firewall.h File Reference

Firewall update functions. More...

Go to the source code of this file.

Typedefs

typedef enum _t_fw_marks t_fw_marks

Enumerations

enum  _t_fw_marks { FW_MARK_PROBATION = 1, FW_MARK_KNOWN = 2, FW_MARK_LOCKED = 254 }

Functions

int fw_init (void)
 Initialize the firewall.
void fw_clear_authservers (void)
 Clears the authservers list.
void fw_set_authservers (void)
 Sets the authservers list.
int fw_destroy (void)
 Destroy the firewall.
int fw_allow (char *ip, char *mac, int profile)
 Allow a user through the firewall.
int fw_deny (char *ip, char *mac, int profile)
 Deny a client access through the firewall.
void fw_sync_with_authserver (void)
 Refreshes the entire client list.
char * arp_get (char *req_ip)
 Get an IP's MAC address from the ARP cache.
void icmp_ping (char *host)
 ICMP Ping an IP.
unsigned short rand16 (void)
 cheap random

Variables

int icmp_fd


Detailed Description

Firewall update functions.

Author:
Copyright (C) 2004 Philippe April <papril777@yahoo.com>

Definition in file firewall.h.


Enumeration Type Documentation

Used by fw_iptables.c

Enumerator:
FW_MARK_PROBATION  The client is in probation period and must be authenticated.

Todo:
: VERIFY THAT THIS IS ACCURATE
FW_MARK_KNOWN  The client is known to the firewall.
FW_MARK_LOCKED  The client has been locked out.

Definition at line 33 of file firewall.h.


Function Documentation

char* arp_get ( char *  req_ip  ) 

Get an IP's MAC address from the ARP cache.

Get an IP's MAC address from the ARP cache. Go through all the entries in /proc/net/arp until we find the requested IP address and return the MAC address bound to it.

Todo:
Make this function portable (using shell scripts?)

Definition at line 122 of file firewall.c.

int fw_allow ( char *  ip,
char *  mac,
int  fw_connection_state 
)

Allow a user through the firewall.

Allow a client access through the firewall by adding a rule in the firewall to MARK the user's packets with the proper rule by providing his IP and MAC address

Parameters:
ip IP address to allow
mac MAC address to allow
fw_connection_state fw_connection_state Tag
Returns:
Return code of the command

Definition at line 92 of file firewall.c.

References debug.

void fw_clear_authservers ( void   ) 

Clears the authservers list.

Remove all auth server firewall whitelist rules

Definition at line 189 of file firewall.c.

References debug.

int fw_deny ( char *  ip,
char *  mac,
int  fw_connection_state 
)

Deny a client access through the firewall.

Deny a client access through the firewall.

Parameters:
ip IP address to deny
mac MAC address to deny
fw_connection_state fw_connection_state Tag
Returns:
Return code of the command

Definition at line 107 of file firewall.c.

References debug.

int fw_destroy ( void   ) 

Destroy the firewall.

Remove the firewall rules This is used when we do a clean shutdown of WiFiDog.

Returns:
Return code of the fw.destroy script

Definition at line 209 of file firewall.c.

References debug.

int fw_init ( void   ) 

Initialize the firewall.

Initialize the firewall rules

Definition at line 153 of file firewall.c.

References client_get_first_client(), debug, _t_client::fw_connection_state, _t_client::ip, _t_client::mac, and _t_client::next.

void fw_set_authservers ( void   ) 

Sets the authservers list.

Add the necessary firewall rules to whitelist the authservers

Definition at line 198 of file firewall.c.

References debug.

void fw_sync_with_authserver ( void   ) 

Refreshes the entire client list.

Probably a misnomer, this function actually refreshes the entire client list's traffic counter, re-authenticates every client with the central server and update's the central servers traffic counters and notifies it if a client has logged-out.

Todo:
Make this function smaller and use sub-fonctions

Definition at line 224 of file firewall.c.

References AUTH_ALLOWED, AUTH_DENIED, AUTH_ERROR, auth_server_request(), s_config::auth_servers, AUTH_VALIDATION, AUTH_VALIDATION_FAILED, _t_authresponse::authcode, s_config::checkinterval, client_get_first_client(), client_list_delete(), client_list_find(), s_config::clienttimeout, config_get_config(), _t_client::counters, debug, _t_client::fw_connection_state, FW_MARK_KNOWN, FW_MARK_PROBATION, _t_counters::incoming, _t_client::ip, _t_counters::last_updated, _t_client::mac, _t_client::next, _t_counters::outgoing, REQUEST_TYPE_COUNTERS, REQUEST_TYPE_LOGOUT, and _t_client::token.

void icmp_ping ( char *  host  ) 

ICMP Ping an IP.

Definition at line 352 of file firewall.c.

References debug.

unsigned short rand16 ( void   ) 

cheap random

Definition at line 400 of file firewall.c.


Generated on Fri Sep 25 15:28:43 2009 for WifiDog by  doxygen 1.5.5