From b3f564e58ce5616a66f0c729072ffcf7b089913d Mon Sep 17 00:00:00 2001 From: joshuafc Date: Tue, 17 Nov 2020 04:27:42 +0800 Subject: [PATCH] Traffic Restrictions, Pass Build on CircleCI and local Windows 10 VS2019 (#499) * Add new file 'network_traffic_filter.c/.h" * Add feature to drop or accept specific packet transmit over edge network interface by rules. * fix CMakeLists.txt typo * Update Rule String Format * replace -F (filter) with -R (rule) for traffic restrictions. * Update edge help (-h) message. Update documents. * Pass Build on CircleCI and local Windows 10 VS2019 * Fix cmake build failed because of sn_selection * fix operate void* cause vs2016 build failed * Fix typo to pass build on windows. * add inttypes.h for n2n_typedefs.h to pass windows build * modify headers to pass build on windows. --- .ci/build-project.ps1 | 45 +++++ .ci/install-vcpkg.ps1 | 38 ++++ .circleci/config.yml | 39 ++++ CMakeLists.txt | 3 +- include/n2n.h | 70 +------ include/n2n_typedefs.h | 304 +++++++++++++++++++------------ include/network_traffic_filter.h | 17 +- src/edge.c | 5 - src/edge_utils.c | 22 +-- src/network_traffic_filter.c | 44 ++--- win32/n2n_win32.h | 32 ---- 11 files changed, 343 insertions(+), 276 deletions(-) create mode 100644 .ci/build-project.ps1 create mode 100644 .ci/install-vcpkg.ps1 create mode 100644 .circleci/config.yml diff --git a/.ci/build-project.ps1 b/.ci/build-project.ps1 new file mode 100644 index 0000000..b0d7643 --- /dev/null +++ b/.ci/build-project.ps1 @@ -0,0 +1,45 @@ +# Build project. +# +# The script assumes that it will be called from inside the project directory. +# +# Usage: .ci\build-project.ps1 [vcpkg-directory [build-directory-name]] +# - vcpkg-directory: Optional full path to Vcpkg directory. Default: $HOME\vcpkg +# - build-directory-name: Optional name of build directory. Default: build. +# Can only be set of vcpkg-directory is set as well. +# +# Example 1: .ci\build-project.ps1 +# Example 2: .ci\build-project.ps1 $HOME\vcpkg-clang +# Example 3: .ci\build-project.ps1 $HOME\vcpkg-clang build-clang + +$ErrorActionPreference="Stop" + +$VCPKG_DIR=$args[0] +$BUILD_DIR=$args[1] + +if ($null -eq $VCPKG_DIR) { $VCPKG_DIR="$HOME\vcpkg" } +if ($null -eq $BUILD_DIR) { $BUILD_DIR="build" } + +# only pass toolchain file to CMake if Vcpkg is installed +if (Test-Path "$VCPKG_DIR" -PathType Container) { + $TOOLCHAIN="$VCPKG_DIR\scripts\buildsystems\vcpkg.cmake" +} else { + $TOOLCHAIN="False" +} + +Write-Host "---- build-project.ps1 ----" +Write-Host "VCPKG_DIR: $VCPKG_DIR" +Write-Host "BUILD_DIR: $BUILD_DIR" +Write-Host "CMAKE_TOOLCHAIN_FILE: $TOOLCHAIN" +Write-Host "---------------------------" + +if (-not (Get-Command cmake -ErrorAction SilentlyContinue)) { + New-Alias -Name cmake -Value "$Env:ProgramFiles\CMake\bin\cmake.exe" +} + +New-Item -Name $BUILD_DIR -ItemType Directory +Push-Location $BUILD_DIR +$ErrorActionPreference = "Stop"; +cmake -DCMAKE_BUILD_TYPE=Release -DVCPKG_TARGET_TRIPLET=x64-windows -DCMAKE_TOOLCHAIN_FILE="$TOOLCHAIN" .. +cmake --build . --config Release +if ($LASTEXITCODE) { Throw "BUILD FAILED!" } +Pop-Location \ No newline at end of file diff --git a/.ci/install-vcpkg.ps1 b/.ci/install-vcpkg.ps1 new file mode 100644 index 0000000..a9f4bc1 --- /dev/null +++ b/.ci/install-vcpkg.ps1 @@ -0,0 +1,38 @@ + +# Build Vcpkg and install dependency packages. +# +# Usage: .ci\install-vcpkg.ps1 [vcpkg directory name] +# - project directory: Path to the project sources where the .vcpkg file is located. +# - vcpkg directory name: optional name of directory where Vcpkg will be clone'd into +# +# Example 1: .ci\install-vcpkg.ps1 $Env:GITHUB_WORKSPACE +# Example 2: .ci\install-vcpkg.ps1 $Env:APPVEYOR_BUILD_FOLDER vcpkg-msvc + +$ErrorActionPreference="Stop" + +if ($args.Count -lt 1) { Exit 1 } + +$PROJECT_DIR=$args[0] +$VCPKG_DIR=$args[1] + +if ($null -eq $VCPKG_DIR) { $VCPKG_DIR="vcpkg" } + +# do nothing if .vcpkg file doesn't exist +if (-not (Test-Path "$PROJECT_DIR\.vcpkg" -PathType Leaf)) { Write-Host ".vcpkg file does not exist, skipping Vcpkg installation."; Exit 0 } + +Write-Host "---- install-vcpkg.ps1 ----" +Write-Host "PROJECT_DIR: $PROJECT_DIR" +Write-Host "VCPKG_DIR: $VCPKG_DIR" +Write-Host "---------------------------" + +if (-not (Get-Command git -ErrorAction SilentlyContinue)) { + New-Alias -Name git -Value "$Env:ProgramFiles\Git\bin\git.exe" +} + +Push-Location "$HOME" +git clone --quiet --depth 1 https://github.com/Microsoft/vcpkg.git $VCPKG_DIR +Set-Location $VCPKG_DIR +.\bootstrap-vcpkg.bat -disableMetrics +$packages = Get-Content "$PROJECT_DIR\.vcpkg" +.\vcpkg.exe install --triplet x64-windows $packages +Pop-Location \ No newline at end of file diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..dde6512 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,39 @@ +version: 2.1 + +orbs: + win: circleci/windows@2.4.0 + +jobs: + linux-gcc: + machine: + image: ubuntu-1604:201903-01 + steps: + - checkout + - run: + name: Install Software + command: | + sudo apt-get update + sudo apt-get install -y cmake build-essential + mkdir build + cd build + cmake .. + make + windows-msvc: + executor: win/default + steps: + - checkout + - run: + name: Download CMake + command: | + $ProgressPreference = "SilentlyContinue" + Invoke-WebRequest -URI https://github.com/Kitware/CMake/releases/download/v3.16.4/cmake-3.16.4-win64-x64.zip -OutFile $Env:HOMEPATH\cmake-3.16.4-win64-x64.zip + Expand-Archive $Env:HOMEPATH\cmake-3.16.4-win64-x64.zip -DestinationPath "$Env:ProgramFiles" + Rename-Item "$Env:ProgramFiles\cmake-3.16.4-win64-x64" -NewName CMake + - run: .ci\install-vcpkg.ps1 "$Env:CIRCLE_WORKING_DIRECTORY" + - run: .ci\build-project.ps1 +workflows: + version: 2 + run-all: + jobs: + - linux-gcc + - windows-msvc \ No newline at end of file diff --git a/CMakeLists.txt b/CMakeLists.txt index d35ea8d..936bb98 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -115,7 +115,8 @@ add_library(n2n STATIC src/tuntap_linux.c src/tuntap_osx.c src/n2n_regex.c - src/network_traffic_filter.c) + src/network_traffic_filter.c + src/sn_selection.c) if(N2N_OPTION_AES) diff --git a/include/n2n.h b/include/n2n.h index 49c123e..a16e6fd 100644 --- a/include/n2n.h +++ b/include/n2n.h @@ -98,59 +98,6 @@ #include #include -#define ETH_ADDR_LEN 6 - -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) -#include -#endif - -#ifdef __OpenBSD__ -#include -#define __BYTE_ORDER BYTE_ORDER -#if BYTE_ORDER == LITTLE_ENDIAN -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#endif /* __LITTLE_ENDIAN__ */ -#else -#define __BIG_ENDIAN__ -#endif/* BYTE_ORDER */ -#endif/* __OPENBSD__ */ - - -#if __BYTE_ORDER == __LITTLE_ENDIAN -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#endif -#else -#ifndef __BIG_ENDIAN__ -#define __BIG_ENDIAN__ -#endif -#endif - -#ifdef WIN32 -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ 1 -#endif -#endif - -#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) -#if defined(__mips__) -#undef __LITTLE_ENDIAN__ -#undef __LITTLE_ENDIAN -#define __BIG_ENDIAN__ -#endif - -/* Everything else */ -#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) -#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#else -#define __BIG_ENDIAN__ -#endif -#endif - -#endif - #ifdef HAVE_LIBZSTD #include #endif @@ -199,22 +146,7 @@ #include "speck.h" #include "n2n_regex.h" #include "sn_selection.h" - -//rule_str format: src_ip/len:[b_port,e_port],dst_ip/len:[s_port,e_port],TCP+/-,UDP+/-,ICMP+/- -// -//ip/len indicate a cidr block, len can be ignore, means single ip (not cidr block) will be use in filter rule. -// -//'+','-' after proto type indicate allow or disallow that proto transmit packet. if any of above three proto missed, it will be disallow. -// -//[s_port,e_port] can be instead by single port number, if not specify, 0-65535 ports will be used. ports range include start_port and end_port. -// -//examples: -//192.168.1.5/32:[0,65535],192.168.0.0/24:[8081,65535],TCP-,UDP-,ICMP+ -//192.168.1.5:[0,65535],192.168.0.0/24:8000,ICMP+ -//192.168.1.5,192.168.0.7 // packets by all proto of all ports from 192.158.1.5 to any ports of 192.168.0.7 will be disallow(dropped). -// -// for impl, see: network_traffic_filter.c -uint8_t process_traffic_filter_rule_str(const char* rule_str, filter_rule_t* rule_struct); +#include "network_traffic_filter.h" /* ************************************** */ diff --git a/include/n2n_typedefs.h b/include/n2n_typedefs.h index 8053d07..b02a044 100644 --- a/include/n2n_typedefs.h +++ b/include/n2n_typedefs.h @@ -19,61 +19,7 @@ #ifndef _N2N_TYPEDEFS_H_ #define _N2N_TYPEDEFS_H_ -struct ether_hdr -{ - uint8_t dhost[ETH_ADDR_LEN]; - uint8_t shost[ETH_ADDR_LEN]; - uint16_t type; /* higher layer protocol encapsulated */ -} __attribute__ ((__packed__)); -typedef struct ether_hdr ether_hdr_t; - -/* *************************************** */ - -struct n2n_iphdr { -#if defined(__LITTLE_ENDIAN__) - u_int8_t ihl:4, version:4; -#elif defined(__BIG_ENDIAN__) - u_int8_t version:4, ihl:4; -#else -# error "Byte order must be defined" -#endif - u_int8_t tos; - u_int16_t tot_len; - u_int16_t id; - u_int16_t frag_off; - u_int8_t ttl; - u_int8_t protocol; - u_int16_t check; - u_int32_t saddr; - u_int32_t daddr; -} __attribute__ ((__packed__)); - -struct n2n_tcphdr -{ - u_int16_t source; - u_int16_t dest; - u_int32_t seq; - u_int32_t ack_seq; -#if defined(__LITTLE_ENDIAN__) - u_int16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1; -#elif defined(__BIG_ENDIAN__) - u_int16_t doff:4, res1:4, cwr:1, ece:1, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1; -#else -# error "Byte order must be defined" -#endif - u_int16_t window; - u_int16_t check; - u_int16_t urg_ptr; -} __attribute__ ((__packed__)); - -struct n2n_udphdr -{ - u_int16_t source; - u_int16_t dest; - u_int16_t len; - u_int16_t check; -} __attribute__ ((__packed__)); typedef uint8_t n2n_community_t[N2N_COMMUNITY_SIZE]; typedef uint8_t n2n_mac_t[N2N_MAC_SIZE]; @@ -81,6 +27,186 @@ typedef uint8_t n2n_cookie_t[N2N_COOKIE_SIZE]; typedef uint8_t n2n_desc_t[N2N_DESC_SIZE]; typedef char n2n_sock_str_t[N2N_SOCKBUF_SIZE]; /* tracing string buffer */ +#ifdef _MSC_VER +#include "getopt.h" + + /* Other Win environments are expected to support stdint.h */ + + /* stdint.h typedefs (C99) (not present in Visual Studio) */ +typedef unsigned int uint32_t; +typedef unsigned short uint16_t; +typedef unsigned char uint8_t; + +/* sys/types.h typedefs (not present in Visual Studio) */ +typedef unsigned int u_int32_t; +typedef unsigned short u_int16_t; +typedef unsigned char u_int8_t; + +typedef int ssize_t; + +typedef unsigned long in_addr_t; + +#include "n2n_win32.h" + +#endif /* #ifdef _MSC_VER */ + + + +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +#include +#endif + +#ifdef __OpenBSD__ +#include +#define __BYTE_ORDER BYTE_ORDER +#if BYTE_ORDER == LITTLE_ENDIAN +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#endif /* __LITTLE_ENDIAN__ */ +#else +#define __BIG_ENDIAN__ +#endif/* BYTE_ORDER */ +#endif/* __OPENBSD__ */ + + +#if __BYTE_ORDER == __LITTLE_ENDIAN +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#endif +#else +#ifndef __BIG_ENDIAN__ +#define __BIG_ENDIAN__ +#endif +#endif + +#ifdef WIN32 +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ 1 +#endif +#endif + +#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) +#if defined(__mips__) +#undef __LITTLE_ENDIAN__ +#undef __LITTLE_ENDIAN +#define __BIG_ENDIAN__ +#endif + +/* Everything else */ +#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) +#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif +#endif + +#endif + +/* *************************************** */ + +#ifdef __GNUC__ +#define PACK_STRUCT __attribute__((__packed__)) +#else +#define PACK_STRUCT +#endif + +#ifdef _MSC_VER +#pragma pack(push,1) +#endif + +#define ETH_ADDR_LEN 6 + +struct ether_hdr +{ + uint8_t dhost[ETH_ADDR_LEN]; + uint8_t shost[ETH_ADDR_LEN]; + uint16_t type; /* higher layer protocol encapsulated */ +} PACK_STRUCT; + +typedef struct ether_hdr ether_hdr_t; + + +struct n2n_iphdr { +#if defined(__LITTLE_ENDIAN__) + u_int8_t ihl:4, version:4; +#elif defined(__BIG_ENDIAN__) + u_int8_t version:4, ihl:4; +#else +# error "Byte order must be defined" +#endif + u_int8_t tos; + u_int16_t tot_len; + u_int16_t id; + u_int16_t frag_off; + u_int8_t ttl; + u_int8_t protocol; + u_int16_t check; + u_int32_t saddr; + u_int32_t daddr; +} PACK_STRUCT; + +struct n2n_tcphdr +{ + u_int16_t source; + u_int16_t dest; + u_int32_t seq; + u_int32_t ack_seq; +#if defined(__LITTLE_ENDIAN__) + u_int16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1; +#elif defined(__BIG_ENDIAN__) + u_int16_t doff:4, res1:4, cwr:1, ece:1, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1; +#else +# error "Byte order must be defined" +#endif + u_int16_t window; + u_int16_t check; + u_int16_t urg_ptr; +} PACK_STRUCT; + +struct n2n_udphdr +{ + u_int16_t source; + u_int16_t dest; + u_int16_t len; + u_int16_t check; +} PACK_STRUCT; + +#ifdef _MSC_VER +#pragma pack(pop) +#endif + + +typedef struct port_range{ + uint16_t start_port; // range contain 'start_port' self + uint16_t end_port; // range contain 'end_port' self +} port_range_t; + +typedef struct filter_rule_key +{ + in_addr_t src_net_cidr; + uint8_t src_net_bit_len; + port_range_t src_port_range; + in_addr_t dst_net_cidr; + uint8_t dst_net_bit_len; + port_range_t dst_port_range; + uint8_t bool_tcp_configured; + uint8_t bool_udp_configured; + uint8_t bool_icmp_configured; +} filter_rule_key_t; + +typedef struct filter_rule +{ + filter_rule_key_t key; + + uint8_t bool_accept_icmp; + uint8_t bool_accept_udp; + uint8_t bool_accept_tcp; + + UT_hash_handle hh; /* makes this structure hashable */ +} filter_rule_t; + + #ifndef WIN32 typedef struct tuntap_dev { int fd; @@ -306,6 +432,17 @@ typedef enum { /* *************************************************** */ +typedef struct network_traffic_filter +{ + n2n_verdict (*filter_packet_from_peer)(struct network_traffic_filter* filter, n2n_edge_t *eee, + const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size); + + n2n_verdict (*filter_packet_from_tap)(struct network_traffic_filter* filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size); + +} network_traffic_filter_t; + +/* *************************************************** */ + /* Callbacks allow external programs to attach functions in response to * N2N events. */ typedef struct n2n_edge_callbacks { @@ -329,60 +466,6 @@ typedef struct n2n_edge_callbacks { void (*main_loop_period)(n2n_edge_t *eee, time_t now); } n2n_edge_callbacks_t; -/* ***************************************************** */ -// network traffic filter - -typedef struct port_range{ - uint16_t start_port; // range contain 'start_port' self - uint16_t end_port; // range contain 'end_port' self -} port_range_t; - -typedef struct filter_rule_key -{ - in_addr_t src_net_cidr; - uint8_t src_net_bit_len; - port_range_t src_port_range; - in_addr_t dst_net_cidr; - uint8_t dst_net_bit_len; - port_range_t dst_port_range; - uint8_t bool_tcp_configured; - uint8_t bool_udp_configured; - uint8_t bool_icmp_configured; -} filter_rule_key_t; - -typedef struct filter_rule -{ - filter_rule_key_t key; - - uint8_t bool_accept_icmp; - uint8_t bool_accept_udp; - uint8_t bool_accept_tcp; - - UT_hash_handle hh; /* makes this structure hashable */ -} filter_rule_t; - -#ifdef FILTER_TRAFFIC -/* - * network traffic filter interface - */ -typedef struct network_traffic_filter -{ -/* A packet has been received from a peer. N2N_DROP can be returned to - * drop the packet. The packet payload can be modified. This only allows - * the packet size to be reduced */ - n2n_verdict (*filter_packet_from_peer)(struct network_traffic_filter* filter, n2n_edge_t *eee, - const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size); - -/* A packet has been received from the TAP interface. N2N_DROP can be - * returned to drop the packet. The packet payload can be modified. - * This only allows the packet size to be reduced */ - n2n_verdict (*filter_packet_from_tap)(struct network_traffic_filter* filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size); - -} network_traffic_filter_t; -#endif - -/* *************************************************** */ - typedef struct n2n_tuntap_priv_config { char tuntap_dev_name[N2N_IFNAMSIZ]; char ip_mode[N2N_IF_MODE_SIZE]; @@ -463,9 +546,7 @@ typedef struct n2n_edge_conf { int register_ttl; /**< TTL for registration packet when UDP NAT hole punching through supernode. */ int local_port; int mgmt_port; -#ifdef FILTER_TRAFFIC filter_rule_t *network_traffic_filter_rules; -#endif } n2n_edge_conf_t; @@ -520,12 +601,9 @@ struct n2n_edge { n2n_tuntap_priv_config_t tuntap_priv_conf; /**< Tuntap config */ -#ifdef FILTER_TRAFFIC network_traffic_filter_t *network_traffic_filter; -#endif }; - typedef struct sn_stats { size_t errors; /* Number of errors encountered. */ diff --git a/include/network_traffic_filter.h b/include/network_traffic_filter.h index 25682fc..7f2b7d3 100644 --- a/include/network_traffic_filter.h +++ b/include/network_traffic_filter.h @@ -23,24 +23,15 @@ #ifndef N2N_NETWORK_TRAFFIC_FILTER_H #define N2N_NETWORK_TRAFFIC_FILTER_H -#include "n2n.h" - -#ifdef FILTER_TRAFFIC -/* - * add feature to drop or accept specific packet transmit over edge network interface by rules. - * - * below structs and function used 'n2n_verdict' and other structs, so defined in 'n2n.h', to avoid header files circular dependency. - * port_range_t, filter_rule_key_t, filter_rule_t, network_traffic_filter_t - * uint8_t process_traffic_filter_rule_str(const char* rule_str, filter_rule_t* rule_struct); - */ - - +#include "n2n_typedefs.h" network_traffic_filter_t* create_network_traffic_filter(); void destroy_network_traffic_filter(network_traffic_filter_t* filter); void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_rule_t* rules); -#endif + +//rule_str format: src_ip/len:[b_port,e_port],dst_ip/len:[s_port,e_port],TCP+/-,UDP+/-,ICMP+/- +uint8_t process_traffic_filter_rule_str(const char* rule_str, filter_rule_t* rule_struct); #endif //N2N_NETWORK_TRAFFIC_FILTER_H diff --git a/src/edge.c b/src/edge.c index 99f8e8c..f0db3cb 100644 --- a/src/edge.c +++ b/src/edge.c @@ -145,9 +145,7 @@ static void help() { "[-D] " #endif "[-r] [-E] [-v] [-i ] [-L ] [-t ] [-A[]] [-H] [-z[]] " -#ifdef FILTER_TRAFFIC "[-R ] " -#endif "[-h]\n\n"); #if defined(N2N_CAN_NAME_IFACE) @@ -523,7 +521,6 @@ static int setOption(int optkey, char *optargument, n2n_tuntap_priv_config_t *ec setTraceLevel(getTraceLevel() + 1); break; -#ifdef FILTER_TRAFFIC case 'R': /* network traffic filter */ { filter_rule_t *new_rule = malloc(sizeof(filter_rule_t)); @@ -538,8 +535,6 @@ static int setOption(int optkey, char *optargument, n2n_tuntap_priv_config_t *ec } break; } -#endif - default: { traceEvent(TRACE_WARNING, "Unknown option -%c: Ignored", (char)optkey); diff --git a/src/edge_utils.c b/src/edge_utils.c index eb5ba12..bb40a74 100644 --- a/src/edge_utils.c +++ b/src/edge_utils.c @@ -16,8 +16,8 @@ * */ -#include "network_traffic_filter.h" #include "n2n.h" +#include "network_traffic_filter.h" #include "edge_utils_win32.h" /* heap allocation for compression as per lzo example doc */ @@ -272,11 +272,9 @@ n2n_edge_t* edge_init(const n2n_edge_conf_t *conf, int *rv) { goto edge_init_error; } -#ifdef FILTER_TRAFFIC - eee->network_traffic_filter = create_network_traffic_filter(); + eee->network_traffic_filter = create_network_traffic_filter(); network_traffic_filter_add_rule(eee->network_traffic_filter, eee->conf.network_traffic_filter_rules); -#endif - + //edge_init_success: *rv = 0; return(eee); @@ -1172,14 +1170,12 @@ static int handle_PACKET(n2n_edge_t * eee, } } -#ifdef FILTER_TRAFFIC if(eee->network_traffic_filter->filter_packet_from_peer( eee->network_traffic_filter, eee, orig_sender, eth_payload, eth_size ) == N2N_DROP){ traceEvent(TRACE_DEBUG, "Filtered packet %u", (unsigned int)eth_size); return(0); } -#endif - + if(eee->cb.packet_from_peer) { uint16_t tmp_eth_size = eth_size; if(eee->cb.packet_from_peer(eee, orig_sender, eth_payload, &tmp_eth_size) == N2N_DROP) { @@ -1755,7 +1751,6 @@ void edge_read_from_tap(n2n_edge_t * eee) { } else { -#ifdef FILTER_TRAFFIC if(eee->network_traffic_filter) { if( eee->network_traffic_filter->filter_packet_from_tap( eee->network_traffic_filter, eee, eth_pkt, len) == N2N_DROP){ @@ -1763,8 +1758,7 @@ void edge_read_from_tap(n2n_edge_t * eee) { return; } } -#endif - + if(eee->cb.packet_from_tap) { uint16_t tmp_len = len; if(eee->cb.packet_from_tap(eee, eth_pkt, &tmp_len) == N2N_DROP) { @@ -2335,10 +2329,8 @@ void edge_term(n2n_edge_t * eee) { edge_cleanup_routes(eee); -#ifdef FILTER_TRAFFIC destroy_network_traffic_filter(eee->network_traffic_filter); -#endif - + closeTraceFile(); free(eee); @@ -2838,7 +2830,6 @@ void edge_term_conf(n2n_edge_conf_t *conf) { if (conf->routes) free(conf->routes); if (conf->encrypt_key) free(conf->encrypt_key); -#ifdef FILTER_TRAFFIC if(conf->network_traffic_filter_rules) { filter_rule_t *el = 0, *tmp = 0; @@ -2848,7 +2839,6 @@ void edge_term_conf(n2n_edge_conf_t *conf) { free(el); } } -#endif } /* ************************************** */ diff --git a/src/network_traffic_filter.c b/src/network_traffic_filter.c index a3ce3e8..26dd3b4 100644 --- a/src/network_traffic_filter.c +++ b/src/network_traffic_filter.c @@ -16,13 +16,10 @@ * */ -#ifdef FILTER_TRAFFIC +#include "n2n.h" #include "network_traffic_filter.h" #include "uthash.h" -#include "netinet/tcp.h" -#include - // cache that hit less than 10 while 10000 package processed will be delete; #define CLEAR_CACHE_EVERY_X_COUNT 10000 #define CLAER_CACHE_ACTIVE_COUNT 10 @@ -92,14 +89,16 @@ const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info) void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *buffer, int size) { ether_hdr_t *hdr_ether = (ether_hdr_t*)buffer; uint16_t ether_type = ntohs(hdr_ether->type); - + struct n2n_iphdr *hdr_ip = NULL; + struct n2n_tcphdr *hdr_tcp = NULL; + struct n2n_udphdr *udp_hdr = NULL; memset(out_info, 0, sizeof(packet_address_proto_info_t)); - + switch (ether_type) { case 0x0800: { buffer += sizeof(ether_hdr_t); size -= sizeof(ether_hdr_t); if(size <= 0) return; - struct n2n_iphdr *hdr_ip = (struct n2n_iphdr*)buffer; + hdr_ip = (struct n2n_iphdr*)buffer; switch (hdr_ip->version) { @@ -118,7 +117,7 @@ void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *b { out_info->proto = FPP_TCP; buffer += hdr_ip->ihl * 4; size -= hdr_ip->ihl * 4; if(size <= 0) return; - struct n2n_tcphdr *hdr_tcp = (struct n2n_tcphdr*)buffer; + hdr_tcp = (struct n2n_tcphdr*)buffer; out_info->src_port = ntohs(hdr_tcp->source); out_info->dst_port = ntohs(hdr_tcp->dest); break; @@ -127,7 +126,7 @@ void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *b { out_info->proto = FPP_UDP; buffer += hdr_ip->ihl * 4; size -= hdr_ip->ihl * 4; if(size <= 0) return; - struct n2n_udphdr *udp_hdr = (struct n2n_udphdr*)buffer; + udp_hdr = (struct n2n_udphdr*)buffer; out_info->src_port = ntohs(udp_hdr->source); out_info->dst_port = ntohs(udp_hdr->dest); break; @@ -377,17 +376,17 @@ network_traffic_filter_t *create_network_traffic_filter() { void destroy_network_traffic_filter(network_traffic_filter_t *filter) { network_traffic_filter_impl_t *_filter = filter; filter_rule_t *el = 0, *tmp = 0; - filter_rule_pair_cache_t *el = 0, *tmp = 0; - + filter_rule_pair_cache_t* el1 = 0, * tmp1 = 0; + HASH_ITER(hh, _filter->rules, el, tmp) { HASH_DEL(_filter->rules, el); free(el); } - HASH_ITER(hh, _filter->connections_rule_cache, el, tmp) + HASH_ITER(hh, _filter->connections_rule_cache, el1, tmp1) { - HASH_DEL(_filter->connections_rule_cache, el); + HASH_DEL(_filter->connections_rule_cache, el1); free(el); } @@ -409,19 +408,12 @@ void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_ru in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_of_last_char) { char buf[16] = {0}; - struct in_addr addr; - if( next_pos_of_last_char - begin > 15 ) { traceEvent(TRACE_WARNING, "Internal Error"); return -1; } - - memcpy(buf, begin, next_pos_of_last_char - begin); - - if(1 == inet_aton(buf, &addr) ) - return addr.s_addr; - else - return -1; + memcpy(buf, begin, next_pos_of_last_char - begin); + return inet_addr(buf); } int get_int32_from_number_string(const char* begin, const char* next_pos_of_last_char) @@ -521,7 +513,7 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul } break; } - + case FPS_SRC_NET_BIT_LEN: { if( *cur_pos >= '0' && *cur_pos <= '9') @@ -547,7 +539,7 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul } break; } - + case FPS_SRC_PORT_SINGLE: { if( *cur_pos >= '0' && *cur_pos <= '9') @@ -564,7 +556,7 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul } break; } - + case FPS_SRC_PORT_RANGE: { if(*cur_pos == '[') @@ -762,5 +754,3 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul return 1; } - -#endif diff --git a/win32/n2n_win32.h b/win32/n2n_win32.h index 60b330f..f8b3a5a 100644 --- a/win32/n2n_win32.h +++ b/win32/n2n_win32.h @@ -28,26 +28,6 @@ #include "wintap.h" -#ifdef _MSC_VER -#include "getopt.h" - -/* Other Win environments are expected to support stdint.h */ - -/* stdint.h typedefs (C99) (not present in Visual Studio) */ -typedef unsigned int uint32_t; -typedef unsigned short uint16_t; -typedef unsigned char uint8_t; - -/* sys/types.h typedefs (not present in Visual Studio) */ -typedef unsigned int u_int32_t; -typedef unsigned short u_int16_t; -typedef unsigned char u_int8_t; - -typedef int ssize_t; -#endif /* #ifdef _MSC_VER */ - -typedef unsigned long in_addr_t; - #undef EAFNOSUPPORT #define EAFNOSUPPORT WSAEAFNOSUPPORT #define MAX(a,b) (a > b ? a : b) @@ -58,18 +38,6 @@ typedef unsigned long in_addr_t; #define socklen_t int -#define ETH_ADDR_LEN 6 -/* - * Structure of a 10Mb/s Ethernet header. - */ -struct ether_hdr -{ - uint8_t dhost[ETH_ADDR_LEN]; - uint8_t shost[ETH_ADDR_LEN]; - uint16_t type; /* higher layer protocol encapsulated */ -}; - -typedef struct ether_hdr ether_hdr_t; /* ************************************* */