firewall_service.c File Reference

File containing the implementation of the firewall service commands. More...

#include <stdbool.h>
#include <errno.h>
#include <fcntl.h>
#include <inttypes.h>
#include <libgen.h>
#include <signal.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include "../utils/allocs.h"
#include "../utils/hashmap.h"
#include "../utils/log.h"
#include "../utils/os.h"
#include "../utils/iptables.h"
#include "firewall_config.h"

Include dependency graph for firewall_service.c:

Macros
#define	IP_FORWARD_PATH   "/proc/sys/net/ipv4/ip_forward"

Functions
void	fw_free_context (struct fwctx *context)
	Frees the firewall service context. More...
int	run_firewall (struct fwctx *context)
struct fwctx *	fw_init_context (hmap_if_conn *if_mapper, hmap_vlan_conn *vlan_mapper, hmap_str_keychar *hmap_bin_paths, UT_array *config_ifinfo_array, char *nat_bridge, char *nat_interface, bool exec_firewall, char *path)
	Initialises the firewall service context. More...
int	fw_add_nat (struct fwctx *context, char *ip_addr)
	Adds NAT rule to an IP. More...
int	fw_remove_nat (struct fwctx *context, char *ip_addr)
	Removes NAT rule to an IP. More...
int	fw_add_bridge (struct fwctx *context, char *ip_addr_left, char *ip_addr_right)
	Adds bridge rule for two IPs. More...
int	fw_remove_bridge (struct fwctx *context, char *ip_addr_left, char *ip_addr_right)
	Removes bridge rule for two IPs. More...
int	fw_set_ip_forward (void)
	Set the ip forward os system param. More...

Detailed Description

File containing the implementation of the firewall service commands.

Author

Alexandru Mereacre

Date

2020

Copyright

SPDX-FileCopyrightText: © 2020 NQMCyber Ltd and edgesec contributors SPDX-License-Identifier: LGPL-3.0-or-later

Macro Definition Documentation

IP_FORWARD_PATH

#define IP_FORWARD_PATH   "/proc/sys/net/ipv4/ip_forward"

Function Documentation

fw_add_bridge()

int fw_add_bridge	(	struct fwctx *	context,
		char *	ip_addr_left,
		char *	ip_addr_right
	)

Adds bridge rule for two IPs.

Parameters

context	The firewall context
ip_addr_left	The IP address string left
ip_addr_right	The IP address string right

Returns

0 on sucess, -1 on failure

fw_add_nat()

int fw_add_nat	(	struct fwctx *	context,
		char *	ip_addr
	)

Adds NAT rule to an IP.

Parameters

context	The firewall context
ip_addr	The IP address string

Returns

0 on sucess, -1 on failure

fw_free_context()

void fw_free_context

(

struct fwctx *

context

)

Frees the firewall service context.

Parameters

context

The firewall context

fw_init_context()

struct fwctx* fw_init_context	(	hmap_if_conn *	if_mapper,
		hmap_vlan_conn *	vlan_mapper,
		hmap_str_keychar *	hmap_bin_paths,
		UT_array *	config_ifinfo_array,
		char *	nat_bridge,
		char *	nat_interface,
		bool	exec_firewall,
		char *	path
	)

Initialises the firewall service context.

Parameters

if_mapper	The WiFi subnet to interface mapper
vlan_mapper	The WiFi VLAN to interface mapper
hmap_bin_paths	The Mapper for paths to systems binaries
config_ifinfo_array	The config_ifinfo_array from struct app_config
nat_bridge	The NAT bridge name
nat_interface	The nat interface string
exec_firewall	if true runs the firewall system commands
path	The firewall bin path

Returns

struct fwctx* on success, NULL on failure

fw_remove_bridge()

int fw_remove_bridge	(	struct fwctx *	context,
		char *	ip_addr_left,
		char *	ip_addr_right
	)

Removes bridge rule for two IPs.

Parameters

context	The firewall context
ip_addr_left	The IP address string left
ip_addr_right	The IP address string right

Returns

0 on sucess, -1 on failure

fw_remove_nat()

int fw_remove_nat	(	struct fwctx *	context,
		char *	ip_addr
	)

Removes NAT rule to an IP.

Parameters

context	The firewall context
ip_addr	The IP address string

Returns

0 on sucess, -1 on failure

fw_set_ip_forward()

int fw_set_ip_forward

(

void

)

Set the ip forward os system param.

Returns

int 0 on success, -1 on failure

run_firewall()

int run_firewall

(

struct fwctx *

context

)