diff --git a/net/noddos/Makefile b/net/noddos/Makefile deleted file mode 100644 index 549a047be..000000000 --- a/net/noddos/Makefile +++ /dev/null @@ -1,84 +0,0 @@ -# -# Copyright (C) 2017 Steven Hessing -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -# Name and release number of this package -PKG_NAME:=noddos -PKG_VERSION:=0.5.5 -PKG_RELEASE:=5 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=https://github.com/noddos/noddos/releases/download/v$(PKG_VERSION)/ -PKG_HASH:=1f5be0c1015b0407036eecc8449d60d2abcacec442bba55db85fc32e89f754db - -PKG_MAINTAINER:=Steven Hessing -PKG_LICENSE:=GPL-3.0-or-later -PKG_LICENSE_FILES:=LICENSE.md - -PKG_BUILD_PARALLEL:=1 -CMAKE_INSTALL:=1 - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/cmake.mk - -define Package/noddos - SECTION:=net - CATEGORY:=Network - TITLE:=noddos -- device-aware cloud-powered firewall - URL:=https://www.noddos.io/ - DEPENDS:=+libstdcpp +libnetfilter-conntrack +libcurl +libopenssl +openssl-util +ca-bundle +wget +bzip2 +libtins +ipset +libpthread +libyaml-cpp -endef - -define Package/noddos/description -Noddos discovers what devices you have in your network and tailors the firewall rules based on whitelisted flows for that device. Noddos downloads the firewall rules periodically from the cloud. In order to support creating these firewall rules, noddos can, after opt-in, upload anonimized traffic statistics for each device to the cloud. The Luci interface is available in the luci-apps-noddos package. For information, visit https://www.noddos.io/ -endef - -define Package/noddos/conffiles -/etc/config/noddos -endef - -define Package/noddos/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_DIR) $(1)/etc/config - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_DIR) $(1)/etc/noddos - $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/noddos $(1)/usr/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/getnoddosdeviceprofiles $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/makenoddoscert.sh $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/noddos.init $(1)/etc/init.d/noddos - $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/noddos.uciconfig $(1)/etc/config/noddos - $(INSTALL_DATA) $(PKG_BUILD_DIR)/files/noddos.yml-base $(1)/etc/noddos - $(INSTALL_DATA) $(PKG_BUILD_DIR)/files/noddosconfig.pem $(1)/etc/noddos -endef - -define Package/noddos/prerm - #!/bin/sh - # check if we are on real system - if [ -z "$${IPKG_INSTROOT}" ]; then - /etc/init.d/noddos stop - echo "Removing rc.d symlink for noddos" - /etc/init.d/noddos disable - fi - exit 0 -endef - -define Package/noddos/postrm - #!/bin/sh - # check if we are on real system - if [ -z "$${IPKG_INSTROOT}" ]; then - echo "Removing noddos data directory" - rm -rf /var/lib/noddos - if [ -f /var/etc/noddos.yml ]; then - rm /var/etc/noddos.yml - fi - fi - exit 0 -endef - -$(eval $(call BuildPackage,noddos)) diff --git a/net/noddos/patches/010-openssl-1.1-fixes.patch b/net/noddos/patches/010-openssl-1.1-fixes.patch deleted file mode 100644 index 965e2b026..000000000 --- a/net/noddos/patches/010-openssl-1.1-fixes.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/src/opensslfingerprint.cxx -+++ b/src/opensslfingerprint.cxx -@@ -110,7 +110,9 @@ std::string getCertFingerprint(const std - snprintf(&fpbuf[57], 3, "%02x", md[19]); - - if (Debug) { -- syslog (LOG_DEBUG, "Cert: %s, fingerprint: %s", x->name, fpbuf); -+ char *namebuf = X509_NAME_oneline(X509_get_subject_name(x),NULL,0); -+ syslog (LOG_DEBUG, "Cert: %s, fingerprint: %s", namebuf, fpbuf); -+ free(namebuf); - } - - std::string fp = fpbuf; diff --git a/net/noddos/patches/020-Ipset.cxx-update-libipset-API-to-version-7.patch b/net/noddos/patches/020-Ipset.cxx-update-libipset-API-to-version-7.patch deleted file mode 100644 index 5f7bc3a87..000000000 --- a/net/noddos/patches/020-Ipset.cxx-update-libipset-API-to-version-7.patch +++ /dev/null @@ -1,431 +0,0 @@ -From 5200105f412ceefa0784bf914aa215146fd067b0 Mon Sep 17 00:00:00 2001 -From: Eneas U de Queiroz -Date: Wed, 26 Dec 2018 16:45:47 -0200 -Subject: [PATCH] Ipset.cxx: update libipset API to version 7 - -Old API compatibility was kept with a compatibility shim. - -Signed-off-by: Eneas U de Queiroz - -diff --git a/src/Ipset.cxx b/src/Ipset.cxx -index 9333fe6..da97f93 100644 ---- a/src/Ipset.cxx -+++ b/src/Ipset.cxx -@@ -90,23 +90,19 @@ void Ipset::Open (const std::string inIpsetName, std::string inIpsetType, bool i - isIpsetv4 = inisIpsetv4; - ipset_load_types(); - -- struct ipset_session *session = ipset_session_init(printf); -+ struct ipset_session *session = noddos_ipset_session_init(); - if (session == nullptr) { - syslog (LOG_ERR, "Ipset: Cannot initialize ipset session."); - ipset_session_fini(session); - throw std::runtime_error ("Cannot initialize ipset session."); - } - -- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set environment option."); -- ipset_session_fini(session); -- throw std::runtime_error ("Can't set environment option."); -- } -+ ipset_envopt_set(session, IPSET_ENV_EXIST); - int r = ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()); - if ( r < 0) { -- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session)); - } else if (r > 0) { - if (Debug == true) { - syslog (LOG_DEBUG, "Ipset: Not creating set %s as it already exists", ipsetName.c_str()); -@@ -115,27 +111,27 @@ void Ipset::Open (const std::string inIpsetName, std::string inIpsetType, bool i - return; - } - if (ipset_session_data_set(session, IPSET_OPT_TYPENAME, ipsetType.c_str()) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set setname %s to type %s: %s", ipsetName.c_str(), ipsetType.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set setname %s to type %s: %s", ipsetName.c_str(), ipsetType.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set type " + ipsetType + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set type " + ipsetType + ": " + ipset_session_report_msg(session)); - } - const struct ipset_type *type = ipset_type_get(session, IPSET_CMD_CREATE); - if (type == NULL) { -- syslog (LOG_ERR, "Ipset: Can't set create ip %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set create ip %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't create ipset " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't create ipset " + ipsetName + ": " + ipset_session_report_msg(session)); - } - - uint32_t timeout = 0; /* default to infinity */ - if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set setname %s to timeout %d: %s", ipsetName.c_str(), timeout, ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set setname %s to timeout %d: %s", ipsetName.c_str(), timeout, ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set time-out " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set time-out " + ipsetName + ": " + ipset_session_report_msg(session)); - } - if (ipset_session_data_set(session, IPSET_OPT_TYPE, type)) { -- syslog (LOG_ERR, "Ipset: Can't set setname %s option type: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set setname %s option type: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set ipset type: " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set ipset type: " + ipsetName + ": " + ipset_session_report_msg(session)); - } - uint8_t family = 0; - if (ipsetType == "hash:ip" && isIpsetv4 == true) { -@@ -149,20 +145,20 @@ void Ipset::Open (const std::string inIpsetName, std::string inIpsetType, bool i - throw std::invalid_argument("Unknown ipset data type " + ipsetType); - } - if (ipset_session_data_set(session, IPSET_OPT_FAMILY, &family) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set setname %s address family %d: %s", ipsetName.c_str(), family, ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set setname %s address family %d: %s", ipsetName.c_str(), family, ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Cannot set ipset family: " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Cannot set ipset family: " + ipsetName + ": " + ipset_session_report_msg(session)); - } - - if (ipset_cmd(session, IPSET_CMD_CREATE, /*lineno*/ 0) != 0) { -- syslog (LOG_ERR, "Ipset: Can't create setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't create setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Failed to create ipset " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Failed to create ipset " + ipsetName + ": " + ipset_session_report_msg(session)); - } - if (ipset_commit(session) < 0) { -- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - ipset_session_fini(session); - } -@@ -173,33 +169,29 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd) { - if (Debug == true) { - syslog(LOG_DEBUG, "Ipset: received command %d for ipset %s", cmd, ipsetName.c_str()); - } -- struct ipset_session *session = ipset_session_init(printf); -+ struct ipset_session *session = noddos_ipset_session_init(); - if (session == nullptr) { - syslog (LOG_ERR, "Ipset: Cannot initialize ipset session."); - ipset_session_fini(session); - throw std::runtime_error ("Cannot initialize ipset session."); - } - -- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set environment option."); -- ipset_session_fini(session); -- throw std::runtime_error ("Can't set environment option."); -- } -+ ipset_envopt_set(session, IPSET_ENV_EXIST); - if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session)); - } - - if (ipset_cmd(session, cmd, 0) != 0) { - ipset_session_fini(session); -- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); -+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - if (ipset_commit(session) < 0) { -- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - ipset_session_fini(session); - return true; -@@ -210,61 +202,57 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd, const Tins::IPv4Address &inIpAddress - if (Debug == true) { - syslog(LOG_DEBUG, "Ipset: received command %d for IP address %s for ipset %s", cmd, inIpAddress.to_string().c_str(), ipsetName.c_str()); - } -- struct ipset_session *session = ipset_session_init(printf); -+ struct ipset_session *session = noddos_ipset_session_init(); - if (session == nullptr) { - syslog (LOG_ERR, "Ipset: Cannot initialize ipset session."); - ipset_session_fini(session); - throw std::runtime_error ("Cannot initialize ipset session."); - } - -- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set environment option."); -- ipset_session_fini(session); -- throw std::runtime_error ("Can't set environment option."); -- } -+ ipset_envopt_set(session, IPSET_ENV_EXIST); - if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session)); - } - const struct ipset_type *type = ipset_type_get(session, cmd); - if (type == NULL) { -- syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_report_msg(session)); - } - - uint8_t family = NFPROTO_IPV4; - if (ipset_session_data_set(session, IPSET_OPT_FAMILY, &family) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set session data to IPv4 family for set %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set session data to IPv4 family for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv4 family, error: " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv4 family, error: " + ipset_session_report_msg(session)); - } - struct in_addr sin; - inet_aton (inIpAddress.to_string().c_str(), &sin); - if (ipset_session_data_set(session, IPSET_OPT_IP, &sin) < 0) { -- syslog (LOG_ERR, "Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_report_msg(session)); - } - - if (timeout) { - if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) != 0) { -- syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_report_msg(session)); - return false; - } - } - if (ipset_cmd(session, cmd, 0) != 0) { - ipset_session_fini(session); -- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); -+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - if (ipset_commit(session) < 0) { -- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - ipset_session_fini(session); - return true; -@@ -274,61 +262,57 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd, const Tins::IPv6Address &inIpAddress - if (Debug == true) { - syslog(LOG_DEBUG, "Ipset: received command %d for IP address %s for ipset %s", cmd, inIpAddress.to_string().c_str(), ipsetName.c_str()); - } -- struct ipset_session *session = ipset_session_init(printf); -+ struct ipset_session *session = noddos_ipset_session_init(); - if (session == nullptr) { - syslog (LOG_ERR, "Ipset: Cannot initialize ipset session."); - ipset_session_fini(session); - throw std::runtime_error ("Cannot initialize ipset session."); - } - -- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set environment option."); -- ipset_session_fini(session); -- throw std::runtime_error ("Can't set environment option."); -- } -+ ipset_envopt_set(session, IPSET_ENV_EXIST); - if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session)); - } - const struct ipset_type *type = ipset_type_get(session, cmd); - if (type == NULL) { -- syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_report_msg(session)); - } - - uint8_t family = NFPROTO_IPV6; - if (ipset_session_data_set(session, IPSET_OPT_FAMILY, &family) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set session data to IPv6 family for set %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set session data to IPv6 family for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv6 family, error: " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv6 family, error: " + ipset_session_report_msg(session)); - } - - unsigned char buf[sizeof(struct in6_addr)]; - int s = inet_pton(AF_INET6, inIpAddress.to_string().c_str(), buf); - if (ipset_session_data_set(session, IPSET_OPT_IP, &buf) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_report_msg(session)); - } - - if (timeout) { - if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) != 0) { -- syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - } - if (ipset_cmd(session, cmd, 0) != 0) { -- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - if (ipset_commit(session) < 0) { -- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - ipset_session_fini(session); - return true; -@@ -338,50 +322,46 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd, const std::string Mac, time_t timeout - if (Debug == true) { - syslog(LOG_DEBUG, "Ipset: received command %d for MAC address %s for ipset %s", cmd, Mac.c_str(), ipsetName.c_str()); - } -- struct ipset_session *session = ipset_session_init(printf); -+ struct ipset_session *session = noddos_ipset_session_init(); - if (session == nullptr) { - syslog (LOG_ERR, "Ipset: Cannot initialize ipset session."); - ipset_session_fini(session); - throw std::runtime_error ("Cannot initialize ipset session."); - } - -- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set environment option."); -- ipset_session_fini(session); -- throw std::runtime_error ("Can't set environment option."); -- } -+ ipset_envopt_set(session, IPSET_ENV_EXIST); - if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session)); - } - const struct ipset_type *type = ipset_type_get(session, cmd); - if (type == NULL) { -- syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_report_msg(session)); - } - if (ipset_parse_elem(session, (ipset_opt)type->last_elem_optional, Mac.c_str()) < 0) { -- syslog (LOG_ERR, "Ipset: Can't call ipset_parse_elem for %s: %s ", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't call ipset_parse_elem for %s: %s ", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't call ipset_parse_elem for ipset " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't call ipset_parse_elem for ipset " + ipsetName + ": " + ipset_session_report_msg(session)); - } - if (timeout) { - if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) != 0) { -- syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - } - if (ipset_cmd(session, cmd, 0) != 0) { -- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - if (ipset_commit(session) < 0) { -- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - ipset_session_fini(session); - return true; -diff --git a/src/Ipset.h b/src/Ipset.h -index 2c5f7b2..eb180da 100644 ---- a/src/Ipset.h -+++ b/src/Ipset.h -@@ -41,6 +41,31 @@ - - #include "MacAddress.h" - -+#if IPSET_PROTOCOL < 7 -+/* compatibility shims */ -+ -+inline void ipset_envopt_set(struct ipset_session *session, enum ipset_envopt opt) -+{ -+ ipset_envopt_parse(session, opt, NULL); -+} -+ -+inline const char * ipset_session_report_msg(const struct ipset_session *session) -+{ -+ return ipset_session_error(session); -+} -+ -+static inline struct ipset_session *noddos_ipset_session_init(void) -+{ -+ return ipset_session_init(printf); -+} -+ -+#else -+ -+static inline struct ipset_session *noddos_ipset_session_init(void) -+{ -+ return ipset_session_init(NULL, NULL); -+} -+#endif - - std::string getIpsetUuid (std::string inUuid); - std::string getIpsetName (std::string inUuid, bool inSrc, bool inIpv4 = true); -@@ -99,23 +124,19 @@ public: - } - bool Exists() { - try { -- struct ipset_session *session = ipset_session_init(printf); -+ struct ipset_session *session = noddos_ipset_session_init(); - if (session == nullptr) { - syslog (LOG_ERR, "Ipset: Cannot initialize ipset session."); - ipset_session_fini(session); - throw std::runtime_error ("Cannot initialize ipset session."); - } - -- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) { -- syslog (LOG_ERR, "Ipset: Can't set environment option."); -- ipset_session_fini(session); -- throw std::runtime_error ("Can't set environment option."); -- } -+ ipset_envopt_set(session, IPSET_ENV_EXIST); - int r = ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()); - if (ipset_commit(session) < 0) { -- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session)); -+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session)); - ipset_session_fini(session); -- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session)); -+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session)); - } - ipset_session_fini(session); - return r == 0; diff --git a/net/noddos/patches/030-getnoddosdeviceprofiles-wget-timestamping-check.patch b/net/noddos/patches/030-getnoddosdeviceprofiles-wget-timestamping-check.patch deleted file mode 100644 index ad4c0c3c8..000000000 --- a/net/noddos/patches/030-getnoddosdeviceprofiles-wget-timestamping-check.patch +++ /dev/null @@ -1,28 +0,0 @@ -From eb1730afff9377a5f167d0738ad0b3aeba9634d0 Mon Sep 17 00:00:00 2001 -From: Eneas U de Queiroz -Date: Tue, 19 Mar 2019 18:27:10 -0300 -Subject: [PATCH] getnoddosdeviceprofiles: wget timestamping check - -Check if the --timestamping option is available to avoid an error in -openwrt when wget is handled by uclient-fetch. - -Signed-off-by: Eneas U de Queiroz - -diff --git a/tools/getnoddosdeviceprofiles b/tools/getnoddosdeviceprofiles -index 337e351..174034f 100755 ---- a/tools/getnoddosdeviceprofiles -+++ b/tools/getnoddosdeviceprofiles -@@ -86,7 +86,12 @@ fi - # That's also why we don't delete the downloaded file - if [ "$WGET" != "" ] - then -- GETURL="$WGET --quiet --timestamping" -+ GETURL="$WGET --quiet" -+ # Make sure wget accepts --timestamping -+ if wget --help 2>&1 | egrep timestamping > /dev/null -+ then -+ GETURL="$GETURL --timestamping" -+ fi - else - if [ "$CURL" != "" ] - then diff --git a/net/noddos/patches/040-openssl-deprecated.patch b/net/noddos/patches/040-openssl-deprecated.patch deleted file mode 100644 index 915f623a8..000000000 --- a/net/noddos/patches/040-openssl-deprecated.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- a/src/opensslfingerprint.cxx -+++ b/src/opensslfingerprint.cxx -@@ -73,9 +73,11 @@ std::string getCertFingerprint(const std::string certfile, const bool Debug = fa - // closes file - close(fd); - -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) - // initialize OpenSSL - SSL_load_error_strings(); - SSL_library_init(); -+#endif - - // creates BIO buffer - BIO * bio = BIO_new_mem_buf(buff, len);