Move process signal subscribe to Main

this is so that we can respond to signals with components outside of the
Firewall... in this case i'm thinking of the SOCKS proxy chain service
pull/19/head
David Stainton 9 years ago
parent 9c58cc315c
commit 61039af4e3

@ -60,6 +60,9 @@ type Firewall struct {
ruleLock sync.Mutex
rulesById map[uint]*Rule
nextRuleId uint
reloadRulesChan chan bool
stopChan chan bool
}
func (fw *Firewall) setEnabled(flag bool) {
@ -103,6 +106,14 @@ func (fw *Firewall) getRuleById(id uint) *Rule {
return fw.rulesById[id]
}
func (fw *Firewall) stop() {
fw.stopChan <- true
}
func (fw *Firewall) reloadRules() {
fw.reloadRulesChan <- true
}
func (fw *Firewall) runFilter() {
q := nfqueue.NewNFQueue(0)
defer q.Destroy()
@ -111,12 +122,6 @@ func (fw *Firewall) runFilter() {
q.Timeout = 5 * time.Minute
packets := q.Process()
sigKillChan := make(chan os.Signal, 1)
signal.Notify(sigKillChan, os.Interrupt, os.Kill)
sigHupChan := make(chan os.Signal, 1)
signal.Notify(sigHupChan, syscall.SIGHUP)
for {
select {
case pkt := <-packets:
@ -125,9 +130,9 @@ func (fw *Firewall) runFilter() {
} else {
pkt.Accept()
}
case <-sigHupChan:
case <-fw.reloadRulesChan:
fw.loadRules()
case <-sigKillChan:
case <-fw.stopChan:
return
}
}
@ -157,6 +162,8 @@ func main() {
enabled: true,
logBackend: logBackend,
policyMap: make(map[string]*Policy),
reloadRulesChan: make(chan bool, 0),
stopChan: make(chan bool, 0),
}
ds.fw = fw
@ -176,6 +183,24 @@ func main() {
}
wg := sync.WaitGroup{}
InitSocksListener(&socksConfig, &wg)
fw.runFilter()
// observe process signals and either
// reload rules or shutdown firewall service
sigKillChan := make(chan os.Signal, 1)
signal.Notify(sigKillChan, os.Interrupt, os.Kill)
sigHupChan := make(chan os.Signal, 1)
signal.Notify(sigHupChan, syscall.SIGHUP)
for {
select {
case <-sigHupChan:
fw.reloadRules()
// XXX perhaps restart SOCKS proxy chain service?
case <-sigKillChan:
fw.stop()
return
}
}
}

Loading…
Cancel
Save