Changeset 328
- Timestamp:
- 07/06/07 17:56:12 (1 year ago)
- Files:
-
- wifidog/wifidog-client/src/conf.h (modified) (1 diff)
- wifidog/wifidog-client/src/firewall.c (modified) (3 diffs)
- wifidog/wifidog-client/src/firewall.h (modified) (1 diff)
- wifidog/wifidog-client/src/fw_iptables.c (modified) (5 diffs)
- wifidog/wifidog-client/src/util.c (modified) (4 diffs)
- wifidog/wifidog-client/src/wdctl_thread.c (modified) (6 diffs)
- wifidog/wifidog-client/src/wdctl_thread.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
wifidog/wifidog-client/src/conf.h
r321 r328 30 30 /*@{*/ 31 31 /** Defines */ 32 /** How long till we give up detecting the interface with the default route */ 32 /** How many times should we try detecting the interface with the default route 33 * (in seconds) */ 33 34 #define NUM_EXT_INTERFACE_DETECT_RETRY 120 34 35 /** How often should we try to detect the interface with the default route 35 * if it isn't up yet */36 * if it isn't up yet (interval in seconds) */ 36 37 #define EXT_INTERFACE_DETECT_RETRY_INTERVAL 1 37 38 wifidog/wifidog-client/src/firewall.c
r218 r328 73 73 extern pid_t restart_orig_pid; 74 74 75 int icmp_fd = 0; 75 76 76 77 77 /** … … 296 296 if (p1->fw_connection_state != FW_MARK_KNOWN) { 297 297 debug(LOG_INFO, "%s - Access has changed to allowed, refreshing firewall and clearing counters", p1->ip); 298 fw_deny(p1->ip, p1->mac, p1->fw_connection_state); 298 //WHY did we deny, then allow!?!? benoitg 2007-06-21 299 //fw_deny(p1->ip, p1->mac, p1->fw_connection_state); 300 301 if (p1->fw_connection_state != FW_MARK_PROBATION) { 302 p1->counters.incoming = p1->counters.outgoing = 0; 303 } 304 else { 305 //We don't want to clear counters if the user was in validation, it probably already transmitted data.. 306 debug(LOG_INFO, "%s - Skipped clearing counters after all, the user was previously in validation", p1->ip); 307 } 299 308 p1->fw_connection_state = FW_MARK_KNOWN; 300 p1->counters.incoming = p1->counters.outgoing = 0;301 309 fw_allow(p1->ip, p1->mac, p1->fw_connection_state); 302 310 } … … 317 325 318 326 default: 319 debug(LOG_ DEBUG, "I do not know about authentication code %d", authresponse.authcode);327 debug(LOG_ERR, "I do not know about authentication code %d", authresponse.authcode); 320 328 break; 321 329 } wifidog/wifidog-client/src/firewall.h
r219 r328 27 27 #ifndef _FIREWALL_H_ 28 28 #define _FIREWALL_H_ 29 30 int icmp_fd; 29 31 30 32 /** Used by fw_iptables.c */ wifidog/wifidog-client/src/fw_iptables.c
r310 r328 60 60 static int fw_quiet = 0; 61 61 62 /** @internal */ 62 /** @internal 63 * */ 63 64 static int 64 65 iptables_do_command(char *format, ...) … … 225 226 226 227 for (gwi = config->gw_interface ; gwi != NULL ; gwi = gwi->next) 227 iptables_do_command("-t mangle -A PREROUTING -i %s -j " TABLE_WIFIDOG_TRUSTED, gwi->interface); 228 iptables_do_command("-t mangle -A PREROUTING -i %s -j " TABLE_WIFIDOG_TRUSTED, gwi->interface);//this rule will be inserted before the prior one 228 229 229 230 for (gwi = config->gw_interface ; gwi != NULL ; gwi = gwi->next) … … 307 308 iptables_do_command("-t filter -I FORWARD -i %s -j " TABLE_WIFIDOG_WIFI_TO_INTERNET, gwi->interface); 308 309 309 /* TCPMSS rule for PPPoE */ 310 310 311 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m state --state INVALID -j DROP"); 311 312 … … 314 315 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m state --state RELATED,ESTABLISHED -j ACCEPT");*/ 315 316 316 317 if (ext_interface != NULL) { 318 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -i %s -m state --state NEW,INVALID -j DROP", ext_interface); 319 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -o %s -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu", ext_interface); 320 } else { 321 /* Will this work even if we don't specify an external interface? */ 322 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m state --state NEW,INVALID -j DROP"); 323 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu"); 324 } 317 //Won't this rule NEVER match anyway?!?!? benoitg, 2007-06-23 318 //iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -i %s -m state --state NEW -j DROP", ext_interface); 319 320 /* TCPMSS rule for PPPoE */ 321 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -o %s -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu", ext_interface); 325 322 326 323 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -j " TABLE_WIFIDOG_AUTHSERVERS); … … 508 505 case FW_ACCESS_DENY: 509 506 iptables_do_command("-t mangle -D " TABLE_WIFIDOG_OUTGOING " -s %s -m mac --mac-source %s -j MARK --set-mark %d", ip, mac, tag); 510 rc = iptables_do_command("-t mangle -D " TABLE_WIFIDOG_INCOMING " -d %s -j ACCEPT", ip);507 rc = iptables_do_command("-t mangle -D " TABLE_WIFIDOG_INCOMING " -d %s -j DROP", ip); 511 508 break; 512 509 default: wifidog/wifidog-client/src/util.c
r285 r328 174 174 175 175 ip_str = (char *)inet_ntoa(in); 176 close(sockd); 176 177 return safe_strdup(ip_str); 177 178 #else … … 223 224 char *device, *gw; 224 225 int i; 226 int keep_detecting = 1; 225 227 pthread_cond_t cond = PTHREAD_COND_INITIALIZER; 226 228 pthread_mutex_t cond_mutex = PTHREAD_MUTEX_INITIALIZER; … … 229 231 gw = (char *)malloc(16); 230 232 debug(LOG_DEBUG, "get_ext_iface(): Autodectecting the external interface from routing table"); 231 for (i=1; i<=NUM_EXT_INTERFACE_DETECT_RETRY; i++) {233 while(keep_detecting) { 232 234 input = fopen("/proc/net/route", "r"); 233 235 while (!feof(input)) { … … 250 252 /* No longer needs to be locked */ 251 253 pthread_mutex_unlock(&cond_mutex); 254 //for (i=1; i<=NUM_EXT_INTERFACE_DETECT_RETRY; i++) { 255 if (NUM_EXT_INTERFACE_DETECT_RETRY != 0 && i>=NUM_EXT_INTERFACE_DETECT_RETRY) { 256 keep_detecting = 0; 257 } 252 258 } 253 259 debug(LOG_ERR, "get_ext_iface(): Failed to detect the external interface after %d tries, aborting", NUM_EXT_INTERFACE_DETECT_RETRY); wifidog/wifidog-client/src/wdctl_thread.c
r310 r328 71 71 thread_wdctl(void *arg) 72 72 { 73 int sock, 74 fd; 73 int fd; 75 74 char *sock_name; 76 75 struct sockaddr_un sa_un; 77 76 int result; 78 77 pthread_t tid; 79 socklen_t len;78 socklen_t len; 80 79 81 80 debug(LOG_DEBUG, "Starting wdctl."); … … 93 92 94 93 debug(LOG_DEBUG, "Creating socket"); 95 sock= socket(PF_UNIX, SOCK_STREAM, 0);96 97 debug(LOG_DEBUG, "Got server socket %d", sock);94 wdctl_socket_server = socket(PF_UNIX, SOCK_STREAM, 0); 95 96 debug(LOG_DEBUG, "Got server socket %d", wdctl_socket_server); 98 97 99 98 /* If it exists, delete... Not the cleanest way to deal. */ … … 109 108 110 109 /* Which to use, AF_UNIX, PF_UNIX, AF_LOCAL, PF_LOCAL? */ 111 if (bind(sock, (struct sockaddr *)&sa_un, strlen(sock_name) 110 if (bind(wdctl_socket_server, (struct sockaddr *)&sa_un, strlen(sock_name) 112 111 + sizeof(sa_un.sun_family))) { 113 112 debug(LOG_ERR, "Could not bind control socket: %s", … … 116 115 } 117 116 118 if (listen(sock, 5)) {117 if (listen(wdctl_socket_server, 5)) { 119 118 debug(LOG_ERR, "Could not listen on control socket: %s", 120 119 strerror(errno)); … … 125 124 len = sizeof(sa_un); 126 125 memset(&sa_un, 0, len); 127 if ((fd = accept(sock, (struct sockaddr *)&sa_un, &len)) == -1){126 if ((fd = accept(wdctl_socket_server, (struct sockaddr *)&sa_un, &len)) == -1){ 128 127 debug(LOG_ERR, "Accept failed on control socket: %s", 129 128 strerror(errno)); … … 343 342 else { 344 343 /* Child */ 344 close(wdctl_socket_server); 345 close(icmp_fd); 345 346 close(sock); 346 347 shutdown(afd, 2); wifidog/wifidog-client/src/wdctl_thread.h
r218 r328 30 30 #define DEFAULT_WDCTL_SOCK "/tmp/wdctl.sock" 31 31 32 int wdctl_socket_server; 33 32 34 /** @brief Listen for WiFiDog control messages on a unix domain socket */ 33 35 void thread_wdctl(void *arg);
