From c179ee88d91a84fc75dc4602cca500e8fa72ed66 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 27 Apr 2014 15:04:07 +0200 Subject: initial commit This patch bootstrap the new nft-sync software. Basically, this software aims to support two different setups: 1) Rule-set repository server. The software serves the nft rule-set to clients that request the ruleset. Basically from the system that acts as repository, you have to run: # nft-sync -c ../contrib/nft-sync.conf.server Then, from the client: # nft-sync -c ../contrib/nft-sync.conf.client --fetch Which displays the nft rule-set in the standard output, so you can inspect the nft rule-set. Alternatively, the client can also retrieve and apply the nft rule-set using the pull command instead: # nft-sync -c ../contrib/nft-sync.conf.client --pull [ Note that this command above does not work in this bootstrap yet ] 2) Rule-set synchronization: In case of primary-backup and multiprimary firewall configurations, the software makes sure that the firewall cluster is deploying the same filtering policy. In this case, you have to launch the process: # nft-sync -c ../contrib/nft-sync.conf --sync [ Note that this command above does not work in this bootstrap yet ] This bootstrap provides the basic infrastructure as a proof-of-concept. Many of the necessary features are still lacking: * Implement --sync and --pull commands. * Interaction with nft through libnftnl, which allows the software to retrieve the local nft rule-set, as well as to parse it and apply it. * SSL support, specifically the repository mode needs it to make sure nobody can steal your filtering policy from the network. * IPv6 support. * Allow to serve different rule-sets in the repository mode. And many others that will be added progressively. Signed-off-by: Pablo Neira Ayuso --- src/timer.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 src/timer.c (limited to 'src/timer.c') diff --git a/src/timer.c b/src/timer.c new file mode 100644 index 0000000..7e39076 --- /dev/null +++ b/src/timer.c @@ -0,0 +1,50 @@ +/* + * (C) 2014 by Pablo Neira Ayuso + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + */ + +#include +#include "timer.h" + +void *nft_timer_data(struct nft_timer *timer) +{ + return timer->data; +} + +static void nft_timer_callback(int fd, short mask, void *data) +{ + struct nft_timer *timer = data; + + timer->callback(timer); +} + +void nft_timer_setup(struct nft_timer *timer, void (*cb)(struct nft_timer *), + void *data) +{ + // assert: evtimer_pending(timer->event, NULL) == 0; + timer->callback = cb; +} + +void nft_timer_add(struct nft_timer *timer, unsigned int sec, + unsigned int usec) +{ + struct timeval tv = { + .tv_sec = sec, + .tv_usec = usec, + }; + + if (evtimer_pending(&timer->event, NULL)) + evtimer_del(&timer->event); + + evtimer_set(&timer->event, nft_timer_callback, timer); + evtimer_add(&timer->event, &tv); +} + +void nft_timer_del(struct nft_timer *timer) +{ + evtimer_del(&timer->event); +} -- cgit v1.2.3