Update DSVPN

2025-02-14 19:41:51 +00:00 · 2019-09-10 22:03:53 +02:00 · 2019-09-10 22:03:53 +02:00 · 13b8d06d41
commit 13b8d06d41
parent ffb4ee36d1
2 changed files with 55 additions and 29 deletions
--- a/dsvpn/Makefile
+++ b/dsvpn/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/jedisct1/dsvpn.git
-PKG_SOURCE_VERSION:=23ca90b3016cae77f1ac5ba32d1d38362d53d9cc
+PKG_SOURCE_VERSION:=57fb1bd5baf87c1e9b03833eb641897cab972895
 PKG_NAME:=dsvpn
 PKG_VERSION:=0.1.3-$(PKG_SOURCE_VERSION)
 PKG_RELEASE:=1
@ -29,7 +29,7 @@ define Package/$(PKG_NAME)/conffiles
 /etc/config/dsvpn
 endef

-TARGET_CFLAGS += -DOPENWRT_BUILD
+TARGET_CFLAGS += -DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL -DNO_DEFAULT_CONGESTION

 define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/usr/sbin
--- a/dsvpn/patches/nofirewall.patch
+++ b/dsvpn/patches/nofirewall.patch
@ -1,35 +1,61 @@
 diff --git a/src/os.c b/src/os.c
-index fda9d81..d10d045 100644
+index d5e4482..ee525aa 100644
 --- a/src/os.c
 +++ b/src/os.c
-@@ -441,7 +441,15 @@ int shell_cmd(const char *substs[][2], const char *args_str, int silent)
- Cmds firewall_rules_cmds(int is_server)
- {
-     if (is_server) {
-#ifdef __linux__
-+#ifdef defined(OPENWRT_BUILD)
-+        static const char
-+            *set_cmds[] =
-+                { "ip addr add $LOCAL_TUN_IP peer $REMOTE_TUN_IP dev $IF_NAME",
-+                  "ip -6 addr add $LOCAL_TUN_IP6 peer $REMOTE_TUN_IP6/96 dev $IF_NAME",
-+                  "ip link set dev $IF_NAME up",
-+                  NULL },
-+            *unset_cmds[] = { NULL, NULL };
-+#elif __linux__
+@@ -445,20 +445,25 @@ Cmds firewall_rules_cmds(int is_server)
+ #ifdef __linux__
         static const char
             *set_cmds[] =
-                 { "sysctl net.ipv4.ip_forward=1",
-@@ -487,6 +495,13 @@ Cmds firewall_rules_cmds(int is_server)
-                               "route delete 128/1",           "route delete -inet6 0000::/1",
-                               "route delete -inet6 8000::/1", NULL
+-                { "sysctl net.ipv4.ip_forward=1",
+-                  "ip addr add $LOCAL_TUN_IP peer $REMOTE_TUN_IP dev $IF_NAME",
+                { "ip addr add $LOCAL_TUN_IP peer $REMOTE_TUN_IP dev $IF_NAME",
+                   "ip -6 addr add $LOCAL_TUN_IP6 peer $REMOTE_TUN_IP6/96 dev $IF_NAME",
+                   "ip link set dev $IF_NAME up",
+#ifndef NO_DEFAULT_FIREWALL
+                  "sysctl net.ipv4.ip_forward=1",
+                   "iptables -t nat -A POSTROUTING -o $EXT_IF_NAME -s $REMOTE_TUN_IP -j MASQUERADE",
+                   "iptables -t filter -A FORWARD -i $EXT_IF_NAME -o $IF_NAME -m state --state "
+                   "RELATED,ESTABLISHED -j ACCEPT",
+                   "iptables -t filter -A FORWARD -i $IF_NAME -o $EXT_IF_NAME -j ACCEPT",
+#endif
+                   NULL },
+             *unset_cmds[] = {
+#ifndef NO_DEFAULT_FIREWALL
+                 "iptables -t nat -D POSTROUTING -o $EXT_IF_NAME -s $REMOTE_TUN_IP -j MASQUERADE",
+                 "iptables -t filter -D FORWARD -i $EXT_IF_NAME -o $IF_NAME -m state --state "
+                 "RELATED,ESTABLISHED -j ACCEPT",
+-                "iptables -t filter -D FORWARD -i $IF_NAME -o $EXT_IF_NAME -j ACCEPT", NULL
+                "iptables -t filter -D FORWARD -i $IF_NAME -o $EXT_IF_NAME -j ACCEPT", 
+#endif
+                NULL
+             };
+ #elif defined(__APPLE__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \
+     defined(__DragonFly__) || defined(__NetBSD__)
+@@ -492,7 +497,10 @@ Cmds firewall_rules_cmds(int is_server)
                           };
-+#elif defined(OPENWRT_BUILD)
-+        static const char
-+            *set_cmds[]   = { "ip link set dev $IF_NAME up",
-+                            "ip addr add $LOCAL_TUN_IP peer $REMOTE_TUN_IP dev $IF_NAME",
-+                            "ip -6 addr add $LOCAL_TUN_IP6 peer $REMOTE_TUN_IP6/96 dev $IF_NAME",
-+                            NULL },
-+            *unset_cmds[] = { NULL, NULL };
 #elif defined(__linux__)
         static const char
-             *set_cmds[]   = { "sysctl net.ipv4.tcp_congestion_control=bbr",
+-            *set_cmds[]   = { "sysctl net.ipv4.tcp_congestion_control=bbr",
+            *set_cmds[]   = {
+#ifndef NO_DEFAULT_CONGESTION
+                            "sysctl net.ipv4.tcp_congestion_control=bbr",
+#endif
+                             "ip link set dev $IF_NAME up",
+                             "ip addr add $LOCAL_TUN_IP peer $REMOTE_TUN_IP dev $IF_NAME",
+                             "ip -6 addr add $LOCAL_TUN_IP6 peer $REMOTE_TUN_IP6/96 dev $IF_NAME",
+@@ -505,9 +513,13 @@ Cmds firewall_rules_cmds(int is_server)
+                             "ip -6 rule add table main suppress_prefixlength 0",
+ #endif
+                             NULL },
+-            *unset_cmds[] = { "ip rule delete table 42069", "ip -6 rule delete table 42069",
+            *unset_cmds[] = { 
+#ifndef NO_DEFAULT_ROUTES
+                              "ip rule delete table 42069", "ip -6 rule delete table 42069",
+                               "ip rule delete table main suppress_prefixlength 0",
+-                              "ip -6 rule delete table main suppress_prefixlength 0", NULL };
+                              "ip -6 rule delete table main suppress_prefixlength 0",
+#endif
+                               NULL };
+ #else
+         static const char *const *set_cmds = NULL, *const *unset_cmds = NULL;
+ #endif