[pisa-src] r1078 - trunk/pisasd
- From: Thomas Jansen <mithi@xxxxxxxxx>
- To: pisa-src@xxxxxxxxxxxxx
- Date: Fri, 09 Oct 2009 14:24:07 +0200
Author: tjansen
Date: Fri Oct 9 14:24:07 2009
New Revision: 1078
Log:
Cleaned up NAT code in pisasd a bit.
Modified:
trunk/pisasd/sdmain.c
Modified: trunk/pisasd/sdmain.c
==============================================================================
--- trunk/pisasd/sdmain.c Fri Oct 9 12:29:15 2009 (r1077)
+++ trunk/pisasd/sdmain.c Fri Oct 9 14:24:07 2009 (r1078)
@@ -238,9 +238,12 @@
sd_ctx.fd_pisaconf = pisa_conf_open_server_socket(PISA_CONF_PORT_SD);
/* Enable nat if this process is a relay server */
- if (sd_cfg.is_relay == 1) {
- system(sd_cfg.nat_up);
- }
+ /* TODO this is a horrible way to set up NAT. From a security point of
+ * view calls to system are evil, and even more so if we just pass a
+ * user-supplied string -- Thomas */
+ if (sd_cfg.is_relay == 1)
+ system(sd_cfg.nat_up);
+
/* Initialize Logfile */
#ifdef CONFIG_PISA_LOGGING
if(!init_log(LOG_FILE))
@@ -287,8 +290,6 @@
inet_pton(AF_INET, "255.255.255.0", &netmask);
sd_ctx.tunnel = pisa_tunnel_open_tundev(sd_ctx.fd_pisa_tunnel_name,
IFNAMSIZ);
pisa_tunnel_configure_main(sd_ctx.fd_pisa_tunnel_name, &sd_cfg.ipaddr,
&netmask, MTU_TUN);
-
- /* TODO set NAT */
}
/**
@@ -305,9 +306,12 @@
pisa_conmgr_cleanup(&sd_ctx.conlist, sd_ctx.natlist);
pisa_nat_destroy(sd_ctx.natlist);
- if (sd_cfg.is_relay == 1) {
- system(sd_cfg.nat_down);
- }
+ /* TODO this is a horrible way to set up NAT. From a security point of
+ * view calls to system are evil, and even more so if we just pass a
+ * user-supplied string -- Thomas */
+ if (sd_cfg.is_relay == 1)
+ system(sd_cfg.nat_down);
+
sdctx_destroy(&sd_ctx);
sdconf_destroy(&sd_cfg);
pisa_arp_cleanup();
Other related posts:
- » [pisa-src] r1078 - trunk/pisasd - Thomas Jansen
