Wifidog

remove spam (diff)

The fix applied for this bug was done in a "if" block starting with if (strncasecmp(buf,"Host: ",6) == 0) (line 533) The line mentioned here is from a different block with the same pattern starting with if (strncasecmp(buf,"Authorization: ... [More] ",15) == 0) (line 493) A quick guess would be to do the same fix to that other block of code. Here's a patch (untested for now) [Less]

* Modifs on the token architecture: some corrections to connection and token deletions and garbage collection because token are now reusable

fixed: Fixed in [1454] I meant to say the band-aid still yells, but I spoke too soon, the fault came from my auth-server under test who misbehaved ;-) The patch was committed and will be part of the next official release by the end of March, and I'll keep scrutinizing it to see if you found the root cause or not. Thanks!

Committed patch for #501 by Benoît Grégoire and Mac Jones

(diff)

March sprint

(diff)

It can be usefull to log some traffic who's match some specific iptables rules. The following, is a simple patch to add a log rule in the FirewallRule? diff -Naur wifidog/src/conf.c wifidog.2/src/conf.c --- wifidog/src/conf.c 2010-03-01 ... [More] 09:50:44.755611281 0100 wifidog.2/src/conf.c 2010-03-01 09:46:22.146625521 0100 @@ -479,7 479,7 @@ _parse_firewall_rule(const char *ruleset, char *leftover) { int i; - int block_allow = 0; /**< 0 == block, 1 == allow */ int block_allow = 0; /**< 0 == block, 1 == allow, 2 == log */ int all_nums = 1; /**< If 0, port contained non-numerics */ int finished = 0; /**< reached end of line */ char *token = NULL; /**< First word */ @@ -506,9 506,11 @@ block_allow = 0; } else if (!strcasecmp(token, "allow")) { block_allow = 1; } else if (!strcasecmp(token, "log")) { block_allow = 2; } else { debug(LOG_ERR, "Invalid rule type %s, expecting " - "\"block\" or \"allow\"", token); "\"block\",\"allow\" or \"log\"", token); return -1; } diff -Naur wifidog/src/conf.h wifidog.2/src/conf.h --- wifidog/src/conf.h 2010-03-01 09:50:44.759610802 0100 wifidog.2/src/conf.h 2010-03-01 09:46:48.095609891 0100 @@ -93,7 93,7 @@ Firewall rules */ typedef struct _firewall_rule_t { - int block_allow; /**< @brief 1 = Allow rule, 0 = Block rule */ int block_allow; /**< @brief 0 = Block rule, 1 = Allow rule, 2 = Log Rule */ char *protocol; /**< @brief tcp, udp, etc ... */ char *port; /**< @brief Port to block/allow */ char *mask; /**< @brief Mask for the rule *destination* */ diff -Naur wifidog/src/fw_iptables.c wifidog.2/src/fw_iptables.c --- wifidog/src/fw_iptables.c 2010-03-01 09:50:44.743610927 0100 wifidog.2/src/fw_iptables.c 2010-03-01 09:48:09.879611316 0100 @@ -143,9 143,10 @@ if (rule->block_allow == 1) { mode = safe_strdup("ACCEPT"); } else if (rule->block_allow == 2) { mode = safe_strdup("LOG"); } else { - mode = safe_strdup("REJECT"); - } mode = safe_strdup("REJECT");} snprintf(command, sizeof(command), "-t %s -A %s ",table, chain); if (rule->mask != NULL) { diff -Naur wifidog/wifidog.conf wifidog.2/wifidog.conf --- wifidog/wifidog.conf 2010-03-01 09:50:44.963610868 0100 wifidog.2/wifidog.conf 2010-03-01 09:56:58.559610257 0100 @@ -184,11 184,20 @@ # FirewallRule? block to 192.168.0.0/16 # FirewallRule? block to 172.16.0.0/12 # FirewallRule? block to 10.0.0.0/8 - ## This is an example ruleset for the Teliphone service. #FirewallRule? allow udp to 69.90.89.192/27 #FirewallRule? allow udp to 69.90.85.0/27 #FirewallRule? allow tcp port 80 to 69.90.89.205 ## Use the following to log the traffic you want to allow or block. # Note: the log rule must be passed before, the rule you want to match. # For example, you want to log the traffic allowed on port 80 to the ip 69.90.89.205: #FirewallRule? log tcp port 80 to 69.90.89.205 #FirewallRule? allow tcp port 80 to 69.90.89.205 # And you want to know, who matche your block rule: #FirewallRule? log to 0.0.0.0/0 #FirewallRule? block to 0.0.0.0/0 } # Rule Set: validating-users [Less]