static void interception_process(int fd) { int diff, new_fd, i, pass_through_flag = 0; time_t now; unsigned long packet_id; struct iphdr *ip_header; struct msg_client_s *c_msg; if(fd == msg_listen_sock){ new_fd = accept(msg_listen_sock, NULL, NULL); set_sock_no_delay(new_fd); if(new_fd != -1){ select_server_add(new_fd); } }else if(fd == firewall_sock){ packet_id = 0; ip_header = nl_firewall_recv(firewall_sock, &packet_id); if(ip_header != NULL){ /* Check if it is the valid user to pass through firewall */ for(i = 0; i < srv_settings.passed_ips.num; i++){ if(srv_settings.passed_ips.ips[i] == ip_header->daddr){ pass_through_flag = 1; break; } } if(pass_through_flag){ /* Pass through the firewall */ dispose_netlink_packet(NF_ACCEPT, packet_id); }else{ router_update(ip_header); now = time(0); diff = now - last_clean_time; if(diff > CHECK_INTERVAL){ route_delete_obsolete(now); delay_table_delete_obsolete(now); last_clean_time = now; } /* Drop the packet */ dispose_netlink_packet(NF_DROP, packet_id); } } }else{ c_msg = msg_server_recv(fd); if(c_msg){ if(c_msg->type == CLIENT_ADD){ tc_log_debug1(LOG_NOTICE, "add client router:%u", ntohs(c_msg->client_port)); router_add(c_msg->client_ip, c_msg->client_port, fd); }else if(c_msg->type == CLIENT_DEL){ tc_log_debug1(LOG_NOTICE, "del client router:%u", ntohs(c_msg->client_port)); router_del(c_msg->client_ip, c_msg->client_port); } }else{ close(fd); select_server_del(fd); log_info(LOG_NOTICE, "close sock:%d", fd); } } }
static int tc_nl_event_process(tc_event_t *rev) { int i, pass_through_flag = 0; char buffer[65535]; unsigned long packet_id; tc_ip_header_t *ip_hdr; packet_id = 0; if (tc_nl_socket_recv(rev->fd, buffer, 65535) == TC_ERROR) { return TC_ERROR; } ip_hdr = tc_nl_ip_header(buffer); packet_id = tc_nl_packet_id(buffer); if (ip_hdr != NULL) { /* check if it is the valid user to pass through firewall */ for (i = 0; i < srv_settings.passed_ips.num; i++) { if (srv_settings.passed_ips.ips[i] == ip_hdr->daddr) { pass_through_flag = 1; break; } } tot_resp_packs++; if (pass_through_flag) { #if (INTERCEPT_THREAD) put_nl_verdict_to_pool(rev->fd, NF_ACCEPT, packet_id); #else /* pass through the firewall */ dispose_netlink_packet(rev->fd, NF_ACCEPT, packet_id); #endif } else { tot_copy_resp_packs++; #if (INTERCEPT_THREAD) /* put response packet header to pool */ put_resp_header_to_pool(ip_hdr); /* drop the packet */ put_nl_verdict_to_pool(rev->fd, NF_DROP, packet_id); #else router_update(srv_settings.router_fd, ip_hdr); tc_check_cleaning(); /* drop the packet */ dispose_netlink_packet(rev->fd, NF_DROP, packet_id); #endif } } return TC_OK; }
static int tc_nl_event_process(tc_event_t *rev) { int i, pass_through_flag = 0; char buffer[65536]; unsigned long packet_id; tc_ip_header_t *ip_hdr; if (tc_nl_socket_recv(rev->fd, buffer, 65536) == TC_ERROR) { return TC_ERROR; } ip_hdr = tc_nl_ip_header(buffer); packet_id = tc_nl_packet_id(buffer); if (ip_hdr != NULL) { /* check if it is the valid user to pass through firewall */ for (i = 0; i < srv_settings.passed_ips.num; i++) { if (srv_settings.passed_ips.ips[i] == ip_hdr->daddr) { pass_through_flag = 1; break; } } tot_resp_packs++; if (pass_through_flag) { /* pass through the firewall */ dispose_netlink_packet(rev->fd, NF_ACCEPT, packet_id); } else { tot_copy_resp_packs++; router_update(srv_settings.old, srv_settings.router_fd, ip_hdr); /* drop the packet */ dispose_netlink_packet(rev->fd, NF_DROP, packet_id); } } return TC_OK; }
static void * interception_dispose_nl_verdict(void *tid) { tc_verdict_t verdict; for (;;) { get_nl_verdict_from_pool(&verdict); dispose_netlink_packet(verdict.fd, verdict.verdict, verdict.packet_id); } return NULL; }