diff options
Diffstat (limited to 'plugin/firewall/eurephiafw.c')
| -rw-r--r-- | plugin/firewall/eurephiafw.c | 54 |
1 files changed, 52 insertions, 2 deletions
diff --git a/plugin/firewall/eurephiafw.c b/plugin/firewall/eurephiafw.c index e57f7cc..0ee83de 100644 --- a/plugin/firewall/eurephiafw.c +++ b/plugin/firewall/eurephiafw.c @@ -19,6 +19,16 @@ * */ +/** + * @file eurephiafw.c + * @author David Sommerseth <dazo@users.sourceforge.net> + * @date 2008-08-10 + * + * @brief Takes care of loading the configured firewall driver and provides a + * generic API for updating the firewall rules. + * + */ + #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -41,6 +51,14 @@ #include "eurephiafw_helpers.h" #include "eurephiadb_driver.h" + +/** + * Unloads the firewall driver + * + * @param ctx eurephiaCTX + * + * @return Returns 1 on success, otherwise 0. + */ int eFW_unload(eurephiaCTX *ctx) { if( ctx == NULL ) { return 1; @@ -56,6 +74,14 @@ int eFW_unload(eurephiaCTX *ctx) { } +/** + * Loads the given firewall driver/interface + * + * @param ctx eurephiaCTX + * @param intf full path to the firewall interface + * + * @return Returns 1 on success, otherwise 0. + */ int eFW_load(eurephiaCTX *ctx, const char *intf) { if( (intf == NULL) || (strlen(intf) == 0) ) { eurephia_log(ctx, LOG_FATAL, 0, "No valid eurephia firewall interface indicated"); @@ -82,7 +108,7 @@ int eFW_load(eurephiaCTX *ctx, const char *intf) { default: eurephia_log(ctx, LOG_WARNING, 0, "eurephia Firewall interface API is newer than what the running eurephia version is " - "familiar with. Please consider to upgrade eurphia to take advantage of newer " + "familiar with. Please consider to upgrade eurephia to take advantage of newer " "features in the eurephiaDB driver."); case 1: @@ -100,6 +126,13 @@ int eFW_load(eurephiaCTX *ctx, const char *intf) { return 1; } + +/** + * Starts the firewall thread. It is started as a separate process, to make sure it will run with + * root privileges. + * + * @param ctx eurephiaCTX + */ void eFW_StartFirewall(eurephiaCTX *ctx) { struct mq_attr mqattr; eurephiaCTX *shadowctx = NULL; @@ -250,6 +283,12 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { } } + +/** + * Stops the firewall update process. + * + * @param ctx eurephiaCTX + */ void eFW_StopFirewall(eurephiaCTX *ctx) { char buf[520], *fwdest = NULL; struct timespec tsp; @@ -289,7 +328,7 @@ void eFW_StopFirewall(eurephiaCTX *ctx) { // Wait for the firewall module process to finish // - // prepare a timeout - 30 secounds should be enough + // prepare a timeout - 30 seconder's should be enough if( clock_gettime(CLOCK_REALTIME, &tsp) == -1 ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not prepare timeout for firewall shutdown: %s", strerror(errno)); @@ -318,6 +357,17 @@ void eFW_StopFirewall(eurephiaCTX *ctx) { } +/** + * Requests an update of the firewall rules + * + * @param ctx eurephiaCTX + * @param mode int value which can be FWRULE_ADD, FWRULE_DELETE, FWRULE_BLACKLIST + * @param addr The address of the rule to be changed (IP address or MAC address) + * @param fwdest The firewall destination, where the rule is (to be) found. + * @param fwprofile The firewall profile the user is defined to make use of. + * + * @return Returns 1 on success, otherwise 0. + */ int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode, const char *addr, const char *fwdest, const char *fwprofile) { char buf[1026]; |