[pisa-src] r1080 - trunk/pisasd
- From: Thomas Jansen <mithi@xxxxxxxxx>
- To: pisa-src@xxxxxxxxxxxxx
- Date: Fri, 09 Oct 2009 15:02:20 +0200
Author: tjansen
Date: Fri Oct 9 15:02:20 2009
New Revision: 1080
Log:
Split NAT and forwarding setup into a separate file.
Added:
trunk/pisasd/sdnat.c
- copied, changed from r1079, trunk/pisasd/sdmain.c
trunk/pisasd/sdnat.h
Modified:
trunk/pisasd/Makefile.am
trunk/pisasd/sdmain.c
Modified: trunk/pisasd/Makefile.am
==============================================================================
--- trunk/pisasd/Makefile.am Fri Oct 9 14:25:12 2009 (r1079)
+++ trunk/pisasd/Makefile.am Fri Oct 9 15:02:20 2009 (r1080)
@@ -37,7 +37,8 @@
LDADD += -lm
pisasd_SOURCES = sdmain.c sdclients.c sdconf.c sdctx.c sdderegister.c \
- sdheartbeat.c sdmsg.c sdregister.c sdtun.c pisasdconf.c
+ sdheartbeat.c sdmsg.c sdregister.c sdtun.c pisasdconf.c \
+ sdnat.c
pisasdconf_SOURCES = pisaconftool.c pisasdconf.c
include_HEADERS = sdclients.h sdconf.h sdctx.h sdderegister.h sdheartbeat.h \
- sdmsg.h sdregister.h sdtun.h pisasdconf.h
+ sdmsg.h sdregister.h sdtun.h pisasdconf.h sdnat.h
Modified: trunk/pisasd/sdmain.c
==============================================================================
--- trunk/pisasd/sdmain.c Fri Oct 9 14:25:12 2009 (r1079)
+++ trunk/pisasd/sdmain.c Fri Oct 9 15:02:20 2009 (r1080)
@@ -34,6 +34,7 @@
#include "sdderegister.h"
#include "sdheartbeat.h"
#include "sdmsg.h"
+#include "sdnat.h"
#include "sdregister.h"
#include "sdtun.h"
#include "ctrlhandler.h"
@@ -68,12 +69,6 @@
};
/**
- * Path to pseudo interface file in the Linux procfs.
- * Used for NAT (not internal NAT but NAT on the server)
- */
-#define IP4_FOWARD_FILENAME "/proc/sys/net/ipv4/ip_forward"
-
-/**
* A set of pointers to packet handling functions
*/
pisa_packet_handle_func_set pisasd_packet_handle_func_set;
@@ -123,43 +118,6 @@
return 0;
}
-void sd_read_value(int fd,void* data){
- if (read(fd,data,1) == -1)
- PISA_ERROR("Error reading from file <%s>: %s\n",
- IP4_FOWARD_FILENAME,
- strerror(errno));
-}
-
-void sd_write_value(int fd,void* data){
- if (write(fd,(const char*)data,1) == -1)
- PISA_ERROR("Error writing to file <%s>: %s\n",
- IP4_FOWARD_FILENAME,
- strerror(errno));
-}
-
-
-
-static int sd_do_with_fd_from_filename(void (*callback)(int fd, void* data),
- void* data,const char* filename,int open_flags){
- int fd=0;
-
- fd=open(filename,open_flags);
-
- if (fd == -1){
- PISA_ERROR("Error opening file <%s>:
%s\n",filename,strerror(errno));
- return 0;
- }else{
-
- callback(fd,data);
- if (close(fd) == -1){
- PISA_ERROR("Error closing file <%s>:
%s\n",filename,strerror(errno));
- return 0;
- } else
- return 1;
- }
-}
-
-
/**
* Initialize the basic settings before starting the main loop.
*/
@@ -202,20 +160,6 @@
sd_ctx.natlist = pisa_nat_init();
- {
- char value=-1;
- sd_do_with_fd_from_filename(sd_read_value,&value,
-
IP4_FOWARD_FILENAME,O_RDONLY);
- value-='0'; /* ASCII to internal representation */
-
- if(value==0){ /* 0 == NAT not enabled */
- if(sd_do_with_fd_from_filename(sd_write_value,"1",
-
IP4_FOWARD_FILENAME,O_WRONLY))
- sd_ctx.disable_ip4_forward=1;
-
- }
-
- }
/* Setup configuration file.
* This is needed before any sdconf_read_*() operations.
*/
@@ -237,12 +181,12 @@
sd_ctx.fd_pstuns = setup_listen_sock_udp(AF_INET6, sd_cfg.port_pstun);
sd_ctx.fd_pisaconf = pisa_conf_open_server_socket(PISA_CONF_PORT_SD);
- /* Enable nat if this process is a relay server */
- /* TODO this is a horrible way to set up NAT. From a security point of
- * view calls to system are evil, and even more so if we just pass a
- * user-supplied string -- Thomas */
+ /* Enable NAT if this process is a relay server */
if (sd_cfg.is_relay == 1)
- system(sd_cfg.nat_up);
+ pisa_sdnat_start();
+
+ /* Enable IPv4 forwarding */
+ pisa_forwarding_start();
/* Initialize Logfile */
#ifdef CONFIG_PISA_LOGGING
@@ -304,11 +248,8 @@
pisa_conmgr_cleanup(&sd_ctx.conlist, sd_ctx.natlist);
pisa_nat_destroy(sd_ctx.natlist);
- /* TODO this is a horrible way to set up NAT. From a security point of
- * view calls to system are evil, and even more so if we just pass a
- * user-supplied string -- Thomas */
if (sd_cfg.is_relay == 1)
- system(sd_cfg.nat_down);
+ pisa_sdnat_stop();
sdctx_destroy(&sd_ctx);
sdconf_destroy(&sd_cfg);
@@ -322,13 +263,8 @@
close(sd_ctx.tunnel);
close(sd_ctx.fd_pisaconf);
- /* disable ip forwarding */
- if (sd_ctx.disable_ip4_forward==1){
- PISA_DEBUG(PL_NAT,"Disabling ip_forwarding.\n");
- if(sd_do_with_fd_from_filename(sd_write_value,"0",
- IP4_FOWARD_FILENAME,O_WRONLY))
- sd_ctx.disable_ip4_forward=0;
- }
+ /* Disable IPv4 forwarding */
+ pisa_forwarding_stop();
/* TODO clear iptables (at least/most from nat stuff) */
Copied and modified: trunk/pisasd/sdnat.c (from r1079, trunk/pisasd/sdmain.c)
==============================================================================
--- trunk/pisasd/sdmain.c Fri Oct 9 14:25:12 2009 (r1079, copy
source)
+++ trunk/pisasd/sdnat.c Fri Oct 9 15:02:20 2009 (r1080)
@@ -1,71 +1,23 @@
/*
- * Copyright (c) 2008, Distributed Systems Group, RWTH Aachen
+ * Copyright (c) 2009, Distributed Systems Group, RWTH Aachen
* All rights reserved.
*/
/**
- * @file sdmain.c
- * @brief Implementations of the PISA server daemon.
- * @author Dongsu Park <dpark1978@xxxxxxxxx>
- * @date Jan. 2009
+ * @file sdnat.c
+ * @brief NAT and forwaring functions of the PISA server daemon.
+ * @author Thomas Jansen <mithi@xxxxxxxxx>
+ * @date Oct. 2009
*/
+#include <unistd.h>
#include <stdio.h>
-
-#include <signal.h>
-#include <getopt.h>
-#include <sys/utsname.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
#include <fcntl.h>
-#include <errno.h>
-#include <unistd.h>
-
-#include "config.h"
-#include "buffer.h"
-#include "socket.h"
-#include "tunnel.h"
-#include "util.h"
+#include "debug.h"
-#include "sdconf.h"
#include "sdctx.h"
-#include "sdderegister.h"
-#include "sdheartbeat.h"
-#include "sdmsg.h"
-#include "sdregister.h"
-#include "sdtun.h"
-#include "ctrlhandler.h"
-#include "pisaconf.h"
-
-#ifdef CONFIG_PISA_LOGGING
-# include "log.h"
-#endif
-
-#ifdef CONFIG_PISA_PERFORMANCE
-# include "pisaperf.h"
-#endif
-
-#define OPTS "f:i:p:q:r:a:Vbdvh"
-
-/**
- * A set of options, including each long option and single-letter option
- */
-
-static const struct option sd_longopts[] = {
- {"config", required_argument, NULL, 'f'},
- {"interface", required_argument, NULL, 'i'},
- {"ctrlport", required_argument, NULL, 'p'},
- {"dataport", required_argument, NULL, 'q'},
- {"skipverify", no_argument, NULL, 'V'},
- {"background", no_argument, NULL, 'b'},
- {"debug", no_argument, NULL, 'd'},
- {"version", no_argument, NULL, 'v'},
- {"help", no_argument, NULL, 'h'},
- {"authorized_config", required_argument, NULL, 'a'},
- {NULL, 0, NULL, '\0'}
-};
+#include "sdconf.h"
/**
* Path to pseudo interface file in the Linux procfs.
@@ -73,56 +25,6 @@
*/
#define IP4_FOWARD_FILENAME "/proc/sys/net/ipv4/ip_forward"
-/**
- * A set of pointers to packet handling functions
- */
-pisa_packet_handle_func_set pisasd_packet_handle_func_set;
-
-extern char authorized_cfg_file[MAX_PATH+1];
-
-extern pisa_conf_handle_func_set conf_handle_func_set;
-
-/**
- * Prototype declarations of functions.
- */
-static void sd_init(int argc, char *argv[]);
-static void sd_deinit(void);
-static inline void sd_do_main(void);
-
-static void sd_get_cmdargs(int argc, char **argv);
-static void sd_print_usage(char **argv);
-static void sd_print_version(void);
-static void sd_reload_confs(pisa_conf_packet *p);
-static void sd_quit(int quitcode);
-static void sd_handle_sigalarm(int sigcode);
-#ifdef REMOVE_PREAUTH_CODE
-static void sd_start_alarm(void);
-#endif /* REMOVE_PREAUTH_CODE */
-
-static void sd_perf_init(void);
-static void sd_perf_destroy(void);
-
-extern void sdctx_init(); /* in sdctx.c */
-
-/**
- * The main function of this server daemon.
- *
- * @param argc number of command arguments
- * @param argv pointer to the array of command arguments
- */
-int main(int argc, char *argv[])
-{
- /* Initialize basic settings */
- sd_init(argc, argv);
-
- /* get into the main loop */
- sd_do_main();
-
- sd_deinit();
-
- return 0;
-}
-
void sd_read_value(int fd,void* data){
if (read(fd,data,1) == -1)
PISA_ERROR("Error reading from file <%s>: %s\n",
@@ -137,9 +39,7 @@
strerror(errno));
}
-
-
-static int sd_do_with_fd_from_filename(void (*callback)(int fd, void* data),
+int sd_do_with_fd_from_filename(void (*callback)(int fd, void* data),
void* data,const char* filename,int open_flags){
int fd=0;
@@ -159,519 +59,48 @@
}
}
-
-/**
- * Initialize the basic settings before starting the main loop.
- */
-static void sd_init(int argc, char *argv[])
+void pisa_forwarding_start(void)
{
- struct in_addr netmask;
-
- /* Set signal handler for each signal */
- signal(SIGTERM, sd_quit);
- signal(SIGINT, sd_quit);
- signal(SIGQUIT, sd_quit);
- signal(SIGILL, sd_quit);
- signal(SIGPIPE, SIG_IGN);
- signal(SIGBUS, sd_quit);
- signal(SIGALRM, sd_handle_sigalarm);
-
- /* Set default values in context and config */
- sdctx_init(&sd_ctx);
- sdconf_init(&sd_cfg);
-
- /* Receive and parse command line arguments.
- * Note that command line args must be obtained before calling any
- * sdconf_* operations except for sdconf_init. */
- sd_get_cmdargs(argc, argv);
-
- if (pisa_make_hipd_run() < 0) {
- /* TODO: is there any other ways than stopping here? */
- PISA_ERROR("hipd cannot be executed. stop.\n");
- exit(EXIT_FAILURE);
- }
-
- sd_perf_init();
-
- /* set the default or command line specified debug level */
- sdconf_set_debuglevel(&sd_cfg);
+ char value=-1;
+ sd_do_with_fd_from_filename(sd_read_value,&value,
+
IP4_FOWARD_FILENAME,O_RDONLY);
+ value-='0'; /* ASCII to internal representation */
- /* daemonize pisasd when running background mode */
- if (sd_ctx.is_bgrun)
- pisa_daemonize();
+ if(value==0){ /* 0 == NAT not enabled */
+ if(sd_do_with_fd_from_filename(sd_write_value,"1",
+
IP4_FOWARD_FILENAME,O_WRONLY))
+ sd_ctx.disable_ip4_forward=1;
- sd_ctx.natlist = pisa_nat_init();
+ }
- {
- char value=-1;
- sd_do_with_fd_from_filename(sd_read_value,&value,
-
IP4_FOWARD_FILENAME,O_RDONLY);
- value-='0'; /* ASCII to internal representation */
-
- if(value==0){ /* 0 == NAT not enabled */
- if(sd_do_with_fd_from_filename(sd_write_value,"1",
-
IP4_FOWARD_FILENAME,O_WRONLY))
- sd_ctx.disable_ip4_forward=1;
-
- }
-
- }
- /* Setup configuration file.
- * This is needed before any sdconf_read_*() operations.
- */
- sdconf_setup_conffile(&sd_cfg);
-// Use this line to use seperate authorized_hosts.cfg config file for
allowed_hosts:
-// sdconf_setup_authorized_hosts_conffile();
-// Or this line to use the pisasd.cfg as before:
- pisa_cfg_authorized_hosts_setup_file(sd_cfg.conffile);
-
- /* Read several configuration from pisasd.conf. */
- sdconf_read_basic_confs(&sd_cfg);
-
- sdconf_set_debuglevel(&sd_cfg);
-
- /* Make default sockets */
- sd_ctx.tunc = pisa_tunnel_open_socket(sd_cfg.port_control);
- sd_ctx.tund = pisa_tunnel_open_socket(sd_cfg.port_data);
- sd_ctx.fd_pstunc = setup_sock_udp(AF_INET6);
- sd_ctx.fd_pstuns = setup_listen_sock_udp(AF_INET6, sd_cfg.port_pstun);
- sd_ctx.fd_pisaconf = pisa_conf_open_server_socket(PISA_CONF_PORT_SD);
-
- /* Enable nat if this process is a relay server */
- /* TODO this is a horrible way to set up NAT. From a security point of
- * view calls to system are evil, and even more so if we just pass a
- * user-supplied string -- Thomas */
- if (sd_cfg.is_relay == 1)
- system(sd_cfg.nat_up);
-
- /* Initialize Logfile */
-#ifdef CONFIG_PISA_LOGGING
- if(!init_log(LOG_FILE))
- PISA_ERROR("Error opening logfile: " LOG_FILE "\n");
-#endif
-
- /* Get neighbor routers, at the moment just reading them from conf file.
- * TODO: make some fancy way to determine neighbors... */
- sdctx_get_neighbors();
-
- pisasd_packet_handle_func_set.handle_nereq = pisasd_handle_nereq;
- pisasd_packet_handle_func_set.handle_neres = pisasd_handle_neres;
- pisasd_packet_handle_func_set.handle_pareq = pisasd_handle_pareq;
- pisasd_packet_handle_func_set.handle_pares = pisasd_handle_pares;
- pisasd_packet_handle_func_set.handle_bureq = pisasd_handle_bureq;
- pisasd_packet_handle_func_set.handle_bures = pisasd_handle_bures;
- pisasd_packet_handle_func_set.handle_vrfyreq1 = pisasd_handle_vrfyreq1;
- pisasd_packet_handle_func_set.handle_vrfyres1 = pisasd_handle_vrfyres1;
- pisasd_packet_handle_func_set.handle_vrfyreq2 = pisasd_handle_vrfyreq2;
- pisasd_packet_handle_func_set.handle_vrfyres2 = pisasd_handle_vrfyres2;
-
- /* set handlers for tunnel control packet types */
- pisa_ctrlhandler_set(&sd_ctx.ctrlhandlers, PISA_PKTTYPE_TUN_DATA,
pisa_recv_data);
- pisa_ctrlhandler_set(&sd_ctx.ctrlhandlers, PISA_PKTTYPE_TUN_REGISTER,
pisa_recv_register);
- pisa_ctrlhandler_set(&sd_ctx.ctrlhandlers, PISA_PKTTYPE_TUN_HEARTBEAT,
pisa_recv_heartbeat);
- pisa_ctrlhandler_set(&sd_ctx.ctrlhandlers, PISA_PKTTYPE_TUN_DEREGISTER,
pisa_recv_deregister);
-
- /* set handlers for config requests */
- memset(&conf_handle_func_set, 0, sizeof(conf_handle_func_set));
- conf_handle_func_set.reload_conf = sd_reload_confs;
- conf_handle_func_set.debuglevel = pisa_conf_cb_debuglevel;
- conf_handle_func_set.debugmask = pisa_conf_cb_debugmask;
-
-#ifdef REMOVE_PREAUTH_CODE
- /* set the default alarm */
- sd_start_alarm();
-#endif
-
- sd_ctx.conlist = pisa_conmgr_init(NULL);
-
- /* create the tunnel device and assign an IP address */
- inet_pton(AF_INET, "255.255.255.0", &netmask);
- sd_ctx.tunnel = pisa_tunnel_open_tundev(sd_ctx.fd_pisa_tunnel_name,
IFNAMSIZ);
- pisa_tunnel_configure_main(sd_ctx.fd_pisa_tunnel_name, &sd_cfg.ipaddr,
&netmask, MTU_TUN);
}
-/**
- * Destroy the basic settings after finishing the main loop.
- */
-static void sd_deinit(void)
+void pisa_forwarding_stop(void)
{
- PISA_INFO("\nShutting down...\n");
-
- pisa_tunnel_remove_firewall_rules(sd_ctx.fd_pisa_tunnel_name);
-
- pisa_cfg_authorized_hosts_cleanup();
- pisa_ctrlhandler_cleanup(&sd_ctx.ctrlhandlers);
- pisa_conmgr_cleanup(&sd_ctx.conlist, sd_ctx.natlist);
- pisa_nat_destroy(sd_ctx.natlist);
-
- /* TODO this is a horrible way to set up NAT. From a security point of
- * view calls to system are evil, and even more so if we just pass a
- * user-supplied string -- Thomas */
- if (sd_cfg.is_relay == 1)
- system(sd_cfg.nat_down);
-
- sdctx_destroy(&sd_ctx);
- sdconf_destroy(&sd_cfg);
- pisa_arp_cleanup();
-
- /* finish all the remaining jobs */
- close(sd_ctx.tunc);
- close(sd_ctx.tund);
- close(sd_ctx.fd_pstunc);
- close(sd_ctx.fd_pstuns);
- close(sd_ctx.tunnel);
- close(sd_ctx.fd_pisaconf);
-
- /* disable ip forwarding */
if (sd_ctx.disable_ip4_forward==1){
PISA_DEBUG(PL_NAT,"Disabling ip_forwarding.\n");
if(sd_do_with_fd_from_filename(sd_write_value,"0",
IP4_FOWARD_FILENAME,O_WRONLY))
sd_ctx.disable_ip4_forward=0;
}
-
- /* TODO clear iptables (at least/most from nat stuff) */
-
-#ifdef CONFIG_PISA_LOGGING
- close_log();
-#endif
-
- sd_perf_destroy();
}
-/**
- * The core loop as a server daemon.
- * All message processing happens here.
- * This function takes care of adding all relevant file descriptors to
- * a set of file descriptors, setting up call to the select function and
- * processing of all incoming and outgoing packets.
- */
-static inline void sd_do_main(void)
-{
- struct sockaddr_in from_addr;
-
- memset(&from_addr, 0, sizeof(struct sockaddr_in));
-
- sd_ctx.is_sd_running = TRUE;
- PISA_INFO("\nEntering main loop\n");
-
- while (sd_ctx.is_sd_running) {
- struct timeval select_to;
- fd_set readfds;
- int maxfd = 0;
-
- select_to.tv_sec = 1;
- select_to.tv_usec = 0;
-
- pisa_sd_timeout_collect();
-
- /* Add all sockets to the read set */
- FD_ZERO(&readfds);
- FD_SET(sd_ctx.tunc, &readfds);
- FD_SET(sd_ctx.tund, &readfds);
-#ifdef REMOVE_PREAUTH_CODE
- FD_SET(sd_ctx.fd_pstunc, &readfds); /* TODO: why is this here?
it's not used below -- Thomas */
- FD_SET(sd_ctx.fd_pstuns, &readfds);
-#endif /* REMOVE_PREAUTH_CODE */
- FD_SET(sd_ctx.tunnel, &readfds);
- FD_SET(sd_ctx.fd_pisaconf,&readfds);
-
-#ifdef REMOVE_PREAUTH_CODE
- maxfd = 1 + pisa_maxof(6, sd_ctx.tunc, sd_ctx.tund,
- sd_ctx.fd_pstunc, sd_ctx.fd_pstuns,
- sd_ctx.tunnel,sd_ctx.tunnel);
-#else
- maxfd = 1 + pisa_maxof(4, sd_ctx.tunc, sd_ctx.tund,
- sd_ctx.tunnel,sd_ctx.tunnel);
-#endif /* REMOVE_PREAUTH_CODE */
-
- if (select(maxfd + 1, &readfds, NULL, NULL, &select_to) > 0) {
- if (FD_ISSET(sd_ctx.tunc, &readfds))
- pisa_ctrlhandler_dispatch(&sd_ctx.ctrlhandlers,
sd_ctx.tunc);
-
- if (FD_ISSET(sd_ctx.tund, &readfds))
- pisa_sd_copy_from_sock_to_tun();
-
-#ifdef REMOVE_PREAUTH_CODE
- if (FD_ISSET(sd_ctx.fd_pstuns, &readfds))
- pisa_message_pstun(sd_ctx.fd_pstuns);
-#endif /* REMOVE_PREAUTH_CODE */
-
- if (FD_ISSET(sd_ctx.tunnel, &readfds))
- pisa_sd_copy_from_tun_to_sock();
-
- if (FD_ISSET(sd_ctx.fd_pisaconf, &readfds))
- pisa_conf_handle_packet(sd_ctx.fd_pisaconf);
- }
-
-#ifdef REMOVE_PREAUTH_CODE
- sd_start_alarm();
-#endif /* REMOVE_PREAUTH_CODE */
- }
-}
+/* TODO this is a horrible way to set up NAT. From a security point of
+ * view calls to system are evil, and even more so if we just pass a
+ * user-supplied string -- Thomas */
/**
- * Get command line arguments and parse them.
- *
- * @param argc number of command arguments
- * @param argv pointer to the array of command arguments
+ * Start the NAT for our router. We need to masquerade all outgoing traffic.
*/
-static void sd_get_cmdargs(int argc, char **argv)
+void pisa_sdnat_start(void)
{
- int c = 0;
- int option_index = 0;
-
- while ((c = getopt_long(argc, argv, OPTS, sd_longopts, &option_index))
!= -1) {
- switch (c) {
-
- case 'f':
- PISA_STRNCPY(sd_cfg.conffile, optarg,
sizeof(sd_cfg.conffile));
- break;
-
- case 'a':
-
PISA_STRNCPY(authorized_cfg_file,optarg,sizeof(authorized_cfg_file));
- break;
-
- case 'i':
- PISA_STRNCPY(sd_cfg.ifname_eth, optarg,
sizeof(sd_cfg.ifname_eth));
- break;
-
- case 'p':
- sd_cfg.port_control = atoi(optarg);
- break;
-
- case 'q':
- sd_cfg.port_data = atoi(optarg);
- break;
-
- case 'r':
- sd_cfg.port_pstun = atoi(optarg);
- break;
-
- case 'V':
- sd_ctx.do_tokvrfy = FALSE;
- break;
-
- case 'b':
- sd_ctx.is_bgrun = TRUE;
- break;
-
- case 'd':
- PISA_STRNCPY(sd_cfg.debuglevel, "all",
sizeof(sd_cfg.debuglevel));
- break;
-
- case 'v':
- sd_print_version();
- break;
-
- case 'h':
- sd_print_usage(argv);
- break;
-
- default:
- sd_print_usage(argv);
- }
- }
-
- return;
-}
-
-/**
- * static void sd_print_usage(char **argv)
- *
- * Print usage instructions of server daemon.
- *
- * @param argv pointer to the array of command arguments
- */
-static void sd_print_usage(char **argv)
-{
- fprintf(stderr, "USAGE:\n"
- "\t%s [options]\n"
- "\n"
- "Options:\n"
- "\t-f|--config <filename> : Use the given
configuration file.\n"
- "\t-a|--authorized_config <filename> : Use the given
authorized_hosts configuration file.\n"
- "\t-i|--interface <ifname> : Use the given
name as the main ethernet interface.\n"
- "\t-p|--ctrlport <port> : Give a control
port number to listen for incoming connections. (default: %d)\n"
- "\t-q|--dataport <port> : Give a data port
number to listen for incoming connections. (default: %d)\n"
- "\t-r|--pstunport <port> : Give a pseudo
tunnel port number to listen for incoming connections. (default: %d)\n"
- "\t-V|--skipverify : Skip token
verification procedure\n"
- "\t-b|--background : Run in
background\n"
- "\t-d|--debug : Enable Debug
mode\n"
- "\t-v|--version : Print the
version number\n"
- "\t-h|--help : display this
usage\n"
- "\n"
- "Example:\n"
- "\t%s -i eth0 --port 5001\t listen for incoming
connections on eth0 on port 5001\n",
- argv[0],
- PISASD_DEFAULT_PORTNUM_CONTROL,
- PISASD_DEFAULT_PORTNUM_DATA,
- PISASD_DEFAULT_PORTNUM_PSTUN,
- argv[0]);
-
- exit(EXIT_FAILURE);
-}
-
-/**
- * Print the version number of server daemon
- */
-static void sd_print_version(void)
-{
- struct utsname uts;
-
- fprintf(stderr, "PISA server daemon.\n"
- "Copyright (C) 2009. Distributed Systems Group, RWTH
Aachen University.\n");
-
- fprintf(stderr, "Version: %s\n", VERSION);
-
- uname(&uts);
- fprintf(stderr, "System: %s %s\n", uts.sysname, uts.release);
-
- /* Print also compile options */
- fprintf(stderr, "Compile options:\n");
-
-#ifdef CONFIG_PISA_DEBUG
- fprintf(stderr, " +DEBUG");
-#else
- fprintf(stderr, " -DEBUG");
-#endif /* CONFIG_PISA_DEBUG */
-
-#ifdef CONFIG_PISA_PREAUTH
- fprintf(stderr, " +PREAUTH");
-#else
- fprintf(stderr, " -PREAUTH");
-#endif /* CONFIG_PISA_PREAUTH */
-
-#ifdef CONFIG_PISA_OPENWRT
- fprintf(stderr, " +OPENWRT");
-#else
- fprintf(stderr, " -OPENWRT");
-#endif /* CONFIG_PISA_OPENWRT */
-
-#ifdef CONFIG_PISA_FORCE_SHLIB
- fprintf(stderr, " +FORCE_SHLIB");
-#else
- fprintf(stderr, " -FORCE_SHLIB");
-#endif /* CONFIG_PISA_FORCE_SHLIB */
-
- fprintf(stderr, "\n");
-
- exit(EXIT_FAILURE);
-}
-
-/**
- * Terminate PISA server daemon by receiving signal
- *
- * @param quitcode signal quit code
- */
-static void sd_quit(int quitcode)
-{
- switch (quitcode) {
- case SIGTERM:
- case SIGINT:
- case SIGQUIT:
- case SIGBUS:
- PISA_DEBUG(PL_SHUTDOWN, "Quitting PISA server
daemon...\n");
- sd_ctx.is_sd_running = FALSE;
- break;
-
- case SIGILL:
- case SIGPIPE:
- break;
-
- default:
- PISA_INFO("WARNING: Got an unknown
signal(signum=%d).\n", quitcode);
- break;
- }
-
- /* Reinstall default handler for that signal */
- signal(quitcode, SIG_DFL);
-}
-
-/**
- * Reload configurations
- *
- * @param quitcode signal quit code
- */
-static void sd_reload_confs(pisa_conf_packet *p)
-{
- PISA_DEBUG(PL_CONFIG, "Reloading basic configurations...\n");
-
- sdconf_destroy(&sd_cfg);
- pisa_cfg_authorized_hosts_cleanup();
-
- sdconf_setup_conffile(&sd_cfg);
- sdconf_setup_authorized_hosts_conffile();
-
- sdconf_read_basic_confs(&sd_cfg);
-}
-
-/**
- * This handler is executed periodically by SIGALRM.
- *
- * @param sigcode signal code
- */
-static void sd_handle_sigalarm(int sigcode)
-{
- PISA_DEBUG(PL_TIMEOUT, "sd_handle_sigalarm is called. (%d)\n", sigcode);
-
- /* TODO: take also care of bures_maxretry */
-
- if (sd_ctx.vreqtrg_tries_count > sd_cfg.vreqtrg_maxretry) {
- PISA_INFO("WARNING: reached maximum client request count.
Sleeping...\n");
-/* TODO: Rewrite/remove handover/preauth code. Disabled sleep for now.
- * -- Thomas
- sleep(5);
- */
- PISA_INFO("Resetting tries count...\n");
- sd_ctx.vreqtrg_tries_count = 0;
- }
-
- sd_ctx.vreqtrg_tries_count++;
-
- sd_ctx.is_sending_bures = TRUE;
-
- /* read basic configurations from pisasd.conf */
- sdconf_read_basic_confs(&sd_cfg);
+ system(sd_cfg.nat_up);
}
-#ifdef REMOVE_PREAUTH_CODE
/**
- * Setup alarm
+ * Stop the NAT for our router.
*/
-static void sd_start_alarm(void)
+void pisa_sdnat_stop(void)
{
- alarm(sd_cfg.vreqtrg_timeout);
- _PISA_DEBUG(PL_TIMEOUT, "Starting alarm with %d seconds.\n",
sd_cfg.vreqtrg_timeout);
-
- /* TODO: take also care of bures_timeout */
+ system(sd_cfg.nat_down);
}
-#endif /* PREAUTH */
-
-/**
- * Initialize performance measurement data structure
- */
-static void sd_perf_init(void)
-{
-#ifdef CONFIG_PISA_PERFORMANCE
- PISA_DEBUG(PL_INIT, "Creating the performance set.\n");
- pisa_perf = pisa_perf_create(PERF_MAX);
-
- pisa_check_and_create_dir(PISA_DIR_PERF_RESULTS,
DEFAULT_CONFIG_DIR_MODE);
-
- pisa_perf_name(pisa_perf, PERF_TOKEN_VERIFICATION,
PISA_DIR_PERF_RESULTS"/PERF_token_verification.csv");
-
- pisa_perf_open(pisa_perf);
-#endif
-}
-
-/**
- * Destroy performance measurement data structure
- */
-static void sd_perf_destroy(void)
-{
-#ifdef CONFIG_PISA_PERFORMANCE
- pisa_perf_destroy(pisa_perf);
-#endif
-}
-
Added: trunk/pisasd/sdnat.h
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/pisasd/sdnat.h Fri Oct 9 15:02:20 2009 (r1080)
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2009, Distributed Systems Group, RWTH Aachen
+ * All rights reserved.
+ */
+
+/**
+ * @file sdnat.h
+ * @brief Header NAT and forwarding functions for the PISA server daemon.
+ * @author Thomas Jansen <mithi@xxxxxxxxx>
+ * @date Oct. 2009
+ */
+
+#ifndef PISA_SDNAT_H
+#define PISA_SDNAT_H
+
+void pisa_forwarding_start(void);
+void pisa_forwarding_stop(void);
+
+void pisa_sdnat_start(void);
+void pisa_sdnat_stop(void);
+
+#endif /* PISA_SDNAT_H */
Other related posts:
- » [pisa-src] r1080 - trunk/pisasd - Thomas Jansen
