fix oaf enable status

oaf/src/af_log.c

@@ -8,6 +8,9 @@
 #include "af_log.h"
 int af_log_lvl = 1;
 int af_test_mode = 0;
+// todo: rename af_log.c
+int g_oaf_enable __read_mostly = 0;
+
 /* 
 	cat /proc/sys/oaf/debug
 */
@@ -26,6 +29,13 @@ static struct ctl_table oaf_table[] = {
 		.mode		= 0666,
 		.proc_handler	= proc_dointvec,
 	},
+	{
+		.procname	= "enable",
+		.data		= &g_oaf_enable,
+		.maxlen 	= sizeof(int),
+		.mode		= 0666,
+		.proc_handler	= proc_dointvec,
+	},
 	{
 	}
 };

oaf/src/app_filter.c

@@ -820,6 +820,9 @@ static u_int32_t app_filter_hook(unsigned int hook,
 #else
 	struct nf_conn *ct = (struct nf_conn *)skb->nfct;
 #endif
+	if (!g_oaf_enable){
+		return NF_ACCEPT;
+	}
 	if(ct == NULL) {
         return NF_ACCEPT;
     }

oaf/src/app_filter.h

@@ -112,4 +112,6 @@ void af_init_app_status(void);
 int af_get_app_status(int appid);
 int regexp_match(char *reg, char *text);
 
+extern int g_oaf_enable;
+
 #endif

open-app-filter/files/appfilter.sh

@@ -33,16 +33,20 @@ load_rule()
     config_get enable "global" enable
     echo "enable = $enable"	
     if [ x"$enable" != x"1" ];then
-	echo "appfilter is disabled"
-	return 0
-    fi 
+		echo "appfilter is disabled"
+		echo 0 >/proc/sys/oaf/enable>/dev/null
+		return 0
+    else
+		insmod oaf >/dev/null
+		echo 1 >/proc/sys/oaf/enable
+	fi
     echo "appfilter is enabled"
     json_add_int "op" 1
 
     json_add_object "data"
     json_add_array "apps"
 
-    for file in `ls /etc/appfilter/*.class`
+    for file in `ls /tmp/appfilter/*.class`
     do
 	class_name=`echo "$file" | awk -F/ '{print $4}'| awk -F. '{print $1}'`
 	config_get appid_list "appfilter" "${class_name}apps"

open-app-filter/files/gen_class.sh

@@ -13,7 +13,7 @@ do
         class=`echo $line| grep '#class' | awk '{print $2}'`
 	if ! test -z "$class";then
 		cur_class=$class
-		cur_class_file="/etc/appfilter/${cur_class}.class"
+		cur_class_file="/tmp/appfilter/${cur_class}.class"
 		if [ -e "$cur_class_file" ];then
 			rm $cur_class_file 
 		fi