OpenWrt/coolsnowwolf-packages
1
0
Fork 0
mirror of https://github.com/coolsnowwolf/packages synced 2025-01-09 04:37:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

noddos: fix openssl

Browse Source
This commit is contained in:
LEAN-ESX 2019-10-12 02:37:57 -07:00
parent d3050160c8
commit 9b85a2558a
5 changed files with 496 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
net/noddos/Makefile
View File

@ -9,18 +9,20 @@ include $(TOPDIR)/rules.mk
# Name and release number of this package
PKG_NAME:=noddos
PKG_RELEASE:=1
PKG_LICENSE:=GPLv3
PKG_MAINTAINER:=Steven Hessing <steven.hessing@gmail.com>
PKG_VERSION:=0.5.5
PKG_RELEASE:=4
PKG_SOURCE_VERSION:=0.5.5
PKG_SOURCE_URL:=https://github.com/noddos/noddos/releases/download/v$(PKG_SOURCE_VERSION)/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.xz
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/noddos/noddos/releases/download/v$(PKG_VERSION)/
PKG_HASH:=1f5be0c1015b0407036eecc8449d60d2abcacec442bba55db85fc32e89f754db
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_SOURCE_VERSION)
PKG_MAINTAINER:=Steven Hessing <steven.hessing@gmail.com>
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=LICENSE.md
PKG_BUILD_PARALLEL:=1
CMAKE_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
@ -29,7 +31,7 @@ define Package/noddos
CATEGORY:=Network
TITLE:=noddos -- device-aware cloud-powered firewall
URL:=https://www.noddos.io/
DEPENDS:=+libstdcpp +libnetfilter-conntrack +libcurl +libopenssl +openssl-util +ca-bundle +ca-certificates +wget +bzip2 +libtins +ipset +libpthread +libyaml-cpp
DEPENDS:=+libstdcpp +libnetfilter-conntrack +libcurl +libopenssl +openssl-util +ca-bundle +wget +bzip2 +libtins +ipset +libpthread +libyaml-cpp
endef
define Package/noddos/description

13
net/noddos/patches/010-openssl-1.1-fixes.patch Normal file
View File

@ -0,0 +1,13 @@
--- a/src/opensslfingerprint.cxx
+++ b/src/opensslfingerprint.cxx
@@ -110,7 +110,9 @@ std::string getCertFingerprint(const std
snprintf(&fpbuf[57], 3, "%02x", md[19]);
if (Debug) {
- syslog (LOG_DEBUG, "Cert: %s, fingerprint: %s", x->name, fpbuf);
+ char *namebuf = X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
+ syslog (LOG_DEBUG, "Cert: %s, fingerprint: %s", namebuf, fpbuf);
+ free(namebuf);
}
std::string fp = fpbuf;

431
net/noddos/patches/020-Ipset.cxx-update-libipset-API-to-version-7.patch Normal file
View File

@ -0,0 +1,431 @@
From 5200105f412ceefa0784bf914aa215146fd067b0 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Wed, 26 Dec 2018 16:45:47 -0200
Subject: [PATCH] Ipset.cxx: update libipset API to version 7
Old API compatibility was kept with a compatibility shim.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
diff --git a/src/Ipset.cxx b/src/Ipset.cxx
index 9333fe6..da97f93 100644
--- a/src/Ipset.cxx
+++ b/src/Ipset.cxx
@@ -90,23 +90,19 @@ void Ipset::Open (const std::string inIpsetName, std::string inIpsetType, bool i
isIpsetv4 = inisIpsetv4;
ipset_load_types();
- struct ipset_session *session = ipset_session_init(printf);
+ struct ipset_session *session = noddos_ipset_session_init();
if (session == nullptr) {
syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
ipset_session_fini(session);
throw std::runtime_error ("Cannot initialize ipset session.");
}
- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set environment option.");
- ipset_session_fini(session);
- throw std::runtime_error ("Can't set environment option.");
- }
+ ipset_envopt_set(session, IPSET_ENV_EXIST);
int r = ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str());
if ( r < 0) {
- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session));
} else if (r > 0) {
if (Debug == true) {
syslog (LOG_DEBUG, "Ipset: Not creating set %s as it already exists", ipsetName.c_str());
@@ -115,27 +111,27 @@ void Ipset::Open (const std::string inIpsetName, std::string inIpsetType, bool i
return;
}
if (ipset_session_data_set(session, IPSET_OPT_TYPENAME, ipsetType.c_str()) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set setname %s to type %s: %s", ipsetName.c_str(), ipsetType.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set setname %s to type %s: %s", ipsetName.c_str(), ipsetType.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set type " + ipsetType + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't set type " + ipsetType + ": " + ipset_session_report_msg(session));
}
const struct ipset_type *type = ipset_type_get(session, IPSET_CMD_CREATE);
if (type == NULL) {
- syslog (LOG_ERR, "Ipset: Can't set create ip %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set create ip %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't create ipset " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't create ipset " + ipsetName + ": " + ipset_session_report_msg(session));
}
uint32_t timeout = 0; /* default to infinity */
if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set setname %s to timeout %d: %s", ipsetName.c_str(), timeout, ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set setname %s to timeout %d: %s", ipsetName.c_str(), timeout, ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set time-out " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't set time-out " + ipsetName + ": " + ipset_session_report_msg(session));
}
if (ipset_session_data_set(session, IPSET_OPT_TYPE, type)) {
- syslog (LOG_ERR, "Ipset: Can't set setname %s option type: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set setname %s option type: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set ipset type: " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't set ipset type: " + ipsetName + ": " + ipset_session_report_msg(session));
}
uint8_t family = 0;
if (ipsetType == "hash:ip" && isIpsetv4 == true) {
@@ -149,20 +145,20 @@ void Ipset::Open (const std::string inIpsetName, std::string inIpsetType, bool i
throw std::invalid_argument("Unknown ipset data type " + ipsetType);
}
if (ipset_session_data_set(session, IPSET_OPT_FAMILY, &family) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set setname %s address family %d: %s", ipsetName.c_str(), family, ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set setname %s address family %d: %s", ipsetName.c_str(), family, ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Cannot set ipset family: " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Cannot set ipset family: " + ipsetName + ": " + ipset_session_report_msg(session));
}
if (ipset_cmd(session, IPSET_CMD_CREATE, /*lineno*/ 0) != 0) {
- syslog (LOG_ERR, "Ipset: Can't create setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't create setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Failed to create ipset " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Failed to create ipset " + ipsetName + ": " + ipset_session_report_msg(session));
}
if (ipset_commit(session) < 0) {
- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
}
ipset_session_fini(session);
}
@@ -173,33 +169,29 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd) {
if (Debug == true) {
syslog(LOG_DEBUG, "Ipset: received command %d for ipset %s", cmd, ipsetName.c_str());
}
- struct ipset_session *session = ipset_session_init(printf);
+ struct ipset_session *session = noddos_ipset_session_init();
if (session == nullptr) {
syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
ipset_session_fini(session);
throw std::runtime_error ("Cannot initialize ipset session.");
}
- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set environment option.");
- ipset_session_fini(session);
- throw std::runtime_error ("Can't set environment option.");
- }
+ ipset_envopt_set(session, IPSET_ENV_EXIST);
if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session));
}
if (ipset_cmd(session, cmd, 0) != 0) {
ipset_session_fini(session);
- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session));
}
if (ipset_commit(session) < 0) {
- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
}
ipset_session_fini(session);
return true;
@@ -210,61 +202,57 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd, const Tins::IPv4Address &inIpAddress
if (Debug == true) {
syslog(LOG_DEBUG, "Ipset: received command %d for IP address %s for ipset %s", cmd, inIpAddress.to_string().c_str(), ipsetName.c_str());
}
- struct ipset_session *session = ipset_session_init(printf);
+ struct ipset_session *session = noddos_ipset_session_init();
if (session == nullptr) {
syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
ipset_session_fini(session);
throw std::runtime_error ("Cannot initialize ipset session.");
}
- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set environment option.");
- ipset_session_fini(session);
- throw std::runtime_error ("Can't set environment option.");
- }
+ ipset_envopt_set(session, IPSET_ENV_EXIST);
if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session));
}
const struct ipset_type *type = ipset_type_get(session, cmd);
if (type == NULL) {
- syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_report_msg(session));
}
uint8_t family = NFPROTO_IPV4;
if (ipset_session_data_set(session, IPSET_OPT_FAMILY, &family) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set session data to IPv4 family for set %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set session data to IPv4 family for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv4 family, error: " + ipset_session_error(session));
+ throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv4 family, error: " + ipset_session_report_msg(session));
}
struct in_addr sin;
inet_aton (inIpAddress.to_string().c_str(), &sin);
if (ipset_session_data_set(session, IPSET_OPT_IP, &sin) < 0) {
- syslog (LOG_ERR, "Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_error(session));
+ throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_report_msg(session));
}
if (timeout) {
if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) != 0) {
- syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_report_msg(session));
return false;
}
}
if (ipset_cmd(session, cmd, 0) != 0) {
ipset_session_fini(session);
- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session));
}
if (ipset_commit(session) < 0) {
- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
}
ipset_session_fini(session);
return true;
@@ -274,61 +262,57 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd, const Tins::IPv6Address &inIpAddress
if (Debug == true) {
syslog(LOG_DEBUG, "Ipset: received command %d for IP address %s for ipset %s", cmd, inIpAddress.to_string().c_str(), ipsetName.c_str());
}
- struct ipset_session *session = ipset_session_init(printf);
+ struct ipset_session *session = noddos_ipset_session_init();
if (session == nullptr) {
syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
ipset_session_fini(session);
throw std::runtime_error ("Cannot initialize ipset session.");
}
- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set environment option.");
- ipset_session_fini(session);
- throw std::runtime_error ("Can't set environment option.");
- }
+ ipset_envopt_set(session, IPSET_ENV_EXIST);
if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session));
}
const struct ipset_type *type = ipset_type_get(session, cmd);
if (type == NULL) {
- syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_report_msg(session));
}
uint8_t family = NFPROTO_IPV6;
if (ipset_session_data_set(session, IPSET_OPT_FAMILY, &family) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set session data to IPv6 family for set %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set session data to IPv6 family for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv6 family, error: " + ipset_session_error(session));
+ throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv6 family, error: " + ipset_session_report_msg(session));
}
unsigned char buf[sizeof(struct in6_addr)];
int s = inet_pton(AF_INET6, inIpAddress.to_string().c_str(), buf);
if (ipset_session_data_set(session, IPSET_OPT_IP, &buf) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_error(session));
+ throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_report_msg(session));
}
if (timeout) {
if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) != 0) {
- syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_report_msg(session));
}
}
if (ipset_cmd(session, cmd, 0) != 0) {
- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session));
}
if (ipset_commit(session) < 0) {
- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
}
ipset_session_fini(session);
return true;
@@ -338,50 +322,46 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd, const std::string Mac, time_t timeout
if (Debug == true) {
syslog(LOG_DEBUG, "Ipset: received command %d for MAC address %s for ipset %s", cmd, Mac.c_str(), ipsetName.c_str());
}
- struct ipset_session *session = ipset_session_init(printf);
+ struct ipset_session *session = noddos_ipset_session_init();
if (session == nullptr) {
syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
ipset_session_fini(session);
throw std::runtime_error ("Cannot initialize ipset session.");
}
- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set environment option.");
- ipset_session_fini(session);
- throw std::runtime_error ("Can't set environment option.");
- }
+ ipset_envopt_set(session, IPSET_ENV_EXIST);
if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session));
}
const struct ipset_type *type = ipset_type_get(session, cmd);
if (type == NULL) {
- syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_report_msg(session));
}
if (ipset_parse_elem(session, (ipset_opt)type->last_elem_optional, Mac.c_str()) < 0) {
- syslog (LOG_ERR, "Ipset: Can't call ipset_parse_elem for %s: %s ", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't call ipset_parse_elem for %s: %s ", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't call ipset_parse_elem for ipset " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't call ipset_parse_elem for ipset " + ipsetName + ": " + ipset_session_report_msg(session));
}
if (timeout) {
if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) != 0) {
- syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_report_msg(session));
}
}
if (ipset_cmd(session, cmd, 0) != 0) {
- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session));
}
if (ipset_commit(session) < 0) {
- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
}
ipset_session_fini(session);
return true;
diff --git a/src/Ipset.h b/src/Ipset.h
index 2c5f7b2..eb180da 100644
--- a/src/Ipset.h
+++ b/src/Ipset.h
@@ -41,6 +41,31 @@
#include "MacAddress.h"
+#if IPSET_PROTOCOL < 7
+/* compatibility shims */
+
+inline void ipset_envopt_set(struct ipset_session *session, enum ipset_envopt opt)
+{
+ ipset_envopt_parse(session, opt, NULL);
+}
+
+inline const char * ipset_session_report_msg(const struct ipset_session *session)
+{
+ return ipset_session_error(session);
+}
+
+static inline struct ipset_session *noddos_ipset_session_init(void)
+{
+ return ipset_session_init(printf);
+}
+
+#else
+
+static inline struct ipset_session *noddos_ipset_session_init(void)
+{
+ return ipset_session_init(NULL, NULL);
+}
+#endif
std::string getIpsetUuid (std::string inUuid);
std::string getIpsetName (std::string inUuid, bool inSrc, bool inIpv4 = true);
@@ -99,23 +124,19 @@ public:
}
bool Exists() {
try {
- struct ipset_session *session = ipset_session_init(printf);
+ struct ipset_session *session = noddos_ipset_session_init();
if (session == nullptr) {
syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
ipset_session_fini(session);
throw std::runtime_error ("Cannot initialize ipset session.");
}
- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
- syslog (LOG_ERR, "Ipset: Can't set environment option.");
- ipset_session_fini(session);
- throw std::runtime_error ("Can't set environment option.");
- }
+ ipset_envopt_set(session, IPSET_ENV_EXIST);
int r = ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str());
if (ipset_commit(session) < 0) {
- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
ipset_session_fini(session);
- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
}
ipset_session_fini(session);
return r == 0;

28
net/noddos/patches/030-getnoddosdeviceprofiles-wget-timestamping-check.patch Normal file
View File

@ -0,0 +1,28 @@
From eb1730afff9377a5f167d0738ad0b3aeba9634d0 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Tue, 19 Mar 2019 18:27:10 -0300
Subject: [PATCH] getnoddosdeviceprofiles: wget timestamping check
Check if the --timestamping option is available to avoid an error in
openwrt when wget is handled by uclient-fetch.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
diff --git a/tools/getnoddosdeviceprofiles b/tools/getnoddosdeviceprofiles
index 337e351..174034f 100755
--- a/tools/getnoddosdeviceprofiles
+++ b/tools/getnoddosdeviceprofiles
@@ -86,7 +86,12 @@ fi
# That's also why we don't delete the downloaded file
if [ "$WGET" != "" ]
then
- GETURL="$WGET --quiet --timestamping"
+ GETURL="$WGET --quiet"
+ # Make sure wget accepts --timestamping
+ if wget --help 2>&1 | egrep timestamping > /dev/null
+ then
+ GETURL="$GETURL --timestamping"
+ fi
else
if [ "$CURL" != "" ]
then

14
net/noddos/patches/040-openssl-deprecated.patch Normal file
View File

@ -0,0 +1,14 @@
--- a/src/opensslfingerprint.cxx
+++ b/src/opensslfingerprint.cxx
@@ -73,9 +73,11 @@ std::string getCertFingerprint(const std::string certfile, const bool Debug = fa
// closes file
close(fd);
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
// initialize OpenSSL
SSL_load_error_strings();
SSL_library_init();
+#endif
// creates BIO buffer
BIO * bio = BIO_new_mem_buf(buff, len);