From: Michael Tremer Date: Wed, 26 Mar 2014 22:42:57 +0000 (+0100) Subject: Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into beyond-next X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=5240f73d9c73c30ea92fab982d31ca986fb86e2e;hp=4c7bfb1f271bdd0de493772a15209e038344e57c Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into beyond-next --- diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index 4942c98c8..487a4dd93 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -92,7 +92,7 @@ sub makegraphbox { print "".$Lang::tr{'month'}.""; print " - "; print "".$Lang::tr{'year'}.""; - print ""; + print "
"; print ""; } diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl index fc8055507..ae2a46228 100755 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -35,6 +35,7 @@ my %ipsecconf=(); my %ipsecsettings=(); my %netsettings=(); my %ovpnsettings=(); +my %aliases=(); require '/var/ipfire/general-functions.pl'; @@ -49,12 +50,12 @@ my $configipsec = "${General::swroot}/vpn/config"; my $configovpn = "${General::swroot}/ovpn/settings"; my $val; my $field; +my $netsettings = "${General::swroot}/ethernet/settings"; &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); &General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings); &General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings); - &General::readhasharray("$confignet", \%customnetwork); &General::readhasharray("$confighost", \%customhost); &General::readhasharray("$configgrp", \%customgrp); @@ -103,8 +104,6 @@ sub get_srvgrp_prot return $back; } - - sub get_srv_port { my $val=shift; @@ -253,5 +252,276 @@ sub get_host_ip } } } +sub get_addresses +{ + my $hash = shift; + my $key = shift; + my $type = shift; + + my @addresses = (); + my $addr_type; + my $value; + my $group_name; + + if ($type eq "src") { + $addr_type = $$hash{$key}[3]; + $value = $$hash{$key}[4]; + + } elsif ($type eq "tgt") { + $addr_type = $$hash{$key}[5]; + $value = $$hash{$key}[6]; + } + + if ($addr_type ~~ ["cust_grp_src", "cust_grp_tgt"]) { + foreach my $grp (sort {$a <=> $b} keys %customgrp) { + if ($customgrp{$grp}[0] eq $value) { + my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type); + + if (@address) { + push(@addresses, @address); + } + } + } + } else { + my @address = &get_address($addr_type, $value, $type); + + if (@address) { + push(@addresses, @address); + } + } + + return @addresses; +} +sub get_address +{ + my $key = shift; + my $value = shift; + my $type = shift; + + my @ret = (); + + # If the user manually typed an address, we just check if it is a MAC + # address. Otherwise, we assume that it is an IP address. + if ($key ~~ ["src_addr", "tgt_addr"]) { + if (&General::validmac($value)) { + push(@ret, "-m mac --mac-source $value"); + } else { + push(@ret, $value); + } + + # If a default network interface (GREEN, BLUE, etc.) is selected, we + # try to get the corresponding address of the network. + } elsif ($key ~~ ["std_net_src", "std_net_tgt", "Standard Network"]) { + my $external_interface = &get_external_interface(); + + my $network_address = &get_std_net_ip($value, $external_interface); + if ($network_address) { + push(@ret, $network_address); + } + + # Custom networks. + } elsif ($key ~~ ["cust_net_src", "cust_net_tgt", "Custom Network"]) { + my $network_address = &get_net_ip($value); + if ($network_address) { + push(@ret, $network_address); + } + + # Custom hosts. + } elsif ($key ~~ ["cust_host_src", "cust_host_tgt", "Custom Host"]) { + my $host_address = &get_host_ip($value, $type); + if ($host_address) { + push(@ret, $host_address); + } + + # OpenVPN networks. + } elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) { + my $network_address = &get_ovpn_net_ip($value, 1); + if ($network_address) { + push(@ret, $network_address); + } + + # OpenVPN hosts. + } elsif ($key ~~ ["ovpn_host_src", "ovpn_host_tgt", "OpenVPN static host"]) { + my $host_address = &get_ovpn_host_ip($value, 33); + if ($host_address) { + push(@ret, $host_address); + } + + # OpenVPN N2N. + } elsif ($key ~~ ["ovpn_n2n_src", "ovpn_n2n_tgt", "OpenVPN N-2-N"]) { + my $network_address = &get_ovpn_n2n_ip($value, 11); + if ($network_address) { + push(@ret, $network_address); + } + + # IPsec networks. + } elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) { + my $network_address = &get_ipsec_net_ip($value, 11); + if ($network_address) { + push(@ret, $network_address); + } + + # The firewall's own IP addresses. + } elsif ($key ~~ ["ipfire", "ipfire_src"]) { + # ALL + if ($value eq "ALL") { + push(@ret, "0/0"); + + # GREEN + } elsif ($value eq "GREEN") { + push(@ret, $netsettings{"GREEN_ADDRESS"}); + + # BLUE + } elsif ($value eq "BLUE") { + push(@ret, $netsettings{"BLUE_ADDRESS"}); + + # ORANGE + } elsif ($value eq "ORANGE") { + push(@ret, $netsettings{"ORANGE_ADDRESS"}); + + # RED + } elsif ($value ~~ ["RED", "RED1"]) { + my $address = &get_external_address(); + if ($address) { + push(@ret, $address); + } + + # Aliases + } else { + my %alias = &get_alias($value); + if (%alias) { + push(@ret, $alias{"IPT"}); + } + } + + # If nothing was selected, we assume "any". + } else { + push(@ret, "0/0"); + } + + return @ret; +} +sub get_external_interface() +{ + open(IFACE, "/var/ipfire/red/iface") or return ""; + my $iface = ; + close(IFACE); + + return $iface; +} +sub get_external_address() +{ + open(ADDR, "/var/ipfire/red/local-ipaddress") or return ""; + my $address = ; + close(ADDR); + + return $address; +} +sub get_alias +{ + my $id = shift; + + foreach my $alias (sort keys %aliases) { + if ($id eq $alias) { + return $aliases{$alias}; + } + } +} +sub get_nat_address +{ + my $zone = shift; + my $source = shift; + + # Any static address of any zone. + if ($zone eq "AUTO") { + if ($source && ($source !~ m/mac/i )) { + my $firewall_ip = &get_internal_firewall_ip_address($source, 1); + if ($firewall_ip) { + return $firewall_ip; + } + + $firewall_ip = &get_matching_firewall_address($source, 1); + if ($firewall_ip) { + return $firewall_ip; + } + } + + return &get_external_address(); + + } elsif ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") { + return $netsettings{$zone . "_ADDRESS"}; + + } elsif ($zone eq "Default IP") { + return &get_external_address(); + + } else { + return &get_alias($zone); + } + + print_error("Could not find NAT address"); +} +sub get_internal_firewall_ip_addresses +{ + my $use_orange = shift; + + my @zones = ("GREEN", "BLUE"); + if ($use_orange) { + push(@zones, "ORANGE"); + } + + my @addresses = (); + for my $zone (@zones) { + next unless (exists $netsettings{$zone . "_ADDRESS"}); + + my $zone_address = $netsettings{$zone . "_ADDRESS"}; + push(@addresses, $zone_address); + } + + return @addresses; +} +sub get_matching_firewall_address +{ + my $addr = shift; + my $use_orange = shift; + + my ($address, $netmask) = split("/", $addr); + + my @zones = ("GREEN", "BLUE"); + if ($use_orange) { + push(@zones, "ORANGE"); + } + + foreach my $zone (@zones) { + next unless (exists $netsettings{$zone . "_ADDRESS"}); + + my $zone_subnet = $netsettings{$zone . "_NETADDRESS"}; + my $zone_mask = $netsettings{$zone . "_NETMASK"}; + + if (&General::IpInSubnet($address, $zone_subnet, $zone_mask)) { + return $netsettings{$zone . "_ADDRESS"}; + } + } + + return 0; +} +sub get_internal_firewall_ip_address +{ + my $subnet = shift; + my $use_orange = shift; + + my ($net_address, $net_mask) = split("/", $subnet); + if ((!$net_mask) || ($net_mask ~~ ["32", "255.255.255.255"])) { + return 0; + } + + my @addresses = &get_internal_firewall_ip_addresses($use_orange); + foreach my $zone_address (@addresses) { + if (&General::IpInSubnet($zone_address, $net_address, $net_mask)) { + return $zone_address; + } + } + + return 0; +} return 1; diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 50fff3f09..f25983ce5 100755 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -170,10 +170,13 @@ sub buildrules { } # Collect all sources. - my @sources = &get_addresses($hash, $key, "src"); + my @sources = &fwlib::get_addresses($hash, $key, "src"); # Collect all destinations. - my @destinations = &get_addresses($hash, $key, "tgt"); + my @destinations = &fwlib::get_addresses($hash, $key, "tgt"); + + # True if the destination is the firewall itself. + my $destination_is_firewall = ($$hash{$key}[5] eq "ipfire"); # Check if logging should be enabled. my $LOG = ($$hash{$key}[17] eq 'ON'); @@ -246,7 +249,7 @@ sub buildrules { } # Prepare protocol options (like ICMP types, ports, etc...). - my @protocol_options = &get_protocol_options($hash, $key, $protocol); + my @protocol_options = &get_protocol_options($hash, $key, $protocol, 0); # Check if this protocol knows ports. my $protocol_has_ports = ($protocol ~~ @PROTOCOLS_WITH_PORTS); @@ -271,7 +274,6 @@ sub buildrules { # Append protocol. if ($protocol ne "all") { - push(@options, ("-p", $protocol)); push(@options, @protocol_options); } @@ -299,7 +301,7 @@ sub buildrules { # Process NAT rules. if ($NAT) { - my $nat_address = &get_nat_address($$hash{$key}[29], $source); + my $nat_address = &fwlib::get_nat_address($$hash{$key}[29], $source); # Skip NAT rules if the NAT address is unknown # (i.e. no internet connection has been established, yet). @@ -308,30 +310,57 @@ sub buildrules { # Destination NAT if ($NAT_MODE eq "DNAT") { # Make port-forwardings useable from the internal networks. - my @internal_addresses = &get_internal_firewall_ip_addresses(1); + my @internal_addresses = &fwlib::get_internal_firewall_ip_addresses(1); unless ($nat_address ~~ @internal_addresses) { &add_dnat_mangle_rules($nat_address, @options); } - my @nat_options = @options; + my @nat_options = (); + if ($protocol ne "all") { + my @nat_protocol_options = &get_protocol_options($hash, $key, $protocol, 1); + push(@nat_options, @nat_protocol_options); + } push(@nat_options, @source_options); push(@nat_options, ("-d", $nat_address)); + push(@nat_options, @time_options); - my ($dnat_address, $dnat_mask) = split("/", $destination); - @destination_options = ("-d", $dnat_address); - + my $dnat_port; if ($protocol_has_ports) { - my $dnat_port = &get_dnat_target_port($hash, $key); + $dnat_port = &get_dnat_target_port($hash, $key); + } + + my @nat_action_options = (); - if ($dnat_port) { - $dnat_address .= ":$dnat_port"; + # Use iptables REDIRECT + my $use_redirect = ($destination_is_firewall && !$destination && $protocol_has_ports && $dnat_port); + if ($use_redirect) { + push(@nat_action_options, ("-j", "REDIRECT", "--to-ports", $dnat_port)); + + # Use iptables DNAT + } else { + if ($destination_is_firewall && !$destination) { + $destination = &fwlib::get_external_address(); } + next unless ($destination); + + my ($dnat_address, $dnat_mask) = split("/", $destination); + @destination_options = ("-d", $dnat_address); + + if ($protocol_has_ports) { + my $dnat_port = &get_dnat_target_port($hash, $key); + + if ($dnat_port) { + $dnat_address .= ":$dnat_port"; + } + } + + push(@nat_action_options, ("-j", "DNAT", "--to-destination", $dnat_address)); } if ($LOG) { run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options @log_limit_options -j LOG --log-prefix 'DNAT '"); } - run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options -j DNAT --to-destination $dnat_address"); + run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options @nat_action_options"); # Source NAT } elsif ($NAT_MODE eq "SNAT") { @@ -369,65 +398,6 @@ sub buildrules { } } -sub get_external_interface() { - open(IFACE, "/var/ipfire/red/iface") or return ""; - my $iface = ; - close(IFACE); - - return $iface; -} - -sub get_external_address() { - open(ADDR, "/var/ipfire/red/local-ipaddress") or return ""; - my $address = ; - close(ADDR); - - return $address; -} - -sub get_alias { - my $id = shift; - - foreach my $alias (sort keys %aliases) { - if ($id eq $alias) { - return $aliases{$alias}; - } - } -} - -sub get_nat_address { - my $zone = shift; - my $source = shift; - - # Any static address of any zone. - if ($zone eq "AUTO") { - if ($source) { - my $firewall_ip = &get_internal_firewall_ip_address($source, 1); - if ($firewall_ip) { - return $firewall_ip; - } - - $firewall_ip = &get_matching_firewall_address($source, 1); - if ($firewall_ip) { - return $firewall_ip; - } - } - - return &get_external_address(); - - } elsif ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") { - return $defaultNetworks{$zone . "_ADDRESS"}; - - } elsif ($zone eq "Default IP") { - return &get_external_address(); - - } else { - return &get_alias($zone); - } - - print_error("Could not find NAT address"); -} - # Formats the given timestamp into the iptables format which is "hh:mm" UTC. sub format_time { my $val = shift; @@ -493,155 +463,6 @@ sub p2pblock { } } -sub get_addresses { - my $hash = shift; - my $key = shift; - my $type = shift; - - my @addresses = (); - my $addr_type; - my $value; - my $group_name; - - if ($type eq "src") { - $addr_type = $$hash{$key}[3]; - $value = $$hash{$key}[4]; - - } elsif ($type eq "tgt") { - $addr_type = $$hash{$key}[5]; - $value = $$hash{$key}[6]; - } - - if ($addr_type ~~ ["cust_grp_src", "cust_grp_tgt"]) { - foreach my $grp (sort {$a <=> $b} keys %customgrp) { - if ($customgrp{$grp}[0] eq $value) { - my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type); - - if (@address) { - push(@addresses, @address); - } - } - } - } else { - my @address = &get_address($addr_type, $value, $type); - - if (@address) { - push(@addresses, @address); - } - } - - return @addresses; -} - -sub get_address { - my $key = shift; - my $value = shift; - my $type = shift; - - my @ret = (); - - # If the user manually typed an address, we just check if it is a MAC - # address. Otherwise, we assume that it is an IP address. - if ($key ~~ ["src_addr", "tgt_addr"]) { - if (&General::validmac($value)) { - push(@ret, "-m mac --mac-source $value"); - } else { - push(@ret, $value); - } - - # If a default network interface (GREEN, BLUE, etc.) is selected, we - # try to get the corresponding address of the network. - } elsif ($key ~~ ["std_net_src", "std_net_tgt", "Standard Network"]) { - my $external_interface = &get_external_interface(); - - my $network_address = &fwlib::get_std_net_ip($value, $external_interface); - if ($network_address) { - push(@ret, $network_address); - } - - # Custom networks. - } elsif ($key ~~ ["cust_net_src", "cust_net_tgt", "Custom Network"]) { - my $network_address = &fwlib::get_net_ip($value); - if ($network_address) { - push(@ret, $network_address); - } - - # Custom hosts. - } elsif ($key ~~ ["cust_host_src", "cust_host_tgt", "Custom Host"]) { - my $host_address = &fwlib::get_host_ip($value, $type); - if ($host_address) { - push(@ret, $host_address); - } - - # OpenVPN networks. - } elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) { - my $network_address = &fwlib::get_ovpn_net_ip($value, 1); - if ($network_address) { - push(@ret, $network_address); - } - - # OpenVPN hosts. - } elsif ($key ~~ ["ovpn_host_src", "ovpn_host_tgt", "OpenVPN static host"]) { - my $host_address = &fwlib::get_ovpn_host_ip($value, 33); - if ($host_address) { - push(@ret, $host_address); - } - - # OpenVPN N2N. - } elsif ($key ~~ ["ovpn_n2n_src", "ovpn_n2n_tgt", "OpenVPN N-2-N"]) { - my $network_address = &fwlib::get_ovpn_n2n_ip($value, 11); - if ($network_address) { - push(@ret, $network_address); - } - - # IPsec networks. - } elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) { - my $network_address = &fwlib::get_ipsec_net_ip($value, 11); - if ($network_address) { - push(@ret, $network_address); - } - - # The firewall's own IP addresses. - } elsif ($key ~~ ["ipfire", "ipfire_src"]) { - # ALL - if ($value eq "ALL") { - push(@ret, "0/0"); - - # GREEN - } elsif ($value eq "GREEN") { - push(@ret, $defaultNetworks{"GREEN_ADDRESS"}); - - # BLUE - } elsif ($value eq "BLUE") { - push(@ret, $defaultNetworks{"BLUE_ADDRESS"}); - - # ORANGE - } elsif ($value eq "ORANGE") { - push(@ret, $defaultNetworks{"ORANGE_ADDRESS"}); - - # RED - } elsif ($value ~~ ["RED", "RED1"]) { - my $address = &get_external_address(); - if ($address) { - push(@ret, $address); - } - - # Aliases - } else { - my %alias = &get_alias($value); - if (%alias) { - push(@ret, $alias{"IPT"}); - } - } - - # If nothing was selected, we assume "any". - } else { - push(@ret, "0/0"); - } - - return @ret; -} - sub get_protocols { my $hash = shift; my $key = shift; @@ -701,8 +522,16 @@ sub get_protocol_options { my $hash = shift; my $key = shift; my $protocol = shift; + my $nat_options_wanted = shift; my @options = (); + # Nothing to do if no protocol is specified. + if ($protocol eq "all") { + return @options; + } else { + push(@options, ("-p", $protocol)); + } + # Process source ports. my $use_src_ports = ($$hash{$key}[7] eq "ON"); my $src_ports = $$hash{$key}[10]; @@ -720,7 +549,7 @@ sub get_protocol_options { my $dst_ports = $$hash{$key}[15]; if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) { - if ($use_dnat && $$hash{$key}[30]) { + if ($nat_options_wanted && $use_dnat && $$hash{$key}[30]) { $dst_ports = $$hash{$key}[30]; } push(@options, &format_ports($dst_ports, "dst")); @@ -828,50 +657,12 @@ sub make_log_limit_options { return @options; } -sub get_internal_firewall_ip_addresses { - my $use_orange = shift; - - my @zones = ("GREEN", "BLUE"); - if ($use_orange) { - push(@zones, "ORANGE"); - } - - my @addresses = (); - for my $zone (@zones) { - next unless (exists $defaultNetworks{$zone . "_ADDRESS"}); - - my $zone_address = $defaultNetworks{$zone . "_ADDRESS"}; - push(@addresses, $zone_address); - } - - return @addresses; -} - -sub get_internal_firewall_ip_address { - my $subnet = shift; - my $use_orange = shift; - - my ($net_address, $net_mask) = split("/", $subnet); - if ((!$net_mask) || ($net_mask ~~ ["32", "255.255.255.255"])) { - return 0; - } - - my @addresses = &get_internal_firewall_ip_addresses($use_orange); - foreach my $zone_address (@addresses) { - if (&General::IpInSubnet($zone_address, $net_address, $net_mask)) { - return $zone_address; - } - } - - return 0; -} - sub firewall_is_in_subnet { my $subnet = shift; # ORANGE is missing here, because nothing may ever access # the firewall from this network. - my $address = &get_internal_firewall_ip_address($subnet, 0); + my $address = &fwlib::get_internal_firewall_ip_address($subnet, 0); if ($address) { return 1; @@ -880,27 +671,3 @@ sub firewall_is_in_subnet { return 0; } -sub get_matching_firewall_address { - my $addr = shift; - my $use_orange = shift; - - my ($address, $netmask) = split("/", $addr); - - my @zones = ("GREEN", "BLUE"); - if ($use_orange) { - push(@zones, "ORANGE"); - } - - foreach my $zone (@zones) { - next unless (exists $defaultNetworks{$zone . "_ADDRESS"}); - - my $zone_subnet = $defaultNetworks{$zone . "_NETADDRESS"}; - my $zone_mask = $defaultNetworks{$zone . "_NETMASK"}; - - if (&General::IpInSubnet($address, $zone_subnet, $zone_mask)) { - return $defaultNetworks{$zone . "_ADDRESS"}; - } - } - - return 0; -} diff --git a/html/cgi-bin/entropy.cgi b/html/cgi-bin/entropy.cgi old mode 100755 new mode 100644 diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index 436bdafd0..164e7cbac 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -584,8 +584,10 @@ sub checktarget } } }else{ - $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; - return $errormessage; + if ($fwdfwsettings{'grp2'} ne 'ipfire'){ + $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; + return $errormessage; + } } } if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){ @@ -989,6 +991,12 @@ sub deleterule &base; } } +sub del_double +{ + my %all=(); + @all{@_}=1; + return (keys %all); +} sub disable_rule { my $key1=shift; @@ -2551,9 +2559,21 @@ END END #Is this a DNAT rule? + my $natstring; if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){ if ($$hash{$key}[29] eq 'Default IP'){$$hash{$key}[29]=$Lang::tr{'red1'};} - print "Firewall ($$hash{$key}[29])"; + if ($$hash{$key}[29] eq 'AUTO'){ + my @src_addresses=&fwlib::get_addresses(\%$hash,$key,'src'); + my @nat_ifaces; + foreach my $val (@src_addresses){ + push (@nat_ifaces,&fwlib::get_nat_address($$hash{$key}[29],$val)); + } + @nat_ifaces=&del_double(@nat_ifaces); + $natstring = join(', ', @nat_ifaces); + }else{ + $natstring = $$hash{$key}[29]; + } + print "$Lang::tr{'firewall'} ($natstring)"; if($$hash{$key}[30] ne ''){ $$hash{$key}[30]=~ tr/|/,/; print": $$hash{$key}[30]"; diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi index 5b2490da0..50806ac78 100644 --- a/html/cgi-bin/wlanap.cgi +++ b/html/cgi-bin/wlanap.cgi @@ -265,7 +265,7 @@ if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){ my $wiphy = `iw dev $wlanapsettings{'INTERFACE'} info | grep wiphy | cut -d" " -f2`; chomp $wiphy; -@channellist_cmd = `iw phy phy$wiphy info | grep " MHz \\\[" | grep -v "(disabled)" | grep -v "no IBSS)" 2>/dev/null`; +@channellist_cmd = `iw phy phy$wiphy info | grep " MHz \\\[" | grep -v "(disabled)" | grep -v "no IBSS" | grep -v "passive scanning" 2>/dev/null`; # get available channels my @temp; @@ -512,7 +512,7 @@ if ( $wlanapsettings{'DRIVER'} eq 'MADWIFI' ){ @status = `wlanconfig $wlanapsettings{'INTERFACE'} list`; } if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){ - @status = `iw dev $wlanapsettings{'INTERFACE'} info && iw dev $wlanapsettings{'INTERFACE'} station dump`; + @status = `iw dev $wlanapsettings{'INTERFACE'} info && iw dev $wlanapsettings{'INTERFACE'} station dump && echo ""`; } print < diff --git a/lfs/hostapd b/lfs/hostapd index 36343de37..5560a4277 100644 --- a/lfs/hostapd +++ b/lfs/hostapd @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = hostapd -PAK_VER = 28 +PAK_VER = 29 DEPS = "" diff --git a/lfs/linux b/lfs/linux index 687de3634..1f91c0b72 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,10 +24,10 @@ include Config -VER = 3.10.33 +VER = 3.10.34 RPI_PATCHES = linux-3.10.27-grsec-943b563 -GRS_PATCHES = grsecurity-2.9.1-3.10.33-ipfire1.patch.xz +GRS_PATCHES = grsecurity-2.9.1-3.10.34-ipfire1.patch.xz THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -36,7 +36,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) CFLAGS = CXXFLAGS = -PAK_VER = 38 +PAK_VER = 39 DEPS = "" VERSUFIX=ipfire$(KCFG) @@ -74,9 +74,9 @@ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz $(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES) -$(DL_FILE)_MD5 = 01865f9c129f3c7eee51e25b3781a364 +$(DL_FILE)_MD5 = 30991b495a3d75196d5608072d2e62e6 rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 8cf81f48408306d93ccee59b58af2e92 -$(GRS_PATCHES)_MD5 = c99be0018e8bc55fb2e2b8f0ea9783d5 +$(GRS_PATCHES)_MD5 = b490f7f3bf48387ab2eb60212fcf0c11 install : $(TARGET) @@ -136,6 +136,7 @@ endif # Wlan Patches cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/compat-drivers-3.8.3-ath_ignore_eeprom_regdomain.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.34-iwlwifi-noibss_only_on_radar_chan.patch # mISDN Patches cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/mISDN_hfc-s_add_id.patch diff --git a/src/initscripts/init.d/hostapd b/src/initscripts/init.d/hostapd index c0b11e6af..8f59a7f16 100644 --- a/src/initscripts/init.d/hostapd +++ b/src/initscripts/init.d/hostapd @@ -75,7 +75,10 @@ case "${1}" in fi fi - # First reset to World (00) and then set new country + # First set to any country then reset to World (00) + # and then set new country because the card is only + # reprogrammed if the region was changed. + /usr/sbin/iw reg set DE /usr/sbin/iw reg set 00 /usr/sbin/iw reg set $COUNTRY diff --git a/src/patches/linux-3.10.34-iwlwifi-noibss_only_on_radar_chan.patch b/src/patches/linux-3.10.34-iwlwifi-noibss_only_on_radar_chan.patch new file mode 100644 index 000000000..cc76fe6ea --- /dev/null +++ b/src/patches/linux-3.10.34-iwlwifi-noibss_only_on_radar_chan.patch @@ -0,0 +1,23 @@ +diff -Naur linux-3.10.34.org/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c linux-3.10.34/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c +--- linux-3.10.34.org/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c 2014-03-24 05:42:03.000000000 +0100 ++++ linux-3.10.34/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c 2014-03-25 09:08:28.548634788 +0100 +@@ -613,14 +613,16 @@ + /* set no-HT40, will enable as appropriate later */ + channel->flags = IEEE80211_CHAN_NO_HT40; + ++ ++ if (eeprom_ch->flags & EEPROM_CHANNEL_RADAR) { ++ channel->flags |= IEEE80211_CHAN_RADAR; ++ + if (!(eeprom_ch->flags & EEPROM_CHANNEL_IBSS)) + channel->flags |= IEEE80211_CHAN_NO_IBSS; + + if (!(eeprom_ch->flags & EEPROM_CHANNEL_ACTIVE)) + channel->flags |= IEEE80211_CHAN_PASSIVE_SCAN; +- +- if (eeprom_ch->flags & EEPROM_CHANNEL_RADAR) +- channel->flags |= IEEE80211_CHAN_RADAR; ++} + + /* Initialize regulatory-based run-time data */ + channel->max_power =