Changeset 189:a6cc7cd79aef in finroc_plugins_tcp


Ignore:
Timestamp:
24.06.2020 09:51:29 (2 weeks ago)
Author:
Max Reichardt <max.reichardt@…>
Branch:
17.03
Phase:
public
Tags:
tip
Message:

Adds TCP plugin parameter that can be used to restrict network access to non-shared structure to specific server listen adresses (use case e.g. VPN connections only)

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • internal/tConnection.cpp

    r176 r189  
    3535#include <boost/asio.hpp> 
    3636#include "core/tRuntimeEnvironment.h" 
     37#include "rrlib/util/string.h" 
    3738 
    3839//---------------------------------------------------------------------- 
     
    218219        message.Deserialize(stream); 
    219220 
    220         if (!network_transport::generic_protocol::tLocalRuntimeInfo::IsServingStructure()) 
     221        std::string restrict_access_prefix = connection->peer.par_restrict_structure_access_to_listen_address_prefix.Get(); 
     222        bool access_denied = false; 
     223        if (restrict_access_prefix.length() && message.Get<3>() != tStructureExchange::SHARED_PORTS) 
     224        { 
     225          std::stringstream stream; 
     226          stream << connection->socket->local_endpoint().address(); 
     227          if (!rrlib::util::StartsWith(stream.str(), restrict_access_prefix)) 
     228          { 
     229            FINROC_LOG_PRINT(WARNING, "Access to non-shared structure denied to ", connection->socket->remote_endpoint().address()); 
     230            access_denied = true; 
     231          } 
     232        } 
     233 
     234        if ((!network_transport::generic_protocol::tLocalRuntimeInfo::IsServingStructure()) || access_denied) 
    221235        { 
    222236          connection->Close(); // Not serving structure yet 
  • tTCPPlugin.cpp

    r173 r189  
    102102  par_auto_connect_to_all_peers(this, "Auto-connect To All Peers", true), 
    103103  par_server_listen_address(this, "Server Listen Address", "0.0.0.0"), // = "0.0.0.0"; 
     104  par_restrict_structure_access_to_listen_address_prefix(this, "Restrict Structure Access To Listen Address Prefix", ""), 
    104105  par_peer_type(this, "Peer Type", tPeerType::FULL), 
    105106  par_debug_tcp(this, "Debug TCP", true), 
  • tTCPPlugin.h

    r155 r189  
    102102  tStaticParameter<std::string> par_server_listen_address; // = "0.0.0.0"; 
    103103 
     104  /*! If set, non-shared structure will be only served to listen addresses with the specified prefix (e.g. "10.255."). On all other addresses, only shared ports will be served. */ 
     105  tStaticParameter<std::string> par_restrict_structure_access_to_listen_address_prefix; 
     106 
    104107  /* Type of peer to be created */ 
    105108  tStaticParameter<tPeerType> par_peer_type; 
     
    122125  /*! Frequency with which to call ProcessLowPriorityTasks (e.g. connecting and exchanging peer information) (default 500ms) */ 
    123126  tParameter<rrlib::time::tDuration> par_process_low_priority_tasks_call_interval; 
    124  
    125127 
    126128  /*! 
Note: See TracChangeset for help on using the changeset viewer.