static void interception_process(int fd)
{
int diff, new_fd, i, pass_through_flag = 0;
time_t now;
unsigned long packet_id;
struct iphdr *ip_header;
struct msg_client_s *c_msg;
if(fd == msg_listen_sock){
new_fd = accept(msg_listen_sock, NULL, NULL);
set_sock_no_delay(new_fd);
if(new_fd != -1){
select_server_add(new_fd);
}
}else if(fd == firewall_sock){
packet_id = 0;
ip_header = nl_firewall_recv(firewall_sock, &packet_id);
if(ip_header != NULL){
/* Check if it is the valid user to pass through firewall */
for(i = 0; i < srv_settings.passed_ips.num; i++){
if(srv_settings.passed_ips.ips[i] == ip_header->daddr){
pass_through_flag = 1;
break;
}
}
if(pass_through_flag){
/* Pass through the firewall */
dispose_netlink_packet(NF_ACCEPT, packet_id);
}else{
router_update(ip_header);
now = time(0);
diff = now - last_clean_time;
if(diff > CHECK_INTERVAL){
route_delete_obsolete(now);
delay_table_delete_obsolete(now);
last_clean_time = now;
}
/* Drop the packet */
dispose_netlink_packet(NF_DROP, packet_id);
}
}
}else{
c_msg = msg_server_recv(fd);
if(c_msg){
if(c_msg->type == CLIENT_ADD){
tc_log_debug1(LOG_NOTICE, "add client router:%u",
ntohs(c_msg->client_port));
router_add(c_msg->client_ip, c_msg->client_port, fd);
}else if(c_msg->type == CLIENT_DEL){
tc_log_debug1(LOG_NOTICE, "del client router:%u",
ntohs(c_msg->client_port));
router_del(c_msg->client_ip, c_msg->client_port);
}
}else{
close(fd);
select_server_del(fd);
log_info(LOG_NOTICE, "close sock:%d", fd);
}
}
}
static int
tc_nl_event_process(tc_event_t *rev)
{
int i, pass_through_flag = 0;
char buffer[65535];
unsigned long packet_id;
tc_ip_header_t *ip_hdr;
packet_id = 0;
if (tc_nl_socket_recv(rev->fd, buffer, 65535) == TC_ERROR) {
return TC_ERROR;
}
ip_hdr = tc_nl_ip_header(buffer);
packet_id = tc_nl_packet_id(buffer);
if (ip_hdr != NULL) {
/* check if it is the valid user to pass through firewall */
for (i = 0; i < srv_settings.passed_ips.num; i++) {
if (srv_settings.passed_ips.ips[i] == ip_hdr->daddr) {
pass_through_flag = 1;
break;
}
}
tot_resp_packs++;
if (pass_through_flag) {
#if (INTERCEPT_THREAD)
put_nl_verdict_to_pool(rev->fd, NF_ACCEPT, packet_id);
#else
/* pass through the firewall */
dispose_netlink_packet(rev->fd, NF_ACCEPT, packet_id);
#endif
} else {
tot_copy_resp_packs++;
#if (INTERCEPT_THREAD)
/* put response packet header to pool */
put_resp_header_to_pool(ip_hdr);
/* drop the packet */
put_nl_verdict_to_pool(rev->fd, NF_DROP, packet_id);
#else
router_update(srv_settings.router_fd, ip_hdr);
tc_check_cleaning();
/* drop the packet */
dispose_netlink_packet(rev->fd, NF_DROP, packet_id);
#endif
}
}
return TC_OK;
}
static int
tc_nl_event_process(tc_event_t *rev)
{
int i, pass_through_flag = 0;
char buffer[65536];
unsigned long packet_id;
tc_ip_header_t *ip_hdr;
if (tc_nl_socket_recv(rev->fd, buffer, 65536) == TC_ERROR)
{
return TC_ERROR;
}
ip_hdr = tc_nl_ip_header(buffer);
packet_id = tc_nl_packet_id(buffer);
if (ip_hdr != NULL) {
/* check if it is the valid user to pass through firewall */
for (i = 0; i < srv_settings.passed_ips.num; i++) {
if (srv_settings.passed_ips.ips[i] == ip_hdr->daddr) {
pass_through_flag = 1;
break;
}
}
tot_resp_packs++;
if (pass_through_flag) {
/* pass through the firewall */
dispose_netlink_packet(rev->fd, NF_ACCEPT, packet_id);
} else {
tot_copy_resp_packs++;
router_update(srv_settings.old, srv_settings.router_fd, ip_hdr);
/* drop the packet */
dispose_netlink_packet(rev->fd, NF_DROP, packet_id);
}
}
return TC_OK;
}
static void *
interception_dispose_nl_verdict(void *tid)
{
tc_verdict_t verdict;
for (;;) {
get_nl_verdict_from_pool(&verdict);
dispose_netlink_packet(verdict.fd, verdict.verdict, verdict.packet_id);
}
return NULL;
}
