1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-24 10:29:53 +03:00

Compare commits

..

1 Commits

Author SHA1 Message Date
a10kiloham
79c022ee87
Merge d6d0f2dadd into 18dc2621ec 2023-09-19 16:02:24 +09:00
29 changed files with 101 additions and 787 deletions

View File

@ -29,12 +29,12 @@ steps:
inputs: inputs:
sourceFolder: '$(Build.BinariesDirectory)' sourceFolder: '$(Build.BinariesDirectory)'
contents: '?(*.exe|*.se2|*.pdb)' contents: '?(*.exe|*.se2|*.pdb)'
TargetFolder: '$(Build.StagingDirectory)/binaries/${{parameters.architecture}}' TargetFolder: '$(Build.StagingDirectory)/binaries'
flattenFolders: true flattenFolders: true
- task: PublishBuildArtifacts@1 - task: PublishBuildArtifacts@1
inputs: inputs:
pathtoPublish: '$(Build.StagingDirectory)/binaries/${{parameters.architecture}}' pathtoPublish: '$(Build.StagingDirectory)/binaries'
artifactName: 'Binaries_${{parameters.architecture}}' artifactName: 'Binaries'
- task: PublishBuildArtifacts@1 - task: PublishBuildArtifacts@1
inputs: inputs:
pathtoPublish: '$(Build.StagingDirectory)/installers' pathtoPublish: '$(Build.StagingDirectory)/installers'

View File

@ -2,10 +2,8 @@ FreeBSD_task:
matrix: matrix:
env: env:
SSL: openssl SSL: openssl
OPENSSL_ROOT_DIR: /usr/local
env: env:
SSL: openssl32 SSL: openssl31
OPENSSL_ROOT_DIR: /usr/local
env: env:
# base openssl # base openssl
SSL: SSL:

View File

@ -101,6 +101,9 @@ https://github.com/davidebeatrici
Ilya Shipitsin (Since Jul 21, 2018) Ilya Shipitsin (Since Jul 21, 2018)
https://github.com/chipitsine https://github.com/chipitsine
Yihong Wu (Since Jul 16, 2021)
https://github.com/domosekai
# SOFTETHER VPN ADVANTAGES # SOFTETHER VPN ADVANTAGES

View File

@ -726,8 +726,9 @@ void AdminWebProcPost(CONNECTION *c, SOCK *s, HTTP_HEADER *h, UINT post_data_siz
if (RecvAll(s, data, post_data_size, s->SecureMode)) if (RecvAll(s, data, post_data_size, s->SecureMode))
{ {
c->JsonRpcAuthed = true; c->JsonRpcAuthed = true;
#ifndef GC_SOFTETHER_OSS
RemoveDosEntry(c->Listener, s); RemoveDosEntry(c->Listener, s);
#endif // GC_SOFTETHER_OSS
// Divide url_target into URL and query string // Divide url_target into URL and query string
StrCpy(url, sizeof(url), url_target); StrCpy(url, sizeof(url), url_target);
@ -766,8 +767,9 @@ void AdminWebProcGet(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target)
} }
c->JsonRpcAuthed = true; c->JsonRpcAuthed = true;
#ifndef GC_SOFTETHER_OSS
RemoveDosEntry(c->Listener, s); RemoveDosEntry(c->Listener, s);
#endif // GC_SOFTETHER_OSS
// Divide url_target into URL and query string // Divide url_target into URL and query string
StrCpy(url, sizeof(url), url_target); StrCpy(url, sizeof(url), url_target);
@ -1197,7 +1199,9 @@ void JsonRpcProcOptions(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target
c->JsonRpcAuthed = true; c->JsonRpcAuthed = true;
#ifndef GC_SOFTETHER_OSS
RemoveDosEntry(c->Listener, s); RemoveDosEntry(c->Listener, s);
#endif // GC_SOFTETHER_OSS
AdminWebSendBody(s, 200, "OK", NULL, 0, NULL, NULL, NULL, h); AdminWebSendBody(s, 200, "OK", NULL, 0, NULL, NULL, NULL, h);
} }
@ -1224,7 +1228,9 @@ void JsonRpcProcGet(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target)
c->JsonRpcAuthed = true; c->JsonRpcAuthed = true;
#ifndef GC_SOFTETHER_OSS
RemoveDosEntry(c->Listener, s); RemoveDosEntry(c->Listener, s);
#endif // GC_SOFTETHER_OSS
// Divide url_target into URL and query string // Divide url_target into URL and query string
StrCpy(url, sizeof(url), url_target); StrCpy(url, sizeof(url), url_target);
@ -1351,7 +1357,9 @@ void JsonRpcProcPost(CONNECTION *c, SOCK *s, HTTP_HEADER *h, UINT post_data_size
c->JsonRpcAuthed = true; c->JsonRpcAuthed = true;
#ifndef GC_SOFTETHER_OSS
RemoveDosEntry(c->Listener, s); RemoveDosEntry(c->Listener, s);
#endif // GC_SOFTETHER_OSS
if (json_req == NULL || json_req_object == NULL) if (json_req == NULL || json_req_object == NULL)
{ {

View File

@ -322,34 +322,6 @@ void DecrementNoSsl(CEDAR *c, IP *ip, UINT num_dec)
UnlockList(c->NonSslList); UnlockList(c->NonSslList);
} }
// Check whether the specified IP address is in Non-SSL connection list
bool IsInNoSsl(CEDAR *c, IP *ip)
{
bool ret = false;
// Validate arguments
if (c == NULL || ip == NULL)
{
return false;
}
LockList(c->NonSslList);
{
NON_SSL *n = SearchNoSslList(c, ip);
if (n != NULL)
{
if (n->EntryExpires > Tick64() && n->Count > NON_SSL_MIN_COUNT)
{
n->EntryExpires = Tick64() + (UINT64)NON_SSL_ENTRY_EXPIRES;
ret = true;
}
}
}
UnlockList(c->NonSslList);
return ret;
}
// Add new entry to Non-SSL connection list // Add new entry to Non-SSL connection list
bool AddNoSsl(CEDAR *c, IP *ip) bool AddNoSsl(CEDAR *c, IP *ip)
{ {
@ -732,47 +704,6 @@ void DelConnection(CEDAR *cedar, CONNECTION *c)
UnlockList(cedar->ConnectionList); UnlockList(cedar->ConnectionList);
} }
// Get the number of unestablished connections
UINT GetUnestablishedConnections(CEDAR *cedar)
{
UINT i, ret;
// Validate arguments
if (cedar == NULL)
{
return 0;
}
ret = 0;
LockList(cedar->ConnectionList);
{
for (i = 0;i < LIST_NUM(cedar->ConnectionList);i++)
{
CONNECTION *c = LIST_DATA(cedar->ConnectionList, i);
switch (c->Type)
{
case CONNECTION_TYPE_CLIENT:
case CONNECTION_TYPE_INIT:
case CONNECTION_TYPE_LOGIN:
case CONNECTION_TYPE_ADDITIONAL:
switch (c->Status)
{
case CONNECTION_STATUS_ACCEPTED:
case CONNECTION_STATUS_NEGOTIATION:
case CONNECTION_STATUS_USERAUTH:
ret++;
break;
}
break;
}
}
}
UnlockList(cedar->ConnectionList);
return ret + Count(cedar->AcceptingSockets);
}
// Add connection to Cedar // Add connection to Cedar
void AddConnection(CEDAR *cedar, CONNECTION *c) void AddConnection(CEDAR *cedar, CONNECTION *c)
{ {

View File

@ -1022,7 +1022,6 @@ void DelHubEx(CEDAR *c, HUB *h, bool no_lock);
void StopAllHub(CEDAR *c); void StopAllHub(CEDAR *c);
void StopAllConnection(CEDAR *c); void StopAllConnection(CEDAR *c);
void AddConnection(CEDAR *cedar, CONNECTION *c); void AddConnection(CEDAR *cedar, CONNECTION *c);
UINT GetUnestablishedConnections(CEDAR *cedar);
void DelConnection(CEDAR *cedar, CONNECTION *c); void DelConnection(CEDAR *cedar, CONNECTION *c);
void SetCedarCipherList(CEDAR *cedar, char *name); void SetCedarCipherList(CEDAR *cedar, char *name);
void InitCedar(); void InitCedar();
@ -1047,7 +1046,6 @@ bool AddNoSsl(CEDAR *c, IP *ip);
void DecrementNoSsl(CEDAR *c, IP *ip, UINT num_dec); void DecrementNoSsl(CEDAR *c, IP *ip, UINT num_dec);
void DeleteOldNoSsl(CEDAR *c); void DeleteOldNoSsl(CEDAR *c);
NON_SSL *SearchNoSslList(CEDAR *c, IP *ip); NON_SSL *SearchNoSslList(CEDAR *c, IP *ip);
bool IsInNoSsl(CEDAR *c, IP *ip);
void FreeTinyLog(TINY_LOG *t); void FreeTinyLog(TINY_LOG *t);
void WriteTinyLog(TINY_LOG *t, char *str); void WriteTinyLog(TINY_LOG *t, char *str);
TINY_LOG *NewTinyLog(); TINY_LOG *NewTinyLog();

View File

@ -5155,22 +5155,6 @@ void CiRpcAccepted(CLIENT *c, SOCK *s)
retcode = 0; retcode = 0;
} }
if (retcode == 0)
{
if (IsLocalHostIP(&s->RemoteIP) == false)
{
// If the RPC client is from network check whether the password is empty
UCHAR empty_password_hash[20];
Sha0(empty_password_hash, "", 0);
if (Cmp(empty_password_hash, hashed_password, SHA1_SIZE) == 0 ||
IsZero(hashed_password, SHA1_SIZE))
{
// Regard it as incorrect password
retcode = 1;
}
}
}
Lock(c->lock); Lock(c->lock);
{ {
if (c->Config.AllowRemoteConfig == false) if (c->Config.AllowRemoteConfig == false)
@ -5274,21 +5258,14 @@ void CiRpcServerThread(THREAD *thread, void *param)
// Open the port // Open the port
listener = NULL; listener = NULL;
if (c->Config.DisableRpcDynamicPortListener == false)
{
for (i = CLIENT_CONFIG_PORT;i < (CLIENT_CONFIG_PORT + 5);i++) for (i = CLIENT_CONFIG_PORT;i < (CLIENT_CONFIG_PORT + 5);i++)
{ {
listener = ListenEx(i, !c->Config.AllowRemoteConfig); listener = Listen(i);
if (listener != NULL) if (listener != NULL)
{ {
break; break;
} }
} }
}
else
{
listener = ListenEx(CLIENT_CONFIG_PORT, !c->Config.AllowRemoteConfig);
}
if (listener == NULL) if (listener == NULL)
{ {
@ -9051,12 +9028,6 @@ void CiInitConfiguration(CLIENT *c)
c->Config.UseKeepConnect = false; // Don't use the connection maintenance function by default in the Client c->Config.UseKeepConnect = false; // Don't use the connection maintenance function by default in the Client
// Eraser // Eraser
c->Eraser = NewEraser(c->Logger, 0); c->Eraser = NewEraser(c->Logger, 0);
#ifdef OS_WIN32
c->Config.DisableRpcDynamicPortListener = false;
#else // OS_WIN32
c->Config.DisableRpcDynamicPortListener = true;
#endif // OS_WIN32
} }
else else
{ {
@ -9203,19 +9174,6 @@ void CiLoadClientConfig(CLIENT_CONFIG *c, FOLDER *f)
c->AllowRemoteConfig = CfgGetBool(f, "AllowRemoteConfig"); c->AllowRemoteConfig = CfgGetBool(f, "AllowRemoteConfig");
c->KeepConnectInterval = MAKESURE(CfgGetInt(f, "KeepConnectInterval"), KEEP_INTERVAL_MIN, KEEP_INTERVAL_MAX); c->KeepConnectInterval = MAKESURE(CfgGetInt(f, "KeepConnectInterval"), KEEP_INTERVAL_MIN, KEEP_INTERVAL_MAX);
c->NoChangeWcmNetworkSettingOnWindows8 = CfgGetBool(f, "NoChangeWcmNetworkSettingOnWindows8"); c->NoChangeWcmNetworkSettingOnWindows8 = CfgGetBool(f, "NoChangeWcmNetworkSettingOnWindows8");
if (CfgIsItem(f, "DisableRpcDynamicPortListener"))
{
c->DisableRpcDynamicPortListener = CfgGetBool(f, "DisableRpcDynamicPortListener");
}
else
{
#ifdef OS_WIN32
c->DisableRpcDynamicPortListener = false;
#else // OS_WIN32
c->DisableRpcDynamicPortListener = true;
#endif // OS_WIN32
}
} }
// Read the client authentication data // Read the client authentication data
@ -9790,7 +9748,6 @@ void CiWriteClientConfig(FOLDER *cc, CLIENT_CONFIG *config)
CfgAddBool(cc, "AllowRemoteConfig", config->AllowRemoteConfig); CfgAddBool(cc, "AllowRemoteConfig", config->AllowRemoteConfig);
CfgAddInt(cc, "KeepConnectInterval", config->KeepConnectInterval); CfgAddInt(cc, "KeepConnectInterval", config->KeepConnectInterval);
CfgAddBool(cc, "NoChangeWcmNetworkSettingOnWindows8", config->NoChangeWcmNetworkSettingOnWindows8); CfgAddBool(cc, "NoChangeWcmNetworkSettingOnWindows8", config->NoChangeWcmNetworkSettingOnWindows8);
CfgAddBool(cc, "DisableRpcDynamicPortListener", config->DisableRpcDynamicPortListener);
} }
// Write the client authentication data // Write the client authentication data

View File

@ -87,7 +87,6 @@ struct CLIENT_CONFIG
UINT KeepConnectProtocol; // Protocol UINT KeepConnectProtocol; // Protocol
UINT KeepConnectInterval; // Interval UINT KeepConnectInterval; // Interval
bool NoChangeWcmNetworkSettingOnWindows8; // Don't change the WCM network settings on Windows 8 bool NoChangeWcmNetworkSettingOnWindows8; // Don't change the WCM network settings on Windows 8
bool DisableRpcDynamicPortListener;
}; };
// Version acquisition // Version acquisition

View File

@ -24496,34 +24496,6 @@ void CmdPrintAbout(CONSOLE *c)
c->Write(c, tmp); c->Write(c, tmp);
// Showing an explanation of the purpose of the Developer Edition and the difference from the Stable Editon by Daiyuu Nobori
/*
* Welcome to the Developer Edition of SoftEther VPN.
Please note: SoftEther VPN Developer Edition (Version 5.x) has accepted
great code contributions on GitHub from many excellent open source
developers. This edition contains some very bright experimental code.
The experimental code in this Developer Edition has *NOT* been fully
reviewed by Daiyuu Nobori (the first original author of SoftEther VPN)
and has not been endorsed by him for stability and quality. It is his
policy to encourage many developers to contribute code with their
creative minds and ambitions. The succession of low-level system
software and network developers is of critical importance worldwide,
and SoftEther VPN Developer Edition is very important to increase
the number of such great developers.
- If you are a programmer of VPN software, or if you want a variety of
experimental code, this edition is very suitable for you.
- On the other hand, if you are building VPNs for mission-critical
business systems that require stability and security,
Stable Edition (Version 4.x) is highly recommended.
- All code in Stable Edition is reviewed by Daiyuu Nobori. He is also
responsible for porting features from the Developer Edition
to the Stable Edition.
- SoftEther VPN Stable Edition can be downloaded at:
https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/
*/
c->Write(c, L"\nWelcome to the Developer Edition of SoftEther VPN.\n\nPlease note: SoftEther VPN Developer Edition (Version 5.x) has accepted\ngreat code contributions on GitHub from many excellent open source\ndevelopers. This edition contains some very bright experimental code.\n The experimental code in this Developer Edition has *NOT* been fully\nreviewed by Daiyuu Nobori (the first original author of SoftEther VPN)\nand has not been endorsed by him for stability and quality. It is his\npolicy to encourage many developers to contribute code with their\ncreative minds and ambitions. The succession of low-level system\nsoftware and network developers is of critical importance worldwide,\nand SoftEther VPN Developer Edition is very important to increase\nthe number of such great developers.\n- If you are a programmer of VPN software, or if you want a variety of\n experimental code, this edition is very suitable for you.\n- On the other hand, if you are building VPNs for mission-critical\n business systems that require stability and security,\n Stable Edition (Version 4.x) is highly recommended.\n- All code in Stable Edition is reviewed by Daiyuu Nobori. He is also\n responsible for porting features from the Developer Edition\n to the Stable Edition.\n- SoftEther VPN Stable Edition can be downloaded at:\n https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/\n\n");
ReleaseCedar(cedar); ReleaseCedar(cedar);
} }

View File

@ -541,9 +541,13 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
} }
} }
Format(url2, sizeof(url2), "%s?v=%I64u", url, Rand64()); Format(url2, sizeof(url2), "%s?v=%I64u", url, Rand64());
Format(url3, sizeof(url3), url2, key_hash_str[2], key_hash_str[3]); Format(url3, sizeof(url3), url2, key_hash_str[2], key_hash_str[3]);
ReplaceStr(url3, sizeof(url3), url3, "https://", "http://");
ReplaceStr(url3, sizeof(url3), url3, ".servers", ".open.servers"); ReplaceStr(url3, sizeof(url3), url3, ".servers", ".open.servers");
cert_hash = StrToBin(DDNS_CERT_HASH); cert_hash = StrToBin(DDNS_CERT_HASH);

View File

@ -18,11 +18,7 @@
"439BAFA75A6EE5671FC9F9A02D34FF29881761A0" \ "439BAFA75A6EE5671FC9F9A02D34FF29881761A0" \
"EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3" \ "EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3" \
"74DF99D4B1B5F0488A388B50D347D26013DC67A5" \ "74DF99D4B1B5F0488A388B50D347D26013DC67A5" \
"6EBB39AFCA8C900635CFC11218CF293A612457E4" \ "6EBB39AFCA8C900635CFC11218CF293A612457E4"
"05A9386C5E2B233F7BAB2479620EAAA2793709ED" \
"A811C64BB715351E36B6C1E022648D8BE0ACD128" \
"BD264DB3B0B1B3ABA0AF3074AA574ED1EF3B42D7" \
"9AB61D691536645DD55A8730FC6D2CDF33C8C73F"
#define DDNS_SNI_VER_STRING "DDNS" #define DDNS_SNI_VER_STRING "DDNS"
@ -47,7 +43,7 @@
#define DDNS_URL2_V4_ALT "http://get-my-ip.ddns.uxcom.jp/ddns/getmyip.ashx" #define DDNS_URL2_V4_ALT "http://get-my-ip.ddns.uxcom.jp/ddns/getmyip.ashx"
#define DDNS_URL2_V6_ALT "http://get-my-ip-v6.ddns.uxcom.jp/ddns/getmyip.ashx" #define DDNS_URL2_V6_ALT "http://get-my-ip-v6.ddns.uxcom.jp/ddns/getmyip.ashx"
#define DDNS_RPC_MAX_RECV_SIZE DYN32(DDNS_RPC_MAX_RECV_SIZE, (38 * 1024 * 1024)) #define DDNS_RPC_MAX_RECV_SIZE DYN32(DDNS_RPC_MAX_RECV_SIZE, (128 * 1024 * 1024))
// Connection Timeout // Connection Timeout
#define DDNS_CONNECT_TIMEOUT DYN32(DDNS_CONNECT_TIMEOUT, (15 * 1000)) #define DDNS_CONNECT_TIMEOUT DYN32(DDNS_CONNECT_TIMEOUT, (15 * 1000))

View File

@ -17,7 +17,6 @@
#include "Mayaqua/Memory.h" #include "Mayaqua/Memory.h"
#include "Mayaqua/Object.h" #include "Mayaqua/Object.h"
#include "Mayaqua/Str.h" #include "Mayaqua/Str.h"
#include "Mayaqua/Tick64.h"
static bool disable_dos = false; static bool disable_dos = false;
static UINT max_connections_per_ip = DEFAULT_MAX_CONNECTIONS_PER_IP; static UINT max_connections_per_ip = DEFAULT_MAX_CONNECTIONS_PER_IP;
@ -182,11 +181,6 @@ void TCPAcceptedThread(THREAD *t, void *param)
ConnectionAccept(c); ConnectionAccept(c);
flag1 = c->flag1; flag1 = c->flag1;
if (c->JsonRpcAuthed)
{
RemoveDosEntry(r, s);
}
// Release // Release
SLog(r->Cedar, "LS_CONNECTION_END_1", c->Name); SLog(r->Cedar, "LS_CONNECTION_END_1", c->Name);
ReleaseListener(c->Listener); ReleaseListener(c->Listener);
@ -227,46 +221,6 @@ void TCPAccepted(LISTENER *r, SOCK *s)
num_clients_from_this_ip = GetNumIpClient(&s->RemoteIP); num_clients_from_this_ip = GetNumIpClient(&s->RemoteIP);
#ifdef USE_DOS_ATTACK_DETECTION
if (disable_dos == false && r->DisableDos == false && r->Protocol != LISTENER_INPROC)
{
UINT max_uec, now_uec;
// DOS attack check
if (CheckDosAttack(r, s) == false)
{
Debug("DOS Attack 1 !!\n");
IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
SLog(r->Cedar, "LS_LISTENER_DOS", r->Port, tmp, s->RemotePort);
return;
}
if (StrCmpi(s->UnderlayProtocol, SOCK_UNDERLAY_NATIVE_V6) == 0 ||
StrCmpi(s->UnderlayProtocol, SOCK_UNDERLAY_NATIVE_V4) == 0)
{
if (IsInNoSsl(r->Cedar, &s->RemoteIP))
{
Debug("DOS Attack 2 !!\n");
IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
SLog(r->Cedar, "LS_LISTENER_DOS", r->Port, tmp, s->RemotePort);
return;
}
}
if (num_clients_from_this_ip > GetMaxConnectionsPerIp())
{
Debug("DOS Attack 3 !!\n");
IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
SLog(r->Cedar, "LS_LISTENER_DOS", r->Port, tmp, s->RemotePort);
return;
}
max_uec = GetMaxUnestablishedConnections();
now_uec = GetUnestablishedConnections(cedar);
if (now_uec > max_uec)
{
Debug("DOS Attack 4 !!\n");
SLog(r->Cedar, "LS_LISTENER_MAXUEC", max_uec, now_uec);
return;
}
}
#endif // USE_DOS_ATTACK_DETECTION
IPToStr(tmp, sizeof(tmp), &s->RemoteIP); IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
@ -285,169 +239,6 @@ void TCPAccepted(LISTENER *r, SOCK *s)
ReleaseThread(t); ReleaseThread(t);
} }
// Remove a DOS entry
bool RemoveDosEntry(LISTENER *r, SOCK *s)
{
DOS *d;
bool ok = false;
// Validate arguments
if (r == NULL || s == NULL)
{
return false;
}
LockList(r->DosList);
{
// Delete old entries from the DOS attack list
RefreshDosList(r);
// Search the table
d = SearchDosList(r, &s->RemoteIP);
if (d != NULL)
{
Delete(r->DosList, d);
Free(d);
ok = true;
}
}
UnlockList(r->DosList);
return ok;
}
// Check whether this is a DOS attack
bool CheckDosAttack(LISTENER *r, SOCK *s)
{
DOS *d;
bool ok = true;
// Validate arguments
if (r == NULL || s == NULL)
{
return false;
}
LockList(r->DosList);
{
// Delete old entries from the DOS attack list
RefreshDosList(r);
// Search the table
d = SearchDosList(r, &s->RemoteIP);
if (d != NULL)
{
// There is a entry already
// This should mean being under a DOS attack
d->LastConnectedTick = Tick64();
d->CurrentExpireSpan = MIN(d->CurrentExpireSpan * (UINT64)2, DOS_TABLE_EXPIRES_MAX);
d->AccessCount++;
if (d->AccessCount > DOS_TABLE_MAX_LIMIT_PER_IP)
{
ok = false;
}
}
else
{
// Create a new entry
d = ZeroMalloc(sizeof(DOS));
d->CurrentExpireSpan = (UINT64)DOS_TABLE_EXPIRES_FIRST;
d->FirstConnectedTick = d->LastConnectedTick = Tick64();
d->AccessCount = 1;
d->DeleteEntryTick = d->FirstConnectedTick + (UINT64)DOS_TABLE_EXPIRES_TOTAL;
Copy(&d->IpAddress, &s->RemoteIP, sizeof(IP));
Add(r->DosList, d);
}
}
UnlockList(r->DosList);
return ok;
}
// Delete old entries from the DOS attack list
void RefreshDosList(LISTENER *r)
{
// Validate arguments
if (r == NULL)
{
return;
}
if (r->DosListLastRefreshTime == 0 ||
(r->DosListLastRefreshTime + (UINT64)DOS_TABLE_REFRESH_INTERVAL) <= Tick64())
{
UINT i;
LIST *o;
r->DosListLastRefreshTime = Tick64();
o = NewListFast(NULL);
for (i = 0;i < LIST_NUM(r->DosList);i++)
{
DOS *d = LIST_DATA(r->DosList, i);
if ((d->LastConnectedTick + d->CurrentExpireSpan) <= Tick64() ||
(d->DeleteEntryTick <= Tick64()))
{
Add(o, d);
}
}
for (i = 0;i < LIST_NUM(o);i++)
{
DOS *d = LIST_DATA(o, i);
Delete(r->DosList, d);
Free(d);
}
ReleaseList(o);
}
}
// Search the DOS attack list by the IP address
DOS *SearchDosList(LISTENER *r, IP *ip)
{
DOS *d, t;
// Validate arguments
if (r == NULL || ip == NULL)
{
return NULL;
}
Copy(&t.IpAddress, ip, sizeof(IP));
d = Search(r->DosList, &t);
if (d != NULL)
{
if ((d->LastConnectedTick + d->CurrentExpireSpan) <= Tick64() ||
(d->DeleteEntryTick <= Tick64()))
{
// Delete old entries
Delete(r->DosList, d);
Free(d);
return NULL;
}
}
return d;
}
// Comparison of DOS attack list entries
int CompareDos(void *p1, void *p2)
{
DOS *d1, *d2;
if (p1 == NULL || p2 == NULL)
{
return 0;
}
d1 = *(DOS **)p1;
d2 = *(DOS **)p2;
if (d1 == NULL || d2 == NULL)
{
return 0;
}
return CmpIpAddr(&d1->IpAddress, &d2->IpAddress);
}
// UDP listener main loop // UDP listener main loop
void ListenerUDPMainLoop(LISTENER *r) void ListenerUDPMainLoop(LISTENER *r)
@ -862,13 +653,6 @@ void CleanupListener(LISTENER *r)
return; return;
} }
// Release the DOS attack list
for (i = 0;i < LIST_NUM(r->DosList);i++)
{
DOS *d = LIST_DATA(r->DosList, i);
Free(d);
}
ReleaseList(r->DosList);
if (r->Sock != NULL) if (r->Sock != NULL)
{ {
@ -1018,7 +802,6 @@ LISTENER *NewListenerEx5(CEDAR *cedar, UINT proto, UINT port, THREAD_PROC *proc,
r->Port = port; r->Port = port;
r->Event = NewEvent(); r->Event = NewEvent();
r->DosList = NewList(CompareDos);
r->LocalOnly = local_only; r->LocalOnly = local_only;
r->ShadowIPv6 = shadow_ipv6; r->ShadowIPv6 = shadow_ipv6;

View File

@ -10,24 +10,12 @@
#include "CedarType.h" #include "CedarType.h"
#include "Mayaqua/MayaType.h"
#include "Mayaqua/Kernel.h" #include "Mayaqua/Kernel.h"
#include "Mayaqua/Network.h"
// Function to call when receiving a new connection // Function to call when receiving a new connection
typedef void (NEW_CONNECTION_PROC)(CONNECTION *c); typedef void (NEW_CONNECTION_PROC)(CONNECTION *c);
// DOS attack list
struct DOS
{
IP IpAddress; // IP address
UINT64 FirstConnectedTick; // Time which a client connects at the first time
UINT64 LastConnectedTick; // Time which a client connected at the last time
UINT64 CurrentExpireSpan; // Current time-out period of this record
UINT64 DeleteEntryTick; // Time planned to delete this entry
UINT AccessCount; // The number of accesses
};
// Listener structure // Listener structure
struct LISTENER struct LISTENER
@ -43,8 +31,6 @@ struct LISTENER
volatile bool Halt; // Halting flag volatile bool Halt; // Halting flag
UINT Status; // State UINT Status; // State
LIST *DosList; // DOS attack list
UINT64 DosListLastRefreshTime; // Time that the DOS list is refreshed at the last
THREAD_PROC *ThreadProc; // Thread procedure THREAD_PROC *ThreadProc; // Thread procedure
void *ThreadParam; // Thread parameters void *ThreadParam; // Thread parameters
@ -119,11 +105,6 @@ void FreeDynamicListener(DYNAMIC_LISTENER *d);
bool ListenerRUDPRpcRecvProc(RUDP_STACK *r, UDPPACKET *p); bool ListenerRUDPRpcRecvProc(RUDP_STACK *r, UDPPACKET *p);
void ListenerSetProcRecvRpcEnable(bool b); void ListenerSetProcRecvRpcEnable(bool b);
int CompareDos(void *p1, void *p2);
DOS *SearchDosList(LISTENER *r, IP *ip);
void RefreshDosList(LISTENER *r);
bool CheckDosAttack(LISTENER *r, SOCK *s);
bool RemoveDosEntry(LISTENER *r, SOCK *s);
#endif // LISTENER_H #endif // LISTENER_H

View File

@ -6269,6 +6269,8 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
localIP = BIND_LOCALIP_NULL; // Specify not to bind localIP = BIND_LOCALIP_NULL; // Specify not to bind
} }
else { else {
Debug("ClientConnectGetSocket(): Using client option %r and %d for binding\n"
, sess->ClientOption->BindLocalIP, sess->ClientOption->BindLocalPort);
// Nonzero address is for source IP address to bind. Zero address is for dummy not to bind. // Nonzero address is for source IP address to bind. Zero address is for dummy not to bind.
if (IsZeroIP(&sess->ClientOption->BindLocalIP) == true) { if (IsZeroIP(&sess->ClientOption->BindLocalIP) == true) {
localIP = BIND_LOCALIP_NULL; localIP = BIND_LOCALIP_NULL;
@ -6276,8 +6278,6 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
else { else {
localIP = &sess->ClientOption->BindLocalIP; localIP = &sess->ClientOption->BindLocalIP;
} }
Debug("ClientConnectGetSocket(): Source IP address %r and source port number %d for binding\n"
, &sess->ClientOption->BindLocalIP, sess->ClientOption->BindLocalPort);
} }
} }
// In the case of second and subsequent TCP/IP connections // In the case of second and subsequent TCP/IP connections
@ -6291,7 +6291,7 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
} }
else { else {
localport = sess->ClientOption->BindLocalPort + Count(sess->Connection->CurrentNumConnection) - 1; localport = sess->ClientOption->BindLocalPort + Count(sess->Connection->CurrentNumConnection) - 1;
Debug("ClientConnectGetSocket(): Additional source port number %u\n", localport); Debug("ClientConnectGetSocket(): Additional port number %u\n", localport);
} }
// Bottom of Bind outgoing connection // Bottom of Bind outgoing connection

View File

@ -313,16 +313,8 @@ BUF *WpcDataEntryToBuf(WPC_ENTRY *e)
} }
data_size = e->Size + 4096; data_size = e->Size + 4096;
data = ZeroMalloc(data_size); data = Malloc(data_size);
if (e->Size >= 1)
{
size = DecodeSafe64(data, e->Data, e->Size); size = DecodeSafe64(data, e->Data, e->Size);
}
else
{
size = 0;
}
b = NewBuf(); b = NewBuf();
WriteBuf(b, data, size); WriteBuf(b, data, size);

View File

@ -712,8 +712,7 @@ UINT RsaPublicSize(K *k)
// Hash a pointer to a 32-bit // Hash a pointer to a 32-bit
UINT HashPtrToUINT(void *p) UINT HashPtrToUINT(void *p)
{ {
UCHAR hash_data[SHA256_SIZE]; UCHAR hash_data[MD5_SIZE];
UCHAR hash_src[CANARY_RAND_SIZE + sizeof(void *)];
UINT ret; UINT ret;
// Validate arguments // Validate arguments
if (p == NULL) if (p == NULL)
@ -721,11 +720,7 @@ UINT HashPtrToUINT(void *p)
return 0; return 0;
} }
Zero(hash_src, sizeof(hash_src)); Md5(hash_data, &p, sizeof(p));
Copy(hash_src + 0, GetCanaryRand(CANARY_RAND_ID_PTR_KEY_HASH), CANARY_RAND_SIZE);
Copy(hash_src + CANARY_RAND_SIZE, p, sizeof(void *));
Sha2_256(hash_data, hash_src, sizeof(hash_src));
Copy(&ret, hash_data, sizeof(ret)); Copy(&ret, hash_data, sizeof(ret));

View File

@ -2100,31 +2100,7 @@ void AbortExitEx(char *msg)
f = fopen("abort_error_log.txt", "w"); f = fopen("abort_error_log.txt", "w");
if (f != NULL) if (f != NULL)
{ {
SYSTEMTIME time = { 0 };
char time_str[128] = { 0 };
char *crlf = "\r\n";
char *tag = "---------";
LocalTime(&time);
sprintf(time_str, "%04u-%02u-%02u %02u:%02u:%02u",
time.wYear, time.wMonth, time.wDay,
time.wHour, time.wMinute, time.wSecond);
fwrite(tag, 1, strlen(tag), f);
fwrite(crlf, 1, strlen(crlf), f);
fwrite(time_str, 1, strlen(time_str), f);
fwrite(crlf, 1, strlen(crlf), f);
fwrite(msg, 1, strlen(msg), f); fwrite(msg, 1, strlen(msg), f);
fwrite(crlf, 1, strlen(crlf), f);
fwrite(crlf, 1, strlen(crlf), f);
fclose(f); fclose(f);
} }

View File

@ -123,7 +123,11 @@ typedef int (COMPARE)(void *p1, void *p2);
#define GET_ABS(a) ((a) >= 0 ? (a) : -(a)) #define GET_ABS(a) ((a) >= 0 ? (a) : -(a))
// Convert the pointer to UINT // Convert the pointer to UINT
#define POINTER_TO_KEY(p) (HashPtrToUINT(p)) #ifdef CPU_64
#define POINTER_TO_KEY(p) HashPtrToUINT(p)
#else
#define POINTER_TO_KEY(p) (UINT)(p)
#endif
// Compare the pointer and UINT // Compare the pointer and UINT
#define COMPARE_POINTER_AND_KEY(p, i) (POINTER_TO_KEY(p) == (i)) #define COMPARE_POINTER_AND_KEY(p, i) (POINTER_TO_KEY(p) == (i))
@ -278,8 +282,7 @@ typedef struct TRACKING_LIST TRACKING_LIST;
typedef struct IO IO; typedef struct IO IO;
// Memory.h // Memory.h
typedef struct MEMTAG1 MEMTAG1; typedef struct MEMTAG MEMTAG;
typedef struct MEMTAG2 MEMTAG2;
typedef struct BUF BUF; typedef struct BUF BUF;
typedef struct FIFO FIFO; typedef struct FIFO FIFO;
typedef struct LIST LIST; typedef struct LIST LIST;

View File

@ -65,8 +65,6 @@ void InitProcessCallOnce()
{ {
init_proc_once_flag = true; init_proc_once_flag = true;
InitCanaryRand();
#ifdef OS_WIN32 #ifdef OS_WIN32
MsInitProcessCallOnce(); MsInitProcessCallOnce();
#endif // OS_WIN32 #endif // OS_WIN32

View File

@ -16,16 +16,10 @@
#include "Object.h" #include "Object.h"
#include "OS.h" #include "OS.h"
#include "Str.h" #include "Str.h"
#include "Tick64.h"
#include "Tracking.h" #include "Tracking.h"
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <time.h>
#ifdef OS_UNIX
#include <sys/time.h>
#endif
#include <zlib.h> #include <zlib.h>
@ -40,105 +34,6 @@
static UINT fifo_current_realloc_mem_size = FIFO_REALLOC_MEM_SIZE; static UINT fifo_current_realloc_mem_size = FIFO_REALLOC_MEM_SIZE;
static bool canary_inited = false;
typedef struct CANARY_RAND_DATA
{
UCHAR Data[CANARY_RAND_SIZE + 4];
} CANARY_RAND_DATA;
static CANARY_RAND_DATA canary_rand_data[NUM_CANARY_RAND] = { 0 };
static UINT64 canary_memtag_magic1 = 0;
static UINT64 canary_memtag_magic2 = 0;
UCHAR *GetCanaryRand(UINT id)
{
if (id >= NUM_CANARY_RAND)
{
id = NUM_CANARY_RAND - 1;
}
return &((canary_rand_data[id].Data)[0]);
}
void InitCanaryRand()
{
SYSTEMTIME st = { 0 };
char random_seed[1024] = { 0 };
UINT64 t1 = 0, t2 = 0;
if (canary_inited)
{
return;
}
#ifdef OS_WIN32
Win32GetSystemTime(&st);
memcpy(&t1, ((UCHAR *)&st) + 0, 8);
memcpy(&t2, ((UCHAR *)&st) + 8, 8);
#else // OS_WIN32
struct timeval tv = { 0 };
struct timezone tz = { 0 };
gettimeofday(&tv, &tz);
t1 = (UINT64)tv.tv_sec;
t2 = (UINT64)tv.tv_usec;
#endif // OS_WIN32
{
UINT64 dos_rand = (UINT64)rand();
UINT64 tick1 = TickHighresNano64(true);
UINT64 tick2 = TickHighresNano64(true);
UINT i;
void *p1 = malloc(1);
void *p2 = malloc(1);
for (i = 0;i < NUM_CANARY_RAND;i++)
{
// using sprintf() here is safe.
sprintf(random_seed,
"%u "
"%llu "
"%llu "
"%llu "
"%llu "
"%llu "
"%llu "
"%llu "
"%llu "
"%llu "
"%llu "
"%llu "
"%u "
,
i,
(UINT64)InitCanaryRand,
(UINT64)&canary_inited,
(UINT64) & ((canary_rand_data[0].Data)[0]),
(UINT64)&random_seed[0],
tick1,
tick2,
dos_rand,
(UINT64)p1,
(UINT64)p2,
t1,
t2,
~i
);
Sha0(canary_rand_data[i].Data, random_seed, (UINT)strlen(random_seed));
}
free(p1);
free(p2);
canary_memtag_magic1 = *((UINT64 *)(GetCanaryRand(CANARY_RAND_ID_MEMTAG_MAGIC) + 0));
canary_memtag_magic2 = *((UINT64 *)(GetCanaryRand(CANARY_RAND_ID_MEMTAG_MAGIC) + 8));
canary_inited = true;
}
}
// New PRand // New PRand
PRAND *NewPRand(void *key, UINT key_size) PRAND *NewPRand(void *key, UINT key_size)
{ {
@ -3219,10 +3114,6 @@ void AdjustBufSize(BUF *b, UINT new_size)
while (b->SizeReserved < new_size) while (b->SizeReserved < new_size)
{ {
if (b->SizeReserved > 0x7FFFFFFF)
{
AbortExitEx("AdjustBufSize(): too large buffer size");
}
b->SizeReserved = b->SizeReserved * 2; b->SizeReserved = b->SizeReserved * 2;
} }
b->Buf = ReAlloc(b->Buf, b->SizeReserved); b->Buf = ReAlloc(b->Buf, b->SizeReserved);
@ -3624,52 +3515,33 @@ void *Malloc(UINT size)
} }
void *MallocEx(UINT size, bool zero_clear_when_free) void *MallocEx(UINT size, bool zero_clear_when_free)
{ {
MEMTAG1 *tag1; MEMTAG *tag;
MEMTAG2 *tag2;
UINT real_size; UINT real_size;
if (canary_inited == false)
{
InitCanaryRand();
}
if (size > MAX_MALLOC_MEM_SIZE)
{
AbortExitEx("MallocEx() error: too large size");
}
real_size = CALC_MALLOCSIZE(size); real_size = CALC_MALLOCSIZE(size);
tag1 = InternalMalloc(real_size); tag = InternalMalloc(real_size);
tag1->Magic = canary_memtag_magic1 ^ ((UINT64)tag1 * GOLDEN_RATION_PRIME_U64); Zero(tag, sizeof(MEMTAG));
tag1->Size = size; tag->Magic = MEMTAG_MAGIC;
tag1->ZeroFree = zero_clear_when_free; tag->Size = size;
tag->ZeroFree = zero_clear_when_free;
tag2 = (MEMTAG2 *)(((UCHAR *)tag1) + CALC_MALLOCSIZE(tag1->Size) - sizeof(MEMTAG2)); return MEMTAG_TO_POINTER(tag);
tag2->Magic = canary_memtag_magic2 ^ ((UINT64)tag2 * GOLDEN_RATION_PRIME_U64);
return MEMTAG1_TO_POINTER(tag1);
} }
// Get memory size // Get memory size
UINT GetMemSize(void *addr) UINT GetMemSize(void *addr)
{ {
MEMTAG1 *tag; MEMTAG *tag;
if (canary_inited == false)
{
InitCanaryRand();
}
// Validate arguments // Validate arguments
if (IS_NULL_POINTER(addr)) if (IS_NULL_POINTER(addr))
{ {
return 0; return 0;
} }
tag = POINTER_TO_MEMTAG1(addr); tag = POINTER_TO_MEMTAG(addr);
CheckMemTag1(tag); CheckMemTag(tag);
return tag->Size; return tag->Size;
} }
@ -3677,35 +3549,20 @@ UINT GetMemSize(void *addr)
// ReAlloc // ReAlloc
void *ReAlloc(void *addr, UINT size) void *ReAlloc(void *addr, UINT size)
{ {
MEMTAG1 *tag1; MEMTAG *tag;
MEMTAG2 *tag2;
bool zerofree; bool zerofree;
if (canary_inited == false)
{
InitCanaryRand();
}
if (size > MAX_MALLOC_MEM_SIZE)
{
AbortExitEx("ReAlloc() error: too large size");
}
// Validate arguments // Validate arguments
if (IS_NULL_POINTER(addr)) if (IS_NULL_POINTER(addr))
{ {
return NULL; return NULL;
} }
tag1 = POINTER_TO_MEMTAG1(addr); tag = POINTER_TO_MEMTAG(addr);
CheckMemTag1(tag1); CheckMemTag(tag);
tag2 = (MEMTAG2 *)(((UCHAR *)tag1) + CALC_MALLOCSIZE(tag1->Size) - sizeof(MEMTAG2)); zerofree = tag->ZeroFree;
CheckMemTag2(tag2);
zerofree = tag1->ZeroFree; if (tag->Size == size)
if (tag1->Size == size)
{ {
// No size change // No size change
return addr; return addr;
@ -3717,10 +3574,10 @@ void *ReAlloc(void *addr, UINT size)
// Size changed (zero clearing required) // Size changed (zero clearing required)
void *new_p = MallocEx(size, true); void *new_p = MallocEx(size, true);
if (tag1->Size <= size) if (tag->Size <= size)
{ {
// Size expansion // Size expansion
Copy(new_p, addr, tag1->Size); Copy(new_p, addr, tag->Size);
} }
else else
{ {
@ -3736,22 +3593,13 @@ void *ReAlloc(void *addr, UINT size)
else else
{ {
// Size changed // Size changed
MEMTAG1 *tag1_new; MEMTAG *tag2 = InternalReAlloc(tag, CALC_MALLOCSIZE(size));
MEMTAG2 *tag2_new;
tag1->Magic = 0; Zero(tag2, sizeof(MEMTAG));
tag2->Magic = 0; tag2->Magic = MEMTAG_MAGIC;
tag2->Size = size;
tag1_new = InternalReAlloc(tag1, CALC_MALLOCSIZE(size)); return MEMTAG_TO_POINTER(tag2);
tag1_new->Magic = canary_memtag_magic1 ^ ((UINT64)tag1_new * GOLDEN_RATION_PRIME_U64);
tag1_new->Size = size;
tag1_new->ZeroFree = 0;
tag2_new = (MEMTAG2 *)(((UCHAR *)tag1_new) + CALC_MALLOCSIZE(size) - sizeof(MEMTAG2));
tag2_new->Magic = canary_memtag_magic2 ^ ((UINT64)tag2_new * GOLDEN_RATION_PRIME_U64);
return MEMTAG1_TO_POINTER(tag1_new);
} }
} }
} }
@ -3759,35 +3607,25 @@ void *ReAlloc(void *addr, UINT size)
// Free // Free
void Free(void *addr) void Free(void *addr)
{ {
MEMTAG1 *tag1; MEMTAG *tag;
MEMTAG2 *tag2;
// Validate arguments // Validate arguments
if (IS_NULL_POINTER(addr)) if (IS_NULL_POINTER(addr))
{ {
return; return;
} }
if (canary_inited == false) tag = POINTER_TO_MEMTAG(addr);
{ CheckMemTag(tag);
InitCanaryRand();
}
tag1 = POINTER_TO_MEMTAG1(addr); if (tag->ZeroFree)
CheckMemTag1(tag1);
tag2 = (MEMTAG2 *)(((UCHAR *)tag1) + CALC_MALLOCSIZE(tag1->Size) - sizeof(MEMTAG2));
CheckMemTag2(tag2);
if (tag1->ZeroFree)
{ {
// Zero clear // Zero clear
Zero(addr, tag1->Size); Zero(addr, tag->Size);
} }
// Memory release // Memory release
tag1->Magic = 0; tag->Magic = 0;
tag2->Magic = 0; InternalFree(tag);
InternalFree(tag1);
} }
// Free and set pointer's value to NULL // Free and set pointer's value to NULL
@ -3797,36 +3635,24 @@ void FreeSafe(void **addr)
*addr = NULL; *addr = NULL;
} }
// Check the memtag1 // Check the memtag
void CheckMemTag1(MEMTAG1 *tag) void CheckMemTag(MEMTAG *tag)
{ {
if (IsTrackingEnabled() == false)
{
return;
}
// Validate arguments // Validate arguments
if (tag == NULL) if (tag == NULL)
{ {
AbortExitEx("CheckMemTag1: tag1 == NULL"); AbortExitEx("CheckMemTag: tag == NULL");
return; return;
} }
if (tag->Magic != (canary_memtag_magic1 ^ ((UINT64)tag * GOLDEN_RATION_PRIME_U64))) if (tag->Magic != MEMTAG_MAGIC)
{ {
AbortExitEx("CheckMemTag1: tag1->Magic != canary_memtag_magic1"); AbortExitEx("CheckMemTag: tag->Magic != MEMTAG_MAGIC");
return;
}
}
// Check the memtag2
void CheckMemTag2(MEMTAG2 *tag)
{
// Validate arguments
if (tag == NULL)
{
AbortExitEx("CheckMemTag2: tag2 == NULL");
return;
}
if (tag->Magic != (canary_memtag_magic2 ^ ((UINT64)tag * GOLDEN_RATION_PRIME_U64)))
{
AbortExitEx("CheckMemTag2: tag2->Magic != canary_memtag_magic2");
return; return;
} }
} }

View File

@ -14,38 +14,29 @@
#define MallocFast Malloc #define MallocFast Malloc
#define ZeroMallocFast ZeroMalloc #define ZeroMallocFast ZeroMalloc
#define MAX_MALLOC_MEM_SIZE (0xffffffff - 64)
// Memory size that can be passed to the kernel at a time // Memory size that can be passed to the kernel at a time
#define MAX_SEND_BUF_MEM_SIZE (10 * 1024 * 1024) #define MAX_SEND_BUF_MEM_SIZE (10 * 1024 * 1024)
#define CALC_MALLOCSIZE(size) (((MAX(size, 1) + 7) / 8) * 8 + sizeof(MEMTAG1) + sizeof(MEMTAG2)) // The magic number for memory tag
#define MEMTAG1_TO_POINTER(p) ((void *)(((UCHAR *)(p)) + sizeof(MEMTAG1))) #define MEMTAG_MAGIC 0x49414449
#define POINTER_TO_MEMTAG1(p) ((MEMTAG1 *)(((UCHAR *)(p)) - sizeof(MEMTAG1)))
#define IS_NULL_POINTER(p) (((p) == NULL) || ((POINTER_TO_UINT64(p) == (UINT64)sizeof(MEMTAG1))))
#define PTR_TO_PTR(p) ((void **)(&p))
// Golden Ratio Prime #define CALC_MALLOCSIZE(size) ((MAX(size, 1)) + sizeof(MEMTAG))
// From https://github.com/torvalds/linux/blob/88c5083442454e5e8a505b11fa16f32d2879651e/include/linux/hash.h #define MEMTAG_TO_POINTER(p) ((void *)(((UCHAR *)(p)) + sizeof(MEMTAG)))
#define GOLDEN_RATION_PRIME_U32 ((UINT32)0x61C88647) #define POINTER_TO_MEMTAG(p) ((MEMTAG *)(((UCHAR *)(p)) - sizeof(MEMTAG)))
#define GOLDEN_RATION_PRIME_U64 ((UINT64)7046029254386353131ULL) // 0x61C8864680B583EB #define IS_NULL_POINTER(p) (((p) == NULL) || ((POINTER_TO_UINT64(p) == (UINT64)sizeof(MEMTAG))))
#define PTR_TO_PTR(p) ((void **)(&p))
// Fixed size of a block of memory pool // Fixed size of a block of memory pool
#define MEMPOOL_MAX_SIZE 3000 #define MEMPOOL_MAX_SIZE 3000
// Memory tag 1 // Memory tag
struct MEMTAG1 struct MEMTAG
{ {
UINT64 Magic; UINT Magic;
UINT Size; UINT Size;
bool ZeroFree; bool ZeroFree;
}; UINT Padding;
// Memory tag 2
struct MEMTAG2
{
UINT64 Magic;
}; };
// Buffer // Buffer
@ -183,8 +174,7 @@ void *ZeroMallocEx(UINT size, bool zero_clear_when_free);
void *ReAlloc(void *addr, UINT size); void *ReAlloc(void *addr, UINT size);
void Free(void *addr); void Free(void *addr);
void FreeSafe(void **addr); void FreeSafe(void **addr);
void CheckMemTag1(MEMTAG1 *tag); void CheckMemTag(MEMTAG *tag);
void CheckMemTag2(MEMTAG2 *tag);
UINT GetMemSize(void *addr); UINT GetMemSize(void *addr);
void *InternalMalloc(UINT size); void *InternalMalloc(UINT size);
@ -374,14 +364,5 @@ LIST *NewStrList();
void ReleaseStrList(LIST *o); void ReleaseStrList(LIST *o);
bool AddStrToStrListDistinct(LIST *o, char *str); bool AddStrToStrListDistinct(LIST *o, char *str);
#define NUM_CANARY_RAND 32
#define CANARY_RAND_ID_MEMTAG_MAGIC 0
#define CANARY_RAND_SIZE 20
#define CANARY_RAND_ID_PTR_KEY_HASH 1
void InitCanaryRand();
UCHAR *GetCanaryRand(UINT id);
#endif // MEMORY_H #endif // MEMORY_H

View File

@ -1191,9 +1191,7 @@ void RUDPProcess_NatT_Recv(RUDP_STACK *r, UDPPACKET *udp)
bool is_ok = PackGetBool(p, "ok"); bool is_ok = PackGetBool(p, "ok");
UINT64 tran_id = PackGetInt64(p, "tran_id"); UINT64 tran_id = PackGetInt64(p, "tran_id");
// This ExtractAndApplyDynList() calling was removed because it is not actually used and could be abused by ExtractAndApplyDynList(p);
// illegal UDP packets that spoof the source IP address. 2023-6-14 Daiyuu Nobori
// ExtractAndApplyDynList(p);
if (r->ServerMode) if (r->ServerMode)
{ {
@ -5803,10 +5801,6 @@ SSL_PIPE *NewSslPipeEx3(bool server_mode, X *x, K *k, LIST *chain, DH_CTX *dh, b
#endif #endif
ssl = SSL_new(ssl_ctx); ssl = SSL_new(ssl_ctx);
if (ssl == NULL)
{
return NULL;
}
SSL_set_ex_data(ssl, GetSslClientCertIndex(), clientcert); SSL_set_ex_data(ssl, GetSslClientCertIndex(), clientcert);
} }

View File

@ -34,23 +34,6 @@ UINT64 TickHighres64()
} }
UINT64 TickHighresNano64(bool raw)
{
UINT64 ret = 0;
#ifdef OS_WIN32
ret = (UINT64)(MsGetHiResTimeSpan(MsGetHiResCounter()) * 1000000000.0f);
#else // OS_WIN32
ret = UnixGetHighresTickNano64(raw);
#endif // OS_WIN32
return ret;
}
// Convert the Tick value to time // Convert the Tick value to time
UINT64 Tick64ToTime64(UINT64 tick) UINT64 Tick64ToTime64(UINT64 tick)
{ {

View File

@ -49,7 +49,6 @@ UINT64 Diff64(UINT64 a, UINT64 b);
UINT64 Tick64ToTime64(UINT64 tick); UINT64 Tick64ToTime64(UINT64 tick);
UINT64 TickToTime(UINT64 tick); UINT64 TickToTime(UINT64 tick);
UINT64 TickHighres64(); UINT64 TickHighres64();
UINT64 TickHighresNano64(bool raw);
#endif // TICK64_H #endif // TICK64_H

View File

@ -2008,68 +2008,6 @@ void UnixGetSystemTime(SYSTEMTIME *system_time)
pthread_mutex_unlock(&get_time_lock); pthread_mutex_unlock(&get_time_lock);
} }
UINT64 UnixGetHighresTickNano64(bool raw)
{
#if defined(OS_WIN32) || defined(CLOCK_REALTIME) || defined(CLOCK_MONOTONIC) || defined(CLOCK_HIGHRES)
struct timespec t;
UINT64 ret;
static bool akirame = false;
if (akirame)
{
return UnixGetTick64() * 1000000ULL;
}
Zero(&t, sizeof(t));
if (raw == false)
{
// Function to get the boot time of the system
// Be careful. The Implementation is depend on the system.
#ifdef CLOCK_HIGHRES
clock_gettime(CLOCK_HIGHRES, &t);
#else // CLOCK_HIGHRES
#ifdef CLOCK_MONOTONIC
clock_gettime(CLOCK_MONOTONIC, &t);
#else // CLOCK_MONOTONIC
clock_gettime(CLOCK_REALTIME, &t);
#endif // CLOCK_MONOTONIC
#endif // CLOCK_HIGHRES
}
else
{
// Function to get the boot time of the system
// Be careful. The Implementation is depend on the system.
#ifdef CLOCK_HIGHRES
clock_gettime(CLOCK_HIGHRES, &t);
#else // CLOCK_HIGHRES
#ifdef CLOCK_MONOTONIC_RAW
clock_gettime(CLOCK_MONOTONIC_RAW, &t);
#else // CLOCK_MONOTONIC_RAW
#ifdef CLOCK_MONOTONIC
clock_gettime(CLOCK_MONOTONIC, &t);
#else // CLOCK_MONOTONIC
clock_gettime(CLOCK_REALTIME, &t);
#endif // CLOCK_MONOTONIC
#endif // CLOCK_MONOTONIC_RAW
#endif // CLOCK_HIGHRES
}
ret = ((UINT64)((UINT)t.tv_sec)) * 1000000000LL + (UINT64)t.tv_nsec;
if (akirame == false && ret == 0)
{
ret = UnixGetTick64() * 1000000ULL;
akirame = true;
}
return ret;
#else
return UnixGetTick64() * 1000000ULL;
#endif
}
// Get the system timer (64bit) // Get the system timer (64bit)
UINT64 UnixGetTick64() UINT64 UnixGetTick64()
{ {

View File

@ -117,7 +117,6 @@ void UnixSetThreadPriorityRealtime();
void UnixSetResourceLimit(UINT id, UINT64 value); void UnixSetResourceLimit(UINT id, UINT64 value);
bool UnixIs64BitRlimSupported(); bool UnixIs64BitRlimSupported();
UINT64 UnixGetTick64(); UINT64 UnixGetTick64();
UINT64 UnixGetHighresTickNano64(bool raw);
void UnixSigChldHandler(int sig); void UnixSigChldHandler(int sig);
void UnixCloseIO(); void UnixCloseIO();
void UnixGetCurrentDir(char *dir, UINT size); void UnixGetCurrentDir(char *dir, UINT size);

View File

@ -2482,7 +2482,7 @@ STATIC1 您可以更改 VPN Client 的设置
STATIC2 远程管理(&E) STATIC2 远程管理(&E)
STATIC3 您可以通过使用 VPN Client 管理器远程模式从另一台计算机上远程管理 VPN Client 服务程序。 STATIC3 您可以通过使用 VPN Client 管理器远程模式从另一台计算机上远程管理 VPN Client 服务程序。
R_ALLOW_REMOTE_CONFIG 允许 VPN Client 服务的远程管理(&R) R_ALLOW_REMOTE_CONFIG 允许 VPN Client 服务的远程管理(&R)
S_WARNING 如果你允许远程管理,你必须设置一个密码。在菜单里选择“工具” >“设置密码”来设置密码。必须重新启动 VPN Client 服务,以应用远程管理可用性的配置变化。 S_WARNING 建议您在允许远程管理时设置密码。在菜单里选择“工具” >“设置密码”来设置密码。
STATIC4 在通讯闲置一段时间后自动断开互联网连接的环境下,可以通过向互联网上任意主机发送假数据包的方式来保持互联网连接。 STATIC4 在通讯闲置一段时间后自动断开互联网连接的环境下,可以通过向互联网上任意主机发送假数据包的方式来保持互联网连接。
R_USE_KEEP_CONNECT 使用保持 Internet 连接功能(&K) R_USE_KEEP_CONNECT 使用保持 Internet 连接功能(&K)
S_HOSTNAME 主机名(&H): S_HOSTNAME 主机名(&H):
@ -7028,13 +7028,13 @@ CMD_AccountImport_OK 连接设置 "%s" 已导入。
# RemoteEnable 命令 # RemoteEnable 命令
CMD_RemoteEnable 允许 VPN 客户服务的远程管理 CMD_RemoteEnable 允许 VPN 客户服务的远程管理
CMD_RemoteEnable_Help 对 VPN Client 服务,从本地主机以外的远程计算机上,允许通过命令行管理设施或 VPN Client 管理器员进行连接和管理。必须重新启动 VPN Client 服务,以应用远程管理可用性的配置变化。如果你允许远程管理,你必须设置一个密码。 CMD_RemoteEnable_Help 对 VPN Client 服务,从本地主机以外的远程计算机上,允许通过命令行管理设施或 VPN Client 管理器员进行连接和管理。
CMD_RemoteEnable_Args RemoteEnable CMD_RemoteEnable_Args RemoteEnable
# RemoteDisable 命令 # RemoteDisable 命令
CMD_RemoteDisable 禁止 VPN 客户服务的远程管理 CMD_RemoteDisable 禁止 VPN 客户服务的远程管理
CMD_RemoteDisable_Help 对 VPN Client 服务,从本地主机以外的远程计算机上,禁止通过命令行管理设施或 VPN Client 管理器员进行连接和管理。必须重新启动 VPN 客户端服务,以应用远程管理可用性的配置变化。 CMD_RemoteDisable_Help 对 VPN Client 服务,从本地主机以外的远程计算机上,禁止通过命令行管理设施或 VPN Client 管理器员进行连接和管理。
CMD_RemoteDisable_Args RemoteDisable CMD_RemoteDisable_Args RemoteDisable

View File

@ -2466,7 +2466,7 @@ STATIC1 You can modify the settings for VPN Client.
STATIC2 R&emote Management: STATIC2 R&emote Management:
STATIC3 You can remotely manage the VPN Client Service Program from another computer by using VPN Client Manager Remote Mode. STATIC3 You can remotely manage the VPN Client Service Program from another computer by using VPN Client Manager Remote Mode.
R_ALLOW_REMOTE_CONFIG Allow &Remote Management of VPN Client Service R_ALLOW_REMOTE_CONFIG Allow &Remote Management of VPN Client Service
S_WARNING You must set a password if you allow remote management. From the menu bar, choose Tools -> Set Password to set the password. The VPN Client service must be restarted to apply the change of remote management availability. S_WARNING It is recommended to set a password if you allow remote management. From the menu bar, choose Tools -> Set Password to set the password.
STATIC4 For environments where Internet connections will automatically be disconnected when idle, you can keep alive the Internet connection by sending dummy packets to any host on the Internet. STATIC4 For environments where Internet connections will automatically be disconnected when idle, you can keep alive the Internet connection by sending dummy packets to any host on the Internet.
R_USE_KEEP_CONNECT Use &Keep Alive Internet Connection Function R_USE_KEEP_CONNECT Use &Keep Alive Internet Connection Function
S_HOSTNAME &Host Name: S_HOSTNAME &Host Name:
@ -7016,13 +7016,13 @@ CMD_AccountImport_OK The VPN Connection Setting "%s" has been imported.
# RemoteEnable command # RemoteEnable command
CMD_RemoteEnable Allow Remote Management of VPN Client Service CMD_RemoteEnable Allow Remote Management of VPN Client Service
CMD_RemoteEnable_Help Use this to allow management of a VPN Client service from a remote computer that is not localhost, via a remote connection by Command Line Management Utility or VPN Client Manager. The VPN Client service must be restarted to apply the change of remote management availability. You must set a password if you allow remote management. CMD_RemoteEnable_Help Use this to allow management of a VPN Client service from a remote computer that is not localhost, via a remote connection by Command Line Management Utility or VPN Client Manager.
CMD_RemoteEnable_Args RemoteEnable CMD_RemoteEnable_Args RemoteEnable
# RemoteDisable command # RemoteDisable command
CMD_RemoteDisable Deny Remote Management of VPN Client Service CMD_RemoteDisable Deny Remote Management of VPN Client Service
CMD_RemoteDisable_Help Use this to deny management of a VPN Client service from a remote computer that is not localhost, via a remote connection by Command Line Management Utility or VPN Client Manager. The VPN Client service must be restarted to apply the change of remote management availability. CMD_RemoteDisable_Help Use this to deny management of a VPN Client service from a remote computer that is not localhost, via a remote connection by Command Line Management Utility or VPN Client Manager.
CMD_RemoteDisable_Args RemoteDisable CMD_RemoteDisable_Args RemoteDisable

View File

@ -2469,7 +2469,7 @@ STATIC1 VPN Client の動作に関する設定を変更できます。
STATIC2 リモート管理の設定(&E) STATIC2 リモート管理の設定(&E)
STATIC3 VPN Client サービスプログラムを別のコンピュータ上から VPN クライアント接続マネージャによってリモート管理することが可能です。 STATIC3 VPN Client サービスプログラムを別のコンピュータ上から VPN クライアント接続マネージャによってリモート管理することが可能です。
R_ALLOW_REMOTE_CONFIG VPN Client サービスのリモート管理を許可する(&R) R_ALLOW_REMOTE_CONFIG VPN Client サービスのリモート管理を許可する(&R)
S_WARNING リモート管理を許可する場合、パスワードを設定する必要があります。パスワードは [ツール] メニューの [パスワードの設定] をクリックして設定することができます。リモート管理の可否の変更の設定適用には、VPN Client サービスを再起動する必要があります。 S_WARNING リモート管理を許可する場合、パスワードを設定しておくことを強くお勧めします。パスワードは [ツール] メニューの [パスワードの設定] をクリックして設定することができます。
STATIC4 一定期間無通信状態が続くと接続が自動的に切断されるようなネットワーク接続環境の場合、インターネット上の任意のサーバーに対して一定間隔ごとにパケットを送信することにより、インターネット接続を維持することができます。 STATIC4 一定期間無通信状態が続くと接続が自動的に切断されるようなネットワーク接続環境の場合、インターネット上の任意のサーバーに対して一定間隔ごとにパケットを送信することにより、インターネット接続を維持することができます。
R_USE_KEEP_CONNECT インターネット接続の維持機能を使用する(&K) R_USE_KEEP_CONNECT インターネット接続の維持機能を使用する(&K)
S_HOSTNAME ホスト名(&H): S_HOSTNAME ホスト名(&H):
@ -7022,13 +7022,13 @@ CMD_AccountImport_OK 接続設定 "%s" としてインポートしました。
# RemoteEnable コマンド # RemoteEnable コマンド
CMD_RemoteEnable VPN Client サービスのリモート管理の許可 CMD_RemoteEnable VPN Client サービスのリモート管理の許可
CMD_RemoteEnable_Help VPN Client サービスに、localhost 以外のリモートコンピュータから、コマンドライン管理ユーティリティまたは VPN クライアント接続マネージャでリモート接続して管理することを許可します。注意: リモート管理の可否の変更の設定適用には、VPN Client サービスを再起動する必要があります。リモート管理を許可する場合、パスワードを設定する必要があります。 CMD_RemoteEnable_Help VPN Client サービスに、localhost 以外のリモートコンピュータから、コマンドライン管理ユーティリティまたは VPN クライアント接続マネージャでリモート接続して管理することを許可します。
CMD_RemoteEnable_Args RemoteEnable CMD_RemoteEnable_Args RemoteEnable
# RemoteDisable コマンド # RemoteDisable コマンド
CMD_RemoteDisable VPN Client サービスのリモート管理の禁止 CMD_RemoteDisable VPN Client サービスのリモート管理の禁止
CMD_RemoteDisable_Help VPN Client サービスに、localhost 以外のリモートコンピュータからコマンドライン管理ユーティリティまたは VPN クライアント接続マネージャでリモート接続して管理することを禁止します。注意: リモート管理の可否の変更の設定適用には、VPN Client サービスを再起動する必要があります。 CMD_RemoteDisable_Help VPN Client サービスに、localhost 以外のリモートコンピュータからコマンドライン管理ユーティリティまたは VPN クライアント接続マネージャでリモート接続して管理することを禁止します。
CMD_RemoteDisable_Args RemoteDisable CMD_RemoteDisable_Args RemoteDisable