access list for server tunnels

2025-01-22 13:27:17 +01:00 · 2015-03-16 14:52:42 -04:00 · 2015-03-16 14:52:42 -04:00 · 76ad7f24ee
parent 1ac689b886
commit 76ad7f24ee
4 changed files with 39 additions and 3 deletions
--- a/ClientContext.cpp
+++ b/ClientContext.cpp
@ -300,9 +300,25 @@ namespace client
 					std::string keys = section.second.get<std::string> (I2P_SERVER_TUNNEL_KEYS);
 					// optional params
 					int inPort = section.second.get (I2P_SERVER_TUNNEL_INPORT, 0);
-					
+					std::string accessList = section.second.get (I2P_SERVER_TUNNEL_ACCESS_LIST, "");					
+
 					auto localDestination = LoadLocalDestination (keys, true);
 					auto serverTunnel = new I2PServerTunnel (host, port, localDestination, inPort);
+					if (accessList.length () > 0)
+					{
+						std::set<i2p::data::IdentHash> idents;
+						size_t pos = 0, comma;
+						do
+						{
+							comma = accessList.find (',', pos);
+							i2p::data::IdentHash ident;
+							ident.FromBase32 (accessList.substr (pos, comma != std::string::npos ? comma - pos : std::string::npos));	
+							idents.insert (ident);
+							pos = comma + 1;
+						}
+						while (comma != std::string::npos);
+						serverTunnel->SetAccessList (idents);
+					}
 					if (m_ServerTunnels.insert (std::make_pair (localDestination->GetIdentHash (), std::unique_ptr<I2PServerTunnel>(serverTunnel))).second)
 						serverTunnel->Start ();
 					else
--- a/ClientContext.h
+++ b/ClientContext.h
@ -28,6 +28,7 @@ namespace client
 	const char I2P_SERVER_TUNNEL_PORT[] = "port";
 	const char I2P_SERVER_TUNNEL_KEYS[] = "keys";
 	const char I2P_SERVER_TUNNEL_INPORT[] = "inport";
+	const char I2P_SERVER_TUNNEL_ACCESS_LIST[] = "accesslist";		
 	const char TUNNELS_CONFIG_FILENAME[] = "tunnels.cfg";

 	class ClientContext
--- a/I2PTunnel.cpp
+++ b/I2PTunnel.cpp
@ -248,7 +248,7 @@ namespace client

 	I2PServerTunnel::I2PServerTunnel (const std::string& address, int port, 
 	    std::shared_ptr<ClientDestination> localDestination, int inport): 
-		I2PService (localDestination), m_Endpoint (boost::asio::ip::address::from_string (address), port)
+		I2PService (localDestination), m_Endpoint (boost::asio::ip::address::from_string (address), port),  m_IsAccessList (false)
 	{
 		m_PortDestination = localDestination->CreateStreamingDestination (inport > 0 ? inport : port);
 	}
@ -263,6 +263,12 @@ namespace client
 		ClearHandlers ();
 	}	

+	void I2PServerTunnel::SetAccessList (const std::set<i2p::data::IdentHash>& accessList)
+	{
+		m_AccessList = accessList;
+		m_IsAccessList = true;		
+	}
+
 	void I2PServerTunnel::Accept ()
 	{
 		if (m_PortDestination)
@ -282,6 +288,15 @@ namespace client
 	{
 		if (stream)
 		{	
+			if (m_IsAccessList)
+			{
+				if (!m_AccessList.count (stream->GetRemoteIdentity ().GetIdentHash ()))
+				{
+					LogPrint (eLogWarning, "Address ", stream->GetRemoteIdentity ().GetIdentHash ().ToBase32 (), " is not in white list. Incoming connection dropped");
+					stream->Close ();
+					return;
+				}
+			}
 			auto conn = std::make_shared<I2PTunnelConnection> (this, stream, new boost::asio::ip::tcp::socket (GetService ()), m_Endpoint);
 			AddHandler (conn);
 			conn->Connect ();
--- a/I2PTunnel.h
+++ b/I2PTunnel.h
@ -90,6 +90,8 @@ namespace client
 			void Start ();
 			void Stop ();

+			void SetAccessList (const std::set<i2p::data::IdentHash>& accessList); 
+
 		private:

 			void Accept ();
@ -98,7 +100,9 @@ namespace client
 		private:

 			boost::asio::ip::tcp::endpoint m_Endpoint;	
-			std::shared_ptr<i2p::stream::StreamingDestination> m_PortDestination;	
+			std::shared_ptr<i2p::stream::StreamingDestination> m_PortDestination;
+			std::set<i2p::data::IdentHash> m_AccessList;
+			bool m_IsAccessList;			
 	};
 }
 }