diff options
Diffstat (limited to 'main/firewall.c')
| -rw-r--r-- | main/firewall.c | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/main/firewall.c b/main/firewall.c index 8d535b4..ae0eda7 100644 --- a/main/firewall.c +++ b/main/firewall.c | |||
| @@ -7,12 +7,16 @@ | |||
| 7 | #include "lwip/etharp.h" | 7 | #include "lwip/etharp.h" |
| 8 | #include "lwip/netif.h" | 8 | #include "lwip/netif.h" |
| 9 | #include "lwip/prot/ip4.h" | 9 | #include "lwip/prot/ip4.h" |
| 10 | #include "lwip/prot/tcp.h" | ||
| 11 | #include "lwip/prot/ip.h" | ||
| 10 | #include <string.h> | 12 | #include <string.h> |
| 11 | 13 | ||
| 12 | #define MAX_CLIENTS 10 | 14 | #define MAX_CLIENTS 10 |
| 13 | 15 | ||
| 14 | static const char *TAG = "firewall"; | 16 | static const char *TAG = "firewall"; |
| 15 | static esp_ip4_addr_t s_ap_ip; | 17 | static esp_ip4_addr_t s_ap_ip; |
| 18 | static uint16_t s_mining_port = 3333; | ||
| 19 | static bool s_sandbox_mint_access = false; | ||
| 16 | 20 | ||
| 17 | typedef struct { | 21 | typedef struct { |
| 18 | uint32_t ip; | 22 | uint32_t ip; |
| @@ -66,6 +70,46 @@ esp_err_t firewall_init(esp_ip4_addr_t ap_ip) | |||
| 66 | return ESP_OK; | 70 | return ESP_OK; |
| 67 | } | 71 | } |
| 68 | 72 | ||
| 73 | void firewall_set_mining_port(uint16_t port) | ||
| 74 | { | ||
| 75 | s_mining_port = port; | ||
| 76 | } | ||
| 77 | |||
| 78 | void firewall_set_sandbox_mint_access(bool enabled) | ||
| 79 | { | ||
| 80 | s_sandbox_mint_access = enabled; | ||
| 81 | } | ||
| 82 | |||
| 83 | static bool is_sandbox_allowed(struct pbuf *p) | ||
| 84 | { | ||
| 85 | if (p->len < IP_HLEN) return false; | ||
| 86 | struct ip_hdr *iphdr = (struct ip_hdr *)p->payload; | ||
| 87 | uint32_t dest_ip_h = lwip_ntohl(iphdr->dest.addr); | ||
| 88 | uint32_t ap_ip_h = lwip_ntohl(s_ap_ip.addr); | ||
| 89 | |||
| 90 | if (dest_ip_h == ap_ip_h) { | ||
| 91 | if (iphdr->_proto == IP_PROTO_TCP) { | ||
| 92 | uint16_t dst_port = 0; | ||
| 93 | if (p->len >= IP_HLEN + TCP_HLEN) { | ||
| 94 | struct tcp_hdr *tcphdr = (struct tcp_hdr *)((uint8_t *)p->payload + IP_HLEN); | ||
| 95 | dst_port = lwip_ntohs(tcphdr->dest); | ||
| 96 | } | ||
| 97 | if (dst_port == 80 || dst_port == 2121 || dst_port == s_mining_port) { | ||
| 98 | return true; | ||
| 99 | } | ||
| 100 | } | ||
| 101 | if (iphdr->_proto == IP_PROTO_UDP) { | ||
| 102 | return true; | ||
| 103 | } | ||
| 104 | } | ||
| 105 | |||
| 106 | if (s_sandbox_mint_access && iphdr->_proto == IP_PROTO_TCP) { | ||
| 107 | return true; | ||
| 108 | } | ||
| 109 | |||
| 110 | return false; | ||
| 111 | } | ||
| 112 | |||
| 69 | int tollgate_ip4_canforward_filter(struct pbuf *p, u32_t dest_addr_hostorder) | 113 | int tollgate_ip4_canforward_filter(struct pbuf *p, u32_t dest_addr_hostorder) |
| 70 | { | 114 | { |
| 71 | (void)dest_addr_hostorder; | 115 | (void)dest_addr_hostorder; |
| @@ -79,6 +123,9 @@ int tollgate_ip4_canforward_filter(struct pbuf *p, u32_t dest_addr_hostorder) | |||
| 79 | if (firewall_is_client_allowed(iphdr->src.addr)) { | 123 | if (firewall_is_client_allowed(iphdr->src.addr)) { |
| 80 | return 1; | 124 | return 1; |
| 81 | } | 125 | } |
| 126 | if (is_sandbox_allowed(p)) { | ||
| 127 | return 1; | ||
| 128 | } | ||
| 82 | return 0; | 129 | return 0; |
| 83 | } | 130 | } |
| 84 | 131 | ||