From e5bf743ccb6f80b70a6017a39c30f7610012979b Mon Sep 17 00:00:00 2001 From: Pietro Bonfa Date: Wed, 5 Oct 2016 20:10:15 +0200 Subject: Added filter for hostname and port requests --- main.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'main.h') diff --git a/main.h b/main.h index 65494ef..c6579e2 100644 --- a/main.h +++ b/main.h @@ -73,6 +73,13 @@ typedef struct protocol_frame_t { uint8_t *data; } protocol_frame; +/* Rules policy */ +enum rules_policy_enum { ENFORCE, VALIDATE, NONE }; +typedef struct rule { + uint16_t port; + char * host; + struct rule *next; +} rule; /**** GLOBAL VARIABLES ****/ extern Tox *tox; -- cgit v1.2.3 From bb08cc0ae4789084f88586460c9c617fe6cbb328 Mon Sep 17 00:00:00 2001 From: Pietro Bonfa Date: Sun, 9 Oct 2016 18:31:39 +0200 Subject: removed enforce option --- main.c | 40 +++------------------------------------- main.h | 2 +- 2 files changed, 4 insertions(+), 38 deletions(-) (limited to 'main.h') diff --git a/main.c b/main.c index 7f9380f..5a5c82b 100644 --- a/main.c +++ b/main.c @@ -407,32 +407,7 @@ int handle_request_tunnel_frame(protocol_frame *rcvd_frame) log_printf(L_INFO, "Got a request to forward data from %s:%d\n", hostname, port); // check rules - if (rules_policy == ENFORCE && nrules > 0) { - // selects a random service - int r = rand() % nrules; - int i; - rule * rtmp = rules; - - for (i = 0; i < r; i++) - { - if (rtmp != NULL) - rtmp = rtmp->next; - } - - if (rtmp != NULL) { - port = rtmp->port; - hostname = strdup(rtmp->host); - } else { - log_printf(L_ERROR, "Could not find valid hostname/port. Dropping request.\n"); - return -1; - } - - log_printf(L_INFO, "ENFORCE policy enabled, using %s:%d\n", hostname, port); - - } else if (rules_policy == VALIDATE && nrules > 0 ) { - - - // new implementatio + if (rules_policy == VALIDATE && nrules > 0 ) { rule rtmp, *found = NULL; rtmp.host = hostname; @@ -444,7 +419,6 @@ int handle_request_tunnel_frame(protocol_frame *rcvd_frame) log_printf(L_WARNING, "Rejected, request not in rules\n"); return -1; } - } else if (rules_policy != NONE) { log_printf(L_WARNING, "Filter option active but no allowed host/port. All requests will be dropped.\n"); return -1; @@ -808,7 +782,6 @@ void load_rules() rule_obj->host = strdup(ahost); LL_APPEND(rules, rule_obj); - linen++; } else { log_printf(L_WARNING, "Invalid port in line: %s\n", line); @@ -824,8 +797,7 @@ void load_rules() nrules = linen; log_printf(L_INFO, "Loaded %d rules\n", nrules); - if (nrules==0 && - (rules_policy == ENFORCE || rules_policy == VALIDATE)){ + if (nrules==0 && rules_policy == VALIDATE){ log_printf(L_WARNING, "No rules loaded! NO CONNECTIONS WILL BE ALLOWED!\n"); } } @@ -1196,7 +1168,6 @@ void help() fprintf(stderr, "-C - save private key in instead of /etc/tuntox in server mode\n"); fprintf(stderr, "-s - shared secret used for connection authentication (max %u characters)\n", TOX_MAX_FRIEND_REQUEST_LENGTH-1); fprintf(stderr, "-f - allows only connections to hostname/port combinations contained in . Rules must by entered one per line with the : format\n"); - fprintf(stderr, "-e - same as -f, but force the connection to a randomly selected hostname/port combination of , ignoring the client's request\n"); fprintf(stderr, "-d - debug mode\n"); fprintf(stderr, "-q - quiet mode\n"); fprintf(stderr, "-S - send output to syslog instead of stderr\n"); @@ -1218,7 +1189,7 @@ int main(int argc, char *argv[]) log_init(); - while ((oc = getopt(argc, argv, "L:pi:C:s:f:e:P:dqhSF:DU:")) != -1) + while ((oc = getopt(argc, argv, "L:pi:C:s:f:P:dqhSF:DU:")) != -1) { switch(oc) { @@ -1296,11 +1267,6 @@ int main(int argc, char *argv[]) rules_policy = VALIDATE; log_printf(L_INFO, "Filter policy set to VALIDATE\n"); break; - case 'e': - strncpy(rules_file, optarg, sizeof(rules_file) - 1); - rules_policy = ENFORCE; - log_printf(L_INFO, "Filter policy set to ENFORCE\n"); - break; case 's': /* Shared secret */ use_shared_secret = 1; diff --git a/main.h b/main.h index c6579e2..329135f 100644 --- a/main.h +++ b/main.h @@ -74,7 +74,7 @@ typedef struct protocol_frame_t { } protocol_frame; /* Rules policy */ -enum rules_policy_enum { ENFORCE, VALIDATE, NONE }; +enum rules_policy_enum { VALIDATE, NONE }; typedef struct rule { uint16_t port; char * host; -- cgit v1.2.3