'[IPFire-SCM] [git.ipfire.org] IPFire 2.x development tree branch, openvpn-n2n, updated. 39877197d6f9'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfire-scm
Subject:    [IPFire-SCM] [git.ipfire.org] IPFire 2.x development tree branch, openvpn-n2n, updated. 39877197d6f9
From:       git () ipfire ! org (Michael Tremer)
Date:       2011-06-25 9:57:31
Message-ID: 20110625095734.7966420352 () argus ! ipfire ! org
[Download RAW message or body]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, openvpn-n2n has been updated
       via  39877197d6f99832c9732edcf72a11fbddf43a30 (commit)
       via  0708113765903d21a5479e5462c6383e0812caf3 (commit)
      from  86ec950263487aeebbb73c77f3840738904f419f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 39877197d6f99832c9732edcf72a11fbddf43a30
Author: Michael Tremer <michael.tremer at ipfire.org>
Date:   Sat Jun 25 11:47:42 2011 +0200

    openvpnctrl: Implement support to kill connections.

commit 0708113765903d21a5479e5462c6383e0812caf3
Author: Michael Tremer <michael.tremer at ipfire.org>
Date:   Sat Jun 25 10:59:47 2011 +0200

    openvpnctrl: Update firewall rules when starting a n2n connection.
    
    This makes sure, that all rules (esp. for new connections) are up
    and running.

-----------------------------------------------------------------------

Summary of changes:
 src/misc-progs/openvpnctrl.c |   74 ++++++++++++++++++++++++++++++++++++-----
 1 files changed, 65 insertions(+), 9 deletions(-)

Difference in files:
diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index e6a8d3f..847a3e2 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -1,3 +1,4 @@
+#include <signal.h>
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
@@ -24,7 +25,7 @@ char enableorange[STRING_SIZE] = "off";
 char OVPNRED[STRING_SIZE] = "OVPN";
 char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
 char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
-char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.0";
+char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.2";
 
 struct connection_struct {
 	char name[STRING_SIZE];
@@ -46,9 +47,9 @@ void exithandler(void)
 void usage(void)
 {
 #ifdef ovpndebug
-	printf("Wrapper for OpenVPN v%s-debug\n", WRAPPERVERSION);
+	printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION);
 #else
-	printf("Wrapper for OpenVPN v%s\n", WRAPPERVERSION);
+	printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION);
 #endif
 	printf("openvpnctrl <option>\n");
 	printf(" Valid options are:\n");
@@ -198,7 +199,7 @@ void executeCommand(char *command) {
 void setChainRules(char *chain, char *interface, char *protocol, char *port)
 {
 	char str[STRING_SIZE];
-	
+
 	sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, \
interface, protocol, port);  executeCommand(str);
 	sprintf(str, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain);
@@ -342,6 +343,11 @@ void setFirewallRules(void) {
 	// read connection configuration
 	connection *conn = getConnections();
 
+	// Flush all chains.
+	flushChain(OVPNRED);
+	flushChain(OVPNBLUE);
+	flushChain(OVPNORANGE);
+
 	// set firewall rules
 	if (!strcmp(enablered, "on") && strlen(redif))
 		setChainRules(OVPNRED, redif, protocol, dport);
@@ -351,10 +357,10 @@ void setFirewallRules(void) {
 		setChainRules(OVPNORANGE, orangeif, protocol, dport);
 
 	// set firewall rules for n2n connections
-	char port[STRING_SIZE];
+	char *port;
 	while (conn) {
 		sprintf(port, "%d", conn->port);
-		setChainRules(OVPNRED, redif, &conn->proto, &port);
+		setChainRules(OVPNRED, redif, conn->proto, port);
 		conn = conn->next;
 	}
 }
@@ -403,13 +409,63 @@ void startNet2Net(char *name) {
 		exit(1);
 	}
 
+	char configfile[STRING_SIZE];
+	snprintf(configfile, STRING_SIZE - 1, CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf",
+		conn->name, conn->name);
+
+	FILE *fp = fopen(configfile, "r");
+	if (fp == NULL) {
+		fprintf(stderr, "Could not find configuration file for connection '%s' at \
'%s'.\n", +			conn->name, configfile);
+		exit(2);
+	}
+	fclose(fp);
+
+	// Make sure all firewall rules are up to date.
+	setFirewallRules();
+
 	char command[STRING_SIZE];
-	sprintf(command, "/usr/sbin/openvpn --config " CONFIG_ROOT \
"/ovpn/n2nconf/%s/%s.conf", conn->name, conn->name); +	sprintf(command, \
"/usr/sbin/openvpn --config %s", configfile);  executeCommand(command);
 }
 
-void killNet2Net(char *conn) {
-	printf("TO BE DONE %s\n", conn);
+void killNet2Net(char *name) {
+	connection *conn = NULL;
+	connection *conn_iter;
+
+	conn_iter = getConnections();
+
+	while (conn_iter) {
+		if (strcmp(conn_iter->name, name) == 0) {
+			conn = conn_iter;
+			break;
+		}
+		conn_iter = conn_iter->next;
+	}
+
+	if (conn == NULL) {
+		fprintf(stderr, "Connection not found.\n");
+		exit(1);
+	}
+
+	char pidfile[STRING_SIZE];
+	snprintf(&pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name);
+
+	FILE *fp = fopen(pidfile, "r");
+	if (fp == NULL) {
+		fprintf(stderr, "Could not determine PID for connection '%s'.\n", conn->name);
+		fprintf(stderr, "PID file not found: '%s'\n", pidfile);
+		exit(1);
+	}
+
+	int pid;
+	fscanf(fp, "%d", &pid);
+	fclose(fp);
+
+	fprintf(stderr, "Killing PID %d.\n", pid);
+	kill(pid, SIGTERM);
+
+	exit(0);
 }
 
 void displayopenvpn(void) {


hooks/post-receive
--
IPFire 2.x development tree


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic