White
228d 8D Technologies inc.
0001 Terminal Bike Key Reader
22a6 Pie Digital, Inc.
ffff PieKey "beta" 4GB model 4E4F41482E4F5247 (SM3251Q BB)
22b8 Motorola PCS

31
src/initscripts/init.d/dhcp
View File

@@ -9,26 +9,39 @@
. $rc_functions
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
function flush_chains() {
iptables -F DHCPGREENINPUT
iptables -F DHCPGREENOUTPUT
iptables -F DHCPBLUEINPUT
iptables -F DHCPBLUEOUTPUT
}
case "$1" in
start)
iptables -F DHCPBLUEINPUT
if [ -e /var/ipfire/dhcp/enable_green ]; then
flush_chains
if [ -n "${GREEN_DEV}" -a -e "/var/ipfire/dhcp/enable_green" ]; then
devices="${GREEN_DEV}"
iptables -A DHCPGREENINPUT -i "${GREEN_DEV}" -j DHCPINPUT
iptables -A DHCPGREENOUTPUT -o "${GREEN_DEV}" -j DHCPOUTPUT
fi
if [ -e /var/ipfire/dhcp/enable_blue ]; then
if [ -n "${BLUE_DEV}" -a -e "/var/ipfire/dhcp/enable_blue" ]; then
devices+=" ${BLUE_DEV}"
iptables -A DHCPBLUEINPUT -p tcp --source-port 68 --destination-port 67 -i ${BLUE_DEV} -j ACCEPT > /dev/null 2>&1
iptables -A DHCPBLUEINPUT -p udp --source-port 68 --destination-port 67 -i ${BLUE_DEV} -j ACCEPT > /dev/null 2>&1
fi
iptables -A DHCPBLUEINPUT -i "${BLUE_DEV}" -j DHCPINPUT
iptables -A DHCPBLUEOUTPUT -o "${BLUE_DEV}" -j DHCPOUTPUT
fi
boot_mesg "Starting DHCP Server..."
loadproc /usr/sbin/dhcpd -q ${devices}
(sleep 5 && chmod 644 /var/run/dhcpd.pid) & # Fix because silly dhcpd creates its pid with mode 640
;;
stop)
flush_chains
boot_mesg "Stopping DHCP Server..."
killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd
if [ "$(ps -A | grep " dhcpd")" != "" ] ; then

1
src/initscripts/init.d/fcron
View File

@@ -13,6 +13,7 @@
case "$1" in
start)
boot_mesg "Starting fcron..."
chown cron:cron /var/spool/cron
loadproc /usr/sbin/fcron -y
# remove -y to reenable fcron logging
;;

31
src/initscripts/init.d/firewall
View File

@@ -143,6 +143,31 @@ iptables_init() {
iptables -A ${i} -j CONNTRACK
done
# Allow DHCP
iptables -N DHCPINPUT
iptables -A DHCPINPUT -p udp --sport 68 --dport 67 -j ACCEPT
iptables -A DHCPINPUT -p tcp --sport 68 --dport 67 -j ACCEPT
iptables -N DHCPOUTPUT
iptables -A DHCPOUTPUT -p udp --sport 67 --dport 68 -j ACCEPT
iptables -A DHCPOUTPUT -p tcp --sport 67 --dport 68 -j ACCEPT
# Allow DHCP on GREEN
iptables -N DHCPGREENINPUT
iptables -N DHCPGREENOUTPUT
if [ -n "${GREEN_DEV}" ]; then
iptables -A INPUT -i "${GREEN_DEV}" -j DHCPGREENINPUT
iptables -A OUTPUT -o "${GREEN_DEV}" -j DHCPGREENOUTPUT
fi
# allow DHCP on BLUE to be turned on/off
iptables -N DHCPBLUEINPUT
iptables -N DHCPBLUEOUTPUT
if [ -n "${BLUE_DEV}" ]; then
iptables -A INPUT -i "${BLUE_DEV}" -j DHCPBLUEINPUT
iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT
fi
# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
iptables -N IPSECINPUT
iptables -N IPSECFORWARD
@@ -155,11 +180,7 @@ iptables_init() {
# localhost and ethernet.
iptables -A INPUT -i $GREEN_DEV -m conntrack --ctstate NEW -j ACCEPT ! -p icmp
# allow DHCP on BLUE to be turned on/off
iptables -N DHCPBLUEINPUT
iptables -A INPUT -j DHCPBLUEINPUT
# WIRELESS chains
iptables -N WIRELESSINPUT
iptables -A INPUT -m conntrack --ctstate NEW -j WIRELESSINPUT

11
src/initscripts/init.d/networking/red
View File

@@ -22,6 +22,7 @@
#Define some defaults
INET_VLAN=7
IPTV_VLAN=8
ATM_DEV=0
eval $(/usr/local/bin/readhash /var/ipfire/main/settings)
if [ "$RRDLOG" == "" ]; then
@@ -170,17 +171,17 @@ case "${1}" in
if [ "$TYPE" == "pppoeatm" ] || [ "$TYPE" == "pptpatm" ]; then
PPP_NIC=nas0
DEVICE=nas0
PPP_NIC=nas${ATM_DEV}
DEVICE=nas${ATM_DEV}
boot_mesg "Createing ATM-Bridge as $PPP_NIC ..."
br2684ctl -c0 -e${ENCAP} -a0.${VPI}.${VCI} >/dev/null 2>&1 &
br2684ctl -c${ATM_DEV} -e${ENCAP} -a${ATM_DEV}.${VPI}.${VCI} >/dev/null 2>&1 &
sleep 1
# use user-defined or green mac address for nas0
if [ -n "$MAC" ]; then
ip link set dev nas0 address ${MAC}
ip link set dev nas${ATM_DEV} address ${MAC}
else
ip link set dev nas0 address $(cat /sys/class/net/green0/address)
ip link set dev nas${ATM_DEV} address $(cat /sys/class/net/green0/address)
fi
if [ "$TYPE" == "pppoeatm" ]; then

2
src/initscripts/init.d/nut
View File

@@ -35,7 +35,7 @@ if [ "x$MODE" = "xnone" ] ; then
fi
upsd=/usr/sbin/upsd
upsdrvctl=/usr/bin/upsdrvctl
upsdrvctl=/usr/sbin/upsdrvctl
upsmon=/usr/sbin/upsmon
log=">/dev/null 2>/dev/null"

5
src/initscripts/init.d/sshd
View File

@@ -43,7 +43,10 @@ case "$1" in
(
sleep 3
pid=$(cat /var/run/sshd.pid 2>/dev/null)
[ -n "${pid}" ] && echo "-16" > "/proc/${pid}/oom_score_adj"
[ -n "${pid}" ] && [ -e "/proc/${pid}/oom_score_adj" ] && \
echo "-16" > "/proc/${pid}/oom_score_adj" || \
[ -e "/proc/${pid}/oom_adj" ] && \
echo "-16" > "/proc/${pid}/oom_adj"
) &
;;

39
src/initscripts/init.d/stunnel Normal file
View File

@@ -0,0 +1,39 @@
#!/bin/sh
########################################################################
# Begin $rc_base/init.d/stunnel
#
# Description : Provides an SSL encryption wrapper.
#
########################################################################
. /etc/sysconfig/rc
. ${rc_functions}
case "$1" in
start)
boot_mesg "Starting the Stunnel Daemon..."
loadproc /usr/bin/stunnel
;;
stop)
boot_mesg "Stopping the Stunnel Daemon..."
killproc /usr/bin/stunnel
;;
restart)
$0 stop
sleep 1
$0 start
;;
status)
statusproc /usr/bin/stunnel
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
;;
esac
# End $rc_base/init.d/stunnel

48
src/initscripts/init.d/watchdog
View File

@@ -1,44 +1,31 @@
#!/bin/sh
########################################################################
# Begin $rc_base/init.d/watchdog
#
# Description : watchdog daemon initscript
#
########################################################################
. /etc/sysconfig/rc
. ${rc_functions}
PATH=/bin:/usr/bin:/sbin:/usr/sbin
test -x /usr/sbin/watchdog || exit 0
# For configuration of the init script use the file
# /etc/sysconfig/watchdog, do not edit this init script.
# Set run_watchdog to 1 to start watchdog or 0 to disable it.
run_watchdog=0
# Specify additional watchdog options here (see manpage).
watchdog_options=""
# Specify module to load
watchdog_module="none"
[ -e /etc/sysconfig/watchdog ] && . /etc/sysconfig/watchdog
DAEMON=/usr/sbin/watchdog
WD_DAEMON=/usr/sbin/wd_keepalive
if [ -e "/etc/sysconfig/watchdog" ]; then
. /etc/sysconfig/watchdog
fi
case "${1}" in
start)
boot_mesg "Starting watchdog ..."
if [ $run_watchdog = 1 ]
then
# do we have to load a module?
[ ${watchdog_module:-none} != "none" ] && /sbin/modprobe $watchdog_module
if [ -n "${watchdog_module}" ]; then
modprobe -q "${watchdog_module}" 2>/dev/null
fi
loadproc $DAEMON $watchdog_options
fi
boot_mesg "Starting watchdog daemon..."
loadproc /usr/sbin/watchdog ${watchdog_options}
;;
stop)
boot_mesg "Stopping watchdog ..."
killproc $DAEMON
boot_mesg "Stopping watchdog daemon..."
killproc /usr/sbin/watchdog
;;
restart)
@@ -48,7 +35,7 @@ case "${1}" in
;;
status)
statusproc $DAEMON
statusproc /usr/sbin/watchdog
;;
*)
@@ -57,3 +44,4 @@ case "${1}" in
;;
esac
# End $rc_base/init.d/watchdog

2
src/install+setup/install/main.c
View File

@@ -124,8 +124,6 @@ int main(int argc, char *argv[])
}
// Load common modules
mysystem("/sbin/modprobe iso9660"); // CDROM
// mysystem("/sbin/modprobe ext2"); // Boot patition
mysystem("/sbin/modprobe vfat"); // USB key
/* German is the default */

6
src/install+setup/install/mountsource.sh
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -42,7 +42,7 @@ done
# scan all Partitions on block devices
for DEVICE in `find /sys/block/* -maxdepth 0 ! -name fd* ! -name loop* ! -name ram* -exec basename {} \;`
do
for DEVICEP in $(ls /dev/${DEVICE}? | sed "s/\/dev\///" 2> /dev/null);do
for DEVICEP in $(ls /dev/${DEVICE}? 2>/dev/null | sed "s/\/dev\///");do
mount /dev/${DEVICEP} /cdrom 2> /dev/null
if [ -n "$(ls /cdrom/${version}.media 2>/dev/null)" ]; then
echo -n ${DEVICEP} > /tmp/source_device
@@ -58,7 +58,7 @@ done
# scan all Partitions on raid/mmc devices
for DEVICE in `find /sys/block/* -maxdepth 0 ! -name fd* ! -name loop* ! -name ram* -exec basename {} \;`
do
for DEVICEP in $(ls /dev/${DEVICE}p? | sed "s/\/dev\///");do
for DEVICEP in $(ls /dev/${DEVICE}p? 2>/dev/null | sed "s/\/dev\///");do
mount /dev/${DEVICEP} /cdrom 2> /dev/null
if [ -n "$(ls /cdrom/${version}.media 2>/dev/null)" ]; then
echo -n ${DEVICEP} > /tmp/source_device

37
src/paks/stunnel/install.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
# Create Username and group.
getent passwd stunnel >/dev/null || \
useradd -u 51 -g stunnel -d /var/lib/stunnel -s /bin/false \
-c "stunnel Daemon" stunnel
extract_files
ln -svf ../init.d/stunnel /etc/rc.d/rc3.d/S65stunnel
ln -svf ../init.d/stunnel /etc/rc.d/rc0.d/K35stunnel
ln -svf ../init.d/stunnel /etc/rc.d/rc6.d/K35stunnel
restore_backup ${NAME}
start_service --background ${NAME}

28
src/paks/stunnel/uninstall.sh Normal file
View File

@@ -0,0 +1,28 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
stop_service ${NAME}
make_backup ${NAME}
remove_files
rm -rf /etc/rc.d/rc*.d/*stunnel

26
src/paks/stunnel/update.sh Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
./uninstall.sh
./install.sh

55
src/patches/fireinfo-0001-Exclude-some-more-invalid-patterns.patch
View File

@@ -1,55 +0,0 @@
From 220ffe76a48c72171d7724f7f602a2fdd8bbca6a Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 15 Feb 2014 18:37:54 +0100
Subject: [PATCH] Exclude some more invalid patterns.
---
src/fireinfo/system.py | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py
index 40ff7b0..c875f96 100644
--- a/src/fireinfo/system.py
+++ b/src/fireinfo/system.py
@@ -44,12 +44,17 @@ INVALID_ID_STRINGS = (
"Chassis", "chassis",
"Not Applicable",
"None", "empty",
+ "XXXXX",
"01010101-0101-0101-0101-010101010101",
"00020003-0004-0005-0006-000700080009",
"03000200-0400-0500-0006-000700080009",
"0000000", "00000000",
)
+INVALID_ID_STRINGS_EXACT_MATCH = (
+ "NA",
+)
+
class Singleton(type):
def __init__(cls, name, bases, dict):
super(Singleton, cls).__init__(name, bases, dict)
@@ -234,12 +239,18 @@ class System(object):
if id is None:
continue
- for i in INVALID_ID_STRINGS:
- if i in id:
+ for i in INVALID_ID_STRINGS_EXACT_MATCH:
+ if id == i:
id = None
break
if id:
+ for i in INVALID_ID_STRINGS:
+ if i in id:
+ id = None
+ break
+
+ if id:
_ids.append(id)
ids = _ids
--
1.8.3.1

144
src/patches/linux-3.10-layer7-filter.patch
View File

@@ -1514,10 +1514,10 @@ index 0000000..339631f
+}
diff --git a/net/netfilter/xt_layer7.c b/net/netfilter/xt_layer7.c
new file mode 100644
index 0000000..51bb747
index 0000000..1573e9d
--- /dev/null
+++ b/net/netfilter/xt_layer7.c
@@ -0,0 +1,625 @@
@@ -0,0 +1,665 @@
+/*
+ Kernel module to match application layer (OSI layer 7) data in connections.
+
@@ -1726,40 +1726,67 @@ index 0000000..51bb747
+
+static int can_handle(const struct sk_buff *skb)
+{
+ if(!ip_hdr(skb)) /* not IP */
+ struct iphdr iphdr_tmp;
+ struct iphdr *iphdr;
+ int offset;
+
+ if (!ip_hdr(skb))
+ return 0;
+ if(ip_hdr(skb)->protocol != IPPROTO_TCP &&
+ ip_hdr(skb)->protocol != IPPROTO_UDP &&
+ ip_hdr(skb)->protocol != IPPROTO_ICMP)
+
+ offset = ((uintptr_t)ip_hdr(skb)) - ((uintptr_t)skb->data);
+
+ iphdr = skb_header_pointer(skb, offset, sizeof(*iphdr), &iphdr_tmp);
+ if (!iphdr)
+ return 0;
+ return 1;
+
+ if (iphdr->protocol == IPPROTO_TCP ||
+ iphdr->protocol == IPPROTO_UDP ||
+ iphdr->protocol == IPPROTO_ICMP)
+ return 1;
+
+ return 0;
+}
+
+/* Returns offset the into the skb->data that the application data starts */
+static int app_data_offset(const struct sk_buff *skb)
+{
+ /* In case we are ported somewhere (ebtables?) where ip_hdr(skb)
+ isn't set, this can be gotten from 4*(skb->data[0] & 0x0f) as well. */
+ int ip_hl = 4*ip_hdr(skb)->ihl;
+ int offset;
+ struct iphdr iphdr_tmp;
+ struct iphdr *iphdr;
+ struct tcphdr tcphdr_tmp;
+ struct tcphdr *tcphdr;
+
+ if( ip_hdr(skb)->protocol == IPPROTO_TCP ) {
+ /* 12 == offset into TCP header for the header length field.
+ Can't get this with skb->h.th->doff because the tcphdr
+ struct doesn't get set when routing (this is confirmed to be
+ true in Netfilter as well as QoS.) */
+ int tcp_hl = 4*(skb->data[ip_hl + 12] >> 4);
+ if (!ip_hdr(skb))
+ return -1;
+
+ return ip_hl + tcp_hl;
+ } else if( ip_hdr(skb)->protocol == IPPROTO_UDP ) {
+ return ip_hl + 8; /* UDP header is always 8 bytes */
+ } else if( ip_hdr(skb)->protocol == IPPROTO_ICMP ) {
+ return ip_hl + 8; /* ICMP header is 8 bytes */
+ } else {
+ if (net_ratelimit())
+ printk(KERN_ERR "layer7: tried to handle unknown "
+ "protocol!\n");
+ return ip_hl + 8; /* something reasonable */
+ offset = ((uintptr_t)ip_hdr(skb)) - ((uintptr_t)skb->data);
+
+ iphdr = skb_header_pointer(skb, offset, sizeof(*iphdr), &iphdr_tmp);
+ if (!iphdr)
+ return -1;
+
+ offset += iphdr->ihl * 4;
+
+ if (iphdr->protocol == IPPROTO_TCP) {
+ tcphdr = skb_header_pointer(skb, offset, sizeof(*tcphdr),
+ &tcphdr_tmp);
+ if (!tcphdr)
+ return -1;
+
+ offset += tcphdr->doff * 4;
+
+ return offset;
+ }
+
+ if (iphdr->protocol == IPPROTO_UDP)
+ return offset + 8;
+
+ if (iphdr->protocol == IPPROTO_ICMP)
+ return offset + 8;
+
+ if (net_ratelimit())
+ pr_err(KERN_ERR "layer7: tried to handle unknown protocol!\n");
+
+ return offset + 8; /* something reasonable */
+}
+
+/* handles whether there's a match when we aren't appending data anymore */
@@ -1849,13 +1876,39 @@ index 0000000..51bb747
+ return length;
+}
+
+/* add the new app data to the buffer. Return number of bytes added. */
+static int add_data(char *target, int offset, const struct sk_buff *skb)
+{
+ int length, length_sum = 0;
+ int data_start = app_data_offset(skb);
+ int remaining = skb->len - data_start;
+ int to_copy;
+ uint8_t buf[512];
+ uint8_t *data;
+
+ while ((offset < maxdatalen - 1) && (remaining > 0)) {
+ to_copy = min_t(int, remaining, sizeof(buf));
+
+ data = skb_header_pointer(skb, data_start, to_copy, buf);
+ length = add_datastr(target, offset, data, to_copy);
+
+ remaining -= to_copy;
+ data_start += to_copy;
+ offset += length;
+ length_sum += length;
+ }
+
+ return length_sum;
+}
+
+/* add the new app data to the conntrack. Return number of bytes added. */
+static int add_data(struct nf_conn * master_conntrack,
+ char * app_data, int appdatalen)
+static int add_data_conntrack(struct nf_conn *master_conntrack,
+ const struct sk_buff *skb)
+{
+ int length;
+
+ length = add_datastr(master_conntrack->layer7.app_data, master_conntrack->layer7.app_data_len, app_data, appdatalen);
+ length = add_data(master_conntrack->layer7.app_data,
+ master_conntrack->layer7.app_data_len, skb);
+ master_conntrack->layer7.app_data_len += length;
+
+ return length;
@@ -1911,20 +1964,20 @@ index 0000000..51bb747
+static bool match(const struct sk_buff *skbin, struct xt_action_param *par)
+{
+ /* sidestep const without getting a compiler warning... */
+ struct sk_buff * skb = (struct sk_buff *)skbin;
+ struct sk_buff *skb = (struct sk_buff *)skbin;
+
+ const struct xt_layer7_info * info = par->matchinfo;
+
+ enum ip_conntrack_info master_ctinfo, ctinfo;
+ struct nf_conn *master_conntrack, *conntrack;
+ unsigned char *app_data, *tmp_data;
+ unsigned int pattern_result, appdatalen;
+ unsigned char *tmp_data;
+ unsigned int pattern_result;
+ regexp * comppattern;
+
+ /* Be paranoid/incompetent - lock the entire match function. */
+ spin_lock_bh(&l7_lock);
+
+ if(!can_handle(skb)){
+ if (!can_handle(skbin)) {
+ DPRINTK("layer7: This is some protocol I can't handle.\n");
+ spin_unlock_bh(&l7_lock);
+ return info->invert;
@@ -1933,8 +1986,9 @@ index 0000000..51bb747
+ /* Treat parent & all its children together as one connection, except
+ for the purpose of setting conntrack->layer7.app_proto in the actual
+ connection. This makes /proc/net/ip_conntrack more satisfying. */
+ if(!(conntrack = nf_ct_get(skb, &ctinfo)) ||
+ !(master_conntrack=nf_ct_get(skb,&master_ctinfo))){
+ conntrack = nf_ct_get(skbin, &ctinfo);
+ master_conntrack = nf_ct_get(skbin, &master_ctinfo);
+ if (!conntrack || !master_conntrack) {
+ DPRINTK("layer7: couldn't get conntrack.\n");
+ spin_unlock_bh(&l7_lock);
+ return info->invert;
@@ -1962,20 +2016,6 @@ index 0000000..51bb747
+ return (pattern_result ^ info->invert);
+ }
+
+ if(skb_is_nonlinear(skb)){
+ if(skb_linearize(skb) != 0){
+ if (net_ratelimit())
+ printk(KERN_ERR "layer7: failed to linearize "
+ "packet, bailing.\n");
+ spin_unlock_bh(&l7_lock);
+ return info->invert;
+ }
+ }
+
+ /* now that the skb is linearized, it's safe to set these. */
+ app_data = skb->data + app_data_offset(skb);
+ appdatalen = skb_tail_pointer(skb) - app_data;
+
+ /* the return value gets checked later, when we're ready to use it */
+ comppattern = compile_and_cache(info->pattern, info->protocol);
+
@@ -1988,7 +2028,7 @@ index 0000000..51bb747
+ }
+
+ tmp_data[0] = '\0';
+ add_datastr(tmp_data, 0, app_data, appdatalen);
+ add_data(tmp_data, 0, skbin);
+ pattern_result = ((comppattern && regexec(comppattern, tmp_data)) ? 1 : 0);
+
+ kfree(tmp_data);
@@ -2023,7 +2063,7 @@ index 0000000..51bb747
+
+ if(!skb->cb[0]){
+ int newbytes;
+ newbytes = add_data(master_conntrack, app_data, appdatalen);
+ newbytes = add_data_conntrack(master_conntrack, skb);
+
+ if(newbytes == 0) { /* didn't add any data */
+ skb->cb[0] = 1;

11
src/patches/linux-3.10.37-rt2800usb_add_dlink_dwa137_usbid.patch Normal file
View File

@@ -0,0 +1,11 @@
diff -Naur linux-3.10.37.org/drivers/net/wireless/rt2x00/rt2800usb.c linux-3.10.37/drivers/net/wireless/rt2x00/rt2800usb.c
--- linux-3.10.37.org/drivers/net/wireless/rt2x00/rt2800usb.c 2014-04-14 15:42:31.000000000 +0200
+++ linux-3.10.37/drivers/net/wireless/rt2x00/rt2800usb.c 2014-04-25 10:25:12.796630526 +0200
@@ -1175,6 +1175,7 @@
/* Belkin */
{ USB_DEVICE(0x050d, 0x945b) },
/* D-Link */
+ { USB_DEVICE(0x2001, 0x3317) },
{ USB_DEVICE(0x2001, 0x3c17) },
/* Panasonic */
{ USB_DEVICE(0x083a, 0xb511) },

5081
src/patches/linux-3.10.39-add_libertas_uap.patch Normal file
View File

File diff suppressed because it is too large Load Diff

121
src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch Normal file
View File

@@ -0,0 +1,121 @@
From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 11:29:39 +0200
Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by
rpmbuild
---
chat/Makefile.linux | 2 +-
pppd/Makefile.linux | 3 +--
pppd/plugins/Makefile.linux | 2 +-
pppd/plugins/pppoatm/Makefile.linux | 2 +-
pppd/plugins/radius/Makefile.linux | 2 +-
pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
pppdump/Makefile.linux | 2 +-
pppstats/Makefile.linux | 2 +-
8 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/chat/Makefile.linux b/chat/Makefile.linux
index 1065ac5..848cd8d 100644
--- a/chat/Makefile.linux
+++ b/chat/Makefile.linux
@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function
CDEF4= -DFNDELAY=O_NDELAY # Old name value
CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
-COPTS= -O2 -g -pipe
+COPTS= $(RPM_OPT_FLAGS)
CFLAGS= $(COPTS) $(CDEFS)
INSTALL= install
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 5a44d30..63872eb 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -32,8 +32,7 @@ endif
CC = gcc
#
-COPTS = -O2 -pipe -Wall -g
-LIBS =
+COPTS = -Wall $(RPM_OPT_FLAGS)
# Uncomment the next 2 lines to include support for Microsoft's
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index 0a7ec7b..e09a369 100644
--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
@@ -1,5 +1,5 @@
#CC = gcc
-COPTS = -O2 -g
+COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
LDFLAGS = -shared
INSTALL = install
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index 20f62e6..5a81447 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -1,5 +1,5 @@
#CC = gcc
-COPTS = -O2 -g
+COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
LDFLAGS = -shared
INSTALL = install
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 24ed3e5..45b3b8d 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
INSTALL = install
PLUGIN=radius.so radattr.so radrealms.so
-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON
# Uncomment the next line to include support for Microsoft's
# MS-CHAP authentication protocol.
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index 5d7a271..352991a 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -25,7 +25,7 @@ INSTALL = install
# Version is set ONLY IN THE MAKEFILE! Don't delete this!
RP_VERSION=3.8p
-COPTS=-O2 -g
+COPTS=$(RPM_OPT_FLAGS)
CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
all: rp-pppoe.so pppoe-discovery
diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
index ac028f6..d0a5032 100644
--- a/pppdump/Makefile.linux
+++ b/pppdump/Makefile.linux
@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
-CFLAGS= -O -I../include/net
+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
INSTALL= install
diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
index cca6f0f..42aba73 100644
--- a/pppstats/Makefile.linux
+++ b/pppstats/Makefile.linux
@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c
PPPSTATOBJS = pppstats.o
#CC = gcc
-COPTS = -O
+COPTS = $(RPM_OPT_FLAGS)
COMPILE_FLAGS = -I../include
LIBS =
--
1.8.3.1

143
src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch Normal file
View File

@@ -0,0 +1,143 @@
From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 7 Apr 2014 12:23:36 +0200
Subject: [PATCH 12/25] pppd: we don't want to accidentally leak fds
---
pppd/auth.c | 20 ++++++++++----------
pppd/options.c | 2 +-
pppd/sys-linux.c | 4 ++--
3 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/pppd/auth.c b/pppd/auth.c
index 4271af6..9e957fa 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -428,7 +428,7 @@ setupapfile(argv)
option_error("unable to reset uid before opening %s: %m", fname);
return 0;
}
- ufile = fopen(fname, "r");
+ ufile = fopen(fname, "re");
if (seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
if (ufile == NULL) {
@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
filename = _PATH_UPAPFILE;
addrs = opts = NULL;
ret = UPAP_AUTHNAK;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL) {
error("Can't open PAP password file %s: %m", filename);
@@ -1512,7 +1512,7 @@ null_login(unit)
if (ret <= 0) {
filename = _PATH_UPAPFILE;
addrs = NULL;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
check_access(f, filename);
@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd)
}
filename = _PATH_UPAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
check_access(f, filename);
@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp)
}
filename = _PATH_UPAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp)
}
filename = _PATH_CHAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
struct wordlist *addrs;
filename = _PATH_SRPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server)
addrs = NULL;
secbuf[0] = 0;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL) {
error("Can't open chap secret file %s: %m", filename);
return 0;
@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server)
filename = _PATH_SRPFILE;
addrs = NULL;
- fp = fopen(filename, "r");
+ fp = fopen(filename, "re");
if (fp == NULL) {
error("Can't open srp secret file %s: %m", filename);
return 0;
@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags)
*/
if (word[0] == '@' && word[1] == '/') {
strlcpy(atfile, word+1, sizeof(atfile));
- if ((sf = fopen(atfile, "r")) == NULL) {
+ if ((sf = fopen(atfile, "re")) == NULL) {
warn("can't open indirect secret file %s", atfile);
continue;
}
diff --git a/pppd/options.c b/pppd/options.c
index 45fa742..1d754ae 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv)
option_error("unable to drop privileges to open %s: %m", filename);
return 0;
}
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
err = errno;
if (check_prot && seteuid(euid) == -1)
fatal("unable to regain privileges");
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 72a7727..8a12fa0 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail)
/* Default the mount location of /proc */
strlcpy (proc_path, "/proc", sizeof(proc_path));
proc_path_len = 5;
- fp = fopen(MOUNTED, "r");
+ fp = fopen(MOUNTED, "re");
if (fp != NULL) {
while ((mntent = getmntent(fp)) != NULL) {
if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
@@ -1472,7 +1472,7 @@ static int open_route_table (void)
close_route_table();
path = path_to_procfs("/net/route");
- route_fd = fopen (path, "r");
+ route_fd = fopen (path, "re");
if (route_fd == NULL) {
error("can't open routing table %s: %m", path);
return 0;
--
1.8.3.1

241
src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch Normal file
View File

@@ -0,0 +1,241 @@
From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 7 Apr 2014 13:56:34 +0200
Subject: [PATCH 13/25] everywhere: O_CLOEXEC harder
---
pppd/eap.c | 2 +-
pppd/main.c | 4 ++--
pppd/options.c | 4 ++--
pppd/sys-linux.c | 22 +++++++++++-----------
pppd/tdb.c | 4 ++--
pppd/tty.c | 4 ++--
pppd/utils.c | 6 +++---
7 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/pppd/eap.c b/pppd/eap.c
index 6ea6c1f..faced53 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -1226,7 +1226,7 @@ mode_t modebits;
if ((path = name_of_pn_file()) == NULL)
return (-1);
- fd = open(path, modebits, S_IRUSR | S_IWUSR);
+ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
err = errno;
free(path);
errno = err;
diff --git a/pppd/main.c b/pppd/main.c
index 6d50d1b..4880377 100644
--- a/pppd/main.c
+++ b/pppd/main.c
@@ -420,7 +420,7 @@ main(argc, argv)
die(0);
/* Make sure fds 0, 1, 2 are open to somewhere. */
- fd_devnull = open(_PATH_DEVNULL, O_RDWR);
+ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC);
if (fd_devnull < 0)
fatal("Couldn't open %s: %m", _PATH_DEVNULL);
while (fd_devnull <= 2) {
@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
if (log_to_fd >= 0)
errfd = log_to_fd;
else
- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
++conn_running;
pid = safe_fork(in, out, errfd);
diff --git a/pppd/options.c b/pppd/options.c
index 1d754ae..8e62635 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -1544,9 +1544,9 @@ setlogfile(argv)
option_error("unable to drop permissions to open %s: %m", *argv);
return 0;
}
- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
+ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
if (fd < 0 && errno == EEXIST)
- fd = open(*argv, O_WRONLY | O_APPEND);
+ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
err = errno;
if (!privileged_option && seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 8a12fa0..00a2cf5 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd)
goto err;
}
dbglog("using channel %d", chindex);
- fd = open("/dev/ppp", O_RDWR);
+ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (fd < 0) {
error("Couldn't reopen /dev/ppp: %m");
goto err;
@@ -619,7 +619,7 @@ static int make_ppp_unit()
dbglog("in make_ppp_unit, already had /dev/ppp open?");
close(ppp_dev_fd);
}
- ppp_dev_fd = open("/dev/ppp", O_RDWR);
+ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (ppp_dev_fd < 0)
fatal("Couldn't open /dev/ppp: %m");
flags = fcntl(ppp_dev_fd, F_GETFL);
@@ -693,7 +693,7 @@ int bundle_attach(int ifnum)
if (!new_style_driver)
return -1;
- master_fd = open("/dev/ppp", O_RDWR);
+ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (master_fd < 0)
fatal("Couldn't open /dev/ppp: %m");
if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr)
if (tune_kernel) {
forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
if (forw_path != 0) {
- int fd = open(forw_path, O_WRONLY);
+ int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
if (fd >= 0) {
if (write(fd, "1", 1) != 1)
error("Couldn't enable IP forwarding: %m");
@@ -2030,7 +2030,7 @@ int ppp_available(void)
sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
kernel_version = KVERSION(osmaj, osmin, ospatch);
- fd = open("/dev/ppp", O_RDWR);
+ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (fd >= 0) {
new_style_driver = 1;
@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host)
#if __GLIBC__ >= 2
updwtmp(_PATH_WTMP, &ut);
#else
- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
+ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
if (wtmp >= 0) {
flock(wtmp, LOCK_EX);
@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr,
int fd;
path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
+ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
if (write(fd, "1", 1) != 1)
error("Couldn't enable dynamic IP addressing: %m");
close(fd);
@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
/*
* Try the unix98 way first.
*/
- mfd = open("/dev/ptmx", O_RDWR);
+ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
if (mfd >= 0) {
int ptn;
if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
warn("Couldn't unlock pty slave %s: %m", pty_name);
#endif
- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
warn("Couldn't open pty slave %s: %m", pty_name);
}
}
@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
for (i = 0; i < 64; ++i) {
slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
'p' + i / 16, i % 16);
- mfd = open(pty_name, O_RDWR, 0);
+ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
if (mfd >= 0) {
pty_name[5] = 't';
- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
+ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
if (sfd >= 0) {
fchown(sfd, uid, -1);
fchmod(sfd, S_IRUSR | S_IWUSR);
diff --git a/pppd/tdb.c b/pppd/tdb.c
index bdc5828..c7ab71c 100644
--- a/pppd/tdb.c
+++ b/pppd/tdb.c
@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
goto internal;
}
- if ((tdb->fd = open(name, open_flags, mode)) == -1) {
+ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
name, strerror(errno)));
goto fail; /* errno set by open(2) */
@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb)
}
if (close(tdb->fd) != 0)
TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
+ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
if (tdb->fd == -1) {
TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
goto fail;
diff --git a/pppd/tty.c b/pppd/tty.c
index d571b11..bc96695 100644
--- a/pppd/tty.c
+++ b/pppd/tty.c
@@ -569,7 +569,7 @@ int connect_tty()
status = EXIT_OPEN_FAILED;
goto errret;
}
- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
+ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
err = errno;
if (prio < OPRIO_ROOT && seteuid(0) == -1)
fatal("Unable to regain privileges");
@@ -723,7 +723,7 @@ int connect_tty()
if (connector == NULL && modem && devnam[0] != 0) {
int i;
for (;;) {
- if ((i = open(devnam, O_RDWR)) >= 0)
+ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
break;
if (errno != EINTR) {
error("Failed to reopen %s: %m", devnam);
diff --git a/pppd/utils.c b/pppd/utils.c
index 29bf970..6051b9a 100644
--- a/pppd/utils.c
+++ b/pppd/utils.c
@@ -918,14 +918,14 @@ lock(dev)
slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
#endif
- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
+ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
if (errno != EEXIST) {
error("Can't create lock file %s: %m", lock_file);
break;
}
/* Read the lock file to find out who has the device locked. */
- fd = open(lock_file, O_RDONLY, 0);
+ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
if (fd < 0) {
if (errno == ENOENT) /* This is just a timing problem. */
continue;
@@ -1004,7 +1004,7 @@ relock(pid)
if (lock_file[0] == 0)
return -1;
- fd = open(lock_file, O_WRONLY, 0);
+ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
if (fd < 0) {
error("Couldn't reopen lock file %s: %m", lock_file);
lock_file[0] = 0;
--
1.8.3.1

174
src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch Normal file
View File

@@ -0,0 +1,174 @@
From 2a97ab28ee00586e5f06b3ef3a0e43ea0c7c6499 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 7 Apr 2014 14:21:41 +0200
Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket
---
pppd/plugins/pppoatm/pppoatm.c | 2 +-
pppd/plugins/pppol2tp/openl2tp.c | 2 +-
pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
pppd/plugins/rp-pppoe/if.c | 2 +-
pppd/plugins/rp-pppoe/plugin.c | 6 +++---
pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +-
pppd/sys-linux.c | 10 +++++-----
pppd/tty.c | 2 +-
8 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c
index d693350..c31bb34 100644
--- a/pppd/plugins/pppoatm/pppoatm.c
+++ b/pppd/plugins/pppoatm/pppoatm.c
@@ -135,7 +135,7 @@ static int connect_pppoatm(void)
if (!device_got_set)
no_device_given_pppoatm();
- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
+ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (fd < 0)
fatal("failed to create socket: %m");
memset(&qos, 0, sizeof qos);
diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
index 9643b96..1099575 100644
--- a/pppd/plugins/pppol2tp/openl2tp.c
+++ b/pppd/plugins/pppol2tp/openl2tp.c
@@ -83,7 +83,7 @@ static int openl2tp_client_create(void)
int result;
if (openl2tp_fd < 0) {
- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
+ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (openl2tp_fd < 0) {
error("openl2tp connection create: %m");
return -ENOTCONN;
diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
index a7e3400..e64a778 100644
--- a/pppd/plugins/pppol2tp/pppol2tp.c
+++ b/pppd/plugins/pppol2tp/pppol2tp.c
@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu,
struct ifreq ifr;
int fd;
- fd = socket(AF_INET, SOCK_DGRAM, 0);
+ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (fd >= 0) {
memset (&ifr, '\0', sizeof (ifr));
strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
index 91e9a57..72aba41 100644
--- a/pppd/plugins/rp-pppoe/if.c
+++ b/pppd/plugins/rp-pppoe/if.c
@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
stype = SOCK_PACKET;
#endif
- if ((fd = socket(domain, stype, htons(type))) < 0) {
+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
/* Give a more helpful message for the common error case */
if (errno == EPERM) {
fatal("Cannot create raw socket -- pppoe must be run as root.");
diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
index a8c2bb4..24bdf8f 100644
--- a/pppd/plugins/rp-pppoe/plugin.c
+++ b/pppd/plugins/rp-pppoe/plugin.c
@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
/* server equipment). */
/* Opening this socket just before waitForPADS in the discovery() */
/* function would be more appropriate, but it would mess-up the code */
- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
+ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
if (conn->sessionSocket < 0) {
error("Failed to create PPPoE socket: %m");
return -1;
@@ -148,7 +148,7 @@ PPPOEConnectDevice(void)
lcp_wantoptions[0].mru = conn->mru;
/* Update maximum MRU */
- s = socket(AF_INET, SOCK_DGRAM, 0);
+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (s < 0) {
error("Can't get MTU for %s: %m", conn->ifName);
goto errout;
@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit)
}
/* Open a socket */
- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
+ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
r = 0;
}
diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
index 3d3bf4e..c0d927d 100644
--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
stype = SOCK_PACKET;
#endif
- if ((fd = socket(domain, stype, htons(type))) < 0) {
+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
/* Give a more helpful message for the common error case */
if (errno == EPERM) {
rp_fatal("Cannot create raw socket -- pppoe must be run as root.");
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 00a2cf5..0690019 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits)
void sys_init(void)
{
/* Get an internet socket for doing socket ioctls. */
- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sock_fd < 0)
fatal("Couldn't create IP socket: %m(%d)", errno);
#ifdef INET6
- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
+ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sock6_fd < 0)
sock6_fd = -errno; /* save errno for later */
#endif
@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name)
struct ifreq ifreq;
int ret, sock_fd;
- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sock_fd < 0)
return 0;
memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
@@ -2067,7 +2067,7 @@ int ppp_available(void)
/*
* Open a socket for doing the ioctl operations.
*/
- s = socket(AF_INET, SOCK_DGRAM, 0);
+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (s < 0)
return 0;
@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64)
int skfd;
const unsigned char *ptr;
- skfd = socket(PF_INET6, SOCK_DGRAM, 0);
+ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if(skfd == -1)
{
warn("could not open IPv6 socket");
diff --git a/pppd/tty.c b/pppd/tty.c
index bc96695..8e76a5d 100644
--- a/pppd/tty.c
+++ b/pppd/tty.c
@@ -896,7 +896,7 @@ open_socket(dest)
*sep = ':';
/* get a socket and connect it to the other end */
- sock = socket(PF_INET, SOCK_STREAM, 0);
+ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (sock < 0) {
error("Can't create socket: %m");
return -1;
--
1.8.3.1

13
src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
index 9ab2eee..86762bd 100644
--- a/pppd/plugins/rp-pppoe/pppoe.h
+++ b/pppd/plugins/rp-pppoe/pppoe.h
@@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session;
#define STATE_TERMINATED 4
/* How many PADI/PADS attempts? */
-#define MAX_PADI_ATTEMPTS 3
+#define MAX_PADI_ATTEMPTS 12
/* Initial timeout for PADO/PADS */
#define PADI_TIMEOUT 5

5
src/scripts/backupiso
View File

@@ -2,8 +2,8 @@
COREVER=$(cat /opt/pakfire/db/core/mine)
# FIXME: edit this lines before release
URL="http://download.ipfire.org/releases/ipfire-2.x/2.13-core$COREVER/"
ISO="ipfire-2.13.i586-full-core$COREVER.iso"
URL="http://download.ipfire.org/releases/ipfire-2.x/2.15-core$COREVER/"
ISO="ipfire-2.15.i586-full-core$COREVER.iso"
if [ -z $1 ]; then
echo usage: $0 backup-file
@@ -60,6 +60,7 @@ echo "Running mkisofs"
mkisofs -J -r -V "ipfire backup ${TS}" \
-b boot/isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table \
-c boot/isolinux/boot.catalog backupiso.${TS} > $(basename ${ISO} .iso)-${TS}.iso
isohybrid $(basename ${ISO} .iso)-${TS}.iso
echo "Cleaning up"
rm -rf backupiso.${TS}

104
src/scripts/setddns.pl
View File

@@ -51,7 +51,7 @@ if ($ip eq "unavailable") {
exit(0);
}
&General::log("Dynamic DNS public router IP is: $ip");
#&General::log("Dynamic DNS public router IP is: $ip");
if ($ARGV[0] eq '-f') {
unlink ($cachefile); # next regular calls will try again if this force update fails.
@@ -400,6 +400,41 @@ if ($ip ne $ipcache) {
&General::log("Dynamic DNS ip-update for $settings{'HOSTNAME'}.$settings{'DOMAIN'} : failure (could not connect to server)");
}
}
elsif ($settings{'SERVICE'} eq 'spdns.de') {
# use proxy ?
my %proxysettings;
&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
}
if ($settings{'HOSTNAME'} eq '') {
$settings{'HOSTDOMAIN'} = $settings{'DOMAIN'};
} else {
$settings{'HOSTDOMAIN'} = "$settings{'HOSTNAME'}.$settings{'DOMAIN'}";
}
my ($out, $response) = Net::SSLeay::get_https( 'update.spdns.de', 443,
"/nic/update?&hostname=$settings{'HOSTDOMAIN'}&myip=$ip",
Net::SSLeay::make_headers('User-Agent' => 'IPFire' ,
'Authorization' => 'Basic ' . encode_base64("$settings{'LOGIN'}:$settings{'PASSWORD'}"))
);
#Valid responses from service are:
# good xxx.xxx.xxx.xxx
# nochg xxx.xxx.xxx.xxx
if ($response =~ m%HTTP/1\.. 200 OK%) {
if ($out !~ m/good |nochg /ig) {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure ($out)");
} else {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : success");
$success++;
}
} else {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server)");
}
}
elsif ($settings{'SERVICE'} eq 'strato') {
# use proxy ?
my %proxysettings;
@@ -650,6 +685,73 @@ if ($ip ne $ipcache) {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server, check your credentials---$out-$response--)");
}
}
elsif ($settings{'SERVICE'} eq 'twodns.de') {
# use proxy ?
my %proxysettings;
&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
}
if ($settings{'HOSTNAME'} eq '') {
$settings{'HOSTDOMAIN'} = $settings{'DOMAIN'};
} else {
$settings{'HOSTDOMAIN'} = "$settings{'HOSTNAME'}.$settings{'DOMAIN'}";
}
my ($out, $response) = Net::SSLeay::get_https( 'update.twodns.de',
443,
"/update?hostname=$settings{'HOSTDOMAIN'}&ip=$ip",
Net::SSLeay::make_headers('User-Agent' => 'IPFire',
'Authorization' => 'Basic ' . encode_base64("$settings{'LOGIN'}:$settings{'PASSWORD'}")) );
# Valid response are 'ok' 'nochange'
if ($response =~ m%HTTP/1\.. 200 OK%) {
if ( $out !~ m/^(good|nochg)/ ) {
$out =~ s/\n/ /g;
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure ($out)");
} else {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : success");
$success++;
}
} else {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server, check your credentials---$out-$response--)");
}
}
elsif ($settings{'SERVICE'} eq 'variomedia') {
# use proxy ?
my %proxysettings;
&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
}
if ($settings{'HOSTNAME'} eq '') {
$settings{'HOSTDOMAIN'} = $settings{'DOMAIN'};
} else {
$settings{'HOSTDOMAIN'} = "$settings{'HOSTNAME'}.$settings{'DOMAIN'}";
}
my ($out, $response) = Net::SSLeay::get_https( 'dyndns.variomedia.de',
443,
"/nic/update?hostname=$settings{'HOSTDOMAIN'}&myip=$ip",
Net::SSLeay::make_headers('User-Agent' => 'IPFire',
'Authorization' => 'Basic ' . encode_base64("$settings{'LOGIN'}:$settings{'PASSWORD'}")) );
# Valid response is 'good $ip'
if ($response =~ m%HTTP/1\.. 200 OK%) {
if ( $out !~ m/^good $ip/ ) {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} ($ip) : failure ($out)");
} else {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} ($ip) : success");
$success++;
}
} else {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server, check your credentials---$out-$response--)");
}
}
else {
if ($settings{'WILDCARDS'} eq 'on') {
$settings{'WILDCARDS'} = '-w';