From 82f1fc0d5535eda3fc9eab799d81b3e220dbe4ef Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 20 May 2026 02:10:01 +0530 Subject: feat: add tollgate_core component + market config wiring - Add tollgate_core ESP-IDF component (skeleton: cashu, dns, firewall, session) - Add tollgate_platform.c with SPIFFS config backend - Wire market_enabled, market_scan_interval_s, client_auto_switch in config.c - Add lwip_tollgate_hooks.h (updated from feature branch) - Add E2E fix plan, tollgate_core design doc, WPA autodetect plan - Add integration test network helpers - Add CONSOLIDATION.md plan Reverts the broken merge (be4788b) that gutted config.c/tollgate_main.c/tollgate_api.c and replaces it with a clean addition on top of intact master. --- components/tollgate_core/src/tollgate_core.c | 236 +++++++++++++++ components/tollgate_core/src/tollgate_core_cashu.c | 262 +++++++++++++++++ components/tollgate_core/src/tollgate_core_cashu.h | 42 +++ components/tollgate_core/src/tollgate_core_dns.c | 316 +++++++++++++++++++++ components/tollgate_core/src/tollgate_core_dns.h | 13 + .../tollgate_core/src/tollgate_core_firewall.c | 165 +++++++++++ .../tollgate_core/src/tollgate_core_firewall.h | 25 ++ .../tollgate_core/src/tollgate_core_session.c | 200 +++++++++++++ .../tollgate_core/src/tollgate_core_session.h | 47 +++ 9 files changed, 1306 insertions(+) create mode 100644 components/tollgate_core/src/tollgate_core.c create mode 100644 components/tollgate_core/src/tollgate_core_cashu.c create mode 100644 components/tollgate_core/src/tollgate_core_cashu.h create mode 100644 components/tollgate_core/src/tollgate_core_dns.c create mode 100644 components/tollgate_core/src/tollgate_core_dns.h create mode 100644 components/tollgate_core/src/tollgate_core_firewall.c create mode 100644 components/tollgate_core/src/tollgate_core_firewall.h create mode 100644 components/tollgate_core/src/tollgate_core_session.c create mode 100644 components/tollgate_core/src/tollgate_core_session.h (limited to 'components/tollgate_core/src') diff --git a/components/tollgate_core/src/tollgate_core.c b/components/tollgate_core/src/tollgate_core.c new file mode 100644 index 0000000..a731f48 --- /dev/null +++ b/components/tollgate_core/src/tollgate_core.c @@ -0,0 +1,236 @@ +#include "tollgate_core.h" +#include "tollgate_core_cashu.h" +#include "tollgate_core_dns.h" +#include "tollgate_core_firewall.h" +#include "tollgate_core_session.h" +#include "esp_log.h" +#include "cJSON.h" +#include + +static const char *TAG = "tg_core"; + +static const tollgate_platform_t *s_platform; +static esp_ip4_addr_t s_ap_ip; + +static uint32_t s_owner_ip; +static uint8_t s_owner_mac[6]; +static bool s_owner_connected; + +esp_err_t tollgate_core_init(const tollgate_platform_t *platform, esp_ip4_addr_t ap_ip) +{ + if (!platform) { + ESP_LOGE(TAG, "Platform callbacks required"); + return ESP_FAIL; + } + + s_platform = platform; + s_ap_ip = ap_ip; + s_owner_connected = false; + memset(s_owner_mac, 0, sizeof(s_owner_mac)); + + if (!platform->spend_proofs) { + ESP_LOGW(TAG, "spend_proofs is NULL — double-spend window open until wallet integrated"); + } + + tollgate_core_session_set_platform(platform); + tollgate_core_session_init(); + tollgate_core_fw_init(ap_ip); + + ESP_LOGI(TAG, "TollGate core initialized, AP IP=" IPSTR, IP2STR(&ap_ip)); + return ESP_OK; +} + +esp_err_t tollgate_core_dns_start(esp_ip4_addr_t upstream_dns) +{ + return tollgate_core_dns_start_internal(s_ap_ip, upstream_dns); +} + +esp_err_t tollgate_core_process_payment(uint32_t client_ip, const char *token_str) +{ + if (!s_platform || !token_str) return ESP_FAIL; + + const char *accepted_mint = s_platform->get_mint_url ? s_platform->get_mint_url() : NULL; + if (!accepted_mint || accepted_mint[0] == '\0') { + ESP_LOGE(TAG, "No mint URL configured"); + return ESP_FAIL; + } + + tg_cashu_token_t token; + esp_err_t ret = tollgate_core_cashu_decode_token(token_str, &token); + if (ret != ESP_OK) { + ESP_LOGE(TAG, "Token decode failed"); + return ESP_FAIL; + } + + if (!tollgate_core_cashu_is_mint_accepted(token.mint_url, accepted_mint)) { + ESP_LOGE(TAG, "Token mint '%s' not accepted (expected '%s')", token.mint_url, accepted_mint); + return ESP_FAIL; + } + + tg_cashu_proof_state_t states[TG_CASHU_MAX_PROOFS]; + int state_count = 0; + ret = tollgate_core_cashu_check_proof_states(token.mint_url, &token, states, &state_count); + if (ret != ESP_OK) { + ESP_LOGE(TAG, "Proof state check failed"); + return ESP_FAIL; + } + + for (int i = 0; i < state_count; i++) { + if (states[i].spent) { + ESP_LOGE(TAG, "Proof %d is SPENT — rejecting", i); + return ESP_FAIL; + } + } + + if (s_platform->spend_proofs) { + if (!s_platform->spend_proofs(token_str)) { + ESP_LOGE(TAG, "spend_proofs rejected the token"); + return ESP_FAIL; + } + } + + const char *metric = s_platform->get_metric ? s_platform->get_metric() : "milliseconds"; + uint64_t price = s_platform->get_price_sats ? s_platform->get_price_sats() : 21; + uint64_t step_size; + + if (strcmp(metric, "bytes") == 0) { + step_size = s_platform->get_step_bytes ? (uint64_t)s_platform->get_step_bytes() : 22020096; + } else { + step_size = s_platform->get_step_ms ? (uint64_t)s_platform->get_step_ms() : 60000; + } + + uint64_t allotment = tollgate_core_cashu_calculate_allotment(token.total_amount, price, step_size); + if (allotment == 0) { + ESP_LOGE(TAG, "Token amount %llu too small for price %llu", + (unsigned long long)token.total_amount, (unsigned long long)price); + return ESP_FAIL; + } + + if (strcmp(metric, "bytes") == 0) { + if (!tollgate_core_session_create_bytes(client_ip, allotment)) { + return ESP_FAIL; + } + } else { + if (!tollgate_core_session_create(client_ip, allotment)) { + return ESP_FAIL; + } + } + + ESP_LOGI(TAG, "Payment processed: %llu sats → %llu %s allotment for client", + (unsigned long long)token.total_amount, (unsigned long long)allotment, metric); + return ESP_OK; +} + +void tollgate_core_client_connected(const uint8_t *mac, uint32_t client_ip) +{ + if (!s_owner_connected) { + s_owner_connected = true; + s_owner_ip = client_ip; + if (mac) memcpy(s_owner_mac, mac, 6); + + esp_ip4_addr_t ip = { .addr = client_ip }; + ESP_LOGI(TAG, "First client = owner: " IPSTR, IP2STR(&ip)); + return; + } + + ESP_LOGI(TAG, "Client connected (non-owner): " IPSTR, IP2STR(&(esp_ip4_addr_t){.addr=client_ip})); +} + +void tollgate_core_client_disconnected(const uint8_t *mac) +{ + if (!s_owner_connected) return; + + if (mac && memcmp(s_owner_mac, mac, 6) == 0) { + ESP_LOGI(TAG, "Owner disconnected — reassigning"); + s_owner_connected = false; + memset(s_owner_mac, 0, sizeof(s_owner_mac)); + + int fw_count = tollgate_core_fw_client_count(); + if (fw_count > 0) { + tg_session_t *sessions = tollgate_core_session_get_array(); + for (int i = 0; i < tollgate_core_session_get_array_size(); i++) { + if (sessions[i].active && sessions[i].mac[0] != '\0') { + if (memcmp(sessions[i].mac, mac, 6) != 0) { + s_owner_connected = true; + s_owner_ip = sessions[i].client_ip; + ESP_LOGI(TAG, "New owner: " IPSTR, IP2STR(&(esp_ip4_addr_t){.addr=s_owner_ip})); + break; + } + } + } + } + return; + } + + ESP_LOGI(TAG, "Client disconnected"); +} + +void tollgate_core_tick(void) +{ + tollgate_core_session_tick(); +} + +bool tollgate_core_is_client_allowed(uint32_t client_ip) +{ + return tollgate_core_fw_is_allowed(client_ip); +} + +bool tollgate_core_is_dns_running(void) +{ + return tollgate_core_dns_is_running(); +} + +char *tollgate_core_get_status_json(void) +{ + cJSON *root = cJSON_CreateObject(); + cJSON_AddBoolToObject(root, "ownerConnected", s_owner_connected); + cJSON_AddNumberToObject(root, "activeSessions", tollgate_core_session_active_count()); + cJSON_AddNumberToObject(root, "allowedClients", tollgate_core_fw_client_count()); + cJSON_AddBoolToObject(root, "dnsRunning", tollgate_core_dns_is_running()); + + char *json = cJSON_PrintUnformatted(root); + cJSON_Delete(root); + return json; +} + +char *tollgate_core_get_config_json(void) +{ + cJSON *root = cJSON_CreateObject(); + + if (s_platform) { + if (s_platform->get_price_sats) + cJSON_AddNumberToObject(root, "priceSats", s_platform->get_price_sats()); + if (s_platform->get_step_ms) + cJSON_AddNumberToObject(root, "stepMs", s_platform->get_step_ms()); + if (s_platform->get_mint_url) + cJSON_AddStringToObject(root, "mintUrl", s_platform->get_mint_url()); + if (s_platform->get_metric) + cJSON_AddStringToObject(root, "metric", s_platform->get_metric()); + if (s_platform->get_step_bytes) + cJSON_AddNumberToObject(root, "stepBytes", s_platform->get_step_bytes()); + } + + char *json = cJSON_PrintUnformatted(root); + cJSON_Delete(root); + return json; +} + +int tollgate_core_active_session_count(void) +{ + return tollgate_core_session_active_count(); +} + +int tollgate_core_allowed_client_count(void) +{ + return tollgate_core_fw_client_count(); +} + +bool tollgate_core_is_owner(uint32_t client_ip) +{ + return s_owner_connected && s_owner_ip == client_ip; +} + +bool tollgate_core_is_owner_connected(void) +{ + return s_owner_connected; +} diff --git a/components/tollgate_core/src/tollgate_core_cashu.c b/components/tollgate_core/src/tollgate_core_cashu.c new file mode 100644 index 0000000..cf2bf5d --- /dev/null +++ b/components/tollgate_core/src/tollgate_core_cashu.c @@ -0,0 +1,262 @@ +#include "tollgate_core_cashu.h" +#include "esp_log.h" +#include "esp_http_client.h" +#include "cJSON.h" +#include "mbedtls/base64.h" +#include "mbedtls/sha256.h" +#include "esp_crt_bundle.h" + +static const char *TAG = "tg_core_cashu"; + +static const char V3_PREFIX[] = "cashuA"; +static const size_t V3_PREFIX_LEN = 6; + +static int b64url_decode(const char *input, size_t input_len, char *out, size_t out_size, size_t *out_len) +{ + char *b64 = malloc(input_len + 4); + if (!b64) return -1; + size_t b64_len = input_len; + memcpy(b64, input, b64_len); + b64[b64_len] = '\0'; + + for (size_t i = 0; i < b64_len; i++) { + if (b64[i] == '-') b64[i] = '+'; + else if (b64[i] == '_') b64[i] = '/'; + } + while (b64_len % 4 != 0) { + b64[b64_len++] = '='; + } + b64[b64_len] = '\0'; + + size_t olen = 0; + int ret = mbedtls_base64_decode((unsigned char *)out, out_size, &olen, + (const unsigned char *)b64, b64_len); + free(b64); + if (ret != 0) return -1; + *out_len = olen; + return 0; +} + +static esp_err_t parse_proofs_array(cJSON *arr, tg_cashu_token_t *out) +{ + if (!cJSON_IsArray(arr)) return ESP_FAIL; + int count = cJSON_GetArraySize(arr); + if (count > TG_CASHU_MAX_PROOFS) return ESP_FAIL; + + out->proof_count = 0; + out->total_amount = 0; + for (int i = 0; i < count; i++) { + cJSON *proof = cJSON_GetArrayItem(arr, i); + cJSON *amt = cJSON_GetObjectItemCaseSensitive(proof, "amount"); + cJSON *id = cJSON_GetObjectItemCaseSensitive(proof, "id"); + cJSON *secret = cJSON_GetObjectItemCaseSensitive(proof, "secret"); + cJSON *c = cJSON_GetObjectItemCaseSensitive(proof, "C"); + + if (!amt || !cJSON_IsNumber(amt)) return ESP_FAIL; + + out->proofs[i].amount = (uint64_t)amt->valuedouble; + out->total_amount += out->proofs[i].amount; + + if (id && cJSON_IsString(id)) { + strncpy(out->proofs[i].id, id->valuestring, sizeof(out->proofs[i].id) - 1); + } + if (secret && cJSON_IsString(secret)) { + strncpy(out->proofs[i].secret, secret->valuestring, sizeof(out->proofs[i].secret) - 1); + } + if (c && cJSON_IsString(c)) { + strncpy(out->proofs[i].c, c->valuestring, sizeof(out->proofs[i].c) - 1); + } + out->proof_count++; + } + return ESP_OK; +} + +esp_err_t tollgate_core_cashu_decode_token(const char *token_str, tg_cashu_token_t *out) +{ + if (!token_str || !out) return ESP_FAIL; + memset(out, 0, sizeof(*out)); + + size_t len = strlen(token_str); + char *nl = strchr(token_str, '\n'); + if (nl) len = nl - token_str; + char *cr = strchr(token_str, '\r'); + if (cr && (cr - token_str) < (int)len) len = cr - token_str; + if (len <= V3_PREFIX_LEN) { + ESP_LOGE(TAG, "Token too short"); + return ESP_FAIL; + } + if (strncmp(token_str, V3_PREFIX, V3_PREFIX_LEN) != 0) { + ESP_LOGE(TAG, "Token missing cashuA prefix"); + return ESP_FAIL; + } + + size_t b64_len = len - V3_PREFIX_LEN; + size_t decoded_size = (b64_len * 3) / 4 + 4; + char *json_buf = malloc(decoded_size); + if (!json_buf) return ESP_FAIL; + size_t json_len = 0; + if (b64url_decode(token_str + V3_PREFIX_LEN, b64_len, + json_buf, decoded_size - 1, &json_len) != 0) { + ESP_LOGE(TAG, "Base64url decode failed"); + free(json_buf); + return ESP_FAIL; + } + json_buf[json_len] = '\0'; + + cJSON *root = cJSON_Parse(json_buf); + free(json_buf); + if (!root) { + ESP_LOGE(TAG, "JSON parse failed"); + return ESP_FAIL; + } + + cJSON *token_arr = cJSON_GetObjectItemCaseSensitive(root, "token"); + if (token_arr && cJSON_IsArray(token_arr)) { + cJSON *first = cJSON_GetArrayItem(token_arr, 0); + if (!first) { cJSON_Delete(root); return ESP_FAIL; } + + cJSON *mint = cJSON_GetObjectItemCaseSensitive(first, "mint"); + if (mint && cJSON_IsString(mint)) { + strncpy(out->mint_url, mint->valuestring, sizeof(out->mint_url) - 1); + } + + cJSON *proofs = cJSON_GetObjectItemCaseSensitive(first, "proofs"); + if (proofs) { + esp_err_t ret = parse_proofs_array(proofs, out); + if (ret != ESP_OK) { cJSON_Delete(root); return ret; } + } + } else { + cJSON *mint = cJSON_GetObjectItemCaseSensitive(root, "mint"); + if (mint && cJSON_IsString(mint)) { + strncpy(out->mint_url, mint->valuestring, sizeof(out->mint_url) - 1); + } + + cJSON *proofs = cJSON_GetObjectItemCaseSensitive(root, "proofs"); + if (proofs) { + esp_err_t ret = parse_proofs_array(proofs, out); + if (ret != ESP_OK) { cJSON_Delete(root); return ret; } + } + } + + cJSON_Delete(root); + + if (out->proof_count == 0) { + ESP_LOGE(TAG, "No proofs in token"); + return ESP_FAIL; + } + + ESP_LOGI(TAG, "Decoded token: %d proofs, total=%llu, mint=%s", + out->proof_count, (unsigned long long)out->total_amount, out->mint_url); + return ESP_OK; +} + +static void sha256_hex(const char *data, size_t data_len, char *hex_out) +{ + uint8_t hash[32]; + mbedtls_sha256((const unsigned char *)data, data_len, hash, 0); + for (int i = 0; i < 32; i++) { + sprintf(hex_out + i * 2, "%02x", hash[i]); + } + hex_out[64] = '\0'; +} + +esp_err_t tollgate_core_cashu_check_proof_states(const char *mint_url, const tg_cashu_token_t *token, + tg_cashu_proof_state_t *states, int *state_count) +{ + cJSON *ys_arr = cJSON_CreateArray(); + for (int i = 0; i < token->proof_count; i++) { + char y_hex[65]; + sha256_hex(token->proofs[i].secret, strlen(token->proofs[i].secret), y_hex); + cJSON_AddItemToArray(ys_arr, cJSON_CreateString(y_hex)); + strncpy(states[i].y_hex, y_hex, sizeof(states[i].y_hex) - 1); + states[i].spent = false; + } + *state_count = token->proof_count; + + char *ys_json = cJSON_PrintUnformatted(ys_arr); + cJSON_Delete(ys_arr); + + char *post_body = malloc(4096); + if (!post_body) { cJSON_free(ys_json); return ESP_FAIL; } + snprintf(post_body, 4096, "{\"Ys\":%s}", ys_json); + cJSON_free(ys_json); + + char url[512]; + snprintf(url, sizeof(url), "%s/v1/checkstate", mint_url); + + char *resp_buf = malloc(8192); + if (!resp_buf) { free(post_body); return ESP_FAIL; } + + esp_http_client_config_t config = { + .url = url, + .method = HTTP_METHOD_POST, + .timeout_ms = 15000, + .crt_bundle_attach = esp_crt_bundle_attach, + }; + esp_http_client_handle_t client = esp_http_client_init(&config); + if (!client) { free(post_body); free(resp_buf); return ESP_FAIL; } + + esp_http_client_set_header(client, "Content-Type", "application/json"); + esp_err_t err = esp_http_client_open(client, strlen(post_body)); + if (err != ESP_OK) { + ESP_LOGE(TAG, "checkstate open failed: %s", esp_err_to_name(err)); + esp_http_client_cleanup(client); + free(post_body); + free(resp_buf); + return ESP_FAIL; + } + int written = esp_http_client_write(client, post_body, strlen(post_body)); + free(post_body); + ESP_LOGI(TAG, "checkstate written %d bytes", written); + + int content_length = esp_http_client_fetch_headers(client); + int status = esp_http_client_get_status_code(client); + ESP_LOGI(TAG, "checkstate headers: status=%d, content_length=%d", status, content_length); + + int resp_len = esp_http_client_read(client, resp_buf, 8191); + ESP_LOGI(TAG, "checkstate read: resp_len=%d", resp_len); + esp_http_client_cleanup(client); + + if (status != 200 || resp_len <= 0) { + ESP_LOGE(TAG, "checkstate failed: status=%d, resp_len=%d", status, resp_len); + free(resp_buf); + return ESP_FAIL; + } + resp_buf[resp_len] = '\0'; + + cJSON *root_resp = cJSON_Parse(resp_buf); + free(resp_buf); + if (!root_resp) return ESP_FAIL; + + cJSON *states_arr = cJSON_GetObjectItemCaseSensitive(root_resp, "states"); + if (!states_arr || !cJSON_IsArray(states_arr)) { + cJSON_Delete(root_resp); + return ESP_FAIL; + } + + int n = cJSON_GetArraySize(states_arr); + for (int i = 0; i < n && i < token->proof_count; i++) { + cJSON *s = cJSON_GetArrayItem(states_arr, i); + cJSON *state = cJSON_GetObjectItemCaseSensitive(s, "state"); + if (state && cJSON_IsString(state)) { + states[i].spent = (strcmp(state->valuestring, "SPENT") == 0); + } + } + + cJSON_Delete(root_resp); + return ESP_OK; +} + +uint64_t tollgate_core_cashu_calculate_allotment(uint64_t token_amount, uint64_t price_per_step, + uint64_t step_size) +{ + if (price_per_step == 0) return 0; + return (token_amount / price_per_step) * step_size; +} + +bool tollgate_core_cashu_is_mint_accepted(const char *mint_url, const char *accepted_mint_url) +{ + if (!mint_url || mint_url[0] == '\0') return false; + if (!accepted_mint_url || accepted_mint_url[0] == '\0') return false; + return (strcmp(mint_url, accepted_mint_url) == 0); +} diff --git a/components/tollgate_core/src/tollgate_core_cashu.h b/components/tollgate_core/src/tollgate_core_cashu.h new file mode 100644 index 0000000..70d2a02 --- /dev/null +++ b/components/tollgate_core/src/tollgate_core_cashu.h @@ -0,0 +1,42 @@ +#ifndef TOLLGATE_CORE_CASHU_H +#define TOLLGATE_CORE_CASHU_H + +#include "esp_err.h" +#include +#include + +#define TG_CASHU_MAX_PROOFS 10 +#define TG_CASHU_MAX_SECRET_LEN 128 +#define TG_CASHU_MAX_ID_LEN 68 +#define TG_CASHU_MAX_C_LEN 128 + +typedef struct { + uint64_t amount; + char id[TG_CASHU_MAX_ID_LEN]; + char secret[TG_CASHU_MAX_SECRET_LEN]; + char c[TG_CASHU_MAX_C_LEN]; +} tg_cashu_proof_t; + +typedef struct { + tg_cashu_proof_t proofs[TG_CASHU_MAX_PROOFS]; + int proof_count; + char mint_url[256]; + uint64_t total_amount; +} tg_cashu_token_t; + +typedef struct { + char y_hex[65]; + bool spent; +} tg_cashu_proof_state_t; + +esp_err_t tollgate_core_cashu_decode_token(const char *token_str, tg_cashu_token_t *out); + +esp_err_t tollgate_core_cashu_check_proof_states(const char *mint_url, const tg_cashu_token_t *token, + tg_cashu_proof_state_t *states, int *state_count); + +uint64_t tollgate_core_cashu_calculate_allotment(uint64_t token_amount, uint64_t price_per_step, + uint64_t step_size); + +bool tollgate_core_cashu_is_mint_accepted(const char *mint_url, const char *accepted_mint_url); + +#endif diff --git a/components/tollgate_core/src/tollgate_core_dns.c b/components/tollgate_core/src/tollgate_core_dns.c new file mode 100644 index 0000000..84322e6 --- /dev/null +++ b/components/tollgate_core/src/tollgate_core_dns.c @@ -0,0 +1,316 @@ +#include "tollgate_core_dns.h" +#include "esp_log.h" +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "lwip/sockets.h" +#include "lwip/netdb.h" +#include +#include + +#define MAX_AUTH_IPS 10 +#define DNS_BUF_SIZE 512 +#define DNS_PORT 53 +#define DOT_PORT 853 +#define DNS_TASK_STACK 4096 +#define DOT_TASK_STACK 3072 +#define DNS_TASK_PRIO 5 +#define DOT_TASK_PRIO 5 +#define DNS_FORWARD_TIMEOUT_MS 2000 +#define NXDOMAIN_TTL 30 +#define HIJACK_TTL 10 + +static const char *TAG = "tg_core_dns"; + +#pragma pack(push, 1) +typedef struct { + uint16_t id; + uint16_t flags; + uint16_t qdcount; + uint16_t ancount; + uint16_t nscount; + uint16_t arcount; +} dns_header_t; +#pragma pack(pop) + +#pragma pack(push, 1) +typedef struct { + uint16_t name; + uint16_t type; + uint16_t class; + uint32_t ttl; + uint16_t len; + uint32_t addr; +} dns_answer_t; +#pragma pack(pop) + +typedef struct { + uint32_t ip; +} auth_entry_t; + +static auth_entry_t s_auth_list[MAX_AUTH_IPS]; +static int s_auth_count = 0; +static TaskHandle_t s_dns_task = NULL; +static TaskHandle_t s_dot_task = NULL; +static volatile bool s_dns_running = false; +static esp_ip4_addr_t s_ap_ip; +static esp_ip4_addr_t s_upstream_dns; + +static bool is_authenticated(uint32_t ip) +{ + for (int i = 0; i < s_auth_count; i++) { + if (s_auth_list[i].ip == ip) return true; + } + return false; +} + +static void parse_dns_name(const uint8_t *buf, int buf_len, int offset, char *out, int out_len) +{ + int pos = offset; + int out_pos = 0; + int jumped = 0; + int jump_pos = 0; + while (pos < buf_len && out_pos < out_len - 1) { + uint8_t len = buf[pos]; + if (len == 0) break; + if ((len & 0xC0) == 0xC0) { + if (!jumped) jump_pos = pos + 2; + pos = ((len & 0x3F) << 8) | buf[pos + 1]; + jumped = 1; + continue; + } + if (out_pos > 0 && out_pos < out_len - 1) out[out_pos++] = '.'; + pos++; + for (int i = 0; i < len && pos < buf_len && out_pos < out_len - 1; i++) { + out[out_pos++] = buf[pos++]; + } + } + out[out_pos] = '\0'; +} + +static int build_nxdomain(uint8_t *response, int req_len) +{ + dns_header_t *hdr = (dns_header_t *)response; + hdr->flags = htons(0x8403); + hdr->ancount = 0; + hdr->nscount = 0; + hdr->arcount = 0; + return req_len; +} + +static int build_redirect_response(uint8_t *response, int req_len) +{ + memmove(response, response, req_len); + dns_header_t *hdr = (dns_header_t *)response; + hdr->flags = htons(0x8180); + hdr->ancount = htons(1); + hdr->nscount = 0; + hdr->arcount = 0; + int resp_len = req_len; + dns_answer_t ans; + ans.name = htons(0xC00C); + ans.type = htons(1); + ans.class = htons(1); + ans.ttl = htonl(HIJACK_TTL); + ans.len = htons(4); + ans.addr = s_ap_ip.addr; + memcpy(response + resp_len, &ans, sizeof(ans)); + resp_len += sizeof(ans); + return resp_len; +} + +static int forward_dns(const uint8_t *req, int req_len, uint8_t *resp, int resp_buf_len, + uint16_t txn_id) +{ + int upstream_sock = socket(AF_INET, SOCK_DGRAM, 0); + if (upstream_sock < 0) return -1; + + struct timeval tv = { .tv_sec = DNS_FORWARD_TIMEOUT_MS / 1000, .tv_usec = (DNS_FORWARD_TIMEOUT_MS % 1000) * 1000 }; + setsockopt(upstream_sock, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)); + + struct sockaddr_in upstream_addr = { + .sin_family = AF_INET, + .sin_port = htons(DNS_PORT), + .sin_addr.s_addr = s_upstream_dns.addr, + }; + + sendto(upstream_sock, req, req_len, 0, (struct sockaddr *)&upstream_addr, sizeof(upstream_addr)); + + int n = recvfrom(upstream_sock, resp, resp_buf_len, 0, NULL, NULL); + close(upstream_sock); + + if (n > 0) { + if (n >= sizeof(dns_header_t)) { + dns_header_t *hdr = (dns_header_t *)resp; + hdr->id = htons(txn_id); + } + } + return n; +} + +static void dns_server_task(void *arg) +{ + int sock = socket(AF_INET, SOCK_DGRAM, 0); + if (sock < 0) { + ESP_LOGE(TAG, "Failed to create DNS socket"); + s_dns_running = false; + vTaskDelete(NULL); + return; + } + + struct sockaddr_in bind_addr = { + .sin_family = AF_INET, + .sin_port = htons(DNS_PORT), + .sin_addr.s_addr = INADDR_ANY, + }; + if (bind(sock, (struct sockaddr *)&bind_addr, sizeof(bind_addr)) < 0) { + ESP_LOGE(TAG, "Failed to bind DNS socket"); + close(sock); + s_dns_running = false; + vTaskDelete(NULL); + return; + } + + ESP_LOGI(TAG, "DNS server started on port %d, AP IP=" IPSTR ", upstream DNS=" IPSTR, + DNS_PORT, IP2STR(&s_ap_ip), IP2STR(&s_upstream_dns)); + + uint8_t rx_buf[DNS_BUF_SIZE]; + uint8_t tx_buf[DNS_BUF_SIZE + sizeof(dns_answer_t)]; + + while (s_dns_running) { + struct sockaddr_in client_addr; + socklen_t client_len = sizeof(client_addr); + int n = recvfrom(sock, rx_buf, sizeof(rx_buf), 0, + (struct sockaddr *)&client_addr, &client_len); + if (n < (int)sizeof(dns_header_t)) continue; + + uint32_t client_ip = client_addr.sin_addr.s_addr; + dns_header_t *hdr = (dns_header_t *)rx_buf; + uint16_t txn_id = ntohs(hdr->id); + bool is_query = (ntohs(hdr->flags) & 0x8000) == 0; + uint16_t qdcount = ntohs(hdr->qdcount); + + if (!is_query || qdcount == 0) continue; + + int q_offset = sizeof(dns_header_t); + while (q_offset < n && rx_buf[q_offset] != 0) { + q_offset += rx_buf[q_offset] + 1; + } + if (q_offset + 5 > n) continue; + uint16_t qtype = (rx_buf[q_offset + 1] << 8) | rx_buf[q_offset + 2]; + int req_len = q_offset + 5; + + if (is_authenticated(client_ip)) { + int resp_len = forward_dns(rx_buf, req_len, tx_buf, sizeof(tx_buf), txn_id); + if (resp_len > 0) { + sendto(sock, tx_buf, resp_len, 0, (struct sockaddr *)&client_addr, client_len); + } + } else { + char qname[256] = {0}; + parse_dns_name(rx_buf, n, sizeof(dns_header_t), qname, sizeof(qname)); + ESP_LOGI(TAG, "Hijack DNS from " IPSTR ": %s (type=%d)", + IP2STR(&(esp_ip4_addr_t){.addr=client_ip}), qname, qtype); + if (qtype == 1) { + int resp_len = build_redirect_response(rx_buf, req_len); + memcpy(tx_buf, rx_buf, resp_len); + dns_header_t *resp_hdr = (dns_header_t *)tx_buf; + resp_hdr->id = htons(txn_id); + sendto(sock, tx_buf, resp_len, 0, (struct sockaddr *)&client_addr, client_len); + } else { + int resp_len = build_nxdomain(rx_buf, req_len); + memcpy(tx_buf, rx_buf, resp_len); + dns_header_t *resp_hdr = (dns_header_t *)tx_buf; + resp_hdr->id = htons(txn_id); + sendto(sock, tx_buf, resp_len, 0, (struct sockaddr *)&client_addr, client_len); + } + } + } + + close(sock); + ESP_LOGI(TAG, "DNS server stopped"); + vTaskDelete(NULL); +} + +static void dot_reject_task(void *arg) +{ + int sock = socket(AF_INET, SOCK_STREAM, 0); + if (sock < 0) { + ESP_LOGE(TAG, "Failed to create DoT reject socket"); + vTaskDelete(NULL); + return; + } + + int opt = 1; + setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); + + struct sockaddr_in bind_addr = { + .sin_family = AF_INET, + .sin_port = htons(DOT_PORT), + .sin_addr.s_addr = INADDR_ANY, + }; + if (bind(sock, (struct sockaddr *)&bind_addr, sizeof(bind_addr)) < 0) { + ESP_LOGE(TAG, "Failed to bind DoT reject socket on port %d", DOT_PORT); + close(sock); + vTaskDelete(NULL); + return; + } + + listen(sock, 1); + ESP_LOGI(TAG, "DoT reject server on port %d (forces DNS fallback to port 53)", DOT_PORT); + + while (s_dns_running) { + struct sockaddr_in client_addr; + socklen_t client_len = sizeof(client_addr); + int client_sock = accept(sock, (struct sockaddr *)&client_addr, &client_len); + if (client_sock >= 0) { + struct linger ling = { .l_onoff = 1, .l_linger = 0 }; + setsockopt(client_sock, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)); + close(client_sock); + } + } + + close(sock); + ESP_LOGI(TAG, "DoT reject server stopped"); + vTaskDelete(NULL); +} + +esp_err_t tollgate_core_dns_start_internal(esp_ip4_addr_t ap_ip, esp_ip4_addr_t upstream_dns) +{ + if (s_dns_running) return ESP_OK; + s_ap_ip = ap_ip; + s_upstream_dns = upstream_dns; + s_dns_running = true; + xTaskCreate(dns_server_task, "dns_server", DNS_TASK_STACK, NULL, DNS_TASK_PRIO, &s_dns_task); + xTaskCreate(dot_reject_task, "dot_reject", DOT_TASK_STACK, NULL, DOT_TASK_PRIO, &s_dot_task); + return ESP_OK; +} + +void tollgate_core_dns_stop(void) +{ + s_dns_running = false; + vTaskDelay(pdMS_TO_TICKS(200)); + s_dns_task = NULL; +} + +void tollgate_core_dns_set_authenticated(uint32_t client_ip, bool authenticated) +{ + if (authenticated) { + if (is_authenticated(client_ip)) return; + if (s_auth_count < MAX_AUTH_IPS) { + s_auth_list[s_auth_count].ip = client_ip; + s_auth_count++; + } + } else { + for (int i = 0; i < s_auth_count; i++) { + if (s_auth_list[i].ip == client_ip) { + s_auth_list[i] = s_auth_list[s_auth_count - 1]; + s_auth_count--; + return; + } + } + } +} + +bool tollgate_core_dns_is_running(void) +{ + return s_dns_running; +} diff --git a/components/tollgate_core/src/tollgate_core_dns.h b/components/tollgate_core/src/tollgate_core_dns.h new file mode 100644 index 0000000..60aaaaf --- /dev/null +++ b/components/tollgate_core/src/tollgate_core_dns.h @@ -0,0 +1,13 @@ +#ifndef TOLLGATE_CORE_DNS_H +#define TOLLGATE_CORE_DNS_H + +#include "esp_err.h" +#include "esp_netif.h" +#include + +esp_err_t tollgate_core_dns_start_internal(esp_ip4_addr_t ap_ip, esp_ip4_addr_t upstream_dns); +void tollgate_core_dns_stop(void); +void tollgate_core_dns_set_authenticated(uint32_t client_ip, bool authenticated); +bool tollgate_core_dns_is_running(void); + +#endif diff --git a/components/tollgate_core/src/tollgate_core_firewall.c b/components/tollgate_core/src/tollgate_core_firewall.c new file mode 100644 index 0000000..e5d61d8 --- /dev/null +++ b/components/tollgate_core/src/tollgate_core_firewall.c @@ -0,0 +1,165 @@ +#include "tollgate_core_firewall.h" +#include "tollgate_core_dns.h" +#include "esp_log.h" +#include "esp_wifi.h" +#include "esp_wifi_ap_get_sta_list.h" +#include "lwip/lwip_napt.h" +#include "lwip/etharp.h" +#include "lwip/netif.h" +#include "lwip/prot/ip4.h" +#include + +#define MAX_CLIENTS 10 + +static const char *TAG = "tg_core_fw"; +static esp_ip4_addr_t s_ap_ip; + +typedef struct { + uint32_t ip; + char mac[TG_FW_MAX_MAC_LEN]; +} fw_client_t; + +static fw_client_t s_clients[MAX_CLIENTS]; +static int s_client_count = 0; + +esp_err_t tollgate_core_fw_get_mac_for_ip(uint32_t client_ip, char *mac_out, size_t mac_out_size) +{ + wifi_sta_list_t sta_list; + if (esp_wifi_ap_get_sta_list(&sta_list) == ESP_OK) { + wifi_sta_mac_ip_list_t ip_mac_list; + if (esp_wifi_ap_get_sta_list_with_ip(&sta_list, &ip_mac_list) == ESP_OK) { + for (int i = 0; i < ip_mac_list.num; i++) { + if (ip_mac_list.sta[i].ip.addr == client_ip) { + snprintf(mac_out, mac_out_size, "%02x:%02x:%02x:%02x:%02x:%02x", + ip_mac_list.sta[i].mac[0], ip_mac_list.sta[i].mac[1], + ip_mac_list.sta[i].mac[2], ip_mac_list.sta[i].mac[3], + ip_mac_list.sta[i].mac[4], ip_mac_list.sta[i].mac[5]); + return ESP_OK; + } + } + } + } + + ip4_addr_t *entry_ip = NULL; + struct netif *entry_netif = NULL; + struct eth_addr *entry_eth = NULL; + ssize_t i = 0; + while (etharp_get_entry(i, &entry_ip, &entry_netif, &entry_eth) == ERR_OK) { + if (entry_ip && entry_ip->addr == client_ip && entry_eth) { + snprintf(mac_out, mac_out_size, "%02x:%02x:%02x:%02x:%02x:%02x", + entry_eth->addr[0], entry_eth->addr[1], entry_eth->addr[2], + entry_eth->addr[3], entry_eth->addr[4], entry_eth->addr[5]); + return ESP_OK; + } + i++; + } + return ESP_FAIL; +} + +esp_err_t tollgate_core_fw_init(esp_ip4_addr_t ap_ip) +{ + s_ap_ip = ap_ip; + memset(s_clients, 0, sizeof(s_clients)); + s_client_count = 0; + ip_napt_enable(s_ap_ip.addr, 1); + ESP_LOGI(TAG, "Firewall initialized with AP IP=" IPSTR " (NAT always on, per-client filter)", IP2STR(&s_ap_ip)); + return ESP_OK; +} + +int tollgate_core_ip4_canforward_filter(struct pbuf *p, u32_t dest_addr_hostorder) +{ + (void)dest_addr_hostorder; + if (p->len < IP_HLEN) return -1; + struct ip_hdr *iphdr = (struct ip_hdr *)p->payload; + uint32_t src_ip_h = lwip_ntohl(iphdr->src.addr); + uint32_t ap_subnet = lwip_ntohl(s_ap_ip.addr) & 0xFFFFFF00; + if ((src_ip_h & 0xFFFFFF00) != ap_subnet) { + return 1; + } + if (tollgate_core_fw_is_allowed(iphdr->src.addr)) { + return 1; + } + return 0; +} + +static fw_client_t *find_client_by_ip(uint32_t client_ip) +{ + for (int i = 0; i < s_client_count; i++) { + if (s_clients[i].ip == client_ip) return &s_clients[i]; + } + return NULL; +} + +static fw_client_t *find_client_by_mac(const char *mac) +{ + for (int i = 0; i < s_client_count; i++) { + if (s_clients[i].mac[0] != '\0' && strcmp(s_clients[i].mac, mac) == 0) { + return &s_clients[i]; + } + } + return NULL; +} + +void tollgate_core_fw_grant(uint32_t client_ip) +{ + fw_client_t *existing = find_client_by_ip(client_ip); + if (existing) { + existing->ip = client_ip; + return; + } + if (s_client_count >= MAX_CLIENTS) { + ESP_LOGW(TAG, "Max clients reached, cannot grant access"); + return; + } + + fw_client_t *client = &s_clients[s_client_count]; + client->ip = client_ip; + client->mac[0] = '\0'; + tollgate_core_fw_get_mac_for_ip(client_ip, client->mac, sizeof(client->mac)); + s_client_count++; + + tollgate_core_dns_set_authenticated(client_ip, true); + + esp_ip4_addr_t ip_addr = { .addr = client_ip }; + ESP_LOGI(TAG, "Access granted to " IPSTR " mac=%s", IP2STR(&ip_addr), + client->mac[0] ? client->mac : "unknown"); +} + +void tollgate_core_fw_revoke(uint32_t client_ip) +{ + for (int i = 0; i < s_client_count; i++) { + if (s_clients[i].ip == client_ip) { + esp_ip4_addr_t ip_addr = { .addr = client_ip }; + ESP_LOGI(TAG, "Access revoked for " IPSTR " mac=%s", IP2STR(&ip_addr), + s_clients[i].mac[0] ? s_clients[i].mac : "unknown"); + s_clients[i] = s_clients[s_client_count - 1]; + s_client_count--; + tollgate_core_dns_set_authenticated(client_ip, false); + return; + } + } +} + +void tollgate_core_fw_revoke_all(void) +{ + for (int i = 0; i < s_client_count; i++) { + tollgate_core_dns_set_authenticated(s_clients[i].ip, false); + } + s_client_count = 0; + ESP_LOGI(TAG, "All client access revoked"); +} + +bool tollgate_core_fw_is_allowed(uint32_t client_ip) +{ + return find_client_by_ip(client_ip) != NULL; +} + +bool tollgate_core_fw_is_mac_allowed(const char *mac) +{ + return find_client_by_mac(mac) != NULL; +} + +int tollgate_core_fw_client_count(void) +{ + return s_client_count; +} diff --git a/components/tollgate_core/src/tollgate_core_firewall.h b/components/tollgate_core/src/tollgate_core_firewall.h new file mode 100644 index 0000000..f06c801 --- /dev/null +++ b/components/tollgate_core/src/tollgate_core_firewall.h @@ -0,0 +1,25 @@ +#ifndef TOLLGATE_CORE_FIREWALL_H +#define TOLLGATE_CORE_FIREWALL_H + +#include "esp_err.h" +#include "esp_netif.h" +#include +#include + +struct pbuf; + +#define TG_FW_MAX_MAC_LEN 18 + +esp_err_t tollgate_core_fw_init(esp_ip4_addr_t ap_ip); +void tollgate_core_fw_grant(uint32_t client_ip); +void tollgate_core_fw_revoke(uint32_t client_ip); +void tollgate_core_fw_revoke_all(void); +bool tollgate_core_fw_is_allowed(uint32_t client_ip); +bool tollgate_core_fw_is_mac_allowed(const char *mac); +int tollgate_core_fw_client_count(void); + +esp_err_t tollgate_core_fw_get_mac_for_ip(uint32_t client_ip, char *mac_out, size_t mac_out_size); + +int tollgate_core_ip4_canforward_filter(struct pbuf *p, uint32_t dest_addr_hostorder); + +#endif diff --git a/components/tollgate_core/src/tollgate_core_session.c b/components/tollgate_core/src/tollgate_core_session.c new file mode 100644 index 0000000..48d32e7 --- /dev/null +++ b/components/tollgate_core/src/tollgate_core_session.c @@ -0,0 +1,200 @@ +#include "tollgate_core_session.h" +#include "tollgate_core_firewall.h" +#include "esp_log.h" +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include + +static const char *TAG = "tg_core_session"; +static tg_session_t s_sessions[TG_SESSION_MAX_CLIENTS]; +static int s_session_count = 0; + +static const tollgate_platform_t *s_platform; + +void tollgate_core_session_set_platform(const tollgate_platform_t *platform) +{ + s_platform = platform; +} + +static int64_t get_time_ms(void) +{ + if (s_platform && s_platform->get_time_ms) { + return s_platform->get_time_ms(); + } + return (int64_t)xTaskGetTickCount() * portTICK_PERIOD_MS; +} + +esp_err_t tollgate_core_session_init(void) +{ + memset(s_sessions, 0, sizeof(s_sessions)); + s_session_count = 0; + ESP_LOGI(TAG, "Session manager initialized"); + return ESP_OK; +} + +static void populate_mac(tg_session_t *session, uint32_t client_ip) +{ + if (tollgate_core_fw_get_mac_for_ip(client_ip, session->mac, sizeof(session->mac)) != ESP_OK) { + session->mac[0] = '\0'; + } +} + +tg_session_t *tollgate_core_session_create(uint32_t client_ip, uint64_t allotment_ms) +{ + tg_session_t *existing = tollgate_core_session_find_by_ip(client_ip); + if (existing) { + tollgate_core_session_extend(existing, allotment_ms); + return existing; + } + + if (s_session_count >= TG_SESSION_MAX_CLIENTS) { + for (int i = 0; i < TG_SESSION_MAX_CLIENTS; i++) { + if (!s_sessions[i].active || tollgate_core_session_is_expired(&s_sessions[i])) { + tollgate_core_session_revoke(&s_sessions[i]); + break; + } + } + } + + for (int i = 0; i < TG_SESSION_MAX_CLIENTS; i++) { + if (!s_sessions[i].active) { + s_sessions[i].client_ip = client_ip; + s_sessions[i].allotment_ms = allotment_ms; + s_sessions[i].start_time_ms = get_time_ms(); + s_sessions[i].active = true; + populate_mac(&s_sessions[i], client_ip); + + s_session_count++; + tollgate_core_fw_grant(client_ip); + + esp_ip4_addr_t ip = { .addr = client_ip }; + ESP_LOGI(TAG, "Session created: " IPSTR " mac=%s allotment=%llums", IP2STR(&ip), + s_sessions[i].mac[0] ? s_sessions[i].mac : "unknown", + (unsigned long long)allotment_ms); + return &s_sessions[i]; + } + } + + ESP_LOGW(TAG, "No free session slots"); + return NULL; +} + +tg_session_t *tollgate_core_session_create_bytes(uint32_t client_ip, uint64_t allotment_bytes) +{ + tg_session_t *s = tollgate_core_session_create(client_ip, 0); + if (s) { + s->allotment_bytes = allotment_bytes; + s->bytes_consumed = 0; + s->allotment_ms = INT64_MAX; + esp_ip4_addr_t ip = { .addr = client_ip }; + ESP_LOGI(TAG, "Bytes session created: " IPSTR " allotment=%llu bytes", IP2STR(&ip), + (unsigned long long)allotment_bytes); + } + return s; +} + +void tollgate_core_session_add_bytes(uint32_t client_ip, uint64_t bytes) +{ + tg_session_t *s = tollgate_core_session_find_by_ip(client_ip); + if (s && s->active) { + s->bytes_consumed += bytes; + } +} + +tg_session_t *tollgate_core_session_find_by_ip(uint32_t client_ip) +{ + for (int i = 0; i < TG_SESSION_MAX_CLIENTS; i++) { + if (s_sessions[i].active && s_sessions[i].client_ip == client_ip) { + return &s_sessions[i]; + } + } + return NULL; +} + +tg_session_t *tollgate_core_session_find_by_mac(const char *mac) +{ + for (int i = 0; i < TG_SESSION_MAX_CLIENTS; i++) { + if (s_sessions[i].active && s_sessions[i].mac[0] != '\0' && + strcmp(s_sessions[i].mac, mac) == 0) { + return &s_sessions[i]; + } + } + return NULL; +} + +void tollgate_core_session_extend(tg_session_t *session, uint64_t additional_ms) +{ + if (!session || !session->active) return; + session->allotment_ms += additional_ms; + esp_ip4_addr_t ip = { .addr = session->client_ip }; + ESP_LOGI(TAG, "Session extended: " IPSTR " +%llums (total=%llu)", IP2STR(&ip), + (unsigned long long)additional_ms, (unsigned long long)session->allotment_ms); +} + +bool tollgate_core_session_is_expired(const tg_session_t *session) +{ + if (!session || !session->active) return true; + + if (s_platform && s_platform->get_metric) { + const char *metric = s_platform->get_metric(); + if (metric && strcmp(metric, "bytes") == 0) { + return session->bytes_consumed >= session->allotment_bytes; + } + } + + int64_t elapsed = get_time_ms() - session->start_time_ms; + return elapsed >= (int64_t)session->allotment_ms; +} + +static void check_expiry(void) +{ + for (int i = 0; i < TG_SESSION_MAX_CLIENTS; i++) { + if (s_sessions[i].active && tollgate_core_session_is_expired(&s_sessions[i])) { + esp_ip4_addr_t ip = { .addr = s_sessions[i].client_ip }; + ESP_LOGI(TAG, "Session expired: " IPSTR " mac=%s", IP2STR(&ip), + s_sessions[i].mac[0] ? s_sessions[i].mac : "unknown"); + tollgate_core_session_revoke(&s_sessions[i]); + } + } +} + +void tollgate_core_session_revoke(tg_session_t *session) +{ + if (!session || !session->active) return; + tollgate_core_fw_revoke(session->client_ip); + session->active = false; + s_session_count--; +} + +void tollgate_core_session_revoke_all(void) +{ + for (int i = 0; i < TG_SESSION_MAX_CLIENTS; i++) { + if (s_sessions[i].active) { + tollgate_core_session_revoke(&s_sessions[i]); + } + } +} + +int tollgate_core_session_active_count(void) +{ + int count = 0; + for (int i = 0; i < TG_SESSION_MAX_CLIENTS; i++) { + if (s_sessions[i].active) count++; + } + return count; +} + +void tollgate_core_session_tick(void) +{ + check_expiry(); +} + +tg_session_t *tollgate_core_session_get_array(void) +{ + return s_sessions; +} + +int tollgate_core_session_get_array_size(void) +{ + return TG_SESSION_MAX_CLIENTS; +} diff --git a/components/tollgate_core/src/tollgate_core_session.h b/components/tollgate_core/src/tollgate_core_session.h new file mode 100644 index 0000000..444b9fa --- /dev/null +++ b/components/tollgate_core/src/tollgate_core_session.h @@ -0,0 +1,47 @@ +#ifndef TOLLGATE_CORE_SESSION_H +#define TOLLGATE_CORE_SESSION_H + +#include "esp_err.h" +#include "tollgate_platform.h" +#include +#include + +#define TG_SESSION_MAX_CLIENTS 10 +#define TG_SESSION_MAX_MAC_LEN 18 + +typedef struct { + uint32_t client_ip; + char mac[TG_SESSION_MAX_MAC_LEN]; + uint64_t allotment_ms; + int64_t start_time_ms; + uint64_t allotment_bytes; + uint64_t bytes_consumed; + bool active; +} tg_session_t; + +esp_err_t tollgate_core_session_init(void); +void tollgate_core_session_set_platform(const tollgate_platform_t *platform); + +tg_session_t *tollgate_core_session_create(uint32_t client_ip, uint64_t allotment_ms); +tg_session_t *tollgate_core_session_create_bytes(uint32_t client_ip, uint64_t allotment_bytes); + +void tollgate_core_session_add_bytes(uint32_t client_ip, uint64_t bytes); + +tg_session_t *tollgate_core_session_find_by_ip(uint32_t client_ip); +tg_session_t *tollgate_core_session_find_by_mac(const char *mac); + +void tollgate_core_session_extend(tg_session_t *session, uint64_t additional_ms); + +bool tollgate_core_session_is_expired(const tg_session_t *session); + +void tollgate_core_session_revoke(tg_session_t *session); +void tollgate_core_session_revoke_all(void); + +int tollgate_core_session_active_count(void); + +void tollgate_core_session_tick(void); + +tg_session_t *tollgate_core_session_get_array(void); +int tollgate_core_session_get_array_size(void); + +#endif -- cgit v1.2.3