← Back to team overview

hipl-core team mailing list archive

[Branch ~hipl-core/hipl/trunk] Rev 4929: Cleaned up hipfw startup.

 

Merge authors:
  Christof Mroz (christof-mroz)
------------------------------------------------------------
revno: 4929 [merge]
committer: Christof Mroz <christof.mroz@xxxxxxxxxxxxxx>
branch nick: trunk
timestamp: Mon 2010-09-13 16:02:38 +0200
message:
  Cleaned up hipfw startup.
  
  Avoid memleaks and NULL dereference.
  Remove die() since it's not used anymore.
modified:
  firewall/firewall.c


--
lp:hipl
https://code.launchpad.net/~hipl-core/hipl/trunk

Your team HIPL core team is subscribed to branch lp:hipl.
To unsubscribe from this branch go to https://code.launchpad.net/~hipl-core/hipl/trunk/+edit-subscription
=== modified file 'firewall/firewall.c'
--- firewall/firewall.c	2010-09-09 00:54:32 +0000
+++ firewall/firewall.c	2010-09-09 01:39:39 +0000
@@ -666,12 +666,13 @@
 
     HIP_DEBUG("Firewall exit\n");
 
-    msg = hip_msg_alloc();
-    if (hip_build_user_hdr(msg, HIP_MSG_FIREWALL_QUIT, 0) ||
-        hip_send_recv_daemon_info(msg, 1, hip_fw_sock)) {
-        HIP_DEBUG("Failed to notify hipd of firewall shutdown.\n");
+    if ((msg = hip_msg_alloc()) != NULL) {
+        if (hip_build_user_hdr(msg, HIP_MSG_FIREWALL_QUIT, 0) ||
+            hip_send_recv_daemon_info(msg, 1, hip_fw_sock)) {
+            HIP_DEBUG("Failed to notify hipd of firewall shutdown.\n");
+        }
+        free(msg);
     }
-    free(msg);
 
     hip_firewall_cache_delete_hldb(1);
     hip_firewall_port_cache_uninit_hldb();
@@ -704,14 +705,6 @@
     exit(EXIT_SUCCESS);
 }
 
-static void die(struct ipq_handle *h)
-{
-    HIP_DEBUG("Dying by sending SIGTERM to self\n");
-    ipq_perror("passer");
-    ipq_destroy_handle(h);
-    kill(getpid(), SIGTERM);
-}
-
 /**
  * Increases the netlink buffer capacity.
  *
@@ -1930,7 +1923,7 @@
 int main(int argc, char **argv)
 {
     int err                = 0, highest_descriptor, i;
-    int status, n, len;
+    int n, len;
     struct ipq_handle *h4  = NULL, *h6 = NULL;
     int ch;
     char *rule_file        = NULL;
@@ -2128,63 +2121,37 @@
     firewall_probe_kernel_modules();
 
     // create firewall queue handles for IPv4 traffic
-    // FIXME died handle will still be used below
-    // FIXME memleak - not free'd on exit
-    h4 = ipq_create_handle(0, PF_INET);
-
-    if (!h4) {
-        die(h4);
-    }
-
-    HIP_DEBUG("IPv4 handle created\n");
-
-    status = ipq_set_mode(h4, IPQ_COPY_PACKET, HIP_MAX_PACKET);
-
-    if (status < 0) {
-        die(h4);
-    }
-    HIP_DEBUG("IPv4 handle mode COPY_PACKET set\n");
+    HIP_IFEL(!(h4 = ipq_create_handle(0, PF_INET)), -1,
+             "ipq_create_handle(): %s\n", ipq_errstr());
+    HIP_IFEL(ipq_set_mode(h4, IPQ_COPY_PACKET, HIP_MAX_PACKET) == -1, -1,
+             "ipq_set_mode(): %s\n", ipq_errstr());
+    HIP_DEBUG("IPv4 handle created (mode COPY_PACKET)\n");
 
     // create firewall queue handles for IPv6 traffic
-    // FIXME died handle will still be used below
-    // FIXME memleak - not free'd on exit
-    h6 = ipq_create_handle(0, PF_INET6);
-
-    if (!h6) {
-        die(h6);
-    }
-    HIP_DEBUG("IPv6 handle created\n");
-    status = ipq_set_mode(h6, IPQ_COPY_PACKET, HIP_MAX_PACKET);
-
-    if (status < 0) {
-        die(h6);
-    }
-    HIP_DEBUG("IPv6 handle mode COPY_PACKET set\n");
+    HIP_IFEL(!(h6 = ipq_create_handle(0, PF_INET6)), -1,
+             "ipq_create_handle(): %s\n", ipq_errstr());
+    HIP_IFEL(ipq_set_mode(h6, IPQ_COPY_PACKET, HIP_MAX_PACKET) == -1, -1,
+             "ipq_set_mode(): %s\n", ipq_errstr());
+    HIP_DEBUG("IPv6 handle created (mode COPY_PACKET)\n");
 
     // set up ip(6)tables rules and firewall extensions
     HIP_IFEL(firewall_init(), -1, "Firewall init failed\n");
 
-    /* Allocate message. */
-    // FIXME memleak - not free'd on exit
-    msg = hip_msg_alloc();
-    if (!msg) {
-        err = -1;
-        return err;
-    }
-
     if (limit_capabilities) {
-        HIP_IFEL(hip_set_lowcapability(), -1, "Failed to reduce priviledges");
+        HIP_IFEL(hip_set_lowcapability(), -1, "Failed to reduce privileges\n");
     }
 
     highest_descriptor = maxof(3, hip_fw_async_sock, h4->fd, h6->fd);
 
+    /* Allocate message. */
+    HIP_IFEL(!(msg = hip_msg_alloc()), -1, "Insufficient memory\n");
+
     hip_msg_init(msg);
     HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_FIREWALL_START, 0), -1,
              "build user hdr\n");
     if (hip_send_recv_daemon_info(msg, 1, hip_fw_sock)) {
         HIP_DEBUG("Failed to notify hipd of firewall start.\n");
     }
-    hip_msg_init(msg);
 
     // let's show that the firewall is running even with debug NONE
     HIP_DEBUG("firewall running. Entering select loop.\n");
@@ -2295,6 +2262,12 @@
     }
 
 out_err:
+    if(h4) {
+        ipq_destroy_handle(h4);
+    }
+    if(h6) {
+        ipq_destroy_handle(h6);
+    }
     if (hip_fw_async_sock) {
         close(hip_fw_async_sock);
     }
@@ -2306,7 +2279,7 @@
     }
 
     firewall_exit();
-    return 0;
+    return err;
 }
 
 /*----------------EXTERNALLY USED FUNCTIONS-------------------*/


Follow ups