complete fw4 trusted domain, trusted ip and mac feature

Signed-off-by: staylightblow8 <[email protected]>
liudf0716 · Jan 4, 2024 · 13162d5 · 13162d5
1 parent fec4f43
commit 13162d5
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 60 deletions.
diff --git a/src/fw_iptables.c b/src/fw_iptables.c
@@ -413,14 +413,12 @@ iptables_fw_clear_authservers(void)
 	iptables_do_command("-t filter -F " CHAIN_AUTHSERVERS);
 	iptables_do_command("-t nat -F " CHAIN_AUTHSERVERS);
 #else
+	nftables_do_command("flush set inet fw4 set_wifidogx_auth_servers");
 #endif
 }
 
-
-#ifdef AW_FW3
-
-static void
-fw3_set_authservers(void *handle)
+void
+iptables_fw_set_authservers(void *handle)
 {
 	const s_config *config;
 	t_auth_serv *auth_server;
@@ -430,54 +428,25 @@ fw3_set_authservers(void *handle)
 	for (auth_server = config->auth_servers; auth_server != NULL; auth_server = auth_server->next) {
 		if (auth_server->last_ip && strcmp(auth_server->last_ip, "0.0.0.0") != 0) {
 			debug(LOG_DEBUG, "the last ip: %s", auth_server->last_ip);
+#ifdef AW_FW3
 			if (handle) {
 				iptables_do_append_command(handle, "-A " CHAIN_AUTHSERVERS " -d %s -j ACCEPT", auth_server->last_ip);
 			} else {
 				iptables_do_command("-t filter -A " CHAIN_AUTHSERVERS " -d %s -j ACCEPT", auth_server->last_ip);
 				iptables_do_command("-t nat -A " CHAIN_AUTHSERVERS " -d %s -j ACCEPT", auth_server->last_ip);
 			}
-		}
-	}
-}
-
 #else
-
-static void
-fw4_set_authservers(void *handle)
-{
-	// add auth_server->last_ip to nftables set set_wifidogx_auth_servers
-	const s_config *config;
-	t_auth_serv *auth_server;
-
-	config = config_get_config();
-	for (auth_server = config->auth_servers; auth_server != NULL; auth_server = auth_server->next) {
-		if (auth_server->last_ip && strcmp(auth_server->last_ip, "0.0.0.0") != 0) {
-			debug(LOG_DEBUG, "the last ip: %s", auth_server->last_ip);
 			nftables_do_command("add element inet fw4 set_wifidogx_auth_servers { %s }", auth_server->last_ip);
+#endif
 		}
 	}
 }
 
-#endif
-
-void
-iptables_fw_set_authservers(void *handle)
-{
-#ifdef AW_FW3
-	fw3_set_authservers(handle);
-#else
-	fw4_set_authservers(handle);
-#endif
-}
-
 void
 iptables_fw_refresh_user_domains_trusted(void)
 {
-#ifdef AW_FW3
 	iptables_fw_clear_user_domains_trusted();
 	iptables_fw_set_user_domains_trusted();
-#else
-#endif
 }
 
 void
@@ -486,13 +455,13 @@ iptables_fw_clear_user_domains_trusted(void)
 #ifdef AW_FW3
 	iptables_flush_ipset(CHAIN_DOMAIN_TRUSTED);
 #else
+	nftables_do_command("flush set inet fw4 set_wifidogx_trust_domains");
 #endif
 }
 
 void
 iptables_fw_set_user_domains_trusted(void)
 {
-#ifdef AW_FW3
 	const s_config *config;
 	t_domain_trusted *domain_trusted = NULL;
 
@@ -503,13 +472,15 @@ iptables_fw_set_user_domains_trusted(void)
 	for (domain_trusted = config->domains_trusted; domain_trusted != NULL; domain_trusted = domain_trusted->next) {
 		t_ip_trusted *ip_trusted = NULL;
 		for(ip_trusted = domain_trusted->ips_trusted; ip_trusted != NULL; ip_trusted = ip_trusted->next) {
+#ifdef AW_FW3
 			add_ip_to_ipset(CHAIN_DOMAIN_TRUSTED, ip_trusted->ip, 0);
+#else
+			nftables_do_command("add element inet fw4 set_wifidogx_trust_domains { %s }", ip_trusted->ip);
+#endif
 		}
 	}
 
 	UNLOCK_DOMAIN();
-#else
-#endif
 }
 
 // set inner trusted domains
@@ -567,11 +538,8 @@ iptables_fw_set_ipset_domains_trusted(void)
 void
 iptables_fw_refresh_inner_domains_trusted(void)
 {
-#ifdef AW_FW3
 	iptables_fw_clear_inner_domains_trusted();
 	iptables_fw_set_inner_domains_trusted();
-#else
-#endif
 }
 
 void
@@ -580,6 +548,7 @@ iptables_fw_clear_inner_domains_trusted(void)
 #ifdef AW_FW3
 	iptables_flush_ipset(CHAIN_INNER_DOMAIN_TRUSTED);
 #else
+	nftables_do_command("flush set inet fw4 set_wifidogx_inner_trust_domains");
 #endif
 }
 
@@ -590,7 +559,6 @@ iptables_fw_clear_inner_domains_trusted(void)
 void
 iptables_fw_set_inner_domains_trusted(void)
 {
-#ifdef AW_FW3
 	const s_config *config;
 	t_domain_trusted *domain_trusted = NULL;
 
@@ -601,13 +569,15 @@ iptables_fw_set_inner_domains_trusted(void)
 	for (domain_trusted = config->inner_domains_trusted; domain_trusted != NULL; domain_trusted = domain_trusted->next) {
 		t_ip_trusted *ip_trusted = NULL;
 		for(ip_trusted = domain_trusted->ips_trusted; ip_trusted != NULL; ip_trusted = ip_trusted->next) {
+#ifdef AW_FW3
 			add_ip_to_ipset(CHAIN_INNER_DOMAIN_TRUSTED, ip_trusted->ip, 0);
+#else
+			nftables_do_command("add element inet fw4 set_wifidogx_inner_trust_domains { %s }", ip_trusted->ip);
+#endif
 		}
 	}
 
 	UNLOCK_DOMAIN();
-#else
-#endif
 }
 
 
@@ -635,24 +605,26 @@ iptables_fw_clear_trusted_maclist(void)
 #ifdef AW_FW3
 	iptables_flush_ipset(CHAIN_TRUSTED);
 #else
+	nftables_do_command("flush set inet fw4 set_wifidogx_trust_clients");
 #endif
 }
 
 void
 iptables_fw_set_trusted_maclist(void)
 {
-#ifdef AW_FW3
 	const s_config *config;
 	t_trusted_mac *p = NULL;
 
 	config = config_get_config();
 
 	LOCK_CONFIG();
 	for (p = config->trustedmaclist; p != NULL; p = p->next)
+#ifdef AW_FW3
 		ipset_do_command("add " CHAIN_TRUSTED " %s", p->mac);
-	UNLOCK_CONFIG();
 #else
+		nftables_do_command("add element inet fw4 set_wifidogx_trust_clients { %s }", p->mac);
 #endif
+	UNLOCK_CONFIG();
 }
 
 void

diff --git a/src/version.h b/src/version.h
@@ -1,4 +1,4 @@
 #ifndef _VERSION_
 #define _VERSION_
-#define VERSION "6.02.1939"
+#define VERSION "6.08.1950"
 #endif
diff --git a/src/wd_client.c b/src/wd_client.c
@@ -192,7 +192,7 @@ wd_set_request_header(struct evhttp_request *req, const char *host)
 	evhttp_add_header(evhttp_request_get_output_headers(req),
 		    "Pragma", "no-cache");
 	evhttp_add_header(output_headers, "Connection", "close");
-	evhttp_add_header(output_headers, "User-Agent", "ApFree WiFiDog");
+	evhttp_add_header(output_headers, "User-Agent", "ApFree-WiFiDog");
 }
 
 /**

diff --git a/src/wd_util.c b/src/wd_util.c
@@ -1003,9 +1003,7 @@ char *evb_2_string(struct evbuffer *evb, int *olen)
 
 void evdns_add_trusted_domain_ip_cb(int errcode, struct evutil_addrinfo *addr, void *ptr)
 {
-	struct evdns_cb_param *param = ptr;
-	t_domain_trusted *p = param->data;
-	free(param);
+	t_domain_trusted *p = ptr;
 
     if (errcode) {
 		debug(LOG_INFO, "parse domain %s , error: %s", p->domain, evutil_gai_strerror(errcode));
@@ -1101,23 +1099,23 @@ thread_evdns_parse_trusted_domain_2_ip(void *arg)
     evdns_base_nameserver_ip_add(dnsbase, "114.114.114.114");//114DNS
 
 	struct evutil_addrinfo hints;
+	LOCK_DOMAIN();
 	while(p && p->domain) {		
 		memset(&hints, 0, sizeof(hints));
 		hints.ai_family = AF_UNSPEC;
 		hints.ai_flags = EVUTIL_AI_CANONNAME;
 		hints.ai_socktype = SOCK_STREAM;
 		hints.ai_protocol = IPPROTO_TCP;
 
-		struct evdns_cb_param *param = malloc(sizeof(struct evdns_cb_param));
-		memset(param, 0, sizeof(struct evdns_cb_param));
-		param->base = base;
-		param->data = p;
+		// if add domains and delete domain immediately, it will cause core dump
+		// don't know how to avoid it, so just ignore it
+		// TODO: need to find a better way to avoid it
 		evdns_getaddrinfo( dnsbase, p->domain, NULL ,
-			  &hints, evdns_add_trusted_domain_ip_cb, param);
+			  &hints, evdns_add_trusted_domain_ip_cb, p);
 
 		p = p->next;
 	}
-
+	UNLOCK_DOMAIN();
 
 	debug(LOG_INFO, "parse domain end, begin event_loop "); 
 	event_base_dispatch(base);	
@@ -1133,7 +1131,8 @@ thread_evdns_parse_trusted_domain_2_ip(void *arg)
     event_base_free(base);
 }
 
-void evdns_parse_trusted_domain_2_ip(trusted_domain_t which)
+void 
+evdns_parse_trusted_domain_2_ip(trusted_domain_t which)
 { 
 	pthread_t tid_evdns_parse;
 	trusted_domain_t *type = malloc(sizeof(trusted_domain_t));

diff --git a/src/wdctl.c b/src/wdctl.c
@@ -52,15 +52,19 @@ static struct wdctl_client_command {
     const char *cmd_description; // help
 } wdctl_clt_cmd [] = {
     {"status", NULL, "get apfree wifidog status"},
+#ifdef AW_FW3
     {"clear_trusted_pdomains", NULL, "clear trusted pan-domain"},
     {"show_trusted_pdomains", NULL, "show trusted pan-domain"},
+#endif
     {"clear_trusted_iplist", NULL, "clear trusted iplist"},
     {"clear_trusted_domains", NULL, "clear trusted domain and it's ip"},
     {"show_trusted_domains", NULL, "show trusted domains and its ip"},
     {"show_trusted_mac", NULL, "show trusted mac list"},
     {"clear_trusted_mac", NULL, "clear trusted mac list"},
+#ifdef AW_FW3
     {"add_trusted_pdomains", "pan-domain1,pan-domain2...", "add one or more trusted pan-domain like qq.com..."},
     {"del_trusted_pdomains", "pan-domain1,pan-domain2...", "del one or more trusted pan-domain list like qq.com..."},
+#endif
     {"add_trusted_domains", "domain1,domain2...", "add trusted domain list like www.qq.com..."},
     {"del_trusted_domains", "domain1,domain2...", "del trusted domain list like www.qq.com...."},
     {"add_trusted_iplist", "ip1,ip2...", "add one or more trusted ip list like ip1,ip2..."},

diff --git a/src/wdctl_thread.c b/src/wdctl_thread.c
@@ -795,6 +795,7 @@ wdctl_add_auth_client(struct bufferevent *fd, const char *args)
 {
 	json_object *client_info = json_tokener_parse(args);
 	if(is_error(client_info) || json_object_get_type(client_info) != json_type_object) { 
+        debug(LOG_ERR, "json_tokener_parse failed: args is %s", args);
         goto OUT;
     }
 
@@ -804,13 +805,16 @@ wdctl_add_auth_client(struct bufferevent *fd, const char *args)
     if(!json_object_object_get_ex(client_info, "mac", &mac_jo) || 
 	   !json_object_object_get_ex(client_info, "ip", &ip_jo) || 
 	   !json_object_object_get_ex(client_info, "name", &name_jo)) { 
+        debug(LOG_ERR, "json_object_object_get_ex failed");
         goto OUT;
     }
 
     const char *mac  = json_object_get_string(mac_jo);
     const char *ip	 = json_object_get_string(ip_jo);
-    if (!is_valid_mac(mac) || !is_valid_ip(ip) || !is_trusted_mac(mac))
+    if (!is_valid_mac(mac) || !is_valid_ip(ip) || !is_trusted_mac(mac)) {
+        debug(LOG_ERR, "is_valid_mac or is_valid_ip or is_trusted_mac failed");
         goto OUT;
+    }
 
     auth_req_info *auth = safe_malloc(sizeof(auth_req_info));
     memcpy(auth->ip, ip, strlen(ip));