Ejemplo n.º 1
0
void protect::checkLicence(){

    getIfList();    // check hardware

    if (licenseState != _LIC3){
        genKeysLists();                         // generate private key list

        if (keyList.size() != 0){
            //genKeys();                          // generate keys from private keys

            if (!checkLicenceFile()){           // check license file
                statusMessage = _LIC_MSG0;
                licenseState = _LIC0;
            } else {
                if (fileKey.length() != 6){     // check key length in file
                    statusMessage = _LIC_MSG1;
                    licenseState = _LIC1;
                } else {
                    if (checkKey()) {             // compare keys
                        statusMessage = _LIC_MSG4;
                        licenseState = _LIC2;
                    } else {
                        statusMessage = _LIC_MSG1;
                        licenseState = _LIC1;
                    }
                }
            }
        } else {
            statusMessage = _LIC_MSG3;
            licenseState = _LIC3;
        }
    }
}
Ejemplo n.º 2
0
static int client_bridged_enabled(void)
{
	// enumerate all possible interfaces
	char iflist[256];
	iflist[0] = 0;		// workaround for bug in getIfList()
	getIfList(iflist, NULL);

	static char word[256];
	char *next;
	int bridged_clients = 0;

	// any interface in client_bridged mode?
	foreach(word, iflist, next)
	    if (nvram_nmatch("wet", "%s_mode", word))
		bridged_clients++;

	return bridged_clients;
}
Ejemplo n.º 3
0
int svqos_iptables(void)
{
	char *qos_pkts = nvram_safe_get("svqos_pkts");
	char *qos_svcs = nvram_safe_get("svqos_svcs");
	char name[32], type[32], data[32], level[32], pkt_filter[4];

	char *wshaper_dev = nvram_get("wshaper_dev");
	char *wan_dev = get_wanface();

	char nullmask[24];
	strcpy(nullmask, qos_nfmark(0));

	insmod("ipt_mark");
	insmod("xt_mark");
	insmod("ipt_CONNMARK");
	insmod("xt_CONNMARK");
	insmod("ipt_mac");
	insmod("xt_mac");

#if !(defined(ARCH_broadcom) && !defined(HAVE_BCMMODERN))
	// if kernel version later then 2.4, overwrite all old tc filter

	sysprintf("tc filter del dev %s pref %d", wan_dev, 1);
	sysprintf("tc filter del dev %s pref %d", wan_dev, 3);
	sysprintf("tc filter del dev %s pref %d", wan_dev, 5);
	sysprintf("tc filter del dev %s pref %d", wan_dev, 8);
	sysprintf("tc filter del dev %s pref %d", wan_dev, 9);

	sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", wan_dev, get_tcfmark(100), 100);
	sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", wan_dev, get_tcfmark(10), 10);
	sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", wan_dev, get_tcfmark(20), 20);
	sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", wan_dev, get_tcfmark(30), 30);
	sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", wan_dev, get_tcfmark(40), 40);

	sysprintf("tc filter del dev %s pref %d", "imq0", 1);
	sysprintf("tc filter del dev %s pref %d", "imq0", 3);
	sysprintf("tc filter del dev %s pref %d", "imq0", 5);
	sysprintf("tc filter del dev %s pref %d", "imq0", 8);
	sysprintf("tc filter del dev %s pref %d", "imq0", 9);

	sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq0", get_tcfmark(100), 100);
	sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq0", get_tcfmark(10), 10);
	sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq0", get_tcfmark(20), 20);
	sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq0", get_tcfmark(30), 30);
	sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq0", get_tcfmark(40), 40);

	if (nvram_match("wshaper_dev", "LAN")) {
		sysprintf("tc filter del dev %s pref %d", "imq1", 1);
		sysprintf("tc filter del dev %s pref %d", "imq1", 3);
		sysprintf("tc filter del dev %s pref %d", "imq1", 5);
		sysprintf("tc filter del dev %s pref %d", "imq1", 8);
		sysprintf("tc filter del dev %s pref %d", "imq1", 9);

		sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq1", get_tcfmark(100), 100);
		sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq1", get_tcfmark(10), 10);
		sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq1", get_tcfmark(20), 20);
		sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq1", get_tcfmark(30), 30);
		sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq1", get_tcfmark(40), 40);
	}
#endif

#ifdef HAVE_OPENDPI
	insmod("/lib/opendpi/xt_opendpi.ko");
#endif
	insmod("ipt_layer7");
	insmod("xt_layer7");

	// set-up mark/filter tables

	system2("iptables -t mangle -F SVQOS_SVCS");
	system2("iptables -t mangle -X SVQOS_SVCS");
	system2("iptables -t mangle -N SVQOS_SVCS");

	system2("iptables -t mangle -F FILTER_OUT");
	system2("iptables -t mangle -X FILTER_OUT");
	system2("iptables -t mangle -N FILTER_OUT");
	system2("iptables -t mangle -A FILTER_OUT -j CONNMARK --restore");
	sysprintf("iptables -t mangle -A FILTER_OUT -m mark --mark %s -j SVQOS_SVCS", nullmask);

	system2("iptables -t mangle -F FILTER_IN");
	system2("iptables -t mangle -X FILTER_IN");
	system2("iptables -t mangle -N FILTER_IN");
	system2("iptables -t mangle -A FILTER_IN -j CONNMARK --restore");
	sysprintf("iptables -t mangle -A FILTER_IN -m mark --mark %s -j SVQOS_SVCS", nullmask);

	sysprintf("iptables -t mangle -D PREROUTING -j FILTER_IN");
	sysprintf("iptables -t mangle -I PREROUTING -j FILTER_IN");
	sysprintf("iptables -t mangle -D POSTROUTING -j FILTER_OUT");
	sysprintf("iptables -t mangle -I POSTROUTING -j FILTER_OUT");

	system2("iptables -t mangle -A POSTROUTING -m dscp --dscp ! 0 -j DSCP --set-dscp 0");

	if (!strcmp(wshaper_dev, "WAN")) {
		sysprintf("iptables -t mangle -D INPUT -i %s -j IMQ --todev 0", wan_dev);
		sysprintf("iptables -t mangle -A INPUT -i %s -j IMQ --todev 0", wan_dev);
		sysprintf("iptables -t mangle -D FORWARD -i %s -j IMQ --todev 0", wan_dev);
		sysprintf("iptables -t mangle -A FORWARD -i %s -j IMQ --todev 0", wan_dev);
	}
	if (!strcmp(wshaper_dev, "LAN")) {
		if (!client_bridged_enabled()
		    && nvram_invmatch("wan_proto", "disabled")) {
			sysprintf("iptables -t mangle -D INPUT -i %s -j IMQ --todev 0", wan_dev);
			sysprintf("iptables -t mangle -A INPUT -i %s -j IMQ --todev 0", wan_dev);
			sysprintf("iptables -t mangle -D FORWARD -i %s -j IMQ --todev 0", wan_dev);
			sysprintf("iptables -t mangle -A FORWARD -i %s -j IMQ --todev 0", wan_dev);

			sysprintf("iptables -t mangle -D INPUT -i ! %s -j IMQ --todev 1", wan_dev);
			sysprintf("iptables -t mangle -A INPUT -i ! %s -j IMQ --todev 1", wan_dev);
			sysprintf("iptables -t mangle -D FORWARD -i ! %s -o ! %s -j IMQ --todev 1", wan_dev, wan_dev);
			sysprintf("iptables -t mangle -A FORWARD -i ! %s -o ! %s -j IMQ --todev 1", wan_dev, wan_dev);
		} else {
			sysprintf("iptables -t mangle -D INPUT -j IMQ --todev 1");
			sysprintf("iptables -t mangle -A INPUT -j IMQ --todev 1");
			sysprintf("iptables -t mangle -D FORWARD -j IMQ --todev 1");
			sysprintf("iptables -t mangle -A FORWARD -j IMQ --todev 1");
		}
	}

	/* add openvpn filter rules */
#ifdef HAVE_AQOS
#ifdef HAVE_OPENVPN
	if (nvram_invmatch("openvpn_enable", "0") || nvram_invmatch("openvpncl_enable", "0")) {
		char iflist[256];
		static char word[256];
		char *next;
		bool unbridged_tap = 0;

		insmod("xt_dscp");
		insmod("xt_DSCP");

		system2("iptables -t mangle -F VPN_IN");
		system2("iptables -t mangle -X VPN_IN");
		system2("iptables -t mangle -N VPN_IN");
		system2("iptables -t mangle -A VPN_IN -j CONNMARK --save");

		system2("iptables -t mangle -F VPN_OUT");
		system2("iptables -t mangle -X VPN_OUT");
		system2("iptables -t mangle -N VPN_OUT");

		system2("iptables -t mangle -F VPN_DSCP");
		system2("iptables -t mangle -X VPN_DSCP");
		system2("iptables -t mangle -N VPN_DSCP");
		sysprintf("iptables -t mangle -A VPN_DSCP -m dscp --dscp 10 -j MARK --set-mark %s", qos_nfmark(100));
		sysprintf("iptables -t mangle -A VPN_DSCP -m dscp --dscp 1 -j MARK --set-mark %s", qos_nfmark(10));
		sysprintf("iptables -t mangle -A VPN_DSCP -m dscp --dscp 2 -j MARK --set-mark %s", qos_nfmark(20));
		sysprintf("iptables -t mangle -A VPN_DSCP -m dscp --dscp 3 -j MARK --set-mark %s", qos_nfmark(30));
		sysprintf("iptables -t mangle -A VPN_DSCP -m dscp --dscp 4 -j MARK --set-mark %s", qos_nfmark(40));
		system2("iptables -t mangle -A VPN_DSCP -m dscp --dscp ! 0 -j DSCP --set-dscp 0");
		system2("iptables -t mangle -A VPN_DSCP -j RETURN");

		// look for present tun-devices
		if (getifcount("tun")) {
			system2("iptables -t mangle -I PREROUTING 2 -i tun+ -j VPN_IN");
			system2("iptables -t mangle -I INPUT 1 -i tun+ -j IMQ --todev 0");
			system2("iptables -t mangle -I FORWARD 1 -i tun+ -j IMQ --todev 0");
			system2("iptables -t mangle -I POSTROUTING 1 -o tun+ -j VPN_OUT");
		}
		// look for present tap-devices
		if (getifcount("tap")) {
			writeproc("/proc/sys/net/bridge/bridge-nf-call-arptables", "1");
			writeproc("/proc/sys/net/bridge/bridge-nf-call-ip6tables", "1");
			writeproc("/proc/sys/net/bridge/bridge-nf-call-iptables", "1");

			insmod("xt_physdev");
			insmod("ebtables");

			getIfList(iflist, "tap");
			foreach(word, iflist, next) {
				if (is_in_bridge(word)) {
					sysprintf("iptables -t mangle -I PREROUTING 2 -m physdev --physdev-in %s -j VPN_IN", word);
					sysprintf("iptables -t mangle -I INPUT 1 -m physdev --physdev-in %s -j IMQ --todev 0", word);
					sysprintf("iptables -t mangle -I FORWARD 1 -m physdev --physdev-in %s -j IMQ --todev 0", word);
					sysprintf("iptables -t mangle -I POSTROUTING -m physdev --physdev-out %s -j VPN_OUT", word);
				} else
					unbridged_tap = 1;
			}

			if (unbridged_tap) {
				system2("iptables -t mangle -I PREROUTING 2 -i tap+ -j VPN_IN");
				system2("iptables -t mangle -I INPUT 1 -i tap+ -j IMQ --todev 0");
				system2("iptables -t mangle -I FORWARD 1 -i tap+ -j IMQ --todev 0");
				system2("iptables -t mangle -I POSTROUTING 1 -o tap+ -j VPN_OUT");
			}
		}