From dd073fd6a651de5eecb173e3bb902279e703a1ef Mon Sep 17 00:00:00 2001 From: Andrew Date: Mon, 18 Sep 2023 14:35:13 +0200 Subject: [PATCH] security/tinc - subnet-down script was added to tinc plugin (#3591) --- security/tinc/Makefile | 1 + security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/security/tinc/Makefile b/security/tinc/Makefile index 19cc944ff..ea9b6397a 100644 --- a/security/tinc/Makefile +++ b/security/tinc/Makefile @@ -1,5 +1,6 @@ PLUGIN_NAME= tinc PLUGIN_VERSION= 1.7 +PLUGIN_REVISION= 1 PLUGIN_COMMENT= Tinc VPN PLUGIN_DEPENDS= tinc PLUGIN_MAINTAINER= ad@opnsense.org diff --git a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py index d9020a76c..2f73ae60b 100755 --- a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py +++ b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py @@ -96,7 +96,7 @@ def deploy(config_filename): if_up.append("configctl interface %s %s" % (interface_configd, interface_name)) write_file("%s/tinc-up" % network.get_basepath(), '\n'.join(if_up) + "\n", 0o700) - # write subnet-up file and ship required binaries into the chroot + # write subnet-{up|down} scripts and ship required binaries into the chroot chroot_needs = set(['/bin/sh', '/sbin/route', '/libexec/ld-elf.so.1']) for item in list(chroot_needs): for line in subprocess.run(['/usr/bin/ldd', item], capture_output=True, text=True).stdout.split('\n'): @@ -109,6 +109,10 @@ def deploy(config_filename): "#!/bin/sh", "route add $SUBNET -iface %s\n" % interface_name ]), 0o700) + write_file("%s/subnet-down" % network.get_basepath(), '\n'.join([ + "#!/bin/sh", + "route delete $SUBNET -iface %s\n" % interface_name + ]), 0o700) # configure and rename new tun device, place all in group "tinc" symlink associated tun device if interface_name not in interfaces: