diff --git a/oaf/src/af_log.c b/oaf/src/af_log.c index dba9c10..7c6b8b4 100755 --- a/oaf/src/af_log.c +++ b/oaf/src/af_log.c @@ -11,6 +11,7 @@ int af_test_mode = 0; // todo: rename af_log.c int g_oaf_enable __read_mostly = 0; int af_work_mode = AF_MODE_GATEWAY; +int af_lan_ip = 0; /* cat /proc/sys/oaf/debug */ @@ -43,6 +44,13 @@ static struct ctl_table oaf_table[] = { .mode = 0666, .proc_handler = proc_dointvec, }, + { + .procname = "lan_ip", + .data = &af_lan_ip, + .maxlen = sizeof(int), + .mode = 0666, + .proc_handler = proc_dointvec, + }, { } }; diff --git a/oaf/src/af_log.h b/oaf/src/af_log.h index f37b8d6..f05c7bd 100755 --- a/oaf/src/af_log.h +++ b/oaf/src/af_log.h @@ -3,6 +3,7 @@ extern int af_log_lvl; extern int af_test_mode; extern int af_work_mode; +extern int af_lan_ip; #define LOG(level, fmt, ...) do { \ if ((level) <= af_log_lvl) { \ printk(fmt, ##__VA_ARGS__); \ diff --git a/oaf/src/app_filter.c b/oaf/src/app_filter.c index e9ca013..7a7ad6f 100755 --- a/oaf/src/app_filter.c +++ b/oaf/src/app_filter.c @@ -261,7 +261,6 @@ int add_app_feature(int appid, char *name, char *feature) } if (AF_DICT_PARAM_INDEX != param_num && strlen(feature) > MIN_FEATURE_STR_LEN) { - AF_ERROR("invalid feature:%s\n", feature); return -1; } strncpy(dict, begin, p - begin); @@ -348,7 +347,6 @@ void load_feature_buf_from_file(char **config_buf) if (IS_ERR(fp)) { - printk("open feature file failed\n"); return; } @@ -393,7 +391,6 @@ int load_feature_config(void) load_feature_buf_from_file(&feature_buf); if (!feature_buf) { - AF_ERROR("error, feature buf is null\n"); return -1; } p = begin = feature_buf; @@ -908,6 +905,10 @@ u_int32_t app_filter_hook_bypass_handle(struct sk_buff *skb, struct net_device * if (af_match_bcast_packet(&flow) || af_match_local_packet(&flow)) return NF_ACCEPT; + if (af_lan_ip == flow.src || af_lan_ip == flow.dst){ + return NF_ACCEPT; + } + af_get_smac(skb, smac); AF_CLIENT_LOCK_W(); diff --git a/open-app-filter/src/appfilter_config.c b/open-app-filter/src/appfilter_config.c index 1fcb959..0536902 100755 --- a/open-app-filter/src/appfilter_config.c +++ b/open-app-filter/src/appfilter_config.c @@ -299,6 +299,18 @@ int config_get_appfilter_enable(void) return enable; } +int config_get_lan_ip(char *lan_ip, int len) +{ + int ret = 0; + struct uci_context *ctx = uci_alloc_context(); + if (!ctx) + return -1; + ret = uci_get_value(ctx, "network.lan.ipaddr", lan_ip, len); + uci_free_context(ctx); + return ret; +} + + int appfilter_config_alloc(void) { char *err; diff --git a/open-app-filter/src/appfilter_config.h b/open-app-filter/src/appfilter_config.h index 1d29e10..e2770c3 100755 --- a/open-app-filter/src/appfilter_config.h +++ b/open-app-filter/src/appfilter_config.h @@ -56,5 +56,6 @@ int appfilter_config_alloc(void); int appfilter_config_free(void); af_ctl_time_t *load_appfilter_ctl_time_config(void); int config_get_appfilter_enable(void); +int config_get_lan_ip(char *lan_ip, int len); #endif diff --git a/open-app-filter/src/main.c b/open-app-filter/src/main.c index 586db2f..a506b0f 100755 --- a/open-app-filter/src/main.c +++ b/open-app-filter/src/main.c @@ -30,6 +30,8 @@ THE SOFTWARE. #include "appfilter_ubus.h" #include "appfilter_config.h" #include +#include +#include void check_appfilter_enable(void) { int enable = 1; @@ -88,14 +90,27 @@ EXIT: free(af_t); } +void update_lan_ip(void){ + char ip_str[32] = {0}; + struct in_addr addr; + char cmd_buf[128] = {0}; + u_int32_t lan_ip = 0; + + config_get_lan_ip(ip_str, sizeof(ip_str)); + inet_aton(ip_str, &addr); + lan_ip =addr.s_addr; + sprintf(cmd_buf, "echo %d >/proc/sys/oaf/lan_ip", lan_ip); + system(cmd_buf); +} + void dev_list_timeout_handler(struct uloop_timeout *t) { dump_dev_list(); check_dev_visit_info_expire(); flush_expire_visit_info(); //dump_dev_visit_list(); + update_lan_ip(); check_appfilter_enable(); - //todo: dev list expire if (check_dev_expire()){ flush_expire_visit_info(); flush_dev_expire_node();