From 1a556bf3025bdd2a6cba2810e29458d2fc40a3b5 Mon Sep 17 00:00:00 2001 From: liudf0716 Date: Mon, 11 Apr 2016 11:24:30 +0900 Subject: [PATCH] liudf 20160411 move domains && mac operation to ping thread --- src/conf.c | 33 ++++++++++++++++++++++++--------- src/conf.h | 13 ++++++++++++- src/fw_iptables.c | 27 ++++++++------------------- src/http.c | 3 ++- src/ping_thread.c | 28 +++++++++++++++++++++++++++- src/wd_util.c | 9 ++++----- wifidog-redir.html.in | 8 -------- 7 files changed, 77 insertions(+), 44 deletions(-) diff --git a/src/conf.c b/src/conf.c index 3fea69e..7fa1a19 100644 --- a/src/conf.c +++ b/src/conf.c @@ -63,6 +63,10 @@ static s_config config; * functions. */ pthread_mutex_t config_mutex = PTHREAD_MUTEX_INITIALIZER; +// liudf added 20160409 +// Mutex for trusted domains; used by domains parese releated +pthread_mutex_t domains_mutex = PTHREAD_MUTEX_INITIALIZER; + /** @internal * A flag. If set to 1, there are missing or empty mandatory parameters in the config */ @@ -1255,9 +1259,11 @@ add_domain_common(const char *domain, trusted_domain_t which) { t_domain_trusted *p = NULL; - LOCK_CONFIG(); + LOCK_DOMAIN(); + p = __add_domain_common(domain, which); - UNLOCK_CONFIG(); + + UNLOCK_DOMAIN(); return p; } @@ -1380,13 +1386,13 @@ add_domain_ip_pair(const char *args, trusted_domain_t which) return; } - LOCK_CONFIG(); + LOCK_DOMAIN(); dt = __add_domain_common(domain, which); if(dt) __add_ip_2_domain(dt, ip); - UNLOCK_CONFIG(); + UNLOCK_DOMAIN(); free(pt); } @@ -1419,7 +1425,7 @@ parse_trusted_domain_2_ip(t_domain_trusted *p) hostname[HTTP_IP_ADDR_LEN-1] = '\0'; debug(LOG_DEBUG, "hostname ip is(%s)", hostname); - LOCK_CONFIG(); + LOCK_DOMAIN(); if(p->ips_trusted == NULL) { ipt = (t_ip_trusted *)malloc(sizeof(t_ip_trusted)); @@ -1444,7 +1450,7 @@ parse_trusted_domain_2_ip(t_domain_trusted *p) } } - UNLOCK_CONFIG(); + UNLOCK_DOMAIN(); } } @@ -1478,7 +1484,7 @@ void parse_inner_trusted_domain_list() parse_common_trusted_domain_list(INNER_TRUSTED_DOMAIN); } -void +int __fix_weixin_http_dns_ip(void) { const char *get_weixin_ip_cmd = "curl --compressed http://dns.weixin.qq.com/cgi-bin/micromsg-bin/newgetdns 2>/dev/null"; @@ -1503,15 +1509,24 @@ __fix_weixin_http_dns_ip(void) p = rindex(buf, '<'); *p='\0'; ip = buf+4; + + LOCK_DOMAIN(); + dt = __add_inner_trusted_domain("short.weixin.qq.com"); if (dt) { debug(LOG_INFO, "Add short.weixin.qq.com ip %s\n", ip); __add_ip_2_domain(dt, ip); + UNLOCK_DOMAIN(); + return 1; // parse weixin dns success } + + UNLOCK_DOMAIN(); } } pclose(file); } + + return 0; // parse weixin dns failed } // clear domain's ip collection @@ -1544,9 +1559,9 @@ __clear_trusted_domains(void) void clear_trusted_domains(void) { - LOCK_CONFIG(); + LOCK_DOMAIN(); __clear_trusted_domains(); - UNLOCK_CONFIG(); + UNLOCK_DOMAIN(); } t_domain_trusted * diff --git a/src/conf.h b/src/conf.h index b65f3b0..127562c 100644 --- a/src/conf.h +++ b/src/conf.h @@ -318,7 +318,7 @@ void __clear_trusted_domains(void); /** @brief */ -void __fix_weixin_http_dns_ip(void); +int __fix_weixin_http_dns_ip(void); /** @brief parse roam mac list, for wdctl use*/ @@ -365,6 +365,17 @@ char *g_type; // hardware type char *g_name; // firmware name char *g_channel_path; char *g_ssid; + +#define LOCK_DOMAIN() do { \ + debug(LOG_DEBUG, "Locking domain"); \ + pthread_mutex_lock(&domains_mutex); \ + debug(LOG_DEBUG, "Domains locked"); \ +} while (0) + +#define UNLOCK_DOMAIN() do { \ + debug(LOG_DEBUG, "Locking domain"); \ + pthread_mutex_unlock(&domains_mutex); \ +} while(0) // <<< liudf added end #define LOCK_CONFIG() do { \ diff --git a/src/fw_iptables.c b/src/fw_iptables.c index 1b8ee2a..e604b0e 100644 --- a/src/fw_iptables.c +++ b/src/fw_iptables.c @@ -347,12 +347,16 @@ iptables_fw_set_user_domains_trusted(void) config = config_get_config(); + LOCK_DOMAIN(); + for (domain_trusted = config->domains_trusted; domain_trusted != NULL; domain_trusted = domain_trusted->next) { t_ip_trusted *ip_trusted = NULL; for(ip_trusted = domain_trusted->ips_trusted; ip_trusted != NULL; ip_trusted = ip_trusted->next) { ipset_do_command("add " CHAIN_DOMAIN_TRUSTED " %s ", ip_trusted->ip); } } + + UNLOCK_DOMAIN(); } // set inner trusted domains @@ -377,12 +381,16 @@ iptables_fw_set_inner_domains_trusted(void) config = config_get_config(); + LOCK_DOMAIN(); + for (domain_trusted = config->inner_domains_trusted; domain_trusted != NULL; domain_trusted = domain_trusted->next) { t_ip_trusted *ip_trusted = NULL; for(ip_trusted = domain_trusted->ips_trusted; ip_trusted != NULL; ip_trusted = ip_trusted->next) { ipset_do_command("add " CHAIN_INNER_DOMAIN_TRUSTED " %s ", ip_trusted->ip); } } + + UNLOCK_DOMAIN(); } @@ -584,7 +592,6 @@ iptables_fw_init(void) // execut fw_init_script } - LOCK_CONFIG(); config = config_get_config(); gw_port = config->gw_port; if (config->external_interface) { @@ -594,7 +601,6 @@ iptables_fw_init(void) } if (ext_interface == NULL) { - UNLOCK_CONFIG(); f_fw_init_close(); debug(LOG_ERR, "FATAL: no external interface"); return 0; @@ -770,26 +776,9 @@ iptables_fw_init(void) iptables_do_command("-t filter -A " CHAIN_TO_INTERNET " -j " CHAIN_UNKNOWN); iptables_load_ruleset("filter", FWRULESET_UNKNOWN_USERS, CHAIN_UNKNOWN); iptables_do_command("-t filter -A " CHAIN_UNKNOWN " -j REJECT --reject-with icmp-port-unreachable"); - - __fix_weixin_http_dns_ip(); - - UNLOCK_CONFIG(); - - parse_user_trusted_domain_list(); - parse_inner_trusted_domain_list(); - free(ext_interface); - - //>>> liudf added 20160114 - // after initialize firewall chain; - // add trusted&untrusted mac list; parse and add trusted domain - fw_set_trusted_maclist(); - fw_set_untrusted_maclist(); - iptables_fw_set_inner_domains_trusted(); - iptables_fw_set_user_domains_trusted(); - f_fw_init_close(); //<<< liudf added end diff --git a/src/http.c b/src/http.c index 450c6a1..1b71260 100644 --- a/src/http.c +++ b/src/http.c @@ -62,7 +62,8 @@ static char *redirect_html; const char *apple_domains[] = { "captive.apple.com", - "static.ess.apple.com", + "static.ess.apple.com:80", + "init-p01st.push.apple.com", "www.apple.com", NULL }; diff --git a/src/ping_thread.c b/src/ping_thread.c index 3b911c0..7871224 100644 --- a/src/ping_thread.c +++ b/src/ping_thread.c @@ -69,7 +69,20 @@ thread_ping(void *arg) pthread_cond_t cond = PTHREAD_COND_INITIALIZER; pthread_mutex_t cond_mutex = PTHREAD_MUTEX_INITIALIZER; struct timespec timeout; + + //>>> liudf added 20160411 + // move from fw_init to here + __fix_weixin_http_dns_ip(); + parse_user_trusted_domain_list(); + iptables_fw_set_inner_domains_trusted(); + + parse_inner_trusted_domain_list(); + iptables_fw_set_user_domains_trusted(); + + fw_set_trusted_maclist(); + fw_set_untrusted_maclist(); + while (1) { /* Make sure we check the servers at the very begining */ debug(LOG_DEBUG, "Running ping()"); @@ -136,7 +149,9 @@ ping(void) debug(LOG_CRIT, "Failed to read uptime"); fclose(fh); + fh = NULL; } + if ((fh = fopen("/proc/meminfo", "r"))) { while (!feof(fh)) { if (fscanf(fh, "MemFree: %u", &sys_memfree) == 0) { @@ -148,18 +163,22 @@ ping(void) } } fclose(fh); + fh = NULL; } + if ((fh = fopen("/proc/loadavg", "r"))) { if (fscanf(fh, "%f", &sys_load) != 1) debug(LOG_CRIT, "Failed to read loadavg"); fclose(fh); + fh = NULL; } //<<< liudf added 20160121 // get first ssid if ((fh = popen("uci get wireless.@wifi-iface[0].ssid", "r"))) { fgets(ssid, 31, fh); pclose(fh); + fh = NULL; trim_newline(ssid); if(strlen(ssid) > 0) { if(g_ssid) @@ -173,6 +192,7 @@ ping(void) char version[32] = {0}; fgets(version, 31, fh); pclose(fh); + fh = NULL; trim_newline(version); if(strlen(version) > 0) g_version = safe_strdup(version); @@ -184,6 +204,7 @@ ping(void) char name[32] = {0}; fgets(name, 31, fh); pclose(fh); + fh = NULL; trim_newline(name); if(strlen(name) > 0) g_type = safe_strdup(name); @@ -195,6 +216,7 @@ ping(void) char name[32] = {0}; fgets(name, 31, fh); pclose(fh); + fh = NULL; trim_newline(name); if(strlen(name) > 0) g_name = safe_strdup(name); @@ -202,12 +224,16 @@ ping(void) } { - if(!g_channel_path) + if(!g_channel_path) { free(g_channel_path); + g_channel_path = NULL; + } + if ((fh = popen("uci get firmwareinfo.@version[0].channel_path", "r"))) { char channel_path[128] = {0}; fgets(channel_path, 127, fh); pclose(fh); + fh = NULL; trim_newline(channel_path); debug(LOG_INFO, "g_channel_path is %s", g_channel_path); if(strlen(channel_path) > 0) diff --git a/src/wd_util.c b/src/wd_util.c index 71c47d2..d730280 100644 --- a/src/wd_util.c +++ b/src/wd_util.c @@ -270,7 +270,7 @@ get_serialize_trusted_domains() pstr = pstr_new(); - LOCK_CONFIG(); + LOCK_DOMAIN(); for (; domain_trusted != NULL; domain_trusted = domain_trusted->next, line++) { if(line == 0) @@ -278,8 +278,7 @@ get_serialize_trusted_domains() else pstr_append_sprintf(pstr, ",%s", domain_trusted->domain); } - - UNLOCK_CONFIG(); + UNLOCK_DOMAIN(); return pstr_to_string(pstr); @@ -297,7 +296,7 @@ get_trusted_domains_text() pstr_cat(pstr, "\nTrusted domains and its ip:\n"); - LOCK_CONFIG(); + LOCK_DOMAIN(); for (domain_trusted = config->domains_trusted; domain_trusted != NULL; domain_trusted = domain_trusted->next) { pstr_append_sprintf(pstr, "\nDomain: %s \n", domain_trusted->domain); @@ -306,7 +305,7 @@ get_trusted_domains_text() } } - UNLOCK_CONFIG(); + UNLOCK_DOMAIN(); return pstr_to_string(pstr); } diff --git a/wifidog-redir.html.in b/wifidog-redir.html.in index 17bd902..b0f6021 100644 --- a/wifidog-redir.html.in +++ b/wifidog-redir.html.in @@ -3,14 +3,12 @@ 正在为您加载,请稍候... -