changed arguments for rules optoins

author: Pietro Bonfa <bonfus@gmail.com> 2016-10-08 14:10:47 +0200
committer: Pietro Bonfa <bonfus@gmail.com> 2016-10-08 14:10:47 +0200
commit: fd085c2862153d16443451d96fc56d2e67873e9e (patch)
tree: a26c78d7d73098e2f2e7556af84ce13ab6ee3756
parent: 230e7ae1347fe613d63f3dca136128b29331f80d (diff)
1 files changed, 16 insertions, 33 deletions
diff --git a/main.c b/main.c
index f4ec7f6..7f9380f 100644
--- a/main.c
+++ b/main.c
@@ -33,6 +33,7 @@ char config_path[500] = "/etc/tuntox/";
 /* Limit hostname and port in server */
 int nrules = 0;
+char rules_file[500] = "/etc/tuntox/rules";
 enum rules_policy_enum rules_policy = NONE;
 rule *rules = NULL;
@@ -445,9 +446,8 @@ int handle_request_tunnel_frame(protocol_frame *rcvd_frame)
        }
        
    } else if (rules_policy != NONE) {
-        log_printf(L_WARNING, "Filter option active but no allowed ports!\n");
+        log_printf(L_WARNING, "Filter option active but no allowed host/port. All requests will be dropped.\n");
-        log_printf(L_WARNING, "All requests will be dropped.\n");
+        return -1;
-        return -1;        
    }
@@ -774,22 +774,13 @@ void load_rules()
    char * ahost=NULL;
    int aport=0;
    char line[100 + 1] = "";
-    uint8_t path_tmp[512], path_real[512], *p;
    FILE *file = NULL;
    rule *rule_obj = NULL;
+    file = fopen(rules_file, "r");
-    strncpy(path_real, config_path, sizeof(config_path));
-    p = path_real + strlen(path_real);
-    memcpy(p, "rules", sizeof("rules"));
-    unsigned int path_len = (p - path_real) + sizeof("rules");
-    file = fopen((char *)path_real, "r");
    
    if (file == NULL) {
-        log_printf(L_WARNING, "Could not open rules file!\n");
+        log_printf(L_WARNING, "Could not open rules file (%s)\n", rules_file);
        return;
    }
    
@@ -1204,6 +1195,8 @@ void help()
    fprintf(stderr, "-p - ping the server from -i and exit\n");
    fprintf(stderr, "-C <dir> - save private key in <dir> instead of /etc/tuntox in server mode\n");
    fprintf(stderr, "-s <secret> - shared secret used for connection authentication (max %u characters)\n", TOX_MAX_FRIEND_REQUEST_LENGTH-1);
+    fprintf(stderr, "-f <file> - allows only connections to hostname/port combinations contained in <file>. Rules must by entered one per line with the <hostname>:<port> format\n");
+    fprintf(stderr, "-e <file> - same as -f, but force the connection to a randomly selected hostname/port combination of <file>, ignoring the client's request\n");
    fprintf(stderr, "-d - debug mode\n");
    fprintf(stderr, "-q - quiet mode\n");
    fprintf(stderr, "-S - send output to syslog instead of stderr\n");
@@ -1225,7 +1218,7 @@ int main(int argc, char *argv[])
    log_init();
-    while ((oc = getopt(argc, argv, "L:pi:C:s:f:P:dqhSF:DU:")) != -1)
+    while ((oc = getopt(argc, argv, "L:pi:C:s:f:e:P:dqhSF:DU:")) != -1)
    {
        switch(oc)
        {
@@ -1299,24 +1292,14 @@ int main(int argc, char *argv[])
                load_saved_toxid_in_client_mode = 1;
                break;
            case 'f':
-                switch(optarg[0])
+                strncpy(rules_file, optarg, sizeof(rules_file) - 1);
-                {
+                rules_policy = VALIDATE;
-                    case 'E':
+                log_printf(L_INFO, "Filter policy set to VALIDATE\n");
-                        rules_policy = ENFORCE;
+                break;
-                        log_printf(L_INFO, "Filter policy set to ENFORCE\n");
+            case 'e':
-                        break;
+                strncpy(rules_file, optarg, sizeof(rules_file) - 1);
-                    case 'V':
+                rules_policy = ENFORCE;
-                        rules_policy = VALIDATE;
+                log_printf(L_INFO, "Filter policy set to ENFORCE\n");
-                        log_printf(L_INFO, "Filter policy set to VALIDATE\n");
-                        break;
-                    case 'N':
-                        rules_policy = NONE;
-                        log_printf(L_INFO, "Filter policy set to NONE\n");
-                        break;
-                    default:
-                        log_printf(L_WARNING, "Invalid filter policy, reverting to ENFORCE.");
-                        rules_policy = ENFORCE;
-                }
                break;
            case 's':
                /* Shared secret */
author	Pietro Bonfa <bonfus@gmail.com>	2016-10-08 14:10:47 +0200
committer	Pietro Bonfa <bonfus@gmail.com>	2016-10-08 14:10:47 +0200
commit	fd085c2862153d16443451d96fc56d2e67873e9e (patch)
tree	a26c78d7d73098e2f2e7556af84ce13ab6ee3756
parent	230e7ae1347fe613d63f3dca136128b29331f80d (diff)

diff --git a/main.c b/main.c index f4ec7f6..7f9380f 100644 --- a/main.c +++ b/main.c
@@ -33,6 +33,7 @@ char config_path[500] = "/etc/tuntox/";
33		33
34	/* Limit hostname and port in server */	34	/* Limit hostname and port in server */
35	int nrules = 0;	35	int nrules = 0;
		36	char rules_file[500] = "/etc/tuntox/rules";
36	enum rules_policy_enum rules_policy = NONE;	37	enum rules_policy_enum rules_policy = NONE;
37	rule *rules = NULL;	38	rule *rules = NULL;
38		39
@@ -445,9 +446,8 @@ int handle_request_tunnel_frame(protocol_frame *rcvd_frame)
445	}	446	}
446		447
447	} else if (rules_policy != NONE) {	448	} else if (rules_policy != NONE) {
448	log_printf(L_WARNING, "Filter option active but no allowed ports!\n");	449	log_printf(L_WARNING, "Filter option active but no allowed host/port. All requests will be dropped.\n");
449	log_printf(L_WARNING, "All requests will be dropped.\n");	450	return -1;
450	return -1;
451	}	451	}
452		452
453		453
@@ -774,22 +774,13 @@ void load_rules()
774	char * ahost=NULL;	774	char * ahost=NULL;
775	int aport=0;	775	int aport=0;
776	char line[100 + 1] = "";	776	char line[100 + 1] = "";
777	uint8_t path_tmp[512], path_real[512], *p;
778	FILE *file = NULL;	777	FILE *file = NULL;
779	rule *rule_obj = NULL;	778	rule *rule_obj = NULL;
780		779
781		780	file = fopen(rules_file, "r");
782	strncpy(path_real, config_path, sizeof(config_path));
783
784	p = path_real + strlen(path_real);
785	memcpy(p, "rules", sizeof("rules"));
786
787	unsigned int path_len = (p - path_real) + sizeof("rules");
788
789	file = fopen((char *)path_real, "r");
790		781
791	if (file == NULL) {	782	if (file == NULL) {
792	log_printf(L_WARNING, "Could not open rules file!\n");	783	log_printf(L_WARNING, "Could not open rules file (%s)\n", rules_file);
793	return;	784	return;
794	}	785	}
795		786
@@ -1204,6 +1195,8 @@ void help()
1204	fprintf(stderr, "-p - ping the server from -i and exit\n");	1195	fprintf(stderr, "-p - ping the server from -i and exit\n");
1205	fprintf(stderr, "-C <dir> - save private key in <dir> instead of /etc/tuntox in server mode\n");	1196	fprintf(stderr, "-C <dir> - save private key in <dir> instead of /etc/tuntox in server mode\n");
1206	fprintf(stderr, "-s <secret> - shared secret used for connection authentication (max %u characters)\n", TOX_MAX_FRIEND_REQUEST_LENGTH-1);	1197	fprintf(stderr, "-s <secret> - shared secret used for connection authentication (max %u characters)\n", TOX_MAX_FRIEND_REQUEST_LENGTH-1);
		1198	fprintf(stderr, "-f <file> - allows only connections to hostname/port combinations contained in <file>. Rules must by entered one per line with the <hostname>:<port> format\n");
		1199	fprintf(stderr, "-e <file> - same as -f, but force the connection to a randomly selected hostname/port combination of <file>, ignoring the client's request\n");
1207	fprintf(stderr, "-d - debug mode\n");	1200	fprintf(stderr, "-d - debug mode\n");
1208	fprintf(stderr, "-q - quiet mode\n");	1201	fprintf(stderr, "-q - quiet mode\n");
1209	fprintf(stderr, "-S - send output to syslog instead of stderr\n");	1202	fprintf(stderr, "-S - send output to syslog instead of stderr\n");
@@ -1225,7 +1218,7 @@ int main(int argc, char *argv[])
1225		1218
1226	log_init();	1219	log_init();
1227		1220
1228	while ((oc = getopt(argc, argv, "L:pi:C:s:f:P:dqhSF:DU:")) != -1)	1221	while ((oc = getopt(argc, argv, "L:pi:C:s:f:e:P:dqhSF:DU:")) != -1)
1229	{	1222	{
1230	switch(oc)	1223	switch(oc)
1231	{	1224	{
@@ -1299,24 +1292,14 @@ int main(int argc, char *argv[])
1299	load_saved_toxid_in_client_mode = 1;	1292	load_saved_toxid_in_client_mode = 1;
1300	break;	1293	break;
1301	case 'f':	1294	case 'f':
1302	switch(optarg[0])	1295	strncpy(rules_file, optarg, sizeof(rules_file) - 1);
1303	{	1296	rules_policy = VALIDATE;
1304	case 'E':	1297	log_printf(L_INFO, "Filter policy set to VALIDATE\n");
1305	rules_policy = ENFORCE;	1298	break;
1306	log_printf(L_INFO, "Filter policy set to ENFORCE\n");	1299	case 'e':
1307	break;	1300	strncpy(rules_file, optarg, sizeof(rules_file) - 1);
1308	case 'V':	1301	rules_policy = ENFORCE;
1309	rules_policy = VALIDATE;	1302	log_printf(L_INFO, "Filter policy set to ENFORCE\n");
1310	log_printf(L_INFO, "Filter policy set to VALIDATE\n");
1311	break;
1312	case 'N':
1313	rules_policy = NONE;
1314	log_printf(L_INFO, "Filter policy set to NONE\n");
1315	break;
1316	default:
1317	log_printf(L_WARNING, "Invalid filter policy, reverting to ENFORCE.");
1318	rules_policy = ENFORCE;
1319	}
1320	break;	1303	break;
1321	case 's':	1304	case 's':
1322	/* Shared secret */	1305	/* Shared secret */