]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blame - src/misc-progs/openvpnctrl.c
projects / people / teissler / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
openvpnctrl: Remove unneeded code.
[people/teissler/ipfire-2.x.git] / src / misc-progs / openvpnctrl.c
CommitLineData
39877197 1#include <signal.h>
6e13d0a5
MT		 2#include <stdio.h>
3#include <string.h>
4#include <unistd.h>
5#include <stdlib.h>
6#include <sys/types.h>
3d1fbbb0
MT		 7#include <arpa/inet.h>
8#include <netinet/in.h>
6e13d0a5
MT		 9#include <fcntl.h>
10#include "setuid.h"
11#include "libsmooth.h"
12
c894a342 13#define noovpndebug
6e13d0a5
MT		 14
15// global vars
16 struct keyvalue *kv = NULL;
17 FILE *ifacefile = NULL;
18
19char redif[STRING_SIZE];
20char blueif[STRING_SIZE];
21char orangeif[STRING_SIZE];
22char enablered[STRING_SIZE] = "off";
23char enableblue[STRING_SIZE] = "off";
24char enableorange[STRING_SIZE] = "off";
25
26// consts
27char OVPNRED[STRING_SIZE] = "OVPN";
28char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
29char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
3d1fbbb0
MT		 30char OVPNNAT[STRING_SIZE] = "OVPNNAT";
31char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.3";
6925b8ef
AF		 32
33struct connection_struct {
34 char name[STRING_SIZE];
91a0a221 35 char type[STRING_SIZE];
6925b8ef 36 char proto[STRING_SIZE];
99b01b84 37 char status[STRING_SIZE];
3d1fbbb0
MT		 38 char local_subnet[STRING_SIZE];
39 char transfer_subnet[STRING_SIZE];
40 char role[STRING_SIZE];
6925b8ef
AF		 41 int port;
42 struct connection_struct *next;
43};
44
45typedef struct connection_struct connection;
6e13d0a5
MT		 46
47void exithandler(void)
48{
49 if(kv)
50 freekeyvalues(kv);
51 if (ifacefile)
52 fclose(ifacefile);
53}
54
55void usage(void)
56{
57#ifdef ovpndebug
07081137 58 printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION);
6e13d0a5 59#else
07081137 60 printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION);
6e13d0a5
MT		 61#endif
62 printf("openvpnctrl <option>\n");
63 printf(" Valid options are:\n");
64 printf(" -s --start\n");
65 printf(" starts OpenVPN (implicitly creates chains and firewall rules)\n");
66 printf(" -k --kill\n");
67 printf(" kills/stops OpenVPN\n");
68 printf(" -r --restart\n");
69 printf(" restarts OpenVPN (implicitly creates chains and firewall rules)\n");
64f0c354
MT		 70 printf(" -sn2n --start-net-2-net\n");
71 printf(" starts all net2net connections\n");
72 printf(" you may pass a connection name to the switch to only start a specific one\n");
73 printf(" -kn2n --kill-net-2-net\n");
74 printf(" kills all net2net connections\n");
75 printf(" you may pass a connection name to the switch to only start a specific one\n");
6e13d0a5
MT		 76 printf(" -d --display\n");
77 printf(" displays OpenVPN status to syslog\n");
78 printf(" -fwr --firewall-rules\n");
79 printf(" removes current OpenVPN chains and rules and resets them according to the config\n");
80 printf(" -sdo --start-daemon-only\n");
afabe9f7 81 printf(" starts OpenVPN daemon only\n");
6e13d0a5
MT		 82 printf(" -ccr --create-chains-and-rules\n");
83 printf(" creates chains and rules for OpenVPN\n");
84 printf(" -dcr --delete-chains-and-rules\n");
85 printf(" removes all chains for OpenVPN\n");
86 exit(1);
87}
88
6925b8ef
AF		 89connection *getConnections() {
90 FILE *fp = NULL;
91
92 if (!(fp = fopen(CONFIG_ROOT "/ovpn/ovpnconfig", "r"))) {
93 fprintf(stderr, "Could not open openvpn n2n configuration file.\n");
94 exit(1);
95 }
96
97 char line[STRING_SIZE] = "";
d4f2fb97
MT		 98 char result[STRING_SIZE] = "";
99 char *resultptr;
6925b8ef
AF		 100 int count;
101 connection *conn_first = NULL;
102 connection *conn_last = NULL;
103 connection *conn_curr;
104
105 while ((fgets(line, STRING_SIZE, fp) != NULL)) {
106 if (line[strlen(line) - 1] == '\n')
107 line[strlen(line) - 1] = '\0';
108
109 conn_curr = (connection *)malloc(sizeof(connection));
110 memset(conn_curr, 0, sizeof(connection));
111
112 if (conn_first == NULL) {
113 conn_first = conn_curr;
114 } else {
115 conn_last->next = conn_curr;
116 }
117 conn_last = conn_curr;
118
119 count = 0;
d4f2fb97
MT		 120 char *lineptr = &line;
121 while (1) {
122 if (*lineptr == NULL)
123 break;
124
125 resultptr = result;
126 while (*lineptr != NULL) {
127 if (*lineptr == ',') {
128 lineptr++;
129 break;
130 }
131 *resultptr++ = *lineptr++;
132 }
133 *resultptr = '\0';
134
99b01b84
MT		 135 if (count == 1) {
136 strcpy(conn_curr->status, result);
137 } else if (count == 2) {
6925b8ef 138 strcpy(conn_curr->name, result);
91a0a221
MT		 139 } else if (count == 4) {
140 strcpy(conn_curr->type, result);
3d1fbbb0
MT		 141 } else if (count == 7) {
142 strcpy(conn_curr->role, result);
143 } else if (count == 9) {
144 strcpy(conn_curr->local_subnet, result);
145 } else if (count == 28) {
146 strcpy(conn_curr->transfer_subnet, result);
d4f2fb97 147 } else if (count == 29) {
6925b8ef 148 strcpy(conn_curr->proto, result);
d4f2fb97 149 } else if (count == 30) {
6925b8ef
AF		 150 conn_curr->port = atoi(result);
151 }
152
6925b8ef
AF		 153 count++;
154 }
155 }
156
157 fclose(fp);
158
159 return conn_first;
160}
161
80ca8bd0
MT		 162int readPidFile(const char *pidfile) {
163 FILE *fp = fopen(pidfile, "r");
164 if (fp == NULL) {
165 fprintf(stderr, "PID file not found: '%s'\n", pidfile);
166 exit(1);
167 }
168
169 int pid = 0;
170 fscanf(fp, "%d", &pid);
171 fclose(fp);
172
173 return pid;
174}
175
6e13d0a5
MT		 176void ovpnInit(void) {
177
178 // Read OpenVPN configuration
179 kv = initkeyvalues();
180 if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings")) {
181 fprintf(stderr, "Cannot read ovpn settings\n");
182 exit(1);
183 }
184
185 if (!findkey(kv, "ENABLED", enablered)) {
186 fprintf(stderr, "Cannot read ENABLED\n");
187 exit(1);
188 }
189
190 if (!findkey(kv, "ENABLED_BLUE", enableblue)){
191 fprintf(stderr, "Cannot read ENABLED_BLUE\n");
192 exit(1);
193 }
194
195 if (!findkey(kv, "ENABLED_ORANGE", enableorange)){
196 fprintf(stderr, "Cannot read ENABLED_ORANGE\n");
197 exit(1);
198 }
199 freekeyvalues(kv);
200
201 // read interface settings
202
203 // details for the red int
204 memset(redif, 0, STRING_SIZE);
205 if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))
206 {
207 if (fgets(redif, STRING_SIZE, ifacefile))
208 {
209 if (redif[strlen(redif) - 1] == '\n')
210 redif[strlen(redif) - 1] = '\0';
211 }
212 fclose (ifacefile);
213 ifacefile = NULL;
214
215 if (!VALID_DEVICE(redif))
216 {
217 memset(redif, 0, STRING_SIZE);
218 }
219 }
220
221 kv=initkeyvalues();
222 if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
223 {
224 fprintf(stderr, "Cannot read ethernet settings\n");
225 exit(1);
226 }
227
228 if (strcmp(enableblue, "on")==0){
229 if (!findkey(kv, "BLUE_DEV", blueif)){
230 fprintf(stderr, "Cannot read BLUE_DEV\n");
231 exit(1);
232 }
233 }
234 if (strcmp(enableorange, "on")==0){
235 if (!findkey(kv, "ORANGE_DEV", orangeif)){
236 fprintf(stderr, "Cannot read ORNAGE_DEV\n");
237 exit(1);
238 }
239 }
240 freekeyvalues(kv);
241}
242
243void executeCommand(char *command) {
244#ifdef ovpndebug
245 printf(strncat(command, "\n", 2));
246#endif
247 safe_system(strncat(command, " >/dev/null 2>&1", 17));
248}
249
250void setChainRules(char *chain, char *interface, char *protocol, char *port)
251{
252 char str[STRING_SIZE];
07081137 253
6e13d0a5
MT		 254 sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, interface, protocol, port);
255 executeCommand(str);
6e13d0a5
MT		 256}
257
258void flushChain(char *chain) {
259 char str[STRING_SIZE];
260
261 sprintf(str, "/sbin/iptables -F %sINPUT", chain);
262 executeCommand(str);
6e13d0a5
MT		 263}
264
3d1fbbb0
MT		 265void flushChainNAT(char *chain) {
266 char str[STRING_SIZE];
267
268 sprintf(str, "/sbin/iptables -t nat -F %s", chain);
269 executeCommand(str);
270}
271
6e13d0a5
MT		 272void deleteChainReference(char *chain) {
273 char str[STRING_SIZE];
274
275 sprintf(str, "/sbin/iptables -D INPUT -j %sINPUT", chain);
276 executeCommand(str);
6e13d0a5
MT		 277}
278
279void deleteChain(char *chain) {
280 char str[STRING_SIZE];
281
282 sprintf(str, "/sbin/iptables -X %sINPUT", chain);
283 executeCommand(str);
6e13d0a5
MT		 284}
285
286void deleteAllChains(void) {
287 // not an elegant solution, but to avoid timing problems with undeleted chain references
288 deleteChainReference(OVPNRED);
289 deleteChainReference(OVPNBLUE);
290 deleteChainReference(OVPNORANGE);
291 flushChain(OVPNRED);
292 flushChain(OVPNBLUE);
293 flushChain(OVPNORANGE);
294 deleteChain(OVPNRED);
295 deleteChain(OVPNBLUE);
296 deleteChain(OVPNORANGE);
297}
298
299void createChainReference(char *chain) {
300 char str[STRING_SIZE];
301 sprintf(str, "/sbin/iptables -I INPUT %s -j %sINPUT", "14", chain);
302 executeCommand(str);
6e13d0a5
MT		 303}
304
305void createChain(char *chain) {
306 char str[STRING_SIZE];
307 sprintf(str, "/sbin/iptables -N %sINPUT", chain);
308 executeCommand(str);
6e13d0a5
MT		 309}
310
311void createAllChains(void) {
858d8d90
MT		 312 // create chain and chain references
313 if (!strcmp(enableorange, "on")) {
314 if (strlen(orangeif)) {
315 createChain(OVPNORANGE);
316 createChainReference(OVPNORANGE);
317 } else {
318 fprintf(stderr, "OpenVPN enabled on orange but no orange interface found\n");
319 //exit(1);
6e13d0a5 320 }
858d8d90
MT		 321 }
322
323 if (!strcmp(enableblue, "on")) {
324 if (strlen(blueif)) {
325 createChain(OVPNBLUE);
326 createChainReference(OVPNBLUE);
327 } else {
328 fprintf(stderr, "OpenVPN enabled on blue but no blue interface found\n");
329 //exit(1);
6e13d0a5 330 }
858d8d90
MT		 331 }
332
333 if (!strcmp(enablered, "on")) {
334 if (strlen(redif)) {
335 createChain(OVPNRED);
336 createChainReference(OVPNRED);
337 } else {
338 fprintf(stderr, "OpenVPN enabled on red but no red interface found\n");
339 //exit(1);
6e13d0a5
MT		 340 }
341 }
342}
343
3d1fbbb0 344char* calcTransferNetAddress(const connection* conn) {
a19ff965
MT		 345 char *subnetmask = strdup(conn->transfer_subnet);
346 char *address = strsep(&subnetmask, "/");
3d1fbbb0 347
cdbe3504
MT		 348 if ((address == NULL) || (subnetmask == NULL)) {
349 goto ERROR;
350 }
351
a19ff965
MT		 352 in_addr_t _address = inet_addr(address);
353 in_addr_t _subnetmask = inet_addr(subnetmask);
354 _address &= _subnetmask;
3d1fbbb0 355
a19ff965
MT		 356 if (strcmp(conn->role, "server") == 0) {
357 _address += 1 << 24;
358 } else if (strcmp(conn->role, "client") == 0) {
359 _address += 2 << 24;
3d1fbbb0
MT		 360 } else {
361 goto ERROR;
362 }
363
a19ff965
MT		 364 struct in_addr address_info;
365 address_info.s_addr = _address;
366
367 return inet_ntoa(address_info);
3d1fbbb0
MT		 368
369ERROR:
a19ff965
MT		 370 fprintf(stderr, "Could not determine transfer net address: %s\n", conn->name);
371
3d1fbbb0
MT		 372 free(address);
373 return NULL;
374}
375
376char* getLocalSubnetAddress(const connection* conn) {
377 kv = initkeyvalues();
378 if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) {
379 fprintf(stderr, "Cannot read ethernet settings\n");
380 exit(1);
381 }
382
383 const char *zones[] = {"GREEN", "BLUE", "ORANGE", NULL};
384 char *zone = NULL;
385
386 // Get net address of the local openvpn subnet.
387 char *subnetmask = strdup(conn->local_subnet);
388 char *address = strsep(&subnetmask, "/");
389
390 if ((address == NULL) || (subnetmask == NULL)) {
391 goto ERROR;
392 }
393
394 in_addr_t _address = inet_addr(address);
395 in_addr_t _subnetmask = inet_addr(subnetmask);
396
397 in_addr_t _netaddr = (_address & _subnetmask);
398 in_addr_t _broadcast = (_address | ~_subnetmask);
399
400 char zone_address_key[STRING_SIZE];
401 char zone_address[STRING_SIZE];
402 in_addr_t zone_addr;
403
404 int i = 0;
405 while (zones[i]) {
406 zone = zones[i++];
407 snprintf(zone_address_key, STRING_SIZE, "%s_ADDRESS", zone);
408
409 if (!findkey(kv, zone_address_key, zone_address))
410 continue;
411
412 zone_addr = inet_addr(zone_address);
413 if ((zone_addr > _netaddr) && (zone_addr < _broadcast)) {
414 freekeyvalues(kv);
415
416 return strdup(zone_address);
417 }
418 }
419
420ERROR:
a19ff965
MT		 421 fprintf(stderr, "Could not determine local subnet address: %s\n", conn->name);
422
3d1fbbb0
MT		 423 freekeyvalues(kv);
424 return NULL;
425}
426
6e13d0a5
MT		 427void setFirewallRules(void) {
428 char protocol[STRING_SIZE] = "";
429 char dport[STRING_SIZE] = "";
430 char dovpnip[STRING_SIZE] = "";
431
6e13d0a5
MT		 432 kv = initkeyvalues();
433 if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings"))
434 {
435 fprintf(stderr, "Cannot read ovpn settings\n");
436 exit(1);
437 }
438
439 /* we got one device, so lets proceed further */
440 if (!findkey(kv, "DDEST_PORT", dport)){
441 fprintf(stderr, "Cannot read DDEST_PORT\n");
442 exit(1);
443 }
444
445 if (!findkey(kv, "DPROTOCOL", protocol)){
446 fprintf(stderr, "Cannot read DPROTOCOL\n");
447 exit(1);
448 }
449
450 if (!findkey(kv, "VPN_IP", dovpnip)){
451 fprintf(stderr, "Cannot read VPN_IP\n");
452// exit(1); step further as we don't need an ip
453 }
454 freekeyvalues(kv);
455
07081137
MT		 456 // Flush all chains.
457 flushChain(OVPNRED);
458 flushChain(OVPNBLUE);
459 flushChain(OVPNORANGE);
3d1fbbb0 460 flushChainNAT(OVPNNAT);
07081137 461
6e13d0a5
MT		 462 // set firewall rules
463 if (!strcmp(enablered, "on") && strlen(redif))
464 setChainRules(OVPNRED, redif, protocol, dport);
465 if (!strcmp(enableblue, "on") && strlen(blueif))
466 setChainRules(OVPNBLUE, blueif, protocol, dport);
467 if (!strcmp(enableorange, "on") && strlen(orangeif))
468 setChainRules(OVPNORANGE, orangeif, protocol, dport);
6925b8ef 469
91a0a221
MT		 470 // read connection configuration
471 connection *conn = getConnections();
472
6925b8ef 473 // set firewall rules for n2n connections
91a0a221 474 char command[STRING_SIZE];
3d1fbbb0
MT		 475 char *local_subnet_address = NULL;
476 char *transfer_subnet_address = NULL;
7d653d51 477 while (conn != NULL) {
91a0a221
MT		 478 if (strcmp(conn->type, "net") == 0) {
479 sprintf(command, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %d -j ACCEPT",
480 OVPNRED, redif, conn->proto, conn->port);
481 executeCommand(command);
3d1fbbb0
MT		 482
483 local_subnet_address = getLocalSubnetAddress(conn);
484 transfer_subnet_address = calcTransferNetAddress(conn);
485
cdbe3504
MT		 486 if ((local_subnet_address) && (transfer_subnet_address)) {
487 snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
488 OVPNNAT, transfer_subnet_address, local_subnet_address);
489 executeCommand(command);
490 }
91a0a221
MT		 491 }
492
6925b8ef
AF		 493 conn = conn->next;
494 }
6e13d0a5
MT		 495}
496
497void stopDaemon(void) {
498 char command[STRING_SIZE];
499
2bcff894 500 int pid = readPidFile("/var/run/openvpn.pid");
80ca8bd0 501 if (!pid > 0) {
2bcff894
MT		 502 exit(1);
503 }
504
505 fprintf(stderr, "Killing PID %d.\n", pid);
506 kill(pid, SIGTERM);
507
6e13d0a5
MT		 508 snprintf(command, STRING_SIZE - 1, "/bin/rm -f /var/run/openvpn.pid");
509 executeCommand(command);
510}
511
512void startDaemon(void) {
513 char command[STRING_SIZE];
514
515 if (!((strcmp(enablered, "on")==0) || (strcmp(enableblue, "on")==0) || (strcmp(enableorange, "on")==0))){
516 fprintf(stderr, "OpenVPN is not enabled on any interface\n");
517 exit(1);
518 } else {
7d3af7f7
MT		 519 snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun");
520 executeCommand(command);
072cd997 521 snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf");
6e13d0a5
MT		 522 executeCommand(command);
523 }
524}
525
99b01b84 526int startNet2Net(char *name) {
6925b8ef
AF		 527 connection *conn = NULL;
528 connection *conn_iter;
529
530 conn_iter = getConnections();
531
532 while (conn_iter) {
91a0a221 533 if ((strcmp(conn_iter->type, "net") == 0) && (strcmp(conn_iter->name, name) == 0)) {
6925b8ef
AF		 534 conn = conn_iter;
535 break;
536 }
537 conn_iter = conn_iter->next;
538 }
539
540 if (conn == NULL) {
541 fprintf(stderr, "Connection not found.\n");
99b01b84
MT		 542 return 1;
543 }
544
545 if (strcmp(conn->status, "on") != 0) {
546 fprintf(stderr, "Connection '%s' is not enabled.\n", conn->name);
547 return 1;
6925b8ef
AF		 548 }
549
99b01b84
MT		 550 fprintf(stderr, "Starting connection %s...\n", conn->name);
551
39877197
MT		 552 char configfile[STRING_SIZE];
553 snprintf(configfile, STRING_SIZE - 1, CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf",
554 conn->name, conn->name);
555
556 FILE *fp = fopen(configfile, "r");
557 if (fp == NULL) {
558 fprintf(stderr, "Could not find configuration file for connection '%s' at '%s'.\n",
559 conn->name, configfile);
99b01b84 560 return 2;
39877197
MT		 561 }
562 fclose(fp);
563
07081137
MT		 564 // Make sure all firewall rules are up to date.
565 setFirewallRules();
566
6925b8ef 567 char command[STRING_SIZE];
81a789d9
MT		 568 snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun");
569 executeCommand(command);
570 snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config %s", configfile);
6925b8ef 571 executeCommand(command);
99b01b84
MT		 572
573 return 0;
6925b8ef
AF		 574}
575
99b01b84 576int killNet2Net(char *name) {
39877197
MT		 577 connection *conn = NULL;
578 connection *conn_iter;
579
580 conn_iter = getConnections();
581
582 while (conn_iter) {
583 if (strcmp(conn_iter->name, name) == 0) {
584 conn = conn_iter;
585 break;
586 }
587 conn_iter = conn_iter->next;
588 }
589
590 if (conn == NULL) {
591 fprintf(stderr, "Connection not found.\n");
99b01b84 592 return 1;
39877197
MT		 593 }
594
595 char pidfile[STRING_SIZE];
80ca8bd0 596 snprintf(pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name);
39877197 597
2bcff894 598 int pid = readPidFile(pidfile);
80ca8bd0 599 if (!pid > 0) {
99b01b84
MT		 600 fprintf(stderr, "Could not read pid file of connection %s.", conn->name);
601 return 1;
39877197
MT		 602 }
603
99b01b84 604 fprintf(stderr, "Killing connection %s (PID %d)...\n", conn->name, pid);
39877197
MT		 605 kill(pid, SIGTERM);
606
d4c8b6be
MT		 607 char command[STRING_SIZE];
608 snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile);
609 executeCommand(command);
610
99b01b84 611 return 0;
6925b8ef
AF		 612}
613
64f0c354 614void startAllNet2Net() {
99b01b84
MT		 615 int exitcode = 0, _exitcode = 0;
616
64f0c354
MT		 617 connection *conn = getConnections();
618
619 while(conn) {
99b01b84
MT		 620 /* Skip all connections that are not of type "net" or disabled. */
621 if ((strcmp(conn->type, "net") != 0) || (strcmp(conn->status, "on") != 0)) {
622 conn = conn->next;
623 continue;
624 }
625
626 _exitcode = startNet2Net(conn->name);
64f0c354 627 conn = conn->next;
99b01b84
MT		 628
629 if (_exitcode > exitcode) {
630 exitcode = _exitcode;
631 }
64f0c354
MT		 632 }
633
99b01b84 634 exit(exitcode);
64f0c354
MT		 635}
636
637void killAllNet2Net() {
99b01b84
MT		 638 int exitcode = 0, _exitcode = 0;
639
64f0c354
MT		 640 connection *conn = getConnections();
641
642 while(conn) {
99b01b84
MT		 643 /* Skip all connections that are not of type "net". */
644 if (strcmp(conn->type, "net") != 0) {
645 conn = conn->next;
646 continue;
647 }
648
649 _exitcode = killNet2Net(conn->name);
64f0c354 650 conn = conn->next;
99b01b84
MT		 651
652 if (_exitcode > exitcode) {
653 exitcode = _exitcode;
654 }
64f0c354
MT		 655 }
656
99b01b84 657 exit(exitcode);
64f0c354
MT		 658}
659
6e13d0a5
MT		 660void displayopenvpn(void) {
661 char command[STRING_SIZE];
662
663 snprintf(command, STRING_SIZE - 1, "/bin/killall -sSIGUSR2 openvpn");
664 executeCommand(command);
665}
666
667int main(int argc, char *argv[]) {
668 if (!(initsetuid()))
669 exit(1);
670 if(argc < 2)
671 usage();
6925b8ef
AF		 672
673 if(argc == 3) {
91a0a221
MT		 674 ovpnInit();
675
6925b8ef
AF		 676 if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) {
677 startNet2Net(argv[2]);
678 return 0;
679 }
680 else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
681 killNet2Net(argv[2]);
682 return 0;
683 } else {
684 usage();
685 return 1;
686 }
687 }
688 else if(argc == 2) {
6e13d0a5
MT		 689 if( (strcmp(argv[1], "-k") == 0) || (strcmp(argv[1], "--kill") == 0) ) {
690 stopDaemon();
691 return 0;
692 }
693 else if( (strcmp(argv[1], "-d") == 0) || (strcmp(argv[1], "--display") == 0) ) {
694 displayopenvpn();
695 return 0;
696 }
697 else if( (strcmp(argv[1], "-dcr") == 0) || (strcmp(argv[1], "--delete-chains-and-rules") == 0) ) {
698 deleteAllChains();
699 return 0;
700 }
701 else {
702 ovpnInit();
703
704 if( (strcmp(argv[1], "-s") == 0) || (strcmp(argv[1], "--start") == 0) ) {
705 deleteAllChains();
706 createAllChains();
707 setFirewallRules();
708 startDaemon();
709 return 0;
710 }
64f0c354
MT		 711 else if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) {
712 startAllNet2Net();
713 return 0;
714 }
715 else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
716 killAllNet2Net();
717 return 0;
718 }
6e13d0a5
MT		 719 else if( (strcmp(argv[1], "-sdo") == 0) || (strcmp(argv[1], "--start-daemon-only") == 0) ) {
720 startDaemon();
721 return 0;
722 }
723 else if( (strcmp(argv[1], "-r") == 0) || (strcmp(argv[1], "--restart") == 0) ) {
724 stopDaemon();
725 deleteAllChains();
726 createAllChains();
727 setFirewallRules();
728 startDaemon();
729 return 0;
730 }
731 else if( (strcmp(argv[1], "-fwr") == 0) || (strcmp(argv[1], "--firewall-rules") == 0) ) {
732 deleteAllChains();
733 createAllChains();
734 setFirewallRules();
735 return 0;
736 }
737 else if( (strcmp(argv[1], "-ccr") == 0) || (strcmp(argv[1], "--create-chains-and-rules") == 0) ) {
738 createAllChains();
739 setFirewallRules();
740 return 0;
741 }
742 else {
743 usage();
744 return 0;
745 }
746 }
747 }
748 else {
749 usage();
750 return 0;
751 }
752return 0;
753}
754
Timo's tree of IPFire 2.x