eurephia.git/plugin/firewall, branch release/1.0 Unnamed repository; edit this file to name it for gitweb. efw-iptables: Use the iptables conntrack module 2010-12-31T12:33:20+00:00 David Sommerseth dazo@users.sourceforge.net 2010-12-20T03:40:09+00:00 8bfce7a94c20efe4bf8b20b66d793e472e2a94cb Make use of the iptables conntrack module instead of the older state module for stateful firewalling. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> (Backported commit f22b7bb5529b816eef840a1180b677e4ea31b124) 
Make use of the iptables conntrack module instead of the older state module
for stateful firewalling.

Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(Backported commit f22b7bb5529b816eef840a1180b677e4ea31b124)
Move daemonize() code to be called in the firewall child thread only 2010-11-26T21:51:52+00:00 David Sommerseth dazo@users.sourceforge.net 2010-11-26T21:05:28+00:00 f2b14567afad33c33c4a45348d54f07292992564 The eurephia plug-in would daemonize the OpenVPN process by calling daemonize() too early. This patch renames daemoinze() to efw_daemonize() and calls it only in the firewall child process. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> (cherry picked from commit 525d75316848f79208101e48a54e21396464c98b) 
The eurephia plug-in would daemonize the OpenVPN process by calling
daemonize() too early.  This patch renames daemoinze() to efw_daemonize()
and calls it only in the firewall child process.

Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 525d75316848f79208101e48a54e21396464c98b)
Updated Copyright dates to include 2010 2010-05-25T13:17:38+00:00 David Sommerseth dazo@users.sourceforge.net 2010-05-25T13:17:38+00:00 bd739597e04dd08d6ae890adfd3945c333baba2c 






Fixed memory leak in the firewall implementation and added mlock() usage
2009-10-06T15:54:59+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-10-06T15:54:59+00:00

3a2290433a654a8b5f07a1db1f8142ec01ca57a7

The memory leak was caused by not freeing the shadow context the firewall
child process uses for logging.  In addition this child process had a
connection to the database open as well, which was not needed.  This
connection is now disconnected immediately after the child process has
started.

Added also usage of mlock() to protect sensitive information from being
swapped out to disk.





The memory leak was caused by not freeing the shadow context the firewall
child process uses for logging.  In addition this child process had a
connection to the database open as well, which was not needed.  This
connection is now disconnected immediately after the child process has
started.

Added also usage of mlock() to protect sensitive information from being
swapped out to disk.







Restrict input data length for plug-in arguments from openvpn
2009-10-04T21:13:06+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-10-04T21:13:06+00:00

53611ee129ab91c60f61a591b32e46bfac39abf7

This only affects functions related to MAC address and certificate depth





This only affects functions related to MAC address and certificate depth







Rewritten the eurephia_log() to support syslog logging as well
2009-09-23T22:16:53+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-09-23T22:16:53+00:00

7ae9a74c9c3bdab619ac5c0cefe1c8269bb06603

Also simplified the initialisation of the logging module.  By calling
the eurephia_log_init(eurephiaCTX *, char *dest, int loglevel) function,
a log context will be setup inside the eurephiaCTX.

To close the log file, eurephia_log_close(eurephiaCTX *) must be called.

The destination string to eurephia_log_init() can be:

	- stdout:
	  Log everything to stdout
	- stderr:
	  Log everything to stderr
	- none:
	  Do no logging at all
	- syslog:<facility>
	  Log via syslog.  <facility> can be: user, local[0-7],
	  daemon or authpriv.
	- Filename
	  All logging goes to the given filename.  If the filename
	  string is not recognised by any of the reserved words above,
	  it will be handled as a filename.





Also simplified the initialisation of the logging module.  By calling
the eurephia_log_init(eurephiaCTX *, char *dest, int loglevel) function,
a log context will be setup inside the eurephiaCTX.

To close the log file, eurephia_log_close(eurephiaCTX *) must be called.

The destination string to eurephia_log_init() can be:

	- stdout:
	  Log everything to stdout
	- stderr:
	  Log everything to stderr
	- none:
	  Do no logging at all
	- syslog:<facility>
	  Log via syslog.  <facility> can be: user, local[0-7],
	  daemon or authpriv.
	- Filename
	  All logging goes to the given filename.  If the filename
	  string is not recognised by any of the reserved words above,
	  it will be handled as a filename.







Added debug logging of free_nullsafe() calls as well
2009-09-07T19:32:10+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-09-07T19:32:10+00:00

2e1851802188515f8edeed8eb3f753cf69e348d9












Moved all malloc() operations over to a calloc wrapper, malloc_nullsafe()
2009-09-07T19:10:22+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-09-07T19:10:22+00:00

66b29488a7ed5909564ed03b3e89cd0d008df09e

This also improves debugging as well, if debug logging is enabled and log level is >= 40.





This also improves debugging as well, if debug logging is enabled and log level is >= 40.







Cleaned up and added some missing comments
2009-09-04T23:10:32+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-09-04T23:10:32+00:00

62ea92c1c38ef83adbec1b56ef7968941d128553












Even more comments
2009-09-04T21:07:57+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-09-04T21:07:57+00:00

0695956b4b419beaf1b596d69243c09d00bfa9f7