enoch/n2n
1
0
Fork 0
mirror of https://github.com/ntop/n2n.git synced 2024-09-20 00:51:10 +02:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

freed reg exp on exit, counted reg exp, warned on empty community list file, returned early from packet handling on non-matching reg exp

Browse Source
This commit is contained in:
Logan007 2020-08-08 14:51:05 +05:45
parent 8ac86635e1
commit dece8d787e
2 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/sn.c
View File

@ -30,8 +30,9 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) {
char buffer[4096], *line; char buffer[4096], *line;
FILE *fd = fopen(path, "r"); FILE *fd = fopen(path, "r");
struct sn_community *s, *tmp; struct sn_community *s, *tmp;
struct sn_community_regular_expression *re, *tmp_re;
uint32_t num_communities = 0; uint32_t num_communities = 0;
struct sn_community_regular_expression *re, *tmp_re;
uint32_t num_regex = 0;
if(fd == NULL) { if(fd == NULL) {
traceEvent(TRACE_WARNING, "File %s not found", path); traceEvent(TRACE_WARNING, "File %s not found", path);
@ -72,6 +73,7 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) {
if (re) { if (re) {
re->rule = re_compile(line); re->rule = re_compile(line);
HASH_ADD_PTR(sss->rules, rule, re); HASH_ADD_PTR(sss->rules, rule, re);
num_regex++;
traceEvent(TRACE_INFO, "Added regular expression for allowed communities '%s'", line); traceEvent(TRACE_INFO, "Added regular expression for allowed communities '%s'", line);
continue; continue;
} }
@ -98,9 +100,18 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) {
fclose(fd); fclose(fd);
if (num_regex>0 || num_communities>0 )
{
traceEvent(TRACE_WARNING, "File %s does not contain any valid community names or regular expressions", path);
return -1;
}
traceEvent(TRACE_NORMAL, "Loaded %u fixed-name communities from %s", traceEvent(TRACE_NORMAL, "Loaded %u fixed-name communities from %s",
num_communities, path); num_communities, path);
traceEvent(TRACE_NORMAL, "Loaded %u regular expressions for community name matching from %s",
num_regex, path);
/* No new communities will be allowed */ /* No new communities will be allowed */
sss->lock_communities = 1; sss->lock_communities = 1;

13
src/sn_utils.c
View File

@ -228,6 +228,7 @@ int sn_init(n2n_sn_t *sss)
void sn_term(n2n_sn_t *sss) void sn_term(n2n_sn_t *sss)
{ {
struct sn_community *community, *tmp; struct sn_community *community, *tmp;
struct sn_community_regular_expression *re, *tmp_re;
if (sss->sock >= 0) if (sss->sock >= 0)
{ {
@ -249,6 +250,11 @@ void sn_term(n2n_sn_t *sss)
HASH_DEL(sss->communities, community); HASH_DEL(sss->communities, community);
free(community); free(community);
} }
HASH_ITER(hh, sss->rules, re, tmp_re) {
HASH_DEL(sss->rules, re);
free(re);
}
} }
/** Determine the appropriate lifetime for new registrations. /** Determine the appropriate lifetime for new registrations.
@ -816,7 +822,7 @@ static int process_udp(n2n_sn_t * sss,
existance (better from the security standpoint) existance (better from the security standpoint)
*/ */
if (!comm && sss->lock_communities) { if(!comm && sss->lock_communities) {
HASH_ITER(hh, sss->rules, re, tmp_re) { HASH_ITER(hh, sss->rules, re, tmp_re) {
allowed_match = re_matchp(re->rule, cmn.community, &match_length); allowed_match = re_matchp(re->rule, cmn.community, &match_length);
@ -828,6 +834,11 @@ static int process_udp(n2n_sn_t * sss,
} }
} }
} }
if(match != 1) {
traceEvent(TRACE_INFO, "Discarded registration: unallowed community '%s'",
(char*)cmn.community);
return -1;
}
if(!comm && (!sss->lock_communities || (match == 1))) { if(!comm && (!sss->lock_communities || (match == 1))) {
comm = calloc(1, sizeof(struct sn_community)); comm = calloc(1, sizeof(struct sn_community));