Revision: 1768
http://ipcop.svn.sourceforge.net/ipcop/?rev=1768&view=rev
Author: owes
Date: 2008-09-01 13:34:38 +0000 (Mon, 01 Sep 2008)
Log Message:
-----------
apply CodingStyle
Modified Paths:
--------------
ipcop/trunk/src/misc-progs/restartsquid.c
Modified: ipcop/trunk/src/misc-progs/restartsquid.c
===================================================================
--- ipcop/trunk/src/misc-progs/restartsquid.c 2008-09-01 13:34:11 UTC (rev
1767)
+++ ipcop/trunk/src/misc-progs/restartsquid.c 2008-09-01 13:34:38 UTC (rev
1768)
@@ -28,274 +28,270 @@
void usage(char *prg)
{
- printf("Usage: %s [-f] [-r] [-t] [-v]\n\n", prg);
- printf("Options:\n");
- printf(" -f flush proxy cache\n");
- printf(" -r repair proxy cache\n");
- printf(" -t test first, do not start if not running\n");
- printf(" -v be verbose\n");
- exit(1);
+ printf("Usage: %s [-f] [-r] [-t] [-v]\n\n", prg);
+ printf("Options:\n");
+ printf(" -f flush proxy cache\n");
+ printf(" -r repair proxy cache\n");
+ printf(" -t test first, do not start if not running\n");
+ printf(" -v be verbose\n");
+ exit(1);
}
/* read the vpn config file and adds a rule for every net-to-net definition
that skip the transparent rules REDIRECT
*/
-void setdirectvpn(int setdirectvpn_green, int setdirectvpn_blue) {
- int count;
- char *result;
- char *name;
- char *type;
- char *running;
- char *vpn_network_mask;
- char *vpn_netaddress;
- char *vpn_netmask;
- FILE *file = NULL;
- char *conn_enabled;
- char buffer[STRING_SIZE];
- char s[STRING_SIZE];
+void setdirectvpn(int setdirectvpn_green, int setdirectvpn_blue)
+{
+ int count;
+ char *result;
+ char *name;
+ char *type;
+ char *running;
+ char *vpn_network_mask;
+ char *vpn_netaddress;
+ char *vpn_netmask;
+ FILE *file = NULL;
+ char *conn_enabled;
+ char buffer[STRING_SIZE];
+ char s[STRING_SIZE];
- if (!setdirectvpn_green && !setdirectvpn_blue)
- return; /* nothing to do */
+ if (!setdirectvpn_green && !setdirectvpn_blue)
+ return; /* nothing to do */
- if (!(file = fopen("/var/ipcop/vpn/config", "r"))) {
- fprintf(stderr, "Couldn't open vpn config file");
- return; /* error! exit or return? */
- }
- /* WARNING: empty lines or comment not handled */
- while (fgets(s, STRING_SIZE, file) != NULL) {
- if (s[strlen(s) - 1] == '\n')
- s[strlen(s) - 1] = '\0';
- running = strdup (s);
- result = strsep(&running, ",");
- count = 0;
- name = NULL;
- type = NULL;
- vpn_network_mask = NULL;
- conn_enabled = NULL;
- while (result) {
- if (count == 1)
- conn_enabled = result;
- if (count == 2)
- name = result;
- if (count == 4)
- type = result;
- if (count == 12 )
- vpn_network_mask = result;
- count++;
- result = strsep(&running, ",");
- }
+ if (!(file = fopen("/var/ipcop/vpn/config", "r"))) {
+ fprintf(stderr, "Couldn't open vpn config file");
+ return; /* error! exit or return? */
+ }
+ /* WARNING: empty lines or comment not handled */
+ while (fgets(s, STRING_SIZE, file) != NULL) {
+ if (s[strlen(s) - 1] == '\n')
+ s[strlen(s) - 1] = '\0';
+ running = strdup(s);
+ result = strsep(&running, ",");
+ count = 0;
+ name = NULL;
+ type = NULL;
+ vpn_network_mask = NULL;
+ conn_enabled = NULL;
+ while (result) {
+ if (count == 1)
+ conn_enabled = result;
+ if (count == 2)
+ name = result;
+ if (count == 4)
+ type = result;
+ if (count == 12)
+ vpn_network_mask = result;
+ count++;
+ result = strsep(&running, ",");
+ }
- if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {
- fprintf(stderr, "Bad connection name: %s\n", name);
- continue;
- }
+ if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {
+ fprintf(stderr, "Bad connection name: %s\n", name);
+ continue;
+ }
- if (! (strcmp(type, "net") == 0)) {
- continue;
- }
+ if (!(strcmp(type, "net") == 0)) {
+ continue;
+ }
- /* Darren Critchley - new check to see if connection is enabled
*/
- if (! (strcmp(conn_enabled, "on") == 0)) {
- continue;
- }
+ /* Darren Critchley - new check to see if connection is enabled */
+ if (!(strcmp(conn_enabled, "on") == 0)) {
+ continue;
+ }
- result = strsep(&vpn_network_mask, "/");
- count = 0;
- vpn_netaddress = NULL;
- vpn_netmask = NULL;
- while (result) {
- if (count == 0)
- vpn_netaddress = result;
- if (count == 1)
- vpn_netmask = result;
- count++;
- result = strsep(&vpn_network_mask, "/");
- }
+ result = strsep(&vpn_network_mask, "/");
+ count = 0;
+ vpn_netaddress = NULL;
+ vpn_netmask = NULL;
+ while (result) {
+ if (count == 0)
+ vpn_netaddress = result;
+ if (count == 1)
+ vpn_netmask = result;
+ count++;
+ result = strsep(&vpn_network_mask, "/");
+ }
- if (!VALID_IP(vpn_netaddress)) {
- fprintf(stderr, "Bad network for vpn connection %s:
%s\n", name, vpn_netaddress);
- continue;
- }
+ if (!VALID_IP(vpn_netaddress)) {
+ fprintf(stderr, "Bad network for vpn connection %s: %s\n", name,
vpn_netaddress);
+ continue;
+ }
- if ((!VALID_IP(vpn_netmask)) &&
(!VALID_SHORT_MASK(vpn_netmask))) {
- fprintf(stderr, "Bad mask for vpn connection %s: %s\n",
name, vpn_netmask);
- continue;
- }
+ if ((!VALID_IP(vpn_netmask)) && (!VALID_SHORT_MASK(vpn_netmask))) {
+ fprintf(stderr, "Bad mask for vpn connection %s: %s\n", name,
vpn_netmask);
+ continue;
+ }
- memset(buffer, 0, STRING_SIZE);
- if (setdirectvpn_green) {
- if( snprintf(buffer, STRING_SIZE - 1,
- "/sbin/iptables -t nat -A SQUID -i %s
-p tcp -d %s/%s --dport 80 -j RETURN",
- ipcop_ethernet.device[GREEN][1],
- vpn_netaddress,
- vpn_netmask) >= STRING_SIZE ) {
- fprintf(stderr, "Command too long\n");
- fclose(file);
- exit(1);
- }
- safe_system(buffer);
- }
- if (setdirectvpn_blue) {
- if (snprintf(buffer,
- STRING_SIZE - 1,
- "/sbin/iptables -t nat -A SQUID -i %s
-p tcp -d %s/%s --dport 80 -j RETURN",
- ipcop_ethernet.device[BLUE][1],
- vpn_netaddress,
- vpn_netmask) >= STRING_SIZE ) {
- fprintf(stderr, "Command too long\n");
- fclose(file);
- exit(1);
- }
- safe_system(buffer);
- }
- }
- fclose(file);
+ memset(buffer, 0, STRING_SIZE);
+ if (setdirectvpn_green) {
+ if (snprintf(buffer, STRING_SIZE - 1,
+ "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s
--dport 80 -j RETURN",
+ ipcop_ethernet.device[GREEN][1], vpn_netaddress,
vpn_netmask) >= STRING_SIZE) {
+ fprintf(stderr, "Command too long\n");
+ fclose(file);
+ exit(1);
+ }
+ safe_system(buffer);
+ }
+ if (setdirectvpn_blue) {
+ if (snprintf(buffer,
+ STRING_SIZE - 1,
+ "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s
--dport 80 -j RETURN",
+ ipcop_ethernet.device[BLUE][1], vpn_netaddress,
vpn_netmask) >= STRING_SIZE) {
+ fprintf(stderr, "Command too long\n");
+ fclose(file);
+ exit(1);
+ }
+ safe_system(buffer);
+ }
+ }
+ fclose(file);
}
int main(int argc, char **argv)
{
- int c;
- int flag_t = 0;
- int flag_flush = 0;
- int flag_repair = 0;
- int enabled_green = 0;
- int transparent_green = 0;
- int enabled_blue = 0;
- int transparent_blue = 0;
- struct stat st;
- NODEKV *vpn_kv = NULL;
- NODEKV *squid_kv = NULL;
- char buffer[STRING_SIZE];
- char proxy_port[STRING_SIZE];
- char enableredvpn[STRING_SIZE] = "";
- char enablebluevpn[STRING_SIZE] = "";
- char value[STRING_SIZE] = "";
+ int c;
+ int flag_t = 0;
+ int flag_flush = 0;
+ int flag_repair = 0;
+ int enabled_green = 0;
+ int transparent_green = 0;
+ int enabled_blue = 0;
+ int transparent_blue = 0;
+ struct stat st;
+ NODEKV *vpn_kv = NULL;
+ NODEKV *squid_kv = NULL;
+ char buffer[STRING_SIZE];
+ char proxy_port[STRING_SIZE];
+ char enableredvpn[STRING_SIZE] = "";
+ char enablebluevpn[STRING_SIZE] = "";
+ char value[STRING_SIZE] = "";
- if (!(initsetuid()))
- exit(1);
+ if (!(initsetuid()))
+ exit(1);
- while ( (c = getopt(argc, argv, "frtv")) != -1 )
- {
- switch ( c )
- {
- case 't': /* test first */
- flag_t = 1;
- break;
- case 'f': /* flush cache */
- flag_flush = 1;
- break;
- case 'r': /* repair cache */
- flag_repair = 1;
- break;
- case 'v': /* verbose */
- flag_verbose++;
- break;
+ while ((c = getopt(argc, argv, "frtv")) != -1) {
+ switch (c) {
+ case 't': /* test first */
+ flag_t = 1;
+ break;
+ case 'f': /* flush cache */
+ flag_flush = 1;
+ break;
+ case 'r': /* repair cache */
+ flag_repair = 1;
+ break;
+ case 'v': /* verbose */
+ flag_verbose++;
+ break;
- default:
- fprintf(stderr, "unknown option\n");
- usage(argv[0]);
- break;
+ default:
+ fprintf(stderr, "unknown option\n");
+ usage(argv[0]);
+ break;
+ }
}
- }
- /* Retrieve the Squid pid file */
- if ( (access("/var/run/squid.pid", F_OK) == -1) && flag_t )
- {
- verbose_printf(1, "Squid not running, no need to start\n");
- exit (0); /*Not running, no need to start with -t */
- }
+ /* Retrieve the Squid pid file */
+ if ((access("/var/run/squid.pid", F_OK) == -1) && flag_t) {
+ verbose_printf(1, "Squid not running, no need to start\n");
+ exit(0); /*Not running, no need to start with -t */
+ }
- /* Kill running squid */
- verbose_printf(1, "Flush squid iptables chain ... \n");
- safe_system("/sbin/iptables -t nat -F SQUID");
- /* TODO: test for running squid first ? */
- verbose_printf(1, "Shutdown squid ... \n");
- safe_system("/usr/sbin/squid -k shutdown >/dev/null 2>/dev/null");
- sleep(5);
- verbose_printf(1, "Really shutdown squid ... \n");
- safe_system("/bin/killall -9 squid >/dev/null 2>/dev/null");
+ /* Kill running squid */
+ verbose_printf(1, "Flush squid iptables chain ... \n");
+ safe_system("/sbin/iptables -t nat -F SQUID");
+ /* TODO: test for running squid first ? */
+ verbose_printf(1, "Shutdown squid ... \n");
+ safe_system("/usr/sbin/squid -k shutdown >/dev/null 2>/dev/null");
+ sleep(5);
+ verbose_printf(1, "Really shutdown squid ... \n");
+ safe_system("/bin/killall -9 squid >/dev/null 2>/dev/null");
- if ( access("/var/run/squid.pid", F_OK) != -1 )
- {
- verbose_printf(2, "Remove leftover PID file ... \n");
- unlink("/var/run/squid.pid");
- }
+ if (access("/var/run/squid.pid", F_OK) != -1) {
+ verbose_printf(2, "Remove leftover PID file ... \n");
+ unlink("/var/run/squid.pid");
+ }
- /* See if we need to flush/repair the cache */
- if ( flag_flush ) {
- struct passwd *pw;
- if((pw = getpwnam("squid"))) {
- endpwent(); /* probably paranoia, but just in case.. */
- verbose_printf(1, "Flushing proxy cache ... \n");
- unpriv_system("/bin/rm -rf /var/log/cache/*",
pw->pw_uid, pw->pw_gid);
- } else {
- fprintf(stderr, "User squid not found, cache not
flushed\n");
- endpwent();
- }
- }
+ /* See if we need to flush/repair the cache */
+ if (flag_flush) {
+ struct passwd *pw;
+ if ((pw = getpwnam("squid"))) {
+ endpwent(); /* probably paranoia, but just in case.. */
+ verbose_printf(1, "Flushing proxy cache ... \n");
+ unpriv_system("/bin/rm -rf /var/log/cache/*", pw->pw_uid,
pw->pw_gid);
+ }
+ else {
+ fprintf(stderr, "User squid not found, cache not flushed\n");
+ endpwent();
+ }
+ }
- int saferestart = 0;
- if ( flag_repair ) {
- struct passwd *pw;
- if((pw = getpwnam("squid"))) {
- endpwent(); /* probably paranoia, but just in case.. */
- verbose_printf(1, "Repairing proxy cache ... \n");
- if (stat("/var/log/cache/swap.state", &st) == 0) {
- unpriv_system("/bin/rm -f
/var/log/cache/swap.state", pw->pw_uid, pw->pw_gid);
- }
- saferestart = 1;
- } else {
- fprintf(stderr, "User squid not found, cache not
repaired\n");
- endpwent();
- }
- }
+ int saferestart = 0;
+ if (flag_repair) {
+ struct passwd *pw;
+ if ((pw = getpwnam("squid"))) {
+ endpwent(); /* probably paranoia, but just in case.. */
+ verbose_printf(1, "Repairing proxy cache ... \n");
+ if (stat("/var/log/cache/swap.state", &st) == 0) {
+ unpriv_system("/bin/rm -f /var/log/cache/swap.state",
pw->pw_uid, pw->pw_gid);
+ }
+ saferestart = 1;
+ }
+ else {
+ fprintf(stderr, "User squid not found, cache not repaired\n");
+ endpwent();
+ }
+ }
- verbose_printf(1, "Reading Proxy settings ... \n");
- if (read_kv_from_file(&squid_kv, "/var/ipcop/proxy/settings") !=
SUCCESS) {
- fprintf(stderr, "Cannot read proxy settings\n");
- exit(1);
- }
+ verbose_printf(1, "Reading Proxy settings ... \n");
+ if (read_kv_from_file(&squid_kv, "/var/ipcop/proxy/settings") != SUCCESS) {
+ fprintf(stderr, "Cannot read proxy settings\n");
+ exit(1);
+ }
/* See if proxy is enabled and / or transparent */
- if (test_kv(squid_kv, "ENABLED_GREEN_1", "on") == SUCCESS) {
+ if (test_kv(squid_kv, "ENABLED_GREEN_1", "on") == SUCCESS) {
enabled_green = 1;
}
- if (test_kv(squid_kv, "TRANSPARENT_GREEN_1", "on") == SUCCESS) {
+ if (test_kv(squid_kv, "TRANSPARENT_GREEN_1", "on") == SUCCESS) {
transparent_green = 1;
}
- if (test_kv(squid_kv, "ENABLED_BLUE_1", "on") == SUCCESS) {
+ if (test_kv(squid_kv, "ENABLED_BLUE_1", "on") == SUCCESS) {
enabled_blue = 1;
}
- if (test_kv(squid_kv, "TRANSPARENT_BLUE_1", "on") == SUCCESS) {
+ if (test_kv(squid_kv, "TRANSPARENT_BLUE_1", "on") == SUCCESS) {
transparent_blue = 1;
}
- /* Retrieve the proxy port */
- if (transparent_green || transparent_blue) {
- if (find_kv_default(squid_kv, "PROXY_PORT", proxy_port) !=
SUCCESS) {
- strcpy (proxy_port, "800");
- } else {
- if(strspn(proxy_port, NUMBERS) != strlen(proxy_port)) {
- fprintf(stderr, "Invalid proxy port: %s,
defaulting to 800\n", proxy_port);
- strcpy(proxy_port, "800");
- }
- }
- }
- free_kv(&squid_kv);
+ /* Retrieve the proxy port */
+ if (transparent_green || transparent_blue) {
+ if (find_kv_default(squid_kv, "PROXY_PORT", proxy_port) != SUCCESS) {
+ strcpy(proxy_port, "800");
+ }
+ else {
+ if (strspn(proxy_port, NUMBERS) != strlen(proxy_port)) {
+ fprintf(stderr, "Invalid proxy port: %s, defaulting to 800\n",
proxy_port);
+ strcpy(proxy_port, "800");
+ }
+ }
+ }
+ free_kv(&squid_kv);
- if (!enabled_green && !enabled_blue) {
- verbose_printf(1, "Proxy not enabled ... exit ... \n");
- return 0;
- }
+ if (!enabled_green && !enabled_blue) {
+ verbose_printf(1, "Proxy not enabled ... exit ... \n");
+ return 0;
+ }
- /* Fetch ethernet/settings, exit on error */
- read_ethernet_settings(1);
-
+ /* Fetch ethernet/settings, exit on error */
+ read_ethernet_settings(1);
- verbose_printf(1, "Reading VPN settings ... \n");
+
+ verbose_printf(1, "Reading VPN settings ... \n");
/* TODO: fix for both IPsec and OpenVPN */
/*
if (read_kv_from_file(&vpn_kv, "/var/ipcop/vpn/settings") != SUCCESS) {
@@ -307,97 +303,96 @@
free_kv(&vpn_kv);
*/
- if (enabled_green || enabled_blue) {
- verbose_printf(1, "Starting squid ... \n");
- safe_system("/usr/sbin/squid -D -z");
- if (saferestart)
- safe_system("/usr/sbin/squid -DS");
- else
- safe_system("/usr/sbin/squid -D");
- }
+ if (enabled_green || enabled_blue) {
+ verbose_printf(1, "Starting squid ... \n");
+ safe_system("/usr/sbin/squid -D -z");
+ if (saferestart)
+ safe_system("/usr/sbin/squid -DS");
+ else
+ safe_system("/usr/sbin/squid -D");
+ }
- /* static (green/blue) interfaces must exist if transparence is
requested */
- if (transparent_green && enabled_green && !ipcop_ethernet.count[GREEN])
{
- fprintf(stderr, "No GREEN device, not running transparent\n");
- exit(1);
- }
+ /* static (green/blue) interfaces must exist if transparence is requested
*/
+ if (transparent_green && enabled_green && !ipcop_ethernet.count[GREEN]) {
+ fprintf(stderr, "No GREEN device, not running transparent\n");
+ exit(1);
+ }
- if (transparent_blue && enabled_blue && !ipcop_ethernet.count[BLUE]) {
- fprintf(stderr, "No BLUE device, not running transparent\n");
- exit(1);
- }
+ if (transparent_blue && enabled_blue && !ipcop_ethernet.count[BLUE]) {
+ fprintf(stderr, "No BLUE device, not running transparent\n");
+ exit(1);
+ }
- /* disable transparence for known vpn networks */
+ /* disable transparence for known vpn networks */
/* TODO: fix for both IPsec and OpenVPN */
/*
setdirectvpn (enabled_green && transparent_green &&
!strcmp(enableredvpn, "on"),
enabled_blue && transparent_blue &&
!strcmp(enablebluevpn, "on") );
*/
- /* choose RED destination: 'localip' or 'red_netaddress/red_netmask' */
- char destination[STRING_SIZE] = "";
- if ( strcmp(ipcop_ethernet.red_type[1], "STATIC")==0 ) {
- snprintf (destination, STRING_SIZE, "%s/%s",
ipcop_ethernet.address[RED][1], ipcop_ethernet.netmask[RED][1]);
- } else {
- if ( ipcop_ethernet.red_address[1][0] &&
VALID_IP(ipcop_ethernet.red_address[1]) ) {
- snprintf (destination, STRING_SIZE, "%s",
ipcop_ethernet.red_address[1]);
- }
- }
+ /* choose RED destination: 'localip' or 'red_netaddress/red_netmask' */
+ char destination[STRING_SIZE] = "";
+ if (strcmp(ipcop_ethernet.red_type[1], "STATIC") == 0) {
+ snprintf(destination, STRING_SIZE, "%s/%s",
ipcop_ethernet.address[RED][1], ipcop_ethernet.netmask[RED][1]);
+ }
+ else {
+ if (ipcop_ethernet.red_address[1][0] &&
VALID_IP(ipcop_ethernet.red_address[1])) {
+ snprintf(destination, STRING_SIZE, "%s",
ipcop_ethernet.red_address[1]);
+ }
+ }
- /* RED may be down */
- if (!strlen(destination)) {
- fprintf(stderr, "Cannot determine RED network.\n");
- }
- else {
- verbose_printf(2, "Dest IP is set to: %s\n", destination);
- }
+ /* RED may be down */
+ if (!strlen(destination)) {
+ fprintf(stderr, "Cannot determine RED network.\n");
+ }
+ else {
+ verbose_printf(2, "Dest IP is set to: %s\n", destination);
+ }
- /* install the transparency rules */
- /* green transparent ? */
- if (transparent_green && enabled_green) {
- /* direct http GREEN-->RED network */
- verbose_printf(1, "Setting transparent iptables rule for GREEN
... \n");
- if ( snprintf(buffer, STRING_SIZE - 1,
- "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d
%s --dport 80 -j RETURN",
- ipcop_ethernet.device[GREEN][1],
- destination) >= STRING_SIZE ) {
- fprintf(stderr, "Command too long\n");
- exit(1);
- }
- if (strlen(destination)) safe_system(buffer); /* only id known
RED */
+ /* install the transparency rules */
+ /* green transparent ? */
+ if (transparent_green && enabled_green) {
+ /* direct http GREEN-->RED network */
+ verbose_printf(1, "Setting transparent iptables rule for GREEN ...
\n");
+ if (snprintf(buffer, STRING_SIZE - 1,
+ "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s
--dport 80 -j RETURN",
+ ipcop_ethernet.device[GREEN][1], destination) >=
STRING_SIZE) {
+ fprintf(stderr, "Command too long\n");
+ exit(1);
+ }
+ if (strlen(destination))
+ safe_system(buffer); /* only id known RED */
- /* install the redirect for other port http destinations from
green */
- if( snprintf(buffer, STRING_SIZE - 1,
- "/sbin/iptables -t nat -A SQUID -i %s -p tcp
--dport 80 -j REDIRECT --to-port %s",
- ipcop_ethernet.device[GREEN][1],
- proxy_port) >= STRING_SIZE ) {
- fprintf(stderr, "Command too long\n");
- exit(1);
- }
- safe_system(buffer);
- }
- /* blue transparent ? */
- if (transparent_blue && enabled_blue) {
- /* direct http BLUE-->RED network */
- verbose_printf(1, "Setting transparent iptables rule for BLUE
... \n");
- if( snprintf(buffer, STRING_SIZE - 1,
- "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d
%s --dport 80 -j RETURN",
- ipcop_ethernet.device[BLUE][1],
- destination) >= STRING_SIZE ) {
- fprintf(stderr, "Command too long\n");
- exit(1);
- }
- if (strlen(destination)) safe_system(buffer); /* only id known
RED */
+ /* install the redirect for other port http destinations from green */
+ if (snprintf(buffer, STRING_SIZE - 1,
+ "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80
-j REDIRECT --to-port %s",
+ ipcop_ethernet.device[GREEN][1], proxy_port) >=
STRING_SIZE) {
+ fprintf(stderr, "Command too long\n");
+ exit(1);
+ }
+ safe_system(buffer);
+ }
+ /* blue transparent ? */
+ if (transparent_blue && enabled_blue) {
+ /* direct http BLUE-->RED network */
+ verbose_printf(1, "Setting transparent iptables rule for BLUE ... \n");
+ if (snprintf(buffer, STRING_SIZE - 1,
+ "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s
--dport 80 -j RETURN",
+ ipcop_ethernet.device[BLUE][1], destination) >=
STRING_SIZE) {
+ fprintf(stderr, "Command too long\n");
+ exit(1);
+ }
+ if (strlen(destination))
+ safe_system(buffer); /* only id known RED */
- /* install the redirect for other port http destinations from
blue */
- if( snprintf(buffer, STRING_SIZE - 1,
- "/sbin/iptables -t nat -A SQUID -i %s -p tcp
--dport 80 -j REDIRECT --to-port %s",
- ipcop_ethernet.device[BLUE][1],
- proxy_port) >= STRING_SIZE ) {
- fprintf(stderr, "Command too long\n");
- exit(1);
- }
- safe_system(buffer);
- }
- return 0;
+ /* install the redirect for other port http destinations from blue */
+ if (snprintf(buffer, STRING_SIZE - 1,
+ "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80
-j REDIRECT --to-port %s",
+ ipcop_ethernet.device[BLUE][1], proxy_port) >=
STRING_SIZE) {
+ fprintf(stderr, "Command too long\n");
+ exit(1);
+ }
+ safe_system(buffer);
+ }
+ return 0;
}
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
