diff options
| author | Haru <haru@dotalux.com> | 2015-08-10 21:48:48 +0200 |
|---|---|---|
| committer | Haru <haru@dotalux.com> | 2015-08-11 15:17:11 +0200 |
| commit | e13f1f782a9d8d25cc622d050644c7f29c1bfd5e (patch) | |
| tree | 34e7565fe11ead41519428143b3dc44b752b6e4b /src/common/socket.h | |
| parent | a8e54e5688bd3d7b8e9073274ff611040c3178ab (diff) | |
| download | hercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.tar.gz hercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.tar.bz2 hercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.tar.xz hercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.zip | |
subnet.conf overhaul
The subnet.conf system has been rewritten to offer greater flexibility,
and to fix some issues that appeared with 838321a36c79e71117320154c9b611c99e93af03.
It is now possible to enter, separately, LAN subnets:
- `lan_subnets`: This is essentially the same feature present in the old
subnet.conf. Each entry in this list defines a (LAN, private) subnet
the server is in. Clients connecting from the same subnet, will be
redirected to the LAN IP rather than the default public IP. The format
has been simplified, and it only requires one IP and one subnet mask (as
opposed to a character and a map server IP).
- `allowed`: Allowed IPs are IP ranges a server (char to login or map to
char) can connect from. Any attempt to connect as a server from an IP
not included here, will fail. For convenience, a wildcard range
(matching all possible IP addresses) has been provided
(`0.0.0.0:0.0.0.0`), but it is very advisable to edit it to a more
restrictive set.
- `trusted`: Trusted IPs are IP ranges excluded from the IPban checks.
This may be useful, for example, to exclude the server's own IP from
ipbans, in case of false positives. Any IP ranges added to this list are
also implicitly included in the allowed IP ranges.
Diffstat (limited to 'src/common/socket.h')
| -rw-r--r-- | src/common/socket.h | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/common/socket.h b/src/common/socket.h index bd5d9baa2..26b674d43 100644 --- a/src/common/socket.h +++ b/src/common/socket.h @@ -6,6 +6,7 @@ #define COMMON_SOCKET_H #include "common/cbasetypes.h" +#include "common/conf.h" #ifdef WIN32 # include "common/winapi.h" @@ -105,6 +106,12 @@ struct hSockOpt { unsigned int setTimeo : 1; }; +/// Subnet/IP range in the IP/Mask format. +struct s_subnet { + uint32 ip; + uint32 mask; +}; + /// Use a shortlist of sockets instead of iterating all sessions for sockets /// that have data to send or need eof handling. /// Adapted to use a static array instead of a linked list. @@ -132,6 +139,14 @@ struct socket_interface { /* */ uint32 addr_[16]; // ip addresses of local host (host byte order) int naddr_; // # of ip addresses + + struct s_subnet *lan_subnet; ///< LAN subnets array + int lan_subnet_count; ///< LAN subnets count + struct s_subnet *trusted_ip; ///< Trusted IP ranges array + int trusted_ip_count; ///< Trusted IP ranges count + struct s_subnet *allowed_ip; ///< Allowed server IP ranges array + int allowed_ip_count; ///< Allowed server IP ranges count + /* */ void (*init) (void); void (*final) (void); @@ -165,6 +180,12 @@ struct socket_interface { int (*getips) (uint32* ips, int max); /* */ void (*set_eof) (int fd); + + uint32 (*lan_subnet_check) (uint32 ip, struct s_subnet *info); + bool (*allowed_ip_check) (uint32 ip); + bool (*trusted_ip_check) (uint32 ip); + int (*net_config_read_sub) (config_setting_t *t, struct s_subnet **list, int *count, const char *filename, const char *groupname); + void (*net_config_read) (const char *filename); }; struct socket_interface *sockt; |