diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2008-09-18 10:58:50 +0200 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2008-09-18 10:58:50 +0200 |
| commit | 8d5e1e0f431b4576211eff115dec82aeb140858f (patch) | |
| tree | 7301fb6fb30abd031ace956fe569645eaca0668a /eurephiafw.c | |
| parent | d55bb97b7d2b707ba6b3848a71e034a2225f34d5 (diff) | |
| download | eurephia-8d5e1e0f431b4576211eff115dec82aeb140858f.tar.gz eurephia-8d5e1e0f431b4576211eff115dec82aeb140858f.tar.xz eurephia-8d5e1e0f431b4576211eff115dec82aeb140858f.zip | |
Added (untested) flushing of firewall destination chain on firewall module startup. Improved some debug info as well.
Diffstat (limited to 'eurephiafw.c')
| -rw-r--r-- | eurephiafw.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/eurephiafw.c b/eurephiafw.c index 16328eb..b7dcc87 100644 --- a/eurephiafw.c +++ b/eurephiafw.c @@ -101,6 +101,8 @@ int eFW_load(eurephiaCTX *ctx, const char *intf) { void eFW_StartFirewall(eurephiaCTX *ctx) { struct mq_attr mqattr; eurephiaCTX *shadowctx = NULL; + char buf[1026], *fwdest = NULL; + unsigned int prio; ctx->fwcfg = (eurephiaFWINTF *) malloc(sizeof(eurephiaFWINTF)+2); memset(ctx->fwcfg, 0, sizeof(eurephiaFWINTF)+2); @@ -122,6 +124,15 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { (*ctx->fwcfg).thrdata.fw_command ); } + fwdest = eGet_value(ctx->dbc->config, "firewall_destination"); + if( fwdest == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Could not find firewall_destination in configuration. " + "Firewall updates will not be available."); + return; + } else { + eurephia_log(ctx, LOG_INFO, 1, "Using the %s chain for VPN accesses", fwdest); + } + eurephia_log(ctx, LOG_INFO, 3, "Starting eurephia firewall interface"); // Setup semaphores we need @@ -159,8 +170,6 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { // Flush the message queue for old messages if( mq_getattr((*ctx->fwcfg).thrdata.msgq, &mqattr) == 0 ) { long i; - char buf[1026]; - unsigned int prio; memset(&buf, 0, 1026); if( mqattr.mq_curmsgs > 0 ) { @@ -188,6 +197,14 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { eurephia_log(ctx, LOG_DEBUG, 20, "eFW master is ready, waiting for the eFW worker to get ready"); sem_wait(ctx->fwcfg->thrdata.semp_worker); eurephia_log(ctx, LOG_INFO, 2, "eFW interface initialised."); + + // Flushing the firewall chain for our clients, to make sure it is empty + memset(&buf, 0, 1026); + snprintf(buf, 1024, "F %s", fwdest); + if( mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1) == -1 ) { + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not request firewall flushing of the %s chain: %s", + fwdest, strerror(errno)); + }; } void eFW_StopFirewall(eurephiaCTX *ctx) { |