projects
/
l2tpns.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
- Ignore gateway address in Framed-Route (from Jonathan McDowell).
[l2tpns.git]
/
garden.c
diff --git
a/garden.c
b/garden.c
index
7477089
..
41e46a2
100644
(file)
--- a/
garden.c
+++ b/
garden.c
@@
-7,18
+7,23
@@
#include "plugin.h"
#include "control.h"
#include "plugin.h"
#include "control.h"
-int __plugin_api_version = 1;
+/* walled garden */
+
+char const *cvs_id = "$Id: garden.c,v 1.12 2004/11/09 08:05:02 bodea Exp $";
+
+int __plugin_api_version = PLUGIN_API_VERSION;
static struct pluginfuncs *p = 0;
static int iam_master = 0; // We're all slaves! Slaves I tell you!
char *up_commands[] = {
static struct pluginfuncs *p = 0;
static int iam_master = 0; // We're all slaves! Slaves I tell you!
char *up_commands[] = {
- "iptables -t nat -N garden >/dev/null 2>&1", // Create a chain that all gardened users will go through
+ "iptables -t nat -N garden >/dev/null 2>&1",
// Create a chain that all gardened users will go through
"iptables -t nat -F garden",
"iptables -t nat -F garden",
- ". " PLUGINCONF "/build-garden", // Populate with site-specific DNAT rules
- "iptables -t nat -N garden_users >/dev/null 2>&1",// Empty chain, users added/removed by garden_session
+ ". " PLUGINCONF "/build-garden",
// Populate with site-specific DNAT rules
+ "iptables -t nat -N garden_users >/dev/null 2>&1",
// Empty chain, users added/removed by garden_session
"iptables -t nat -F garden_users",
"iptables -t nat -F garden_users",
- "iptables -t nat -A PREROUTING -j garden_users", // DNAT any users on the garden_users chain
+ "iptables -t nat -A PREROUTING -j garden_users", // DNAT any users on the garden_users chain
+ "sysctl -w net.ipv4.ip_conntrack_max=256000 >/dev/null", // lots of entries
NULL,
};
NULL,
};
@@
-28,7
+33,10
@@
char *down_commands[] = {
"iptables -t nat -X garden_users",
"iptables -t nat -F garden",
"iptables -t nat -X garden",
"iptables -t nat -X garden_users",
"iptables -t nat -F garden",
"iptables -t nat -X garden",
- "rmmod iptable_nat ip_conntrack",
+ "rmmod iptable_nat", // Should also remove ip_conntrack, but
+ // doing so can take hours... literally.
+ // If a master is re-started as a slave,
+ // either rmmod manually, or reboot.
NULL,
};
NULL,
};
@@
-143,7
+151,7
@@
int garden_session(sessiont *s, int flag)
if (flag == 1)
{
p->log(2, 0, 0, s->tunnel, "Garden user %s (%s)\n", s->user, p->inet_toa(htonl(s->ip)));
if (flag == 1)
{
p->log(2, 0, 0, s->tunnel, "Garden user %s (%s)\n", s->user, p->inet_toa(htonl(s->ip)));
- snprintf(cmd,
2048
, "iptables -t nat -A garden_users -s %s -j garden", p->inet_toa(htonl(s->ip)));
+ snprintf(cmd,
sizeof(cmd)
, "iptables -t nat -A garden_users -s %s -j garden", p->inet_toa(htonl(s->ip)));
p->log(3, 0, 0, s->tunnel, "%s\n", cmd);
system(cmd);
s->walled_garden = 1;
p->log(3, 0, 0, s->tunnel, "%s\n", cmd);
system(cmd);
s->walled_garden = 1;
@@
-164,7
+172,7
@@
int garden_session(sessiont *s, int flag)
s->cin = s->cout = 0;
s->pin = s->pout = 0;
s->cin = s->cout = 0;
s->pin = s->pout = 0;
- snprintf(cmd,
2048
, "iptables -t nat -D garden_users -s %s -j garden", p->inet_toa(htonl(s->ip)));
+ snprintf(cmd,
sizeof(cmd)
, "iptables -t nat -D garden_users -s %s -j garden", p->inet_toa(htonl(s->ip)));
p->log(3, 0, 0, s->tunnel, "%s\n", cmd);
while (--count)
{
p->log(3, 0, 0, s->tunnel, "%s\n", cmd);
while (--count)
{
projects / l2tpns.git / blobdiff