void setup_conntrack(void) { unsigned int v[10]; char p[128] = {0}; char buf[70]; int i; char *pch; // p = nvram_safe_get("ct_tcp_timeout"); tcapi_get("SysInfo_Entry", "ct_tcp_timeout", p); if (sscanf(p, "%u%u%u%u%u%u%u%u%u%u", &v[0], &v[1], &v[2], &v[3], &v[4], &v[5], &v[6], &v[7], &v[8], &v[9]) == 10) { // lightly verify write_tcp_timeout("established", v[1]); write_tcp_timeout("syn_sent", v[2]); write_tcp_timeout("syn_recv", v[3]); write_tcp_timeout("fin_wait", v[4]); write_tcp_timeout("time_wait", v[5]); write_tcp_timeout("close", v[6]); write_tcp_timeout("close_wait", v[7]); write_tcp_timeout("last_ack", v[8]); } else { v[1] = read_tcp_timeout("established"); v[2] = read_tcp_timeout("syn_sent"); v[3] = read_tcp_timeout("syn_recv"); v[4] = read_tcp_timeout("fin_wait"); v[5] = read_tcp_timeout("time_wait"); v[6] = read_tcp_timeout("close"); v[7] = read_tcp_timeout("close_wait"); v[8] = read_tcp_timeout("last_ack"); sprintf(buf, "0 %u %u %u %u %u %u %u %u 0", v[1], v[2], v[3], v[4], v[5], v[6], v[7], v[8]); // nvram_set("ct_tcp_timeout", buf); tcapi_set("SysInfo_Entry", "ct_tcp_timeout", buf); } setup_udp_timeout(FALSE); // p = nvram_safe_get("ct_timeout"); tcapi_get("SysInfo_Entry", "ct_timeout", p); if (sscanf(p, "%u%u", &v[0], &v[1]) == 2) { // write_ct_timeout("generic", NULL, v[0]); write_ct_timeout("icmp", NULL, v[1]); } else { v[0] = read_ct_timeout("generic", NULL); v[1] = read_ct_timeout("icmp", NULL); sprintf(buf, "%u %u", v[0], v[1]); // nvram_set("ct_timeout", buf); tcapi_set("SysInfo_Entry", "ct_timeout", buf); } #ifdef LINUX26 // p = nvram_safe_get("ct_hashsize"); tcapi_get("SysInfo_Entry", "ct_hashsize", p); i = atoi(p); if (i >= 127) { f_write_string("/sys/module/nf_conntrack/parameters/hashsize", p, 0, 0); } else if (f_read_string("/sys/module/nf_conntrack/parameters/hashsize", buf, sizeof(buf)) > 0) { if (atoi(buf) > 0) {//nvram_set("ct_hashsize", buf); pch = strchr(buf, '\n'); if(pch != NULL) memset(pch, 0, 1); tcapi_set("SysInfo_Entry", "ct_hashsize", buf); } } #endif // p = nvram_safe_get("ct_max"); tcapi_get("SysInfo_Entry", "ct_max", p); i = atoi(p); if (i >= 128) { f_write_string("/proc/sys/net/ipv4/netfilter/ip_conntrack_max", p, 0, 0); } else if (f_read_string("/proc/sys/net/ipv4/netfilter/ip_conntrack_max", buf, sizeof(buf)) > 0) { if (atoi(buf) > 0) {//nvram_set("ct_max", buf); pch = strchr(buf, '\n'); if(pch != NULL) memset(pch, 0, 1); tcapi_set("SysInfo_Entry", "ct_max", buf); } } //if (!nvram_match("nf_rtsp", "0")) { // ct_modprobe("rtsp"); //} //else { // ct_modprobe_r("rtsp"); //} // if (!nvram_match("nf_h323", "0")) { // ct_modprobe("h323"); // } // else { // ct_modprobe_r("h323"); // } // #ifdef LINUX26 // if (!nvram_match("nf_sip", "0")) { // ct_modprobe("sip"); // } // else { // ct_modprobe_r("sip"); // } // #endif // !!TB - FTP Server // #ifdef RTCONFIG_FTP // i = nvram_get_int("ftp_port"); // if (nvram_match("ftp_enable", "1") && (i > 0) && (i != 21)) // { // char ports[32]; // sprintf(ports, "ports=21,%d", i); // ct_modprobe("ftp", ports); // } // else // #endif // if (!nvram_match("nf_ftp", "0") // #ifdef RTCONFIG_FTP // || nvram_match("ftp_enable", "1") // !!TB - FTP Server // #endif // ) { // ct_modprobe("ftp"); // } // else { // ct_modprobe_r("ftp"); // } // if (!nvram_match("nf_pptp", "0")) { // ct_modprobe("proto_gre"); // ct_modprobe("pptp"); // } // else { // ct_modprobe_r("pptp"); // ct_modprobe_r("proto_gre"); // } }
static void safe_leave(int signo){ csprintf("\n## wanduck.safeexit ##\n"); signal(SIGTERM, SIG_IGN); signal(SIGUSR1, SIG_IGN); signal(SIGINT, SIG_IGN); FD_ZERO(&allset); close(http_sock); close(dns_sock); int i, ret; for(i = 0; i < maxfd; ++i){ ret = close(i); csprintf("## close %d: result=%d.\n", i, ret); } sleep(1); #ifdef RTCONFIG_WIRELESSREPEATER if(sw_mode == SW_MODE_REPEATER){ eval("ebtables", "-t", "broute", "-F"); eval("ebtables", "-t", "filter", "-F"); f_write_string("/proc/net/dnsmqctrl", "", 0, 0); } #endif if(rule_setup == 1){ csprintf("\n# Disable direct rule(exit wanduck)\n"); rule_setup = 0; conn_changed_state[current_wan_unit] = CONNED; // for cleaning the redirect rules. #if 0 // in the function safe_leave(), couldn't set any nvram using nvram_set(). // So the notify mechanism would be invalid. #if 0 handle_wan_line(current_wan_unit, rule_setup); #else // or start_nat_rules(); #endif #else // Couldn't directly use nvram_set(). // Must use the command: nvram, and set the nat_state. char buf[16]; FILE *fp = fopen("/tmp/nat_rules", "r"); memset(buf, 0, 16); sprintf(buf, "nat_state=%d", NAT_STATE_NORMAL); if(fp != NULL){ fclose(fp); eval("nvram", "set", buf); _dprintf("%s: apply the nat_rules: %s!\n", __FUNCTION__, buf); logmessage("wanduck exit", "apply the nat_rules!"); setup_ct_timeout(TRUE); setup_udp_timeout(TRUE); eval("iptables-restore", "/tmp/nat_rules"); } #endif } remove(WANDUCK_PID_FILE); csprintf("\n# return(exit wanduck)\n"); exit(0); }