This file requires privileges to open, so it must be done before we
drop them. (We don't, yet, but it's coming.)
/*----- Static variables --------------------------------------------------*/
/*----- Static variables --------------------------------------------------*/
+static FILE *natfp;
+
+/*----- Address-type operations -------------------------------------------*/
+
struct addrops_sys {
const char *procfile;
int (*parseaddr)(char **, union addr *);
struct addrops_sys {
const char *procfile;
int (*parseaddr)(char **, union addr *);
- logmsg(q, LOG_ERR, "failed to read connection table: %s",
- strerror(errno));
+ logmsg(q, LOG_ERR, "failed to read connection table `%s': %s",
+ q->ao->sys->procfile, strerror(errno));
- if (q->ao->af == AF_INET) {
- fclose(fp);
- if ((fp = fopen("/proc/net/ip_conntrack", "r")) == 0) {
- if (errno == ENOENT)
- goto err_nouser;
- else {
- logmsg(q, LOG_ERR,
- "failed to open `/proc/net/ip_conntrack' for reading: %s",
- strerror(errno));
- goto err_unk;
- }
- }
+ if (natfp && q->ao->af == AF_INET) {
+ rewind(natfp);
- if (dstr_putline(&d, fp) == EOF) break;
+ if (dstr_putline(&d, natfp) == EOF) break;
pp = d.buf;
NEXTFIELD; if (!*p) break;
if (strcmp(p, "tcp") != 0) continue;
pp = d.buf;
NEXTFIELD; if (!*p) break;
if (strcmp(p, "tcp") != 0) continue;
logmsg(q, LOG_ERR, "failed to read `/proc/net/ip_conntrack': %s",
strerror(errno));
goto err_unk;
}
logmsg(q, LOG_ERR, "failed to read `/proc/net/ip_conntrack': %s",
strerror(errno));
goto err_unk;
}
- logmsg(q, LOG_ERR, "connection not found");
+ logmsg(q, LOG_NOTICE, "connection not found");
q->resp = R_ERROR;
q->u.error = E_NOUSER;
goto done;
q->resp = R_ERROR;
q->u.error = E_NOUSER;
goto done;
+void init_sys(void)
+{
+ if ((natfp = fopen("/proc/net/ip_conntrack", "r")) == 0 &&
+ errno != ENOENT) {
+ die(1, "failed to open `/proc/net/ip_conntrack' for reading: %s",
+ strerror(errno));
+ }
+}
+
/*----- That's all, folks -------------------------------------------------*/
/*----- That's all, folks -------------------------------------------------*/
ego(argv[0]);
fwatch_init(&polfw, "yaid.policy");
ego(argv[0]);
fwatch_init(&polfw, "yaid.policy");
if (load_policy_file("yaid.policy", &policy))
exit(1);
{ int i;
if (load_policy_file("yaid.policy", &policy))
exit(1);
{ int i;
void logmsg(const struct query *q, int prio, const char *msg, ...);
void identify(struct query *q);
void logmsg(const struct query *q, int prio, const char *msg, ...);
void identify(struct query *q);
void init_policy(struct policy *p);
void free_policy(struct policy *p);
void init_policy(struct policy *p);
void free_policy(struct policy *p);