Preload all Subnets in TunnelServer mode.

This simplifies the logic in protocol_subnet.c.
This commit is contained in:
Guus Sliepen 2010-03-01 23:44:56 +01:00
parent d47ab576a2
commit 9fed0ec34b
3 changed files with 73 additions and 27 deletions

View file

@ -130,11 +130,11 @@ void dump_connections(void) {
bool read_connection_config(connection_t *c) { bool read_connection_config(connection_t *c) {
char *fname; char *fname;
int x; bool x;
xasprintf(&fname, "%s/hosts/%s", confbase, c->name); xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
x = read_config_file(c->config_tree, fname); x = read_config_file(c->config_tree, fname);
free(fname); free(fname);
return x == 0; return x;
} }

View file

@ -201,6 +201,65 @@ bool read_rsa_private_key(void) {
return true; return true;
} }
/*
Read Subnets from all host config files
*/
static void load_all_subnets(void) {
DIR *dir;
struct dirent *ent;
char *dname;
char *fname;
avl_tree_t *config_tree;
config_t *cfg;
subnet_t *s;
node_t *n;
bool result;
xasprintf(&dname, "%s/hosts", confbase);
dir = opendir(dname);
if(!dir) {
logger(LOG_ERR, "Could not open %s: %s", dname, strerror(errno));
free(dname);
return;
}
while((ent = readdir(dir))) {
if(!check_id(ent->d_name))
continue;
n = lookup_node(ent->d_name);
if(n)
continue;
#ifdef _DIRENT_HAVE_D_TYPE
//if(ent->d_type != DT_REG)
// continue;
#endif
xasprintf(&fname, "%s/hosts/%s", confbase, ent->d_name);
init_configuration(&config_tree);
result = read_config_file(config_tree, fname);
free(fname);
if(!result)
continue;
n = new_node();
n->name = xstrdup(ent->d_name);
node_add(n);
for(cfg = lookup_config(config_tree, "Subnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
if(!get_config_subnet(cfg, &s))
continue;
subnet_add(n, s);
}
exit_configuration(&config_tree);
}
closedir(dir);
}
/* /*
Configure node_t myself and set up the local sockets (listen only) Configure node_t myself and set up the local sockets (listen only)
*/ */
@ -426,6 +485,9 @@ bool setup_myself(void) {
graph(); graph();
if(tunnelserver)
load_all_subnets();
/* Open device */ /* Open device */
if(!setup_device()) if(!setup_device())

View file

@ -104,29 +104,12 @@ bool add_subnet_h(connection_t *c) {
return true; return true;
} }
/* In tunnel server mode, check if the subnet matches one in the config file of this node */ /* In tunnel server mode, we should already know all allowed subnets */
if(tunnelserver) { if(tunnelserver) {
config_t *cfg; logger(LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s",
subnet_t *allowed; "ADD_SUBNET", c->name, c->hostname, subnetstr);
return true;
for(cfg = lookup_config(c->config_tree, "Subnet"); cfg; cfg = lookup_config_next(c->config_tree, cfg)) {
if(!get_config_subnet(cfg, &allowed))
continue;
if(!subnet_compare(&s, allowed))
break;
free_subnet(allowed);
}
if(!cfg) {
logger(LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s",
"ADD_SUBNET", c->name, c->hostname, subnetstr);
return true;
}
free_subnet(allowed);
} }
/* If everything is correct, add the subnet to the list of the owner */ /* If everything is correct, add the subnet to the list of the owner */
@ -139,8 +122,7 @@ bool add_subnet_h(connection_t *c) {
/* Tell the rest */ /* Tell the rest */
if(!tunnelserver) forward_request(c);
forward_request(c);
/* Fast handoff of roaming MAC addresses */ /* Fast handoff of roaming MAC addresses */
@ -228,10 +210,12 @@ bool del_subnet_h(connection_t *c) {
return true; return true;
} }
if(tunnelserver)
return true;
/* Tell the rest */ /* Tell the rest */
if(!tunnelserver) forward_request(c);
forward_request(c);
/* Finally, delete it. */ /* Finally, delete it. */