mirror of
https://github.com/tnodir/fort
synced 2024-11-15 06:35:23 +00:00
Config: Canculate required buffer size.
This commit is contained in:
parent
8c849420f4
commit
dca353cb1c
@ -2,4 +2,6 @@
|
|||||||
|
|
||||||
err_conf_iprange_inc = "Bad Include IP address: line %d"
|
err_conf_iprange_inc = "Bad Include IP address: line %d"
|
||||||
err_conf_iprange_exc = "Bad Exclude IP address: line %d"
|
err_conf_iprange_exc = "Bad Exclude IP address: line %d"
|
||||||
err_conf_app_group_max = "Number of Application Groups must be < %d"
|
err_conf_group_max = "Number of Application Groups must be < %d"
|
||||||
|
err_conf_group_name_max = "Length of Application Group's Name must be < %d"
|
||||||
|
err_conf_size = "Size of configuration is too big"
|
||||||
|
@ -9,7 +9,8 @@ local util_ip = require"wipf.util.ip"
|
|||||||
|
|
||||||
|
|
||||||
local util_conf = {
|
local util_conf = {
|
||||||
APP_GROUP_MAX = 10
|
APP_GROUP_MAX = 10,
|
||||||
|
APP_GROUP_NAME_MAX = 128
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -56,7 +57,7 @@ local function app_groups_to_plain(app_groups)
|
|||||||
local apps_map = {}
|
local apps_map = {}
|
||||||
|
|
||||||
if groups_count > util_conf.APP_GROUP_MAX then
|
if groups_count > util_conf.APP_GROUP_MAX then
|
||||||
return nil, i18n.tr_fmt('err_conf_app_group_max', util_conf.APP_GROUP_MAX)
|
return nil, i18n.tr_fmt('err_conf_group_max', util_conf.APP_GROUP_MAX)
|
||||||
end
|
end
|
||||||
|
|
||||||
for i = 1, groups_count do
|
for i = 1, groups_count do
|
||||||
@ -68,8 +69,12 @@ local function app_groups_to_plain(app_groups)
|
|||||||
group_bits = bit.bor(group_bits, group_bit)
|
group_bits = bit.bor(group_bits, group_bit)
|
||||||
end
|
end
|
||||||
|
|
||||||
groups_count = groups_count + 1
|
local name = app_group:get_name()
|
||||||
groups[groups_count] = app_group:get_name()
|
if #name > util_conf.APP_GROUP_NAME_MAX then
|
||||||
|
return nil, i18n.tr_fmt('err_conf_group_name_max', util_conf.APP_GROUP_NAME_MAX)
|
||||||
|
end
|
||||||
|
|
||||||
|
groups[i] = name
|
||||||
|
|
||||||
parse_apps(app_group:get_block(), true, apps_map, group_index)
|
parse_apps(app_group:get_block(), true, apps_map, group_index)
|
||||||
parse_apps(app_group:get_allow(), false, apps_map, group_index)
|
parse_apps(app_group:get_allow(), false, apps_map, group_index)
|
||||||
@ -97,6 +102,15 @@ local function app_groups_to_plain(app_groups)
|
|||||||
return group_bits, groups, app_3bits, apps
|
return group_bits, groups, app_3bits, apps
|
||||||
end
|
end
|
||||||
|
|
||||||
|
-- Calculate total length of strings in table
|
||||||
|
local function get_strings_len(t, n)
|
||||||
|
local len = 0
|
||||||
|
for i = 1, n do
|
||||||
|
len = len + #t[i]
|
||||||
|
end
|
||||||
|
return len
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
-- Configuration objects meta-table
|
-- Configuration objects meta-table
|
||||||
local conf_meta = {}
|
local conf_meta = {}
|
||||||
@ -185,6 +199,15 @@ function conf_meta:write(buf)
|
|||||||
return nil, groups
|
return nil, groups
|
||||||
end
|
end
|
||||||
|
|
||||||
|
-- calculate maximum required buffer size
|
||||||
|
local buf_size = wipf.conf_buffer_size(
|
||||||
|
iprange_from_inc.n, iprange_from_exc.n,
|
||||||
|
groups.n, get_strings_len(groups, groups.n),
|
||||||
|
apps.n, get_strings_len(apps, apps.n))
|
||||||
|
if not (buf_size and buf:reserve(buf_size)) then
|
||||||
|
return nil, i18n.tr('err_conf_size')
|
||||||
|
end
|
||||||
|
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -426,7 +426,7 @@ wipf_device_control (PDEVICE_OBJECT device, PIRP irp)
|
|||||||
const PWIPF_CONF conf = irp->AssociatedIrp.SystemBuffer;
|
const PWIPF_CONF conf = irp->AssociatedIrp.SystemBuffer;
|
||||||
const ULONG len = irp_stack->Parameters.DeviceIoControl.InputBufferLength;
|
const ULONG len = irp_stack->Parameters.DeviceIoControl.InputBufferLength;
|
||||||
|
|
||||||
if (len > sizeof(WIPF_CONF)) {
|
if (len > WIPF_CONF_SIZE_MIN) {
|
||||||
PWIPF_CONF_REF conf_ref = wipf_conf_ref_new(conf, len);
|
PWIPF_CONF_REF conf_ref = wipf_conf_ref_new(conf, len);
|
||||||
|
|
||||||
if (conf_ref == NULL) {
|
if (conf_ref == NULL) {
|
||||||
|
@ -14,9 +14,9 @@
|
|||||||
#include <lauxlib.h>
|
#include <lauxlib.h>
|
||||||
|
|
||||||
#include "../common.h"
|
#include "../common.h"
|
||||||
|
#include "../wipfconf.h"
|
||||||
|
|
||||||
#include "../wipflog.c"
|
#include "../wipflog.c"
|
||||||
#include "../wipfconf.c"
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -68,9 +68,9 @@ static int
|
|||||||
wipf_lua_log_write (lua_State *L)
|
wipf_lua_log_write (lua_State *L)
|
||||||
{
|
{
|
||||||
char *out = lua_touserdata(L, 1);
|
char *out = lua_touserdata(L, 1);
|
||||||
const unsigned long remote_ip = lua_tointeger(L, 2);
|
const UINT32 remote_ip = lua_tointeger(L, 2);
|
||||||
const unsigned long pid = lua_tointeger(L, 3);
|
const UINT32 pid = lua_tointeger(L, 3);
|
||||||
size_t path_len;
|
UINT32 path_len;
|
||||||
const char *path = lua_tolstring(L, 4, &path_len);
|
const char *path = lua_tolstring(L, 4, &path_len);
|
||||||
|
|
||||||
if (!out) return 0;
|
if (!out) return 0;
|
||||||
@ -91,8 +91,8 @@ wipf_lua_log_read (lua_State *L)
|
|||||||
{
|
{
|
||||||
char *in = lua_touserdata(L, 1);
|
char *in = lua_touserdata(L, 1);
|
||||||
const int off = lua_tointeger(L, 2);
|
const int off = lua_tointeger(L, 2);
|
||||||
unsigned long remote_ip, pid;
|
UINT32 remote_ip, pid;
|
||||||
size_t path_len;
|
UINT32 path_len;
|
||||||
const char *path;
|
const char *path;
|
||||||
|
|
||||||
if (!in) return 0;
|
if (!in) return 0;
|
||||||
@ -114,6 +114,36 @@ wipf_lua_log_read (lua_State *L)
|
|||||||
return 3;
|
return 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Arguments: ip_include_n (number), ip_exclude_n (number)
|
||||||
|
* groups_n (number), groups_len (number),
|
||||||
|
* apps_n (number), apps_len (number)
|
||||||
|
* Returns: length (number)
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
wipf_lua_conf_buffer_size (lua_State *L)
|
||||||
|
{
|
||||||
|
const int ip_include_n = lua_tointeger(L, 1);
|
||||||
|
const int ip_exclude_n = lua_tointeger(L, 2);
|
||||||
|
const int groups_n = lua_tointeger(L, 3);
|
||||||
|
const int groups_len = lua_tointeger(L, 4) * 2;
|
||||||
|
const int apps_n = lua_tointeger(L, 5);
|
||||||
|
const int apps_len = lua_tointeger(L, 6) * 2;
|
||||||
|
|
||||||
|
if (ip_include_n > WIPF_CONF_IP_MAX
|
||||||
|
|| ip_exclude_n > WIPF_CONF_IP_MAX
|
||||||
|
|| groups_len > WIPF_CONF_GROUPS_LEN_MAX
|
||||||
|
|| apps_len > WIPF_CONF_APPS_LEN_MAX)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
lua_pushinteger(L, WIPF_CONF_SIZE_MIN
|
||||||
|
+ (ip_include_n + ip_exclude_n) * 2 * sizeof(UINT32)
|
||||||
|
+ (groups_n + apps_n) * sizeof(UINT16)
|
||||||
|
+ groups_len + apps_len
|
||||||
|
+ apps_n * sizeof(UINT32));
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static luaL_Reg wipf_lib[] = {
|
static luaL_Reg wipf_lib[] = {
|
||||||
{"device_name", wipf_lua_device_name},
|
{"device_name", wipf_lua_device_name},
|
||||||
@ -122,6 +152,7 @@ static luaL_Reg wipf_lib[] = {
|
|||||||
{"buffer_size", wipf_lua_buffer_size},
|
{"buffer_size", wipf_lua_buffer_size},
|
||||||
{"log_write", wipf_lua_log_write},
|
{"log_write", wipf_lua_log_write},
|
||||||
{"log_read", wipf_lua_log_read},
|
{"log_read", wipf_lua_log_read},
|
||||||
|
{"conf_buffer_size", wipf_lua_conf_buffer_size},
|
||||||
{NULL, NULL}
|
{NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* Windows IP Filter Configuration Reader */
|
/* Windows IP Filter Configuration */
|
||||||
|
|
||||||
#include "wipfconf.h"
|
#include "wipfconf.h"
|
||||||
|
|
||||||
@ -10,4 +10,3 @@ wipf_conf_ipblocked (const PWIPF_CONF conf, UINT32 remote_ip,
|
|||||||
*notify = TRUE;
|
*notify = TRUE;
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,8 +2,35 @@
|
|||||||
#define WIPFCONF_H
|
#define WIPFCONF_H
|
||||||
|
|
||||||
typedef struct wipf_conf {
|
typedef struct wipf_conf {
|
||||||
UINT32 len;
|
UINT32 ip_include_all : 1;
|
||||||
|
UINT32 ip_exclude_all : 1;
|
||||||
|
UINT32 app_log_blocked : 1;
|
||||||
|
UINT32 app_block_all : 1;
|
||||||
|
UINT32 app_allow_all : 1;
|
||||||
|
UINT32 group_bits : 10;
|
||||||
|
|
||||||
|
UINT16 ip_include_n;
|
||||||
|
UINT16 ip_exclude_n;
|
||||||
|
|
||||||
|
UINT16 groups_n;
|
||||||
|
UINT16 groups_len;
|
||||||
|
|
||||||
|
UINT16 apps_n;
|
||||||
|
UINT16 apps_len;
|
||||||
|
|
||||||
|
UINT32 ip_include_off;
|
||||||
|
UINT32 ip_exclude_off;
|
||||||
|
UINT32 groups_off;
|
||||||
|
UINT32 apps_off;
|
||||||
|
|
||||||
UCHAR data[4];
|
UCHAR data[4];
|
||||||
} WIPF_CONF, *PWIPF_CONF;
|
} WIPF_CONF, *PWIPF_CONF;
|
||||||
|
|
||||||
|
#define WIPF_CONF_SIZE_MIN offsetof(WIPF_CONF, data)
|
||||||
|
#define WIPF_CONF_IP_MAX (1 * 1024 * 1024)
|
||||||
|
#define WIPF_CONF_GROUP_MAX 10
|
||||||
|
#define WIPF_CONF_GROUP_NAME_MAX 256
|
||||||
|
#define WIPF_CONF_GROUPS_LEN_MAX (WIPF_CONF_GROUP_MAX * WIPF_CONF_GROUP_NAME_MAX)
|
||||||
|
#define WIPF_CONF_APPS_LEN_MAX (64 * 1024)
|
||||||
|
|
||||||
#endif WIPFCONF_H
|
#endif WIPFCONF_H
|
||||||
|
@ -80,7 +80,6 @@ end
|
|||||||
|
|
||||||
print"-- Conf Read/Write"
|
print"-- Conf Read/Write"
|
||||||
do
|
do
|
||||||
local buf = assert(mem.pointer():alloc())
|
|
||||||
local conf = util_conf.new_conf()
|
local conf = util_conf.new_conf()
|
||||||
|
|
||||||
conf:set_ip_include_all(true)
|
conf:set_ip_include_all(true)
|
||||||
@ -120,6 +119,7 @@ do
|
|||||||
conf:add_app_group(app_group1)
|
conf:add_app_group(app_group1)
|
||||||
conf:add_app_group(app_group2)
|
conf:add_app_group(app_group2)
|
||||||
|
|
||||||
|
local buf = assert(mem.pointer():alloc())
|
||||||
assert(conf:write(buf))
|
assert(conf:write(buf))
|
||||||
|
|
||||||
print("OK")
|
print("OK")
|
||||||
|
Loading…
Reference in New Issue
Block a user