Ejemplo n.º 1
0
int compare_torwall_iptables()
{
    const char *ipt_save = "/tmp/torwall_iptables_save";

    if (save_iptables(ipt_save) == -1) {
        tlog_print(ERROR, "Ugh. Couldn't save tmp iptables.");
        // XXX
        return 0;
    }

    return compare_iptables_files(ipt_save, TORWALL_IPTABLES);
}
Ejemplo n.º 2
0
static int init(struct parameters *args)
{
	char *new_iptables_config = NULL;
	char *interfaces_buf = NULL;
	char **ifaces = NULL;
	int thread_count = thread_get_packet_capture_cpu_count();
	const char *file_in = NULL;
	const char *file_out = NULL;
	const char *file_drop = NULL;
	int count;
	bool dump = false;

	/* Setup iptables rules */
	if (save_iptables("raw", &iptables_saved)) {
		message(HAKA_LOG_ERROR, MODULE_NAME, L"cannot save iptables rules");
		cleanup();
		return 1;
	}

	{
		const char *iter;
		const char *interfaces = parameters_get_string(args, "interfaces", NULL);
		if (!interfaces) {
			message(HAKA_LOG_ERROR, MODULE_NAME, L"no interfaces selected");
			cleanup();
			return 1;
		}

		for (count = 0, iter = interfaces; *iter; ++iter) {
			if (*iter == ',')
				++count;
		}

		interfaces_buf = strdup(interfaces);
		if (!interfaces_buf) {
			error(L"memory error");
			cleanup();
			return 1;
		}

		++count;
	}

	ifaces = malloc((sizeof(char *) * (count + 1)));
	if (!ifaces) {
		message(HAKA_LOG_ERROR, MODULE_NAME, L"memory error");
		free(interfaces_buf);
		cleanup();
		return 1;
	}

	messagef(HAKA_LOG_INFO, MODULE_NAME, L"installing iptables rules for device(s) %s", interfaces_buf);

	{
		int index = 0;
		char *str, *ptr = NULL;
		for (index = 0, str = interfaces_buf; index < count; index++, str = NULL) {
			char *token = strtok_r(str, ",", &ptr);
			assert(token != NULL);
			ifaces[index] = token;
		}
		ifaces[index] = NULL;
	}

	new_iptables_config = iptables_config(ifaces, thread_count);
	if (!new_iptables_config) {
		message(HAKA_LOG_ERROR, MODULE_NAME, L"cannot generate iptables rules");
		free(ifaces);
		free(interfaces_buf);
		cleanup();
		return 1;
	}
	free(ifaces);
	ifaces = NULL;
	free(interfaces_buf);
	interfaces_buf = NULL;

	if (apply_iptables(new_iptables_config)) {
		message(HAKA_LOG_ERROR, MODULE_NAME, L"cannot setup iptables rules");
		free(new_iptables_config);
		cleanup();
		return 1;
	}

	free(new_iptables_config);

	/* Setup pcap dump */
	dump = parameters_get_boolean(args, "dump", false);
	if (dump) {
		file_in = parameters_get_string(args, "dump_input", NULL);
		file_out = parameters_get_string(args, "dump_output", NULL);
		file_drop = parameters_get_string(args, "dump_drop", NULL);
		if (!(file_in || file_out || file_drop)) {
			message(HAKA_LOG_WARNING, MODULE_NAME, L"no dump pcap files specified");
		}
		else {
			pcap = malloc(sizeof(struct pcap_sinks));
			if (!pcap) {
				message(HAKA_LOG_ERROR, MODULE_NAME, L"memory error");
				cleanup();
				return 1;
			}
			memset(pcap, 0, sizeof(struct pcap_sinks));

			if (file_in) {
				open_pcap(&pcap->in, file_in);
				messagef(HAKA_LOG_INFO, MODULE_NAME, L"dumping received packets into '%s'", file_in);
			}
			if (file_out) {
				open_pcap(&pcap->out, file_out);
				messagef(HAKA_LOG_INFO, MODULE_NAME, L"dumping emitted packets into '%s'", file_out);
			}
			if (file_drop) {
				open_pcap(&pcap->drop, file_drop);
				messagef(HAKA_LOG_INFO, MODULE_NAME, L"dumping dropped packets into '%s'", file_drop);
			}
		}
	}

	return 0;
}