Revision: 6255
http://ipcop.svn.sourceforge.net/ipcop/?rev=6255&view=rev
Author: owes
Date: 2012-01-23 21:08:19 +0000 (Mon, 23 Jan 2012)
Log Message:
-----------
Add file locking to puzzleFwRules.pl and make the logmessages more consistent.
file locking helps to avoid iptables errormessages when 2 instances are running
at the same time.
Modified Paths:
--------------
ipcop/trunk/src/scripts/puzzleFwRules.pl
ipcop/trunk/updates/2.0.3/ROOTFILES.i486-2.0.3
Modified: ipcop/trunk/src/scripts/puzzleFwRules.pl
===================================================================
--- ipcop/trunk/src/scripts/puzzleFwRules.pl 2012-01-23 07:36:15 UTC (rev
6254)
+++ ipcop/trunk/src/scripts/puzzleFwRules.pl 2012-01-23 21:08:19 UTC (rev
6255)
@@ -36,6 +36,7 @@
use warnings;
no warnings 'once';
+use Fcntl qw(:flock);
require '/usr/lib/ipcop/general-functions.pl';
require '/usr/lib/ipcop/lang.pl';
require '/usr/lib/ipcop/header.pl';
@@ -48,7 +49,7 @@
# 2 - only print rules
my $debugLevel = 0;
-#&General::log("BlockOutTraffic: Renew rules");
+#&General::log("puzzleFwRules: Renew rules");
# Debug
my @preparedRules = ();
@@ -117,14 +118,14 @@
print "The $type rules need _no_ update\n";
# disable logging, it is filling the logs to much
- #&General::log("$type rules need no update");
+ #&General::log("puzzleFwRules: $type rules need no update");
}
}
else {
push(@runRuleTypes, $type);
if ($debugLevel > 0) {
print "The $type rules need an update\n";
- &General::log("The $type rules need update");
+ &General::log("puzzleFwRules: the $type rules need update");
}
}
}
@@ -138,7 +139,7 @@
if ($debugLevel > 0) {
print "Force update of '$type' rules\n";
- &General::log("Force update of '$type' rules");
+ &General::log("puzzleFwRules: force update of '$type' rules");
}
}
elsif ($argument eq '-a') {
@@ -150,7 +151,7 @@
if ($debugLevel > 0) {
print "Force update of all (and I mean ALL) rules\n";
- &General::log("Force update of all rules");
+ &General::log("puzzleFwRules: force update of all rules");
}
}
elsif ($argument eq '-u') {
@@ -160,7 +161,7 @@
if ($debugLevel > 0) {
print "Force update of user rules\n";
- &General::log("Force update of user rules");
+ &General::log("puzzleFwRules: force update of user rules");
}
}
elsif ($argument eq '-i') {
@@ -169,7 +170,7 @@
if ($debugLevel > 0) {
print "Force update of services rules\n";
- &General::log("Force update of services rules");
+ &General::log("puzzleFwRules: force update of services rules");
}
}
elsif ($argument eq '-w') {
@@ -178,7 +179,7 @@
if ($debugLevel > 0) {
print "Force update of Addressfilter rules\n";
- &General::log("Force update of Addressfilter rules");
+ &General::log("puzzleFwRules: force update of Addressfilter rules");
}
}
elsif ($argument eq '-d') {
@@ -481,7 +482,7 @@
}
else { # 'custSrcNet'
if ($custIfaces{$rule->{'SRC_NET'}} eq '') {
- &General::log("BlockOutTraffic Error: Custom Interface
$rule->{'SRC_NET'} does not exist");
+ &General::log("ERROR in puzzleFwRules: Custom Interface
$rule->{'SRC_NET'} does not exist");
next;
}
$inDev = $custIfaces{$rule->{'SRC_NET'}}{'IFACE'};
@@ -514,7 +515,7 @@
}
else { # 'custSrcNet'
if ($custIfaces{$rule->{'DST_NET'}} eq '') {
- &General::log("BlockOutTraffic Error: Custom Interface
$rule->{'DST_NET'} does not exist");
+ &General::log("ERROR in puzzleFwRules: Custom Interface
$rule->{'DST_NET'} does not exist");
next;
}
@outDev = ($custIfaces{$rule->{'DST_NET'}}{'IFACE'});
@@ -546,14 +547,14 @@
}
elsif ($rule->{'SRC_ADR_TYPE'} eq 'custSrcAdr') {
unless (defined $custAddresses{$rule->{'SRC_ADR'}}{'ADDRESS'}) {
- &General::log("BlockOutTraffic Error: Custom Address
$rule->{'SRC_ADR'} does not exist");
+ &General::log("ERROR in puzzleFwRules: Custom Address
$rule->{'SRC_ADR'} does not exist");
next;
}
@srcAdres = (&buildAddressParams($rule->{'SRC_ADR'}, "custom",
$invSrcAdr, "source"));
}
elsif ($rule->{'SRC_ADR_TYPE'} eq 'groupSrcAdr') {
unless (defined $groupAddresses{$rule->{'SRC_ADR'}}{'ADDRESSES'}) {
- &General::log("BlockOutTraffic Error: Address Group
$rule->{'SRC_ADR'} does not exist");
+ &General::log("ERROR in puzzleFwRules: Address Group
$rule->{'SRC_ADR'} does not exist");
next;
}
foreach my $adr
(@{$groupAddresses{$rule->{'SRC_ADR'}}{'ADDRESSES'}}) {
@@ -638,13 +639,13 @@
}
elsif ($rule->{'DST_IP_TYPE'} eq 'custDestIP') {
unless (defined $custAddresses{$rule->{'DST_IP'}}{'ADDRESS'}) {
- &General::log("BlockOutTraffic Error: Custom Address
$rule->{'DST_IP'} does not exist");
+ &General::log("ERROR in puzzleFwRules: Custom Address
$rule->{'DST_IP'} does not exist");
next;
}
my $custAdr = $custAddresses{$rule->{'DST_IP'}};
if ($custAdr->{'ADDRESS_TYPE'} ne 'ip') {
- &General::log("Error: Custom Address $rule->{'DST_IP'} -
$Lang::tr{'mac adr not as dest'}");
+ &General::log("ERROR in puzzleFwRules: Custom Address
$rule->{'DST_IP'} - $Lang::tr{'mac adr not as dest'}");
next;
}
@destAdres = (&buildAddressParams($rule->{'DST_IP'}, "custom",
$invDestAdr, $destAdrType));
@@ -652,7 +653,7 @@
}
elsif ($rule->{'DST_IP_TYPE'} eq 'groupDestIP') {
unless (defined
$groupAddresses{$rule->{'DST_IP'}}{'ADDRESSES'}) {
- &General::log("BlockOutTraffic Error: Address Group
$rule->{'DST_IP'} does not exist");
+ &General::log("ERROR in puzzleFwRules: Address Group
$rule->{'DST_IP'} does not exist");
next;
}
foreach my $adr
(@{$groupAddresses{$rule->{'DST_IP'}}{'ADDRESSES'}}) {
@@ -1237,6 +1238,15 @@
sub submitAllRules
{
+ my $lockfile;
+ unless (open($lockfile, '>', '/var/lock/puzzleFwRules')) {
+ &General::log("ERROR in puzzleFwRules: open lockfile failed");
+ die("ERROR in puzzleFwRules: open lockfile failed");
+ }
+ unless (flock($lockfile, LOCK_EX)) {
+ &General::log("ERROR in puzzleFwRules: lock failed");
+ die("ERROR in puzzleFwRules: lock failed");
+ }
foreach my $rule (@preparedRules) {
## DEBUG
print "$rule\n" if ($debugLevel > 0);
@@ -1246,9 +1256,13 @@
# Should not happen but if it does we want to know about it.
my $rc = system($rule);
- &General::log("ERROR in puzzleFw: $rc $rule") if ($rc);
+ &General::log("ERROR in puzzleFwRules: $rc $rule") if ($rc);
}
}
+ unless (flock($lockfile, LOCK_UN)) {
+ &General::log("ERROR in puzzleFwRules: unlock failed");
+ die("ERROR in puzzleFwRules: unlock failed");
+ }
}
# &inDayTime($rule->{'START_HOUR'}, $rule->{'END_HOUR'},
$rule->{'START_MINUTE'}, $rule->{'END_MINUTE'})
@@ -1354,7 +1368,7 @@
$protoInv = '!' if ($custServices{$p_serviceName}{'PROTOCOL_INVERT'} eq
'on');
unless (defined $custServices{$p_serviceName}{'PROTOCOL'}) {
- &General::log("BlockOutTraffic Error: Custom Service $p_serviceName
does not exist");
+ &General::log("ERROR in puzzleFwRules: Custom Service $p_serviceName
does not exist");
}
elsif ($custServices{$p_serviceName}{'PROTOCOL'} eq 'tcpudp') {
$service_1 = "-p tcp $p_srcPort
$custServices{$p_serviceName}{'PORT_IPT'}";
@@ -1452,7 +1466,7 @@
if ($p_addressType eq 'custom') {
unless (defined $custAddresses{$p_addressName}{'ADDRESS'}) {
- &General::log("BlockOutTraffic Error: Custom Address
$p_addressName does not exist");
+ &General::log("ERROR in puzzleFwRules: Custom Address
$p_addressName does not exist");
return ();
}
Modified: ipcop/trunk/updates/2.0.3/ROOTFILES.i486-2.0.3
===================================================================
--- ipcop/trunk/updates/2.0.3/ROOTFILES.i486-2.0.3 2012-01-23 07:36:15 UTC
(rev 6254)
+++ ipcop/trunk/updates/2.0.3/ROOTFILES.i486-2.0.3 2012-01-23 21:08:19 UTC
(rev 6255)
@@ -18,6 +18,7 @@
/usr/lib/ipcop/scheduler-lib.pl
/usr/local/bin/blacklistupdate.pl
/usr/local/bin/makesquidconf.pl
+/usr/local/bin/puzzleFwRules.pl
/usr/local/bin/restartsquid
/usr/local/bin/scheduler.pl
/usr/local/bin/upgrade.sh
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
