merge with latest dev version

5 files changed, 143 insertions, 0 deletions

diff --git a/core/modules/redsocks/data/etc/redsocks.conf b/core/modules/redsocks/data/etc/redsocks.conf
new file mode 100644
index 00000000..db3a7f2a
--- /dev/null
+++ b/core/modules/redsocks/data/etc/redsocks.conf
@@ -0,0 +1,56 @@
+base {
+	// debug: connection progress & client list on SIGUSR1
+	log_debug = off;
+
+	// info: start and end of client session
+	log_info = off;
+
+	/* possible `log' values are:
+	 *   stderr
+	 *   "file:/path/to/file"
+	 *   syslog:FACILITY  facility is any of "daemon", "local0"..."local7"
+	 */
+	log = "file:/run/redsocks/redsocks.log";
+
+	// detach from console
+	daemon = on;
+
+	/* Change uid, gid and root directory, these options require root
+	 * privilegies on startup.
+	 * Note, your chroot may requre /etc/localtime if you write log to syslog.
+	 * Log is opened before chroot & uid changing.
+	 */
+	// user = nobody;
+	// group = nogroup;
+	// chroot = "/var/chroot";
+
+	/* possible `redirector' values are:
+	 *   iptables   - for Linux
+	 *   ipf        - for FreeBSD
+	 *   pf         - for OpenBSD
+	 *   generic    - some generic redirector that MAY work
+	 */
+	redirector = iptables;
+}
+
+redsocks {
+	/* `local_ip' defaults to 127.0.0.1 for security reasons,
+	 * use 0.0.0.0 if you want to listen on every interface.
+	 * `local_*' are used as port to redirect to.
+	 */
+	local_ip = 0.0.0.0;
+	local_port = 12345;
+
+	// `ip' and `port' are IP and tcp-port of proxy-server
+	ip = %%PROXY_IP%%;
+	port = %%PROXY_PORT%%;
+
+
+	// known types: socks4, socks5, http-connect, http-relay
+	// type = http-connect;
+	type = %%PROXY_TYPE%%;
+
+	// login = "foobar";
+	// password = "baz";
+}
+
diff --git a/core/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup-proxy.service b/core/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup-proxy.service
new file mode 120000
index 00000000..0da8d078
--- /dev/null
+++ b/core/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup-proxy.service
@@ -0,0 +1 @@
+../setup-proxy.service
\ No newline at end of file
diff --git a/core/modules/redsocks/data/etc/systemd/system/redsocks.service b/core/modules/redsocks/data/etc/systemd/system/redsocks.service
new file mode 100644
index 00000000..929c24ab
--- /dev/null
+++ b/core/modules/redsocks/data/etc/systemd/system/redsocks.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Transparent redirector of any TCP connection to proxy using your firewall
+DefaultDependencies=no
+
+[Service]
+Type=forking
+User=redsocks
+PIDFile=/run/redsocks/redsocks.pid
+ExecStart=/sbin/redsocks -c /etc/redsocks.conf -p /run/redsocks/redsocks.pid
+ExecStopPost=/opt/openslx/bin/rm -f /run/redsocks/redsocks.pid
+ExecStopPost=/opt/openslx/bin/rm -f /opt/openslx/iptables/rules.d/10-redoscks-proxy
+Restart=on-abort
diff --git a/core/modules/redsocks/data/etc/systemd/system/setup-proxy.service b/core/modules/redsocks/data/etc/systemd/system/setup-proxy.service
new file mode 100644
index 00000000..54052425
--- /dev/null
+++ b/core/modules/redsocks/data/etc/systemd/system/setup-proxy.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Proxy setup detection
+Before=shutdown.target
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+ExecStart=/opt/openslx/scripts/systemd-setup_proxy
+RemainAfterExit=yes
diff --git a/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy b/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy
new file mode 100755
index 00000000..97ef8225
--- /dev/null
+++ b/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy
@@ -0,0 +1,65 @@
+#!/bin/bash
+# Needs full bash
+
+for wait in 1 1 2 3 4 6 8 10 end; do
+	grep '^#_RCONFIG_TAG$' /opt/openslx/config > /dev/null && echo "Config found!" && break
+	[ "$wait" == "end" ] && echo "Giving up!" && exit 1
+	echo "No config yet..."
+	sleep $wait
+done
+
+. /opt/openslx/config || echo "Error sourcing config for setup_proxy"
+
+[ -z "$SLX_PROXY_MODE" -o "x$SLX_PROXY_MODE" == "xoff" ] && echo "proxy mode disabled." && exit 0
+
+PROXY=off
+if [ "$SLX_PROXY_MODE" == "on" ]; then
+	PROXY=on
+elif [ "$SLX_PROXY_MODE" == "auto" -a -n "$SLX_PXE_CLIENT_IP" ]; then
+	# auto detection: check if it is actually needed
+	RET=$(curl -m 2 -s http://www.google.de/ | grep -o google | wc -l)
+	if [ $RET -lt 20 ]; then
+		sleep 4
+		RET=$(curl -m 5 -s http://www.google.de/ | grep -o google | wc -l)
+	fi
+	[ $RET -gt 20 ] && echo "Auto detect: Internet is reachable without proxy." && exit 0
+	PROXY=on
+fi
+
+[ "$PROXY" == "off" ] && echo "Proxy mode not required." && exit 0
+echo "Setting up transparent proxying via $SLX_PROXY_IP"
+
+sed -i "s/%%PROXY_IP%%/$SLX_PROXY_IP/g;s/%%PROXY_PORT%%/$SLX_PROXY_PORT/g;s/%%PROXY_TYPE%%/$SLX_PROXY_TYPE/g" /etc/redsocks.conf
+
+mkdir -p /run/redsocks
+chown redsocks:redsocks /run/redsocks
+systemctl start redsocks
+
+cat > "/opt/openslx/iptables/rules.d/10-redoscks-proxy" <<HEREDOCBROWN
+#!/bin/ash
+. /opt/openslx/config
+
+iptables -t nat -N REDSOCKS 2>/dev/null
+iptables -t nat -F REDSOCKS
+iptables -t nat -A REDSOCKS -d "\$SLX_PROXY_IP" -j RETURN
+iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
+iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
+iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
+iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
+iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
+if [ -n "\$SLX_PROXY_BLACKLIST" ]; then
+	for ADDR in \$SLX_PROXY_BLACKLIST; do
+		iptables -t nat -A REDSOCKS -d "\$ADDR" -j RETURN
+	done
+fi
+iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port 12345
+iptables -t nat -A PREROUTING -i nat1 -p tcp -j REDSOCKS
+iptables -t nat -A OUTPUT -o br0 -p tcp -j REDSOCKS
+#iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
+iptables -A INPUT -i br0 -p tcp --dport 12345 -j DROP
+HEREDOCBROWN
+chmod +x "/opt/openslx/iptables/rules.d/10-redoscks-proxy"
+