Author: tjansen Date: Fri Oct 9 14:24:07 2009 New Revision: 1078 Log: Cleaned up NAT code in pisasd a bit. Modified: trunk/pisasd/sdmain.c Modified: trunk/pisasd/sdmain.c ============================================================================== --- trunk/pisasd/sdmain.c Fri Oct 9 12:29:15 2009 (r1077) +++ trunk/pisasd/sdmain.c Fri Oct 9 14:24:07 2009 (r1078) @@ -238,9 +238,12 @@ sd_ctx.fd_pisaconf = pisa_conf_open_server_socket(PISA_CONF_PORT_SD); /* Enable nat if this process is a relay server */ - if (sd_cfg.is_relay == 1) { - system(sd_cfg.nat_up); - } + /* TODO this is a horrible way to set up NAT. From a security point of + * view calls to system are evil, and even more so if we just pass a + * user-supplied string -- Thomas */ + if (sd_cfg.is_relay == 1) + system(sd_cfg.nat_up); + /* Initialize Logfile */ #ifdef CONFIG_PISA_LOGGING if(!init_log(LOG_FILE)) @@ -287,8 +290,6 @@ inet_pton(AF_INET, "255.255.255.0", &netmask); sd_ctx.tunnel = pisa_tunnel_open_tundev(sd_ctx.fd_pisa_tunnel_name, IFNAMSIZ); pisa_tunnel_configure_main(sd_ctx.fd_pisa_tunnel_name, &sd_cfg.ipaddr, &netmask, MTU_TUN); - - /* TODO set NAT */ } /** @@ -305,9 +306,12 @@ pisa_conmgr_cleanup(&sd_ctx.conlist, sd_ctx.natlist); pisa_nat_destroy(sd_ctx.natlist); - if (sd_cfg.is_relay == 1) { - system(sd_cfg.nat_down); - } + /* TODO this is a horrible way to set up NAT. From a security point of + * view calls to system are evil, and even more so if we just pass a + * user-supplied string -- Thomas */ + if (sd_cfg.is_relay == 1) + system(sd_cfg.nat_down); + sdctx_destroy(&sd_ctx); sdconf_destroy(&sd_cfg); pisa_arp_cleanup();