Hinzugefuegt:
authorms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Sat, 2 Sep 2006 20:18:51 +0000 (20:18 +0000)
committerms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Sat, 2 Sep 2006 20:18:51 +0000 (20:18 +0000)
  * QoS-Graphen jetzt auch für Unterklassen.
Fix:
  * restartsquid killt jetzt auch squidGuard.

git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@267 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

config/qos/parse-func.pl
doc/ChangeLog
src/misc-progs/restartsquid.c

index 0a25a35..9779315 100644 (file)
@@ -131,7 +131,7 @@ sub parse_class($) {
        my $line=$tc_output[$i];
        # Parsing HTB:
        # ------------
-       if ( $line =~ m/class htb (\d+):(\d+)( root| parent )?(\d+:\d?)?( leaf )?(\d+)?:?( prio )?(\d+)? rate (.*) ceil (.*) burst (.*) cburst (.*)/ ) {
+       if ( $line =~ m/class htb (\d+):(\d+)( root| parent )?(\d+:\d+)?( leaf )?(\d+)?:?( prio )?(\d+)? rate (.*) ceil (.*) burst (.*) cburst (.*)/ ) {
            my $type  = "htb";
            my $major = $1;
            my $minor = $2;
index 4e0c7ba..b3714cb 100644 (file)
@@ -1,4 +1,13 @@
 ------------------------------------------------------------------------
+r266 | ms | 2006-09-02 14:21:49 +0200 (Sat, 02 Sep 2006) | 6 lines
+
+Geaendert:
+  * redirect-Seite
+  * Grub Savedefault und Bootoptionen
+  * Pakfire - Fix
+Hinzugefuegt:
+  * Samba.cgi - experimental
+------------------------------------------------------------------------
 r265 | ms | 2006-08-30 20:56:53 +0200 (Wed, 30 Aug 2006) | 1 line
 
 Direkt ein Fix fuer eben genannte Sachen...
index 579109b..6218d1c 100644 (file)
-/* SmoothWall helper program - restartsquid\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence.  See the file COPYING for details.\r
- *\r
- * (c) Lawrence Manning, 2001\r
- * Restarting squid with transparent proxying.\r
- *\r
- * 05/02/2004 - Roy Walker <rwalker@miracomnetwork.com>\r
- * Exclude red network from transparent proxy to allow browsing to alias IPs\r
- * Read in VPN settings and exclude each VPN network from transparent proxy\r
- * \r
- * $Id: restartsquid.c,v 1.7.2.8 2005/04/22 18:44:37 rkerr Exp $\r
- * \r
- */\r
\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <unistd.h>\r
-#include <stdlib.h>\r
-#include <pwd.h>\r
-#include <sys/types.h>\r
-#include <sys/stat.h>\r
-#include <fcntl.h>\r
-#include "libsmooth.h"\r
-#include "setuid.h"\r
-\r
-int main(int argc, char *argv[])\r
-{\r
-       int fd = -1;\r
-       int enable = 0;\r
-       int enablevpn = 0;\r
-       int transparent = 0;\r
-       int enable_blue = 0;\r
-       int transparent_blue = 0;\r
-       int running = 0;\r
-       struct stat st;\r
-       FILE *ipfile;\r
-       char localip[STRING_SIZE] = "";\r
-       struct keyvalue *net = NULL;\r
-       struct keyvalue *squid = NULL;\r
-       char buffer[STRING_SIZE];\r
-       char proxy_port[STRING_SIZE];\r
-       char s[STRING_SIZE];\r
-       char green_dev[STRING_SIZE] = "";\r
-       char blue_dev[STRING_SIZE] = "";\r
-       char red_netaddress[STRING_SIZE] = "";\r
-       char red_netmask[STRING_SIZE] = "";\r
-       char configtype[STRING_SIZE] = "";\r
-       char redtype[STRING_SIZE] = "";\r
-       char enableredvpn[STRING_SIZE] = "";\r
-       char enablebluevpn[STRING_SIZE] = "";\r
-\r
-       if (!(initsetuid()))\r
-               exit(1);\r
-\r
-       /* Kill running squid */\r
-       safe_system("/sbin/iptables -t nat -F SQUID");\r
-       safe_system("/usr/sbin/squid -k shutdown >/dev/null 2>/dev/null");\r
-       sleep(5);\r
-       safe_system("/bin/killall -9 squid >/dev/null 2>/dev/null");\r
-       \r
-       /* See if proxy is enabled and / or transparent */\r
-       if ((fd = open(CONFIG_ROOT "/proxy/enable", O_RDONLY)) != -1)\r
-       {\r
-               close(fd);\r
-               enable = 1;\r
-       }\r
-       if ((fd = open(CONFIG_ROOT "/proxy/transparent", O_RDONLY)) != -1)\r
-       {\r
-               close(fd);\r
-               transparent = 1;\r
-       }\r
-       if ((fd = open(CONFIG_ROOT "/proxy/enable_blue", O_RDONLY)) != -1)\r
-       {\r
-               close(fd);\r
-               enable_blue = 1;\r
-       }\r
-       if ((fd = open(CONFIG_ROOT "/proxy/transparent_blue", O_RDONLY)) != -1)\r
-       {\r
-               close(fd);\r
-               transparent_blue = 1;\r
-       }\r
-\r
-       /* Read the network configuration */\r
-       net=initkeyvalues();\r
-       if (!readkeyvalues(net, CONFIG_ROOT "/ethernet/settings"))\r
-       {\r
-               fprintf(stderr, "Cannot read ethernet settings\n");\r
-               exit(1);\r
-       }\r
-       if (!findkey(net, "GREEN_DEV", green_dev))\r
-       {\r
-               fprintf(stderr, "Cannot read GREEN_DEV\n");\r
-               exit(1);\r
-       }\r
-       if (!VALID_DEVICE(green_dev))\r
-       {\r
-               fprintf(stderr, "Bad GREEN_DEV: %s\n", green_dev);\r
-               exit(1);\r
-       }\r
-       if (!findkey(net, "CONFIG_TYPE", configtype))\r
-       {\r
-               fprintf(stderr, "Cannot read CONFIG_TYPE\n");\r
-               exit(1);\r
-       }\r
-\r
-       findkey(net, "RED_TYPE", redtype);\r
-       findkey(net, "RED_NETADDRESS", red_netaddress);\r
-       findkey(net, "RED_NETMASK", red_netmask);\r
-       findkey(net, "BLUE_DEV", blue_dev);\r
-       freekeyvalues(net);\r
-\r
-       /* See if VPN software is enabled */\r
-       net=initkeyvalues();\r
-       if (!readkeyvalues(net, CONFIG_ROOT "/vpn/settings"))\r
-       {\r
-               fprintf(stderr, "Cannot read vpn settings\n");\r
-               exit(1);\r
-       }\r
-       findkey(net, "ENABLED", enableredvpn);\r
-       findkey(net, "ENABLED_BLUE", enablebluevpn);\r
-       freekeyvalues(net);\r
-       if (    (!strcmp(enableredvpn, "on") && VALID_IP(localip)) || \r
-               (!strcmp(enablebluevpn, "on") && VALID_DEVICE(blue_dev)) ) {\r
-                       enablevpn = 1;\r
-       }\r
-\r
-       /* Retrieve the Squid pid file */\r
-       if ((fd = open("/var/run/squid.pid", O_RDONLY)) != -1)\r
-       {\r
-               close(fd);\r
-               running = 1;\r
-       }\r
-\r
-       /* Retrieve the RED ip address */\r
-       stat(CONFIG_ROOT "/red/local-ipaddress", &st);\r
-       if (S_ISREG(st.st_mode)) {\r
-               if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))\r
-               {\r
-                       fprintf(stderr, "Couldn't open ip file\n");\r
-                       exit(0); \r
-               }\r
-               if (fgets(localip, STRING_SIZE, ipfile))\r
-               {\r
-                       if (localip[strlen(localip) - 1] == '\n')\r
-                               localip[strlen(localip) - 1] = '\0';\r
-               }\r
-               fclose(ipfile);\r
-               if (!VALID_IP(localip))\r
-               {\r
-                       fprintf(stderr, "Bad ip: %s\n", localip);\r
-                       exit(0);\r
-               }\r
-       }\r
-\r
-       /* See if we need to flush the cache */\r
-       if (argc >=2) {\r
-               if (strcmp(argv[1], "-f") == 0) {\r
-                       if (stat("/var/log/cache/swap.state", &st) == 0) {\r
-                               struct passwd *pw;\r
-                               if((pw = getpwnam("squid"))) {\r
-                                       endpwent(); /* probably paranoia, but just in case.. */\r
-                                       unpriv_system("/bin/echo > /var/log/cache/swap.state", pw->pw_uid, pw->pw_gid);\r
-                               } else { endpwent(); }\r
-                       }\r
-               }\r
-       }\r
-\r
-       if (enable || enable_blue)\r
-       {\r
-               safe_system("/usr/sbin/squid -D -z"); \r
-               safe_system("/usr/sbin/squid -D");\r
-       }\r
-\r
-       /* Retrieve the proxy port */\r
-       if (transparent || transparent_blue) {\r
-               squid=initkeyvalues();\r
-\r
-               if (!readkeyvalues(squid, CONFIG_ROOT "/proxy/settings"))\r
-               {\r
-                       fprintf(stderr, "Cannot read proxy settings\n");\r
-                       exit(1);\r
-               }\r
-\r
-               if (!(findkey(squid, "PROXY_PORT", proxy_port)))\r
-               {\r
-                       strcpy (proxy_port, "800");\r
-               } else {\r
-                       if(strspn(proxy_port, NUMBERS) != strlen(proxy_port))\r
-                       {\r
-                               fprintf(stderr, "Invalid proxy port: %s, defaulting to 800\n", proxy_port);\r
-                               strcpy(proxy_port, "800");\r
-                       }\r
-               }\r
-               freekeyvalues(squid);\r
-       }\r
-\r
-       if (transparent && enable) {\r
-               int count;\r
-               char *result;\r
-               char *name;\r
-               char *type;\r
-               char *running;\r
-               char *vpn_network_mask;\r
-               char *vpn_netaddress;\r
-               char *vpn_netmask;\r
-               FILE *file = NULL;\r
-               char *conn_enabled;\r
-               \r
-               /* Darren Critchley - check to see if RED VPN is enabled before mucking with rules */\r
-               if (!strcmp(enableredvpn, "on")) {\r
-                       /* Read the /vpn/config file - no check to see if VPN is enabled */\r
-                       if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {\r
-                               fprintf(stderr, "Couldn't open vpn config file");\r
-                               exit(1);\r
-                       }\r
-\r
-                               while (fgets(s, STRING_SIZE, file) != NULL) {\r
-                                       if (s[strlen(s) - 1] == '\n')\r
-                                               s[strlen(s) - 1] = '\0';\r
-                                       running = strdup (s);\r
-                                       result = strsep(&running, ",");\r
-                                       count = 0;\r
-                                       name = NULL;\r
-                                       type = NULL;\r
-                                       vpn_network_mask = NULL;\r
-                                       conn_enabled = NULL;\r
-                                       while (result) {\r
-                                               if (count == 1)\r
-                                                       conn_enabled = result;\r
-                                               if (count == 2)\r
-                                                       name = result;\r
-                                               if (count == 4)\r
-                                                       type = result;\r
-                                               if (count == 12 )\r
-                                                       vpn_network_mask = result;\r
-                                               count++;\r
-                                               result = strsep(&running, ",");\r
-                                       }\r
-       \r
-                                       if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {\r
-                                               fprintf(stderr, "Bad connection name: %s\n", name);\r
-                                               exit(1);\r
-                                       }\r
-       \r
-                                       if (! (strcmp(type, "net") == 0)) {\r
-                                               continue;\r
-                                       }\r
-       \r
-                                       /* Darren Critchley - new check to see if connection is enabled */\r
-                                       if (! (strcmp(conn_enabled, "on") == 0)) {\r
-                                               continue;\r
-                                       }\r
-       \r
-                                       result = strsep(&vpn_network_mask, "/");\r
-                                       count = 0;\r
-                                       vpn_netaddress = NULL;\r
-                                       vpn_netmask = NULL;\r
-                                       while (result) {\r
-                                               if (count == 0)\r
-                                                       vpn_netaddress = result;\r
-                                               if (count == 1)\r
-                                                       vpn_netmask = result;\r
-                                               count++;\r
-                                               result = strsep(&vpn_network_mask, "/");\r
-                                       }\r
-       \r
-                                       if (!VALID_IP(vpn_netaddress)) {\r
-                                               fprintf(stderr, "Bad network for vpn connection %s: %s\n", name, vpn_netaddress);\r
-                                               continue;\r
-                                       }\r
-       \r
-                                       if ((!VALID_IP(vpn_netmask)) && (!VALID_SHORT_MASK(vpn_netmask))) {\r
-                                               fprintf(stderr, "Bad mask for vpn connection %s: %s\n", name, vpn_netmask);\r
-                                               continue;\r
-                                       }\r
-       \r
-                                       memset(buffer, 0, STRING_SIZE);\r
-                                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", green_dev, vpn_netaddress, vpn_netmask) >= STRING_SIZE )\r
-                                       {\r
-                                               fprintf(stderr, "Command too long\n");\r
-                                               exit(1);\r
-                                       }\r
-                                       safe_system(buffer);\r
-                               }\r
-               }       \r
-               \r
-               memset(buffer, 0, STRING_SIZE);\r
-               if ( (  (strcmp(configtype, "2")==0) || (strcmp(configtype, "3")==0)  || \r
-                       (strcmp(configtype, "6")==0) || (strcmp(configtype, "7")==0) ) &&\r
-                       (VALID_IP(red_netaddress)) && (VALID_IP(red_netmask)) && \r
-                       (strcmp(redtype, "STATIC")==0) ) \r
-               {\r
-                       memset(buffer, 0, STRING_SIZE);\r
-                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", green_dev, red_netaddress, red_netmask) >= STRING_SIZE )\r
-                       {\r
-                               fprintf(stderr, "Command too long\n");\r
-                               exit(1);\r
-                       }\r
-                       safe_system(buffer);\r
-               } else if (VALID_IP(localip)) {\r
-                       memset(buffer, 0, STRING_SIZE);\r
-                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN", green_dev, localip) >= STRING_SIZE )\r
-                       {\r
-                               fprintf(stderr, "Command too long\n");\r
-                               exit(1);\r
-                       }\r
-                       safe_system(buffer);\r
-               }\r
-\r
-               memset(buffer, 0, STRING_SIZE);\r
-               if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s", green_dev, proxy_port) >= STRING_SIZE )\r
-               {\r
-                       fprintf(stderr, "Command too long\n");\r
-                       exit(1);\r
-               }\r
-               safe_system(buffer);\r
-       }\r
-\r
-       if (transparent_blue && enable_blue) {\r
-               int count;\r
-               char *result;\r
-               char *name;\r
-               char *type;\r
-               char *running;\r
-               char *vpn_network_mask;\r
-               char *vpn_netaddress;\r
-               char *vpn_netmask;\r
-               char *conn_enabled;\r
-               FILE *file = NULL;\r
-\r
-               if (! VALID_DEVICE(blue_dev))\r
-               {\r
-                       fprintf(stderr, "Bad BLUE_DEV: %s\n", blue_dev);\r
-                       exit(1);\r
-               }\r
-\r
-               /* Darren Critchley - check to see if BLUE VPN is enabled before mucking with rules */\r
-               if (!strcmp(enablebluevpn, "on")) {\r
-                       /* Read the /vpn/config file - no check to see if VPN is enabled */\r
-                       if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {\r
-                               fprintf(stderr, "Couldn't open vpn config file");\r
-                               exit(1);\r
-                               }\r
-                               while (fgets(s, STRING_SIZE, file) != NULL) {\r
-                                       if (s[strlen(s) - 1] == '\n')\r
-                                               s[strlen(s) - 1] = '\0';\r
-                                       running = strdup (s);\r
-                                       result = strsep(&running, ",");\r
-                                       count = 0;\r
-                                       name = NULL;\r
-                                       type = NULL;\r
-                                       vpn_network_mask = NULL;\r
-                                       conn_enabled = NULL;\r
-                                       while (result) {\r
-                                               if (count == 1)\r
-                                                       conn_enabled = result;\r
-                                               if (count == 2)\r
-                                                       name = result;\r
-                                               if (count == 4)\r
-                                                       type = result;\r
-                                               if (count == 12 )\r
-                                                       vpn_network_mask = result;\r
-                                               count++;\r
-                                               result = strsep(&running, ",");\r
-                                       }\r
-       \r
-                                       if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {\r
-                                               fprintf(stderr, "Bad connection name: %s\n", name);\r
-                                               exit(1);\r
-                                       }\r
-       \r
-                                       if (! (strcmp(type, "net") == 0)) {\r
-                                               continue;\r
-                                       }\r
-       \r
-                                       /* Darren Critchley - new check to see if connection is enabled */\r
-                                       if (! (strcmp(conn_enabled, "on") == 0)) {\r
-                                               continue;\r
-                                       }\r
-       \r
-                                       result = strsep(&vpn_network_mask, "/");\r
-                                       count = 0;\r
-                                       vpn_netaddress = NULL;\r
-                                       vpn_netmask = NULL;\r
-                                       while (result) {\r
-                                               if (count == 0)\r
-                                                       vpn_netaddress = result;\r
-                                               if (count == 1)\r
-                                                       vpn_netmask = result;\r
-                                               count++;\r
-                                               result = strsep(&vpn_network_mask, "/");\r
-                                       }\r
-       \r
-                                       if (!VALID_IP(vpn_netaddress)) {\r
-                                               fprintf(stderr, "Bad network for vpn connection %s: %s\n", name, vpn_netaddress);\r
-                                               continue;\r
-                                       }\r
-       \r
-                                       if ((!VALID_IP(vpn_netmask)) && (!VALID_SHORT_MASK(vpn_netmask))) {\r
-                                               fprintf(stderr, "Bad mask for vpn connection %s: %s\n", name, vpn_netmask);\r
-                                               continue;\r
-                                       }\r
-       \r
-                                       memset(buffer, 0, STRING_SIZE);\r
-                                       if (snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", blue_dev, vpn_netaddress, vpn_netmask) >= STRING_SIZE )\r
-                                       {\r
-                                               fprintf(stderr, "Command too long\n");\r
-                                               exit(1);\r
-                                       }\r
-                                       safe_system(buffer);\r
-                               }\r
-               }\r
-       \r
-               memset(buffer, 0, STRING_SIZE);\r
-               if ( (  (strcmp(configtype, "2")==0) || (strcmp(configtype, "3")==0)  ||\r
-                       (strcmp(configtype, "6")==0) || (strcmp(configtype, "7")==0) ) &&\r
-                       (VALID_IP(red_netaddress)) && (VALID_IP(red_netmask)) &&\r
-                       (strcmp(redtype, "STATIC")==0) )\r
-               {\r
-                       memset(buffer, 0, STRING_SIZE);\r
-                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", blue_dev, red_netaddress, red_netmask) >= STRING_SIZE )\r
-                       {\r
-                               fprintf(stderr, "Command too long\n");\r
-                               exit(1);\r
-                       }\r
-                       safe_system(buffer);\r
-               } else if (VALID_IP(localip)) {\r
-                       memset(buffer, 0, STRING_SIZE);\r
-                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN", blue_dev, localip) >= STRING_SIZE )\r
-                       {\r
-                               fprintf(stderr, "Command too long\n");\r
-                               exit(1);\r
-                       }\r
-                       safe_system(buffer);\r
-               }\r
-\r
-               memset(buffer, 0, STRING_SIZE);\r
-               if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s", blue_dev, proxy_port) >= STRING_SIZE )\r
-               {\r
-                       fprintf(stderr, "Command too long\n");\r
-                       exit(1);\r
-               }\r
-               safe_system(buffer);\r
-       }\r
-       \r
-       return 0;\r
-}\r
+/* SmoothWall helper program - restartsquid
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence.  See the file COPYING for details.
+ *
+ * (c) Lawrence Manning, 2001
+ * Restarting squid with transparent proxying.
+ *
+ * 05/02/2004 - Roy Walker <rwalker@miracomnetwork.com>
+ * Exclude red network from transparent proxy to allow browsing to alias IPs
+ * Read in VPN settings and exclude each VPN network from transparent proxy
+ * 
+ * $Id: restartsquid.c,v 1.7.2.8 2005/04/22 18:44:37 rkerr Exp $
+ * 
+ */
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include "libsmooth.h"
+#include "setuid.h"
+
+int main(int argc, char *argv[])
+{
+       int fd = -1;
+       int enable = 0;
+       int enablevpn = 0;
+       int transparent = 0;
+       int enable_blue = 0;
+       int transparent_blue = 0;
+       int running = 0;
+       struct stat st;
+       FILE *ipfile;
+       char localip[STRING_SIZE] = "";
+       struct keyvalue *net = NULL;
+       struct keyvalue *squid = NULL;
+       char buffer[STRING_SIZE];
+       char proxy_port[STRING_SIZE];
+       char s[STRING_SIZE];
+       char green_dev[STRING_SIZE] = "";
+       char blue_dev[STRING_SIZE] = "";
+       char red_netaddress[STRING_SIZE] = "";
+       char red_netmask[STRING_SIZE] = "";
+       char configtype[STRING_SIZE] = "";
+       char redtype[STRING_SIZE] = "";
+       char enableredvpn[STRING_SIZE] = "";
+       char enablebluevpn[STRING_SIZE] = "";
+
+       if (!(initsetuid()))
+               exit(1);
+
+       /* Kill running squid */
+       safe_system("/sbin/iptables -t nat -F SQUID");
+       safe_system("/usr/sbin/squid -k shutdown >/dev/null 2>/dev/null");
+       sleep(5);
+       safe_system("/bin/killall -9 squid squidGuard >/dev/null 2>/dev/null");
+       
+       /* See if proxy is enabled and / or transparent */
+       if ((fd = open(CONFIG_ROOT "/proxy/enable", O_RDONLY)) != -1)
+       {
+               close(fd);
+               enable = 1;
+       }
+       if ((fd = open(CONFIG_ROOT "/proxy/transparent", O_RDONLY)) != -1)
+       {
+               close(fd);
+               transparent = 1;
+       }
+       if ((fd = open(CONFIG_ROOT "/proxy/enable_blue", O_RDONLY)) != -1)
+       {
+               close(fd);
+               enable_blue = 1;
+       }
+       if ((fd = open(CONFIG_ROOT "/proxy/transparent_blue", O_RDONLY)) != -1)
+       {
+               close(fd);
+               transparent_blue = 1;
+       }
+
+       /* Read the network configuration */
+       net=initkeyvalues();
+       if (!readkeyvalues(net, CONFIG_ROOT "/ethernet/settings"))
+       {
+               fprintf(stderr, "Cannot read ethernet settings\n");
+               exit(1);
+       }
+       if (!findkey(net, "GREEN_DEV", green_dev))
+       {
+               fprintf(stderr, "Cannot read GREEN_DEV\n");
+               exit(1);
+       }
+       if (!VALID_DEVICE(green_dev))
+       {
+               fprintf(stderr, "Bad GREEN_DEV: %s\n", green_dev);
+               exit(1);
+       }
+       if (!findkey(net, "CONFIG_TYPE", configtype))
+       {
+               fprintf(stderr, "Cannot read CONFIG_TYPE\n");
+               exit(1);
+       }
+
+       findkey(net, "RED_TYPE", redtype);
+       findkey(net, "RED_NETADDRESS", red_netaddress);
+       findkey(net, "RED_NETMASK", red_netmask);
+       findkey(net, "BLUE_DEV", blue_dev);
+       freekeyvalues(net);
+
+       /* See if VPN software is enabled */
+       net=initkeyvalues();
+       if (!readkeyvalues(net, CONFIG_ROOT "/vpn/settings"))
+       {
+               fprintf(stderr, "Cannot read vpn settings\n");
+               exit(1);
+       }
+       findkey(net, "ENABLED", enableredvpn);
+       findkey(net, "ENABLED_BLUE", enablebluevpn);
+       freekeyvalues(net);
+       if (    (!strcmp(enableredvpn, "on") && VALID_IP(localip)) || 
+               (!strcmp(enablebluevpn, "on") && VALID_DEVICE(blue_dev)) ) {
+                       enablevpn = 1;
+       }
+
+       /* Retrieve the Squid pid file */
+       if ((fd = open("/var/run/squid.pid", O_RDONLY)) != -1)
+       {
+               close(fd);
+               running = 1;
+       }
+
+       /* Retrieve the RED ip address */
+       stat(CONFIG_ROOT "/red/local-ipaddress", &st);
+       if (S_ISREG(st.st_mode)) {
+               if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))
+               {
+                       fprintf(stderr, "Couldn't open ip file\n");
+                       exit(0); 
+               }
+               if (fgets(localip, STRING_SIZE, ipfile))
+               {
+                       if (localip[strlen(localip) - 1] == '\n')
+                               localip[strlen(localip) - 1] = '\0';
+               }
+               fclose(ipfile);
+               if (!VALID_IP(localip))
+               {
+                       fprintf(stderr, "Bad ip: %s\n", localip);
+                       exit(0);
+               }
+       }
+
+       /* See if we need to flush the cache */
+       if (argc >=2) {
+               if (strcmp(argv[1], "-f") == 0) {
+                       if (stat("/var/log/cache/swap.state", &st) == 0) {
+                               struct passwd *pw;
+                               if((pw = getpwnam("squid"))) {
+                                       endpwent(); /* probably paranoia, but just in case.. */
+                                       unpriv_system("/bin/echo > /var/log/cache/swap.state", pw->pw_uid, pw->pw_gid);
+                               } else { endpwent(); }
+                       }
+               }
+       }
+
+       if (enable || enable_blue)
+       {
+               safe_system("/usr/sbin/squid -D -z"); 
+               safe_system("/usr/sbin/squid -D");
+       }
+
+       /* Retrieve the proxy port */
+       if (transparent || transparent_blue) {
+               squid=initkeyvalues();
+
+               if (!readkeyvalues(squid, CONFIG_ROOT "/proxy/settings"))
+               {
+                       fprintf(stderr, "Cannot read proxy settings\n");
+                       exit(1);
+               }
+
+               if (!(findkey(squid, "PROXY_PORT", proxy_port)))
+               {
+                       strcpy (proxy_port, "800");
+               } else {
+                       if(strspn(proxy_port, NUMBERS) != strlen(proxy_port))
+                       {
+                               fprintf(stderr, "Invalid proxy port: %s, defaulting to 800\n", proxy_port);
+                               strcpy(proxy_port, "800");
+                       }
+               }
+               freekeyvalues(squid);
+       }
+
+       if (transparent && enable) {
+               int count;
+               char *result;
+               char *name;
+               char *type;
+               char *running;
+               char *vpn_network_mask;
+               char *vpn_netaddress;
+               char *vpn_netmask;
+               FILE *file = NULL;
+               char *conn_enabled;
+               
+               /* Darren Critchley - check to see if RED VPN is enabled before mucking with rules */
+               if (!strcmp(enableredvpn, "on")) {
+                       /* Read the /vpn/config file - no check to see if VPN is enabled */
+                       if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
+                               fprintf(stderr, "Couldn't open vpn config file");
+                               exit(1);
+                       }
+
+                               while (fgets(s, STRING_SIZE, file) != NULL) {
+                                       if (s[strlen(s) - 1] == '\n')
+                                               s[strlen(s) - 1] = '\0';
+                                       running = strdup (s);
+                                       result = strsep(&running, ",");
+                                       count = 0;
+                                       name = NULL;
+                                       type = NULL;
+                                       vpn_network_mask = NULL;
+                                       conn_enabled = NULL;
+                                       while (result) {
+                                               if (count == 1)
+                                                       conn_enabled = result;
+                                               if (count == 2)
+                                                       name = result;
+                                               if (count == 4)
+                                                       type = result;
+                                               if (count == 12 )
+                                                       vpn_network_mask = result;
+                                               count++;
+                                               result = strsep(&running, ",");
+                                       }
+       
+                                       if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {
+                                               fprintf(stderr, "Bad connection name: %s\n", name);
+                                               exit(1);
+                                       }
+       
+                                       if (! (strcmp(type, "net") == 0)) {
+                                               continue;
+                                       }
+       
+                                       /* Darren Critchley - new check to see if connection is enabled */
+                                       if (! (strcmp(conn_enabled, "on") == 0)) {
+                                               continue;
+                                       }
+       
+                                       result = strsep(&vpn_network_mask, "/");
+                                       count = 0;
+                                       vpn_netaddress = NULL;
+                                       vpn_netmask = NULL;
+                                       while (result) {
+                                               if (count == 0)
+                                                       vpn_netaddress = result;
+                                               if (count == 1)
+                                                       vpn_netmask = result;
+                                               count++;
+                                               result = strsep(&vpn_network_mask, "/");
+                                       }
+       
+                                       if (!VALID_IP(vpn_netaddress)) {
+                                               fprintf(stderr, "Bad network for vpn connection %s: %s\n", name, vpn_netaddress);
+                                               continue;
+                                       }
+       
+                                       if ((!VALID_IP(vpn_netmask)) && (!VALID_SHORT_MASK(vpn_netmask))) {
+                                               fprintf(stderr, "Bad mask for vpn connection %s: %s\n", name, vpn_netmask);
+                                               continue;
+                                       }
+       
+                                       memset(buffer, 0, STRING_SIZE);
+                                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", green_dev, vpn_netaddress, vpn_netmask) >= STRING_SIZE )
+                                       {
+                                               fprintf(stderr, "Command too long\n");
+                                               exit(1);
+                                       }
+                                       safe_system(buffer);
+                               }
+               }       
+               
+               memset(buffer, 0, STRING_SIZE);
+               if ( (  (strcmp(configtype, "2")==0) || (strcmp(configtype, "3")==0)  || 
+                       (strcmp(configtype, "6")==0) || (strcmp(configtype, "7")==0) ) &&
+                       (VALID_IP(red_netaddress)) && (VALID_IP(red_netmask)) && 
+                       (strcmp(redtype, "STATIC")==0) ) 
+               {
+                       memset(buffer, 0, STRING_SIZE);
+                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", green_dev, red_netaddress, red_netmask) >= STRING_SIZE )
+                       {
+                               fprintf(stderr, "Command too long\n");
+                               exit(1);
+                       }
+                       safe_system(buffer);
+               } else if (VALID_IP(localip)) {
+                       memset(buffer, 0, STRING_SIZE);
+                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN", green_dev, localip) >= STRING_SIZE )
+                       {
+                               fprintf(stderr, "Command too long\n");
+                               exit(1);
+                       }
+                       safe_system(buffer);
+               }
+
+               memset(buffer, 0, STRING_SIZE);
+               if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s", green_dev, proxy_port) >= STRING_SIZE )
+               {
+                       fprintf(stderr, "Command too long\n");
+                       exit(1);
+               }
+               safe_system(buffer);
+       }
+
+       if (transparent_blue && enable_blue) {
+               int count;
+               char *result;
+               char *name;
+               char *type;
+               char *running;
+               char *vpn_network_mask;
+               char *vpn_netaddress;
+               char *vpn_netmask;
+               char *conn_enabled;
+               FILE *file = NULL;
+
+               if (! VALID_DEVICE(blue_dev))
+               {
+                       fprintf(stderr, "Bad BLUE_DEV: %s\n", blue_dev);
+                       exit(1);
+               }
+
+               /* Darren Critchley - check to see if BLUE VPN is enabled before mucking with rules */
+               if (!strcmp(enablebluevpn, "on")) {
+                       /* Read the /vpn/config file - no check to see if VPN is enabled */
+                       if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
+                               fprintf(stderr, "Couldn't open vpn config file");
+                               exit(1);
+                               }
+                               while (fgets(s, STRING_SIZE, file) != NULL) {
+                                       if (s[strlen(s) - 1] == '\n')
+                                               s[strlen(s) - 1] = '\0';
+                                       running = strdup (s);
+                                       result = strsep(&running, ",");
+                                       count = 0;
+                                       name = NULL;
+                                       type = NULL;
+                                       vpn_network_mask = NULL;
+                                       conn_enabled = NULL;
+                                       while (result) {
+                                               if (count == 1)
+                                                       conn_enabled = result;
+                                               if (count == 2)
+                                                       name = result;
+                                               if (count == 4)
+                                                       type = result;
+                                               if (count == 12 )
+                                                       vpn_network_mask = result;
+                                               count++;
+                                               result = strsep(&running, ",");
+                                       }
+       
+                                       if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {
+                                               fprintf(stderr, "Bad connection name: %s\n", name);
+                                               exit(1);
+                                       }
+       
+                                       if (! (strcmp(type, "net") == 0)) {
+                                               continue;
+                                       }
+       
+                                       /* Darren Critchley - new check to see if connection is enabled */
+                                       if (! (strcmp(conn_enabled, "on") == 0)) {
+                                               continue;
+                                       }
+       
+                                       result = strsep(&vpn_network_mask, "/");
+                                       count = 0;
+                                       vpn_netaddress = NULL;
+                                       vpn_netmask = NULL;
+                                       while (result) {
+                                               if (count == 0)
+                                                       vpn_netaddress = result;
+                                               if (count == 1)
+                                                       vpn_netmask = result;
+                                               count++;
+                                               result = strsep(&vpn_network_mask, "/");
+                                       }
+       
+                                       if (!VALID_IP(vpn_netaddress)) {
+                                               fprintf(stderr, "Bad network for vpn connection %s: %s\n", name, vpn_netaddress);
+                                               continue;
+                                       }
+       
+                                       if ((!VALID_IP(vpn_netmask)) && (!VALID_SHORT_MASK(vpn_netmask))) {
+                                               fprintf(stderr, "Bad mask for vpn connection %s: %s\n", name, vpn_netmask);
+                                               continue;
+                                       }
+       
+                                       memset(buffer, 0, STRING_SIZE);
+                                       if (snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", blue_dev, vpn_netaddress, vpn_netmask) >= STRING_SIZE )
+                                       {
+                                               fprintf(stderr, "Command too long\n");
+                                               exit(1);
+                                       }
+                                       safe_system(buffer);
+                               }
+               }
+       
+               memset(buffer, 0, STRING_SIZE);
+               if ( (  (strcmp(configtype, "2")==0) || (strcmp(configtype, "3")==0)  ||
+                       (strcmp(configtype, "6")==0) || (strcmp(configtype, "7")==0) ) &&
+                       (VALID_IP(red_netaddress)) && (VALID_IP(red_netmask)) &&
+                       (strcmp(redtype, "STATIC")==0) )
+               {
+                       memset(buffer, 0, STRING_SIZE);
+                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", blue_dev, red_netaddress, red_netmask) >= STRING_SIZE )
+                       {
+                               fprintf(stderr, "Command too long\n");
+                               exit(1);
+                       }
+                       safe_system(buffer);
+               } else if (VALID_IP(localip)) {
+                       memset(buffer, 0, STRING_SIZE);
+                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN", blue_dev, localip) >= STRING_SIZE )
+                       {
+                               fprintf(stderr, "Command too long\n");
+                               exit(1);
+                       }
+                       safe_system(buffer);
+               }
+
+               memset(buffer, 0, STRING_SIZE);
+               if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s", blue_dev, proxy_port) >= STRING_SIZE )
+               {
+                       fprintf(stderr, "Command too long\n");
+                       exit(1);
+               }
+               safe_system(buffer);
+       }
+       
+       return 0;
+}