void protect::checkLicence(){
getIfList(); // check hardware
if (licenseState != _LIC3){
genKeysLists(); // generate private key list
if (keyList.size() != 0){
//genKeys(); // generate keys from private keys
if (!checkLicenceFile()){ // check license file
statusMessage = _LIC_MSG0;
licenseState = _LIC0;
} else {
if (fileKey.length() != 6){ // check key length in file
statusMessage = _LIC_MSG1;
licenseState = _LIC1;
} else {
if (checkKey()) { // compare keys
statusMessage = _LIC_MSG4;
licenseState = _LIC2;
} else {
statusMessage = _LIC_MSG1;
licenseState = _LIC1;
}
}
}
} else {
statusMessage = _LIC_MSG3;
licenseState = _LIC3;
}
}
}
static int client_bridged_enabled(void)
{
// enumerate all possible interfaces
char iflist[256];
iflist[0] = 0; // workaround for bug in getIfList()
getIfList(iflist, NULL);
static char word[256];
char *next;
int bridged_clients = 0;
// any interface in client_bridged mode?
foreach(word, iflist, next)
if (nvram_nmatch("wet", "%s_mode", word))
bridged_clients++;
return bridged_clients;
}
int svqos_iptables(void)
{
char *qos_pkts = nvram_safe_get("svqos_pkts");
char *qos_svcs = nvram_safe_get("svqos_svcs");
char name[32], type[32], data[32], level[32], pkt_filter[4];
char *wshaper_dev = nvram_get("wshaper_dev");
char *wan_dev = get_wanface();
char nullmask[24];
strcpy(nullmask, qos_nfmark(0));
insmod("ipt_mark");
insmod("xt_mark");
insmod("ipt_CONNMARK");
insmod("xt_CONNMARK");
insmod("ipt_mac");
insmod("xt_mac");
#if !(defined(ARCH_broadcom) && !defined(HAVE_BCMMODERN))
// if kernel version later then 2.4, overwrite all old tc filter
sysprintf("tc filter del dev %s pref %d", wan_dev, 1);
sysprintf("tc filter del dev %s pref %d", wan_dev, 3);
sysprintf("tc filter del dev %s pref %d", wan_dev, 5);
sysprintf("tc filter del dev %s pref %d", wan_dev, 8);
sysprintf("tc filter del dev %s pref %d", wan_dev, 9);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", wan_dev, get_tcfmark(100), 100);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", wan_dev, get_tcfmark(10), 10);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", wan_dev, get_tcfmark(20), 20);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", wan_dev, get_tcfmark(30), 30);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", wan_dev, get_tcfmark(40), 40);
sysprintf("tc filter del dev %s pref %d", "imq0", 1);
sysprintf("tc filter del dev %s pref %d", "imq0", 3);
sysprintf("tc filter del dev %s pref %d", "imq0", 5);
sysprintf("tc filter del dev %s pref %d", "imq0", 8);
sysprintf("tc filter del dev %s pref %d", "imq0", 9);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq0", get_tcfmark(100), 100);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq0", get_tcfmark(10), 10);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq0", get_tcfmark(20), 20);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq0", get_tcfmark(30), 30);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq0", get_tcfmark(40), 40);
if (nvram_match("wshaper_dev", "LAN")) {
sysprintf("tc filter del dev %s pref %d", "imq1", 1);
sysprintf("tc filter del dev %s pref %d", "imq1", 3);
sysprintf("tc filter del dev %s pref %d", "imq1", 5);
sysprintf("tc filter del dev %s pref %d", "imq1", 8);
sysprintf("tc filter del dev %s pref %d", "imq1", 9);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq1", get_tcfmark(100), 100);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq1", get_tcfmark(10), 10);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq1", get_tcfmark(20), 20);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq1", get_tcfmark(30), 30);
sysprintf("tc filter add dev %s protocol ip parent 1: u32 match mark %s flowid 1:%d", "imq1", get_tcfmark(40), 40);
}
#endif
#ifdef HAVE_OPENDPI
insmod("/lib/opendpi/xt_opendpi.ko");
#endif
insmod("ipt_layer7");
insmod("xt_layer7");
// set-up mark/filter tables
system2("iptables -t mangle -F SVQOS_SVCS");
system2("iptables -t mangle -X SVQOS_SVCS");
system2("iptables -t mangle -N SVQOS_SVCS");
system2("iptables -t mangle -F FILTER_OUT");
system2("iptables -t mangle -X FILTER_OUT");
system2("iptables -t mangle -N FILTER_OUT");
system2("iptables -t mangle -A FILTER_OUT -j CONNMARK --restore");
sysprintf("iptables -t mangle -A FILTER_OUT -m mark --mark %s -j SVQOS_SVCS", nullmask);
system2("iptables -t mangle -F FILTER_IN");
system2("iptables -t mangle -X FILTER_IN");
system2("iptables -t mangle -N FILTER_IN");
system2("iptables -t mangle -A FILTER_IN -j CONNMARK --restore");
sysprintf("iptables -t mangle -A FILTER_IN -m mark --mark %s -j SVQOS_SVCS", nullmask);
sysprintf("iptables -t mangle -D PREROUTING -j FILTER_IN");
sysprintf("iptables -t mangle -I PREROUTING -j FILTER_IN");
sysprintf("iptables -t mangle -D POSTROUTING -j FILTER_OUT");
sysprintf("iptables -t mangle -I POSTROUTING -j FILTER_OUT");
system2("iptables -t mangle -A POSTROUTING -m dscp --dscp ! 0 -j DSCP --set-dscp 0");
if (!strcmp(wshaper_dev, "WAN")) {
sysprintf("iptables -t mangle -D INPUT -i %s -j IMQ --todev 0", wan_dev);
sysprintf("iptables -t mangle -A INPUT -i %s -j IMQ --todev 0", wan_dev);
sysprintf("iptables -t mangle -D FORWARD -i %s -j IMQ --todev 0", wan_dev);
sysprintf("iptables -t mangle -A FORWARD -i %s -j IMQ --todev 0", wan_dev);
}
if (!strcmp(wshaper_dev, "LAN")) {
if (!client_bridged_enabled()
&& nvram_invmatch("wan_proto", "disabled")) {
sysprintf("iptables -t mangle -D INPUT -i %s -j IMQ --todev 0", wan_dev);
sysprintf("iptables -t mangle -A INPUT -i %s -j IMQ --todev 0", wan_dev);
sysprintf("iptables -t mangle -D FORWARD -i %s -j IMQ --todev 0", wan_dev);
sysprintf("iptables -t mangle -A FORWARD -i %s -j IMQ --todev 0", wan_dev);
sysprintf("iptables -t mangle -D INPUT -i ! %s -j IMQ --todev 1", wan_dev);
sysprintf("iptables -t mangle -A INPUT -i ! %s -j IMQ --todev 1", wan_dev);
sysprintf("iptables -t mangle -D FORWARD -i ! %s -o ! %s -j IMQ --todev 1", wan_dev, wan_dev);
sysprintf("iptables -t mangle -A FORWARD -i ! %s -o ! %s -j IMQ --todev 1", wan_dev, wan_dev);
} else {
sysprintf("iptables -t mangle -D INPUT -j IMQ --todev 1");
sysprintf("iptables -t mangle -A INPUT -j IMQ --todev 1");
sysprintf("iptables -t mangle -D FORWARD -j IMQ --todev 1");
sysprintf("iptables -t mangle -A FORWARD -j IMQ --todev 1");
}
}
/* add openvpn filter rules */
#ifdef HAVE_AQOS
#ifdef HAVE_OPENVPN
if (nvram_invmatch("openvpn_enable", "0") || nvram_invmatch("openvpncl_enable", "0")) {
char iflist[256];
static char word[256];
char *next;
bool unbridged_tap = 0;
insmod("xt_dscp");
insmod("xt_DSCP");
system2("iptables -t mangle -F VPN_IN");
system2("iptables -t mangle -X VPN_IN");
system2("iptables -t mangle -N VPN_IN");
system2("iptables -t mangle -A VPN_IN -j CONNMARK --save");
system2("iptables -t mangle -F VPN_OUT");
system2("iptables -t mangle -X VPN_OUT");
system2("iptables -t mangle -N VPN_OUT");
system2("iptables -t mangle -F VPN_DSCP");
system2("iptables -t mangle -X VPN_DSCP");
system2("iptables -t mangle -N VPN_DSCP");
sysprintf("iptables -t mangle -A VPN_DSCP -m dscp --dscp 10 -j MARK --set-mark %s", qos_nfmark(100));
sysprintf("iptables -t mangle -A VPN_DSCP -m dscp --dscp 1 -j MARK --set-mark %s", qos_nfmark(10));
sysprintf("iptables -t mangle -A VPN_DSCP -m dscp --dscp 2 -j MARK --set-mark %s", qos_nfmark(20));
sysprintf("iptables -t mangle -A VPN_DSCP -m dscp --dscp 3 -j MARK --set-mark %s", qos_nfmark(30));
sysprintf("iptables -t mangle -A VPN_DSCP -m dscp --dscp 4 -j MARK --set-mark %s", qos_nfmark(40));
system2("iptables -t mangle -A VPN_DSCP -m dscp --dscp ! 0 -j DSCP --set-dscp 0");
system2("iptables -t mangle -A VPN_DSCP -j RETURN");
// look for present tun-devices
if (getifcount("tun")) {
system2("iptables -t mangle -I PREROUTING 2 -i tun+ -j VPN_IN");
system2("iptables -t mangle -I INPUT 1 -i tun+ -j IMQ --todev 0");
system2("iptables -t mangle -I FORWARD 1 -i tun+ -j IMQ --todev 0");
system2("iptables -t mangle -I POSTROUTING 1 -o tun+ -j VPN_OUT");
}
// look for present tap-devices
if (getifcount("tap")) {
writeproc("/proc/sys/net/bridge/bridge-nf-call-arptables", "1");
writeproc("/proc/sys/net/bridge/bridge-nf-call-ip6tables", "1");
writeproc("/proc/sys/net/bridge/bridge-nf-call-iptables", "1");
insmod("xt_physdev");
insmod("ebtables");
getIfList(iflist, "tap");
foreach(word, iflist, next) {
if (is_in_bridge(word)) {
sysprintf("iptables -t mangle -I PREROUTING 2 -m physdev --physdev-in %s -j VPN_IN", word);
sysprintf("iptables -t mangle -I INPUT 1 -m physdev --physdev-in %s -j IMQ --todev 0", word);
sysprintf("iptables -t mangle -I FORWARD 1 -m physdev --physdev-in %s -j IMQ --todev 0", word);
sysprintf("iptables -t mangle -I POSTROUTING -m physdev --physdev-out %s -j VPN_OUT", word);
} else
unbridged_tap = 1;
}
if (unbridged_tap) {
system2("iptables -t mangle -I PREROUTING 2 -i tap+ -j VPN_IN");
system2("iptables -t mangle -I INPUT 1 -i tap+ -j IMQ --todev 0");
system2("iptables -t mangle -I FORWARD 1 -i tap+ -j IMQ --todev 0");
system2("iptables -t mangle -I POSTROUTING 1 -o tap+ -j VPN_OUT");
}
}