diff options
author | Andrei Karas <akaras@inbox.ru> | 2015-08-11 16:31:37 +0300 |
---|---|---|
committer | Andrei Karas <akaras@inbox.ru> | 2015-08-11 16:31:37 +0300 |
commit | 49211f9ea1ef985fd6c84cdf902b35dbb8d779a6 (patch) | |
tree | 34e7565fe11ead41519428143b3dc44b752b6e4b /src/common | |
parent | a8e54e5688bd3d7b8e9073274ff611040c3178ab (diff) | |
parent | e13f1f782a9d8d25cc622d050644c7f29c1bfd5e (diff) | |
download | hercules-49211f9ea1ef985fd6c84cdf902b35dbb8d779a6.tar.gz hercules-49211f9ea1ef985fd6c84cdf902b35dbb8d779a6.tar.bz2 hercules-49211f9ea1ef985fd6c84cdf902b35dbb8d779a6.tar.xz hercules-49211f9ea1ef985fd6c84cdf902b35dbb8d779a6.zip |
Merge pull request #633 from HerculesWS/subnet
subnet.conf overhaul
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/socket.c | 187 | ||||
-rw-r--r-- | src/common/socket.h | 21 |
2 files changed, 208 insertions, 0 deletions
diff --git a/src/common/socket.c b/src/common/socket.c index 17c31db50..830877044 100644 --- a/src/common/socket.c +++ b/src/common/socket.c @@ -14,6 +14,7 @@ #include "common/db.h" #include "common/malloc.h" #include "common/mmo.h" +#include "common/nullpo.h" #include "common/showmsg.h" #include "common/strlib.h" #include "common/timer.h" @@ -1228,6 +1229,21 @@ void socket_final(void) aFree(session[0]); aFree(session); + + if (sockt->lan_subnet) + aFree(sockt->lan_subnet); + sockt->lan_subnet = NULL; + sockt->lan_subnet_count = 0; + + if (sockt->allowed_ip) + aFree(sockt->allowed_ip); + sockt->allowed_ip = NULL; + sockt->allowed_ip_count = 0; + + if (sockt->trusted_ip) + aFree(sockt->trusted_ip); + sockt->trusted_ip = NULL; + sockt->trusted_ip_count = 0; } /// Closes a socket. @@ -1589,6 +1605,164 @@ void send_shortlist_do_sends() } #endif +/** + * Checks whether the given IP comes from LAN or WAN. + * + * @param[in] ip IP address to check. + * @param[out] info Verbose output, if requested. Filled with the matching entry. Ignored if NULL. + * @retval 0 if it is a WAN IP. + * @return the appropriate LAN server address to send, if it is a LAN IP. + */ +uint32 socket_lan_subnet_check(uint32 ip, struct s_subnet *info) +{ + int i; + ARR_FIND(0, sockt->lan_subnet_count, i, (sockt->lan_subnet[i].ip & sockt->lan_subnet[i].mask) == (ip & sockt->lan_subnet[i].mask)); + if (i < sockt->lan_subnet_count) { + if (info) { + info->ip = sockt->lan_subnet[i].ip; + info->mask = sockt->lan_subnet[i].mask; + } + return sockt->lan_subnet[i].ip; + } + if (info) { + info->ip = info->mask = 0; + } + return 0; +} + +/** + * Checks whether the given IP is allowed to connect as a server. + * + * @param ip IP address to check. + * @retval true if we allow server connections from the given IP. + * @retval false otherwise. + */ +bool socket_allowed_ip_check(uint32 ip) +{ + int i; + ARR_FIND(0, sockt->allowed_ip_count, i, (sockt->allowed_ip[i].ip & sockt->allowed_ip[i].mask) == (ip & sockt->allowed_ip[i].mask) ); + if (i < sockt->allowed_ip_count) + return true; + return sockt->trusted_ip_check(ip); // If an address is trusted, it's automatically also allowed. +} + +/** + * Checks whether the given IP is trusted and can skip ipban checks. + * + * @param ip IP address to check. + * @retval true if we trust the given IP. + * @retval false otherwise. + */ +bool socket_trusted_ip_check(uint32 ip) +{ + int i; + ARR_FIND(0, sockt->trusted_ip_count, i, (sockt->trusted_ip[i].ip & sockt->trusted_ip[i].mask) == (ip & sockt->trusted_ip[i].mask)); + if (i < sockt->trusted_ip_count) + return true; + return false; +} + +/** + * Helper function to read a list of network.conf values. + * + * Entries will be appended to the variable-size array pointed to by list/count. + * + * @param[in] t The list to parse. + * @param[in,out] list Pointer to the head of the output array to append to. Must not be NULL (but the array may be empty). + * @param[in,out] count Pointer to the counter of the output array to append to. Must not be NULL (but it may contain zero). + * @param[in] filename Current filename, for output/logging reasons. + * @param[in] groupname Current group name, for output/logging reasons. + * @return The amount of entries read, zero in case of errors. + */ +int socket_net_config_read_sub(config_setting_t *t, struct s_subnet **list, int *count, const char *filename, const char *groupname) +{ + int i, len; + char ipbuf[64], maskbuf[64]; + + nullpo_retr(0, list); + nullpo_retr(0, count); + + if (t == NULL) + return 0; + + len = libconfig->setting_length(t); + + for (i = 0; i < len; ++i) { + const char *subnet = libconfig->setting_get_string_elem(t, i); + struct s_subnet *l = NULL; + + if (sscanf(subnet, "%63[^:]:%63[^:]", ipbuf, maskbuf) != 2) { + ShowWarning("Invalid IP:Subnet entry in configuration file %s: '%s' (%s)\n", filename, subnet, groupname); + } + RECREATE(*list, struct s_subnet, *count + 1); + l = *list; + l[*count].ip = str2ip(ipbuf); + l[*count].mask = str2ip(maskbuf); + ++*count; + } + return *count; +} + +/** + * Reads the network configuration file. + * + * @param filename The filename to read from. + */ +void socket_net_config_read(const char *filename) +{ + config_t network_config; + int i; + nullpo_retv(filename); + + if (libconfig->read_file(&network_config, filename)) { + ShowError("LAN Support configuration file is not found: '%s'. This server won't be able to accept connections from any servers.\n", filename); + return; + } + + if (sockt->lan_subnet) { + aFree(sockt->lan_subnet); + sockt->lan_subnet = NULL; + } + sockt->lan_subnet_count = 0; + if (sockt->net_config_read_sub(libconfig->lookup(&network_config, "lan_subnets"), &sockt->lan_subnet, &sockt->lan_subnet_count, filename, "lan_subnets") > 0) + ShowStatus("Read information about %d LAN subnets.\n", sockt->lan_subnet_count); + + if (sockt->trusted_ip) { + aFree(sockt->trusted_ip); + sockt->trusted_ip = NULL; + } + sockt->trusted_ip_count = 0; + if (sockt->net_config_read_sub(libconfig->lookup(&network_config, "trusted"), &sockt->trusted_ip, &sockt->trusted_ip_count, filename, "trusted") > 0) + ShowStatus("Read information about %d trusted IP ranges.\n", sockt->trusted_ip_count); + for (i = 0; i < sockt->allowed_ip_count; ++i) { + if ((sockt->allowed_ip[i].ip & sockt->allowed_ip[i].mask) == 0) { + ShowError("Using a wildcard IP range in the trusted server IPs is NOT RECOMMENDED.\n"); + ShowNotice("Please edit your '%s' trusted list to fit your network configuration.\n", filename); + break; + } + } + + if (sockt->allowed_ip) { + aFree(sockt->allowed_ip); + sockt->allowed_ip = NULL; + } + sockt->allowed_ip_count = 0; + if (sockt->net_config_read_sub(libconfig->lookup(&network_config, "allowed"), &sockt->allowed_ip, &sockt->allowed_ip_count, filename, "allowed") > 0) + ShowStatus("Read information about %d allowed server IP ranges.\n", sockt->allowed_ip_count); + if (sockt->allowed_ip_count == 0) { + ShowError("No allowed server IP ranges configured. This server won't be able to accept connections from any char servers.\n"); + } + for (i = 0; i < sockt->allowed_ip_count; ++i) { + if ((sockt->allowed_ip[i].ip & sockt->allowed_ip[i].mask) == 0) { + ShowWarning("Using a wildcard IP range in the allowed server IPs is NOT RECOMMENDED.\n"); + ShowNotice("Please edit your '%s' allowed list to fit your network configuration.\n", filename); + break; + } + } + libconfig->destroy(&network_config); + return; +} + void socket_defaults(void) { sockt = &sockt_s; @@ -1600,6 +1774,13 @@ void socket_defaults(void) { memset(&sockt->addr_, 0, sizeof(sockt->addr_)); sockt->naddr_ = 0; /* */ + sockt->lan_subnet_count = 0; + sockt->lan_subnet = NULL; + sockt->allowed_ip_count = 0; + sockt->allowed_ip = NULL; + sockt->trusted_ip_count = 0; + sockt->trusted_ip = NULL; + sockt->init = socket_init; sockt->final = socket_final; /* */ @@ -1628,4 +1809,10 @@ void socket_defaults(void) { sockt->ntows = ntows; sockt->getips = socket_getips; sockt->set_eof = set_eof; + + sockt->lan_subnet_check = socket_lan_subnet_check; + sockt->allowed_ip_check = socket_allowed_ip_check; + sockt->trusted_ip_check = socket_trusted_ip_check; + sockt->net_config_read_sub = socket_net_config_read_sub; + sockt->net_config_read = socket_net_config_read; } diff --git a/src/common/socket.h b/src/common/socket.h index bd5d9baa2..26b674d43 100644 --- a/src/common/socket.h +++ b/src/common/socket.h @@ -6,6 +6,7 @@ #define COMMON_SOCKET_H #include "common/cbasetypes.h" +#include "common/conf.h" #ifdef WIN32 # include "common/winapi.h" @@ -105,6 +106,12 @@ struct hSockOpt { unsigned int setTimeo : 1; }; +/// Subnet/IP range in the IP/Mask format. +struct s_subnet { + uint32 ip; + uint32 mask; +}; + /// Use a shortlist of sockets instead of iterating all sessions for sockets /// that have data to send or need eof handling. /// Adapted to use a static array instead of a linked list. @@ -132,6 +139,14 @@ struct socket_interface { /* */ uint32 addr_[16]; // ip addresses of local host (host byte order) int naddr_; // # of ip addresses + + struct s_subnet *lan_subnet; ///< LAN subnets array + int lan_subnet_count; ///< LAN subnets count + struct s_subnet *trusted_ip; ///< Trusted IP ranges array + int trusted_ip_count; ///< Trusted IP ranges count + struct s_subnet *allowed_ip; ///< Allowed server IP ranges array + int allowed_ip_count; ///< Allowed server IP ranges count + /* */ void (*init) (void); void (*final) (void); @@ -165,6 +180,12 @@ struct socket_interface { int (*getips) (uint32* ips, int max); /* */ void (*set_eof) (int fd); + + uint32 (*lan_subnet_check) (uint32 ip, struct s_subnet *info); + bool (*allowed_ip_check) (uint32 ip); + bool (*trusted_ip_check) (uint32 ip); + int (*net_config_read_sub) (config_setting_t *t, struct s_subnet **list, int *count, const char *filename, const char *groupname); + void (*net_config_read) (const char *filename); }; struct socket_interface *sockt; |