From 61039af4e39798f857ffd5a0dd51f005915e6e7d Mon Sep 17 00:00:00 2001
From: David Stainton <dstainton415@gmail.com>
Date: Mon, 30 May 2016 21:52:19 +0000
Subject: [PATCH] Move process signal subscribe to Main

this is so that we can respond to signals with components outside of the
Firewall... in this case i'm thinking of the SOCKS proxy chain service
---
 main.go | 53 +++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 39 insertions(+), 14 deletions(-)

diff --git a/main.go b/main.go
index 3caf134..09ff35e 100644
--- a/main.go
+++ b/main.go
@@ -60,6 +60,9 @@ type Firewall struct {
 	ruleLock   sync.Mutex
 	rulesById  map[uint]*Rule
 	nextRuleId uint
+
+	reloadRulesChan chan bool
+	stopChan        chan bool
 }
 
 func (fw *Firewall) setEnabled(flag bool) {
@@ -103,6 +106,14 @@ func (fw *Firewall) getRuleById(id uint) *Rule {
 	return fw.rulesById[id]
 }
 
+func (fw *Firewall) stop() {
+	fw.stopChan <- true
+}
+
+func (fw *Firewall) reloadRules() {
+	fw.reloadRulesChan <- true
+}
+
 func (fw *Firewall) runFilter() {
 	q := nfqueue.NewNFQueue(0)
 	defer q.Destroy()
@@ -111,12 +122,6 @@ func (fw *Firewall) runFilter() {
 	q.Timeout = 5 * time.Minute
 	packets := q.Process()
 
-	sigKillChan := make(chan os.Signal, 1)
-	signal.Notify(sigKillChan, os.Interrupt, os.Kill)
-
-	sigHupChan := make(chan os.Signal, 1)
-	signal.Notify(sigHupChan, syscall.SIGHUP)
-
 	for {
 		select {
 		case pkt := <-packets:
@@ -125,9 +130,9 @@ func (fw *Firewall) runFilter() {
 			} else {
 				pkt.Accept()
 			}
-		case <-sigHupChan:
+		case <-fw.reloadRulesChan:
 			fw.loadRules()
-		case <-sigKillChan:
+		case <-fw.stopChan:
 			return
 		}
 	}
@@ -152,11 +157,13 @@ func main() {
 	}
 
 	fw := &Firewall{
-		dbus:       ds,
-		dns:        NewDnsCache(),
-		enabled:    true,
-		logBackend: logBackend,
-		policyMap:  make(map[string]*Policy),
+		dbus:            ds,
+		dns:             NewDnsCache(),
+		enabled:         true,
+		logBackend:      logBackend,
+		policyMap:       make(map[string]*Policy),
+		reloadRulesChan: make(chan bool, 0),
+		stopChan:        make(chan bool, 0),
 	}
 	ds.fw = fw
 
@@ -176,6 +183,24 @@ func main() {
 	}
 	wg := sync.WaitGroup{}
 	InitSocksListener(&socksConfig, &wg)
-
 	fw.runFilter()
+
+	// observe process signals and either
+	// reload rules or shutdown firewall service
+	sigKillChan := make(chan os.Signal, 1)
+	signal.Notify(sigKillChan, os.Interrupt, os.Kill)
+
+	sigHupChan := make(chan os.Signal, 1)
+	signal.Notify(sigHupChan, syscall.SIGHUP)
+
+	for {
+		select {
+		case <-sigHupChan:
+			fw.reloadRules()
+			// XXX perhaps restart SOCKS proxy chain service?
+		case <-sigKillChan:
+			fw.stop()
+			return
+		}
+	}
 }