diff options
author | Pietro Bonfa <bonfus@gmail.com> | 2016-10-08 14:10:47 +0200 |
---|---|---|
committer | Pietro Bonfa <bonfus@gmail.com> | 2016-10-08 14:10:47 +0200 |
commit | fd085c2862153d16443451d96fc56d2e67873e9e (patch) | |
tree | a26c78d7d73098e2f2e7556af84ce13ab6ee3756 | |
parent | 230e7ae1347fe613d63f3dca136128b29331f80d (diff) |
changed arguments for rules optoins
-rw-r--r-- | main.c | 49 |
1 files changed, 16 insertions, 33 deletions
@@ -33,6 +33,7 @@ char config_path[500] = "/etc/tuntox/"; | |||
33 | 33 | ||
34 | /* Limit hostname and port in server */ | 34 | /* Limit hostname and port in server */ |
35 | int nrules = 0; | 35 | int nrules = 0; |
36 | char rules_file[500] = "/etc/tuntox/rules"; | ||
36 | enum rules_policy_enum rules_policy = NONE; | 37 | enum rules_policy_enum rules_policy = NONE; |
37 | rule *rules = NULL; | 38 | rule *rules = NULL; |
38 | 39 | ||
@@ -445,9 +446,8 @@ int handle_request_tunnel_frame(protocol_frame *rcvd_frame) | |||
445 | } | 446 | } |
446 | 447 | ||
447 | } else if (rules_policy != NONE) { | 448 | } else if (rules_policy != NONE) { |
448 | log_printf(L_WARNING, "Filter option active but no allowed ports!\n"); | 449 | log_printf(L_WARNING, "Filter option active but no allowed host/port. All requests will be dropped.\n"); |
449 | log_printf(L_WARNING, "All requests will be dropped.\n"); | 450 | return -1; |
450 | return -1; | ||
451 | } | 451 | } |
452 | 452 | ||
453 | 453 | ||
@@ -774,22 +774,13 @@ void load_rules() | |||
774 | char * ahost=NULL; | 774 | char * ahost=NULL; |
775 | int aport=0; | 775 | int aport=0; |
776 | char line[100 + 1] = ""; | 776 | char line[100 + 1] = ""; |
777 | uint8_t path_tmp[512], path_real[512], *p; | ||
778 | FILE *file = NULL; | 777 | FILE *file = NULL; |
779 | rule *rule_obj = NULL; | 778 | rule *rule_obj = NULL; |
780 | 779 | ||
781 | 780 | file = fopen(rules_file, "r"); | |
782 | strncpy(path_real, config_path, sizeof(config_path)); | ||
783 | |||
784 | p = path_real + strlen(path_real); | ||
785 | memcpy(p, "rules", sizeof("rules")); | ||
786 | |||
787 | unsigned int path_len = (p - path_real) + sizeof("rules"); | ||
788 | |||
789 | file = fopen((char *)path_real, "r"); | ||
790 | 781 | ||
791 | if (file == NULL) { | 782 | if (file == NULL) { |
792 | log_printf(L_WARNING, "Could not open rules file!\n"); | 783 | log_printf(L_WARNING, "Could not open rules file (%s)\n", rules_file); |
793 | return; | 784 | return; |
794 | } | 785 | } |
795 | 786 | ||
@@ -1204,6 +1195,8 @@ void help() | |||
1204 | fprintf(stderr, "-p - ping the server from -i and exit\n"); | 1195 | fprintf(stderr, "-p - ping the server from -i and exit\n"); |
1205 | fprintf(stderr, "-C <dir> - save private key in <dir> instead of /etc/tuntox in server mode\n"); | 1196 | fprintf(stderr, "-C <dir> - save private key in <dir> instead of /etc/tuntox in server mode\n"); |
1206 | fprintf(stderr, "-s <secret> - shared secret used for connection authentication (max %u characters)\n", TOX_MAX_FRIEND_REQUEST_LENGTH-1); | 1197 | fprintf(stderr, "-s <secret> - shared secret used for connection authentication (max %u characters)\n", TOX_MAX_FRIEND_REQUEST_LENGTH-1); |
1198 | fprintf(stderr, "-f <file> - allows only connections to hostname/port combinations contained in <file>. Rules must by entered one per line with the <hostname>:<port> format\n"); | ||
1199 | fprintf(stderr, "-e <file> - same as -f, but force the connection to a randomly selected hostname/port combination of <file>, ignoring the client's request\n"); | ||
1207 | fprintf(stderr, "-d - debug mode\n"); | 1200 | fprintf(stderr, "-d - debug mode\n"); |
1208 | fprintf(stderr, "-q - quiet mode\n"); | 1201 | fprintf(stderr, "-q - quiet mode\n"); |
1209 | fprintf(stderr, "-S - send output to syslog instead of stderr\n"); | 1202 | fprintf(stderr, "-S - send output to syslog instead of stderr\n"); |
@@ -1225,7 +1218,7 @@ int main(int argc, char *argv[]) | |||
1225 | 1218 | ||
1226 | log_init(); | 1219 | log_init(); |
1227 | 1220 | ||
1228 | while ((oc = getopt(argc, argv, "L:pi:C:s:f:P:dqhSF:DU:")) != -1) | 1221 | while ((oc = getopt(argc, argv, "L:pi:C:s:f:e:P:dqhSF:DU:")) != -1) |
1229 | { | 1222 | { |
1230 | switch(oc) | 1223 | switch(oc) |
1231 | { | 1224 | { |
@@ -1299,24 +1292,14 @@ int main(int argc, char *argv[]) | |||
1299 | load_saved_toxid_in_client_mode = 1; | 1292 | load_saved_toxid_in_client_mode = 1; |
1300 | break; | 1293 | break; |
1301 | case 'f': | 1294 | case 'f': |
1302 | switch(optarg[0]) | 1295 | strncpy(rules_file, optarg, sizeof(rules_file) - 1); |
1303 | { | 1296 | rules_policy = VALIDATE; |
1304 | case 'E': | 1297 | log_printf(L_INFO, "Filter policy set to VALIDATE\n"); |
1305 | rules_policy = ENFORCE; | 1298 | break; |
1306 | log_printf(L_INFO, "Filter policy set to ENFORCE\n"); | 1299 | case 'e': |
1307 | break; | 1300 | strncpy(rules_file, optarg, sizeof(rules_file) - 1); |
1308 | case 'V': | 1301 | rules_policy = ENFORCE; |
1309 | rules_policy = VALIDATE; | 1302 | log_printf(L_INFO, "Filter policy set to ENFORCE\n"); |
1310 | log_printf(L_INFO, "Filter policy set to VALIDATE\n"); | ||
1311 | break; | ||
1312 | case 'N': | ||
1313 | rules_policy = NONE; | ||
1314 | log_printf(L_INFO, "Filter policy set to NONE\n"); | ||
1315 | break; | ||
1316 | default: | ||
1317 | log_printf(L_WARNING, "Invalid filter policy, reverting to ENFORCE."); | ||
1318 | rules_policy = ENFORCE; | ||
1319 | } | ||
1320 | break; | 1303 | break; |
1321 | case 's': | 1304 | case 's': |
1322 | /* Shared secret */ | 1305 | /* Shared secret */ |