Merge remote-tracking branch 'origin/master'

Author: joegen

.gitignore

@@ -3,3 +3,4 @@ aclocal.m4
 autom4te.cache/
 configure
 /BUILD/
+/nbproject/private/

config/general.m4

@@ -161,7 +161,7 @@ AC_DEFUN([CHECK_SSL],
 [   AC_ARG_WITH(openssl,
                 [  --with-openssl=PATH to openssl source directory],
                 [openssl_path=$withval],
-                [openssl_path="/usr/local /usr/local/ssl /usr/ssl /usr/pkg /usr / /sw/lib"]
+                [openssl_path="/usr/local /usr/local/ssl /usr/lib/x86_64-linux-gnu /usr/ssl /usr/pkg /usr / /sw/lib"]
                 )
     AC_PATH_PROG([OPENSSL],[openssl])
     AC_MSG_CHECKING([for openssl includes])
@@ -196,7 +196,7 @@ AC_DEFUN([CHECK_SSL],
 
     AC_MSG_CHECKING([for openssl libraries])
     found_ssl_lib="no";
-    for libsubdir in lib lib64 lib32 lib/hpux32; do
+    for libsubdir in lib lib64 lib/x86_64-linux-gnu i386-linux-gnu lib32 lib/hpux32; do
       for dir in $openssl_path ; do
         if test -f "$dir/$libsubdir/libssl.so" -o -f "$dir/$libsubdir/libssl.dylib" -o -f "$dir/$libsubdir/libssl.a"; then
             found_ssl_lib="yes";

configure.ac

@@ -8,6 +8,11 @@ SFAC_AUTOMAKE_VERSION([1.6])
 AC_CONFIG_SRCDIR([src/Core.cpp])
 AM_CONFIG_HEADER([src/config.h])
 AC_PROG_LIBTOOL
+AC_CHECK_LIB(boost_thread, main, [BOOST_LIBS="-lboost_date_time -lboost_filesystem -lboost_system -lboost_thread -lboost_program_options -lboost_iostreams -lboost_random -lboost_regex"],
+    [AC_CHECK_LIB(boost_thread-mt, main,
+    [BOOST_LIBS="-lboost_date_time-mt -lboost_filesystem-mt -lboost_system-mt -lboost_thread-mt -lboost_program_options-mt -lboost_iostreams-mt -lboost_random-mt -lboost_regex-mt"],
+    [AC_MSG_ERROR("no boost thread found")])])
+AC_SUBST(BOOST_LIBS)
 AC_LTDL_SHLIBEXT
 AC_PATH_PROG([BASH], [bash])
 AC_PROG_CXX

include/OSS/Net/Firewall.h

@@ -44,14 +44,6 @@ class Firewall : boost::noncopyable
   typedef boost::function<void(const std::string&)> TableLoopHandler;
   static Firewall& instance();
 
-  bool dnetAddRule(const FirewallRule& rule);
-    /// Adds a new firewall rule
-
-  bool dnetDeleteRule(const FirewallRule&);
-    /// Delete the rule by valaue.
-
-  void dnetTableLoop(TableLoopHandler& handler);
-    /// Loop through all rules.  String representation of the rule is
     /// pushed the the handle callback.
 
   bool iptAddRule(const FirewallRule& rule);
@@ -65,9 +57,8 @@ class Firewall : boost::noncopyable
 
 private:
   friend Firewall& instance();
-  Firewall(bool useLibDnet = false);
+  Firewall();
   ~Firewall();
-  bool _useLibDnet;
 };
 
 

src/Makefile.am

@@ -18,14 +18,7 @@ liboss_core_la_LDFLAGS = \
 	-version-info ${version_Current}:${version_Revision}:${version_Age}
 
 dep_libs = \
-	-lboost_date_time-mt \
-	-lboost_filesystem-mt \
-	-lboost_system-mt \
-	-lboost_thread-mt \
-	-lboost_regex-mt \
-	-lboost_program_options-mt \
-	-lboost_iostreams-mt \
-        -lboost_random-mt \
+        @BOOST_LIBS@ \
 	-lPocoFoundation \
 	-lPocoUtil \
 	-lPocoNet \

src/net/Firewall.cpp

@@ -17,7 +17,6 @@
  */
 
 
-#include <dnet.h>
 #include <sstream>
 #include "OSS/Net/Firewall.h"
 #include "OSS/Logger.h"
@@ -29,89 +28,6 @@ extern "C" { size_t strlcpy(char *dst, const char *src, size_t siz); };
 namespace OSS {
 namespace Net {
 
-//
-// DNET specific functions
-//
-fw_t* _pInstance = 0;
-
-static bool rule_to_fwrule(const FirewallRule& rule, fw_rule* fr)
-{
-  fr->fw_proto = rule.getProtocol();
-  fr->fw_op = rule.getOperation();
-  fr->fw_dir = rule.getDirection();
-
-  if (!rule.getDevice().empty())
-    strlcpy(fr->fw_device, rule.getDevice().c_str(), sizeof(fr->fw_device));
-
-  if (!rule.getSourceAddress().empty())
-  {
-    if (addr_pton(rule.getSourceAddress().c_str(), &fr->fw_dst) < 0)
-        return false;
-  }
-
-  if (!rule.getDestinationAddress().empty())
-  {
-    if (addr_pton(rule.getDestinationAddress().c_str(), &fr->fw_dst) < 0)
-        return false;
-  }
-
-  if (rule.getSourcePort() != 0)
-  {
-    fr->fw_sport[0] = rule.getSourcePort();
-    if (rule.getSourceEndPort() != 0)
-      fr->fw_sport[1] = rule.getSourceEndPort();
-    else
-      fr->fw_sport[1] = rule.getSourcePort();
-  }
-  else if (fr->fw_proto == IP_PROTO_TCP || fr->fw_proto == IP_PROTO_UDP)
-  {
-    fr->fw_sport[0] = 0;
-    fr->fw_sport[1] = TCP_PORT_MAX;
-  }
-
-  if (rule.getDestinationPort() != 0)
-  {
-    fr->fw_dport[0] = rule.getDestinationPort();
-    if (rule.getDestinationEndPort() != 0)
-      fr->fw_dport[1] = rule.getDestinationEndPort();
-    else
-      fr->fw_dport[1] = rule.getDestinationPort();
-  }
-  else if (fr->fw_proto == IP_PROTO_TCP || fr->fw_proto == IP_PROTO_UDP)
-  {
-    fr->fw_dport[0] = 0;
-    fr->fw_dport[1] = TCP_PORT_MAX;
-  }
-
-  return true;
-}
-
-static int internal_table_loop(const struct fw_rule *fr, void *arg)
-{
-  Firewall::TableLoopHandler* pHandler = reinterpret_cast<Firewall::TableLoopHandler*>(arg);
-
-  FirewallRule rule(
-      fr->fw_device ? fr->fw_device : "",
-      fr->fw_src.addr_type ? addr_ntoa(&fr->fw_src) : "",
-      fr->fw_sport[0],
-      fr->fw_sport[1],
-      fr->fw_src.addr_type ? addr_ntoa(&fr->fw_dst) : "",
-      fr->fw_dport[0],
-      fr->fw_dport[1],
-      fr->fw_proto,
-      fr->fw_dir,
-      fr->fw_op
-      );
-
-  (*pHandler)(rule.str());
-  return 0;
-}
-
-//
-//  EOF Dnet functions
-//
-
-
 //
 // Start of IPTables functions
 //
@@ -218,55 +134,20 @@ static std::string iptables_get_rules(FirewallRule::Direction direction)
 
 Firewall& Firewall::instance()
 {
-  static Firewall fw(false /* o not use libdnet */);
+  static Firewall fw;
   return fw;
 }
 
-Firewall::Firewall(bool useLibDnet) :
-  _useLibDnet(useLibDnet)
+Firewall::Firewall()
 {
-  if (_useLibDnet)
-  {
-    _pInstance = fw_open();
-  }
 }
 
 Firewall::~Firewall()
 {
-  if (_useLibDnet)
-  {
-    if (_pInstance)
-      fw_close(_pInstance);
-  }
 }
 
 
-bool Firewall::dnetAddRule(const FirewallRule& rule)
-{
-  if (_useLibDnet)
-  {
-    if (!_pInstance)
-    {
-      OSS_LOG_ERROR("Dnet Firewall hook is not open.");
-      return false;
-    }
-
-    fw_rule fr;
-    if (!rule_to_fwrule(rule, &fr))
-    {
-      OSS_LOG_ERROR("Dnet Firewall hook is not open.");
-      return false;
-    }
-    int ret = fw_add(_pInstance, &fr);
-    if (ret < 0)
-    {
-      OSS_LOG_ERROR("Firewall:  Error adding rule (ret=" << ret << ")");
-      return false;
-    }
-    return true;
-  }
-  return false;
-}
+
 
 bool Firewall::iptAddRule(const FirewallRule& rule)
 {
@@ -276,49 +157,11 @@ bool Firewall::iptAddRule(const FirewallRule& rule)
 
 bool Firewall::iptDeleteRule(FirewallRule::Direction direction, std::size_t index)
 {
-  if (!_useLibDnet)
-  {
-    OSS_EXEC(iptables_delete(direction, index));
-    return true;
-  }
-  return false;
-}
-
-bool Firewall::dnetDeleteRule(const FirewallRule& rule)
-{
-  if (_useLibDnet)
-  {
-    if (!_pInstance)
-    {
-      OSS_LOG_ERROR("Dnet Firewall hook is not open.");
-      return false;
-    }
-
-    fw_rule fr;
-    rule_to_fwrule(rule, &fr);
-    int ret = fw_delete(_pInstance, &fr);
-    if (ret < 0)
-    {
-      OSS_LOG_ERROR("Firewall:  Error deleting rule (ret=" << ret << ")");
-      return false;
-    }
-  }
+  OSS_EXEC(iptables_delete(direction, index));
   return true;
 }
 
 
-void Firewall::dnetTableLoop(TableLoopHandler& handler)
-{
-  if (_useLibDnet)
-  {
-    if (!_pInstance)
-    {
-      OSS_LOG_ERROR("Dnet Firewall hook is not open.");
-      return;
-    }
-    fw_loop(_pInstance, internal_table_loop, (void*)&handler);
-  }
-}
 
 void Firewall::iptGetRules(FirewallRule::Direction direction, std::vector<std::string>& rules)
 {