Permalink
Browse files

updated PF anchor check to not rely on listing the PF policy

  • Loading branch information...
1 parent 5c26c0a commit 8a73e6dee88f9d416fc028fe2e26bfa37b984cb5 @mrash committed May 28, 2012
Showing with 7 additions and 20 deletions.
  1. +6 −19 server/fw_util_pf.c
  2. +1 −1 server/fw_util_pf.h
View
@@ -91,17 +91,16 @@ static int
anchor_active(const fko_srv_options_t *opts)
{
int res = 0;
- char *ndx = NULL;
char anchor_search_str[MAX_PF_ANCHOR_SEARCH_LEN] = {0};
/* Build our anchor search string
*/
- snprintf(anchor_search_str, MAX_PF_ANCHOR_SEARCH_LEN-1, "%s%s\" ",
- "anchor \"", opts->fw_config->anchor);
+ snprintf(anchor_search_str, MAX_PF_ANCHOR_SEARCH_LEN-1, "%s\n",
+ opts->fw_config->anchor);
zero_cmd_buffers();
- snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " PF_LIST_ALL_RULES_ARGS,
+ snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " PF_ANCHOR_CHECK_ARGS,
opts->fw_config->fw_command
);
@@ -113,23 +112,11 @@ anchor_active(const fko_srv_options_t *opts)
return 0;
}
- /* first check for the anchor at the very first rule position
+ /* Check to see if the anchor exists and is linked into the main policy
*/
- if (strncmp(cmd_out, anchor_search_str, strlen(anchor_search_str)) != 0)
- {
- anchor_search_str[0] = '\0';
-
- /* look for the anchor in the middle of the rule set, but make sure
- * it appears only after a newline
- */
- snprintf(anchor_search_str, MAX_PF_ANCHOR_SEARCH_LEN-1, "%s%s\" ",
- "\nanchor \"", opts->fw_config->anchor);
- ndx = strstr(cmd_out, anchor_search_str);
-
- if(ndx == NULL)
- return 0;
- }
+ if(strstr(cmd_out, anchor_search_str) == NULL)
+ return 0;
return 1;
}
View
@@ -40,7 +40,7 @@
#define PF_ADD_RULE_ARGS "pass in quick proto %u from %s to any port %u keep state label " EXPIRE_COMMENT_PREFIX "%u"
#define PF_WRITE_ANCHOR_RULES_ARGS "-a %s -f -"
#define PF_LIST_ANCHOR_RULES_ARGS "-a %s -s rules 2>&1"
-#define PF_LIST_ALL_RULES_ARGS "-s rules 2>&1" /* to check for fwknop anchor */
+#define PF_ANCHOR_CHECK_ARGS "-s Anchor 2>&1" /* to check for fwknop anchor */
#define PF_DEL_ALL_ANCHOR_RULES "-a %s -F all 2>&1"
#endif /* FW_UTIL_PF_H */

0 comments on commit 8a73e6d

Please sign in to comment.