diff options
| author | Andrew Cady <d@jerkface.net> | 2020-08-21 08:01:08 -0400 |
|---|---|---|
| committer | Andrew Cady <d@jerkface.net> | 2020-08-21 08:01:58 -0400 |
| commit | 1c8ef41b1b7c42bcfe5625f6996d02a0e3dae5d0 (patch) | |
| tree | 312584112f4efea58bd09a5ead83814d87126af6 | |
| parent | de2f3dcbd8e5769c24e13cb2796bab006176e437 (diff) | |
Move rule check to separate function
Renamed some variables. Improved clarity of conditional.
| -rw-r--r-- | main.c | 50 |
1 files changed, 30 insertions, 20 deletions
| @@ -109,7 +109,7 @@ int allowed_toxid_cmp(allowed_toxid *a, allowed_toxid *b) | |||
| 109 | } | 109 | } |
| 110 | 110 | ||
| 111 | /* Comparison function for rule objects */ | 111 | /* Comparison function for rule objects */ |
| 112 | int rule_cmp(rule *a, rule *b) | 112 | int rule_match(rule *a, rule *b) |
| 113 | { | 113 | { |
| 114 | //log_printf(L_INFO, "Comparison result: %d %d\n", strcmp(a->host, b->host), (a->port == b->port)); | 114 | //log_printf(L_INFO, "Comparison result: %d %d\n", strcmp(a->host, b->host), (a->port == b->port)); |
| 115 | if ((strcmp(a->host, b->host)==0) && (a->port == b->port)) | 115 | if ((strcmp(a->host, b->host)==0) && (a->port == b->port)) |
| @@ -423,6 +423,34 @@ int handle_ping_frame(protocol_frame *rcvd_frame) | |||
| 423 | return 0; | 423 | return 0; |
| 424 | } | 424 | } |
| 425 | 425 | ||
| 426 | bool check_requested_tunnel_against_rules(char *hostname, in_port_t port) | ||
| 427 | { | ||
| 428 | switch(rules_policy) | ||
| 429 | { | ||
| 430 | case NONE: | ||
| 431 | return true; | ||
| 432 | case VALIDATE: | ||
| 433 | if(nrules > 0) | ||
| 434 | { | ||
| 435 | rule candidate, *found = NULL; | ||
| 436 | candidate.host = hostname; | ||
| 437 | candidate.port = port; | ||
| 438 | |||
| 439 | LL_SEARCH(rules, found, &candidate, rule_match); | ||
| 440 | if(!found) | ||
| 441 | { | ||
| 442 | log_printf(L_WARNING, "Rejected, request not in rules\n"); | ||
| 443 | } | ||
| 444 | return found; | ||
| 445 | } | ||
| 446 | log_printf(L_WARNING, "Filter option active but no allowed host/port. All requests will be dropped.\n"); | ||
| 447 | return false; | ||
| 448 | default: | ||
| 449 | log_printf(L_WARNING, "BUG: invalid rules_policy (impossible!)\n"); | ||
| 450 | return false; | ||
| 451 | } | ||
| 452 | } | ||
| 453 | |||
| 426 | int handle_request_tunnel_frame(protocol_frame *rcvd_frame) | 454 | int handle_request_tunnel_frame(protocol_frame *rcvd_frame) |
| 427 | { | 455 | { |
| 428 | char *hostname = NULL; | 456 | char *hostname = NULL; |
| @@ -450,30 +478,12 @@ int handle_request_tunnel_frame(protocol_frame *rcvd_frame) | |||
| 450 | 478 | ||
| 451 | log_printf(L_INFO, "Got a request to forward data from %s:%d\n", hostname, port); | 479 | log_printf(L_INFO, "Got a request to forward data from %s:%d\n", hostname, port); |
| 452 | 480 | ||
| 453 | // check rules | 481 | if (!check_requested_tunnel_against_rules(hostname, port)) |
| 454 | if(rules_policy == VALIDATE && nrules > 0) | ||
| 455 | { | 482 | { |
| 456 | rule temp_rule, *found = NULL; | ||
| 457 | temp_rule.host = hostname; | ||
| 458 | temp_rule.port = port; | ||
| 459 | |||
| 460 | LL_SEARCH(rules, found, &temp_rule, rule_cmp); | ||
| 461 | if(!found) | ||
| 462 | { | ||
| 463 | log_printf(L_WARNING, "Rejected, request not in rules\n"); | ||
| 464 | free(hostname); | ||
| 465 | return -1; | ||
| 466 | } | ||
| 467 | } | ||
| 468 | else if (rules_policy != NONE) | ||
| 469 | { | ||
| 470 | log_printf(L_WARNING, "Filter option active but no allowed host/port. All requests will be dropped.\n"); | ||
| 471 | free(hostname); | 483 | free(hostname); |
| 472 | return -1; | 484 | return -1; |
| 473 | } | 485 | } |
| 474 | 486 | ||
| 475 | |||
| 476 | |||
| 477 | tunnel_id = get_random_tunnel_id(); | 487 | tunnel_id = get_random_tunnel_id(); |
| 478 | log_printf(L_DEBUG, "Tunnel ID: %d\n", tunnel_id); | 488 | log_printf(L_DEBUG, "Tunnel ID: %d\n", tunnel_id); |
| 479 | 489 | ||