smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11721-init.patch

diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard     2021-10-26 23:15:10.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-27 17:28:48.614000000 -0400
@@ -18,7 +18,7 @@
 my $minimum=16; 
 my $maximum=32; 
 my $x = $minimum + int(rand($maximum - $minimum)); 
-$DB->set_prop('wg-quick@wg0', 'ip', "172.$x.0.0") ;
+$DB->set_prop('wg-quick@wg0', 'ip', "172.$x.0.1") ;
 }
 
 }
diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
--- smeserver-wireguard-1.0.old/createlink      2021-10-25 23:38:29.000000000 -0400
+++ smeserver-wireguard-1.0/createlink  2021-10-27 21:20:46.985000000 -0400
@@ -69,5 +69,5 @@
 ));
 
 
-
+panel_link("wireguard", "manager");
 
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard     2021-10-27 21:17:33.367000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-27 21:18:24.898000000 -0400
@@ -6,7 +6,7 @@
   $DB->set_prop('wg-quick@wg0', 'private', $value ) ;
 }
 # recreate public if empty or not the same
-$private=${'wg-quick@wg0'}{'private'};
+$private=$DB->get_prop('wg-quick@wg0', 'private') ;
 $public=`/usr/bin/echo $private | /usr/bin/wg pubkey`;
 chomp $public;
 if ( ! defined ${'wg-quick@wg0'}{'public'} ||  ${'wg-quick@wg0'}{'public'} ne $public) {
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard      1969-12-31 19:00:00.000000000 -0500
+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard  2021-06-28 03:17:15.000000000 -0400
@@ -0,0 +1,12 @@
+# wireguard specific configuration
+{
+$wg = $wireguard{status} || 'disabled';
+$wg0 = ${'wg-quick@wg0'}{status} || 'disabled';
+if ($wg0 eq 'enabled') {
+        $OUT .= "enable wg-quick\@wg0.service\n";
+} else {
+        $OUT .= "disable wg-quick\@wg0.service\n";
+}
+
+}
+
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard        2021-06-28 03:17:15.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard    1969-12-31 19:00:00.000000000 -0500
@@ -1,12 +0,0 @@
-# wireguard specific configuration
-{
-$wg = $wireguard{status} || 'disabled';
-$wg0 = ${'wg-quick@wg0'}{status} || 'disabled';
-if ($wg0 eq 'enabled') {
-        $OUT .= "enable wg-quick\@wg0.service\n";
-} else {
-        $OUT .= "disable wg-quick\@wg0.service\n";
-}
-
-}
-
diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
--- smeserver-wireguard-1.0.old/createlink      2021-10-27 21:37:41.284000000 -0400
+++ smeserver-wireguard-1.0/createlink  2021-10-27 21:38:21.164000000 -0400
@@ -33,7 +33,7 @@
       ));
 event_services($event, qw(
   masq restart
-  'wg-quick@wg0' restart
+  wg-quick@wg0 restart
   ));
 event_link("wireguard-network", $event, "30");
 
@@ -44,7 +44,7 @@
   /etc/wireguard/server_public.key
 ));
 event_services($event, qw(
-  'wg-quick@wg0' restart
+  wg-quick@wg0 restart
 ));
 
 #wireguard-user-create
@@ -65,7 +65,7 @@
   /etc/wireguard/server_public.key
 ));
 event_services($event, qw(
-  'wg-quick@wg0' restart
+  wg-quick@wg0 restart
 ));
 
 
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard       2021-10-26 23:15:11.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard   2021-10-27 21:41:45.296000000 -0400
@@ -239,6 +239,10 @@
    <trans>You can not alter the server ip, mask, private and public key as there are already some clients configured.</trans>
   </entry>
 
+  <entry>
+   <base>NO_CONF</base>
+   <trans>No configured client</trans>
+  </entry>
 
 
 </lexicon>
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface
--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface   2021-06-28 04:41:57.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface       2021-10-27 17:41:12.223000000 -0400
@@ -4,7 +4,6 @@
 PrivateKey = {${'wg-quick@wg0'}{private}}
 
 # this should be added to masq with correct interfaces
-#eth0 should be rempalced by external interface if available or internal
-#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+PostUp = iptables -I FORWARD -i %i -j ACCEPT; iptables -I FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
 
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers
--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers  2021-06-28 04:46:01.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers      2021-10-27 17:41:12.429000000 -0400
@@ -1,33 +1,36 @@
 {
-$OUT = "";
+use esmith::AccountsDB;
 
-return;
-my $wg =  esmith::ConfigDB->open_ro('/etc/e-smith/db/wireguard') or return "#no peers";
-# for each user
+my $wg =  esmith::ConfigDB->open_ro('/home/e-smith/db/wireguard');
 my $accounts = esmith::AccountsDB->open_ro;
-for my $user ( $accounts->get_all_by_prop(type => 'wg0') ) {
+
+# for each user
+my @users = ( $accounts->users );
+push(@users, $accounts->get('admin'));
+for my $user ( @users ) {
   my $username = $user->key;
+  my $count = 0;
   for my $cnx ( $wg->get_all_by_prop(user => $username) ) {
+     $count++;
      my $public = $cnx->prop('public');
-     my $ip = $cnx->prop('ip');
+     my $ip = $cnx->key; 
      my $info = $cnx->prop('info');
+     my $status = $cnx->prop('status') || "enabled";
+     if ( $status eq "disabled" ) {
+       $OUT .= "\n# $username : $info DISABLED (PublicKey = $public ; AllowedIPs = $ip)\n";
+       next;
+     }
 
-# wireguard
-#private;public;ips;info#private;public;ips;info
-#private and public is base64 : +/= could be in it
-#ips can be v4 or v6 with subnet ./:,
-#info could have letters, digit and space
-# to separate multiple #
-
-    $OUT .= "
+     $OUT .= "
 [Peer]
 # $username : $info
 PublicKey = $public
 AllowedIPs = $ip\n";
-  }
 
+
+  } 
+  $OUT .= "# no entry for user $username\n" if $count <1;
 }
 
 
 }
-
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers
--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers        2021-06-08 03:56:43.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers    1969-12-31 19:00:00.000000000 -0500
@@ -1,3 +0,0 @@
-
-#TODO
-
diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
--- smeserver-wireguard-1.0.old/createlink      2021-10-27 23:25:06.319000000 -0400
+++ smeserver-wireguard-1.0/createlink  2021-10-27 23:33:11.426000000 -0400
@@ -16,7 +16,7 @@
 
 event_services($event, qw(
   masq restart
-  'wg-quick@wg0' restart
+  wg-quick@wg0 restart
 ));
 event_link("wireguard-network", $event, "30");
 templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
@@ -54,7 +54,7 @@
   /etc/wireguard/server_public.key
 ));
 event_services($event, qw(
-  'wg-quick@wg0' restart
+  wg-quick@wg0 restart
 ));
 event_link("wireguard-user-create", $event, "03");
 
@@ -67,6 +67,11 @@
 event_services($event, qw(
   wg-quick@wg0 restart
 ));
+
+$event="remoteaccess-update";
+event_services($event, qw(
+  wg-quick@wg0 restart
+));
 
 
 panel_link("wireguard", "manager");
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm   2021-10-26 23:15:10.000000000 -0400
+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm       2021-10-31 22:37:41.238000000 -0400
@@ -224,6 +224,7 @@
 my $wg0 = $cdb->get('wg-quick@wg0');
 my $ServPublic = $wg0->prop('public');
 my $Port = $wg0->prop('UDPPort');
+my $allowedips = $wg0->prop('allowedips') || "0.0.0.0/0";
 
 #here we guess wan IP
 # are we server-gateway mode ? so external lan, should do 
@@ -233,15 +234,20 @@
 # dig @resolver4.opendns.com myip.opendns.com +short -4
 # dig @resolver1.ipv6-sandbox.opendns.com AAAA myip.opendns.com +short -6
 
+#DNS
+my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
+my $dns = ($allowedips =~ /0.0.0.0\/0/)? "DNS = $IPAddress" : "" ;
+
 
 my $fulltext ="#configuration for $key $info
 [Interface]
 PrivateKey = $private
 Address = $key
+$dns
 
 [Peer]
 PublicKey = $ServPublic
-AllowedIPs = 0.0.0.0/0
+AllowedIPs = $allowedips
 Endpoint = $ExternalIP:$Port
 ";
 # we could add a DNS field in [Interface]
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard     2021-11-01 21:46:45.647000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-11-01 21:50:17.661000000 -0400
@@ -1,4 +1,6 @@
 {
+my $wireguard = $DB->get('wg-quick@wg0') ||  $DB->new_record('wg-quick@wg0', {type => 'service'});
+
 # add private and public key if not present
 unless (defined ${'wg-quick@wg0'}{'private'}) {
   $value= `/usr/bin/wg genkey`;
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard       2021-11-03 00:04:00.688000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard   2021-11-03 00:24:10.217000000 -0400
@@ -244,5 +244,10 @@
    <trans>No configured client</trans>
   </entry>
 
+  <entry>
+   <base>INTERFACE</base>
+   <trans>Interface</trans>
+  </entry>
+
 
 </lexicon>
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm   2021-11-03 00:04:00.691000000 -0400
+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm       2021-11-03 00:06:45.195000000 -0400
@@ -82,7 +82,7 @@
             esmith::cgi::genSmallCell($q, $fm->localise('CONF_NAME'),"header"),
             esmith::cgi::genSmallCell($q, $fm->localise('USER'),"header"),
             esmith::cgi::genSmallCell($q, $fm->localise('INFO'),"header"),
-            esmith::cgi::genSmallCell($q, $fm->localise('STATUS'),"header"),
+            esmith::cgi::genSmallCell($q, $fm->localise('LABEL_STATUS'),"header"),
             esmith::cgi::genSmallCell($q, $fm->localise('ACTION'),"header", 3),
         ),
             "\n";
@@ -131,7 +131,12 @@
     my $wgip = $wg->prop('ip');
     my $wgmask = $wg->prop('mask');
     my $wgport = $wg->prop('UDPPort');
+    my $sstatus = $wg->prop('status');
 
+    print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('INTERFACE'),"header"),
+                esmith::cgi::genSmallCell($q, "wg0"),);
+    print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('LABEL_STATUS'),"header"),
+                esmith::cgi::genSmallCell($q, $sstatus),);
     print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('PUBLIC_KEY'),"header"), 
                esmith::cgi::genSmallCell($q, $wgpub),);
     print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('IP'),"header"), 
@@ -228,11 +233,10 @@
 
 #here we guess wan IP
 # are we server-gateway mode ? so external lan, should do 
-my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
 # else we should guess from an external service
-# dig @resolver4.opendns.com myip.opendns.com +short
-# dig @resolver4.opendns.com myip.opendns.com +short -4
-# dig @resolver1.ipv6-sandbox.opendns.com AAAA myip.opendns.com +short -6
+#my $internet_ip_address = get_internet_ip_address();
+my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
+$ExternalIP=get_internet_ip_address() unless defined $ExternalIP;
 
 #DNS
 my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
@@ -250,8 +254,6 @@
 AllowedIPs = $allowedips
 Endpoint = $ExternalIP:$Port
 ";
-# we could add a DNS field in [Interface]
-# DNS = 1.1.1.1, 1.0.0.1
 
 print "<br><textarea cols='70' rows='10'>$fulltext </textarea>";
 
@@ -476,7 +478,7 @@
             $fm->error('ERROR_OCCURED','FIRST_PAGE');
             return undef;
         }
-        unless (system ("/sbin/e-smith/signal-event", "wireguard-client-remove") == 0 ){
+        unless (system ("/sbin/e-smith/signal-event", "wireguard-user-delete") == 0 ){
             $fm->error('ERROR_OCCURED','FIRST_PAGE');
             return undef;
         }
@@ -539,4 +541,73 @@
 }
 
 
+
+sub get_internet_ip_address {
+  #we could use DNS to do this faster but some provider will block DNS
+  #dig +short myip.opendns.com @resolver1.opendns.com
+  #also resolver1.opendns.com resolver2.opendns.com resolver3.opendns.com
+  #here a list of available site with https
+  use Net::DNS;
+  use LWP::Simple;
+  my $timeout=1;
+
+  my @httpslist=qw(
+checkip.amazonaws.com
+myexternalip.com/raw
+ifconfig.me/
+icanhazip.com/
+ident.me/
+tnx.nl/ip
+ipecho.net/plain
+wgetip.com/
+ip.tyk.nu/
+bot.whatismyipaddress.com/
+ipof.in/txt
+l2.io/ip
+eth0.me/ );
+  my @dns = (
+        ['myip.opendns.com', 'resolver1.opendns.com', 'A'],
+        ['myip.opendns.com', 'resolver2.opendns.com', 'A'],
+        ['myip.opendns.com', 'resolver3.opendns.com', 'A'],
+        ['myip.opendns.com', 'resolver4.opendns.com', 'A'],
+        ['whoami.akamai.net', 'ns1-1.akamaitech.net', 'A'],
+        ['o-o.myaddr.l.google.com', 'ns1.google.com', 'TXT']
+
+  );
+  my $ip;
+
+  #foreach my $i ( 0 .. $#dns) {
+  # dns calls; test only one random...
+  my $i = rand(@httpslist);
+  my $res   = Net::DNS::Resolver->new(
+        nameservers => [ $dns[$i][1] ],
+        udp_timeout => $timeout,
+        tcp_timeout => $timeout
+  );
+  my $reply = $res->search($dns[$i][0], $dns[$i][2]);
+  if ($reply) {
+    foreach my $rr ($reply->answer) {
+        $ip= $rr->txtdata if $rr->can("txtdata");
+        $ip= $rr->address if $rr->can("address");
+       return $ip if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
+    }
+  } else {
+    warn "query failed: ", $res->errorstring, "\n";
+  }
+  #}
+
+  # https calls
+  my $ii=0;
+  my $service;
+  while ( $ii <5 ) { 
+    $service=$httpslist[rand(@httpslist)];
+    $ip = (get "https://$service" );
+    chomp $ip;
+    $ii++;
+    last if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
+  }
+  return $ip;
+}
+
+
 1;
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm   2021-11-03 14:18:15.780000000 -0400
+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm       2021-11-03 14:18:39.640000000 -0400
@@ -234,9 +234,8 @@
 #here we guess wan IP
 # are we server-gateway mode ? so external lan, should do 
 # else we should guess from an external service
-#my $internet_ip_address = get_internet_ip_address();
 my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
-$ExternalIP=get_internet_ip_address() unless defined $ExternalIP;
+$ExternalIP = get_internet_ip_address() unless defined $ExternalIP;
 
 #DNS
 my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
@@ -589,6 +588,8 @@
     foreach my $rr ($reply->answer) {
         $ip= $rr->txtdata if $rr->can("txtdata");
         $ip= $rr->address if $rr->can("address");
+       # untaint, dns output is tainted
+       ($ip) = $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
        return $ip if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
     }
   } else {
@@ -606,8 +607,9 @@
     $ii++;
     last if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
   }
+  # not needed but in case, untaint
+  ($ip) = $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
   return $ip;
 }
 
-
 1;
1	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard
2	--- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-26 23:15:10.000000000 -0400
3	+++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-27 17:28:48.614000000 -0400
4	@@ -18,7 +18,7 @@
5	my $minimum=16;
6	my $maximum=32;
7	my $x = $minimum + int(rand($maximum - $minimum));
8	-$DB->set_prop('wg-quick@wg0', 'ip', "172.$x.0.0") ;
9	+$DB->set_prop('wg-quick@wg0', 'ip', "172.$x.0.1") ;
10	}
11
12	}
13	diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
14	--- smeserver-wireguard-1.0.old/createlink 2021-10-25 23:38:29.000000000 -0400
15	+++ smeserver-wireguard-1.0/createlink 2021-10-27 21:20:46.985000000 -0400
16	@@ -69,5 +69,5 @@
17	));
18
19
20	-
21	+panel_link("wireguard", "manager");
22
23	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard
24	--- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-27 21:17:33.367000000 -0400
25	+++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-27 21:18:24.898000000 -0400
26	@@ -6,7 +6,7 @@
27	$DB->set_prop('wg-quick@wg0', 'private', $value ) ;
28	}
29	# recreate public if empty or not the same
30	-$private=${'wg-quick@wg0'}{'private'};
31	+$private=$DB->get_prop('wg-quick@wg0', 'private') ;
32	$public=`/usr/bin/echo $private \| /usr/bin/wg pubkey`;
33	chomp $public;
34	if ( ! defined ${'wg-quick@wg0'}{'public'} \|\| ${'wg-quick@wg0'}{'public'} ne $public) {
35	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard
36	--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard 1969-12-31 19:00:00.000000000 -0500
37	+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard 2021-06-28 03:17:15.000000000 -0400
38	@@ -0,0 +1,12 @@
39	+# wireguard specific configuration
40	+{
41	+$wg = $wireguard{status} \|\| 'disabled';
42	+$wg0 = ${'wg-quick@wg0'}{status} \|\| 'disabled';
43	+if ($wg0 eq 'enabled') {
44	+ $OUT .= "enable wg-quick\@wg0.service\n";
45	+} else {
46	+ $OUT .= "disable wg-quick\@wg0.service\n";
47	+}
48	+
49	+}
50	+
51	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard
52	--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard 2021-06-28 03:17:15.000000000 -0400
53	+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard 1969-12-31 19:00:00.000000000 -0500
54	@@ -1,12 +0,0 @@
55	-# wireguard specific configuration
56	-{
57	-$wg = $wireguard{status} \|\| 'disabled';
58	-$wg0 = ${'wg-quick@wg0'}{status} \|\| 'disabled';
59	-if ($wg0 eq 'enabled') {
60	- $OUT .= "enable wg-quick\@wg0.service\n";
61	-} else {
62	- $OUT .= "disable wg-quick\@wg0.service\n";
63	-}
64	-
65	-}
66	-
67	diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
68	--- smeserver-wireguard-1.0.old/createlink 2021-10-27 21:37:41.284000000 -0400
69	+++ smeserver-wireguard-1.0/createlink 2021-10-27 21:38:21.164000000 -0400
70	@@ -33,7 +33,7 @@
71	));
72	event_services($event, qw(
73	masq restart
74	- 'wg-quick@wg0' restart
75	+ wg-quick@wg0 restart
76	));
77	event_link("wireguard-network", $event, "30");
78
79	@@ -44,7 +44,7 @@
80	/etc/wireguard/server_public.key
81	));
82	event_services($event, qw(
83	- 'wg-quick@wg0' restart
84	+ wg-quick@wg0 restart
85	));
86
87	#wireguard-user-create
88	@@ -65,7 +65,7 @@
89	/etc/wireguard/server_public.key
90	));
91	event_services($event, qw(
92	- 'wg-quick@wg0' restart
93	+ wg-quick@wg0 restart
94	));
95
96
97	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard
98	--- smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-10-26 23:15:11.000000000 -0400
99	+++ smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-10-27 21:41:45.296000000 -0400
100	@@ -239,6 +239,10 @@
101	<trans>You can not alter the server ip, mask, private and public key as there are already some clients configured.</trans>
102	</entry>
103
104	+ <entry>
105	+ <base>NO_CONF</base>
106	+ <trans>No configured client</trans>
107	+ </entry>
108
109
110	</lexicon>
111	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface
112	--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface 2021-06-28 04:41:57.000000000 -0400
113	+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface 2021-10-27 17:41:12.223000000 -0400
114	@@ -4,7 +4,6 @@
115	PrivateKey = {${'wg-quick@wg0'}{private}}
116
117	# this should be added to masq with correct interfaces
118	-#eth0 should be rempalced by external interface if available or internal
119	-#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
120	-#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
121	+PostUp = iptables -I FORWARD -i %i -j ACCEPT; iptables -I FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
122	+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
123
124	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers
125	--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers 2021-06-28 04:46:01.000000000 -0400
126	+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers 2021-10-27 17:41:12.429000000 -0400
127	@@ -1,33 +1,36 @@
128	{
129	-$OUT = "";
130	+use esmith::AccountsDB;
131
132	-return;
133	-my $wg = esmith::ConfigDB->open_ro('/etc/e-smith/db/wireguard') or return "#no peers";
134	-# for each user
135	+my $wg = esmith::ConfigDB->open_ro('/home/e-smith/db/wireguard');
136	my $accounts = esmith::AccountsDB->open_ro;
137	-for my $user ( $accounts->get_all_by_prop(type => 'wg0') ) {
138	+
139	+# for each user
140	+my @users = ( $accounts->users );
141	+push(@users, $accounts->get('admin'));
142	+for my $user ( @users ) {
143	my $username = $user->key;
144	+ my $count = 0;
145	for my $cnx ( $wg->get_all_by_prop(user => $username) ) {
146	+ $count++;
147	my $public = $cnx->prop('public');
148	- my $ip = $cnx->prop('ip');
149	+ my $ip = $cnx->key;
150	my $info = $cnx->prop('info');
151	+ my $status = $cnx->prop('status') \|\| "enabled";
152	+ if ( $status eq "disabled" ) {
153	+ $OUT .= "\n# $username : $info DISABLED (PublicKey = $public ; AllowedIPs = $ip)\n";
154	+ next;
155	+ }
156
157	-# wireguard
158	-#private;public;ips;info#private;public;ips;info
159	-#private and public is base64 : +/= could be in it
160	-#ips can be v4 or v6 with subnet ./:,
161	-#info could have letters, digit and space
162	-# to separate multiple #
163	-
164	- $OUT .= "
165	+ $OUT .= "
166	[Peer]
167	# $username : $info
168	PublicKey = $public
169	AllowedIPs = $ip\n";
170	- }
171
172	+
173	+ }
174	+ $OUT .= "# no entry for user $username\n" if $count <1;
175	}
176
177
178	}
179	-
180	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers
181	--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers 2021-06-08 03:56:43.000000000 -0400
182	+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers 1969-12-31 19:00:00.000000000 -0500
183	@@ -1,3 +0,0 @@
184	-
185	-#TODO
186	-
187	diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
188	--- smeserver-wireguard-1.0.old/createlink 2021-10-27 23:25:06.319000000 -0400
189	+++ smeserver-wireguard-1.0/createlink 2021-10-27 23:33:11.426000000 -0400
190	@@ -16,7 +16,7 @@
191
192	event_services($event, qw(
193	masq restart
194	- 'wg-quick@wg0' restart
195	+ wg-quick@wg0 restart
196	));
197	event_link("wireguard-network", $event, "30");
198	templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
199	@@ -54,7 +54,7 @@
200	/etc/wireguard/server_public.key
201	));
202	event_services($event, qw(
203	- 'wg-quick@wg0' restart
204	+ wg-quick@wg0 restart
205	));
206	event_link("wireguard-user-create", $event, "03");
207
208	@@ -67,6 +67,11 @@
209	event_services($event, qw(
210	wg-quick@wg0 restart
211	));
212	+
213	+$event="remoteaccess-update";
214	+event_services($event, qw(
215	+ wg-quick@wg0 restart
216	+));
217
218
219	panel_link("wireguard", "manager");
220	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
221	--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-10-26 23:15:10.000000000 -0400
222	+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-10-31 22:37:41.238000000 -0400
223	@@ -224,6 +224,7 @@
224	my $wg0 = $cdb->get('wg-quick@wg0');
225	my $ServPublic = $wg0->prop('public');
226	my $Port = $wg0->prop('UDPPort');
227	+my $allowedips = $wg0->prop('allowedips') \|\| "0.0.0.0/0";
228
229	#here we guess wan IP
230	# are we server-gateway mode ? so external lan, should do
231	@@ -233,15 +234,20 @@
232	# dig @resolver4.opendns.com myip.opendns.com +short -4
233	# dig @resolver1.ipv6-sandbox.opendns.com AAAA myip.opendns.com +short -6
234
235	+#DNS
236	+my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
237	+my $dns = ($allowedips =~ /0.0.0.0\/0/)? "DNS = $IPAddress" : "" ;
238	+
239
240	my $fulltext ="#configuration for $key $info
241	[Interface]
242	PrivateKey = $private
243	Address = $key
244	+$dns
245
246	[Peer]
247	PublicKey = $ServPublic
248	-AllowedIPs = 0.0.0.0/0
249	+AllowedIPs = $allowedips
250	Endpoint = $ExternalIP:$Port
251	";
252	# we could add a DNS field in [Interface]
253	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard
254	--- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard 2021-11-01 21:46:45.647000000 -0400
255	+++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-11-01 21:50:17.661000000 -0400
256	@@ -1,4 +1,6 @@
257	{
258	+my $wireguard = $DB->get('wg-quick@wg0') \|\| $DB->new_record('wg-quick@wg0', {type => 'service'});
259	+
260	# add private and public key if not present
261	unless (defined ${'wg-quick@wg0'}{'private'}) {
262	$value= `/usr/bin/wg genkey`;
263	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard
264	--- smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-11-03 00:04:00.688000000 -0400
265	+++ smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-11-03 00:24:10.217000000 -0400
266	@@ -244,5 +244,10 @@
267	<trans>No configured client</trans>
268	</entry>
269
270	+ <entry>
271	+ <base>INTERFACE</base>
272	+ <trans>Interface</trans>
273	+ </entry>
274	+
275
276	</lexicon>
277	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
278	--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 00:04:00.691000000 -0400
279	+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 00:06:45.195000000 -0400
280	@@ -82,7 +82,7 @@
281	esmith::cgi::genSmallCell($q, $fm->localise('CONF_NAME'),"header"),
282	esmith::cgi::genSmallCell($q, $fm->localise('USER'),"header"),
283	esmith::cgi::genSmallCell($q, $fm->localise('INFO'),"header"),
284	- esmith::cgi::genSmallCell($q, $fm->localise('STATUS'),"header"),
285	+ esmith::cgi::genSmallCell($q, $fm->localise('LABEL_STATUS'),"header"),
286	esmith::cgi::genSmallCell($q, $fm->localise('ACTION'),"header", 3),
287	),
288	"\n";
289	@@ -131,7 +131,12 @@
290	my $wgip = $wg->prop('ip');
291	my $wgmask = $wg->prop('mask');
292	my $wgport = $wg->prop('UDPPort');
293	+ my $sstatus = $wg->prop('status');
294
295	+ print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('INTERFACE'),"header"),
296	+ esmith::cgi::genSmallCell($q, "wg0"),);
297	+ print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('LABEL_STATUS'),"header"),
298	+ esmith::cgi::genSmallCell($q, $sstatus),);
299	print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('PUBLIC_KEY'),"header"),
300	esmith::cgi::genSmallCell($q, $wgpub),);
301	print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('IP'),"header"),
302	@@ -228,11 +233,10 @@
303
304	#here we guess wan IP
305	# are we server-gateway mode ? so external lan, should do
306	-my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
307	# else we should guess from an external service
308	-# dig @resolver4.opendns.com myip.opendns.com +short
309	-# dig @resolver4.opendns.com myip.opendns.com +short -4
310	-# dig @resolver1.ipv6-sandbox.opendns.com AAAA myip.opendns.com +short -6
311	+#my $internet_ip_address = get_internet_ip_address();
312	+my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
313	+$ExternalIP=get_internet_ip_address() unless defined $ExternalIP;
314
315	#DNS
316	my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
317	@@ -250,8 +254,6 @@
318	AllowedIPs = $allowedips
319	Endpoint = $ExternalIP:$Port
320	";
321	-# we could add a DNS field in [Interface]
322	-# DNS = 1.1.1.1, 1.0.0.1
323
324	print "<br><textarea cols='70' rows='10'>$fulltext </textarea>";
325
326	@@ -476,7 +478,7 @@
327	$fm->error('ERROR_OCCURED','FIRST_PAGE');
328	return undef;
329	}
330	- unless (system ("/sbin/e-smith/signal-event", "wireguard-client-remove") == 0 ){
331	+ unless (system ("/sbin/e-smith/signal-event", "wireguard-user-delete") == 0 ){
332	$fm->error('ERROR_OCCURED','FIRST_PAGE');
333	return undef;
334	}
335	@@ -539,4 +541,73 @@
336	}
337
338
339	+
340	+sub get_internet_ip_address {
341	+ #we could use DNS to do this faster but some provider will block DNS
342	+ #dig +short myip.opendns.com @resolver1.opendns.com
343	+ #also resolver1.opendns.com resolver2.opendns.com resolver3.opendns.com
344	+ #here a list of available site with https
345	+ use Net::DNS;
346	+ use LWP::Simple;
347	+ my $timeout=1;
348	+
349	+ my @httpslist=qw(
350	+checkip.amazonaws.com
351	+myexternalip.com/raw
352	+ifconfig.me/
353	+icanhazip.com/
354	+ident.me/
355	+tnx.nl/ip
356	+ipecho.net/plain
357	+wgetip.com/
358	+ip.tyk.nu/
359	+bot.whatismyipaddress.com/
360	+ipof.in/txt
361	+l2.io/ip
362	+eth0.me/ );
363	+ my @dns = (
364	+ ['myip.opendns.com', 'resolver1.opendns.com', 'A'],
365	+ ['myip.opendns.com', 'resolver2.opendns.com', 'A'],
366	+ ['myip.opendns.com', 'resolver3.opendns.com', 'A'],
367	+ ['myip.opendns.com', 'resolver4.opendns.com', 'A'],
368	+ ['whoami.akamai.net', 'ns1-1.akamaitech.net', 'A'],
369	+ ['o-o.myaddr.l.google.com', 'ns1.google.com', 'TXT']
370	+
371	+ );
372	+ my $ip;
373	+
374	+ #foreach my $i ( 0 .. $#dns) {
375	+ # dns calls; test only one random...
376	+ my $i = rand(@httpslist);
377	+ my $res = Net::DNS::Resolver->new(
378	+ nameservers => [ $dns[$i][1] ],
379	+ udp_timeout => $timeout,
380	+ tcp_timeout => $timeout
381	+ );
382	+ my $reply = $res->search($dns[$i][0], $dns[$i][2]);
383	+ if ($reply) {
384	+ foreach my $rr ($reply->answer) {
385	+ $ip= $rr->txtdata if $rr->can("txtdata");
386	+ $ip= $rr->address if $rr->can("address");
387	+ return $ip if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
388	+ }
389	+ } else {
390	+ warn "query failed: ", $res->errorstring, "\n";
391	+ }
392	+ #}
393	+
394	+ # https calls
395	+ my $ii=0;
396	+ my $service;
397	+ while ( $ii <5 ) {
398	+ $service=$httpslist[rand(@httpslist)];
399	+ $ip = (get "https://$service" );
400	+ chomp $ip;
401	+ $ii++;
402	+ last if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
403	+ }
404	+ return $ip;
405	+}
406	+
407	+
408	1;
409	diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
410	--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 14:18:15.780000000 -0400
411	+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 14:18:39.640000000 -0400
412	@@ -234,9 +234,8 @@
413	#here we guess wan IP
414	# are we server-gateway mode ? so external lan, should do
415	# else we should guess from an external service
416	-#my $internet_ip_address = get_internet_ip_address();
417	my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
418	-$ExternalIP=get_internet_ip_address() unless defined $ExternalIP;
419	+$ExternalIP = get_internet_ip_address() unless defined $ExternalIP;
420
421	#DNS
422	my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
423	@@ -589,6 +588,8 @@
424	foreach my $rr ($reply->answer) {
425	$ip= $rr->txtdata if $rr->can("txtdata");
426	$ip= $rr->address if $rr->can("address");
427	+ # untaint, dns output is tainted
428	+ ($ip) = $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
429	return $ip if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
430	}
431	} else {
432	@@ -606,8 +607,9 @@
433	$ii++;
434	last if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
435	}
436	+ # not needed but in case, untaint
437	+ ($ip) = $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
438	return $ip;
439	}
440
441	-
442	1;