int fd;\r
int ret=0;\r
int retNum;\r
- int ruleCount;\r
- int ruleNumber;\r
\r
Sigfunc *defaultSigFunc;\r
\r
\r
/**** prepare ****/\r
/* open lockfile */\r
- fd=Open(GetConfValue("LockFile"), O_RDWR|O_CREAT, \r
+ fd=open(GetConfValue("LockFile"), O_RDWR|O_CREAT, \r
S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);\r
+ if(fd==-1){\r
+ err_msg("ERR at %s#%d: lockfile open error",__FILE__,__LINE__);\r
+ return 1;\r
+ } \r
+\r
/* set timeout */\r
- defaultSigFunc=Signal(SIGALRM, sigFunc);\r
- alarm(LOCKTIMEOUT);\r
+ if((defaultSigFunc=Signal(SIGALRM, sigFunc))==SIG_ERR) return 1;\r
+ alarm(atoi(GetConfValue("LockTimeout")));\r
+\r
/* lock */\r
- Lock(fd);\r
+ if(Lock(fd)<0){\r
+ err_msg("ERR at %s#%d: lock error",__FILE__,__LINE__);\r
+ return 1;\r
+ }\r
+\r
/* reset timeout */\r
Signal(SIGALRM, defaultSigFunc);\r
alarm(0);\r
\r
/**** read rules ****/\r
if((retNum=GetRuleNumber6(clientAddr6))<0){\r
- if(retNum==-2){ /* ip6fw returns abnormal response */\r
- Unlock(fd);\r
- Close(fd);\r
- return 1;\r
- }else{ /* rules are full */\r
- Unlock(fd);\r
- Close(fd);\r
- return -1;\r
- }\r
+ Unlock(fd);\r
+ Close(fd);\r
+ return retNum;\r
}\r
\r
/**** write rules ****/\r
if(atoi(GetConfValue("Ip6fwScript/Enable"))){\r
/********** use perl script to control firewall ************/\r
\r
- if(Systeml(GetConfValue("Ip6fwScript/Path"),GetConfValue("Ip6fwPath"),\r
+ if(Systeml(1, GetConfValue("Ip6fwScript/Path"),GetConfValue("Ip6fwPath"),\r
ruleNumber6,clientAddr6,\r
userid,macAddr6,userProperty,(char *)0) != 0){\r
- err_quit("ERR in comm-ip6fw: exec ip6fw script");\r
- ret=1; /* abmormal */\r
+ err_msg("ERR at %s#%d: exec ip6fw script error",__FILE__,__LINE__);\r
+ ret=1; /* abmormal */\r
}\r
\r
- Unlock(fd); /* lock is not necessary in following exec */\r
+ /* lock is not necessary in following exec */\r
+ Unlock(fd);\r
Close(fd); /* because reserved number is used */\r
\r
}else{\r
/********** direct control of firewall **********************/\r
/********** add outgoing ip6fw rule for the client *************/\r
- if(Systeml(GetConfValue("Ip6fwPath"),"-q","add",ruleNumber6,"allow","all",\r
+ if(Systeml(1, GetConfValue("Ip6fwPath"),"-q","add",ruleNumber6,"allow","all",\r
"from",clientAddr6,"to","any",(char *)0) != 0){\r
- err_quit("ERR in comm-ip6fw: exec ip6fw add from addr error");\r
+ err_msg("ERR at %s#%d: exec ip6fw add error",__FILE__,__LINE__);\r
ret=1;\r
}\r
-\r
- Unlock(fd); /* lock is not necessary in following exec */\r
- Close(fd); /* because reserved number is used */\r
\r
+ /* lock is not necessary in following exec */\r
+ Unlock(fd);\r
+ Close(fd); /* because reserved number is used */\r
+\r
/********** add incoming ip6fw rule for the client *************/\r
- if(Systeml(GetConfValue("Ip6fwPath"),"-q","add",ruleNumber6,"allow","all",\r
+ if(Systeml(1, GetConfValue("Ip6fwPath"),"-q","add",ruleNumber6,"allow","all",\r
"from","any","to",clientAddr6,(char *)0) != 0){\r
- err_quit("ERR in comm-ip6fw: exec ip6fw add to addr error");\r
+ err_msg("ERR at %s#%d: exec ip6fw add error",__FILE__,__LINE__);\r
ret=1; /* abnormal */\r
}\r
}\r
double time_l;\r
int hour, min, sec;\r
time_t timeOut;\r
- int ruleCount;\r
\r
/********** del ip6fw rule for the client *************/\r
-\r
- ruleCount = CountRuleNumber(pClientAddr->ruleNumber);\r
-\r
- while(ruleCount!=0){\r
- if(Systeml(GetConfValue("Ip6fwPath"),"del",pClientAddr->ruleNumber,(char *)0) != 0){\r
- err_quit("ERR in comm-ip6fw: exec ip6fw del error");\r
- }\r
- ruleCount--;\r
- }\r
-\r
+ DelIp6fwRule(pClientAddr->ruleNumber);\r
+ \r
timeOut = time(NULL);\r
time_l=difftime(timeOut,pClientAddr->timeIn);\r
hour=time_l/60/60;\r
sec=(time_l-hour*60*60-min*60);\r
err_msg("CLOS: user %s from %s at %s ( %02d:%02d:%02d )",\r
userid, pClientAddr->ipAddr, macAddr6, hour,min,sec);\r
-\r
+ \r
return;\r
}\r
\r
+\r
+/***********************************************/\r
+/* delete ip6fw rule */\r
+/***********************************************/\r
+void delIp6fwRule(char *ruleNumber)\r
+{\r
+ int ruleCount;\r
+ int i;\r
+\r
+ /* get rule count */\r
+ ruleCount = CountRuleNumber6(ruleNumber);\r
+\r
+ /* delete rule */\r
+ /* [ip6fw del num] deletes one rule registered in the rule number */\r
+ for(i=0;i<ruleCount;i++){\r
+ if(Systeml(1, GetConfValue("Ip6fwPath"),"delete",ruleNumber,(char *)0) != 0){\r
+ /* ip6fw deletes one rule but ipfw deletes all rules for the number */\r
+ /* thus this error occurs at ipfw del. it is normal. */\r
+ /* err_msg("ERR at %s#%d: exec ip6fw del error",__FILE__,__LINE__);*/\r
+ }\r
+ }\r
+}\r
+ \r
/**************************************/\r
/* get unused ip6fw rule number */\r
/* error if addr is already in rules */ \r
int fileStatus;\r
enum status {NORMAL, ABNORMAL, FOUND, NOTFOUND, DUPLICATED};\r
\r
- if((fpipe=Popenl("r", GetConfValue("Ip6fwPath"),"list",(char *)0)) == NULL){ \r
- err_quit("ERR in comm-ip6fw: exec ip6fw list error");\r
+ if((fpipe=Popenl(1, "r", GetConfValue("Ip6fwPath"),"list",(char *)0)) == NULL){ \r
+ err_msg("ERR at %s#%d: exec ip6fw list error",__FILE__,__LINE__);\r
}\r
\r
/* search unused rule number in the list read from pipe */\r
break;\r
}\r
if( sscanf(buf, "%d", &readinNum) !=1 ){\r
- err_msg("ERR in comm-ip6fw: abnormal ip6fw response[ %s ]", buf);\r
+ err_msg("ERR at %s#%d: abnormal ip6fw response[ %s ]",\r
+ __FILE__,__LINE__,buf);\r
fileStatus=ABNORMAL; /* abnormal responsem exit internal loop */\r
break;\r
}\r
Pclose(fpipe);\r
\r
if(fileStatus==ABNORMAL){\r
- err_msg("ERR in comm-ip6fw: abnormal ip6fw response ");\r
+ err_msg("ERR at %s#%d: abnormal ip6fw response ",__FILE__,__LINE__);\r
return -2;\r
}\r
if(portStatus==NOTFOUND){\r
- err_msg("ERR in comm-ip6fw: cannot get unused ip6fw number");\r
+ err_msg("ERR at %s#%d: cannot get unused ip6fw number",__FILE__,__LINE__);\r
return -1;\r
}\r
if(portStatus==DUPLICATED){\r
- err_msg("ERR in comm-ip6fw: the ip-address is already opened");\r
return -newNum;\r
}\r
\r
int packets,packetsSum;\r
\r
/* exec proc */\r
- if((fpipe=Popenl("r", GetConfValue("Ip6fwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){ \r
- err_quit("ERR in comm-ip6fw: exec ip6fw -a list error");\r
+ if((fpipe=Popenl(1, "r", GetConfValue("Ip6fwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){ \r
+ err_msg("ERR at %s#%d: exec ip6fw -a list error",__FILE__,__LINE__);\r
return 0; /* abnormal */\r
}\r
\r
/**********************************************/\r
/* get rule count registed to a rule number */\r
/**********************************************/\r
-int countRuleNumber(char *ruleNumber)\r
+int countRuleNumber6(char *ruleNumber)\r
{\r
FILE *fpipe;\r
char buf[BUFFMAXLN];\r
int ruleCount;\r
\r
/* exec proc */\r
- if((fpipe=Popenl("r", GetConfValue("Ip6fwPath"),"list",ruleNumber,(char *)0)) == NULL){ \r
- err_quit("ERR in comm-ip6fw: exec ip6fw list error");\r
+ if((fpipe=Popenl(1, "r", GetConfValue("Ip6fwPath"),"list",ruleNumber,(char *)0)) == NULL){ \r
+ err_msg("ERR at %s#%d: exec ip6fw list error",__FILE__,__LINE__);\r
}\r
\r
/* count line read from pipe */\r
{\r
int ret;\r
\r
- if(debug) err_msg("DEBUG:=>getRuleNumber6(%s)",clientAddr6);\r
+ if(debug>1) err_msg("DEBUG:=>getRuleNumber6(%s)",clientAddr6);\r
ret=getRuleNumber6(clientAddr6);\r
- if(debug) err_msg("DEBUG:(%d)<=getRuleNumber6( )",ret);\r
+ if(debug>1) err_msg("DEBUG:(%d)<=getRuleNumber6( )",ret);\r
\r
return ret;\r
}\r
{\r
int ret;\r
\r
- if(debug) err_msg("DEBUG:=>openClientGate6(%s,%s,%s,%s)",clientAddr6,userid,macAddr6,userProperty);\r
+ if(debug>1) err_msg("DEBUG:=>openClientGate6(%s,%s,%s,%s)",clientAddr6,userid,macAddr6,userProperty);\r
ret=openClientGate6(clientAddr6, userid, macAddr6, userProperty);\r
- if(debug) err_msg("DEBUG:(%d)<=openClientGate6( )",ret);\r
+ if(debug>1) err_msg("DEBUG:(%d)<=openClientGate6( )",ret);\r
\r
return ret;\r
}\r
\r
void CloseClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6)\r
{\r
- if(debug) err_msg("DEBUG:=>closeClientGate6(%p,%s,%s)",pClientAddr,userid,macAddr6);\r
+ if(debug>1) err_msg("DEBUG:=>closeClientGate6(%p,%s,%s)",pClientAddr,userid,macAddr6);\r
closeClientGate6(pClientAddr,userid,macAddr6);\r
- if(debug) err_msg("DEBUG:<=closeClientGate6( )");\r
+ if(debug>1) err_msg("DEBUG:<=closeClientGate6( )");\r
}\r
\r
int GetPacketCount6(char *ruleNumber)\r
{\r
int ret;\r
\r
- if(debug) err_msg("DEBUG:=>getPacketCount6(%s)",ruleNumber);\r
+ if(debug>1) err_msg("DEBUG:=>getPacketCount6(%s)",ruleNumber);\r
ret=getPacketCount6(ruleNumber);\r
- if(debug) err_msg("DEBUG:(%d)<=getPacketCount6( )",ret);\r
+ if(debug>1) err_msg("DEBUG:(%d)<=getPacketCount6( )",ret);\r
\r
return ret;\r
}\r
\r
-int CountRuleNumber(char *ruleNumber)\r
+int CountRuleNumber6(char *ruleNumber)\r
{\r
int ret;\r
-\r
- if(debug) err_msg("DEBUG:=>countRuleNumber(%s)", ruleNumber);\r
- ret=countRuleNumber(ruleNumber);\r
- if(debug) err_msg("DEBUG:(%d)<=countRuleNumber( )",ret);\r
-\r
+ \r
+ if(debug>1) err_msg("DEBUG:=>countRuleNumber6(%s)", ruleNumber);\r
+ ret=countRuleNumber6(ruleNumber);\r
+ if(debug>1) err_msg("DEBUG:(%d)<=countRuleNumber6( )",ret);\r
+ \r
return ret;\r
}\r
+\r
+void DelIp6fwRule(char *ruleNumber){\r
+ if(debug>1) err_msg("DEBUG:=>delIp6fwRule(%s)",ruleNumber);\r
+ delIp6fwRule(ruleNumber);\r
+ if(debug>1) err_msg("DEBUG:<=delIp6fwRule( )");\r
+}\r