Author: tjansen Date: Fri Oct 9 15:02:20 2009 New Revision: 1080 Log: Split NAT and forwarding setup into a separate file. Added: trunk/pisasd/sdnat.c - copied, changed from r1079, trunk/pisasd/sdmain.c trunk/pisasd/sdnat.h Modified: trunk/pisasd/Makefile.am trunk/pisasd/sdmain.c Modified: trunk/pisasd/Makefile.am ============================================================================== --- trunk/pisasd/Makefile.am Fri Oct 9 14:25:12 2009 (r1079) +++ trunk/pisasd/Makefile.am Fri Oct 9 15:02:20 2009 (r1080) @@ -37,7 +37,8 @@ LDADD += -lm pisasd_SOURCES = sdmain.c sdclients.c sdconf.c sdctx.c sdderegister.c \ - sdheartbeat.c sdmsg.c sdregister.c sdtun.c pisasdconf.c + sdheartbeat.c sdmsg.c sdregister.c sdtun.c pisasdconf.c \ + sdnat.c pisasdconf_SOURCES = pisaconftool.c pisasdconf.c include_HEADERS = sdclients.h sdconf.h sdctx.h sdderegister.h sdheartbeat.h \ - sdmsg.h sdregister.h sdtun.h pisasdconf.h + sdmsg.h sdregister.h sdtun.h pisasdconf.h sdnat.h Modified: trunk/pisasd/sdmain.c ============================================================================== --- trunk/pisasd/sdmain.c Fri Oct 9 14:25:12 2009 (r1079) +++ trunk/pisasd/sdmain.c Fri Oct 9 15:02:20 2009 (r1080) @@ -34,6 +34,7 @@ #include "sdderegister.h" #include "sdheartbeat.h" #include "sdmsg.h" +#include "sdnat.h" #include "sdregister.h" #include "sdtun.h" #include "ctrlhandler.h" @@ -68,12 +69,6 @@ }; /** - * Path to pseudo interface file in the Linux procfs. - * Used for NAT (not internal NAT but NAT on the server) - */ -#define IP4_FOWARD_FILENAME "/proc/sys/net/ipv4/ip_forward" - -/** * A set of pointers to packet handling functions */ pisa_packet_handle_func_set pisasd_packet_handle_func_set; @@ -123,43 +118,6 @@ return 0; } -void sd_read_value(int fd,void* data){ - if (read(fd,data,1) == -1) - PISA_ERROR("Error reading from file <%s>: %s\n", - IP4_FOWARD_FILENAME, - strerror(errno)); -} - -void sd_write_value(int fd,void* data){ - if (write(fd,(const char*)data,1) == -1) - PISA_ERROR("Error writing to file <%s>: %s\n", - IP4_FOWARD_FILENAME, - strerror(errno)); -} - - - -static int sd_do_with_fd_from_filename(void (*callback)(int fd, void* data), - void* data,const char* filename,int open_flags){ - int fd=0; - - fd=open(filename,open_flags); - - if (fd == -1){ - PISA_ERROR("Error opening file <%s>: %s\n",filename,strerror(errno)); - return 0; - }else{ - - callback(fd,data); - if (close(fd) == -1){ - PISA_ERROR("Error closing file <%s>: %s\n",filename,strerror(errno)); - return 0; - } else - return 1; - } -} - - /** * Initialize the basic settings before starting the main loop. */ @@ -202,20 +160,6 @@ sd_ctx.natlist = pisa_nat_init(); - { - char value=-1; - sd_do_with_fd_from_filename(sd_read_value,&value, - IP4_FOWARD_FILENAME,O_RDONLY); - value-='0'; /* ASCII to internal representation */ - - if(value==0){ /* 0 == NAT not enabled */ - if(sd_do_with_fd_from_filename(sd_write_value,"1", - IP4_FOWARD_FILENAME,O_WRONLY)) - sd_ctx.disable_ip4_forward=1; - - } - - } /* Setup configuration file. * This is needed before any sdconf_read_*() operations. */ @@ -237,12 +181,12 @@ sd_ctx.fd_pstuns = setup_listen_sock_udp(AF_INET6, sd_cfg.port_pstun); sd_ctx.fd_pisaconf = pisa_conf_open_server_socket(PISA_CONF_PORT_SD); - /* Enable nat if this process is a relay server */ - /* TODO this is a horrible way to set up NAT. From a security point of - * view calls to system are evil, and even more so if we just pass a - * user-supplied string -- Thomas */ + /* Enable NAT if this process is a relay server */ if (sd_cfg.is_relay == 1) - system(sd_cfg.nat_up); + pisa_sdnat_start(); + + /* Enable IPv4 forwarding */ + pisa_forwarding_start(); /* Initialize Logfile */ #ifdef CONFIG_PISA_LOGGING @@ -304,11 +248,8 @@ pisa_conmgr_cleanup(&sd_ctx.conlist, sd_ctx.natlist); pisa_nat_destroy(sd_ctx.natlist); - /* TODO this is a horrible way to set up NAT. From a security point of - * view calls to system are evil, and even more so if we just pass a - * user-supplied string -- Thomas */ if (sd_cfg.is_relay == 1) - system(sd_cfg.nat_down); + pisa_sdnat_stop(); sdctx_destroy(&sd_ctx); sdconf_destroy(&sd_cfg); @@ -322,13 +263,8 @@ close(sd_ctx.tunnel); close(sd_ctx.fd_pisaconf); - /* disable ip forwarding */ - if (sd_ctx.disable_ip4_forward==1){ - PISA_DEBUG(PL_NAT,"Disabling ip_forwarding.\n"); - if(sd_do_with_fd_from_filename(sd_write_value,"0", - IP4_FOWARD_FILENAME,O_WRONLY)) - sd_ctx.disable_ip4_forward=0; - } + /* Disable IPv4 forwarding */ + pisa_forwarding_stop(); /* TODO clear iptables (at least/most from nat stuff) */ Copied and modified: trunk/pisasd/sdnat.c (from r1079, trunk/pisasd/sdmain.c) ============================================================================== --- trunk/pisasd/sdmain.c Fri Oct 9 14:25:12 2009 (r1079, copy source) +++ trunk/pisasd/sdnat.c Fri Oct 9 15:02:20 2009 (r1080) @@ -1,71 +1,23 @@ /* - * Copyright (c) 2008, Distributed Systems Group, RWTH Aachen + * Copyright (c) 2009, Distributed Systems Group, RWTH Aachen * All rights reserved. */ /** - * @file sdmain.c - * @brief Implementations of the PISA server daemon. - * @author Dongsu Park <dpark1978@xxxxxxxxx> - * @date Jan. 2009 + * @file sdnat.c + * @brief NAT and forwaring functions of the PISA server daemon. + * @author Thomas Jansen <mithi@xxxxxxxxx> + * @date Oct. 2009 */ +#include <unistd.h> #include <stdio.h> - -#include <signal.h> -#include <getopt.h> -#include <sys/utsname.h> - -#include <sys/types.h> -#include <sys/stat.h> #include <fcntl.h> -#include <errno.h> -#include <unistd.h> - -#include "config.h" -#include "buffer.h" -#include "socket.h" -#include "tunnel.h" -#include "util.h" +#include "debug.h" -#include "sdconf.h" #include "sdctx.h" -#include "sdderegister.h" -#include "sdheartbeat.h" -#include "sdmsg.h" -#include "sdregister.h" -#include "sdtun.h" -#include "ctrlhandler.h" -#include "pisaconf.h" - -#ifdef CONFIG_PISA_LOGGING -# include "log.h" -#endif - -#ifdef CONFIG_PISA_PERFORMANCE -# include "pisaperf.h" -#endif - -#define OPTS "f:i:p:q:r:a:Vbdvh" - -/** - * A set of options, including each long option and single-letter option - */ - -static const struct option sd_longopts[] = { - {"config", required_argument, NULL, 'f'}, - {"interface", required_argument, NULL, 'i'}, - {"ctrlport", required_argument, NULL, 'p'}, - {"dataport", required_argument, NULL, 'q'}, - {"skipverify", no_argument, NULL, 'V'}, - {"background", no_argument, NULL, 'b'}, - {"debug", no_argument, NULL, 'd'}, - {"version", no_argument, NULL, 'v'}, - {"help", no_argument, NULL, 'h'}, - {"authorized_config", required_argument, NULL, 'a'}, - {NULL, 0, NULL, '\0'} -}; +#include "sdconf.h" /** * Path to pseudo interface file in the Linux procfs. @@ -73,56 +25,6 @@ */ #define IP4_FOWARD_FILENAME "/proc/sys/net/ipv4/ip_forward" -/** - * A set of pointers to packet handling functions - */ -pisa_packet_handle_func_set pisasd_packet_handle_func_set; - -extern char authorized_cfg_file[MAX_PATH+1]; - -extern pisa_conf_handle_func_set conf_handle_func_set; - -/** - * Prototype declarations of functions. - */ -static void sd_init(int argc, char *argv[]); -static void sd_deinit(void); -static inline void sd_do_main(void); - -static void sd_get_cmdargs(int argc, char **argv); -static void sd_print_usage(char **argv); -static void sd_print_version(void); -static void sd_reload_confs(pisa_conf_packet *p); -static void sd_quit(int quitcode); -static void sd_handle_sigalarm(int sigcode); -#ifdef REMOVE_PREAUTH_CODE -static void sd_start_alarm(void); -#endif /* REMOVE_PREAUTH_CODE */ - -static void sd_perf_init(void); -static void sd_perf_destroy(void); - -extern void sdctx_init(); /* in sdctx.c */ - -/** - * The main function of this server daemon. - * - * @param argc number of command arguments - * @param argv pointer to the array of command arguments - */ -int main(int argc, char *argv[]) -{ - /* Initialize basic settings */ - sd_init(argc, argv); - - /* get into the main loop */ - sd_do_main(); - - sd_deinit(); - - return 0; -} - void sd_read_value(int fd,void* data){ if (read(fd,data,1) == -1) PISA_ERROR("Error reading from file <%s>: %s\n", @@ -137,9 +39,7 @@ strerror(errno)); } - - -static int sd_do_with_fd_from_filename(void (*callback)(int fd, void* data), +int sd_do_with_fd_from_filename(void (*callback)(int fd, void* data), void* data,const char* filename,int open_flags){ int fd=0; @@ -159,519 +59,48 @@ } } - -/** - * Initialize the basic settings before starting the main loop. - */ -static void sd_init(int argc, char *argv[]) +void pisa_forwarding_start(void) { - struct in_addr netmask; - - /* Set signal handler for each signal */ - signal(SIGTERM, sd_quit); - signal(SIGINT, sd_quit); - signal(SIGQUIT, sd_quit); - signal(SIGILL, sd_quit); - signal(SIGPIPE, SIG_IGN); - signal(SIGBUS, sd_quit); - signal(SIGALRM, sd_handle_sigalarm); - - /* Set default values in context and config */ - sdctx_init(&sd_ctx); - sdconf_init(&sd_cfg); - - /* Receive and parse command line arguments. - * Note that command line args must be obtained before calling any - * sdconf_* operations except for sdconf_init. */ - sd_get_cmdargs(argc, argv); - - if (pisa_make_hipd_run() < 0) { - /* TODO: is there any other ways than stopping here? */ - PISA_ERROR("hipd cannot be executed. stop.\n"); - exit(EXIT_FAILURE); - } - - sd_perf_init(); - - /* set the default or command line specified debug level */ - sdconf_set_debuglevel(&sd_cfg); + char value=-1; + sd_do_with_fd_from_filename(sd_read_value,&value, + IP4_FOWARD_FILENAME,O_RDONLY); + value-='0'; /* ASCII to internal representation */ - /* daemonize pisasd when running background mode */ - if (sd_ctx.is_bgrun) - pisa_daemonize(); + if(value==0){ /* 0 == NAT not enabled */ + if(sd_do_with_fd_from_filename(sd_write_value,"1", + IP4_FOWARD_FILENAME,O_WRONLY)) + sd_ctx.disable_ip4_forward=1; - sd_ctx.natlist = pisa_nat_init(); + } - { - char value=-1; - sd_do_with_fd_from_filename(sd_read_value,&value, - IP4_FOWARD_FILENAME,O_RDONLY); - value-='0'; /* ASCII to internal representation */ - - if(value==0){ /* 0 == NAT not enabled */ - if(sd_do_with_fd_from_filename(sd_write_value,"1", - IP4_FOWARD_FILENAME,O_WRONLY)) - sd_ctx.disable_ip4_forward=1; - - } - - } - /* Setup configuration file. - * This is needed before any sdconf_read_*() operations. - */ - sdconf_setup_conffile(&sd_cfg); -// Use this line to use seperate authorized_hosts.cfg config file for allowed_hosts: -// sdconf_setup_authorized_hosts_conffile(); -// Or this line to use the pisasd.cfg as before: - pisa_cfg_authorized_hosts_setup_file(sd_cfg.conffile); - - /* Read several configuration from pisasd.conf. */ - sdconf_read_basic_confs(&sd_cfg); - - sdconf_set_debuglevel(&sd_cfg); - - /* Make default sockets */ - sd_ctx.tunc = pisa_tunnel_open_socket(sd_cfg.port_control); - sd_ctx.tund = pisa_tunnel_open_socket(sd_cfg.port_data); - sd_ctx.fd_pstunc = setup_sock_udp(AF_INET6); - sd_ctx.fd_pstuns = setup_listen_sock_udp(AF_INET6, sd_cfg.port_pstun); - sd_ctx.fd_pisaconf = pisa_conf_open_server_socket(PISA_CONF_PORT_SD); - - /* Enable nat if this process is a relay server */ - /* TODO this is a horrible way to set up NAT. From a security point of - * view calls to system are evil, and even more so if we just pass a - * user-supplied string -- Thomas */ - if (sd_cfg.is_relay == 1) - system(sd_cfg.nat_up); - - /* Initialize Logfile */ -#ifdef CONFIG_PISA_LOGGING - if(!init_log(LOG_FILE)) - PISA_ERROR("Error opening logfile: " LOG_FILE "\n"); -#endif - - /* Get neighbor routers, at the moment just reading them from conf file. - * TODO: make some fancy way to determine neighbors... */ - sdctx_get_neighbors(); - - pisasd_packet_handle_func_set.handle_nereq = pisasd_handle_nereq; - pisasd_packet_handle_func_set.handle_neres = pisasd_handle_neres; - pisasd_packet_handle_func_set.handle_pareq = pisasd_handle_pareq; - pisasd_packet_handle_func_set.handle_pares = pisasd_handle_pares; - pisasd_packet_handle_func_set.handle_bureq = pisasd_handle_bureq; - pisasd_packet_handle_func_set.handle_bures = pisasd_handle_bures; - pisasd_packet_handle_func_set.handle_vrfyreq1 = pisasd_handle_vrfyreq1; - pisasd_packet_handle_func_set.handle_vrfyres1 = pisasd_handle_vrfyres1; - pisasd_packet_handle_func_set.handle_vrfyreq2 = pisasd_handle_vrfyreq2; - pisasd_packet_handle_func_set.handle_vrfyres2 = pisasd_handle_vrfyres2; - - /* set handlers for tunnel control packet types */ - pisa_ctrlhandler_set(&sd_ctx.ctrlhandlers, PISA_PKTTYPE_TUN_DATA, pisa_recv_data); - pisa_ctrlhandler_set(&sd_ctx.ctrlhandlers, PISA_PKTTYPE_TUN_REGISTER, pisa_recv_register); - pisa_ctrlhandler_set(&sd_ctx.ctrlhandlers, PISA_PKTTYPE_TUN_HEARTBEAT, pisa_recv_heartbeat); - pisa_ctrlhandler_set(&sd_ctx.ctrlhandlers, PISA_PKTTYPE_TUN_DEREGISTER, pisa_recv_deregister); - - /* set handlers for config requests */ - memset(&conf_handle_func_set, 0, sizeof(conf_handle_func_set)); - conf_handle_func_set.reload_conf = sd_reload_confs; - conf_handle_func_set.debuglevel = pisa_conf_cb_debuglevel; - conf_handle_func_set.debugmask = pisa_conf_cb_debugmask; - -#ifdef REMOVE_PREAUTH_CODE - /* set the default alarm */ - sd_start_alarm(); -#endif - - sd_ctx.conlist = pisa_conmgr_init(NULL); - - /* create the tunnel device and assign an IP address */ - inet_pton(AF_INET, "255.255.255.0", &netmask); - sd_ctx.tunnel = pisa_tunnel_open_tundev(sd_ctx.fd_pisa_tunnel_name, IFNAMSIZ); - pisa_tunnel_configure_main(sd_ctx.fd_pisa_tunnel_name, &sd_cfg.ipaddr, &netmask, MTU_TUN); } -/** - * Destroy the basic settings after finishing the main loop. - */ -static void sd_deinit(void) +void pisa_forwarding_stop(void) { - PISA_INFO("\nShutting down...\n"); - - pisa_tunnel_remove_firewall_rules(sd_ctx.fd_pisa_tunnel_name); - - pisa_cfg_authorized_hosts_cleanup(); - pisa_ctrlhandler_cleanup(&sd_ctx.ctrlhandlers); - pisa_conmgr_cleanup(&sd_ctx.conlist, sd_ctx.natlist); - pisa_nat_destroy(sd_ctx.natlist); - - /* TODO this is a horrible way to set up NAT. From a security point of - * view calls to system are evil, and even more so if we just pass a - * user-supplied string -- Thomas */ - if (sd_cfg.is_relay == 1) - system(sd_cfg.nat_down); - - sdctx_destroy(&sd_ctx); - sdconf_destroy(&sd_cfg); - pisa_arp_cleanup(); - - /* finish all the remaining jobs */ - close(sd_ctx.tunc); - close(sd_ctx.tund); - close(sd_ctx.fd_pstunc); - close(sd_ctx.fd_pstuns); - close(sd_ctx.tunnel); - close(sd_ctx.fd_pisaconf); - - /* disable ip forwarding */ if (sd_ctx.disable_ip4_forward==1){ PISA_DEBUG(PL_NAT,"Disabling ip_forwarding.\n"); if(sd_do_with_fd_from_filename(sd_write_value,"0", IP4_FOWARD_FILENAME,O_WRONLY)) sd_ctx.disable_ip4_forward=0; } - - /* TODO clear iptables (at least/most from nat stuff) */ - -#ifdef CONFIG_PISA_LOGGING - close_log(); -#endif - - sd_perf_destroy(); } -/** - * The core loop as a server daemon. - * All message processing happens here. - * This function takes care of adding all relevant file descriptors to - * a set of file descriptors, setting up call to the select function and - * processing of all incoming and outgoing packets. - */ -static inline void sd_do_main(void) -{ - struct sockaddr_in from_addr; - - memset(&from_addr, 0, sizeof(struct sockaddr_in)); - - sd_ctx.is_sd_running = TRUE; - PISA_INFO("\nEntering main loop\n"); - - while (sd_ctx.is_sd_running) { - struct timeval select_to; - fd_set readfds; - int maxfd = 0; - - select_to.tv_sec = 1; - select_to.tv_usec = 0; - - pisa_sd_timeout_collect(); - - /* Add all sockets to the read set */ - FD_ZERO(&readfds); - FD_SET(sd_ctx.tunc, &readfds); - FD_SET(sd_ctx.tund, &readfds); -#ifdef REMOVE_PREAUTH_CODE - FD_SET(sd_ctx.fd_pstunc, &readfds); /* TODO: why is this here? it's not used below -- Thomas */ - FD_SET(sd_ctx.fd_pstuns, &readfds); -#endif /* REMOVE_PREAUTH_CODE */ - FD_SET(sd_ctx.tunnel, &readfds); - FD_SET(sd_ctx.fd_pisaconf,&readfds); - -#ifdef REMOVE_PREAUTH_CODE - maxfd = 1 + pisa_maxof(6, sd_ctx.tunc, sd_ctx.tund, - sd_ctx.fd_pstunc, sd_ctx.fd_pstuns, - sd_ctx.tunnel,sd_ctx.tunnel); -#else - maxfd = 1 + pisa_maxof(4, sd_ctx.tunc, sd_ctx.tund, - sd_ctx.tunnel,sd_ctx.tunnel); -#endif /* REMOVE_PREAUTH_CODE */ - - if (select(maxfd + 1, &readfds, NULL, NULL, &select_to) > 0) { - if (FD_ISSET(sd_ctx.tunc, &readfds)) - pisa_ctrlhandler_dispatch(&sd_ctx.ctrlhandlers, sd_ctx.tunc); - - if (FD_ISSET(sd_ctx.tund, &readfds)) - pisa_sd_copy_from_sock_to_tun(); - -#ifdef REMOVE_PREAUTH_CODE - if (FD_ISSET(sd_ctx.fd_pstuns, &readfds)) - pisa_message_pstun(sd_ctx.fd_pstuns); -#endif /* REMOVE_PREAUTH_CODE */ - - if (FD_ISSET(sd_ctx.tunnel, &readfds)) - pisa_sd_copy_from_tun_to_sock(); - - if (FD_ISSET(sd_ctx.fd_pisaconf, &readfds)) - pisa_conf_handle_packet(sd_ctx.fd_pisaconf); - } - -#ifdef REMOVE_PREAUTH_CODE - sd_start_alarm(); -#endif /* REMOVE_PREAUTH_CODE */ - } -} +/* TODO this is a horrible way to set up NAT. From a security point of + * view calls to system are evil, and even more so if we just pass a + * user-supplied string -- Thomas */ /** - * Get command line arguments and parse them. - * - * @param argc number of command arguments - * @param argv pointer to the array of command arguments + * Start the NAT for our router. We need to masquerade all outgoing traffic. */ -static void sd_get_cmdargs(int argc, char **argv) +void pisa_sdnat_start(void) { - int c = 0; - int option_index = 0; - - while ((c = getopt_long(argc, argv, OPTS, sd_longopts, &option_index)) != -1) { - switch (c) { - - case 'f': - PISA_STRNCPY(sd_cfg.conffile, optarg, sizeof(sd_cfg.conffile)); - break; - - case 'a': - PISA_STRNCPY(authorized_cfg_file,optarg,sizeof(authorized_cfg_file)); - break; - - case 'i': - PISA_STRNCPY(sd_cfg.ifname_eth, optarg, sizeof(sd_cfg.ifname_eth)); - break; - - case 'p': - sd_cfg.port_control = atoi(optarg); - break; - - case 'q': - sd_cfg.port_data = atoi(optarg); - break; - - case 'r': - sd_cfg.port_pstun = atoi(optarg); - break; - - case 'V': - sd_ctx.do_tokvrfy = FALSE; - break; - - case 'b': - sd_ctx.is_bgrun = TRUE; - break; - - case 'd': - PISA_STRNCPY(sd_cfg.debuglevel, "all", sizeof(sd_cfg.debuglevel)); - break; - - case 'v': - sd_print_version(); - break; - - case 'h': - sd_print_usage(argv); - break; - - default: - sd_print_usage(argv); - } - } - - return; -} - -/** - * static void sd_print_usage(char **argv) - * - * Print usage instructions of server daemon. - * - * @param argv pointer to the array of command arguments - */ -static void sd_print_usage(char **argv) -{ - fprintf(stderr, "USAGE:\n" - "\t%s [options]\n" - "\n" - "Options:\n" - "\t-f|--config <filename> : Use the given configuration file.\n" - "\t-a|--authorized_config <filename> : Use the given authorized_hosts configuration file.\n" - "\t-i|--interface <ifname> : Use the given name as the main ethernet interface.\n" - "\t-p|--ctrlport <port> : Give a control port number to listen for incoming connections. (default: %d)\n" - "\t-q|--dataport <port> : Give a data port number to listen for incoming connections. (default: %d)\n" - "\t-r|--pstunport <port> : Give a pseudo tunnel port number to listen for incoming connections. (default: %d)\n" - "\t-V|--skipverify : Skip token verification procedure\n" - "\t-b|--background : Run in background\n" - "\t-d|--debug : Enable Debug mode\n" - "\t-v|--version : Print the version number\n" - "\t-h|--help : display this usage\n" - "\n" - "Example:\n" - "\t%s -i eth0 --port 5001\t listen for incoming connections on eth0 on port 5001\n", - argv[0], - PISASD_DEFAULT_PORTNUM_CONTROL, - PISASD_DEFAULT_PORTNUM_DATA, - PISASD_DEFAULT_PORTNUM_PSTUN, - argv[0]); - - exit(EXIT_FAILURE); -} - -/** - * Print the version number of server daemon - */ -static void sd_print_version(void) -{ - struct utsname uts; - - fprintf(stderr, "PISA server daemon.\n" - "Copyright (C) 2009. Distributed Systems Group, RWTH Aachen University.\n"); - - fprintf(stderr, "Version: %s\n", VERSION); - - uname(&uts); - fprintf(stderr, "System: %s %s\n", uts.sysname, uts.release); - - /* Print also compile options */ - fprintf(stderr, "Compile options:\n"); - -#ifdef CONFIG_PISA_DEBUG - fprintf(stderr, " +DEBUG"); -#else - fprintf(stderr, " -DEBUG"); -#endif /* CONFIG_PISA_DEBUG */ - -#ifdef CONFIG_PISA_PREAUTH - fprintf(stderr, " +PREAUTH"); -#else - fprintf(stderr, " -PREAUTH"); -#endif /* CONFIG_PISA_PREAUTH */ - -#ifdef CONFIG_PISA_OPENWRT - fprintf(stderr, " +OPENWRT"); -#else - fprintf(stderr, " -OPENWRT"); -#endif /* CONFIG_PISA_OPENWRT */ - -#ifdef CONFIG_PISA_FORCE_SHLIB - fprintf(stderr, " +FORCE_SHLIB"); -#else - fprintf(stderr, " -FORCE_SHLIB"); -#endif /* CONFIG_PISA_FORCE_SHLIB */ - - fprintf(stderr, "\n"); - - exit(EXIT_FAILURE); -} - -/** - * Terminate PISA server daemon by receiving signal - * - * @param quitcode signal quit code - */ -static void sd_quit(int quitcode) -{ - switch (quitcode) { - case SIGTERM: - case SIGINT: - case SIGQUIT: - case SIGBUS: - PISA_DEBUG(PL_SHUTDOWN, "Quitting PISA server daemon...\n"); - sd_ctx.is_sd_running = FALSE; - break; - - case SIGILL: - case SIGPIPE: - break; - - default: - PISA_INFO("WARNING: Got an unknown signal(signum=%d).\n", quitcode); - break; - } - - /* Reinstall default handler for that signal */ - signal(quitcode, SIG_DFL); -} - -/** - * Reload configurations - * - * @param quitcode signal quit code - */ -static void sd_reload_confs(pisa_conf_packet *p) -{ - PISA_DEBUG(PL_CONFIG, "Reloading basic configurations...\n"); - - sdconf_destroy(&sd_cfg); - pisa_cfg_authorized_hosts_cleanup(); - - sdconf_setup_conffile(&sd_cfg); - sdconf_setup_authorized_hosts_conffile(); - - sdconf_read_basic_confs(&sd_cfg); -} - -/** - * This handler is executed periodically by SIGALRM. - * - * @param sigcode signal code - */ -static void sd_handle_sigalarm(int sigcode) -{ - PISA_DEBUG(PL_TIMEOUT, "sd_handle_sigalarm is called. (%d)\n", sigcode); - - /* TODO: take also care of bures_maxretry */ - - if (sd_ctx.vreqtrg_tries_count > sd_cfg.vreqtrg_maxretry) { - PISA_INFO("WARNING: reached maximum client request count. Sleeping...\n"); -/* TODO: Rewrite/remove handover/preauth code. Disabled sleep for now. - * -- Thomas - sleep(5); - */ - PISA_INFO("Resetting tries count...\n"); - sd_ctx.vreqtrg_tries_count = 0; - } - - sd_ctx.vreqtrg_tries_count++; - - sd_ctx.is_sending_bures = TRUE; - - /* read basic configurations from pisasd.conf */ - sdconf_read_basic_confs(&sd_cfg); + system(sd_cfg.nat_up); } -#ifdef REMOVE_PREAUTH_CODE /** - * Setup alarm + * Stop the NAT for our router. */ -static void sd_start_alarm(void) +void pisa_sdnat_stop(void) { - alarm(sd_cfg.vreqtrg_timeout); - _PISA_DEBUG(PL_TIMEOUT, "Starting alarm with %d seconds.\n", sd_cfg.vreqtrg_timeout); - - /* TODO: take also care of bures_timeout */ + system(sd_cfg.nat_down); } -#endif /* PREAUTH */ - -/** - * Initialize performance measurement data structure - */ -static void sd_perf_init(void) -{ -#ifdef CONFIG_PISA_PERFORMANCE - PISA_DEBUG(PL_INIT, "Creating the performance set.\n"); - pisa_perf = pisa_perf_create(PERF_MAX); - - pisa_check_and_create_dir(PISA_DIR_PERF_RESULTS, DEFAULT_CONFIG_DIR_MODE); - - pisa_perf_name(pisa_perf, PERF_TOKEN_VERIFICATION, PISA_DIR_PERF_RESULTS"/PERF_token_verification.csv"); - - pisa_perf_open(pisa_perf); -#endif -} - -/** - * Destroy performance measurement data structure - */ -static void sd_perf_destroy(void) -{ -#ifdef CONFIG_PISA_PERFORMANCE - pisa_perf_destroy(pisa_perf); -#endif -} - Added: trunk/pisasd/sdnat.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/pisasd/sdnat.h Fri Oct 9 15:02:20 2009 (r1080) @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2009, Distributed Systems Group, RWTH Aachen + * All rights reserved. + */ + +/** + * @file sdnat.h + * @brief Header NAT and forwarding functions for the PISA server daemon. + * @author Thomas Jansen <mithi@xxxxxxxxx> + * @date Oct. 2009 + */ + +#ifndef PISA_SDNAT_H +#define PISA_SDNAT_H + +void pisa_forwarding_start(void); +void pisa_forwarding_stop(void); + +void pisa_sdnat_start(void); +void pisa_sdnat_stop(void); + +#endif /* PISA_SDNAT_H */