home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.ee.lbl.gov
/
2014.05.ftp.ee.lbl.gov.tar
/
ftp.ee.lbl.gov
/
acld-1.11.tar.gz
/
acld-1.11.tar
/
acld-1.11
/
acld.h
< prev
next >
Wrap
C/C++ Source or Header
|
2012-02-07
|
6KB
|
192 lines
/* @(#) $Id: acld.h 806 2012-02-08 03:40:06Z leres $ (LBL) */
#include "cf.h"
#include "io.h"
#include "stats.h"
#include "timer.h"
#include "version.h"
/* acld states */
enum acldstate {
ASTATE_NOTCONNECTED = 0,
ASTATE_CONNECTED,
ASTATE_LOGGEDIN,
ASTATE_SENTLOGIN,
ASTATE_SENTLISTACL,
ASTATE_SENTLISTROUTE,
ASTATE_READRESPONSE,
ASTATE_READERROR,
ASTATE_READACL,
ASTATE_READROUTE,
ASTATE_SENTATTR,
};
/* Is it ok to handle a client request that requires router interaction? */
#define OKTOBLOCK(p) \
((p)->state == ASTATE_LOGGEDIN && \
(p)->sentattrs && (p)->listedroutes && (p)->listedallacls)
/* State */
struct state {
enum acldstate state; /* ASTATE_* */
const char *cmd; /* command sent */
int s; /* listen socket */
int ro; /* listen socket (read only) */
int web; /* listen socket (web registration) */
#ifdef HAVE_BROCCOLI
int b; /* listen socket (broccoli) */
#endif
int rfd; /* expect child read pipe */
int wfd; /* expect child read pipe */
pid_t pid; /* child pid */
u_int nclients; /* next client number */
int listedallacls; /* have we listed all the acl's? */
int listedroutes; /* have we listed the routes? */
int sentattrs; /* have we sent the attributes? */
struct route *routes; /* list of routes from router */
size_t routeslen; /* number of routes */
size_t routessize; /* size of route array */
int nullzerolen; /* current number of nullzero routes */
struct stats nullzerostats; /* nullzero statistics */
struct timeval timeout; /* select timeout */
struct iobuf rbuf; /* child read buffer */
struct req *req; /* linked list of server requests */
struct client *clients; /* linked list of clients */
struct client *reqclient; /* client we did the last request for */
struct cf *cf; /* configuration */
struct timer t_ayt; /* timer for "ayt" */
struct timer t_compact; /* timer for "compact" */
struct timer t_login; /* timer for next login attempt */
struct timer t_sync; /* timer for next sync */
void (*f_ayt)(struct state *);
void (*f_compact)(struct state *);
void (*f_droprestore)(struct state *, struct client *, struct req *);
void (*f_kill)(struct state *);
void (*f_listacl)(struct state *);
void (*f_listroute)(struct state *);
void (*f_login)(struct state *);
void (*f_nullzero)(struct state *, struct client *, struct req *);
void (*f_send)(struct state *, const char *, ...)
__attribute__ ((format (printf, 2, 3)));
void (*f_sendattr)(struct state *);
void (*f_sync)(struct state *);
};
#include "acl.h"
#include "util.h"
#include "client.h"
#include "route.h"
#include "whitelist.h"
/* Request types */
enum reqtype {
REQ_UNKNOWN = 0,
REQ_RELOAD, /* kill expect child process & reload config */
REQ_DROP, /* block a host or subnet */
REQ_RESTORE, /* unblock a host or subnet */
REQ_BLOCKHOSTHOST, /* block a host to host pair */
REQ_RESTOREHOSTHOST, /* unblock a host to host pair */
REQ_DROPUDPPORT, /* block a udp port */
REQ_RESTOREUDPPORT, /* unblock a udp port */
REQ_DROPTCPPORT, /* block a tcp port */
REQ_RESTORETCPPORT, /* unblock a tcp port */
REQ_PERMITUDPDSTHOSTPORT, /* permit udp dst-host/port */
REQ_UNPERMITUDPDSTHOSTPORT, /* remove permit udp dst-host/port */
REQ_PERMITTCPDSTHOSTPORT, /* permit tcp dst-host/port */
REQ_UNPERMITTCPDSTHOSTPORT, /* remove permit tcp dst-host/port */
REQ_DROPTCPDSTHOSTPORT, /* block tcp dst-host/port */
REQ_RESTORETCPDSTHOSTPORT, /* remove tcp dst-host/port */
REQ_NULLZERO, /* create null zero host route */
REQ_NONULLZERO, /* remove null zero host route */
REQ_STATE, /* display current acld state */
REQ_LISTACL, /* list contains of specified acl */
REQ_LISTROUTE, /* list routes */
REQ_WHITELIST, /* list whitelist */
REQ_ADDWHITELIST, /* add whitelist address */
REQ_REMWHITELIST, /* remove whitelist address */
REQ_QUERY, /* check host, host to host or subnet block */
REQ_QUERYNULLZERO, /* check for a nullzero host route */
REQ_QUERYWHITELIST, /* check for a whitelist host/net */
REQ_COMPACT, /* schedule compaction of specified acl */
REQ_TEST, /* (undocumented) */
REQ_EXIT, /* terminate client session */
REQ_HELP, /* display brief help message */
REQ_SYNC, /* copy router config to nonvolatile memory */
REQ_AYT, /* check that router is still alive */
};
/* Request states */
enum reqstate {
RSTATE_PENDING = 0, /* not processed yet */
RSTATE_READCOMMENT, /* reading client comments */
RSTATE_READRESPONSE, /* reading child response */
RSTATE_CHILD, /* waiting for child to reply */
RSTATE_DONE /* ok to remove from queue */
};
/* Request flags */
#define RFLAG_CONTINUE 0x1 /* request had a comment */
/* XXX change to RFLAG_COMMENT? */
#define RFLAG_FAILED 0x2 /* request resulted in a failed status */
#define RFLAG_IGNORE 0x4 /* request didn't result in any changes */
/* Request */
struct req {
struct req *next;
enum reqtype type; /* REQ_* */
enum reqstate state; /* RSTATE_* */
int flags; /* request flags */
const char *cmd; /* client command name */
struct acllist *acllist; /* acllist pointer */
char *aclname; /* REQ_LISTACL ACL name */
u_int32_t cookie;
struct timeval ats; /* arrival timestamp */
struct timeval cts; /* completion timestamp */
struct acl acl;
struct route nullzero;
struct addr whitelist;
int an; /* argument count */
char **av; /* argument vector */
char *comment;
struct iobuf payload;
};
#define LOGIN_SECS 15
#define AYT_SECS (10 * 60)
#define SYNC_SECS (30 * 60)
#define SELECT_SECS (10 * 60)
/* Must be greater than SELECT_SECS */
#define IDLE_SECS (2 * SELECT_SECS)
#define MAX_IPV4_WIDTH 16 /* widest IPv4 cidr block */
#define MAX_IPV6_WIDTH 32 /* widest IPv6 cidr block */
#define DEFAULT_IPV4_WIDTH 24 /* default IPv4 cidr block width */
#define DEFAULT_IPV6_WIDTH 64 /* default IPv6 cidr block width */
#include "util.h"
/* Globals */
extern int debug;
extern int verbose;
extern int reload;
extern const char *prog;
extern struct s2v astate2str[];
extern struct s2v rstate2str[];
extern const char *configfn;
extern const char *logfile;
extern FILE *lf;
/* Functions */
void appendreq(struct req **, struct req *) ;
void freereq(struct req *);
struct state *getstate(void);
void nbio(int);