github/wangyu-udp2raw
1
0
Fork 0
mirror of https://github.com/wangyu-/udp2raw.git synced 2025-01-19 14:29:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

add -w options to every iptables command

Browse Source
This commit is contained in:
wangyu- 2018-01-11 17:26:30 -06:00
parent 2da0de34a2
commit 7fe8321082
2 changed files with 23 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
misc.cpp
View File

@ -50,6 +50,8 @@ char key_string[1000]= "secret key";// -k option
char fifo_file[1000]=""; char fifo_file[1000]="";
string iptables_command0="iptables ";
string iptables_command="iptables -w ";
string iptables_pattern=""; string iptables_pattern="";
int iptables_rule_added=0; int iptables_rule_added=0;
int iptables_rule_keeped=0; int iptables_rule_keeped=0;
@ -428,9 +430,9 @@ void process_arg(int argc, char *argv[]) //process all options
{ {
char *output; char *output;
//int ret =system("iptables-save |grep udp2raw_dWRwMnJhdw|sed -n 's/^-A/iptables -D/p'|sh"); //int ret =system("iptables-save |grep udp2raw_dWRwMnJhdw|sed -n 's/^-A/iptables -D/p'|sh");
int ret =run_command("iptables -S|sed -n '/udp2rawDwrW/p'|sed -n 's/^-A/iptables -D/p'|sh",output); int ret =run_command(iptables_command+"-S|sed -n '/udp2rawDwrW/p'|sed -n 's/^-A/"+iptables_command+"-D/p'|sh",output);
int ret2 =run_command("iptables -S|sed -n '/udp2rawDwrW/p'|sed -n 's/^-N/iptables -X/p'|sh",output); int ret2 =run_command(iptables_command+"-S|sed -n '/udp2rawDwrW/p'|sed -n 's/^-N/"+iptables_command+"-X/p'|sh",output);
//system("iptables-save |grep udp2raw_dWRwMnJhdw|sed 's/^-A/iptables -D/'|sh"); //system("iptables-save |grep udp2raw_dWRwMnJhdw|sed 's/^-A/iptables -D/'|sh");
//system("iptables-save|grep -v udp2raw_dWRwMnJhdw|iptables-restore"); //system("iptables-save|grep -v udp2raw_dWRwMnJhdw|iptables-restore");
mylog(log_info,"tried to clear all iptables rule created previously,return value %d %d\n",ret,ret2); mylog(log_info,"tried to clear all iptables rule created previously,return value %d %d\n",ret,ret2);
@ -872,7 +874,7 @@ void iptables_rule() // handles -a -g --gen-add --keep-rule
} }
if(generate_iptables_rule) if(generate_iptables_rule)
{ {
string rule="iptables -I INPUT "; string rule=iptables_command+"-I INPUT ";
rule+=pattern; rule+=pattern;
rule+=" -j DROP"; rule+=" -j DROP";
@ -1042,31 +1044,6 @@ int handle_lower_level(raw_info_t &raw_info)//fill lower_level info,when --lower
} }
/*
int add_iptables_rule(const char * s)
{
iptables_pattern=s;
string rule="iptables -I INPUT ";
rule+=iptables_pattern;
rule+=" -j DROP";
char *output;
if(run_command(rule.c_str(),output)==0)
{
mylog(log_warn,"auto added iptables rule by: %s\n",rule.c_str());
}
else
{
mylog(log_fatal,"auto added iptables failed by: %s\n",rule.c_str());
//mylog(log_fatal,"reason : %s\n",strerror(errno));
myexit(-1);
}
iptables_rule_added=1;
return 0;
}*/
string chain[2]; string chain[2];
string rule_keep[2]; string rule_keep[2];
string rule_keep_add[2]; string rule_keep_add[2];
@ -1081,14 +1058,14 @@ int iptables_gen_add(const char * s,u32_t const_id)
iptables_pattern=s; iptables_pattern=s;
chain[0] =dummy+ "udp2rawDwrW_C"; chain[0] =dummy+ "udp2rawDwrW_C";
rule_keep[0]=dummy+ iptables_pattern+" -j " +chain[0]; rule_keep[0]=dummy+ iptables_pattern+" -j " +chain[0];
rule_keep_add[0]=dummy+"iptables -I INPUT "+rule_keep[0]; rule_keep_add[0]=iptables_command+"-I INPUT "+rule_keep[0];
char *output; char *output;
run_command(dummy+"iptables -N "+chain[0],output,show_none); run_command(iptables_command+"-N "+chain[0],output,show_none);
run_command(dummy+"iptables -F "+chain[0],output); run_command(iptables_command+"-F "+chain[0],output);
run_command(dummy+"iptables -I "+chain[0] + " -j DROP",output); run_command(iptables_command+"-I "+chain[0] + " -j DROP",output);
rule_keep_del[0]=dummy+"iptables -D INPUT "+rule_keep[0]; rule_keep_del[0]=iptables_command+"-D INPUT "+rule_keep[0];
run_command(rule_keep_del[0],output,show_none); run_command(rule_keep_del[0],output,show_none);
run_command(rule_keep_del[0],output,show_none); run_command(rule_keep_del[0],output,show_none);
@ -1116,11 +1093,11 @@ int iptables_rule_init(const char * s,u32_t const_id,int keep)
rule_keep[0]=dummy+ iptables_pattern+" -j " +chain[0]; rule_keep[0]=dummy+ iptables_pattern+" -j " +chain[0];
rule_keep[1]=dummy+ iptables_pattern+" -j " +chain[1]; rule_keep[1]=dummy+ iptables_pattern+" -j " +chain[1];
rule_keep_add[0]=dummy+"iptables -I INPUT "+rule_keep[0]; rule_keep_add[0]=iptables_command+"-I INPUT "+rule_keep[0];
rule_keep_add[1]=dummy+"iptables -I INPUT "+rule_keep[1]; rule_keep_add[1]=iptables_command+"-I INPUT "+rule_keep[1];
rule_keep_del[0]=dummy+"iptables -D INPUT "+rule_keep[0]; rule_keep_del[0]=iptables_command+"-D INPUT "+rule_keep[0];
rule_keep_del[1]=dummy+"iptables -D INPUT "+rule_keep[1]; rule_keep_del[1]=iptables_command+"-D INPUT "+rule_keep[1];
keep_rule_last_time=get_current_time(); keep_rule_last_time=get_current_time();
@ -1128,9 +1105,9 @@ int iptables_rule_init(const char * s,u32_t const_id,int keep)
for(int i=0;i<=iptables_rule_keeped;i++) for(int i=0;i<=iptables_rule_keeped;i++)
{ {
run_command(dummy+"iptables -N "+chain[i],output); run_command(iptables_command+"-N "+chain[i],output);
run_command(dummy+"iptables -F "+chain[i],output); run_command(iptables_command+"-F "+chain[i],output);
run_command(dummy+"iptables -I "+chain[i] + " -j DROP",output); run_command(iptables_command+"-I "+chain[i] + " -j DROP",output);
if(run_command(rule_keep_add[i],output)!=0) if(run_command(rule_keep_add[i],output)!=0)
{ {
@ -1167,12 +1144,12 @@ int keep_iptables_rule() //magic to work on a machine without grep/iptables --c
int i=iptables_rule_keep_index; int i=iptables_rule_keep_index;
run_command(dummy + "iptables -N " + chain[i], output,show_none); run_command(iptables_command + "-N " + chain[i], output,show_none);
if (run_command(dummy + "iptables -F " + chain[i], output,show_none) != 0) if (run_command(iptables_command + "-F " + chain[i], output,show_none) != 0)
mylog(log_warn, "iptables -F failed %d\n",i); mylog(log_warn, "iptables -F failed %d\n",i);
if (run_command(dummy + "iptables -I " + chain[i] + " -j DROP",output,show_none) != 0) if (run_command(iptables_command + "-I " + chain[i] + " -j DROP",output,show_none) != 0)
mylog(log_warn, "iptables -I failed %d\n",i); mylog(log_warn, "iptables -I failed %d\n",i);
if (run_command(rule_keep_del[i], output,show_none) != 0) if (run_command(rule_keep_del[i], output,show_none) != 0)
@ -1196,8 +1173,8 @@ int clear_iptables_rule()
for(int i=0;i<=iptables_rule_keeped;i++ ) for(int i=0;i<=iptables_rule_keeped;i++ )
{ {
run_command(rule_keep_del[i],output); run_command(rule_keep_del[i],output);
run_command(dummy+"iptables -F "+chain[i],output); run_command(iptables_command+"-F "+chain[i],output);
run_command(dummy+"iptables -X "+chain[i],output); run_command(iptables_command+"-X "+chain[i],output);
} }
return 0; return 0;
} }

2
misc.h
View File

@ -51,7 +51,7 @@ const u32_t client_conn_uplink_timeout=client_conn_timeout+2000;//ms
const uint32_t server_conn_timeout=conv_timeout+60000;//ms. this should be 60s+ longer than conv_timeout,so that conv_manager can destruct convs gradually,to avoid latency glicth const uint32_t server_conn_timeout=conv_timeout+60000;//ms. this should be 60s+ longer than conv_timeout,so that conv_manager can destruct convs gradually,to avoid latency glicth
//const u32_t server_conn_timeout=conv_timeout+10000;//for test //const u32_t server_conn_timeout=conv_timeout+10000;//for test
const u32_t iptables_rule_keep_interval=15;//unit: second; const u32_t iptables_rule_keep_interval=20;//unit: second;
enum server_current_state_t {server_idle=0,server_handshake1,server_ready}; //server state machine enum server_current_state_t {server_idle=0,server_handshake1,server_ready}; //server state machine
enum client_current_state_t {client_idle=0,client_tcp_handshake,client_handshake1,client_handshake2,client_ready};//client state machine enum client_current_state_t {client_idle=0,client_tcp_handshake,client_handshake1,client_handshake2,client_ready};//client state machine