netadm-devel Mailing List for netadm (Page 5)
Status: Beta
Brought to you by:
linuxpark
Menu
▾
▴
netadm-devel — mailling list for netadm developers
You can subscribe to this list here.
| 2006 |
Jan
(4) |
Feb
(78) |
Mar
(70) |
Apr
(32) |
May
(28) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: linuxpark <lin...@us...> - 2006-03-06 14:16:12
|
Update of /cvsroot/netadm/gwc/gwclib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12384/gwclib Modified Files: confproc.c confutil.c linklist.c sysutil.c Log Message: ADD: Almost all is being finished in user layer for supporting more detailed pf rule. Except packet filter layer ("apply" function & ioctl & pf.c) FIX: policy cache concerned problem was fixed. ADD: cache lock FIX: socket error (it was stemed from wrong fd) Index: linklist.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/linklist.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** linklist.c 30 Jan 2006 17:41:28 -0000 1.1.1.1 --- linklist.c 6 Mar 2006 14:16:05 -0000 1.2 *************** *** 90,94 **** XFREE(MTYPE_LINK_NODE, node); } ! /* Add new data to the list. */ void --- 90,94 ---- XFREE(MTYPE_LINK_NODE, node); } ! /* Add new data to the list. */ void Index: sysutil.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/sysutil.c,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** sysutil.c 5 Mar 2006 01:11:00 -0000 1.3 --- sysutil.c 6 Mar 2006 14:16:05 -0000 1.4 *************** *** 792,796 **** char *p; char addr[OL*2]; - int len; int quit = 0; int i = 0; --- 792,795 ---- Index: confutil.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confutil.c,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** confutil.c 6 Mar 2006 04:23:56 -0000 1.5 --- confutil.c 6 Mar 2006 14:16:05 -0000 1.6 *************** *** 65,69 **** char *name = (char *)arg; - out ("\n"); for ( i = 0 ; i < csm->fc_net_cnt; i++) { if ( !strcmp (csm->fc_net[i].name, name)) { --- 65,68 ---- *************** *** 87,91 **** char *name = (char *)arg; - out ("\n"); for ( i = 0 ; i < csm->fc_svc_cnt; i++) { if ( !strcmp (csm->fc_svc[i].name, name)) { --- 86,89 ---- *************** *** 110,114 **** char *name = (char *)arg; - out ("\n"); for ( i = 0 ; i < csm->fc_fw_cnt; i++) { if ( !strcmp (csm->fc_fw[i].name, name)) { --- 108,111 ---- *************** *** 134,138 **** for ( i = 0 ; i < csm->fc_pol_cnt; i++) { - out ("%d, csm->fc_pol[%d].name: %s\n", i, i, csm->fc_pol[i].name); if (!strcmp (csm->fc_pol[i].name, name)) { --- 131,134 ---- *************** *** 140,144 **** fr->ret = RET_OK; - out ("found: %s\n", csm->fc_pol[i].name); return &csm->fc_pol[i]; } --- 136,139 ---- *************** *** 175,179 **** fc_fw_t *fw ) { - out ("\n"); strcpy (c->polname, p->name); strcpy (c->msg.indev, sn->net_if); --- 170,173 ---- *************** *** 228,231 **** --- 222,233 ---- }tmp_addr_t; + typedef struct { + fc_umsg_t *p; /* node for deleting */ + }tmp_umsg_t; + + + static void destroy_resource (void *p) { + free (p); + } /* __add_fc_ipol() * : this function add internal policy not for GUI user process but for pf module. *************** *** 262,266 **** char *polname = (char *)arg; - out ("\n"); if (!(pol = sys_ucmd_msg (_CMD_GET_FC_POL, polname, --- 264,267 ---- *************** *** 269,273 **** return NULL; - out ("success get pol\n"); if (!(snet = sys_ucmd_msg (_CMD_GET_FC_NET, pol->snet, --- 270,273 ---- *************** *** 276,280 **** return NULL; - out ("success get snet: %s\n", snet->name); if (!(dnet = sys_ucmd_msg (_CMD_GET_FC_NET, pol->dnet, --- 276,279 ---- *************** *** 283,287 **** return NULL; - out ("success get dnet: %s\n", dnet->name); if (!(ssvc = sys_ucmd_msg (_CMD_GET_FC_SVC, pol->ssvc, --- 282,285 ---- *************** *** 290,294 **** return NULL; - out ("success get ssvc: %s\n", ssvc->name); if (!(dsvc = sys_ucmd_msg (_CMD_GET_FC_SVC, pol->dsvc, --- 288,291 ---- *************** *** 297,301 **** return NULL; - out ("success get dsvc: %s\n", dsvc->name); if (!(fw = sys_ucmd_msg (_CMD_GET_FC_FW, pol->fw, --- 294,297 ---- *************** *** 304,308 **** return NULL; - out ("success get fw: %s\n", fw->name); if ( parse_iprange (snet->addr, saddr, fr) != TRUE) { return NULL; --- 300,303 ---- *************** *** 317,322 **** return NULL; } ! ! out ("before extend saddr\n"); for ( i = saddr[0]; i <= saddr[1]; i++) for ( j = saddr[2]; j <= saddr[3]; j++) --- 312,317 ---- return NULL; } ! ! saddr_list->del = destroy_resource; for ( i = saddr[0]; i <= saddr[1]; i++) for ( j = saddr[2]; j <= saddr[3]; j++) *************** *** 363,367 **** } ! out ("before extend daddr\n"); for ( i = daddr[0]; i <= daddr[1]; i++) for ( j = daddr[2]; j <= daddr[3]; j++) --- 358,362 ---- } ! daddr_list->del = destroy_resource; for ( i = daddr[0]; i <= daddr[1]; i++) for ( j = daddr[2]; j <= daddr[3]; j++) *************** *** 394,404 **** } - out ("before LIST LOOP\n"); LIST_LOOP (saddr_list, sa, SAN) { LIST_LOOP (daddr_list, da, DAN) { p = (fc_umsg_t*)malloc (sizeof (fc_umsg_t)); if (!p) { ! strcpy(fr->errmsg, "failed to alloc ipol node"); ! fr->ret = RET_EMALLOC; return NULL; } --- 389,404 ---- } LIST_LOOP (saddr_list, sa, SAN) { LIST_LOOP (daddr_list, da, DAN) { p = (fc_umsg_t*)malloc (sizeof (fc_umsg_t)); if (!p) { ! ! if (fr) { ! strcpy(fr->errmsg, "failed to alloc ipol node"); ! fr->ret = RET_EMALLOC; ! } ! list_delete_all_node (saddr_list); ! list_delete_all_node (daddr_list); ! return NULL; } *************** *** 406,410 **** --- 406,412 ---- p->msg.saddr = sa->addr; p->msg.daddr = da->addr; + LIST_LOCK (runpol_list); listnode_add (runpol_list, p); + LIST_UNLOCK (runpol_list); } } *************** *** 412,416 **** if (fr) fr->ret = RET_OK; ! return polname; } --- 414,420 ---- if (fr) fr->ret = RET_OK; ! ! list_delete_all_node (saddr_list); ! list_delete_all_node (daddr_list); return polname; } *************** *** 420,433 **** struct listnode *n; char *polname = (char *)arg; ! out (""); LIST_LOOP (runpol_list, p, n) { if (!strcmp (p->polname, polname)) { ! listnode_delete (runpol_list, p); } } ! out (""); ! fr->ret = RET_OK; return polname; } --- 424,458 ---- struct listnode *n; char *polname = (char *)arg; + list tmp_list; + void *dp; ! tmp_list = list_new (); ! if (!tmp_list) { ! strcpy(fr->errmsg, "failed to alloc tmp list"); ! ! if (fr) ! fr->ret = RET_EMALLOC; ! ! return NULL; ! } ! ! /* MUST NOT register del proc tmp_list->del = destroy_resource; */ ! ! LIST_LOCK(runpol_list); LIST_LOOP (runpol_list, p, n) { if (!strcmp (p->polname, polname)) { ! listnode_add (tmp_list, p); } } ! LIST_LOOP (tmp_list, dp, n) { ! listnode_delete (runpol_list, dp); ! } ! LIST_UNLOCK(runpol_list); ! ! if (fr) ! fr->ret = RET_OK; ! ! list_delete_all_node (tmp_list); return polname; } Index: confproc.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confproc.c,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** confproc.c 6 Mar 2006 04:23:56 -0000 1.13 --- confproc.c 6 Mar 2006 14:16:05 -0000 1.14 *************** *** 51,54 **** --- 51,55 ---- extern sm_t *csm; extern int errno; + #if 0 static inline void *************** *** 62,65 **** --- 63,67 ---- } #endif + /* * this tostab is used in both filter tos and pol mark *************** *** 127,133 **** }; - /* - * void name (int argc, char *argv[], int modify, frp_t fr) - */ void list_apinfo(int argc, char *argv[], int modify, frp_t fr) --- 129,132 ---- *************** *** 3099,3102 **** --- 3098,3118 ---- frerr(fr, fr->ret, "%s\n", fr->errmsg); return; + }else { + + if (!sys_ucmd_msg ( _CMD_ADD_FC_IPOL, + argv[0], + strlen(argv[0]), + fr) + ) { + + out ("Failed to add ipol \"%s\" (%d); %s", + argv[0], + fr->ret, + fr->errmsg != NULL ? fr->errmsg:""); + + } else { + + out ("Success to add ipol \"%s\"", argv[0]); + } } } |
|
From: linuxpark <lin...@us...> - 2006-03-06 14:16:12
|
Update of /cvsroot/netadm/gwc/gwcadmd In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12384/gwcadmd Modified Files: main.c Log Message: ADD: Almost all is being finished in user layer for supporting more detailed pf rule. Except packet filter layer ("apply" function & ioctl & pf.c) FIX: policy cache concerned problem was fixed. ADD: cache lock FIX: socket error (it was stemed from wrong fd) Index: main.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwcadmd/main.c,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** main.c 6 Mar 2006 04:23:56 -0000 1.7 --- main.c 6 Mar 2006 14:16:05 -0000 1.8 *************** *** 22,29 **** #include <pthread.h> #include <strings.h> - #ifndef _GNU_SOURCE - #define _GNU_SOURCE - #include <string.h> - #endif #include <signal.h> #include <errno.h> --- 22,25 ---- *************** *** 385,390 **** --- 381,389 ---- static int ridx[MAXSHM_RADIO]; + + #if 0 static int radio_idx[MAXSHM_RADIO]; static int radio_type[MAXSHM_RADIO]; + #endif static void *get_ifinfo(void *arg) *************** *** 624,629 **** dt = (double)Ttot / ((lv - iv) > 0 ? (lv - iv) : (iv - lv)); - dprintf("type: %d state: %d dt: %d, iv:%d, lv:%d\n", type, state, dt, iv, lv); - if (type == PWTYPE_APPLY) { while (!opendoor) ; --- 623,626 ---- *************** *** 651,658 **** } HI(); - dprintf("out while type: %d, Tremain:%d dt: %d\n", type, Tremain, dt); while (Tremain >= dt) { sys_delay(dt); - dprintf("in while type: %d, Tremain:%d dt: %d\n", type, Tremain, dt); switch (type) { case PWTYPE_CCK: --- 648,653 ---- *************** *** 666,671 **** pwvar.changed = TRUE; pthread_mutex_unlock(&autotest_mutex); ! out("Time remain: %d, dt: %d CCK Power changed :%d\n", Tremain, dt, pwvar.cck); break; case PWTYPE_OFDM: --- 661,668 ---- pwvar.changed = TRUE; pthread_mutex_unlock(&autotest_mutex); ! #if 0 ! out("Time remain: %d, dt: %d CCK Power changed :%.f\n", Tremain, dt, pwvar.cck); + #endif break; case PWTYPE_OFDM: *************** *** 679,684 **** --- 676,683 ---- pwvar.changed = TRUE; pthread_mutex_unlock(&autotest_mutex); + #if 0 out("Time remain: %d, dt: %d OFDM Power changed :%d\n", Tremain, dt, pwvar.ofdm); + #endif break; case PWTYPE_CLIENT: *************** *** 692,696 **** --- 691,697 ---- pwvar.changed = TRUE; pthread_mutex_unlock(&autotest_mutex); + #if 0 out("Time remain: %d, dt: %d Client Power changed :%d\n", Tremain, dt, pwvar.client); + #endif break; default: *************** *** 824,827 **** --- 825,829 ---- /* TODO : more info */ + LIST_LOCK (runpol_list); LIST_LOOP(runpol_list, p, n) { saddr.s_addr = p->msg.saddr; *************** *** 843,846 **** --- 845,849 ---- ); } + LIST_UNLOCK (runpol_list); fclose (fp); } *************** *** 913,917 **** if (emsg != NULL && strlen (emsg)) strcpy (ipcret->errmsg, emsg); ! //if ((iret = sys_write (fd, (void *)ipcret, sizeof (sys_ipc_ret_t), IPC_TIMEOUT)) < 0 ) { if ((iret = write (fd, (void *)ipcret, sizeof (sys_ipc_ret_t))) < 0 ) { out("write error:%s\n", strerror(errno)); --- 916,920 ---- if (emsg != NULL && strlen (emsg)) strcpy (ipcret->errmsg, emsg); ! if ((iret = write (fd, (void *)ipcret, sizeof (sys_ipc_ret_t))) < 0 ) { out("write error:%s\n", strerror(errno)); *************** *** 930,934 **** --- 933,940 ---- int c; int errflag = 0; + #ifdef USE_SYSLOG + char *cp; char ident[MINBUF]; + #endif extern char *optarg; extern int optind; *************** *** 936,940 **** int len; pthread_t pid; - char *cp; int fd; fd_set sock_set; --- 942,945 ---- *************** *** 1015,1021 **** goto EXIT; } - runpol_list->del = destory_runpol; if ((loadconf(csm, SZMASTCONF)) != RET_OK) { out("Cannot load configuration\n"); --- 1020,1026 ---- goto EXIT; } runpol_list->del = destory_runpol; + out("starting...\n"); if ((loadconf(csm, SZMASTCONF)) != RET_OK) { out("Cannot load configuration\n"); *************** *** 1036,1040 **** (void)signal(SIGCHLD, SIG_IGN); (void)signal(SIGPIPE, SIG_IGN); - out("starting...\n"); getif_info(1); --- 1041,1044 ---- *************** *** 1056,1060 **** } - if ((fd = sys_ipclisten()) < 0) { out("Failed to sys_ipclisten\n"); --- 1060,1063 ---- *************** *** 1109,1119 **** } else if (!ret) { out("timeout continue ...\n"); - /* TODO: delete me later */ - show_runpol(); continue; } else { if ( FD_ISSET(fd, &sock_set)) { - out ("get client\n"); cli_len = sizeof(cli_addr); --- 1112,1119 ---- *************** *** 1123,1127 **** continue; } - out ("success to accept client\n"); if ((ret = read(cli, (char *)ipcmsg, MAXBUF))<0 ) { --- 1123,1126 ---- *************** *** 1129,1133 **** out ("%s\n", minbuf); ! if ( send_rmsg (fd, ret, minbuf) != RET_OK ) out ("Failed to send_rmesg\n"); --- 1128,1132 ---- out ("%s\n", minbuf); ! if ( send_rmsg (cli, ret, minbuf) != RET_OK ) out ("Failed to send_rmesg\n"); *************** *** 1135,1145 **** } - out ("success to read client\n"); - switch ( ipcmsg->type ) { case IPCMTYPE_FC_ADD_IPOL: - out ("type: add pol(%s)\n", ipcmsg->data); if (!sys_ucmd_msg ( _CMD_ADD_FC_IPOL, ipcmsg->data, ipcmsg->len, fr)) { sprintf (minbuf, "Failed to add ipol \"%s\" (%d); %s", --- 1134,1141 ---- *************** *** 1147,1151 **** out ("%s\n", minbuf); ! if (send_rmsg (fd, fr->ret, minbuf) != RET_OK) out ("Failed to send_rmesg\n"); --- 1143,1147 ---- out ("%s\n", minbuf); ! if (send_rmsg (cli, fr->ret, minbuf) != RET_OK) out ("Failed to send_rmesg\n"); *************** *** 1154,1158 **** sprintf (minbuf, "Success to add ipol \"%s\"", (char *)ipcmsg->data); out ("%s\n", minbuf); ! if (send_rmsg (fd, fr->ret, minbuf) !=RET_OK) out ("Failed to send_rmesg\n"); } --- 1150,1154 ---- sprintf (minbuf, "Success to add ipol \"%s\"", (char *)ipcmsg->data); out ("%s\n", minbuf); ! if (send_rmsg (cli, fr->ret, minbuf) !=RET_OK) out ("Failed to send_rmesg\n"); } *************** *** 1160,1164 **** case IPCMTYPE_FC_DEL_IPOL: - out ("type: del pol\n"); if (!sys_ucmd_msg ( _CMD_DEL_FC_IPOL, ipcmsg->data,ipcmsg->len, fr)) { --- 1156,1159 ---- *************** *** 1167,1171 **** out ("%s\n", minbuf); ! if (send_rmsg (fd, fr->ret, minbuf)!= RET_OK) out ("Failed to send_rmesg\n"); --- 1162,1166 ---- out ("%s\n", minbuf); ! if (send_rmsg (cli, fr->ret, minbuf)!= RET_OK) out ("Failed to send_rmesg\n"); *************** *** 1175,1179 **** out ("%s\n", minbuf); ! if (send_rmsg (fd, fr->ret, minbuf)!= RET_OK) out ("Failed to send_rmesg\n"); } --- 1170,1174 ---- out ("%s\n", minbuf); ! if (send_rmsg (cli, fr->ret, minbuf)!= RET_OK) out ("Failed to send_rmesg\n"); } *************** *** 1187,1191 **** out ("%s\n", minbuf); ! if (send_rmsg (fd, fr->ret, minbuf)!= RET_OK) out ("Failed to send_rmesg\n"); --- 1182,1186 ---- out ("%s\n", minbuf); ! if (send_rmsg (cli, fr->ret, minbuf)!= RET_OK) out ("Failed to send_rmesg\n"); *************** *** 1194,1198 **** out ("%s\n", minbuf); ! if (send_rmsg (fd, fr->ret, minbuf)!= RET_OK) out ("Failed to send_rmesg\n"); --- 1189,1193 ---- out ("%s\n", minbuf); ! if (send_rmsg (cli, fr->ret, minbuf)!= RET_OK) out ("Failed to send_rmesg\n"); *************** *** 1203,1213 **** sprintf (minbuf, "Unknown message type (%d)", ipcmsg->type); out ("%s\n", minbuf); ! if (send_rmsg (fd, RET_EUNKNOWN, minbuf) != RET_OK) out ("Failed to send_rmesg\n"); ! }// end switch close(cli); ! }//if ( FD_ISSET(fd, &sock_set)) ! }//else } EXIT2: --- 1198,1208 ---- sprintf (minbuf, "Unknown message type (%d)", ipcmsg->type); out ("%s\n", minbuf); ! if (send_rmsg (cli, RET_EUNKNOWN, minbuf) != RET_OK) out ("Failed to send_rmesg\n"); ! } close(cli); ! } ! } } EXIT2: |
|
From: linuxpark <lin...@us...> - 2006-03-06 14:16:12
|
Update of /cvsroot/netadm/gwc/include In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12384/include Modified Files: linklist.h sysutil.h Log Message: ADD: Almost all is being finished in user layer for supporting more detailed pf rule. Except packet filter layer ("apply" function & ioctl & pf.c) FIX: policy cache concerned problem was fixed. ADD: cache lock FIX: socket error (it was stemed from wrong fd) Index: sysutil.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/sysutil.h,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** sysutil.h 6 Mar 2006 04:23:56 -0000 1.3 --- sysutil.h 6 Mar 2006 14:16:05 -0000 1.4 *************** *** 36,40 **** #ifdef USE_SYSLOG #define out(fmt, args...) \ ! sysl_log(SYSLI, SYSL_PROC_INFO, "[%s,%s,%d]" fmt, __FILE__, __FUNCTION__, __LINE__, ##args) #else #define out(fmt, args...) \ --- 36,40 ---- #ifdef USE_SYSLOG #define out(fmt, args...) \ ! sysl_log(SYSLI, SYSL_PROC_INFO, fmt, ##args) #else #define out(fmt, args...) \ Index: linklist.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/linklist.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** linklist.h 30 Jan 2006 17:41:29 -0000 1.1.1.1 --- linklist.h 6 Mar 2006 14:16:05 -0000 1.2 *************** *** 52,55 **** --- 52,56 ---- struct listnode *tail; unsigned int count; + int lock; int (*cmp) (void *val1, void *val2); void (*del) (void *val); *************** *** 62,65 **** --- 63,75 ---- #define getdata(X) ((X)->data) + static inline void LIST_LOCK (list lst) { + while (lst->lock); + lst->lock = 1; + } + + static inline void LIST_UNLOCK (list lst) { + lst->lock = 0; + } + /* Prototypes. */ struct list *list_new(); |
|
From: linuxpark <lin...@us...> - 2006-03-06 14:16:11
|
Update of /cvsroot/netadm/gwc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12384 Modified Files: Makefile.tmpl Log Message: ADD: Almost all is being finished in user layer for supporting more detailed pf rule. Except packet filter layer ("apply" function & ioctl & pf.c) FIX: policy cache concerned problem was fixed. ADD: cache lock FIX: socket error (it was stemed from wrong fd) Index: Makefile.tmpl =================================================================== RCS file: /cvsroot/netadm/gwc/Makefile.tmpl,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** Makefile.tmpl 31 Jan 2006 14:19:38 -0000 1.2 --- Makefile.tmpl 6 Mar 2006 14:16:04 -0000 1.3 *************** *** 21,25 **** #USR_DEBUG_LEVEL += -DUSE_IF_NETMASK #USR_DEBUG_LEVEL += -DHAVE_SOCKADDR_SA_LEN ! USR_DEBUG_LEVEL += -DDEBUG #USR_DEBUG_LEVEL += -DTC_DEBUG USR_DEBUG_LEVEL += -DUSE_SYSLOG --- 21,25 ---- #USR_DEBUG_LEVEL += -DUSE_IF_NETMASK #USR_DEBUG_LEVEL += -DHAVE_SOCKADDR_SA_LEN ! #USR_DEBUG_LEVEL += -DDEBUG #USR_DEBUG_LEVEL += -DTC_DEBUG USR_DEBUG_LEVEL += -DUSE_SYSLOG |
|
From: linuxpark <lin...@us...> - 2006-03-06 04:24:02
|
Update of /cvsroot/netadm/gwc/gwclib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25121/gwclib Modified Files: confproc.c conftab.c confutil.c Log Message: MOD: modify running policy cache managed by gwcadmd gwccli ----+----------> gwcadmd(running policy cache) ---> pf.ko | gwcguid ---+ Index: confproc.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confproc.c,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** confproc.c 5 Mar 2006 01:11:00 -0000 1.12 --- confproc.c 6 Mar 2006 04:23:56 -0000 1.13 *************** *** 50,53 **** --- 50,54 ---- extern sys_ucmd_t ucmdtab[]; extern sm_t *csm; + extern int errno; #if 0 static inline void *************** *** 2852,2855 **** --- 2853,2904 ---- } + static int send_ipcmsg ( int type, char *arg, int len, frp_t fr) { + sys_ipc_msg_t ipc_msg, *ipcmsg = &ipc_msg; + sys_ipc_ret_t ipc_ret, *ipcret = &ipc_ret; + int ret; + int fd; + + ipcmsg->type = type; + switch (type) { + case IPCMTYPE_FC_ADD_IPOL: + + case IPCMTYPE_FC_DEL_IPOL: + + ipcmsg->len = len; + strcpy ((char *)ipcmsg->data, arg); + + break; + + case IPCMTYPE_FC_APPLY_IPOL: + + ipcmsg->len = 0; + + break; + + default: + sprintf(fr->errmsg, "unknown message type \"%d\"", type); + fr->ret = RET_EUNKNOWN; + return fr->ret; + } + + if ((fd = sys_ipcconn()) < 0) { + sprintf(fr->errmsg, "Failed to connect to %s\n", SZADMD); + return fr->ret = SYS_ECONN; + } + + if ((ret = write(fd, ipcmsg, sizeof(sys_ipc_msg_t) + len)) < 0) { + sprintf(fr->errmsg, "Failed to write to %s\n", SZADMD); + return fr->ret = ret; + } + + if ((ret = read(fd, ipcret, sizeof(sys_ipc_ret_t))) < 0) { + sprintf(fr->errmsg, "Failed to write to %s: %s\n", + SZADMD, strerror(errno)); + return fr->ret = ret; + } + + return RET_OK; + } + void add_fc_pol(int argc, char *argv[], int modify, frp_t fr) *************** *** 2863,2866 **** --- 2912,2916 ---- if (argc == 8) { + if (csm->fc_pol_cnt < MAXSHM_FC_POL) { pol = &fwcpol; *************** *** 3043,3052 **** } else { ! if (!sys_ucmd_msg (_CMD_ADD_FC_IPOL, ! argv[0], ! strlen(argv[0]), ! fr)) ! frerr(fr, fr->ret,"Failed to add internal policy (%s): " ! "%s", argv[0], fr->errmsg); } } --- 3093,3103 ---- } else { ! if ( getpid() != getpidbyname("/proc", SZADMD) && ! send_ipcmsg(IPCMTYPE_FC_ADD_IPOL, argv[0], ! strlen(argv[0]), fr) != RET_OK ) ! { ! frerr(fr, fr->ret, "%s\n", fr->errmsg); ! return; ! } } } *************** *** 3070,3091 **** if (argc == 1) { ! if (!(pol = sys_ucmd_msg (_CMD_GET_FC_POL, ! argv[0], ! strlen(argv[0]), ! fr))) { ! frerr(fr, RET_ENOTFOUND, ! "[FC/policy name] \"%s\" does not exist\n", argv[0]); ! } ! #if 0 ! else { ! if ( !sys_ucmd_msg ( _CMD_DEL_FC_IPOL, ! argv[0], ! strlen(argv[0]), ! fr)) ! frerr(fr, fr->ret, "Failed to delete internal policy(%s): %s", ! argv[0], ! fr->errmsg); } - #endif if (fr->ret != RET_OK) --- 3121,3127 ---- if (argc == 1) { ! if (!(pol = sys_ucmd_msg (_CMD_GET_FC_POL, argv[0], strlen(argv[0]),fr))) { ! frerr(fr, RET_ENOTFOUND,"[FC/policy name] \"%s\" does not exist\n", argv[0]); } if (fr->ret != RET_OK) *************** *** 3101,3118 **** if (modify != CBFROM_SYSTEM) { if ((fr->ret = saveconf(csm)) != RET_OK) { ! frerr(fr, fr->ret, ! "Cannot save configuration (%d)\n", fr->ret); return; } else { ! ! if ( !sys_ucmd_msg ( _CMD_DEL_FC_IPOL, ! argv[0], ! strlen(argv[0]), ! fr)) ! frerr(fr, fr->ret, ! "Failed to delete internal policy(%s): %s", ! argv[0], ! fr->errmsg); } } --- 3137,3150 ---- if (modify != CBFROM_SYSTEM) { if ((fr->ret = saveconf(csm)) != RET_OK) { ! frerr(fr, fr->ret, "Cannot save configuration (%d)\n", fr->ret); return; } else { ! if ( send_ipcmsg(IPCMTYPE_FC_DEL_IPOL, argv[0], ! strlen(argv[0]), fr) != RET_OK ) ! { ! frerr(fr, fr->ret, "%s\n", fr->errmsg); ! return; ! } } } Index: confutil.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confutil.c,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** confutil.c 5 Mar 2006 01:11:00 -0000 1.4 --- confutil.c 6 Mar 2006 04:23:56 -0000 1.5 *************** *** 36,39 **** --- 36,40 ---- #include "confutil.h" #include "linklist.h" + #include "slog.h" #if !defined(TRUE) *************** *** 42,50 **** #endif extern sm_t *csm; #define FC_CNT(X) csm->fc_##X ##_cnt #define FC_OBJ(X, I) csm->fc_##X[I] #define FC_OBJ_NAME(X, I) csm->fc_##X[I].name ! extern sys_cmd_t cmdtab[]; extern sys_ucmd_t ucmdtab[]; --- 43,53 ---- #endif + extern list runpol_list; extern sm_t *csm; + #if 0 #define FC_CNT(X) csm->fc_##X ##_cnt #define FC_OBJ(X, I) csm->fc_##X[I] #define FC_OBJ_NAME(X, I) csm->fc_##X[I].name ! #endif extern sys_cmd_t cmdtab[]; extern sys_ucmd_t ucmdtab[]; *************** *** 62,74 **** char *name = (char *)arg; ! for ( i = 0 ; i < FC_CNT(net); i++) { ! if ( !strncmp (FC_OBJ_NAME(net, i), name, len)) { ! fr->ret = RET_OK; ! return &FC_OBJ(net, i); } } strcpy (fr->errmsg, "Can't found fc net"); ! fr->ret = RET_ENOTFOUND; return NULL; --- 65,82 ---- char *name = (char *)arg; ! out ("\n"); ! for ( i = 0 ; i < csm->fc_net_cnt; i++) { ! if ( !strcmp (csm->fc_net[i].name, name)) { ! ! if (fr) ! fr->ret = RET_OK; ! ! return &csm->fc_net[i]; } } strcpy (fr->errmsg, "Can't found fc net"); ! if (fr) ! fr->ret = RET_ENOTFOUND; return NULL; *************** *** 79,91 **** char *name = (char *)arg; ! for ( i = 0 ; i < FC_CNT(svc); i++) { ! if ( !strncmp (FC_OBJ_NAME(svc, i), name, len)) { ! fr->ret = RET_OK; ! return &FC_OBJ(svc, i); } } strcpy (fr->errmsg, "Can't found fc svc"); ! fr->ret = RET_ENOTFOUND; return NULL; } --- 87,106 ---- char *name = (char *)arg; ! out ("\n"); ! for ( i = 0 ; i < csm->fc_svc_cnt; i++) { ! if ( !strcmp (csm->fc_svc[i].name, name)) { ! ! if (fr) ! fr->ret = RET_OK; ! ! return &csm->fc_svc[i]; } } strcpy (fr->errmsg, "Can't found fc svc"); ! ! if (fr) ! fr->ret = RET_ENOTFOUND; ! return NULL; } *************** *** 95,107 **** char *name = (char *)arg; ! for ( i = 0 ; i < FC_CNT(fw); i++) { ! if ( !strncmp (FC_OBJ_NAME(fw, i), name, len)) { ! fr->ret = RET_OK; ! return &FC_OBJ(fw, i); } } strcpy (fr->errmsg, "Can't found fc fw"); ! fr->ret = RET_ENOTFOUND; return NULL; } --- 110,129 ---- char *name = (char *)arg; ! out ("\n"); ! for ( i = 0 ; i < csm->fc_fw_cnt; i++) { ! if ( !strcmp (csm->fc_fw[i].name, name)) { ! ! if (fr) ! fr->ret = RET_OK; ! ! return &csm->fc_fw[i]; } } strcpy (fr->errmsg, "Can't found fc fw"); ! ! if (fr) ! fr->ret = RET_ENOTFOUND; ! return NULL; } *************** *** 111,123 **** char *name = (char *)arg; ! for ( i = 0 ; i < FC_CNT(pol); i++) { ! if ( !strncmp (FC_OBJ_NAME(pol, i), name, len)) { ! fr->ret = RET_OK; ! return &FC_OBJ(pol, i); } } strcpy (fr->errmsg, "Can't found fc pol"); ! fr->ret = RET_ENOTFOUND; return NULL; } --- 133,153 ---- char *name = (char *)arg; ! for ( i = 0 ; i < csm->fc_pol_cnt; i++) { ! out ("%d, csm->fc_pol[%d].name: %s\n", i, i, csm->fc_pol[i].name); ! if (!strcmp (csm->fc_pol[i].name, name)) { ! ! if (fr) ! fr->ret = RET_OK; ! ! out ("found: %s\n", csm->fc_pol[i].name); ! return &csm->fc_pol[i]; } } strcpy (fr->errmsg, "Can't found fc pol"); ! ! if (fr) ! fr->ret = RET_ENOTFOUND; ! return NULL; } *************** *** 145,148 **** --- 175,179 ---- fc_fw_t *fw ) { + out ("\n"); strcpy (c->polname, p->name); strcpy (c->msg.indev, sn->net_if); *************** *** 231,234 **** --- 262,266 ---- char *polname = (char *)arg; + out ("\n"); if (!(pol = sys_ucmd_msg (_CMD_GET_FC_POL, polname, *************** *** 237,240 **** --- 269,273 ---- return NULL; + out ("success get pol\n"); if (!(snet = sys_ucmd_msg (_CMD_GET_FC_NET, pol->snet, *************** *** 243,246 **** --- 276,280 ---- return NULL; + out ("success get snet: %s\n", snet->name); if (!(dnet = sys_ucmd_msg (_CMD_GET_FC_NET, pol->dnet, *************** *** 249,252 **** --- 283,287 ---- return NULL; + out ("success get dnet: %s\n", dnet->name); if (!(ssvc = sys_ucmd_msg (_CMD_GET_FC_SVC, pol->ssvc, *************** *** 255,258 **** --- 290,294 ---- return NULL; + out ("success get ssvc: %s\n", ssvc->name); if (!(dsvc = sys_ucmd_msg (_CMD_GET_FC_SVC, pol->dsvc, *************** *** 261,264 **** --- 297,301 ---- return NULL; + out ("success get dsvc: %s\n", dsvc->name); if (!(fw = sys_ucmd_msg (_CMD_GET_FC_FW, pol->fw, *************** *** 267,270 **** --- 304,308 ---- return NULL; + out ("success get fw: %s\n", fw->name); if ( parse_iprange (snet->addr, saddr, fr) != TRUE) { return NULL; *************** *** 274,281 **** if (!saddr_list) { strcpy(fr->errmsg, "failed to alloc saddr_list"); ! fr->ret = RET_EMALLOC; return NULL; } for ( i = saddr[0]; i <= saddr[1]; i++) for ( j = saddr[2]; j <= saddr[3]; j++) --- 312,322 ---- if (!saddr_list) { strcpy(fr->errmsg, "failed to alloc saddr_list"); ! ! if (fr) ! fr->ret = RET_EMALLOC; return NULL; } + out ("before extend saddr\n"); for ( i = saddr[0]; i <= saddr[1]; i++) for ( j = saddr[2]; j <= saddr[3]; j++) *************** *** 299,303 **** strcpy(fr->errmsg, "failed to alloc tmp saddr node"); ! fr->ret = RET_EMALLOC; return NULL; } --- 340,346 ---- strcpy(fr->errmsg, "failed to alloc tmp saddr node"); ! if (fr) ! fr->ret = RET_EMALLOC; ! return NULL; } *************** *** 313,320 **** if (!daddr_list) { strcpy(fr->errmsg, "failed to alloc daddr_list"); ! fr->ret = RET_EMALLOC; return NULL; } for ( i = daddr[0]; i <= daddr[1]; i++) for ( j = daddr[2]; j <= daddr[3]; j++) --- 356,367 ---- if (!daddr_list) { strcpy(fr->errmsg, "failed to alloc daddr_list"); ! ! if (fr) ! fr->ret = RET_EMALLOC; ! return NULL; } + out ("before extend daddr\n"); for ( i = daddr[0]; i <= daddr[1]; i++) for ( j = daddr[2]; j <= daddr[3]; j++) *************** *** 338,342 **** strcpy(fr->errmsg, "failed to alloc tmp daddr node"); ! fr->ret = RET_EMALLOC; return NULL; } --- 385,391 ---- strcpy(fr->errmsg, "failed to alloc tmp daddr node"); ! if (fr) ! fr->ret = RET_EMALLOC; ! return NULL; } *************** *** 345,348 **** --- 394,398 ---- } + out ("before LIST LOOP\n"); LIST_LOOP (saddr_list, sa, SAN) { LIST_LOOP (daddr_list, da, DAN) { *************** *** 356,364 **** p->msg.saddr = sa->addr; p->msg.daddr = da->addr; ! listnode_add (csm->fc_ipol_list, p); } } ! fr->ret = RET_OK; return polname; } --- 406,416 ---- p->msg.saddr = sa->addr; p->msg.daddr = da->addr; ! listnode_add (runpol_list, p); } } ! if (fr) ! fr->ret = RET_OK; ! return polname; } *************** *** 368,378 **** struct listnode *n; char *polname = (char *)arg; ! ! LIST_LOOP (csm->fc_ipol_list, p, n) { if (!strcmp (p->polname, polname)) { ! listnode_delete (csm->fc_ipol_list, p); } } fr->ret = RET_OK; return polname; --- 420,432 ---- struct listnode *n; char *polname = (char *)arg; ! ! out (""); ! LIST_LOOP (runpol_list, p, n) { if (!strcmp (p->polname, polname)) { ! listnode_delete (runpol_list, p); } } + out (""); fr->ret = RET_OK; return polname; *************** *** 380,383 **** --- 434,444 ---- void * _dmp_fc_ipol ( void *arg, int len, frp_t fr) { + + return NULL; + } + + void * _apply_fc_ipol ( void *arg, int len, frp_t fr) { + + return NULL; } Index: conftab.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/conftab.c,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** conftab.c 5 Mar 2006 01:11:00 -0000 1.5 --- conftab.c 6 Mar 2006 04:23:56 -0000 1.6 *************** *** 106,109 **** --- 106,110 ---- { _CMD_DEL_FC_IPOL, _del_fc_ipol }, { _CMD_DMP_FC_IPOL, _dmp_fc_ipol }, + { _CMD_APPLY_FC_IPOL, _apply_fc_ipol }, {0}, }; |
|
From: linuxpark <lin...@us...> - 2006-03-06 04:24:01
|
Update of /cvsroot/netadm/gwc/include In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25121/include Modified Files: confutil.h global.h sysipc.h sysshm.h sysutil.h Log Message: MOD: modify running policy cache managed by gwcadmd gwccli ----+----------> gwcadmd(running policy cache) ---> pf.ko | gwcguid ---+ Index: confutil.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/confutil.h,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** confutil.h 5 Mar 2006 01:11:00 -0000 1.3 --- confutil.h 6 Mar 2006 04:23:56 -0000 1.4 *************** *** 22,25 **** --- 22,26 ---- _CMD_DEL_FC_IPOL, /* delete one internal fc policy */ _CMD_DMP_FC_IPOL, /* dump all internal fc policies to stout */ + _CMD_APPLY_FC_IPOL, /* apply all internal fc policies through ioctl */ } sys_ucmd_e; *************** *** 42,45 **** --- 43,47 ---- void * _del_fc_ipol (void *arg, int len, frp_t fr); void * _dmp_fc_ipol (void *arg, int len, frp_t fr); + void * _apply_fc_ipol (void *arg, int len, frp_t fr); /* sys_ucmd_msg Index: sysshm.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/sysshm.h,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** sysshm.h 5 Mar 2006 01:11:00 -0000 1.7 --- sysshm.h 6 Mar 2006 04:23:56 -0000 1.8 *************** *** 79,83 **** int fc_pol_cnt; fc_pol_t fc_pol [MAXSHM_FC_POL]; - list fc_ipol_list; /* pointer of running fc polic list */ /* TODO: delete this after finishing up FC */ --- 79,82 ---- *************** *** 89,91 **** --- 88,92 ---- sm_t *csm; + list runpol_list; + #endif /* __SYS_SHM_INCLUDED */ Index: sysutil.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/sysutil.h,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** sysutil.h 5 Mar 2006 01:11:00 -0000 1.2 --- sysutil.h 6 Mar 2006 04:23:56 -0000 1.3 *************** *** 30,50 **** #define tcdprintf( fmt, args... ) printf( "tc(%d): " fmt, __LINE__,##args) #else - #if 0 - #define tcdprintf( fmt, args... ) do { \ - status= system(cmd); \ - bzero(cmd, sizeof(cmd));\ - }while(0) - #endif - #if 0 - #define tcdprintf( fmt, args... ) do { \ - status= system(cmd); \ - if(csm->polused && !WIFEXITED(status)){ \ - frerr (fr, RET_EINTERNAL, "Failed to exec cmd [%s] error[%d]\n", cmd, status); \ - return; \ - } \ - }while(0) - #endif - /* current available */ #define tcdprintf( fmt, args... ) system (cmd) #endif --- 30,34 ---- *************** *** 52,56 **** #ifdef USE_SYSLOG #define out(fmt, args...) \ ! sysl_log(SYSLI, SYSL_PROC_INFO, fmt, ##args) #else #define out(fmt, args...) \ --- 36,40 ---- #ifdef USE_SYSLOG #define out(fmt, args...) \ ! sysl_log(SYSLI, SYSL_PROC_INFO, "[%s,%s,%d]" fmt, __FILE__, __FUNCTION__, __LINE__, ##args) #else #define out(fmt, args...) \ Index: sysipc.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/sysipc.h,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** sysipc.h 1 Mar 2006 04:06:33 -0000 1.4 --- sysipc.h 6 Mar 2006 04:23:56 -0000 1.5 *************** *** 50,62 **** typedef struct { ! ipc_ret_e ret; ! char *p; ! unsigned short len; ! unsigned short cols; ! unsigned short rows; ! int islist; ! int errcnt; ! int errlen; ! char errmsg[1024]; } *frp_t, fr_t; /* func ret */ --- 50,62 ---- typedef struct { ! ipc_ret_e ret; ! char *p; ! unsigned short len; ! unsigned short cols; ! unsigned short rows; ! int islist; ! int errcnt; ! int errlen; ! char errmsg[1024]; } *frp_t, fr_t; /* func ret */ *************** *** 115,124 **** #define __IOCTL_IDX_BASE CMD_LISTTHRESHOLD typedef void (*cmdcallback_t) (int argc, char *argv[], int modify, frp_t fr); typedef struct { ! sys_cmd_e cmd; ! char *key; ! cmdcallback_t func; ! char *hlp; } sys_cmd_t; --- 115,144 ---- #define __IOCTL_IDX_BASE CMD_LISTTHRESHOLD + typedef struct { + ipc_ret_e ret; /* return value during IPC */ + int errcnt; + int errlen; + char errmsg[1024]; + } sys_ipc_ret_t; + + typedef struct { + int type; /* type of message */ + int len; /* data len */ + unsigned char data[1024]; /* start point of data */ + } sys_ipc_msg_t; + + typedef enum { + IPCMTYPE_FC_RET = 0x00000001, + IPCMTYPE_FC_ADD_IPOL, + IPCMTYPE_FC_DEL_IPOL, + IPCMTYPE_FC_APPLY_IPOL, + } sys_ipc_e; + typedef void (*cmdcallback_t) (int argc, char *argv[], int modify, frp_t fr); typedef struct { ! sys_cmd_e cmd; ! char *key; ! cmdcallback_t func; ! char *hlp; } sys_cmd_t; Index: global.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/global.h,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** global.h 25 Feb 2006 22:59:00 -0000 1.3 --- global.h 6 Mar 2006 04:23:56 -0000 1.4 *************** *** 42,45 **** --- 42,46 ---- #define SZCLI "gwccli" #define SZRUNSHELL "gwc" + #define SZADMD "gwcadmd" /* exe, config file path - end */ #define SZFWCSSFRTLD "/tmp/.SYS_RTLD" |
|
From: linuxpark <lin...@us...> - 2006-03-06 04:24:00
|
Update of /cvsroot/netadm/gwc/gwccli In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25121/gwccli Modified Files: main.c Log Message: MOD: modify running policy cache managed by gwcadmd gwccli ----+----------> gwcadmd(running policy cache) ---> pf.ko | gwcguid ---+ Index: main.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwccli/main.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** main.c 30 Jan 2006 17:41:28 -0000 1.1.1.1 --- main.c 6 Mar 2006 04:23:56 -0000 1.2 *************** *** 147,157 **** } } ! if (msg == CMD_LIST_PHYMACSPEC || msg == CMD_SET_TXPW) while (csm->shared_mutex == MUTEX_LOCK) ; - csm->shared_mutex = MUTEX_LOCK; pir = ipc_msg(msg, buf, total, argc - 2); ! csm->shared_mutex = MUTEX_UNLOCK; if (pir->ret != RET_OK) { if (pir->p && strlen(pir->p)) { --- 147,157 ---- } } ! #if 0 if (msg == CMD_LIST_PHYMACSPEC || msg == CMD_SET_TXPW) while (csm->shared_mutex == MUTEX_LOCK) ; csm->shared_mutex = MUTEX_LOCK; + #endif pir = ipc_msg(msg, buf, total, argc - 2); ! // csm->shared_mutex = MUTEX_UNLOCK; if (pir->ret != RET_OK) { if (pir->p && strlen(pir->p)) { |
|
From: linuxpark <lin...@us...> - 2006-03-06 04:24:00
|
Update of /cvsroot/netadm/gwc/gwcadmd In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25121/gwcadmd Modified Files: main.c Log Message: MOD: modify running policy cache managed by gwcadmd gwccli ----+----------> gwcadmd(running policy cache) ---> pf.ko | gwcguid ---+ Index: main.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwcadmd/main.c,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** main.c 5 Mar 2006 01:10:59 -0000 1.6 --- main.c 6 Mar 2006 04:23:56 -0000 1.7 *************** *** 9,13 **** #ident "@(#) $Header$" - #include <stdio.h> #include <stdlib.h> --- 9,12 ---- *************** *** 57,67 **** bool bdebug = FALSE; pthread_attr_t attr; [...2371 lines suppressed...] ! if (pthread_attr_destroy(&attr) != 0) { ! out("Can't destroy thread attr: %s\n", strerror(errno)); ! } ! pthread_mutex_destroy(&autotest_mutex); ! pthread_mutex_destroy(&control_mutex); ! list_delete_all_node(runpol_list); ! /* daemon exit */ ! EXIT: #ifdef USE_SYSLOG ! sysl_close(); #endif ! ! /* dont use this because we will not alloc for fr->p */ ! /* frfree(fr); */ ! sys_ipcclean(); ! shmdt((char *)0); ! shmctl(smid, IPC_RMID, NULL); ! out("stopped.\n"); ! exit(0); ! } |
|
From: park j. <par...@ho...> - 2006-03-06 02:07:15
|
thanks george it seems like PcapProcessPacket is a enterance of IDS engine. regards jeho park >From: "EP8KHA EP8KHA" <ep...@ho...> >To: Net...@li... >Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips >tools >Date: Sun, 05 Mar 2006 17:37:54 -0500 > >Hi, >If anyone wants to take a look at how the snort engine goes about it's >business in processing packets, without looking at the initializations, you >can do a search for this function in snort.c: > >pcap_loop(pd, pv.pkt_cnt, (pcap_handler) PcapProcessPacket, NULL) > >Thereafter, you can follow through the PcapProcessPacket to find out how >the packets are manipulated. Cheers ^_^ > >EP8KHA > >_________________________________________________________________ >Dont just search. Find. Check out the new MSN Search! >http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > > > >------------------------------------------------------- >This SF.Net email is sponsored by xPML, a groundbreaking scripting language >that extends applications into web and mobile media. Attend the live >webcast >and join the prime developer group breaking into this new coding territory! >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >_______________________________________________ >Netadm-devel mailing list >Net...@li... >https://lists.sourceforge.net/lists/listinfo/netadm-devel |
|
From: jeho-park <lin...@gm...> - 2006-03-06 01:08:20
|
hi il-eok, and sehoon kim first of all, thanks for your interest about our netadm project. here is current project state : http://www.kernelproject.org/viewtopic.php?p=6825#6825 here is current todo list of our project : http://netadm.sourceforge.net/todo.html if you want to join in our project, just register netadm-devel mailling list. ! and then talk about netadm with us. URL: http://lists.sourceforge.net/lists/listinfo/netadm-devel [steps for registering netadm-devel mailling list] 1. fill with your mail address in "Your email address:" in the URL above. 2. fill with your password in "pick a password:" and "Reenter password to confirm:" in the URL above 3. click "subscribe" button 4. after about five minutes, you can verify one mail from netadm project. all things what you have to do is just "reply-all" about this mail, don't enter any string but "reply-all" 5. after about five minutes, you can find one mail whose subject "Congulatulation~.." p.s : i want to know whether you ported snort to linux kernel layer or made some interface which let linux network stack communicate with snort .. thanks jeho park il-eok hwang wrote: > 안녕하세요.. 저는 황일억 이라고 합니다. > > 저는 주로 Linux DD를 주로 하였으나, 최근 2년간은 UTM을 해왔습니다. > > 제가 일부 도움을 줄 수 있을 것 같다는 생각이 듭니다. 현재 VPN 및 UTM > 개발때문에 바쁘긴 하지만.. > > 제가 영어가 짧은 관계로 문서 작업은 힘들것 같습니다. > > QoS 아니면 SNORT 부분을 도와줄 수 있을 듯 합니다. 커널에 SNORT를 이식 > 하는 작업을 예전에 > 수행한 적이 있습니다. > > 회신 기다리겠습니다. |
|
From: EP8KHA E. <ep...@ho...> - 2006-03-05 22:40:12
|
Hi, If anyone wants to take a look at how the snort engine goes about it's business in processing packets, without looking at the initializations, you can do a search for this function in snort.c: pcap_loop(pd, pv.pkt_cnt, (pcap_handler) PcapProcessPacket, NULL) Thereafter, you can follow through the PcapProcessPacket to find out how the packets are manipulated. Cheers ^_^ EP8KHA _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ |
|
From: jeho-park <lin...@gm...> - 2006-03-05 12:11:55
|
hi everyone i made a small memo, this shows current state of our project. http://www.kernelproject.org/viewtopic.php?p=6825#6825 thanks jeho park. p.s : current cvs version of gwc may be compiled with no problem but it does not operate properly, this is because from about a week ago, i have been checking in some modified sources to cvs.sf.net for new functionalities of gwc-v0.1-pre3 (for more infomation, please refer to project homeage). this problem will be resolved in this month. todays, my development environment is debian, so if you find any compiling problem, let me know please. for proper compilation, it is needed to install gtk+-dev library, iproute package... i thought some time later this problem must be resolved. |
|
From: linuxpark <lin...@us...> - 2006-03-05 01:11:05
|
Update of /cvsroot/netadm/gwc/gwclib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2507/gwclib Modified Files: confio.c confproc.c conftab.c confutil.c sysutil.c Log Message: ADD: <flow control concerned> from now, pf temporary will be not compiled properly. because between user data structure and pf are different. This will be updated in one or two days later. sorry. i will upload new presentation file which illustrate what has been happen since starting gwc-v0.1-pre3 development. 2006. 2.15 ADD1: add_fc_pol, del_fc_pol, list_fc_pol these files will be modified again. and updated todays. ADD2: _get_fc_net ~ _dmp_fc_ipol about 8 function. and it's map data struct. these functoin can be accessed by sys_ucmd_msg. ADD3: sys_ucmd_msg : this function exported library function about ADD2. this function is somewhat useful to access a specified object in system config (shared memory). ADD4: runpol_list list : This list was made for supporting extended address for example, if user enter network hostinfo(not subnet) in flow control as like 192.168.1.1-100, then the real packet filter policy extend it's real address 192.168.1.1, 192.168.1.2 ... so runpol_list is for this extending IP address of network object but this data structure will be updated by gwcadmd at not the moment "apply flow control rule" but the moment whenever user enter one policy. MOD: kuio_msg_t in include/sysioctl.h All of updating to gwc-v0.1-pre3 may be completed in about one week. jeho park Index: confio.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confio.c,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** confio.c 1 Mar 2006 04:06:33 -0000 1.4 --- confio.c 5 Mar 2006 01:11:00 -0000 1.5 *************** *** 366,371 **** csm->fc_net[i].name, mapidtostr(map_nettype, csm->fc_net[i].type), ! inet_ntoa(csm->fc_net[i].net.addr), ! csm->fc_net[i].net.mask, csm->fc_net[i].net_if); } --- 366,374 ---- csm->fc_net[i].name, mapidtostr(map_nettype, csm->fc_net[i].type), ! /* ! * inet_ntoa(csm->fc_net[i].net.addr), ! */ ! csm->fc_net[i].addr, ! csm->fc_net[i].mask, csm->fc_net[i].net_if); } *************** *** 392,396 **** STR_FC_FW, csm->fc_fw[i].name, ! csm->fc_fw[i].val, mapidtostr (map_thput_unit, csm->fc_fw[i].unit)); --- 395,399 ---- STR_FC_FW, csm->fc_fw[i].name, ! csm->fc_fw[i].quota, mapidtostr (map_thput_unit, csm->fc_fw[i].unit)); Index: sysutil.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/sysutil.c,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** sysutil.c 28 Feb 2006 23:41:50 -0000 1.2 --- sysutil.c 5 Mar 2006 01:11:00 -0000 1.3 *************** *** 721,722 **** --- 721,822 ---- } + static int _parse_iprange(char *s, int i, unsigned char *v, frp_t fr) { + char *c; + char *p; + + if ( !(c = strchr (s, '-'))) { + if ( str_isdigit (s) != TRUE ) { + sprintf(fr->errmsg, "ugly char entered (%s)", s); + fr->ret = RET_EUSAGE; + return FALSE; + } + + if (atoi (s) > 254) { + sprintf(fr->errmsg, "over limit char entered (%s)", s); + fr->ret = RET_EUSAGE; + return FALSE; + } + + *(v+i+1) = *(v + i) = atoi (s); + return TRUE; + } + + *c = '\0'; + p = ++c; + + if ( str_isdigit (s) != TRUE || atoi (s) > 254) { + sprintf(fr->errmsg, "ugly char entered (%s)", s); + fr->ret = RET_EUSAGE; + return FALSE; + } + + if ( str_isdigit (p) != TRUE || atoi (p) > 254) { + sprintf(fr->errmsg, "ugly char entered (%s)", p); + fr->ret = RET_EUSAGE; + return FALSE; + } + + *(v+i) = atoi (s); + *(v+i+1) = atoi (p); + + return TRUE; + } + + + /* parse_iprange + * : parsing ranged ip address for example, 192.168.10-11.100-200 type + * + * @ip: char ip address + * @parsed : result ( address[8] ) + * + * class A + * address[0] : start addr of class A + * address[1] : end addr of class A + * + * class B + * address[2] : start addr of class B + * address[3] : end addr of class B + * + * class C + * address[4] : start addr of class C + * address[5] : end addr of class C + * + * class D + * address[6] : start addr of class D + * address[7] : end addr of class D + * + * return : TRUE (success), FALSE (fail: ugly ip address) + */ + int parse_iprange (const char *ip, unsigned char *parsed, frp_t fr) { + char *c; + char *p; + char addr[OL*2]; + int len; + int quit = 0; + int i = 0; + + if (strlen (ip) > sizeof (addr)) { + return FALSE; + } + + strcpy(addr, ip); + + p = addr; + while (!quit) { + if ((c = strchr (p, '.')) != NULL) { + *c = '\0'; + if ( _parse_iprange (p, i, parsed, fr) != TRUE ) + return FALSE; + p = ++c; + + } + else { + if ( _parse_iprange (p, i, parsed, fr) != TRUE ) + return FALSE; + quit = 1; + } + i+=2; + } + return TRUE; + } + Index: confproc.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confproc.c,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** confproc.c 1 Mar 2006 19:13:23 -0000 1.11 --- confproc.c 5 Mar 2006 01:11:00 -0000 1.12 *************** *** 2353,2358 **** --- 2353,2362 ---- } n += 1 + sprintf(&fr->p[n], "%s", mapidtostr(map_nettype, csm->fc_net[i].type)); + #if 0 n += 1 + sprintf(&fr->p[n], "%s", inet_ntoa(csm->fc_net[i].net.addr)); n += 1 + sprintf(&fr->p[n], "%d", csm->fc_net[i].net.mask); + #endif + n += 1 + sprintf(&fr->p[n], "%s", csm->fc_net[i].addr); + n += 1 + sprintf(&fr->p[n], "%d", csm->fc_net[i].mask); n += 1 + sprintf(&fr->p[n], "%s", csm->fc_net[i].net_if); } *************** *** 2378,2381 **** --- 2382,2387 ---- return; } + + /* name */ if (!str_nospace(argv[0])) frerr(fr, RET_EUSAGE,"[FC/Network name] cannot contain spaces\n"); *************** *** 2395,2409 **** } if ((net->type = mapstrtoid(map_nettype, argv[1])) == -1) frerrmap(fr, RET_EUSAGE, "Type", map_nettype); if (!str_inetaddr(argv[2], ! (net->type == SYS_NT_HOST) ? TRUE : FALSE)) ! frerr(fr, RET_EUSAGE, ! "Invalid [IP address] \"%s\" entered\n", argv[2]); ! else if ((net->net.addr.s_addr = inet_addr(argv[2])) == (in_addr_t)(-1)) { frerr(fr, RET_EUSAGE, "Invalid [IP address] \"%s\" entered\n", argv[2]); } if (!str_isdigit(argv[3])) { frerr(fr, RET_EUSAGE, --- 2401,2431 ---- } + /* type */ if ((net->type = mapstrtoid(map_nettype, argv[1])) == -1) frerrmap(fr, RET_EUSAGE, "Type", map_nettype); + /* IP */ if (!str_inetaddr(argv[2], ! (net->type == SYS_NT_HOST) ? TRUE : FALSE)) { ! /* ! * case1: ip range case2: wrong input case3: ? ! */ ! unsigned char address[8]; ! if ( parse_iprange ( argv[2], address, fr) != TRUE ) ! frerr(fr, RET_EUSAGE, ! "Invalid [IP address range] \"%s\" entered" ! " ex) 192.168.1-3.10-100\n", ! argv[2]); ! else ! strcpy (net->addr, argv[2]); ! } ! else if ( inet_addr(argv[2]) == (in_addr_t)(-1)) { frerr(fr, RET_EUSAGE, "Invalid [IP address] \"%s\" entered\n", argv[2]); } + else + strcpy (net->addr, argv[2]); + + /* mask */ if (!str_isdigit(argv[3])) { frerr(fr, RET_EUSAGE, *************** *** 2411,2421 **** } else { ! net->net.mask = atoi(argv[3]); ! if (net->type == SYS_NT_HOST && net->net.mask != 32) frerr(fr, RET_EUSAGE, "[Netmask] must be 32 with host type\n"); ! if (net->net.mask > 32 ) frerr(fr, RET_EUSAGE, "[Netmask] must be between 0 and 32\n"); } if (!str_nospace(argv[4])) frerr(fr, RET_EUSAGE, "[Interface name] cannot contain spaces\n"); --- 2433,2444 ---- } else { ! net->mask = atoi(argv[3]); ! if (net->type == SYS_NT_HOST && net->mask != 32) frerr(fr, RET_EUSAGE, "[Netmask] must be 32 with host type\n"); ! if (net->mask > 32 ) frerr(fr, RET_EUSAGE, "[Netmask] must be between 0 and 32\n"); } + /* neighbor interface name */ if (!str_nospace(argv[4])) frerr(fr, RET_EUSAGE, "[Interface name] cannot contain spaces\n"); *************** *** 2442,2451 **** if (i == slot) continue; ! if (net->net.addr.s_addr != csm->fc_net[i].net.addr.s_addr) ! continue; ! if (net->net.mask != csm->fc_net[i].net.mask) continue; ! if (strcmp(net->net_if, csm->fc_net[i].net_if)) continue; frerr(fr, RET_ENOTUNIQ, "%s: Same Network already defined as %s\n", --- 2465,2479 ---- if (i == slot) continue; ! /* ! *if (net->net.addr.s_addr != csm->fc_net[i].net.addr.s_addr) ! * continue; ! */ ! if (strcmp (net->addr, csm->fc_net[i].addr) != 0) ! continue; ! if (net->mask != csm->fc_net[i].mask) continue; ! if (strcmp(net->net_if, csm->fc_net[i].net_if) != 0) continue; + frerr(fr, RET_ENOTUNIQ, "%s: Same Network already defined as %s\n", *************** *** 2593,2597 **** continue; } ! n += 1 + sprintf(&fr->p[n], "%d", csm->fc_fw[i].val); n += 1 + sprintf(&fr->p[n], "%s", mapidtostr(map_thput_unit, csm->fc_fw[i].unit)); } --- 2621,2625 ---- continue; } ! n += 1 + sprintf(&fr->p[n], "%d", csm->fc_fw[i].quota); n += 1 + sprintf(&fr->p[n], "%s", mapidtostr(map_thput_unit, csm->fc_fw[i].unit)); } *************** *** 2645,2655 **** argv[1]); } ! else if ( atoi (argv[1]) < 0 || atoi (argv[1]) > 999 ) { frerr(fr, RET_EUSAGE, ! "[flow value] must be valid value but you enter %s\n", ! argv[1]); } else ! fw->val = atoi (argv[1]); if ((fw->unit = mapstrtoid(map_thput_unit, argv[2])) == -1) --- 2673,2685 ---- argv[1]); } ! else if ( atoi (argv[1]) < MINDEF_FW_VAL || ! atoi (argv[1]) > MAXDEF_FW_VAL ) { frerr(fr, RET_EUSAGE, ! "[flow value] must be valid value %s" ! " min(%d)~max(%d)\n", ! argv[1], MINDEF_FW_VAL, MAXDEF_FW_VAL); } else ! fw->quota = atoi (argv[1]); if ((fw->unit = mapstrtoid(map_thput_unit, argv[2])) == -1) *************** *** 2659,2663 **** if (i == slot) continue; ! if (fw->val != csm->fc_fw[i].val) continue; if (fw->unit != csm->fc_fw[i].unit) --- 2689,2693 ---- if (i == slot) continue; ! if (fw->quota != csm->fc_fw[i].quota) continue; if (fw->unit != csm->fc_fw[i].unit) *************** *** 2852,2856 **** strcpy(pol->name, argv[0]); ! if (sys_ucmd_msg (_CMD_GET_FC_POL, argv[0], strlen(argv[0]))) frerr(fr, RET_ENOTUNIQ, "[FC/policy name] \"%s\" already exists\n", argv[0]); --- 2882,2886 ---- strcpy(pol->name, argv[0]); ! if (sys_ucmd_msg (_CMD_GET_FC_POL, argv[0], strlen(argv[0]), fr)) frerr(fr, RET_ENOTUNIQ, "[FC/policy name] \"%s\" already exists\n", argv[0]); *************** *** 2870,2874 **** strcpy(pol->snet, argv[2]); ! if ( !sys_ucmd_msg (_CMD_GET_FC_NET, argv[2], strlen(argv[2]))) frerr(fr, RET_ENOTUNIQ, "[FC/source network name] \"%s\" does not exists\n", argv[2]); --- 2900,2904 ---- strcpy(pol->snet, argv[2]); ! if ( !sys_ucmd_msg (_CMD_GET_FC_NET, argv[2], strlen(argv[2]), fr)) frerr(fr, RET_ENOTUNIQ, "[FC/source network name] \"%s\" does not exists\n", argv[2]); *************** *** 2885,2889 **** strcpy(pol->ssvc, argv[3]); ! if ( !(ssvc = (fc_svc_t*)sys_ucmd_msg (_CMD_GET_FC_SVC, argv[3], strlen(argv[3]))) ) frerr(fr, RET_ENOTUNIQ, "[FC/source service protocol name] \"%s\" does not exists\n", argv[3]); --- 2915,2922 ---- strcpy(pol->ssvc, argv[3]); ! if ( !(ssvc = (fc_svc_t*)sys_ucmd_msg (_CMD_GET_FC_SVC, ! argv[3], ! strlen(argv[3]), ! fr)) ) frerr(fr, RET_ENOTUNIQ, "[FC/source service protocol name] \"%s\" does not exists\n", argv[3]); *************** *** 2900,2904 **** strcpy(pol->dnet, argv[4]); ! if ( !sys_ucmd_msg (_CMD_GET_FC_NET, argv[4], strlen(argv[4]))) frerr(fr, RET_ENOTUNIQ, "[FC/destination network name] \"%s\" does not exists\n", argv[4]); --- 2933,2937 ---- strcpy(pol->dnet, argv[4]); ! if ( !sys_ucmd_msg (_CMD_GET_FC_NET, argv[4], strlen(argv[4]), fr)) frerr(fr, RET_ENOTUNIQ, "[FC/destination network name] \"%s\" does not exists\n", argv[4]); *************** *** 2915,2919 **** strcpy(pol->dsvc, argv[5]); ! if ( !(dsvc = (fc_svc_t*)sys_ucmd_msg (_CMD_GET_FC_SVC, argv[5], strlen(argv[5]))) ) frerr(fr, RET_ENOTUNIQ, "[FC/destination service protocol name] \"%s\" does not exists\n",argv[5]); --- 2948,2955 ---- strcpy(pol->dsvc, argv[5]); ! if ( !(dsvc = (fc_svc_t*)sys_ucmd_msg (_CMD_GET_FC_SVC, ! argv[5], ! strlen(argv[5]), ! fr)) ) frerr(fr, RET_ENOTUNIQ, "[FC/destination service protocol name] \"%s\" does not exists\n",argv[5]); *************** *** 2937,2941 **** strcpy(pol->fw, argv[6]); ! if ( !sys_ucmd_msg (_CMD_GET_FC_FW, argv[6], strlen(argv[6]))) frerr(fr, RET_ENOTUNIQ, "[FC/flow control name] \"%s\" does not exists\n", argv[6]); --- 2973,2977 ---- strcpy(pol->fw, argv[6]); ! if ( !sys_ucmd_msg (_CMD_GET_FC_FW, argv[6], strlen(argv[6]), fr)) frerr(fr, RET_ENOTUNIQ, "[FC/flow control name] \"%s\" does not exists\n", argv[6]); *************** *** 3001,3008 **** --- 3037,3053 ---- if (modify != CBFROM_SYSTEM) { + if ((fr->ret = saveconf(csm)) != RET_OK) { frerr(fr, fr->ret, "Cannot save configuration (%d)\n", fr->ret); return; } + else { + if (!sys_ucmd_msg (_CMD_ADD_FC_IPOL, + argv[0], + strlen(argv[0]), + fr)) + frerr(fr, fr->ret,"Failed to add internal policy (%s): " + "%s", argv[0], fr->errmsg); + } } } *************** *** 3024,3041 **** if (argc == 1) { ! ! for (i = 0; i < csm->fc_pol_cnt; i++) { ! if (!strcmp(csm->fc_pol[i].name, argv[0])) { ! pol = &csm->fc_pol[i]; ! slot = i; ! break; ! } ! } ! ! if (pol == NULL) { frerr(fr, RET_ENOTFOUND, "[FC/policy name] \"%s\" does not exist\n", argv[0]); ! return; ! } if (fr->ret != RET_OK) --- 3069,3091 ---- if (argc == 1) { ! ! if (!(pol = sys_ucmd_msg (_CMD_GET_FC_POL, ! argv[0], ! strlen(argv[0]), ! fr))) { frerr(fr, RET_ENOTFOUND, "[FC/policy name] \"%s\" does not exist\n", argv[0]); ! } ! #if 0 ! else { ! if ( !sys_ucmd_msg ( _CMD_DEL_FC_IPOL, ! argv[0], ! strlen(argv[0]), ! fr)) ! frerr(fr, fr->ret, "Failed to delete internal policy(%s): %s", ! argv[0], ! fr->errmsg); ! } ! #endif if (fr->ret != RET_OK) *************** *** 3050,3058 **** if (modify != CBFROM_SYSTEM) { ! if ((fr->ret = saveconf(csm)) != RET_OK) { frerr(fr, fr->ret, "Cannot save configuration (%d)\n", fr->ret); return; } } } --- 3100,3119 ---- if (modify != CBFROM_SYSTEM) { ! if ((fr->ret = saveconf(csm)) != RET_OK) { frerr(fr, fr->ret, "Cannot save configuration (%d)\n", fr->ret); return; } + else { + + if ( !sys_ucmd_msg ( _CMD_DEL_FC_IPOL, + argv[0], + strlen(argv[0]), + fr)) + frerr(fr, fr->ret, + "Failed to delete internal policy(%s): %s", + argv[0], + fr->errmsg); + } } } *************** *** 3071,3074 **** --- 3132,3144 ---- int ret; + /* snet/ssvc ----> dnet/dsvc (fw) + * IP, dev_idx / proto, port ----> IP, dev_idx / proto, port [fw(byte)] + * + * - IP (u32) + * - proto + * - port + * ip->protocol (struct iphdr *ip = (*pkt)->nh.iph ), pkt == sk_buff** + * + */ if (argc == 0) { fd = open(SZPFDEV, O_RDWR | O_NDELAY); *************** *** 3079,3082 **** --- 3149,3153 ---- ioctl (fd, IOCTLPF_REFLESH, 0); + #if 0 for (i = 0; i < csm->hpolcnt; i++) { switch (csm->hostpol[i].flag) { *************** *** 3106,3109 **** --- 3177,3181 ---- } } + #endif close(fd); Index: confutil.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confutil.c,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** confutil.c 1 Mar 2006 19:13:24 -0000 1.3 --- confutil.c 5 Mar 2006 01:11:00 -0000 1.4 *************** *** 35,38 **** --- 35,39 ---- #include "sysdef.h" #include "confutil.h" + #include "linklist.h" #if !defined(TRUE) *************** *** 49,108 **** extern sys_ucmd_t ucmdtab[]; ! void * sys_ucmd_msg (sys_ucmd_e cmd, void *arg, int len) { /* * TODO: someday later, lock for shared mem will be needed * to support multiprocessing by admin */ ! return ucmdtab[cmd].func (arg, len); } ! void * _get_fc_net ( void *arg, int len) { int i; char *name = (char *)arg; for ( i = 0 ; i < FC_CNT(net); i++) { ! if ( !strncmp (FC_OBJ_NAME(net, i), name, len)) return &FC_OBJ(net, i); } return NULL; } ! void * _get_fc_svc ( void *arg, int len) { int i; char *name = (char *)arg; for ( i = 0 ; i < FC_CNT(svc); i++) { ! if ( !strncmp (FC_OBJ_NAME(svc, i), name, len)) return &FC_OBJ(svc, i); } return NULL; } ! void * _get_fc_fw ( void *arg, int len) { int i; char *name = (char *)arg; for ( i = 0 ; i < FC_CNT(fw); i++) { ! if ( !strncmp (FC_OBJ_NAME(fw, i), name, len)) return &FC_OBJ(fw, i); } return NULL; } ! void * _get_fc_pol ( void *arg, int len) { int i; char *name = (char *)arg; for ( i = 0 ; i < FC_CNT(pol); i++) { ! if ( !strncmp (FC_OBJ_NAME(pol, i), name, len)) return &FC_OBJ(pol, i); } return NULL; } char * mapidtostr(sys_strmap_t * map, int id) --- 50,385 ---- extern sys_ucmd_t ucmdtab[]; ! void * sys_ucmd_msg (sys_ucmd_e cmd, void *arg, int len, frp_t fr) { /* * TODO: someday later, lock for shared mem will be needed * to support multiprocessing by admin */ ! return ucmdtab[cmd].func (arg, len, fr); } ! void * _get_fc_net ( void *arg, int len, frp_t fr) { int i; char *name = (char *)arg; for ( i = 0 ; i < FC_CNT(net); i++) { ! if ( !strncmp (FC_OBJ_NAME(net, i), name, len)) { ! fr->ret = RET_OK; return &FC_OBJ(net, i); + } } + + strcpy (fr->errmsg, "Can't found fc net"); + fr->ret = RET_ENOTFOUND; return NULL; } ! void * _get_fc_svc ( void *arg, int len, frp_t fr) { int i; char *name = (char *)arg; for ( i = 0 ; i < FC_CNT(svc); i++) { ! if ( !strncmp (FC_OBJ_NAME(svc, i), name, len)) { ! fr->ret = RET_OK; return &FC_OBJ(svc, i); + } } + strcpy (fr->errmsg, "Can't found fc svc"); + fr->ret = RET_ENOTFOUND; return NULL; } ! void * _get_fc_fw ( void *arg, int len, frp_t fr) { int i; char *name = (char *)arg; for ( i = 0 ; i < FC_CNT(fw); i++) { ! if ( !strncmp (FC_OBJ_NAME(fw, i), name, len)) { ! fr->ret = RET_OK; return &FC_OBJ(fw, i); + } } + strcpy (fr->errmsg, "Can't found fc fw"); + fr->ret = RET_ENOTFOUND; return NULL; } ! void * _get_fc_pol ( void *arg, int len, frp_t fr) { int i; char *name = (char *)arg; for ( i = 0 ; i < FC_CNT(pol); i++) { ! if ( !strncmp (FC_OBJ_NAME(pol, i), name, len)) { ! fr->ret = RET_OK; return &FC_OBJ(pol, i); + } } + strcpy (fr->errmsg, "Can't found fc pol"); + fr->ret = RET_ENOTFOUND; return NULL; } + + //update_ipol (p, pol, snet, dnet, ssvc, dsvc, fw); + /* update_ipol() + * : set fc_umsg_t in runpol_list + * + * @c : runpol_list, fc_umsg_t + * @p : policy, fc_pol_t + * @sn: source net, fc_net_t + * @dn: destination net fc_net_t + * @ss: source svc fc_svc_t + * @ds: destination svc fc_svc_t + * @fw: flow unit fc_fw_t + */ + + static inline void update_ipol ( fc_umsg_t *c, + fc_pol_t *p, + fc_net_t *sn, + fc_net_t *dn, + fc_svc_t *ss, + fc_svc_t *ds, + fc_fw_t *fw ) { + + strcpy (c->polname, p->name); + strcpy (c->msg.indev, sn->net_if); + c->msg.protocol = ss->proto; + c->msg.rule = p->rule; + + if (ss->proto != SYS_PROTO_ICMP){ + c->msg.sport = ss->u.port; + c->msg.dport = ds->u.port; + } + else { + c->msg.sport = ss->u.icmptype; + c->msg.dport = ds->u.icmptype; + } + + c->msg.smask = sn->mask; + c->msg.dmask = dn->mask; + + if (fw->unit == SYS_FLOW_BPS) + c->msg.quota = ((double)(fw->quota)) / 8.0; + else if (fw->unit == SYS_FLOW_KBPS) + c->msg.quota = 1024 * ((double)(fw->quota)) / 8.0; + else if (fw->unit == SYS_FLOW_MBPS) + c->msg.quota = 1024 * 1024 * ((double)(fw->quota)) / 8.0; + else if (fw->unit == SYS_FLOW_BYTE) + c->msg.quota = fw->quota; + else if (fw->unit == SYS_FLOW_KBYTE) + c->msg.quota = 1024 * fw->quota; + else if (fw->unit == SYS_FLOW_MBYTE) + c->msg.quota = 1024 * 1024 * fw->quota; + } + + void * _mod_fc_ipol ( void *arg, int len, frp_t fr) { + /* + * TODO: later, + */ + return NULL; + } + + #ifndef FC_ADDR_NORMAL + #define FC_ADDR_NORMAL 0x00000000 /* nomal ip address */ + #endif + + #ifndef FC_ADDR_EXTEND + #define FC_ADDR_EXTEND 0x00000001 /* extended ip address. + for example, 192.168.1.10-100 + */ + #endif + + typedef struct { + int addr; + }tmp_addr_t; + + /* __add_fc_ipol() + * : this function add internal policy not for GUI user process but for pf module. + * : don't call this function directly. use sys_umsg_cmd with index. + * : This function exist for more better performance at 'apply time' + * : because whenever user insert one policy, this function will be call, + * : and then make runtime cache? of internal policy. + * + * @arg : policy name in fc_pol_t + * @len : length of policyname + * @fr : detailed result fr->ret, fr->errmsg + */ + void * _add_fc_ipol ( void *arg, int len, frp_t fr) { + fc_umsg_t *p; /* node which include new vals */ + fc_pol_t *pol; + fc_net_t *snet; + fc_net_t *dnet; + fc_svc_t *ssvc; + fc_svc_t *dsvc; + fc_fw_t *fw; + unsigned char saddr[8]; + unsigned char daddr[8]; + list saddr_list; + list daddr_list; + struct listnode *SAN; + struct listnode *DAN; + int addr; + int i; + int j; + int k; + int l; + tmp_addr_t *sa; + tmp_addr_t *da; + char *polname = (char *)arg; + + if (!(pol = sys_ucmd_msg (_CMD_GET_FC_POL, + polname, + strlen(polname), + fr))) + return NULL; + + if (!(snet = sys_ucmd_msg (_CMD_GET_FC_NET, + pol->snet, + strlen(pol->snet), + fr))) + return NULL; + + if (!(dnet = sys_ucmd_msg (_CMD_GET_FC_NET, + pol->dnet, + strlen(pol->dnet), + fr))) + return NULL; + + if (!(ssvc = sys_ucmd_msg (_CMD_GET_FC_SVC, + pol->ssvc, + strlen(pol->ssvc), + fr))) + return NULL; + + if (!(dsvc = sys_ucmd_msg (_CMD_GET_FC_SVC, + pol->dsvc, + strlen(pol->dsvc), + fr))) + return NULL; + + if (!(fw = sys_ucmd_msg (_CMD_GET_FC_FW, + pol->fw, + strlen(pol->fw), + fr))) + return NULL; + + if ( parse_iprange (snet->addr, saddr, fr) != TRUE) { + return NULL; + } + + saddr_list = list_new (); + if (!saddr_list) { + strcpy(fr->errmsg, "failed to alloc saddr_list"); + fr->ret = RET_EMALLOC; + return NULL; + } + + for ( i = saddr[0]; i <= saddr[1]; i++) + for ( j = saddr[2]; j <= saddr[3]; j++) + for ( k = saddr[4]; k <= saddr[5]; k++) + for ( l = saddr[6]; l <= saddr[7]; l++) { + /* LITTLE ENDIAN */ + addr = 0; + addr = l; + addr <<= 8; + + addr |= k; + addr <<= 8; + + addr |= j; + addr <<= 8; + + addr |= i; + + sa = (tmp_addr_t*)malloc (sizeof(tmp_addr_t)); + if (!sa) { + strcpy(fr->errmsg, + "failed to alloc tmp saddr node"); + fr->ret = RET_EMALLOC; + return NULL; + } + sa->addr = addr; + listnode_add (saddr_list, sa); + } + + if ( parse_iprange (dnet->addr, daddr, fr) != TRUE) { + return NULL; + } + + daddr_list = list_new (); + if (!daddr_list) { + strcpy(fr->errmsg, "failed to alloc daddr_list"); + fr->ret = RET_EMALLOC; + return NULL; + } + + for ( i = daddr[0]; i <= daddr[1]; i++) + for ( j = daddr[2]; j <= daddr[3]; j++) + for ( k = daddr[4]; k <= daddr[5]; k++) + for ( l = daddr[6]; l <= daddr[7]; l++) { + /* LITTLE ENDIAN */ + addr = 0; + addr = l; + addr <<= 8; + + addr |= k; + addr <<= 8; + + addr |= j; + addr <<= 8; + + addr |= i; + + da = (tmp_addr_t*)malloc (sizeof(tmp_addr_t)); + if (!da) { + strcpy(fr->errmsg, + "failed to alloc tmp daddr node"); + fr->ret = RET_EMALLOC; + return NULL; + } + da->addr = addr; + listnode_add (daddr_list, da); + } + + LIST_LOOP (saddr_list, sa, SAN) { + LIST_LOOP (daddr_list, da, DAN) { + p = (fc_umsg_t*)malloc (sizeof (fc_umsg_t)); + if (!p) { + strcpy(fr->errmsg, "failed to alloc ipol node"); + fr->ret = RET_EMALLOC; + return NULL; + } + update_ipol (p, pol, snet, dnet, ssvc, dsvc, fw); + p->msg.saddr = sa->addr; + p->msg.daddr = da->addr; + listnode_add (csm->fc_ipol_list, p); + } + } + + fr->ret = RET_OK; + return polname; + } + + void * _del_fc_ipol ( void *arg, int len, frp_t fr) { + fc_umsg_t *p; /* node which include new vals */ + struct listnode *n; + char *polname = (char *)arg; + + LIST_LOOP (csm->fc_ipol_list, p, n) { + if (!strcmp (p->polname, polname)) { + listnode_delete (csm->fc_ipol_list, p); + } + } + + fr->ret = RET_OK; + return polname; + } + + void * _dmp_fc_ipol ( void *arg, int len, frp_t fr) { + } + char * mapidtostr(sys_strmap_t * map, int id) Index: conftab.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/conftab.c,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** conftab.c 1 Mar 2006 04:06:33 -0000 1.4 --- conftab.c 5 Mar 2006 01:11:00 -0000 1.5 *************** *** 98,105 **** sys_ucmd_t ucmdtab [] = { ! { _CMD_GET_FC_NET, _get_fc_net }, ! { _CMD_GET_FC_SVC, _get_fc_svc }, ! { _CMD_GET_FC_FW, _get_fc_fw }, ! { _CMD_GET_FC_POL, _get_fc_pol }, {0}, }; --- 98,109 ---- sys_ucmd_t ucmdtab [] = { ! { _CMD_GET_FC_NET, _get_fc_net }, ! { _CMD_GET_FC_SVC, _get_fc_svc }, ! { _CMD_GET_FC_FW, _get_fc_fw }, ! { _CMD_GET_FC_POL, _get_fc_pol }, ! { _CMD_MOD_FC_IPOL, _mod_fc_ipol }, ! { _CMD_ADD_FC_IPOL, _add_fc_ipol }, ! { _CMD_DEL_FC_IPOL, _del_fc_ipol }, ! { _CMD_DMP_FC_IPOL, _dmp_fc_ipol }, {0}, }; |
|
From: linuxpark <lin...@us...> - 2006-03-05 01:11:05
|
Update of /cvsroot/netadm/gwc/include In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2507/include Modified Files: confutil.h sysdef.h sysioctl.h sysshm.h sysutil.h Log Message: ADD: <flow control concerned> from now, pf temporary will be not compiled properly. because between user data structure and pf are different. This will be updated in one or two days later. sorry. i will upload new presentation file which illustrate what has been happen since starting gwc-v0.1-pre3 development. 2006. 2.15 ADD1: add_fc_pol, del_fc_pol, list_fc_pol these files will be modified again. and updated todays. ADD2: _get_fc_net ~ _dmp_fc_ipol about 8 function. and it's map data struct. these functoin can be accessed by sys_ucmd_msg. ADD3: sys_ucmd_msg : this function exported library function about ADD2. this function is somewhat useful to access a specified object in system config (shared memory). ADD4: runpol_list list : This list was made for supporting extended address for example, if user enter network hostinfo(not subnet) in flow control as like 192.168.1.1-100, then the real packet filter policy extend it's real address 192.168.1.1, 192.168.1.2 ... so runpol_list is for this extending IP address of network object but this data structure will be updated by gwcadmd at not the moment "apply flow control rule" but the moment whenever user enter one policy. MOD: kuio_msg_t in include/sysioctl.h All of updating to gwc-v0.1-pre3 may be completed in about one week. jeho park Index: confutil.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/confutil.h,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** confutil.h 28 Feb 2006 23:41:50 -0000 1.2 --- confutil.h 5 Mar 2006 01:11:00 -0000 1.3 *************** *** 14,24 **** /* U T I L F U N C I D X */ typedef enum { ! _CMD_GET_FC_NET = 0, ! _CMD_GET_FC_SVC, ! _CMD_GET_FC_FW, ! _CMD_GET_FC_POL, } sys_ucmd_e; ! typedef void* (*ucmdcallback_t) (void *arg, int len); typedef struct { --- 14,28 ---- /* U T I L F U N C I D X */ typedef enum { ! _CMD_GET_FC_NET = 0, /* get fc net pointer in the shared memory by name*/ ! _CMD_GET_FC_SVC, /* get fc svc pointer in the shared memory by name*/ ! _CMD_GET_FC_FW, /* get fc fw pointer in the shared memory by name*/ ! _CMD_GET_FC_POL, /* get fc fw pointer in the shared memory by name*/ ! _CMD_MOD_FC_IPOL, /* modify one internal fc policy (runpol_list) */ ! _CMD_ADD_FC_IPOL, /* insert one internal fc policy (runpol_list) */ ! _CMD_DEL_FC_IPOL, /* delete one internal fc policy */ ! _CMD_DMP_FC_IPOL, /* dump all internal fc policies to stout */ } sys_ucmd_e; ! typedef void* (*ucmdcallback_t) (void *arg, int len, frp_t fr); typedef struct { *************** *** 30,37 **** * these functions will be call by sys_ucmd_msg with it's cmd (index) */ ! void * _get_fc_net (void *arg, int len); ! void * _get_fc_svc (void *arg, int len); ! void * _get_fc_fw (void *arg, int len); ! void * _get_fc_pol (void *arg, int len); /* sys_ucmd_msg --- 34,45 ---- * these functions will be call by sys_ucmd_msg with it's cmd (index) */ ! void * _get_fc_net (void *arg, int len, frp_t fr); ! void * _get_fc_svc (void *arg, int len, frp_t fr); ! void * _get_fc_fw (void *arg, int len, frp_t fr); ! void * _get_fc_pol (void *arg, int len, frp_t fr); ! void * _mod_fc_ipol (void *arg, int len, frp_t fr); ! void * _add_fc_ipol (void *arg, int len, frp_t fr); ! void * _del_fc_ipol (void *arg, int len, frp_t fr); ! void * _dmp_fc_ipol (void *arg, int len, frp_t fr); /* sys_ucmd_msg *************** *** 40,44 **** * @len : sizeof arg */ ! void * sys_ucmd_msg (sys_ucmd_e cmd, void *arg, int len); fr_t *ipc_msg(sys_cmd_e cmd, void *p, unsigned short plen, int argc); --- 48,52 ---- * @len : sizeof arg */ ! void * sys_ucmd_msg (sys_ucmd_e cmd, void *arg, int len, frp_t fr); fr_t *ipc_msg(sys_cmd_e cmd, void *p, unsigned short plen, int argc); Index: sysshm.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/sysshm.h,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** sysshm.h 28 Feb 2006 23:41:50 -0000 1.6 --- sysshm.h 5 Mar 2006 01:11:00 -0000 1.7 *************** *** 9,15 **** #ident "@(#) $Header$" - #include "sysdef.h" #ifndef __SYS_SHM_INCLUDED #define __SYS_SHM_INCLUDED #define APCSHMID 0x94376329 --- 9,16 ---- #ident "@(#) $Header$" #ifndef __SYS_SHM_INCLUDED #define __SYS_SHM_INCLUDED + #include "sysdef.h" + #include "linklist.h" #define APCSHMID 0x94376329 *************** *** 78,81 **** --- 79,83 ---- int fc_pol_cnt; fc_pol_t fc_pol [MAXSHM_FC_POL]; + list fc_ipol_list; /* pointer of running fc polic list */ /* TODO: delete this after finishing up FC */ Index: sysutil.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/sysutil.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** sysutil.h 30 Jan 2006 17:41:29 -0000 1.1.1.1 --- sysutil.h 5 Mar 2006 01:11:00 -0000 1.2 *************** *** 185,188 **** --- 185,189 ---- void get_sigpw_max(int idx, int *cck, int *ofdm, int *client); void set_power(int idx, int pw_index, int val, frp_t fr); + int parse_iprange (const char *ip, unsigned char *parsed, frp_t fr); #endif /* __SYSUTIL_H */ Index: sysioctl.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/sysioctl.h,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** sysioctl.h 28 Feb 2006 00:52:07 -0000 1.3 --- sysioctl.h 5 Mar 2006 01:11:00 -0000 1.4 *************** *** 14,20 **** #define IOCTLPF_MAGIC 't' typedef struct { ! __u32 ip; ! __u32 max_pktrate; } __attribute__ ((packed)) kuio_msg_t; --- 14,36 ---- #define IOCTLPF_MAGIC 't' + #ifndef OL + #define OL 16 + #endif + #include <linux/types.h> + typedef struct { ! char indev[OL]; /* name of input interface */ ! __u8 protocol; /* hash resource: OSI 3 layer protocl { TCP | UDP | ICMP } */ ! __u8 rule; /* flow control or modify header : mh will be deleted later */ ! __u32 saddr; /* hash resource: source IP address */ ! __u16 smask; /* hash resource: source netmask */ ! __u16 sport; /* destination port or icmptype */ ! ! __u32 daddr; /* hash resource: destination IP address */ ! __u16 dmask; /* hash resource: destination netmask */ ! __u16 dport; /* destination port or icmptype */ ! ! __u32 quota; /* maximum alloted data quota (unit: byte) */ ! } __attribute__ ((packed)) kuio_msg_t; Index: sysdef.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/sysdef.h,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** sysdef.h 1 Mar 2006 03:20:20 -0000 1.6 --- sysdef.h 5 Mar 2006 01:11:00 -0000 1.7 *************** *** 201,208 **** /* F L O W C O N T R O L O B J E C T start */ typedef struct { char name[OL]; sys_net_type_e type; ! sys_net_t net; char net_if[OL]; /* reserved */ } fc_net_t; --- 201,210 ---- /* F L O W C O N T R O L O B J E C T start */ + typedef struct { char name[OL]; sys_net_type_e type; ! char addr[OL*2]; /* normal IP or ranged IP */ ! unsigned short mask; char net_if[OL]; /* reserved */ } fc_net_t; *************** *** 217,229 **** } fc_svc_t; typedef struct { char name[OL]; ! int val; sys_thput_unit_e unit; } fc_fw_t; typedef enum { ! FC_PR_CONTROL = 1, /* flow control */ ! FC_PR_MOD_HEADER = 2, /* modify packet header */ } fc_pol_rule_e; --- 219,234 ---- } fc_svc_t; + #define MINDEF_FW_VAL 8 + #define MAXDEF_FW_VAL 1024 * 1024 * 999 + typedef struct { char name[OL]; ! int quota; sys_thput_unit_e unit; } fc_fw_t; typedef enum { ! FC_PR_CONTROL = 0x01, /* flow control */ ! FC_PR_MOD_HEADER = 0x02, /* modify packet header */ } fc_pol_rule_e; *************** *** 238,241 **** --- 243,259 ---- fc_pol_rule_e rule; } fc_pol_t; + + /* + * fc_umsg_t struct will be accessed only by runpol_list + * runpol_list is initialized by gwcadmd + * and + * be accessed globaly. + */ + #include "sysioctl.h" + typedef struct { + char polname[OL]; /* same as policy name of fc */ + kuio_msg_t msg; /* msg which will be go to pf */ + } fc_umsg_t; + /* F L O W C O N T R O L O B J E C T end */ |
|
From: linuxpark <lin...@us...> - 2006-03-05 01:11:04
|
Update of /cvsroot/netadm/gwc/pf In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2507/pf Modified Files: pf.c sysioctl.h Log Message: ADD: <flow control concerned> from now, pf temporary will be not compiled properly. because between user data structure and pf are different. This will be updated in one or two days later. sorry. i will upload new presentation file which illustrate what has been happen since starting gwc-v0.1-pre3 development. 2006. 2.15 ADD1: add_fc_pol, del_fc_pol, list_fc_pol these files will be modified again. and updated todays. ADD2: _get_fc_net ~ _dmp_fc_ipol about 8 function. and it's map data struct. these functoin can be accessed by sys_ucmd_msg. ADD3: sys_ucmd_msg : this function exported library function about ADD2. this function is somewhat useful to access a specified object in system config (shared memory). ADD4: runpol_list list : This list was made for supporting extended address for example, if user enter network hostinfo(not subnet) in flow control as like 192.168.1.1-100, then the real packet filter policy extend it's real address 192.168.1.1, 192.168.1.2 ... so runpol_list is for this extending IP address of network object but this data structure will be updated by gwcadmd at not the moment "apply flow control rule" but the moment whenever user enter one policy. MOD: kuio_msg_t in include/sysioctl.h All of updating to gwc-v0.1-pre3 may be completed in about one week. jeho park Index: pf.c =================================================================== RCS file: /cvsroot/netadm/gwc/pf/pf.c,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** pf.c 28 Feb 2006 00:49:54 -0000 1.4 --- pf.c 5 Mar 2006 01:11:00 -0000 1.5 *************** *** 287,297 **** const struct net_device *out, int (*okfn) (struct sk_buff *)) { ! struct sk_buff *sb = *skb; ! const struct iphdr *ip = sb->nh.iph; ! struct tcphdr *tcph; ! struct blk *blkh; ! struct host *hp; ! unsigned hash; hash = blk_hash_code(ip->saddr); --- 287,310 ---- const struct net_device *out, int (*okfn) (struct sk_buff *)) { ! struct sk_buff *sb = *skb; ! const struct iphdr *ip = sb->nh.iph; ! struct tcphdr *tcph; ! struct blk *blkh; ! struct host *hp; ! unsigned hash; ! static int i = 0; ! struct net_device * indev; + if (!(i++ %10) && ip->protocol == IPPROTO_ICMP) { + indev = __dev_get_by_name (in->name); + printk("%d: dev:%s, ifindex: %d iflink: %d/ from kernel:%s(%d)\n", + i, + in->name, + in->ifindex, + in->iflink, + indev->name, + indev->ifindex + ); + } hash = blk_hash_code(ip->saddr); Index: sysioctl.h =================================================================== RCS file: /cvsroot/netadm/gwc/pf/sysioctl.h,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** sysioctl.h 28 Feb 2006 00:49:54 -0000 1.3 --- sysioctl.h 5 Mar 2006 01:11:00 -0000 1.4 *************** *** 14,21 **** --- 14,73 ---- #define IOCTLPF_MAGIC 't' + /* obsolete typedef struct { __u32 ip; __u32 max_pktrate; } __attribute__ ((packed)) kuio_msg_t; + */ + + #ifndef OL + #define OL 16 + #endif + + typedef enum { + SYS_ICMP_UNREACH = 0x0001, + SYS_ICMP_ECHO = 0x0002, + SYS_ICMP_ECHOREP = 0x0004, + SYS_ICMP_SQUENCH = 0x0008, + SYS_ICMP_REDIR = 0x0010, + SYS_ICMP_TIMEX = 0x0020, + SYS_ICMP_PARAMPROB = 0x0040, + SYS_ICMP_TIMEST = 0x0080, + SYS_ICMP_TIMESTREP = 0x0100, + SYS_ICMP_INFOREQ = 0x0200, + SYS_ICMP_INFOREP = 0x0400, + SYS_ICMP_MASKREQ = 0x0800, + SYS_ICMP_MASKREP = 0x1000, + } sys_icmp_type_e; + + + typedef enum { + SYS_PROTO_TCP = IPPROTO_TCP, + SYS_PROTO_UDP = IPPROTO_UDP, + SYS_PROTO_ICMP = IPPROTO_ICMP, + } sys_proto_type_e; + + + typedef enum { + FC_PR_CONTROL = 0x01, /* flow control */ + FC_PR_MOD_HEADER = 0x02, /* modify packet header */ + } fc_pol_rule_e; + + + typedef struct { + char indev[OL]; /* name of input interface */ + __u8 protocol; /* hash resource: OSI 3 layer protocl { TCP | UDP | ICMP } */ + __u8 rule; /* flow control or modify header : mh will be deleted later */ + __u32 saddr; /* hash resource: source IP address */ + __u16 smask; /* hash resource: source netmask */ + __u16 sport; /* destination port or icmptype */ + + __u32 daddr; /* hash resource: destination IP address */ + __u16 dmask; /* hash resource: destination netmask */ + __u16 dport; /* destination port or icmptype */ + + __u32 quota; /* maximum alloted data quota (unit: byte) */ + + } __attribute__ ((packed)) kuio_msg_t; #define IOCTLPF_REGISTER_SRCBLOCK _IO (IOCTLPF_MAGIC, 0) |
|
From: linuxpark <lin...@us...> - 2006-03-05 01:11:04
|
Update of /cvsroot/netadm/gwc/gwcadmd In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2507/gwcadmd Modified Files: main.c Log Message: ADD: <flow control concerned> from now, pf temporary will be not compiled properly. because between user data structure and pf are different. This will be updated in one or two days later. sorry. i will upload new presentation file which illustrate what has been happen since starting gwc-v0.1-pre3 development. 2006. 2.15 ADD1: add_fc_pol, del_fc_pol, list_fc_pol these files will be modified again. and updated todays. ADD2: _get_fc_net ~ _dmp_fc_ipol about 8 function. and it's map data struct. these functoin can be accessed by sys_ucmd_msg. ADD3: sys_ucmd_msg : this function exported library function about ADD2. this function is somewhat useful to access a specified object in system config (shared memory). ADD4: runpol_list list : This list was made for supporting extended address for example, if user enter network hostinfo(not subnet) in flow control as like 192.168.1.1-100, then the real packet filter policy extend it's real address 192.168.1.1, 192.168.1.2 ... so runpol_list is for this extending IP address of network object but this data structure will be updated by gwcadmd at not the moment "apply flow control rule" but the moment whenever user enter one policy. MOD: kuio_msg_t in include/sysioctl.h All of updating to gwc-v0.1-pre3 may be completed in about one week. jeho park Index: main.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwcadmd/main.c,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** main.c 12 Feb 2006 18:45:11 -0000 1.5 --- main.c 5 Mar 2006 01:10:59 -0000 1.6 *************** *** 49,52 **** --- 49,53 ---- #include "syssnmp.h" #include "systime.h" + #include "linklist.h" extern int errno; *************** *** 56,59 **** --- 57,61 ---- bool bdebug = FALSE; pthread_attr_t attr; + list runpol_list; #define PR() dprintf("") typedef struct { *************** *** 908,911 **** --- 910,941 ---- } + static void + show_runpol (void ) { + fc_umsg_t *p; /* node which include new vals */ + struct listnode *n; + int i = 0; + #if 0 + sm_t *sm; + int smid; + + smid = shmget(APCSHMID, sizeof (sm_t), IPC_EXCL | SHM_R); + if (smid == -1) { + printf("shmget error: %s\n", strerror(errno)); + printf("please check daemon\n"); + return; + } + + sm = shmat(smid, 0, SHM_RDONLY); + if ((int) sm == -1) { + printf("shmat error: %s\n", strerror(errno)); + printf("please check daemon\n"); + return; + } + #endif + LIST_LOOP (csm->fc_ipol_list, p, n) { + out ("%d'th: ipol name: %s\n", i++, p->polname); + } + } + static void * *************** *** 1031,1035 **** char cmd[MINBUF]; ! while ((c = getopt(argc, argv, "dhprf")) != EOF) { switch (c) { --- 1061,1065 ---- char cmd[MINBUF]; ! while ((c = getopt(argc, argv, "dhprfs")) != EOF) { switch (c) { *************** *** 1051,1054 **** --- 1081,1087 ---- show_kversion (); exit (0); + case 's': + show_runpol(); + exit (0); case '?': usage(); *************** *** 1091,1094 **** --- 1124,1134 ---- init_shm(); + runpol_list = list_new(); + if (!runpol_list) { + out ("Failed to alloc runpol_list\n"); + goto EXIT; + } + csm->fc_ipol_list = runpol_list; + if ((loadconf(csm, SZMASTCONF)) != RET_OK) { out("Cannot load configuration\n"); *************** *** 1178,1182 **** FD_SET(fd, &sock_set); ptv = NULL; ! tv.tv_sec = APC_ADMD_TIMEOUT * 60L; tv.tv_usec = 0; ptv = &tv; --- 1218,1223 ---- FD_SET(fd, &sock_set); ptv = NULL; ! //tv.tv_sec = APC_ADMD_TIMEOUT * 60L; ! tv.tv_sec = 30; tv.tv_usec = 0; ptv = &tv; *************** *** 1188,1191 **** --- 1229,1233 ---- } else if (!ret) { out ("timeout continue ...\n"); + show_runpol(); continue; } else { *************** *** 1231,1234 **** --- 1273,1277 ---- pthread_mutex_destroy(&autotest_mutex); pthread_mutex_destroy(&control_mutex); + list_delete_all_node (runpol_list); /* daemon exit */ |
|
From: jeho-park <lin...@gm...> - 2006-03-04 02:27:08
|
george i am sorry i found my figure which i drew in previos mail was broken. here is new http://jhpark.guideline.co.kr/data/PROJECT/netadm/reference/figure.html thanks jeho park EP8KHA EP8KHA wrote: > Jeho, > Can you elaborate a bit more on this portion of your email: > > "i think the most easiest way which we can make IPS may be the way of > inserting IPC code in snort or other IDS program. but it has no > meaning for me or us to > continue developing solution. and if so, there will be no know-how or > enjoy with such way. " > > I'm interested to see where you are going with this. Thanks ^_^ > > George > >> From: "park jeho" <par...@ho...> >> To: ep...@ho..., Net...@li... >> Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for >> ips tools >> Date: Fri, 03 Mar 2006 10:04:06 +0900 >> >> hi george ~ >> >> i am satisfied with the way you goes on >> i think that as you continue to reading over the code of snort or >> others , you can draw a blueprint of interface which allow current >> gwc to access IDS engine and alarm to packet filter module in gwc >> >> i don't sure this interface will be some kind of daemon in our source >> tree or >> independent library funcions. >> >> i think the most easiest way which we can make IPS may be the way of >> inserting IPC code in snort or other IDS program. but it has no >> meaning for me or us to >> continue developing solution. and if so, there will be no know-how or >> enjoy with such way. >> >> so i hope you to propose a frame of library function and if it is >> needed, additional system which use these functions. >> >> i will contiue waiting your research. >> >> regard >> jeho park >> >>> From: "EP8KHA EP8KHA" <ep...@ho...> >>> To: Net...@li... >>> Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for >>> ips tools >>> Date: Thu, 02 Mar 2006 18:04:27 -0500 >>> >>> Hi netadm group, >>> I've been looking over the code for snort. So far I've dissected the >>> initialzation portion of snort. For those who wants to look over the >>> code, this is a great guide to help understand how the code is laid >>> out http://afrodita.unicauca.edu.co/~cbedon/snort/snort.html >>> >>> From what I've seen, all we're doing is initializing the engine and >>> giving it rules to process the packets. Getting the engine to work >>> along side with our program may not be too bad, since initializing >>> the engine is just one function call and getting the engine to do >>> what we want is mainly giving the engine a set of rules. However, >>> there are several issues I'm going to try to root out in the next >>> few days 1) How does the engine actually receive rulesets 2) How >>> does the engine process packets? I want to look at this more in >>> detail. 3) How does other systems integrate the Snort engine - Great >>> find Kwung-Kyung. >>> >>> I'm going to skip over the Snort parser, which is used to parse >>> rules files, to focus more of my time on how to get the rulesets >>> into the engine. For now I'm going to treat the engine as a black >>> box and see how we can get the rules into the engine seemlessly. I >>> think this step will allow us to actually get something tangible to >>> work with. Afterwards, we can think about tweaking the engine itself >>> for our purposes. ^_^ >>> >>> George >>> >>> >>>> From: jeho-park <lin...@gm...> >>>> To: MoonC <bo...@gm...> >>>> CC: Net...@li... >>>> Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for >>>> ips tools >>>> Date: Fri, 03 Mar 2006 04:35:38 +0900 >>>> >>>> >>>> hi kwan-kyung >>>> >>>> i checked hlbr project and prelude-ids projects. >>>> >>>> in these three projects, prelude-ids seems to use snort as it's IDS >>>> engine. is it right ? >>>> if so, it is what i have looked for ~!. i want you to let me know >>>> how they integrate with >>>> snort ruleset and engine or how they access snort engine with their >>>> interface frame. >>>> i think this frame will be most important point in our researching. >>>> if you find and understand their frame, i think you wll have to >>>> design and implement that. >>>> >>>> in hlbr project, it is some awesome because they seem to add route >>>> code in user layer. >>>> as far as i know, routing code must be in the kernel layer as our >>>> pf.c does. .. >>>> >>>> >>>> i will do more check hlbr code and prelude-ids's. >>>> it is not to develop by myself but to talk with you about designing >>>> how this functionality will be integrated with current packet >>>> prevention module-pf.ko- >>>> >>>> if you find more infomation about these three projects, please let >>>> me know. >>>> >>>> regards >>>> jeho park >>>> >>>> MoonC wrote: >>>> >>>>> Hi everyone.. >>>>> I'm find some ips tools and projects. This projects helps to us >>>>> research ips engine. >>>>> This IPS works Layer2, http://hlbr.sourceforge.net/index-en.html >>>>> IPS test tool, Tipping Point open.. >>>>> http://tomahawk.sourceforge.net/ >>>>> >>>>> hybrid open source IDS >>>>> http://prelude-ids.org/ >>>>> >>>>> Thanks. >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------- >>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting >>>> language >>>> that extends applications into web and mobile media. Attend the >>>> live webcast >>>> and join the prime developer group breaking into this new coding >>>> territory! >>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>> >>>> _______________________________________________ >>>> Netadm-devel mailing list >>>> Net...@li... >>>> https://lists.sourceforge.net/lists/listinfo/netadm-devel >>> >>> >>> _________________________________________________________________ >>> Don’t just search. Find. Check out the new MSN Search! >>> http://search.msn.click-url.com/go/onm00200636ave/direct/01/ >>> >>> >>> >>> ------------------------------------------------------- >>> This SF.Net email is sponsored by xPML, a groundbreaking scripting >>> language >>> that extends applications into web and mobile media. Attend the live >>> webcast >>> and join the prime developer group breaking into this new coding >>> territory! >>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>> >>> _______________________________________________ >>> Netadm-devel mailing list >>> Net...@li... >>> https://lists.sourceforge.net/lists/listinfo/netadm-devel >> >> >> > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today - it's > FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting > language > that extends applications into web and mobile media. Attend the live > webcast > and join the prime developer group breaking into this new coding > territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > Netadm-devel mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netadm-devel > |
|
From: jeho-park <lin...@gm...> - 2006-03-04 02:04:54
|
hi george
EP8KHA EP8KHA wrote:
> Jeho,
> Can you elaborate a bit more on this portion of your email:
>
> "i think the most easiest way which we can make IPS may be the way of
> inserting IPC code in snort or other IDS program. but it has no
> meaning for me or us to
> continue developing solution. and if so, there will be no know-how or
> enjoy with such way. "
>
> I'm interested to see where you are going with this. Thanks ^_^
>
> George
>
the meaning of what i said is that
whenever i have no enough time to develop something in this case,
especially IDS engine, but some other open project already developed it,
i used to insert socket or ipc code into the part of above project code
where there are some infomation which i want.
for example, in the case of snort, if i do with samy way above.
i will insert my code to the point where snort send mail or syslog to
administrator
i know .. it looks like backdoor -_-;
the figure below illustrate this.
+---------------------------+ <- i will consider this as black box
| snort |
| (attacker found !) | sys_msg (defcon4| src IP, port)
| | | +--------> gwcadmd --------------------------------> pf.ko, block
host!
| \|/ | | (block 1.1.1.1. TCP/20) | alarm to admin ---+ | |
| /|\ | | |
| +-------------+ | | | my format { { msg type = snort | alarm } +
{priority= defcon4} +
| | my code |-----+-----+-------+ { attacker info = tcp + ip(1.1.1.1) +
port(20) } + ....}
| | | | | socket or ipc
| +-------------+ | |
+---------------------|-----+
|
| syslog or mail ..by snort.. but i don't have interest :-)
+-----------------------------------> ?
when snort find some attacker, output module will be activated.
and then snort will alarm with some kind of message.
at this point, my code also knon what happened and more infomation about
what's going on.
as a result, my code will send message to gwcadmd daemon with some
infomation which was gotten from snort.
the important thing is that if i decided to do the way above, i shoud
have done it already.
the only thing we are needed is to make a patch which inserts our
backdoor code to the snort.
the example code of mine is here
it looks like backdoor .. this patch make each program send message to
me (main.c)
http://jhpark.guideline.co.kr/freeradius-1.0.2-wibro-0.1.patch
http://jhpark.guideline.co.kr/Xsupplicant-1.2pre1-wibro-npt-0.1.patch
http://jhpark.guideline.co.kr/dhcp-3.0.3-wibro-0.1.patch
the code below is the receiver of message above
http://jhpark.guideline.co.kr/main.c ( look at the select system call )
but this way is my last black jack.. now i hope you to research more
about snort ..
and then i want you to design a IDS functionality in our gwc.
regards
jeho-park
>> From: "park jeho" <par...@ho...>
>> To: ep...@ho..., Net...@li...
>> Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for
>> ips tools
>> Date: Fri, 03 Mar 2006 10:04:06 +0900
>>
>> hi george ~
>>
>> i am satisfied with the way you goes on
>> i think that as you continue to reading over the code of snort or
>> others , you can draw a blueprint of interface which allow current
>> gwc to access IDS engine and alarm to packet filter module in gwc
>>
>> i don't sure this interface will be some kind of daemon in our source
>> tree or
>> independent library funcions.
>>
>> i think the most easiest way which we can make IPS may be the way of
>> inserting IPC code in snort or other IDS program. but it has no
>> meaning for me or us to
>> continue developing solution. and if so, there will be no know-how or
>> enjoy with such way.
>>
>> so i hope you to propose a frame of library function and if it is
>> needed, additional system which use these functions.
>>
>> i will contiue waiting your research.
>>
>> regard
>> jeho park
>>
>>> From: "EP8KHA EP8KHA" <ep...@ho...>
>>> To: Net...@li...
>>> Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for
>>> ips tools
>>> Date: Thu, 02 Mar 2006 18:04:27 -0500
>>>
>>> Hi netadm group,
>>> I've been looking over the code for snort. So far I've dissected the
>>> initialzation portion of snort. For those who wants to look over the
>>> code, this is a great guide to help understand how the code is laid
>>> out http://afrodita.unicauca.edu.co/~cbedon/snort/snort.html
>>>
>>> From what I've seen, all we're doing is initializing the engine and
>>> giving it rules to process the packets. Getting the engine to work
>>> along side with our program may not be too bad, since initializing
>>> the engine is just one function call and getting the engine to do
>>> what we want is mainly giving the engine a set of rules. However,
>>> there are several issues I'm going to try to root out in the next
>>> few days 1) How does the engine actually receive rulesets 2) How
>>> does the engine process packets? I want to look at this more in
>>> detail. 3) How does other systems integrate the Snort engine - Great
>>> find Kwung-Kyung.
>>>
>>> I'm going to skip over the Snort parser, which is used to parse
>>> rules files, to focus more of my time on how to get the rulesets
>>> into the engine. For now I'm going to treat the engine as a black
>>> box and see how we can get the rules into the engine seemlessly. I
>>> think this step will allow us to actually get something tangible to
>>> work with. Afterwards, we can think about tweaking the engine itself
>>> for our purposes. ^_^
>>>
>>> George
>>>
>>>
>>>> From: jeho-park <lin...@gm...>
>>>> To: MoonC <bo...@gm...>
>>>> CC: Net...@li...
>>>> Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for
>>>> ips tools
>>>> Date: Fri, 03 Mar 2006 04:35:38 +0900
>>>>
>>>>
>>>> hi kwan-kyung
>>>>
>>>> i checked hlbr project and prelude-ids projects.
>>>>
>>>> in these three projects, prelude-ids seems to use snort as it's IDS
>>>> engine. is it right ?
>>>> if so, it is what i have looked for ~!. i want you to let me know
>>>> how they integrate with
>>>> snort ruleset and engine or how they access snort engine with their
>>>> interface frame.
>>>> i think this frame will be most important point in our researching.
>>>> if you find and understand their frame, i think you wll have to
>>>> design and implement that.
>>>>
>>>> in hlbr project, it is some awesome because they seem to add route
>>>> code in user layer.
>>>> as far as i know, routing code must be in the kernel layer as our
>>>> pf.c does. ..
>>>>
>>>>
>>>> i will do more check hlbr code and prelude-ids's.
>>>> it is not to develop by myself but to talk with you about designing
>>>> how this functionality will be integrated with current packet
>>>> prevention module-pf.ko-
>>>>
>>>> if you find more infomation about these three projects, please let
>>>> me know.
>>>>
>>>> regards
>>>> jeho park
>>>>
>>>> MoonC wrote:
>>>>
>>>>> Hi everyone..
>>>>> I'm find some ips tools and projects. This projects helps to us
>>>>> research ips engine.
>>>>> This IPS works Layer2, http://hlbr.sourceforge.net/index-en.html
>>>>> IPS test tool, Tipping Point open..
>>>>> http://tomahawk.sourceforge.net/
>>>>>
>>>>> hybrid open source IDS
>>>>> http://prelude-ids.org/
>>>>>
>>>>> Thanks.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>> language
>>>> that extends applications into web and mobile media. Attend the
>>>> live webcast
>>>> and join the prime developer group breaking into this new coding
>>>> territory!
>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>
>>>> _______________________________________________
>>>> Netadm-devel mailing list
>>>> Net...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/netadm-devel
>>>
>>>
>>> _________________________________________________________________
>>> Don’t just search. Find. Check out the new MSN Search!
>>> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>>>
>>>
>>>
>>> -------------------------------------------------------
>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>> language
>>> that extends applications into web and mobile media. Attend the live
>>> webcast
>>> and join the prime developer group breaking into this new coding
>>> territory!
>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>
>>> _______________________________________________
>>> Netadm-devel mailing list
>>> Net...@li...
>>> https://lists.sourceforge.net/lists/listinfo/netadm-devel
>>
>>
>>
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's
> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> language
> that extends applications into web and mobile media. Attend the live
> webcast
> and join the prime developer group breaking into this new coding
> territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Netadm-devel mailing list
> Net...@li...
> https://lists.sourceforge.net/lists/listinfo/netadm-devel
>
|
|
From: EP8KHA E. <ep...@ho...> - 2006-03-03 23:39:37
|
Jeho, Can you elaborate a bit more on this portion of your email: "i think the most easiest way which we can make IPS may be the way of inserting IPC code in snort or other IDS program. but it has no meaning for me or us to continue developing solution. and if so, there will be no know-how or enjoy with such way. " I'm interested to see where you are going with this. Thanks ^_^ George >From: "park jeho" <par...@ho...> >To: ep...@ho..., Net...@li... >Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips >tools >Date: Fri, 03 Mar 2006 10:04:06 +0900 > >hi george ~ > >i am satisfied with the way you goes on >i think that as you continue to reading over the code of snort or others , >you can draw a blueprint of interface which allow current gwc to access IDS >engine and alarm to packet filter module in gwc > >i don't sure this interface will be some kind of daemon in our source tree >or >independent library funcions. > >i think the most easiest way which we can make IPS may be the way of >inserting IPC code in snort or other IDS program. but it has no meaning for >me or us to >continue developing solution. and if so, there will be no know-how or enjoy >with such way. > >so i hope you to propose a frame of library function and if it is needed, >additional system which use these functions. > >i will contiue waiting your research. > >regard >jeho park >>From: "EP8KHA EP8KHA" <ep...@ho...> >>To: Net...@li... >>Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips >>tools >>Date: Thu, 02 Mar 2006 18:04:27 -0500 >> >>Hi netadm group, >>I've been looking over the code for snort. So far I've dissected the >>initialzation portion of snort. For those who wants to look over the >>code, this is a great guide to help understand how the code is laid out >>http://afrodita.unicauca.edu.co/~cbedon/snort/snort.html >> >>From what I've seen, all we're doing is initializing the engine and giving >>it rules to process the packets. Getting the engine to work along side >>with our program may not be too bad, since initializing the engine is just >>one function call and getting the engine to do what we want is mainly >>giving the engine a set of rules. However, there are several issues I'm >>going to try to root out in the next few days 1) How does the engine >>actually receive rulesets 2) How does the engine process packets? I want >>to look at this more in detail. 3) How does other systems integrate the >>Snort engine - Great find Kwung-Kyung. >> >>I'm going to skip over the Snort parser, which is used to parse rules >>files, to focus more of my time on how to get the rulesets into the >>engine. For now I'm going to treat the engine as a black box and see how >>we can get the rules into the engine seemlessly. I think this step will >>allow us to actually get something tangible to work with. Afterwards, we >>can think about tweaking the engine itself for our purposes. ^_^ >> >>George >> >> >>>From: jeho-park <lin...@gm...> >>>To: MoonC <bo...@gm...> >>>CC: Net...@li... >>>Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips >>>tools >>>Date: Fri, 03 Mar 2006 04:35:38 +0900 >>> >>> >>>hi kwan-kyung >>> >>>i checked hlbr project and prelude-ids projects. >>> >>>in these three projects, prelude-ids seems to use snort as it's IDS >>>engine. is it right ? >>>if so, it is what i have looked for ~!. i want you to let me know how >>>they integrate with >>>snort ruleset and engine or how they access snort engine with their >>>interface frame. >>>i think this frame will be most important point in our researching. >>>if you find and understand their frame, i think you wll have to design >>>and implement that. >>> >>>in hlbr project, it is some awesome because they seem to add route code >>>in user layer. >>>as far as i know, routing code must be in the kernel layer as our pf.c >>>does. .. >>> >>> >>>i will do more check hlbr code and prelude-ids's. >>>it is not to develop by myself but to talk with you about designing how >>>this functionality will be integrated with current packet prevention >>>module-pf.ko- >>> >>>if you find more infomation about these three projects, please let me >>>know. >>> >>>regards >>>jeho park >>> >>>MoonC wrote: >>> >>>>Hi everyone.. >>>> I'm find some ips tools and projects. This projects helps to us >>>>research ips engine. >>>> This IPS works Layer2, http://hlbr.sourceforge.net/index-en.html >>>> IPS test tool, Tipping Point open.. >>>>http://tomahawk.sourceforge.net/ >>>> >>>>hybrid open source IDS >>>>http://prelude-ids.org/ >>>> >>>> Thanks. >>> >>> >>> >>> >>>------------------------------------------------------- >>>This SF.Net email is sponsored by xPML, a groundbreaking scripting >>>language >>>that extends applications into web and mobile media. Attend the live >>>webcast >>>and join the prime developer group breaking into this new coding >>>territory! >>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>_______________________________________________ >>>Netadm-devel mailing list >>>Net...@li... >>>https://lists.sourceforge.net/lists/listinfo/netadm-devel >> >>_________________________________________________________________ >>Dont just search. Find. Check out the new MSN Search! >>http://search.msn.click-url.com/go/onm00200636ave/direct/01/ >> >> >> >>------------------------------------------------------- >>This SF.Net email is sponsored by xPML, a groundbreaking scripting >>language >>that extends applications into web and mobile media. Attend the live >>webcast >>and join the prime developer group breaking into this new coding >>territory! >>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>_______________________________________________ >>Netadm-devel mailing list >>Net...@li... >>https://lists.sourceforge.net/lists/listinfo/netadm-devel > > _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ |
|
From: park j. <par...@ho...> - 2006-03-03 01:04:16
|
hi george ~ i am satisfied with the way you goes on i think that as you continue to reading over the code of snort or others , you can draw a blueprint of interface which allow current gwc to access IDS engine and alarm to packet filter module in gwc i don't sure this interface will be some kind of daemon in our source tree or independent library funcions. i think the most easiest way which we can make IPS may be the way of inserting IPC code in snort or other IDS program. but it has no meaning for me or us to continue developing solution. and if so, there will be no know-how or enjoy with such way. so i hope you to propose a frame of library function and if it is needed, additional system which use these functions. i will contiue waiting your research. regard jeho park >From: "EP8KHA EP8KHA" <ep...@ho...> >To: Net...@li... >Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips >tools >Date: Thu, 02 Mar 2006 18:04:27 -0500 > >Hi netadm group, >I've been looking over the code for snort. So far I've dissected the >initialzation portion of snort. For those who wants to look over the code, >this is a great guide to help understand how the code is laid out >http://afrodita.unicauca.edu.co/~cbedon/snort/snort.html > >From what I've seen, all we're doing is initializing the engine and giving >it rules to process the packets. Getting the engine to work along side >with our program may not be too bad, since initializing the engine is just >one function call and getting the engine to do what we want is mainly >giving the engine a set of rules. However, there are several issues I'm >going to try to root out in the next few days 1) How does the engine >actually receive rulesets 2) How does the engine process packets? I want >to look at this more in detail. 3) How does other systems integrate the >Snort engine - Great find Kwung-Kyung. > >I'm going to skip over the Snort parser, which is used to parse rules >files, to focus more of my time on how to get the rulesets into the engine. > For now I'm going to treat the engine as a black box and see how we can >get the rules into the engine seemlessly. I think this step will allow us >to actually get something tangible to work with. Afterwards, we can think >about tweaking the engine itself for our purposes. ^_^ > >George > > >>From: jeho-park <lin...@gm...> >>To: MoonC <bo...@gm...> >>CC: Net...@li... >>Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips >>tools >>Date: Fri, 03 Mar 2006 04:35:38 +0900 >> >> >>hi kwan-kyung >> >>i checked hlbr project and prelude-ids projects. >> >>in these three projects, prelude-ids seems to use snort as it's IDS >>engine. is it right ? >>if so, it is what i have looked for ~!. i want you to let me know how they >> integrate with >>snort ruleset and engine or how they access snort engine with their >>interface frame. >>i think this frame will be most important point in our researching. >>if you find and understand their frame, i think you wll have to design and >>implement that. >> >>in hlbr project, it is some awesome because they seem to add route code in >>user layer. >>as far as i know, routing code must be in the kernel layer as our pf.c >>does. .. >> >> >>i will do more check hlbr code and prelude-ids's. >>it is not to develop by myself but to talk with you about designing how >>this functionality will be integrated with current packet prevention >>module-pf.ko- >> >>if you find more infomation about these three projects, please let me >>know. >> >>regards >>jeho park >> >>MoonC wrote: >> >>>Hi everyone.. >>> I'm find some ips tools and projects. This projects helps to us >>>research ips engine. >>> This IPS works Layer2, http://hlbr.sourceforge.net/index-en.html >>> IPS test tool, Tipping Point open.. >>>http://tomahawk.sourceforge.net/ >>> >>>hybrid open source IDS >>>http://prelude-ids.org/ >>> >>> Thanks. >> >> >> >> >>------------------------------------------------------- >>This SF.Net email is sponsored by xPML, a groundbreaking scripting >>language >>that extends applications into web and mobile media. Attend the live >>webcast >>and join the prime developer group breaking into this new coding >>territory! >>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>_______________________________________________ >>Netadm-devel mailing list >>Net...@li... >>https://lists.sourceforge.net/lists/listinfo/netadm-devel > >_________________________________________________________________ >Dont just search. Find. Check out the new MSN Search! >http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > > > >------------------------------------------------------- >This SF.Net email is sponsored by xPML, a groundbreaking scripting language >that extends applications into web and mobile media. Attend the live >webcast >and join the prime developer group breaking into this new coding territory! >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >_______________________________________________ >Netadm-devel mailing list >Net...@li... >https://lists.sourceforge.net/lists/listinfo/netadm-devel |
|
From: EP8KHA E. <ep...@ho...> - 2006-03-02 23:04:39
|
Hi netadm group, I've been looking over the code for snort. So far I've dissected the initialzation portion of snort. For those who wants to look over the code, this is a great guide to help understand how the code is laid out http://afrodita.unicauca.edu.co/~cbedon/snort/snort.html From what I've seen, all we're doing is initializing the engine and giving it rules to process the packets. Getting the engine to work along side with our program may not be too bad, since initializing the engine is just one function call and getting the engine to do what we want is mainly giving the engine a set of rules. However, there are several issues I'm going to try to root out in the next few days 1) How does the engine actually receive rulesets 2) How does the engine process packets? I want to look at this more in detail. 3) How does other systems integrate the Snort engine - Great find Kwung-Kyung. I'm going to skip over the Snort parser, which is used to parse rules files, to focus more of my time on how to get the rulesets into the engine. For now I'm going to treat the engine as a black box and see how we can get the rules into the engine seemlessly. I think this step will allow us to actually get something tangible to work with. Afterwards, we can think about tweaking the engine itself for our purposes. ^_^ George >From: jeho-park <lin...@gm...> >To: MoonC <bo...@gm...> >CC: Net...@li... >Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips >tools >Date: Fri, 03 Mar 2006 04:35:38 +0900 > > >hi kwan-kyung > >i checked hlbr project and prelude-ids projects. > >in these three projects, prelude-ids seems to use snort as it's IDS engine. >is it right ? >if so, it is what i have looked for ~!. i want you to let me know how they >integrate with >snort ruleset and engine or how they access snort engine with their >interface frame. >i think this frame will be most important point in our researching. >if you find and understand their frame, i think you wll have to design and >implement that. > >in hlbr project, it is some awesome because they seem to add route code in >user layer. >as far as i know, routing code must be in the kernel layer as our pf.c >does. .. > > >i will do more check hlbr code and prelude-ids's. >it is not to develop by myself but to talk with you about designing how >this functionality will be integrated with current packet prevention >module-pf.ko- > >if you find more infomation about these three projects, please let me know. > >regards >jeho park > >MoonC wrote: > >>Hi everyone.. >> I'm find some ips tools and projects. This projects helps to us research >>ips engine. >> This IPS works Layer2, http://hlbr.sourceforge.net/index-en.html >> IPS test tool, Tipping Point open.. >>http://tomahawk.sourceforge.net/ >> >>hybrid open source IDS >>http://prelude-ids.org/ >> >> Thanks. > > > > >------------------------------------------------------- >This SF.Net email is sponsored by xPML, a groundbreaking scripting language >that extends applications into web and mobile media. Attend the live >webcast >and join the prime developer group breaking into this new coding territory! >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >_______________________________________________ >Netadm-devel mailing list >Net...@li... >https://lists.sourceforge.net/lists/listinfo/netadm-devel _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ |
|
From: jeho-park <lin...@gm...> - 2006-03-02 19:37:22
|
hi kwan-kyung i checked hlbr project and prelude-ids projects. in these three projects, prelude-ids seems to use snort as it's IDS engine. is it right ? if so, it is what i have looked for ~!. i want you to let me know how they integrate with snort ruleset and engine or how they access snort engine with their interface frame. i think this frame will be most important point in our researching. if you find and understand their frame, i think you wll have to design and implement that. in hlbr project, it is some awesome because they seem to add route code in user layer. as far as i know, routing code must be in the kernel layer as our pf.c does. .. i will do more check hlbr code and prelude-ids's. it is not to develop by myself but to talk with you about designing how this functionality will be integrated with current packet prevention module-pf.ko- if you find more infomation about these three projects, please let me know. regards jeho park MoonC wrote: > Hi everyone.. > > I'm find some ips tools and projects. This projects helps to us > research ips engine. > > This IPS works Layer2, > http://hlbr.sourceforge.net/index-en.html > > IPS test tool, Tipping Point open.. > http://tomahawk.sourceforge.net/ > > hybrid open source IDS > http://prelude-ids.org/ > > > > Thanks. |
|
From: MoonC <bo...@gm...> - 2006-03-02 13:41:42
|
Hi everyone.. I'm find some ips tools and projects. This projects helps to us research ip= s engine. This IPS works Layer2, http://hlbr.sourceforge.net/index-en.html IPS test tool, Tipping Point open.. http://tomahawk.sourceforge.net/ hybrid open source IDS http://prelude-ids.org/ Thanks. |
|
From: linuxpark <lin...@us...> - 2006-03-02 08:22:35
|
Update of /cvsroot/netadm/gwc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31830 Modified Files: INSTALL README.en README.ko Log Message: ADD: Requirements for proper compilation and installation. Index: README.ko =================================================================== RCS file: /cvsroot/netadm/gwc/README.ko,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** README.ko 5 Feb 2006 13:35:01 -0000 1.2 --- README.ko 2 Mar 2006 08:22:22 -0000 1.3 *************** *** 8,21 **** [¸ñÂ÷] - 1. ±âÁ¸ AP Á¦¾î¸ðµâ ÇÁ·Î±×·¥ ¾ðÀνºÅç - 2. ¼Ò½º ÄÄÆÄÀÏ - 3. ¼³Ä¡ ¹× ¼³Á¤ - 4. ¼³Ä¡µÈ ÇÁ·Î±×·¥ ¸ñ·Ï ¼³¸í - 5. À¯ÀÇ »çÇ× ! 1. ±âÁ¸ gwc AP Á¦¾î¸ðµâ ÇÁ·Î±×·¥ ¾ðÀνºÅç ------------------------------------------------------ --- 8,34 ---- [¸ñÂ÷] + 1. ÇÊ¿ä ¿ä±¸ »çÇ×. + 2. ±âÁ¸ AP Á¦¾î¸ðµâ ÇÁ·Î±×·¥ ¾ðÀνºÅç + 3. ¼Ò½º ÄÄÆÄÀÏ + 4. ¼³Ä¡ ¹× ¼³Á¤ + 5. ¼³Ä¡µÈ ÇÁ·Î±×·¥ ¸ñ·Ï ¼³¸í + 6. À¯ÀÇ »çÇ× + 1. ÇÊ¿ä ¿ä±¸ »çÇ×. + ----------------------------------------------------- + 1-1. Debian. + a. libgtk1.0-dev ¶Ç´Âlibgtk2.0-dev ÆÐÅ°Áö + b. dialog ÆÐÅ°Áö + c. iproute ÆÐÅ°Áö. ! 1-2. Redhat ! a. X development ¿É¼ÇÀ» ÅëÇÑ gtk°³¹ß ¶óÀ̺귯¸® ¼³Ä¡. ! b. dialog (µðÆúÆ®) ! c. iproute ¶Ç´Â iproute2 ! ! ! 2. ±âÁ¸ gwc AP Á¦¾î¸ðµâ ÇÁ·Î±×·¥ ¾ðÀνºÅç ------------------------------------------------------ *************** *** 25,30 **** ! 2. ¼Ò½º ÄÄÆÄÀÏ ! ------------ #make clean && make --- 38,43 ---- ! 3. ¼Ò½º ÄÄÆÄÀÏ ! ------------------------------------------------------ #make clean && make *************** *** 32,37 **** ! 3. ¼³Ä¡ ¹× ¼³Á¤ ! ------------------ root@apc:~/wrk/gwc# make install --- 45,50 ---- ! 4. ¼³Ä¡ ¹× ¼³Á¤ ! ------------------------------------------------------ root@apc:~/wrk/gwc# make install *************** *** 40,44 **** ! 3-1. ÇöÀç Ä¿³ÎÀÌ 2.6.x ÀÎ °æ¿ì y ÀÔ·Â Do your kernel 2.6.x in directory:[ /usr/src/linux ] (y/n)? y --- 53,57 ---- ! 4-1. ÇöÀç Ä¿³ÎÀÌ 2.6.x ÀÎ °æ¿ì y ÀÔ·Â Do your kernel 2.6.x in directory:[ /usr/src/linux ] (y/n)? y *************** *** 53,57 **** ! 3-2. AP±â¿¡ SNMP community»ý¼ºÇÑ »óÅÂÀÎ °æ¿ì y ÀÔ·Â We Can not support SNMP v2.0 and above version yet. --- 66,70 ---- ! 4-2. AP±â¿¡ SNMP community»ý¼ºÇÑ »óÅÂÀÎ °æ¿ì y ÀÔ·Â We Can not support SNMP v2.0 and above version yet. *************** *** 68,72 **** ! 3-3. community ¸í ÀÔ·Â What is the SNMP(v1.0) community name of your AP ? public --- 81,85 ---- ! 4-3. community ¸í ÀÔ·Â What is the SNMP(v1.0) community name of your AP ? public *************** *** 75,79 **** ! 3-4. AP ³×Æ®¿öÅ© Á¤º¸ ÀÔ·Â What is IP address of your AP ? 192.168.200.199 --- 88,92 ---- ! 4-4. AP ³×Æ®¿öÅ© Á¤º¸ ÀÔ·Â What is IP address of your AP ? 192.168.200.199 *************** *** 88,93 **** ! 4. ¼³Ä¡µÈ ÇÁ·Î±×·¥ ¸ñ·Ï ¼³¸í ! ---------------------------- --- 101,106 ---- ! 5. ¼³Ä¡µÈ ÇÁ·Î±×·¥ ¸ñ·Ï ¼³¸í ! ------------------------------------------------------ *************** *** 114,121 **** ! 5. À¯ÀÇ »çÇ× ! -------- ! 5-1. gwc ½ºÅ©¸³À¸·Î gwc ½Ã½ºÅÛ ½ÃÀÛ ½Ã °ü·Ã GUI°¡ ¶ßÁö ¾Ê´Â °æ¿ì ? gwc ÇÁ·Î±×·¥ÀÌ Á¤»óÀûÀ¸·Î ½ÃÀ۵Ǿú´Ù¸é gwcadmd, gwcguidµÎ°³ÀÇ µ¥¸óÀÌ ¶ç¾îÁ® ÀÖ´Â °ÍÀ» --- 127,134 ---- ! 6. À¯ÀÇ »çÇ× ! ------------------------------------------------------ ! 6-1. gwc ½ºÅ©¸³À¸·Î gwc ½Ã½ºÅÛ ½ÃÀÛ ½Ã °ü·Ã GUI°¡ ¶ßÁö ¾Ê´Â °æ¿ì ? gwc ÇÁ·Î±×·¥ÀÌ Á¤»óÀûÀ¸·Î ½ÃÀ۵Ǿú´Ù¸é gwcadmd, gwcguidµÎ°³ÀÇ µ¥¸óÀÌ ¶ç¾îÁ® ÀÖ´Â °ÍÀ» *************** *** 127,131 **** ! 5-2. Can't query to AP ¿¡·¯À©µµ¿ì Ãâ·Â ½Ã ? /usr/local/gwc/etc/config ¼³Á¤ ÈÀÏ »ó¿¡ qry_state, ap_ip, ap_mask, community Ç׸ñÀÌ --- 140,144 ---- ! 6-2. Can't query to AP ¿¡·¯À©µµ¿ì Ãâ·Â ½Ã ? /usr/local/gwc/etc/config ¼³Á¤ ÈÀÏ »ó¿¡ qry_state, ap_ip, ap_mask, community Ç׸ñÀÌ Index: README.en =================================================================== RCS file: /cvsroot/netadm/gwc/README.en,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** README.en 5 Feb 2006 13:35:01 -0000 1.2 --- README.en 2 Mar 2006 08:22:21 -0000 1.3 *************** *** 8,21 **** [Contents] ! 1. what is gwc ! 2. uninstallation of existing gwc [ skip this step if you did not install this program at all ] ! 3. compile ! 4. installation and setup ! 5. program list of installation. ! 6. note ! 1. What is gwc ! --------------------- This program is the controlling system for IPv4 router. The functionalities of this gwc is listed below. --- 8,37 ---- [Contents] ! 1. Requirements. ! 2. what is gwc. ! 3. uninstallation of existing gwc [ skip this step if you did not install this program at all ] ! 4. compile ! 5. installation and setup ! 6. program list of installation. ! 7. note ! 1. Requrements. ! --------------------------------------------------------------------- ! ! 1-1. debian. ! ! a. libgtk1.0-dev or libgtk2.0-dev package ! b. dialog package ! c. iproute package ! ! 1-2. Redhat or Fedora ! ! a. install gtk developer library with the X development option ! in package manager. ! ! ! 2. What is gwc. ! --------------------------------------------------------------------- This program is the controlling system for IPv4 router. The functionalities of this gwc is listed below. *************** *** 44,49 **** if you want to know more, please reference howto.pdf. ! 2. Uninstallation of existing gwc [ skip this step if you did not install this program at all ] ! ------------------------------------------------------ #cd { source directory of the gwc } --- 60,67 ---- if you want to know more, please reference howto.pdf. ! ! 3. Uninstallation of existing gwc ! [ skip this step if you did not install this program at all ] ! --------------------------------------------------------------------- #cd { source directory of the gwc } *************** *** 52,57 **** ! 3. compilation. ! ---------------- #make clean && make --- 70,75 ---- ! 4. compilation. ! --------------------------------------------------------------------- #make clean && make *************** *** 59,64 **** ! 4. installation and setup. ! ---------------------------- root@gwc:~/wrk/gwc# make install --- 77,82 ---- ! 5. installation and setup. ! --------------------------------------------------------------------- root@gwc:~/wrk/gwc# make install *************** *** 67,71 **** ! 4-1. enter 'y' if your vanilla kernel version 2.6.x Do your kernel 2.6.x in directory:[ /usr/src/linux ] (y/n)? y --- 85,89 ---- ! 5-1. enter 'y' if your vanilla kernel version 2.6.x Do your kernel 2.6.x in directory:[ /usr/src/linux ] (y/n)? y *************** *** 80,84 **** ! 4-2. enter 'y' if you make a SNMP community already in target cisco AP. if you have not made this comunity yet, first make this. --- 98,102 ---- ! 5-2. enter 'y' if you make a SNMP community already in target cisco AP. if you have not made this comunity yet, first make this. *************** *** 96,100 **** ! 4-3. community What is the SNMP(v1.0) community name of your AP ? public --- 114,118 ---- ! 5-3. community What is the SNMP(v1.0) community name of your AP ? public *************** *** 103,107 **** ! 4-4. Cisco AP infomation. What is IP address of your AP ? 192.168.200.199 --- 121,125 ---- ! 5-4. Cisco AP infomation. What is IP address of your AP ? 192.168.200.199 *************** *** 115,121 **** ! 5. program list of installation. ! ---------------------------- ! The Summary of this installation. --- 133,138 ---- ! 6. program list of installation. ! --------------------------------------------------------------------- The Summary of this installation. *************** *** 141,156 **** ! 6. note. ! -------- ! 6-1. start gwc #gwc start ! 6-2. stop gwc #gwc stop ! 6-3. why the AP must be cisco's ? because this gwc program use cisco enterprise defined mip and above all, the admin daemon called 'gwcadmd' query your cisco AP from start time and this daemon get some specific AP infomations so if your AP is not CISCO we can't not sure perfect operation of this gwc. ! 6-4. if you find this window message "Can't query to AP ... ?" i think you must check whether the infomation of AP is correct. --- 158,173 ---- ! 7. note. ! --------------------------------------------------------------------- ! 7-1. start gwc #gwc start ! 7-2. stop gwc #gwc stop ! 7-3. why the AP must be cisco's ? because this gwc program use cisco enterprise defined mip and above all, the admin daemon called 'gwcadmd' query your cisco AP from start time and this daemon get some specific AP infomations so if your AP is not CISCO we can't not sure perfect operation of this gwc. ! 7-4. if you find this window message "Can't query to AP ... ?" i think you must check whether the infomation of AP is correct. Index: INSTALL =================================================================== RCS file: /cvsroot/netadm/gwc/INSTALL,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** INSTALL 7 Feb 2006 18:04:03 -0000 1.1 --- INSTALL 2 Mar 2006 08:22:21 -0000 1.2 *************** *** 12,29 **** ========= ! 1. Compilation. ! 2. Installation. ! 3. Start gwc. ! 4. Uninstallation. ! 1. Compilation. ! ---------------- $make ! 2. Installation. ! ----------------- Before installation of gwc, you are needed to check your network environment. --- 12,37 ---- ========= ! 1. Requirement. ! 2. Compilation. ! 3. Installation. ! 4. Start gwc. ! 5. Uninstallation. + 1. Requirement. + ---------------------------------------------------------------- ! - libgtk2.0-dev ! - dialog ! - iproute(tc) ! ! ! 2. Compilation. ! ---------------------------------------------------------------- $make ! 3. Installation. ! ---------------------------------------------------------------- Before installation of gwc, you are needed to check your network environment. *************** *** 87,98 **** ! 3. Start gwc. ! ------------- #gwc start ... #gwc stop ! 4. Uninstallation. ! ------------------- change directory to the main source directory. and then execute like below. --- 95,107 ---- ! 4. Start gwc. ! ---------------------------------------------------------------- #gwc start ... #gwc stop ! ! 5. Uninstallation. ! ---------------------------------------------------------------- change directory to the main source directory. and then execute like below. |
|
From: jeho-park <lin...@gm...> - 2006-03-02 02:04:05
|
hi george, kwan-kyung! i want to know how your reseaching part and documentation go on ? todays, i am making some new functionalities in flow control part to support more detailed packet filtering rule. on current cvs version of gwc, you will find that cli command or internal routine are not match with GUI display. this is because of my current check-in. it will be fixed until gtk programmer whose name is hyoseok hwang develops new GUI. thanks jeho park. |
1 message has been excluded from this view by a project administrator.
