Merge r4249-r4256

2009-02-20 01:48:11 +00:00 · 2009-02-20 01:48:11 +00:00 · 75bad86cab
commit 75bad86cab
parent 0e41ce82a8
6 changed files with 65 additions and 32 deletions
--- a/applications/luci-splash/luasrc/controller/splash/splash.lua
+++ b/applications/luci-splash/luasrc/controller/splash/splash.lua
@ -4,8 +4,8 @@ function index()
 	entry({"admin", "services", "splash"}, cbi("splash/splash"), "Client-Splash")
 	node("splash").target = call("action_dispatch")
-	node("splash", "splash", "activate").target = call("action_activate")
+	node("splash", "activate").target = call("action_activate")
-	node("splash", "splash", "splash").target   = template("splash_splash/splash")
+	node("splash", "splash").target   = template("splash_splash/splash")
 end
 function action_dispatch()
@ -14,7 +14,7 @@ function action_dispatch()
 	if #mac > 0 and ( status == "whitelisted" or status == "lease" ) then
 		luci.http.redirect(luci.dispatcher.build_url())
 	else
-		luci.http.redirect(luci.dispatcher.build_url("splash", "splash", "splash"))
+		luci.http.redirect(luci.dispatcher.build_url("splash", "splash"))
 	end
 end
--- a/applications/luci-splash/luasrc/view/splash/splash.htm
+++ b/applications/luci-splash/luasrc/view/splash/splash.htm
@ -42,6 +42,6 @@ Wenn Du unsere Idee gut findest, kannst Du uns unterstützen:
 </p>
 <p>
-Mit einem Klick auf <em><%:accept%></em> kannst du für <%=c.leasetime%> Stunden
+Mit einem Klick auf <em><%:accept Accept%></em> kannst du für <%=c.leasetime%> Stunden
 über unser Netz das Internet verwenden. Dann wirst du erneut aufgefordet, diese Bedingungen zu akzeptieren.
-</p>
+</p>
--- a/applications/luci-splash/luasrc/view/splash_splash/splash.htm
+++ b/applications/luci-splash/luasrc/view/splash_splash/splash.htm
@ -14,8 +14,8 @@ $Id$
 -%>
 <%+header%>
 <%+splash/splash%>
-<form method="get" action="<%=controller%>/splash/splash/activate">
+<form method="get" action="<%=controller%>/splash/activate">
-	<input type="submit" value="<%:decline%>" />
+	<input type="submit" value="<%:decline Decline%>" />
-	<input type="submit" name="accept" value="<%:accept%>" />
+	<input type="submit" name="accept" value="<%:accept Accept%>" />
 </form>
-<%+footer%>
+<%+footer%>
--- a/applications/luci-splash/root/etc/init.d/luci_splash
+++ b/applications/luci-splash/root/etc/init.d/luci_splash
@ -1,5 +1,6 @@
 #!/bin/sh /etc/rc.common
 START=70
 EXTRA_COMMANDS=clear_leases
 iface_add() {
 	local cfg="$1"
@ -17,24 +18,25 @@ iface_add() {
 	[ -n "$netmask" ] || return 0
 	eval "$(ipcalc.sh $ipaddr $netmask)"
-	
+
-	iptables -t nat -A zone_${zone}_prerouting -s "$NETWORK/$PREFIX" -p ! tcp -j luci_splash_portal
+	iptables -t nat -A prerouting_${zone} -j luci_splash_prerouting
-	iptables -t nat -A zone_${zone}_prerouting -s "$NETWORK/$PREFIX" -d ! "$ipaddr" -j luci_splash_portal
+	iptables -t nat -A luci_splash_prerouting -s "$NETWORK/$PREFIX" -p ! tcp -j luci_splash_portal
-	iptables -t nat -A zone_${zone}_prerouting -s "$NETWORK/$PREFIX" -d "$ipaddr" -p tcp -m multiport ! --dport 22,80,443 -j luci_splash_portal
+	iptables -t nat -A luci_splash_prerouting -s "$NETWORK/$PREFIX" -d ! "$ipaddr" -j luci_splash_portal
 	iptables -t nat -A luci_splash_prerouting -s "$NETWORK/$PREFIX" -d "$ipaddr" -p tcp -m multiport ! --dport 22,80,443 -j luci_splash_portal
 }
 blacklist_add() {
 	local cfg="$1"
 	config_get mac "$cfg" mac
-	[ -n "$mac" ] && iptables -t nat -A luci_splash_portal -m mac --mac-source "$mac" -j DROP
+	[ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP
 }
 whitelist_add() {
 	local cfg="$1"
 	config_get mac "$cfg" mac
-	[ -n "$mac" ] && iptables -t nat -A luci_splash_portal -m mac --mac-source "$mac" -j RETURN
+	[ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j RETURN
 }
 start() {
@ -44,16 +46,19 @@ start() {
 	config_load luci_splash
 	### Create subchains
 	iptables -t nat -N luci_splash
 	iptables -t nat -N luci_splash_portal
 	iptables -t nat -N luci_splash_leases
 	iptables -t nat -N luci_splash_prerouting
 	### Build the main and portal rule
 	config_foreach blacklist_add blacklist
 	config_foreach whitelist_add whitelist
 	config_foreach whitelist_add lease
 	config_foreach iface_add iface
 	### Build the portal rule
 	iptables -t nat -A luci_splash_portal -p udp --dport 33434:33523 -j RETURN
 	iptables -t nat -A luci_splash_portal -p icmp -j RETURN
 	iptables -t nat -A luci_splash_portal -p udp --dport 53 -j RETURN
 	iptables -t nat -A luci_splash_portal -j luci_splash_leases
@ -67,21 +72,40 @@ start() {
 	}
 	### Start the splash httpd
-	start-stop-daemon -S -b -q -x /usr/bin/luci-splashd
+	start-stop-daemon -S -m -p /var/run/luci-splashd.pid -b -q -x /usr/bin/luci-splashd
 }
-stop() {	
+iface_del() {
 	config_get zone "$1" zone                                                                
 	[ -n "$zone" ] || return 0
 	while iptables -t nat -D prerouting_${zone} -j luci_splash_prerouting 2>&-; do :; done
 }
 stop() {
 	### Clear interface rules
 	config_load luci_splash
 	config_foreach iface_del iface
 	### Clear subchains
 	iptables -t nat -F luci_splash_leases
 	iptables -t nat -F luci_splash_portal
-	iptables -t nat -F luci_splash	
+	iptables -t nat -F luci_splash_prerouting
 	### Delete subchains
 	iptables -t nat -X luci_splash_leases
 	iptables -t nat -X luci_splash_portal
-	iptables -t nat -X luci_splash
+	iptables -t nat -X luci_splash_prerouting
 	### Stop the splash httpd
-	start-stop-daemon -K -q -x /usr/bin/luci-splashd
+	start-stop-daemon -K -p /var/run/luci-splashd.pid -s KILL -q
 	sed -ie '/\/usr\/sbin\/luci-splash sync/d' /var/spool/cron/crontabs/root
 }
 clear_leases() {
 	stop
 	while uci -P /var/state del luci_splash.@lease[0] 2>&-;do :; done
 	start
 }
--- a/applications/luci-splash/root/usr/bin/luci-splashd
+++ b/applications/luci-splash/root/usr/bin/luci-splashd
@ -16,17 +16,20 @@ while true do
 	if client then
 		client:settimeout(1)
 		local srv
-		local ip = luci.ip.IPv4(client:getpeername())
+		local ip  = luci.ip.IPv4((client:getpeername()))
-		uci:foreach("network", "interface",
+
-			function (section)
+		local function find_srv(section)
-			    if section.ipaddr then
+			if section.ipaddr then
-			        local net = luci.ip.IPv4(section.ipaddr, section.netmask)
+				local net = luci.ip.IPv4(section.ipaddr, section.netmask)
-			        if ip and net and net:contains(ip) then
+				if ip and net and net:contains(ip) then
-			            srv = section.ipaddr
+					srv = section.ipaddr
-			            return
+					return
-			        end
+				end
-			    end
+			end
-			end)
+		end
 		uci:foreach("network", "interface", find_srv)
 		uci:foreach("network", "alias", find_srv)
 		client:receive()
 		client:send("HTTP/1.0 302 Found\r\nLocation: http://" .. srv ..
--- a/modules/freifunk/root/etc/firewall.freifunk
+++ b/modules/freifunk/root/etc/firewall.freifunk
@ -13,6 +13,8 @@ apply_advanced() {
 	local accept_source_route
 	config_get_bool tcp_ecn $1 tcp_ecn 1
 	config_get ip_conntrack_max $1 ip_conntrack_max
 	config_get_bool tcp_westwood $1 tcp_westwood 0
 	config_get_bool tcp_window_scaling $1 tcp_window_scaling 1
 	config_get_bool accept_redirects $1 accept_redirects 0
 	config_get_bool accept_source_route $1 accept_source_route 0
@ -24,6 +26,8 @@ apply_advanced() {
 	sysctl -w net.ipv4.tcp_ecn=$tcp_ecn >/dev/null
 	sysctl -w net.ipv4.tcp_window_scaling=$tcp_window_scaling >/dev/null
 	sysctl -w net.ipv4.tcp_westwood=$tcp_westwood >/dev/null
 	sysctl -w net.ipv4.ip_conntrack_max=$ip_conntrack_max >/dev/null
 	for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
 		echo $accept_redirects > $f
@ -51,3 +55,5 @@ apply_nat_fix() {
 uci_set_state firewall core loaded 1
 config_foreach fw_addif interface
 config_foreach apply_nat_fix interface
 [ -x /etc/init.d/luci_splash ] && /etc/init.d/luci_splash start