Context Navigation

← Previous Changeset
Next Changeset →

Changeset 278

Timestamp:

11/18/04 17:23:29 (9 years ago)

Author:

alexcv

Message:

ping_thread now detects when auth_servers change IPs and reset the firewall
rules accordingly. Additional hooks in the firewall code to do this. Also,
if we change primary auth_server, we reset the list, jsut in case the IP
for the next auth_server was stale. That's done in conf.c.

Location:

branches/WIFIDOG_1_0_X/wifidog

Files:

: 8 modified

ChangeLog (modified) (1 diff)
src/conf.c (modified) (2 diffs)
src/conf.h (modified) (1 diff)
src/firewall.c (modified) (2 diffs)
src/firewall.h (modified) (1 diff)
src/fw_iptables.c (modified) (7 diffs)
src/fw_iptables.h (modified) (1 diff)
src/ping_thread.c (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

branches/WIFIDOG_1_0_X/wifidog/ChangeLog

r275	r278
1	1	# $Header$
	2
2	3	2004-11-18 Alexandre Carmel-Veilleux <acv@acv.ca>
3	4	* src/fw_iptables.[ch]: Merged in phil's patch
	5	* src/*: Added ping_thread hooks to reset authserver table in the
	6	firewall if it notices the auth_servers changing IPs.
4	7
5	8	2004-11-10 Alexandre Carmel-Veilleux <acv@acv.ca>

branches/WIFIDOG_1_0_X/wifidog/src/conf.c

r252	r278
42	42	#include "http.h"
43	43	#include "auth.h"
	44	#include "firewall.h"
44	45
45	46	/** @internal
…	…
649	650
650	651	pthread_mutex_unlock(&config_mutex);
651		}
	652
	653	fw_clear_authservers();
	654	fw_set_authservers();
	655	}

branches/WIFIDOG_1_0_X/wifidog/src/conf.h

r256	r278
62	62	listens on */
63	63	int authserv_use_ssl; /*< @brief Use SSL or not /
	64	struct in_addr last_ip; /< @brief Last IP of the authserver /
64	65	struct _auth_serv_t *next;
65	66	} t_auth_serv;

branches/WIFIDOG_1_0_X/wifidog/src/firewall.c

r256	r278
41	41
42	42	#include <string.h>
	43
	44	#include "httpd.h"
43	45
44	46	#include "debug.h"
…	…
123	125	debug(LOG_INFO, "Initializing Firewall");
124	126	return iptables_fw_init();
	127	}
	128
	129	/** Clear the authserver rules
	130	*/
	131	void
	132	fw_clear_authservers(void)
	133	{
	134	debug(LOG_INFO, "Clearing the authservers list");
	135	iptables_fw_clear_authservers();
	136	}
	137
	138	/** Set the authservers rules
	139	*/
	140	void
	141	fw_set_authservers(void)
	142	{
	143	debug(LOG_INFO, "Setting the authservers list");
	144	iptables_fw_set_authservers();
125	145	}
126	146

branches/WIFIDOG_1_0_X/wifidog/src/firewall.h

r170	r278
39	39	int fw_init(void);
40	40
	41	/** @brief Clears the authservers list */
	42	void fw_clear_authservers(void);
	43
	44	/** @brief Sets the authservers list */
	45	void fw_set_authservers(void);
	46
41	47	/** @brief Destroy the firewall */
42	48	int fw_destroy(void);

branches/WIFIDOG_1_0_X/wifidog/src/fw_iptables.c

r275	r278
73	73	}
74	74
	75	void
	76	iptables_fw_clear_authservers(void)
	77	{
	78	iptables_do_command("-t nat -F " TABLE_WIFIDOG_AUTHSERVERS);
	79	}
	80
	81	void
	82	iptables_fw_set_authservers(void)
	83	{
	84	s_config *config;
	85	t_auth_serv *auth_server;
	86
	87	config = config_get_config();
	88
	89	LOCK_CONFIG();
	90
	91	iptables_do_command("-t nat -N " TABLE_WIFIDOG_AUTHSERVERS);
	92	for (auth_server = config->auth_servers; auth_server != NULL;
	93	auth_server = auth_server->next) {
	94	iptables_do_command("-t nat -A " TABLE_WIFIDOG_AUTHSERVERS " -d %s -j ACCEPT", auth_server->authserv_hostname);
	95	}
	96
	97	UNLOCK_CONFIG();
	98	}
	99
75	100	/** Initialize the firewall rules
76	101	*/
…	…
79	104	{
80	105	s_config *config;
81		~~t_auth_serv *auth_server;~~
82	106
83	107	config = config_get_config();
84	108	fw_quiet = 0;
85	109
86		LOCK_CONFIG();
87
88		iptables_do_command("-t nat -N " TABLE_WIFIDOG_AUTHSERVERS);
89		for (auth_server = config->auth_servers; auth_server != NULL;
90		auth_server = auth_server->next) {
91		iptables_do_command("-t nat -A " TABLE_WIFIDOG_AUTHSERVERS " -d %s -j ACCEPT", auth_server->authserv_hostname);
92		}
93
94		UNLOCK_CONFIG();
95
	110	iptables_fw_set_authservers();
	111
	112	LOCK_CONFIG();
	113
96	114	iptables_do_command("-t nat -N " TABLE_WIFIDOG_VALIDATE);
97	115	iptables_do_command("-t nat -A " TABLE_WIFIDOG_VALIDATE " -j " TABLE_WIFIDOG_AUTHSERVERS);
98	116	iptables_do_command("-t nat -A " TABLE_WIFIDOG_VALIDATE " -d %s -j ACCEPT", config->gw_address);
	117
	118	UNLOCK_CONFIG();
99	119
100	120	/** Insert global rules BEFORE the "defaults" */
…	…
113	133	iptables_do_command("-t nat -A " TABLE_WIFIDOG_VALIDATE " -j DROP");
114	134
	135	LOCK_CONFIG();
	136
115	137	iptables_do_command("-t nat -N " TABLE_WIFIDOG_UNKNOWN);
116	138	iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -j " TABLE_WIFIDOG_AUTHSERVERS);
117	139	iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -d %s -j ACCEPT", config->gw_address);
118	140
	141	UNLOCK_CONFIG();
	142
119	143	/** Insert global rules BEFORE the "defaults" */
120	144
…	…
122	146	iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -p tcp --dport 67 -j ACCEPT");
123	147	iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -p udp --dport 53 -j ACCEPT");
	148
	149	LOCK_CONFIG();
	150
124	151	iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -p tcp --dport 80 -j REDIRECT --to-ports %d", config->gw_port);
	152
	153	UNLOCK_CONFIG();
	154
125	155	iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -j DROP");
126	156
…	…
135	165
136	166	iptables_do_command("-t nat -N " TABLE_WIFIDOG_CLASS);
	167
	168	LOCK_CONFIG();
	169
137	170	iptables_do_command("-t nat -A " TABLE_WIFIDOG_CLASS " -i %s -m mark --mark 0x%u -j " TABLE_WIFIDOG_VALIDATE, config->gw_interface, FW_MARK_PROBATION);
138	171	iptables_do_command("-t nat -A " TABLE_WIFIDOG_CLASS " -i %s -m mark --mark 0x%u -j " TABLE_WIFIDOG_KNOWN, config->gw_interface, FW_MARK_KNOWN);
…	…
147	180	iptables_do_command("-t mangle -I FORWARD 1 -i %s -j " TABLE_WIFIDOG_INCOMING, config->external_interface);
148	181
	182	UNLOCK_CONFIG();
	183
149	184	return 1;
150	185	}
…	…
170	205	iptables_do_command("-t nat -F " TABLE_WIFIDOG_KNOWN);
171	206	iptables_do_command("-t nat -F " TABLE_WIFIDOG_LOCKED);
	207	iptables_do_command("-t nat -X " TABLE_WIFIDOG_AUTHSERVERS);
172	208	iptables_do_command("-t nat -X " TABLE_WIFIDOG_VALIDATE);
173	209	iptables_do_command("-t nat -X " TABLE_WIFIDOG_UNKNOWN);

branches/WIFIDOG_1_0_X/wifidog/src/fw_iptables.h

r275	r278
51	51	int iptables_fw_init(void);
52	52
	53	/** @brief Initializes the authservers table */
	54	void iptables_fw_set_authservers(void);
	55
	56	/** @brief Clears the authservers table */
	57	void iptables_fw_clear_authservers(void);
	58
53	59	/** @brief Destroy the firewall */
54	60	int iptables_fw_destroy(void);

branches/WIFIDOG_1_0_X/wifidog/src/ping_thread.c

r260	r278
47	47	#include "debug.h"
48	48	#include "ping_thread.h"
	49	#include "util.h"
49	50
50	51	static void ping(void);
…	…
93	94	int sockfd,
94	95	nfds,
95		done;
	96	done,
	97	i;
96	98	t_auth_serv *auth_server;
97	99	char request[MAX_BUF];
…	…
124	126	}
125	127
	128	if (auth_server->last_ip == NULL) {
	129	auth_server->last_ip = (struct in_addr *)malloc(
	130	sizeof(struct in_addr));
	131	if (auth_server->last_ip == NULL) {
	132	debug(LOG_CRIT, "Could not allocate memory, Banzai!");
	133	exit(-1);
	134	}
	135	memcpy(auth_server->last_ip, h_addr, sizeof(struct in_addr));
	136	} else {
	137	for (i = 0; i < sizeof(struct in_addr)
	138	&& (((char )auth_server->last_ip + i)
	139	== ((char )h_addr + i)); i++);
	140	if (i < sizeof(struct in_addr)) {
	141	fw_clear_authservers();
	142	fw_set_authservers();
	143	}
	144	}
126	145	their_addr.sin_family = AF_INET;
127	146	their_addr.sin_port = htons(auth_server->authserv_http_port);

Context Navigation

Changeset 278

Legend:

Download in other formats: