Merge remote-tracking branch 'ms/modem-status' into next

Conflicts:
	doc/language_issues.es
	doc/language_issues.fr
	doc/language_issues.nl
	doc/language_issues.pl
	doc/language_issues.ru
	doc/language_issues.tr
	doc/language_missings

config/cfgroot/header.pl

@@ -153,6 +153,10 @@ sub genmenu {
     if (&General::RedIsWireless()) {
         $menu->{'01.system'}{'subMenu'}->{'21.wlan'}{'enabled'} = 1;
     }
+
+    if ($ethsettings{'RED_TYPE'} eq "PPPOE") {
+        $menu->{'02.status'}{'subMenu'}->{'74.modem-status'}{'enabled'} = 1;
+    }
 }
 
 sub showhttpheaders

config/cfgroot/modem-lib.pl

@@ -0,0 +1,276 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2014 IPFire Team  <info@ipfire.org>                           #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use Device::Modem;
+
+package Modem;
+
+sub new() {
+	my $class = shift;
+
+	my $port = shift;
+	my $baud = shift;
+
+	my $self = {};
+	bless $self, $class;
+
+	# Initialize the connetion to the modem.
+	$self->_initialize($port, $baud);
+
+	if ($self->_is_working()) {
+		return $self;
+	}
+
+	return undef;
+}
+
+sub DESTROY() {
+	my $self = shift;
+
+	# Close connection to modem.
+	if ($self->{modem}) {
+		$self->{modem}->close();
+	}
+}
+
+sub _initialize() {
+	my ($self, $port, $baud) = @_;
+
+	# Establish connection to the modem.
+	$self->{modem} = new Device::Modem(port => $port);
+	$self->{modem}->connect(baudrate => $baud);
+}
+
+sub _is_working() {
+	my $self = shift;
+
+	# Check if the modem responds to AT commands.
+	$self->{modem}->atsend("AT\r\n");
+
+	my $response = $self->{modem}->answer();
+	return ($response eq "OK");
+}
+
+sub _command() {
+	my $self = shift;
+	my $cmd  = shift;
+
+	# Terminate the AT command with newline.
+	$cmd .= "\r\n";
+
+	$self->{modem}->atsend($cmd);
+
+	my $response = $self->{modem}->answer();
+	my @response = split(/\n/, $response);
+
+	# Trim leading and trailing spaces.
+	foreach my $line (@response) {
+		$line =~ s/^\s+|\s+$//g;
+		chomp($line);
+	}
+
+	my $last_element = pop(@response);
+	unless ($last_element eq "OK") {
+		push(@response, $last_element);
+	}
+
+	$response = join("\n", @response);
+
+	return $self->_trim($response);
+}
+
+sub _trim() {
+	my $self = shift;
+	my $input = shift;
+
+	my $first_char = substr($input, 0, 1);
+	if ($first_char eq "+") {
+		my @output = split(/:/, $input);
+		if ($#output == 1) {
+			return $output[1];
+		}
+	}
+
+	return $input;
+}
+
+sub get_vendor() {
+	my $self = shift;
+
+	return $self->_command("AT+GMI");
+}
+
+sub get_model() {
+	my $self = shift;
+
+	return $self->_command("AT+GMM");
+}
+
+sub get_software_version() {
+	my $self = shift;
+
+	return $self->_command("AT+GMR");
+}
+
+sub get_imei() {
+	my $self = shift;
+
+	return $self->_command("AT+GSN");
+}
+
+sub get_capabilities() {
+	my $self = shift;
+
+	my $output = $self->_command("AT+GCAP");
+	return split(/,/, $output);
+}
+
+sub is_sim_unlocked() {
+	my $self = shift;
+
+	# TODO
+	return 1;
+}
+
+sub get_sim_imsi() {
+	my $self = shift;
+
+	if ($self->is_sim_unlocked()) {
+		return $self->_command("AT+CIMI");
+	}
+}
+
+sub get_network_registration() {
+	my $self = shift;
+
+	my @elements;
+	foreach my $i ([0, 1]) {
+		my $output = $self->_command("AT+CREG?");
+
+		@elements = split(/,/, $output);
+		if ($#elements != 2) {
+			# Output in wrong format. Resetting.
+			$self->_command("AT+CREG=0");
+		}
+	}
+
+	if ($elements[0] == 0) {
+		if ($elements[1] == 0) {
+			return "NOT REGISTERED, NOT SEARCHING";
+		} elsif ($elements[1] == 1) {
+			return "REGISTERED TO HOME NETWORK";
+		} elsif ($elements[1] == 2) {
+			return "NOT REGISTERED, SEARCHING";
+		} elsif ($elements[1] == 3) {
+			return "REGISTRATION DENIED";
+		} elsif ($elements[1] == 5) {
+			return "REGISTERED, ROAMING";
+		} else {
+			return "UNKNOWN";
+		}
+	}
+}
+
+sub _get_network_operator() {
+	my $self = shift;
+
+	my $output = $self->_command("AT+COPS?");
+	$output =~ s/\"//g;
+
+	my @elements = split(/,/, $output);
+	if ($#elements == 3) {
+		return @elements;
+	}
+}
+
+sub get_network_operator() {
+	my $self = shift;
+
+	my ($mode, $format, $operator, $act) = $self->_get_network_operator();
+
+	return $operator;
+}
+
+sub get_network_mode() {
+	my $self = shift;
+
+	my ($mode, $format, $operator, $act) = $self->_get_network_operator();
+
+	if ($act == 0) {
+		return "GSM";
+	} elsif ($act == 1) {
+		return "Compact GSM";
+	} elsif ($act == 2) {
+		return "UMTS";
+	} elsif ($act == 3) {
+		return "GSM WITH EGPRS";
+	} elsif ($act == 4) {
+		return "UMTS WITH HSDPA";
+	} elsif ($act == 5) {
+		return "UMTS WITH HSUPA";
+	} elsif ($act == 6) {
+		return "UMTS WITH HSDPA+HSUPA";
+	} elsif ($act == 7) {
+		return "LTE";
+	} else {
+		return "UNKNOWN ($act)";
+	}
+}
+
+sub _get_signal_quality() {
+	my $self = shift;
+
+	my $output = $self->_command("AT+CSQ");
+
+	my @elements = split(/,/, $output);
+	if ($#elements == 1) {
+		return @elements;
+	}
+}
+
+sub get_signal_quality() {
+	my $self = shift;
+
+	my ($rssi, $ber) = $self->_get_signal_quality();
+
+	# 99 equals unknown.
+	unless ($rssi == 99) {
+		my $dbm = ($rssi * 2) - 113;
+		return $dbm;
+	}
+
+	return undef;
+}
+
+sub get_bit_error_rate() {
+	my $self = shift;
+
+	my ($rssi, $ber) = $self->_get_signal_quality();
+
+	# 99 indicates unknown.
+	unless ($ber == 99) {
+		return $ber;
+	}
+
+	return undef;
+}
+
+1;

config/firewall/firewall-lib.pl

@@ -520,6 +520,9 @@ sub get_internal_firewall_ip_address
 		return 0;
 	}
 
+	# Convert net mask into correct format for &General::IpInSubnet().
+	$net_mask = &General::iporsubtodec($net_mask);
+
 	my @addresses = &get_internal_firewall_ip_addresses($use_orange);
 	foreach my $zone_address (@addresses) {
 		if (&General::IpInSubnet($zone_address, $net_address, $net_mask)) {

config/firewall/rules.pl

@@ -47,6 +47,7 @@ my @PROTOCOLS_WITH_PORTS = ("tcp", "udp");
 my @VALID_TARGETS = ("ACCEPT", "DROP", "REJECT");
 
 my %fwdfwsettings=();
+my %fwoptions = ();
 my %defaultNetworks=();
 my %configfwdfw=();;
 my %customgrp=();
@@ -63,6 +64,7 @@ my $configgrp		= "${General::swroot}/fwhosts/customgroups";
 my $netsettings		= "${General::swroot}/ethernet/settings";
 
 &General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
+&General::readhash("${General::swroot}/optionsfw/settings", \%fwoptions);
 &General::readhash("$netsettings", \%defaultNetworks);
 &General::readhasharray($configfwdfw, \%configfwdfw);
 &General::readhasharray($configinput, \%configinputfw);
@@ -71,6 +73,14 @@ my $netsettings		= "${General::swroot}/ethernet/settings";
 
 my @log_limit_options = &make_log_limit_options();
 
+my $POLICY_INPUT_ALLOWED   = 0;
+my $POLICY_FORWARD_ALLOWED = ($fwdfwsettings{"POLICY"} eq "MODE2");
+my $POLICY_OUTPUT_ALLOWED  = ($fwdfwsettings{"POLICY1"} eq "MODE2");
+
+my $POLICY_INPUT_ACTION    = $fwoptions{"FWPOLICY2"};
+my $POLICY_FORWARD_ACTION  = $fwoptions{"FWPOLICY"};
+my $POLICY_OUTPUT_ACTION   = $fwoptions{"FWPOLICY1"};
+
 # MAIN
 &main();
 
@@ -131,20 +141,47 @@ sub flush {
 }
 
 sub preparerules {
-	if (! -z  "${General::swroot}/firewall/config"){
-		&buildrules(\%configfwdfw);
-	}
 	if (! -z  "${General::swroot}/firewall/input"){
 		&buildrules(\%configinputfw);
 	}
 	if (! -z  "${General::swroot}/firewall/outgoing"){
 		&buildrules(\%configoutgoingfw);
 	}
+	if (! -z  "${General::swroot}/firewall/config"){
+		&buildrules(\%configfwdfw);
+	}
 }
 
 sub buildrules {
 	my $hash = shift;
 
+	# Search for targets that need to be specially handled when adding
+	# forwarding rules. Additional rules will automatically get inserted
+	# into the INPUT/OUTPUT chains for these targets.
+	my @special_input_targets = ();
+	if (!$POLICY_FORWARD_ALLOWED) {
+		push(@special_input_targets, "ACCEPT");
+	}
+
+	if ($POLICY_INPUT_ACTION eq "DROP") {
+		push(@special_input_targets, "REJECT");
+	} elsif ($POLICY_INPUT_ACTION eq "REJECT") {
+		push(@special_input_targets, "DROP");
+	}
+
+	my @special_output_targets = ();
+	if ($POLICY_OUTPUT_ALLOWED) {
+		push(@special_output_targets, ("DROP", "REJECT"));
+	} else {
+		push(@special_output_targets, "ACCEPT");
+
+		if ($POLICY_OUTPUT_ACTION eq "DROP") {
+			push(@special_output_targets, "REJECT");
+		} elsif ($POLICY_OUTPUT_ACTION eq "REJECT") {
+			push(@special_output_targets, "DROP");
+		}
+	}
+
 	foreach my $key (sort {$a <=> $b} keys %$hash) {
 		# Skip disabled rules.
 		next unless ($$hash{$key}[2] eq 'ON');
@@ -297,11 +334,16 @@ sub buildrules {
 					# Add time constraint options.
 					push(@options, @time_options);
 
-					my $firewall_is_in_source_subnet = 0;
+					my $firewall_is_in_source_subnet = 1;
 					if ($source) {
 						$firewall_is_in_source_subnet = &firewall_is_in_subnet($source);
 					}
 
+					my $firewall_is_in_destination_subnet = 1;
+					if ($destination) {
+						$firewall_is_in_destination_subnet = &firewall_is_in_subnet($destination);
+					}
+
 					# Process NAT rules.
 					if ($NAT) {
 						my $nat_address = &fwlib::get_nat_address($$hash{$key}[29], $source);
@@ -380,14 +422,6 @@ sub buildrules {
 					}
 
 					push(@options, @source_options);
-
-					if ($firewall_is_in_source_subnet && ($fwdfwsettings{"POLICY"} eq "MODE1") && ($chain eq $CHAIN_FORWARD)) {
-						if ($LOG && !$NAT) {
-							run("$IPTABLES -A $CHAIN_INPUT @options @log_limit_options -j LOG --log-prefix '$CHAIN_INPUT '");
-						}
-						run("$IPTABLES -A $CHAIN_INPUT @options -j $target");
-					}
-
 					push(@options, @destination_options);
 
 					# Insert firewall rule.
@@ -395,6 +429,27 @@ sub buildrules {
 						run("$IPTABLES -A $chain @options @log_limit_options -j LOG --log-prefix '$chain '");
 					}
 					run("$IPTABLES -A $chain @options -j $target");
+
+					# Handle forwarding rules and add corresponding rules for firewall access.
+					if ($chain eq $CHAIN_FORWARD) {
+						# If the firewall is part of the destination subnet and access to the destination network
+						# is granted/forbidden for any network that the firewall itself is part of, we grant/forbid access
+						# for the firewall, too.
+						if ($firewall_is_in_destination_subnet && ($target ~~ @special_input_targets)) {
+							if ($LOG && !$NAT) {
+								run("$IPTABLES -A $CHAIN_INPUT @options @log_limit_options -j LOG --log-prefix '$CHAIN_INPUT '");
+							}
+							run("$IPTABLES -A $CHAIN_INPUT @options -j $target");
+						}
+
+						# Likewise.
+						if ($firewall_is_in_source_subnet && ($target ~~ @special_output_targets)) {
+							if ($LOG && !$NAT) {
+								run("$IPTABLES -A $CHAIN_OUTPUT @options @log_limit_options -j LOG --log-prefix '$CHAIN_OUTPUT '");
+							}
+							run("$IPTABLES -A $CHAIN_OUTPUT @options -j $target");
+						}
+					}
 				}
 			}
 		}
@@ -440,29 +495,29 @@ sub time_convert_to_minutes {
 }
 
 sub p2pblock {
-	my $P2PSTRING = "";
-	my $DO;
-	open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
-	@p2ps = <FILE>;
-	close FILE;
-	my $CMD = "-m ipp2p";
-	foreach my $p2pentry (sort @p2ps) {
-		my @p2pline = split( /\;/, $p2pentry );
-		if ( $fwdfwsettings{'POLICY'} eq 'MODE1' ) {
-			$DO = "ACCEPT";
-			if ("$p2pline[2]" eq "on") {
-				$P2PSTRING = "$P2PSTRING --$p2pline[1]";
-			}
-		}else {
-			$DO = "RETURN";
-			if ("$p2pline[2]" eq "off") {
-				$P2PSTRING = "$P2PSTRING --$p2pline[1]";
-			}
-		}
+	my $search_action;
+	my $target;
+
+	if ($fwdfwsettings{"POLICY"} eq "MODE1") {
+		$search_action = "on";
+		$target = "ACCEPT";
+	} else {
+		$search_action = "off";
+		$target = "DROP";
 	}
 
-	if($P2PSTRING) {
-		run("$IPTABLES -A FORWARDFW $CMD $P2PSTRING -j $DO");
+	open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
+	my @protocols = ();
+	foreach my $p2pentry (<FILE>) {
+		my @p2pline = split(/\;/, $p2pentry);
+		next unless ($p2pline[2] eq $search_action);
+
+		push(@protocols, "--$p2pline[1]");
+	}
+	close(FILE);
+
+	if (@protocols) {
+		run("$IPTABLES -A FORWARDFW -m ipp2p @protocols -j $target");
 	}
 }
 
@@ -675,4 +730,3 @@ sub firewall_is_in_subnet {
 
 	return 0;
 }
-

config/menu/20-status.menu

@@ -70,6 +70,11 @@
 				'title' => "$Lang::tr{'qos graphs'}",
 				'enabled' => 1,
 				};
+    $substatus->{'74.modem-status'} = {'caption' => $Lang::tr{'modem status'},
+				  'uri' => '/cgi-bin/modem-status.cgi',
+				  'title' => $Lang::tr{'modem status'},
+				  'enabled' => 0,
+				  };
     $substatus->{'75.atm-status'} = {'caption' => 'Atm-status',
 				  'uri' => '/cgi-bin/atm-status.cgi',
 				  'title' => 'Atm-status',

config/menu/50-firewall.menu

@@ -1,7 +1,7 @@
-    $subfirewall->{'10.forward'} = {
-				'caption' => $Lang::tr{'fwdfw menu'},
+    $subfirewall->{'10.firewall'} = {
+				'caption' => $Lang::tr{'firewall rules'},
 				'uri' => '/cgi-bin/firewall.cgi',
-				'title' => "$Lang::tr{'fwdfw menu'}",
+				'title' => "$Lang::tr{'firewall rules'}",
 				'enabled' => 1,
 				};
 	$subfirewall->{'20.fwhost'} = {

config/rootfiles/common/apache2

@@ -1415,6 +1415,7 @@ srv/web/ipfire/cgi-bin/mac.cgi
 srv/web/ipfire/cgi-bin/media.cgi
 srv/web/ipfire/cgi-bin/memory.cgi
 srv/web/ipfire/cgi-bin/modem.cgi
+srv/web/ipfire/cgi-bin/modem-status.cgi
 srv/web/ipfire/cgi-bin/netexternal.cgi
 srv/web/ipfire/cgi-bin/netinternal.cgi
 srv/web/ipfire/cgi-bin/netother.cgi

config/rootfiles/common/configroot

@@ -116,6 +116,7 @@ var/ipfire/menu.d/70-log.menu
 var/ipfire/modem
 #var/ipfire/modem/defaults
 #var/ipfire/modem/settings
+var/ipfire/modem-lib.pl
 var/ipfire/net-traffic
 #var/ipfire/net-traffic/net-traffic-admin.pl
 #var/ipfire/net-traffic/net-traffic-lib.pl

config/rootfiles/common/perl-Device-Modem

@@ -0,0 +1,18 @@
+#usr/lib/perl5/site_perl/5.12.3/Device
+#usr/lib/perl5/site_perl/5.12.3/Device/Modem
+usr/lib/perl5/site_perl/5.12.3/Device/Modem.pm
+#usr/lib/perl5/site_perl/5.12.3/Device/Modem/FAQ.pod
+#usr/lib/perl5/site_perl/5.12.3/Device/Modem/Log
+usr/lib/perl5/site_perl/5.12.3/Device/Modem/Log/File.pm
+usr/lib/perl5/site_perl/5.12.3/Device/Modem/Log/Syslog.pm
+#usr/lib/perl5/site_perl/5.12.3/Device/Modem/Protocol
+usr/lib/perl5/site_perl/5.12.3/Device/Modem/Protocol/Xmodem.pm
+usr/lib/perl5/site_perl/5.12.3/Device/Modem/UsRobotics.pm
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/Modem
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/Modem/.packlist
+#usr/share/man/man3/Device::Modem.3
+#usr/share/man/man3/Device::Modem::FAQ.3
+#usr/share/man/man3/Device::Modem::Log::File.3
+#usr/share/man/man3/Device::Modem::Log::Syslog.3
+#usr/share/man/man3/Device::Modem::Protocol::Xmodem.3
+#usr/share/man/man3/Device::Modem::UsRobotics.3

config/rootfiles/common/perl-Device-SerialPort

@@ -0,0 +1,10 @@
+#usr/bin/modemtest
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Device
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Device/SerialPort.pm
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/SerialPort
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/SerialPort/.packlist
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/SerialPort/SerialPort.bs
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/SerialPort/SerialPort.so
+#usr/share/man/man1/modemtest.1
+#usr/share/man/man3/Device::SerialPort.3

config/rootfiles/core/77/update.sh

@@ -35,7 +35,7 @@ function add_to_backup ()
 
 #
 # Remove old core updates from pakfire cache to save space...
-core=76
+core=77
 for (( i=1; i<=${core}; i++ ))
 do
 	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire