/* set timeout */
if((defaultSigFunc=Signal(SIGALRM, sigFunc))==SIG_ERR) return 1;
- alarm(LOCKTIMEOUT);
+ alarm(atoi(GetConfValue("LockTimeout")));
/* lock */
if(Lock(fd)<0){
if(atoi(GetConfValue("IpfwScript/Enable"))){
/********** use perl script to control firewall ************/
- if(Systeml(GetConfValue("IpfwScript/Path"),GetConfValue("IpfwPath"),
+ if(Systeml(1, GetConfValue("IpfwScript/Path"),GetConfValue("IpfwPath"),
ruleNumber4,clientAddr4,
- userid,macAddr4,userProperty,(char *)0) != 0){
+ userid,macAddr4,userProperty,
+ GetConfValue("IpfwTagNumber"),(char *)0) != 0){
err_msg("ERR at %s#%d: exec script error",__FILE__,__LINE__);
ret=1; /* abnormal */
}
}else{
/********** direct control of firewall **********************/
/********** add outgoing ipfw rule for the client *************/
- if(Systeml(GetConfValue("IpfwPath"),"-q","add",ruleNumber4,"allow","ip",
- "from",clientAddr4,"to","any",(char *)0) != 0){
+ if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber4,
+ "count","tag",GetConfValue("IpfwTagNumber"),
+ "ip","from",clientAddr4,"to","any",(char *)0) != 0){
err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
ret=1; /* abnormal */
}
Unlock(fd);
Close(fd); /* because reserved number is used */
- if(Systeml(GetConfValue("IpfwPath"),"-q","add",ruleNumber4,"allow","ip",
- "from","any","to",clientAddr4,(char *)0) != 0){
+ if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber4,
+ "count","tag",GetConfValue("IpfwTagNumber"),
+ "ip","from","any","to",clientAddr4,(char *)0) != 0){
err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
ret=1; /* abnormal */
}
if(count>0){
/* exec ipfw del */
/* [ipfw del rule] deletes all rule of the rule number at one call */
- if(Systeml(GetConfValue("IpfwPath"),"del",ruleNumber,(char *)0) != 0){
+ if(Systeml(1, GetConfValue("IpfwPath"),"delete",ruleNumber,(char *)0) != 0){
err_msg("ERR at %s#%d: exec ipfw del error",__FILE__,__LINE__);
}
}
enum status {NORMAL, ABNORMAL, FOUND, NOTFOUND, DUPLICATED};
/* exec ipfw list and open pipe */
- if((fpipe=Popenl("r", GetConfValue("IpfwPath"),"list",(char *)0)) == NULL){
+ if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",(char *)0)) == NULL){
err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__);
}
int packets,packetsSum;
/* exec proc */
- if((fpipe=Popenl("r", GetConfValue("IpfwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){
+ if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){
err_msg("ERR at %s#%d: exec ipfw -a list error",__FILE__,__LINE__);
}
int ruleCount;
/* exec proc */
- if((fpipe=Popenl("r", GetConfValue("IpfwPath"),"list",ruleNumber,(char *)0)) == NULL){
+ if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",ruleNumber,(char *)0)) == NULL){
err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__);
}
{
int ret;
- if(debug) err_msg("DEBUG:=>getRuleNumber4(%s)",clientAddr4);
+ if(debug>1) err_msg("DEBUG:=>getRuleNumber4(%s)",clientAddr4);
ret=getRuleNumber4(clientAddr4);
- if(debug) err_msg("DEBUG:(%d)<=getRuleNumber4( )",ret);
+ if(debug>1) err_msg("DEBUG:(%d)<=getRuleNumber4( )",ret);
return ret;
}
{
int ret;
- if(debug) err_msg("DEBUG:=>openClientGate4(%s,%s,%s,%s)",clientAddr4,userid,macAddr4,userProperty);
+ if(debug>1) err_msg("DEBUG:=>openClientGate4(%s,%s,%s,%s)",clientAddr4,userid,macAddr4,userProperty);
ret=openClientGate4(clientAddr4, userid, macAddr4, userProperty);
- if(debug) err_msg("DEBUG:(%d)<=openClientGate4( )",ret);
+ if(debug>1) err_msg("DEBUG:(%d)<=openClientGate4( )",ret);
return ret;
}
void CloseClientGate4(struct clientAddr *pClientAddr, char *userid, char *macAddr4)
{
- if(debug) err_msg("DEBUG:=>closeClientGate4(%p,%s,%s)",pClientAddr,userid,macAddr4);
+ if(debug>1) err_msg("DEBUG:=>closeClientGate4(%p,%s,%s)",pClientAddr,userid,macAddr4);
closeClientGate4(pClientAddr,userid,macAddr4);
- if(debug) err_msg("DEBUG:<=closeClientGate4( )");
+ if(debug>1) err_msg("DEBUG:<=closeClientGate4( )");
}
{
int ret;
- if(debug) err_msg("DEBUG:=>getPacketCount4(%s)",ruleNumber);
+ if(debug>1) err_msg("DEBUG:=>getPacketCount4(%s)",ruleNumber);
ret=getPacketCount4(ruleNumber);
- if(debug) err_msg("DEBUG:(%d)<=getPacketCount4( )",ret);
+ if(debug>1) err_msg("DEBUG:(%d)<=getPacketCount4( )",ret);
return ret;
}
void DelIpfwRule(char *ruleNumber){
- if(debug) err_msg("DEBUG:=>delIpfwRule(%s)",ruleNumber);
+ if(debug>1) err_msg("DEBUG:=>delIpfwRule(%s)",ruleNumber);
delIpfwRule(ruleNumber);
- if(debug) err_msg("DEBUG:<=delIpfwRule( )");
+ if(debug>1) err_msg("DEBUG:<=delIpfwRule( )");
}
int CountRuleNumber4(char *ruleNumber)
{
int ret;
- if(debug) err_msg("DEBUG:=>countRuleNumber4(%s)", ruleNumber);
+ if(debug>1) err_msg("DEBUG:=>countRuleNumber4(%s)", ruleNumber);
ret=countRuleNumber4(ruleNumber);
- if(debug) err_msg("DEBUG:(%d)<=countRuleNumber4( )",ret);
+ if(debug>1) err_msg("DEBUG:(%d)<=countRuleNumber4( )",ret);
return ret;
}
OSDN Git Service
