]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - src/misc-progs/restartsquid.c
1 /* SmoothWall helper program - restartsquid
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
6 * (c) Lawrence Manning, 2001
7 * Restarting squid with transparent proxying.
9 * 05/02/2004 - Roy Walker <rwalker@miracomnetwork.com>
10 * Exclude red network from transparent proxy to allow browsing to alias IPs
11 * Read in VPN settings and exclude each VPN network from transparent proxy
13 * $Id: restartsquid.c,v 1.7.2.8 2005/04/22 18:44:37 rkerr Exp $
22 #include <sys/types.h>
25 #include "libsmooth.h"
28 int main(int argc
, char *argv
[])
35 int transparent_blue
= 0;
39 char localip
[STRING_SIZE
] = "";
40 struct keyvalue
*net
= NULL
;
41 struct keyvalue
*squid
= NULL
;
42 char buffer
[STRING_SIZE
];
43 char proxy_port
[STRING_SIZE
];
45 char green_dev
[STRING_SIZE
] = "";
46 char blue_dev
[STRING_SIZE
] = "";
47 char red_netaddress
[STRING_SIZE
] = "";
48 char red_netmask
[STRING_SIZE
] = "";
49 char configtype
[STRING_SIZE
] = "";
50 char redtype
[STRING_SIZE
] = "";
51 char enableredvpn
[STRING_SIZE
] = "";
52 char enablebluevpn
[STRING_SIZE
] = "";
57 /* Kill running squid */
58 safe_system("/sbin/iptables -t nat -F SQUID");
59 safe_system("/usr/sbin/squid -k shutdown >/dev/null 2>/dev/null");
61 safe_system("/bin/killall -9 squid squidGuard >/dev/null 2>/dev/null");
63 /* See if proxy is enabled and / or transparent */
64 if ((fd
= open(CONFIG_ROOT
"/proxy/enable", O_RDONLY
)) != -1)
69 if ((fd
= open(CONFIG_ROOT
"/proxy/transparent", O_RDONLY
)) != -1)
74 if ((fd
= open(CONFIG_ROOT
"/proxy/enable_blue", O_RDONLY
)) != -1)
79 if ((fd
= open(CONFIG_ROOT
"/proxy/transparent_blue", O_RDONLY
)) != -1)
85 /* Read the network configuration */
87 if (!readkeyvalues(net
, CONFIG_ROOT
"/ethernet/settings"))
89 fprintf(stderr
, "Cannot read ethernet settings\n");
92 if (!findkey(net
, "GREEN_DEV", green_dev
))
94 fprintf(stderr
, "Cannot read GREEN_DEV\n");
97 if (!VALID_DEVICE(green_dev
))
99 fprintf(stderr
, "Bad GREEN_DEV: %s\n", green_dev
);
102 if (!findkey(net
, "CONFIG_TYPE", configtype
))
104 fprintf(stderr
, "Cannot read CONFIG_TYPE\n");
108 findkey(net
, "RED_TYPE", redtype
);
109 findkey(net
, "RED_NETADDRESS", red_netaddress
);
110 findkey(net
, "RED_NETMASK", red_netmask
);
111 findkey(net
, "BLUE_DEV", blue_dev
);
114 /* See if VPN software is enabled */
116 if (!readkeyvalues(net
, CONFIG_ROOT
"/vpn/settings"))
118 fprintf(stderr
, "Cannot read vpn settings\n");
121 findkey(net
, "ENABLED", enableredvpn
);
122 findkey(net
, "ENABLED_BLUE", enablebluevpn
);
124 if ( (!strcmp(enableredvpn
, "on") && VALID_IP(localip
)) ||
125 (!strcmp(enablebluevpn
, "on") && VALID_DEVICE(blue_dev
)) ) {
129 /* Retrieve the Squid pid file */
130 if ((fd
= open("/var/run/squid.pid", O_RDONLY
)) != -1)
136 /* Retrieve the RED ip address */
137 stat(CONFIG_ROOT
"/red/local-ipaddress", &st
);
138 if (S_ISREG(st
.st_mode
)) {
139 if (!(ipfile
= fopen(CONFIG_ROOT
"/red/local-ipaddress", "r")))
141 fprintf(stderr
, "Couldn't open ip file\n");
144 if (fgets(localip
, STRING_SIZE
, ipfile
))
146 if (localip
[strlen(localip
) - 1] == '\n')
147 localip
[strlen(localip
) - 1] = '\0';
150 if (!VALID_IP(localip
))
152 fprintf(stderr
, "Bad ip: %s\n", localip
);
157 /* See if we need to flush the cache */
159 if (strcmp(argv
[1], "-f") == 0) {
160 if (stat("/var/log/cache/swap.state", &st
) == 0) {
162 if((pw
= getpwnam("squid"))) {
163 endpwent(); /* probably paranoia, but just in case.. */
164 unpriv_system("/bin/echo > /var/log/cache/swap.state", pw
->pw_uid
, pw
->pw_gid
);
165 } else { endpwent(); }
170 if (enable
|| enable_blue
)
172 safe_system("/usr/sbin/squid -D -z");
173 safe_system("/usr/sbin/squid -D");
176 /* Retrieve the proxy port */
177 if (transparent
|| transparent_blue
) {
178 squid
=initkeyvalues();
180 if (!readkeyvalues(squid
, CONFIG_ROOT
"/proxy/settings"))
182 fprintf(stderr
, "Cannot read proxy settings\n");
186 if (!(findkey(squid
, "PROXY_PORT", proxy_port
)))
188 strcpy (proxy_port
, "800");
190 if(strspn(proxy_port
, NUMBERS
) != strlen(proxy_port
))
192 fprintf(stderr
, "Invalid proxy port: %s, defaulting to 800\n", proxy_port
);
193 strcpy(proxy_port
, "800");
196 freekeyvalues(squid
);
199 if (transparent
&& enable
) {
205 char *vpn_network_mask
;
206 char *vpn_netaddress
;
211 /* Darren Critchley - check to see if RED VPN is enabled before mucking with rules */
212 if (!strcmp(enableredvpn
, "on")) {
213 /* Read the /vpn/config file - no check to see if VPN is enabled */
214 if (!(file
= fopen(CONFIG_ROOT
"/vpn/config", "r"))) {
215 fprintf(stderr
, "Couldn't open vpn config file");
219 while (fgets(s
, STRING_SIZE
, file
) != NULL
) {
220 if (s
[strlen(s
) - 1] == '\n')
221 s
[strlen(s
) - 1] = '\0';
222 running
= strdup (s
);
223 result
= strsep(&running
, ",");
227 vpn_network_mask
= NULL
;
231 conn_enabled
= result
;
237 vpn_network_mask
= result
;
239 result
= strsep(&running
, ",");
242 if (strspn(name
, LETTERS_NUMBERS
) != strlen(name
)) {
243 fprintf(stderr
, "Bad connection name: %s\n", name
);
247 if (! (strcmp(type
, "net") == 0)) {
251 /* Darren Critchley - new check to see if connection is enabled */
252 if (! (strcmp(conn_enabled
, "on") == 0)) {
256 result
= strsep(&vpn_network_mask
, "/");
258 vpn_netaddress
= NULL
;
262 vpn_netaddress
= result
;
264 vpn_netmask
= result
;
266 result
= strsep(&vpn_network_mask
, "/");
269 if (!VALID_IP(vpn_netaddress
)) {
270 fprintf(stderr
, "Bad network for vpn connection %s: %s\n", name
, vpn_netaddress
);
274 if ((!VALID_IP(vpn_netmask
)) && (!VALID_SHORT_MASK(vpn_netmask
))) {
275 fprintf(stderr
, "Bad mask for vpn connection %s: %s\n", name
, vpn_netmask
);
279 memset(buffer
, 0, STRING_SIZE
);
280 if( snprintf(buffer
, STRING_SIZE
- 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", green_dev
, vpn_netaddress
, vpn_netmask
) >= STRING_SIZE
)
282 fprintf(stderr
, "Command too long\n");
289 memset(buffer
, 0, STRING_SIZE
);
290 if ( ( (strcmp(configtype
, "2")==0) || (strcmp(configtype
, "3")==0) ||
291 (strcmp(configtype
, "6")==0) || (strcmp(configtype
, "7")==0) ) &&
292 (VALID_IP(red_netaddress
)) && (VALID_IP(red_netmask
)) &&
293 (strcmp(redtype
, "STATIC")==0) )
295 memset(buffer
, 0, STRING_SIZE
);
296 if( snprintf(buffer
, STRING_SIZE
- 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", green_dev
, red_netaddress
, red_netmask
) >= STRING_SIZE
)
298 fprintf(stderr
, "Command too long\n");
302 } else if (VALID_IP(localip
)) {
303 memset(buffer
, 0, STRING_SIZE
);
304 if( snprintf(buffer
, STRING_SIZE
- 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN", green_dev
, localip
) >= STRING_SIZE
)
306 fprintf(stderr
, "Command too long\n");
312 memset(buffer
, 0, STRING_SIZE
);
313 if( snprintf(buffer
, STRING_SIZE
- 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s", green_dev
, proxy_port
) >= STRING_SIZE
)
315 fprintf(stderr
, "Command too long\n");
321 if (transparent_blue
&& enable_blue
) {
327 char *vpn_network_mask
;
328 char *vpn_netaddress
;
333 if (! VALID_DEVICE(blue_dev
))
335 fprintf(stderr
, "Bad BLUE_DEV: %s\n", blue_dev
);
339 /* Darren Critchley - check to see if BLUE VPN is enabled before mucking with rules */
340 if (!strcmp(enablebluevpn
, "on")) {
341 /* Read the /vpn/config file - no check to see if VPN is enabled */
342 if (!(file
= fopen(CONFIG_ROOT
"/vpn/config", "r"))) {
343 fprintf(stderr
, "Couldn't open vpn config file");
346 while (fgets(s
, STRING_SIZE
, file
) != NULL
) {
347 if (s
[strlen(s
) - 1] == '\n')
348 s
[strlen(s
) - 1] = '\0';
349 running
= strdup (s
);
350 result
= strsep(&running
, ",");
354 vpn_network_mask
= NULL
;
358 conn_enabled
= result
;
364 vpn_network_mask
= result
;
366 result
= strsep(&running
, ",");
369 if (strspn(name
, LETTERS_NUMBERS
) != strlen(name
)) {
370 fprintf(stderr
, "Bad connection name: %s\n", name
);
374 if (! (strcmp(type
, "net") == 0)) {
378 /* Darren Critchley - new check to see if connection is enabled */
379 if (! (strcmp(conn_enabled
, "on") == 0)) {
383 result
= strsep(&vpn_network_mask
, "/");
385 vpn_netaddress
= NULL
;
389 vpn_netaddress
= result
;
391 vpn_netmask
= result
;
393 result
= strsep(&vpn_network_mask
, "/");
396 if (!VALID_IP(vpn_netaddress
)) {
397 fprintf(stderr
, "Bad network for vpn connection %s: %s\n", name
, vpn_netaddress
);
401 if ((!VALID_IP(vpn_netmask
)) && (!VALID_SHORT_MASK(vpn_netmask
))) {
402 fprintf(stderr
, "Bad mask for vpn connection %s: %s\n", name
, vpn_netmask
);
406 memset(buffer
, 0, STRING_SIZE
);
407 if (snprintf(buffer
, STRING_SIZE
- 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", blue_dev
, vpn_netaddress
, vpn_netmask
) >= STRING_SIZE
)
409 fprintf(stderr
, "Command too long\n");
416 memset(buffer
, 0, STRING_SIZE
);
417 if ( ( (strcmp(configtype
, "2")==0) || (strcmp(configtype
, "3")==0) ||
418 (strcmp(configtype
, "6")==0) || (strcmp(configtype
, "7")==0) ) &&
419 (VALID_IP(red_netaddress
)) && (VALID_IP(red_netmask
)) &&
420 (strcmp(redtype
, "STATIC")==0) )
422 memset(buffer
, 0, STRING_SIZE
);
423 if( snprintf(buffer
, STRING_SIZE
- 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", blue_dev
, red_netaddress
, red_netmask
) >= STRING_SIZE
)
425 fprintf(stderr
, "Command too long\n");
429 } else if (VALID_IP(localip
)) {
430 memset(buffer
, 0, STRING_SIZE
);
431 if( snprintf(buffer
, STRING_SIZE
- 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN", blue_dev
, localip
) >= STRING_SIZE
)
433 fprintf(stderr
, "Command too long\n");
439 memset(buffer
, 0, STRING_SIZE
);
440 if( snprintf(buffer
, STRING_SIZE
- 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s", blue_dev
, proxy_port
) >= STRING_SIZE
)
442 fprintf(stderr
, "Command too long\n");