From 75bad86cab70f4b73dc925c7cc884e75a3b01aaf Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Fri, 20 Feb 2009 01:48:11 +0000 Subject: [PATCH] Merge r4249-r4256 --- .../luasrc/controller/splash/splash.lua | 6 +-- .../luci-splash/luasrc/view/splash/splash.htm | 4 +- .../luasrc/view/splash_splash/splash.htm | 8 ++-- .../luci-splash/root/etc/init.d/luci_splash | 48 ++++++++++++++----- .../luci-splash/root/usr/bin/luci-splashd | 25 +++++----- modules/freifunk/root/etc/firewall.freifunk | 6 +++ 6 files changed, 65 insertions(+), 32 deletions(-) diff --git a/applications/luci-splash/luasrc/controller/splash/splash.lua b/applications/luci-splash/luasrc/controller/splash/splash.lua index b046ff409..5731efc8c 100644 --- a/applications/luci-splash/luasrc/controller/splash/splash.lua +++ b/applications/luci-splash/luasrc/controller/splash/splash.lua @@ -4,8 +4,8 @@ function index() entry({"admin", "services", "splash"}, cbi("splash/splash"), "Client-Splash") node("splash").target = call("action_dispatch") - node("splash", "splash", "activate").target = call("action_activate") - node("splash", "splash", "splash").target = template("splash_splash/splash") + node("splash", "activate").target = call("action_activate") + node("splash", "splash").target = template("splash_splash/splash") end function action_dispatch() @@ -14,7 +14,7 @@ function action_dispatch() if #mac > 0 and ( status == "whitelisted" or status == "lease" ) then luci.http.redirect(luci.dispatcher.build_url()) else - luci.http.redirect(luci.dispatcher.build_url("splash", "splash", "splash")) + luci.http.redirect(luci.dispatcher.build_url("splash", "splash")) end end diff --git a/applications/luci-splash/luasrc/view/splash/splash.htm b/applications/luci-splash/luasrc/view/splash/splash.htm index 659d4f071..3fcf02bac 100644 --- a/applications/luci-splash/luasrc/view/splash/splash.htm +++ b/applications/luci-splash/luasrc/view/splash/splash.htm @@ -42,6 +42,6 @@ Wenn Du unsere Idee gut findest, kannst Du uns unterstützen:

-Mit einem Klick auf <%:accept%> kannst du für <%=c.leasetime%> Stunden +Mit einem Klick auf <%:accept Accept%> kannst du für <%=c.leasetime%> Stunden über unser Netz das Internet verwenden. Dann wirst du erneut aufgefordet, diese Bedingungen zu akzeptieren. -

\ No newline at end of file +

diff --git a/applications/luci-splash/luasrc/view/splash_splash/splash.htm b/applications/luci-splash/luasrc/view/splash_splash/splash.htm index 39640eb6c..413efbe2e 100644 --- a/applications/luci-splash/luasrc/view/splash_splash/splash.htm +++ b/applications/luci-splash/luasrc/view/splash_splash/splash.htm @@ -14,8 +14,8 @@ $Id$ -%> <%+header%> <%+splash/splash%> -
- - + + +
-<%+footer%> \ No newline at end of file +<%+footer%> diff --git a/applications/luci-splash/root/etc/init.d/luci_splash b/applications/luci-splash/root/etc/init.d/luci_splash index 85ea8ecaa..fe451d08d 100755 --- a/applications/luci-splash/root/etc/init.d/luci_splash +++ b/applications/luci-splash/root/etc/init.d/luci_splash @@ -1,5 +1,6 @@ #!/bin/sh /etc/rc.common START=70 +EXTRA_COMMANDS=clear_leases iface_add() { local cfg="$1" @@ -17,24 +18,25 @@ iface_add() { [ -n "$netmask" ] || return 0 eval "$(ipcalc.sh $ipaddr $netmask)" - - iptables -t nat -A zone_${zone}_prerouting -s "$NETWORK/$PREFIX" -p ! tcp -j luci_splash_portal - iptables -t nat -A zone_${zone}_prerouting -s "$NETWORK/$PREFIX" -d ! "$ipaddr" -j luci_splash_portal - iptables -t nat -A zone_${zone}_prerouting -s "$NETWORK/$PREFIX" -d "$ipaddr" -p tcp -m multiport ! --dport 22,80,443 -j luci_splash_portal + + iptables -t nat -A prerouting_${zone} -j luci_splash_prerouting + iptables -t nat -A luci_splash_prerouting -s "$NETWORK/$PREFIX" -p ! tcp -j luci_splash_portal + iptables -t nat -A luci_splash_prerouting -s "$NETWORK/$PREFIX" -d ! "$ipaddr" -j luci_splash_portal + iptables -t nat -A luci_splash_prerouting -s "$NETWORK/$PREFIX" -d "$ipaddr" -p tcp -m multiport ! --dport 22,80,443 -j luci_splash_portal } blacklist_add() { local cfg="$1" config_get mac "$cfg" mac - [ -n "$mac" ] && iptables -t nat -A luci_splash_portal -m mac --mac-source "$mac" -j DROP + [ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP } whitelist_add() { local cfg="$1" config_get mac "$cfg" mac - [ -n "$mac" ] && iptables -t nat -A luci_splash_portal -m mac --mac-source "$mac" -j RETURN + [ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j RETURN } start() { @@ -44,16 +46,19 @@ start() { config_load luci_splash ### Create subchains - iptables -t nat -N luci_splash iptables -t nat -N luci_splash_portal iptables -t nat -N luci_splash_leases + iptables -t nat -N luci_splash_prerouting ### Build the main and portal rule config_foreach blacklist_add blacklist config_foreach whitelist_add whitelist + config_foreach whitelist_add lease config_foreach iface_add iface ### Build the portal rule + iptables -t nat -A luci_splash_portal -p udp --dport 33434:33523 -j RETURN + iptables -t nat -A luci_splash_portal -p icmp -j RETURN iptables -t nat -A luci_splash_portal -p udp --dport 53 -j RETURN iptables -t nat -A luci_splash_portal -j luci_splash_leases @@ -67,21 +72,40 @@ start() { } ### Start the splash httpd - start-stop-daemon -S -b -q -x /usr/bin/luci-splashd + start-stop-daemon -S -m -p /var/run/luci-splashd.pid -b -q -x /usr/bin/luci-splashd +} + +iface_del() { + config_get zone "$1" zone + [ -n "$zone" ] || return 0 + while iptables -t nat -D prerouting_${zone} -j luci_splash_prerouting 2>&-; do :; done } -stop() { +stop() { + ### Clear interface rules + config_load luci_splash + config_foreach iface_del iface + ### Clear subchains iptables -t nat -F luci_splash_leases iptables -t nat -F luci_splash_portal - iptables -t nat -F luci_splash + iptables -t nat -F luci_splash_prerouting ### Delete subchains iptables -t nat -X luci_splash_leases iptables -t nat -X luci_splash_portal - iptables -t nat -X luci_splash + iptables -t nat -X luci_splash_prerouting ### Stop the splash httpd - start-stop-daemon -K -q -x /usr/bin/luci-splashd + start-stop-daemon -K -p /var/run/luci-splashd.pid -s KILL -q + + sed -ie '/\/usr\/sbin\/luci-splash sync/d' /var/spool/cron/crontabs/root +} + + +clear_leases() { + stop + while uci -P /var/state del luci_splash.@lease[0] 2>&-;do :; done + start } diff --git a/applications/luci-splash/root/usr/bin/luci-splashd b/applications/luci-splash/root/usr/bin/luci-splashd index 267fbdf0a..b6b877ad0 100755 --- a/applications/luci-splash/root/usr/bin/luci-splashd +++ b/applications/luci-splash/root/usr/bin/luci-splashd @@ -16,17 +16,20 @@ while true do if client then client:settimeout(1) local srv - local ip = luci.ip.IPv4(client:getpeername()) - uci:foreach("network", "interface", - function (section) - if section.ipaddr then - local net = luci.ip.IPv4(section.ipaddr, section.netmask) - if ip and net and net:contains(ip) then - srv = section.ipaddr - return - end - end - end) + local ip = luci.ip.IPv4((client:getpeername())) + + local function find_srv(section) + if section.ipaddr then + local net = luci.ip.IPv4(section.ipaddr, section.netmask) + if ip and net and net:contains(ip) then + srv = section.ipaddr + return + end + end + end + + uci:foreach("network", "interface", find_srv) + uci:foreach("network", "alias", find_srv) client:receive() client:send("HTTP/1.0 302 Found\r\nLocation: http://" .. srv .. diff --git a/modules/freifunk/root/etc/firewall.freifunk b/modules/freifunk/root/etc/firewall.freifunk index 663fc615a..c70ac3a2a 100644 --- a/modules/freifunk/root/etc/firewall.freifunk +++ b/modules/freifunk/root/etc/firewall.freifunk @@ -13,6 +13,8 @@ apply_advanced() { local accept_source_route config_get_bool tcp_ecn $1 tcp_ecn 1 + config_get ip_conntrack_max $1 ip_conntrack_max + config_get_bool tcp_westwood $1 tcp_westwood 0 config_get_bool tcp_window_scaling $1 tcp_window_scaling 1 config_get_bool accept_redirects $1 accept_redirects 0 config_get_bool accept_source_route $1 accept_source_route 0 @@ -24,6 +26,8 @@ apply_advanced() { sysctl -w net.ipv4.tcp_ecn=$tcp_ecn >/dev/null sysctl -w net.ipv4.tcp_window_scaling=$tcp_window_scaling >/dev/null + sysctl -w net.ipv4.tcp_westwood=$tcp_westwood >/dev/null + sysctl -w net.ipv4.ip_conntrack_max=$ip_conntrack_max >/dev/null for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo $accept_redirects > $f @@ -51,3 +55,5 @@ apply_nat_fix() { uci_set_state firewall core loaded 1 config_foreach fw_addif interface config_foreach apply_nat_fix interface + +[ -x /etc/init.d/luci_splash ] && /etc/init.d/luci_splash start -- 2.25.1