Go to the source code of this file.
Typedefs | |
typedef enum _t_fw_marks | t_fw_marks |
Enumerations | |
enum | _t_fw_marks { FW_MARK_PROBATION = 1, FW_MARK_KNOWN = 2, FW_MARK_LOCKED = 254 } |
Functions | |
int | fw_init (void) |
Initialize the firewall. | |
void | fw_clear_authservers (void) |
Clears the authservers list. | |
void | fw_set_authservers (void) |
Sets the authservers list. | |
int | fw_destroy (void) |
Destroy the firewall. | |
int | fw_allow (char *ip, char *mac, int profile) |
Allow a user through the firewall. | |
int | fw_deny (char *ip, char *mac, int profile) |
Deny a client access through the firewall. | |
void | fw_sync_with_authserver (void) |
Refreshes the entire client list. | |
char * | arp_get (char *req_ip) |
Get an IP's MAC address from the ARP cache. | |
void | icmp_ping (char *host) |
ICMP Ping an IP. | |
unsigned short | rand16 (void) |
cheap random | |
Variables | |
int | icmp_fd |
Definition in file firewall.h.
typedef enum _t_fw_marks t_fw_marks |
Used by fw_iptables.c
enum _t_fw_marks |
Used by fw_iptables.c
FW_MARK_PROBATION |
The client is in probation period and must be authenticated.
|
FW_MARK_KNOWN | The client is known to the firewall. |
FW_MARK_LOCKED | The client has been locked out. |
Definition at line 33 of file firewall.h.
char* arp_get | ( | char * | req_ip | ) |
Get an IP's MAC address from the ARP cache.
Get an IP's MAC address from the ARP cache. Go through all the entries in /proc/net/arp until we find the requested IP address and return the MAC address bound to it.
Definition at line 122 of file firewall.c.
References safe_strdup().
int fw_allow | ( | char * | ip, | |
char * | mac, | |||
int | fw_connection_state | |||
) |
Allow a user through the firewall.
Allow a client access through the firewall by adding a rule in the firewall to MARK the user's packets with the proper rule by providing his IP and MAC address
ip | IP address to allow | |
mac | MAC address to allow | |
fw_connection_state | fw_connection_state Tag |
Definition at line 92 of file firewall.c.
References debug, and FW_ACCESS_ALLOW.
void fw_clear_authservers | ( | void | ) |
Clears the authservers list.
Remove all auth server firewall whitelist rules
Definition at line 189 of file firewall.c.
References debug.
int fw_deny | ( | char * | ip, | |
char * | mac, | |||
int | fw_connection_state | |||
) |
Deny a client access through the firewall.
Deny a client access through the firewall.
ip | IP address to deny | |
mac | MAC address to deny | |
fw_connection_state | fw_connection_state Tag |
Definition at line 107 of file firewall.c.
References debug, and FW_ACCESS_DENY.
int fw_destroy | ( | void | ) |
Destroy the firewall.
Remove the firewall rules This is used when we do a clean shutdown of WiFiDog.
Definition at line 209 of file firewall.c.
int fw_init | ( | void | ) |
Initialize the firewall.
Initialize the firewall rules
Definition at line 153 of file firewall.c.
References client_get_first_client(), debug, t_client::fw_connection_state, icmp_fd, t_client::ip, LOCK_CLIENT_LIST, t_client::mac, t_client::next, restart_orig_pid, and UNLOCK_CLIENT_LIST.
void fw_set_authservers | ( | void | ) |
Sets the authservers list.
Add the necessary firewall rules to whitelist the authservers
Definition at line 198 of file firewall.c.
References debug.
void fw_sync_with_authserver | ( | void | ) |
Refreshes the entire client list.
Probably a misnomer, this function actually refreshes the entire client list's traffic counter, re-authenticates every client with the central server and update's the central servers traffic counters and notifies it if a client has logged-out.
Definition at line 224 of file firewall.c.
References AUTH_ALLOWED, AUTH_DENIED, AUTH_ERROR, auth_server_request(), s_config::auth_servers, AUTH_VALIDATION, AUTH_VALIDATION_FAILED, t_authresponse::authcode, s_config::checkinterval, client_get_first_client(), client_list_delete(), client_list_find(), s_config::clienttimeout, config, config_get_config(), t_client::counters, debug, t_client::fw_connection_state, FW_MARK_KNOWN, FW_MARK_PROBATION, t_counters::incoming, t_client::ip, t_counters::last_updated, LOCK_CLIENT_LIST, t_client::mac, t_client::next, t_counters::outgoing, REQUEST_TYPE_COUNTERS, REQUEST_TYPE_LOGOUT, safe_strdup(), t_client::token, and UNLOCK_CLIENT_LIST.
void icmp_ping | ( | char * | host | ) |
unsigned short rand16 | ( | void | ) |