Show
Ignore:
Timestamp:
02/03/05 16:25:33 (8 years ago)
Author:
aprilp
Message:

* Ping the users everytime we check their counters, that way we keep them alive
* Optional ExternalInterface?
* Optional GatewayAddress? (we discover it. finally.)
* We check for the traffic from the clients to the firewall, to catch the traffic the icmp ping is generating
* Bumped to alpha7

Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/wifidog/src/fw_iptables.c

    r308 r422  
    238238 
    239239    iptables_do_command("-t mangle -N " TABLE_WIFIDOG_INCOMING); 
    240     iptables_do_command("-t mangle -I FORWARD 1 -i %s -j " TABLE_WIFIDOG_INCOMING, config->external_interface); 
     240    if (config->external_interface) { 
     241        iptables_do_command("-t mangle -I FORWARD 1 -i %s -j " TABLE_WIFIDOG_INCOMING, config->external_interface); 
     242    } else { 
     243        iptables_do_command("-t mangle -I FORWARD 1 -j " TABLE_WIFIDOG_INCOMING); 
     244    } 
     245 
     246    iptables_do_command("-t filter -N " TABLE_WIFIDOG_WIFI_TO_GW); 
     247    iptables_do_command("-t filter -I INPUT 1 -i %s -j " TABLE_WIFIDOG_WIFI_TO_GW, config->gw_interface); 
    241248 
    242249    UNLOCK_CONFIG(); 
     
    256263 
    257264    fw_quiet = 1; 
     265    iptables_do_command("-t filter -F " TABLE_WIFIDOG_WIFI_TO_GW); 
    258266    iptables_do_command("-t nat -F " TABLE_WIFIDOG_CLASS); 
    259267    iptables_do_command("-t mangle -F " TABLE_WIFIDOG_OUTGOING); 
     
    282290    rc = 0; 
    283291    while (rc == 0) { 
    284         rc = iptables_do_command("-t mangle -D PREROUTING -i %s -j " TABLE_WIFIDOG_OUTGOING, config->gw_interface); 
    285     } 
    286     iptables_do_command("-t mangle -X " TABLE_WIFIDOG_OUTGOING); 
     292        rc = iptables_do_command("-t filter -D INPUT -i %s -j " TABLE_WIFIDOG_WIFI_TO_GW, config->gw_interface); 
     293    } 
     294    iptables_do_command("-t filter -X " TABLE_WIFIDOG_WIFI_TO_GW); 
    287295 
    288296    rc = 0; 
    289297    while (rc == 0) { 
    290         rc = iptables_do_command("-t mangle -D FORWARD -i %s -j " TABLE_WIFIDOG_INCOMING, config->external_interface); 
     298        rc = iptables_do_command("-t mangle -D PREROUTING -i %s -j " TABLE_WIFIDOG_OUTGOING, config->gw_interface); 
     299    } 
     300    iptables_do_command("-t mangle -X " TABLE_WIFIDOG_OUTGOING); 
     301 
     302    rc = 0; 
     303    while (rc == 0) { 
     304        if (config->external_interface) { 
     305            rc = iptables_do_command("-t mangle -D FORWARD -i %s -j " TABLE_WIFIDOG_INCOMING, config->external_interface); 
     306        } else { 
     307            rc = iptables_do_command("-t mangle -D FORWARD -j " TABLE_WIFIDOG_INCOMING); 
     308        } 
    291309    } 
    292310    iptables_do_command("-t mangle -X " TABLE_WIFIDOG_INCOMING); 
     
    305323    switch(type) { 
    306324        case FW_ACCESS_ALLOW: 
     325            iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_GW " -s %s -j ACCEPT", ip); 
    307326            iptables_do_command("-t mangle -A " TABLE_WIFIDOG_OUTGOING " -s %s -m mac --mac-source %s -j MARK --set-mark %d", ip, mac, tag); 
    308327            rc = iptables_do_command("-t mangle -A " TABLE_WIFIDOG_INCOMING " -d %s -j ACCEPT", ip); 
    309328            break; 
    310329        case FW_ACCESS_DENY: 
     330            iptables_do_command("-t filter -D " TABLE_WIFIDOG_WIFI_TO_GW " -s %s -j ACCEPT", ip); 
    311331            iptables_do_command("-t mangle -D " TABLE_WIFIDOG_OUTGOING " -s %s -m mac --mac-source %s -j MARK --set-mark %d", ip, mac, tag); 
    312332            rc = iptables_do_command("-t mangle -D " TABLE_WIFIDOG_INCOMING " -d %s -j ACCEPT", ip); 
     
    353373                    p1->counters.outgoing = counter; 
    354374                    p1->counters.last_updated = time(NULL); 
    355                     debug(LOG_DEBUG, "%s - Updated counter to %ld bytes", ip, counter); 
     375                    debug(LOG_DEBUG, "%s - Updated outgoing counter to %ld bytes from outgoing chain", ip, counter); 
     376                } 
     377            } else { 
     378                debug(LOG_ERR, "Could not find %s in client list", ip); 
     379            } 
     380            UNLOCK_CLIENT_LIST(); 
     381        } 
     382    } 
     383    pclose(output); 
     384 
     385    /* Look for wifi-to-firewall traffic */ 
     386    asprintf(&script, "%s %s", "iptables", "-v -x -t filter -L " TABLE_WIFIDOG_WIFI_TO_GW); 
     387    if (!(output = popen(script, "r"))) { 
     388        debug(LOG_ERR, "popen(): %s", strerror(errno)); 
     389        return -1; 
     390    } 
     391    free(script); 
     392 
     393    /* skip the first two lines */ 
     394    while (('\n' != fgetc(output)) && !feof(output)) 
     395        ; 
     396    while (('\n' != fgetc(output)) && !feof(output)) 
     397        ; 
     398    while (output && !(feof(output))) { 
     399        rc = fscanf(output, "%*s %lu %*s %*s %*s %*s %*s %s %*s %*s %*s %*s %*s 0x%*u", &counter, ip); 
     400        if (2 == rc && EOF != rc) { 
     401            debug(LOG_DEBUG, "WIFI2FW %s Bytes=%ld", ip, counter); 
     402            LOCK_CLIENT_LIST(); 
     403            if ((p1 = client_list_find_by_ip(ip))) { 
     404                if (p1->counters.togateway < counter) { 
     405                    p1->counters.togateway = counter; 
     406                    p1->counters.last_updated = time(NULL); 
     407                    debug(LOG_DEBUG, "%s - Updated togateway counter to %ld bytes from wifi2fw chain", ip, counter); 
    356408                } 
    357409            } else { 
     
    397449    return 1; 
    398450} 
    399