diff options
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/eurephia.c | 24 | ||||
| -rw-r--r-- | plugin/firewall/iptables/efw-iptables.c | 34 |
2 files changed, 33 insertions, 25 deletions
diff --git a/plugin/eurephia.c b/plugin/eurephia.c index 8587e93..3451e8c 100644 --- a/plugin/eurephia.c +++ b/plugin/eurephia.c @@ -636,7 +636,7 @@ int eurephia_disconnect(eurephiaCTX *ctx, const char **env) { * * @return Returns 0 on failure and 1 on success. */ -int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macaddr, const char **env) { +int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *clientaddr, const char **env) { eurephiaSESSION *session = NULL; char *digest = NULL, *cname = NULL, *uname = NULL, *vpnipaddr = NULL, *vpnipmask = NULL, @@ -645,7 +645,7 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad int ret = 0, fw_enabled = 0; DEBUG(ctx, 10, "** Function call: eurephia_learn_address(ctx, '%.10s', '%.18s', ...)", - mode, macaddr); + mode, clientaddr); // Get firewall information fw_enabled = (eGet_value(ctx->dbc->config, "firewall_interface") != NULL); @@ -673,13 +673,17 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad } // Update openvpn_lastlog with the active MAC address, and save it as a session variable - ret = eDBregister_vpnmacaddr(ctx, session, macaddr); + ret = eDBregister_vpnmacaddr(ctx, session, clientaddr); if( (fw_enabled) && (fwdest != NULL) ) { fwprofile = eDBget_firewall_profile(ctx, session); if( fwprofile != NULL ) { eFWupdateRequest req = { .mode = fwADD, }; - strncpy(req.macaddress, macaddr, sizeof(req.macaddress)); + if( ctx->tuntype == tuntype_TAP ) { + strncpy(req.macaddress, clientaddr, sizeof(req.macaddress)); + } else { + strncpy(req.ipaddress, vpnipaddr, sizeof(req.ipaddress)); + } strncpy(req.rule_destination, fwdest, sizeof(req.rule_destination)); strncpy(req.goto_destination, fwprofile, sizeof(req.goto_destination)); eFW_UpdateFirewall(ctx, &req); @@ -690,11 +694,11 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad } else if( strncmp(mode, "delete", 6) == 0 ) { // Load the session, based on MAC address - session = eDBopen_session_macaddr(ctx, macaddr); + session = eDBopen_session_macaddr(ctx, clientaddr); if( session == NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "Could not find any session connected to this MAC address: %.18s", - macaddr); + clientaddr); ret = 0; goto exit; } @@ -703,7 +707,11 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad fwprofile = eDBget_firewall_profile(ctx, session); if( fwprofile != NULL ) { eFWupdateRequest req = { .mode = fwDELETE, }; - strncpy(req.macaddress, macaddr, sizeof(req.macaddress)); + if( ctx->tuntype == tuntype_TAP) { + strncpy(req.macaddress, clientaddr, sizeof(req.macaddress)); + } else { + strncpy(req.ipaddress, clientaddr, sizeof(req.ipaddress)); + } strncpy(req.rule_destination, fwdest, sizeof(req.rule_destination)); strncpy(req.goto_destination, fwprofile, sizeof(req.goto_destination)); eFW_UpdateFirewall(ctx, &req); @@ -722,7 +730,7 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad free_nullsafe(ctx, cname); free_nullsafe(ctx, digest); DEBUG(ctx, 10, "** Function result: eurephia_learn_address(ctx, '%s', '%.18s', ...) = %i", - mode, macaddr, ret); + mode, clientaddr, ret); return ret; } diff --git a/plugin/firewall/iptables/efw-iptables.c b/plugin/firewall/iptables/efw-iptables.c index aad5d4f..6172d5d 100644 --- a/plugin/firewall/iptables/efw-iptables.c +++ b/plugin/firewall/iptables/efw-iptables.c @@ -176,7 +176,7 @@ void eFW_RunFirewall(void *fwargs) { */ int process_input(eurephiaCTX *ctx, const char *fwcmd, const eFWupdateRequest *req) { const char *iptables_args[] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL}; - int ret = 0; + int ret = 0, argc = 2; DEBUG(ctx, 36, "eFW_RunFirewall::process_input(ctx, %s, %s, %s, %s, %s)", eFWmode_str[req->mode], req->ipaddress, req->macaddress, @@ -195,24 +195,24 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const eFWupdateRequest *r iptables_args[1] = "-D"; } // Prepare iptables arguments - iptables_args[2] = req->rule_destination; - if( req->ipaddress ) { - iptables_args[3] = "-s\0"; - iptables_args[4] = req->ipaddress; + iptables_args[argc++] = req->rule_destination; + if( strlen_nullsafe(req->ipaddress) > 0 ) { + iptables_args[argc++] = "-s\0"; + iptables_args[argc++] = req->ipaddress; } - if( req->macaddress ) { - iptables_args[3] = "-m\0"; - iptables_args[4] = "mac\0"; - iptables_args[5] = "--mac-source\0"; - iptables_args[6] = req->macaddress; + if( strlen_nullsafe(req->macaddress) > 0 ) { + iptables_args[argc++] = "-m\0"; + iptables_args[argc++] = "mac\0"; + iptables_args[argc++] = "--mac-source\0"; + iptables_args[argc++] = req->macaddress; } - iptables_args[7] = "-m\0"; - iptables_args[8] = "state\0"; - iptables_args[9] = "--state\0"; - iptables_args[10] = "NEW\0"; - iptables_args[11] = "-j\0"; - iptables_args[12] = req->goto_destination; - iptables_args[13] = NULL; + iptables_args[argc++] = "-m\0"; + iptables_args[argc++] = "state\0"; + iptables_args[argc++] = "--state\0"; + iptables_args[argc++] = "NEW\0"; + iptables_args[argc++] = "-j\0"; + iptables_args[argc++] = req->goto_destination; + iptables_args[argc++] = NULL; eurephia_log(ctx, LOG_INFO, 3, "eFW_RunFirewall - updating iptables rules " "==> mode: %s ipaddr: %s macaddr: '%s' destchain: '%s' jump: '%s'", |