Defines | Functions

efw-iptables.c File Reference

Firewall driver for iptables. Understands how to update iptables, in other words. More...

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <pthread.h>
#include <sys/wait.h>
#include <eurephiafw_struct.h>
#include <eurephia_context.h>
#include <eurephia_nullsafe.h>
#include <eurephia_log.h>
#include <eurephiafw_helpers.h>
Include dependency graph for efw-iptables.c:

Go to the source code of this file.

Defines

#define EUREPHIA_FWINTF
#define INTERFACEVER   "1.0"
#define INTERFACEAPIVER   1

Functions

const char * eFWinterfaceVersion ()
int eFWinterfaceAPIversion ()
int process_input (eurephiaCTX *ctx, const char *fwcmd, const char *msg)
int call_iptables (eurephiaCTX *ctx, const char *fwcmd, char **ipt_args)
void eFW_RunFirewall (void *fwargs)

Detailed Description

Firewall driver for iptables. Understands how to update iptables, in other words.

Author:
David Sommerseth <dazo@users.sourceforge.net>
Date:
2008-08-10

Definition in file efw-iptables.c.

Define Documentation

#define EUREPHIA_FWINTF

Include the proper eurephiaFWINTF declaration in eurephiaCTX

Definition at line 40 of file efw-iptables.c.

#define INTERFACEAPIVER   1

Define the API level this firewall interface uses.

Definition at line 48 of file efw-iptables.c.

#define INTERFACEVER   "1.0"

The version of this firewall interface (driver)

Definition at line 47 of file efw-iptables.c.

Function Documentation

int call_iptables ( eurephiaCTX ctx,
const char *  fwcmd,
char **  ipt_args 
)

This function does the actual iptables call. It will fork out a process and do the assigned iptables command.

Parameters:
ctx eurephiaCTX - shadow context, only with pointers to log files.
fwcmd String containing full filename to the binary to execute
ipt_args The iptables arguments
Returns:
Returns 1 on success, otherwise 0. When 0 is returned, the complete firewall process will be shut down.

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Input data or processing revealed unexpected data. Log level never > 2

< Informational messages. Log level should be < 5

Definition at line 322 of file efw-iptables.c.

Here is the caller graph for this function:

void eFW_RunFirewall ( void *  fwargs  ) 

The main routine of the firewall interface. This loops until it gets a shutdown message.

Parameters:
fwargs efw_threaddata pointer, with needed information to communicate with the openvpn process.

< Maximum size of a message in the POSIX MQ queue

< Messages intended when debugging. Only for log level > 10

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Informational messages. Log level should be < 5

< Maximum size of a message in the POSIX MQ queue

< Maximum size of a message in the POSIX MQ queue

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Messages intended when debugging. Only for log level > 10

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Alias for LOG_PANIC

< Action failed an program could not continue to run. Log level always 0

< Informational messages. Log level should be < 5

Definition at line 79 of file efw-iptables.c.

Here is the call graph for this function:

int eFWinterfaceAPIversion (  ) 

Mandatory function, contains driver information.

Returns:
Retuns an integer which correponds to the API level this driver corresponds to.

< Define the API level this firewall interface uses.

Definition at line 65 of file efw-iptables.c.

const char* eFWinterfaceVersion (  ) 

Mandatory function, contains driver information.

Returns:
Retuns a static string, containing the version information.

< The version of this firewall interface (driver)

Definition at line 55 of file efw-iptables.c.

int process_input ( eurephiaCTX ctx,
const char *  fwcmd,
const char *  input 
)

Internal function. Processes firewall update messages recieved via POSIX MQ.

Parameters:
ctx eurephiaCTX - This is just a shadow context, to make logging possible
fwcmd The command to be executed, can be 'A'-add, 'D'-delete, 'F'-flush, 'B'-blacklist, 'I'-init
input Contains a string with information for the command. Format varies with command mode.
Returns:
Returns 1 on success, otherwise 0. If 0 is sent, it means the firewall process should shut down, and it should only be used in very critical situations.

< Messages intended when debugging. Only for log level > 10

< Informational messages. Log level should be < 5

< Informational messages. Log level should be < 5

< Informational messages. Log level should be < 5

< Informational messages. Log level should be < 5

< Alias for LOG_CRITICAL

< Operation failed and might have been aborted. Log level always 0

Definition at line 163 of file efw-iptables.c.

Here is the call graph for this function:

Here is the caller graph for this function:

 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines
Generated by  doxygen 1.7.1