HS-Esslingen/esp-firewall
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More merging

Browse source
This commit is contained in:
Florian Hoss 2022-07-29 17:25:56 +02:00
parent 0af9c39fa3
commit 8822bc8cc7
9 changed files with 60 additions and 334 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
esp8266example/src/main.cpp
View file

@ -3,8 +3,8 @@
#include "theCerts.h"
#include "ESP8266WiFi.h"
#include "esp8266/Firewall.hpp"
#include "esp8266/API.hpp"
#include "Firewall.hpp"
#include "API.hpp"
fw::Firewall *firewall;
fw::API *firewallApi;

2
src/esp8266/Firewall.cpp → src/Firewall.cpp
View file

@ -1,4 +1,3 @@
#ifdef ESP8266
#include "Firewall.hpp"
namespace fw
@ -180,4 +179,3 @@ namespace fw
return false;
}
}
#endif

8
src/esp8266/Firewall.hpp → src/Firewall.hpp
View file

@ -1,13 +1,13 @@
#ifndef ESP8266_FIREWALL_HPP
#define ESP8266_FIREWALL_HPP
#ifndef FIREWALL_HPP
#define FIREWALL_HPP
#include "../Utils.hpp"
#include "Utils.hpp"
#include "Storage.hpp"
#include "WiFiClient.h"
#include "lwip/netif.h"
#include "lwip/pbuf.h"
#include "lwip/ip4.h"
#include "lwip/udp.h"
#include "lwip/prot/udp.h"
#include "lwip/prot/tcp.h"
namespace fw

47
src/esp8266/Storage.cpp → src/Storage.cpp
View file

@ -1,45 +1,61 @@
#ifdef ESP8266
#include "Storage.hpp"
namespace fw
{
Storage::Storage()
{
#ifdef ESP8266
this->max_rules = 15;
this->eeprom_amount_of_rules = 0;
this->eeprom_rules_head = 1;
this->eeprom_size = this->max_rules * sizeof(firewall_rule_t) + eeprom_rules_head;
EEPROM.begin(this->eeprom_size);
#endif
}
Storage::~Storage()
{
}
#ifdef ESP8266
uint16_t Storage::eeprom_rule_position(uint8_t key)
{
return eeprom_rules_head + (key - 1) * sizeof(firewall_rule_t);
}
#endif
uint8_t Storage::retrieve_amount_of_rules()
{
#ifdef ESP8266
uint8_t amount_of_rules = EEPROM.read(this->eeprom_amount_of_rules);
if (amount_of_rules > this->max_rules)
return 0;
#else
this->memory.begin("settings", true);
const uint8_t amount_of_rules = memory.getUChar("amount_of_rules", 0);
this->memory.end();
#endif
return amount_of_rules;
}
void Storage::store_amount_of_rules(const uint8_t new_amount)
{
#ifdef ESP8266
EEPROM.put(this->eeprom_amount_of_rules, new_amount);
EEPROM.commit();
#else
this->memory.begin("settings", false);
this->memory.putUChar("amount_of_rules", new_amount);
this->memory.end();
#endif
}
firewall_rule_t *Storage::retrieve_firewall_rule(const uint8_t key)
{
firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t));
rule_ptr->key = key;
#ifdef ESP8266
uint16_t eeprom_position = eeprom_rule_position(key);
EEPROM.get(eeprom_position, rule_ptr->ip);
@ -47,6 +63,18 @@ namespace fw
EEPROM.get(eeprom_position += sizeof(rule_ptr->port_from), rule_ptr->port_to);
EEPROM.get(eeprom_position += sizeof(rule_ptr->port_to), rule_ptr->protocol);
EEPROM.get(eeprom_position += sizeof(rule_ptr->protocol), rule_ptr->target);
#else
char rulename[10]; // fwRule99\n
sprintf(rulename, "fwRule%i", key);
this->memory.begin(rulename, true);
strncpy(rule_ptr->ip, this->memory.getString(firewall_fields[IP], "0.0.0.0").c_str(), sizeof(rule_ptr->ip));
rule_ptr->port_from = this->memory.getUShort(firewall_fields[PORT_FROM], 0);
rule_ptr->port_to = this->memory.getUShort(firewall_fields[PORT_TO], 0);
rule_ptr->protocol = static_cast<firewall_protocol_t>(this->memory.getUChar(firewall_fields[PROTOCOL], PROTOCOL_ALL));
rule_ptr->target = static_cast<firewall_target_t>(this->memory.getUChar(firewall_fields[TARGET], TARGET_ACCEPT));
this->memory.end();
#endif
return rule_ptr;
}
@ -62,6 +90,7 @@ namespace fw
void Storage::store_firewall_rule(firewall_rule_t *rule_ptr)
{
#ifdef ESP8266
uint16_t eeprom_position = eeprom_rule_position(rule_ptr->key);
EEPROM.put(eeprom_position, rule_ptr->ip);
@ -71,6 +100,18 @@ namespace fw
EEPROM.put(eeprom_position += sizeof(rule_ptr->protocol), rule_ptr->target);
EEPROM.commit();
}
}
#else
char rulename[10]; // fwRule99\n
sprintf(rulename, "fwRule%i", rule_ptr->key);
this->memory.begin(rulename, false);
this->memory.putString(firewall_fields[IP], rule_ptr->ip);
this->memory.putUShort(firewall_fields[PORT_FROM], rule_ptr->port_from);
this->memory.putUShort(firewall_fields[PORT_TO], rule_ptr->port_to);
this->memory.putUChar(firewall_fields[PROTOCOL], rule_ptr->protocol);
this->memory.putUChar(firewall_fields[TARGET], rule_ptr->target);
this->memory.end();
#endif
}
}

14
src/esp8266/Storage.hpp → src/Storage.hpp
View file

@ -1,8 +1,12 @@
#ifndef ESP8266_STORAGE_HPP
#define ESP8266_STORAGE_HPP
#ifndef STORAGE_HPP
#define STORAGE_HPP
#ifdef ESP8266
#include "EEPROM.h"
#include "../Utils.hpp"
#else
#include "Preferences.h"
#endif
#include "Utils.hpp"
namespace fw
{
@ -13,12 +17,16 @@ namespace fw
~Storage();
private:
#ifdef ESP8266
uint8_t max_rules;
uint16_t eeprom_size;
uint16_t eeprom_amount_of_rules;
uint16_t eeprom_rules_head;
uint16_t eeprom_rule_position(uint8_t key);
#else
Preferences memory;
#endif
protected:
uint8_t retrieve_amount_of_rules();

183
src/esp32/Firewall.cpp
View file

@ -1,183 +0,0 @@
#if !defined(ESP8266)
#include "Firewall.hpp"
namespace fw
{
Firewall::Firewall()
{
this->amount_of_rules = retrieve_amount_of_rules();
for (uint8_t i = 1; i <= this->amount_of_rules; i++)
{
firewall_rule_t *rule_ptr = retrieve_firewall_rule(i);
this->add_rule_to_firewall(rule_ptr, false);
}
}
Firewall::~Firewall()
{
}
firewall_rule_t *Firewall::get_rule_head()
{
return this->rule_head;
}
void Firewall::add_rule_to_firewall(firewall_rule_t *rule_ptr, const bool save_in_eeprom)
{
store_amount_of_rules(this->amount_of_rules);
if (save_in_eeprom)
Storage::store_firewall_rule(rule_ptr);
if (this->rule_head == NULL)
{
this->rule_head = rule_ptr;
rule_ptr->next = NULL;
return;
}
firewall_rule_t *current_rule;
current_rule = this->rule_head;
while (current_rule->next != NULL)
current_rule = current_rule->next;
current_rule->next = rule_ptr;
rule_ptr->next = NULL;
}
firewall_rule_t *Firewall::add_rule_to_firewall(String *args)
{
firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t));
rule_ptr->key = ++this->amount_of_rules;
strncpy(rule_ptr->ip, args[IP].c_str(), sizeof(rule_ptr->ip));
rule_ptr->port_from = args[PORT_FROM].toInt();
rule_ptr->port_to = args[PORT_TO].toInt();
rule_ptr->protocol = string_to_protocol(args[PROTOCOL]);
rule_ptr->target = string_to_target(args[TARGET]);
add_rule_to_firewall(rule_ptr);
return rule_ptr;
}
firewall_rule_t *Firewall::update_rule_of_firewall(String *args, const uint8_t key)
{
firewall_rule_t *rule_ptr = get_rule_from_firewall(key);
strncpy(rule_ptr->ip, args[IP].c_str(), sizeof(rule_ptr->ip));
rule_ptr->port_from = args[PORT_FROM].toInt();
rule_ptr->port_to = args[PORT_TO].toInt();
rule_ptr->protocol = string_to_protocol(args[PROTOCOL]);
rule_ptr->target = string_to_target(args[TARGET]);
Storage::store_firewall_rule(rule_ptr);
return rule_ptr;
}
firewall_rule_t *Firewall::get_rule_from_firewall(const uint8_t key)
{
firewall_rule_t *rule_ptr = this->rule_head;
if (this->rule_head == NULL)
return NULL;
while (rule_ptr->key != key)
{
if (rule_ptr->next == NULL)
return NULL;
else
rule_ptr = rule_ptr->next;
}
return rule_ptr;
}
ok_t Firewall::delete_rule_from_firewall(const uint8_t key)
{
if (this->rule_head == NULL)
return NO_ACTION;
firewall_rule_t *current_rule = this->rule_head;
firewall_rule_t *previous_rule = NULL;
firewall_rule_t *temp = NULL;
while (current_rule->key != key)
{
if (current_rule->next == NULL)
return NO_ACTION;
else
{
previous_rule = current_rule;
current_rule = current_rule->next;
}
}
if (current_rule == this->rule_head)
{
this->rule_head = rule_head->next;
temp = this->rule_head;
}
else
{
previous_rule->next = current_rule->next;
temp = previous_rule->next;
}
while (temp != NULL)
{
temp->key--;
temp = temp->next;
}
free(current_rule);
this->amount_of_rules--;
Storage::store_amount_of_rules(this->amount_of_rules);
if (this->amount_of_rules != 0)
Storage::store_all_firewall_rules(rule_head);
return SUCCESS;
}
my_packet_t *Firewall::get_packet_information(struct pbuf *pbuf)
{
my_packet_t *packet = (my_packet_t *)malloc(sizeof(my_packet_t));
const struct ip_hdr *iphdr = (struct ip_hdr *)pbuf->payload;
u16_t iphdr_hlen = IPH_HL_BYTES(iphdr);
packet->protocol = (firewall_protocol_t)IPH_PROTO(iphdr);
sprintf(packet->ip, "%d.%d.%d.%d", ip4_addr1_16_val(iphdr->src), ip4_addr2_16_val(iphdr->src), ip4_addr3_16_val(iphdr->src), ip4_addr4_16_val(iphdr->src));
if (packet->protocol == PROTOCOL_UDP)
{
const struct udp_hdr *udphdr = (const struct udp_hdr *)((const u8_t *)iphdr + iphdr_hlen);
packet->port = lwip_ntohs(udphdr->dest);
}
else if (packet->protocol == PROTOCOL_TCP)
{
const struct tcp_hdr *tcphdr = (const struct tcp_hdr *)((const u8_t *)iphdr + iphdr_hlen);
packet->port = lwip_ntohs(tcphdr->dest);
}
return packet;
}
bool Firewall::rule_allows_packet(firewall_rule_t *rule_ptr, my_packet_t *packet)
{
if (strncmp(rule_ptr->ip, packet->ip, IPV4ADDRESS_LENGTH) == 0)
{
if ((rule_ptr->protocol == PROTOCOL_ALL || packet->protocol == rule_ptr->protocol) &&
is_in_range(packet->port, rule_ptr->port_from, rule_ptr->port_to) &&
rule_ptr->target == TARGET_ACCEPT)
{
free(packet);
return true;
}
}
return false;
}
bool Firewall::is_packet_allowed(struct pbuf *pbuf)
{
// no rules -> no action
if (this->amount_of_rules == 0)
return true;
my_packet_t *packet = get_packet_information(pbuf);
firewall_rule_t *rule_ptr = this->rule_head;
while (rule_ptr != NULL)
{
if (rule_allows_packet(rule_ptr, packet))
return true;
rule_ptr = rule_ptr->next;
}
free(packet);
return false;
}
}
#endif

39
src/esp32/Firewall.hpp
View file

@ -1,39 +0,0 @@
#ifndef ESP32_FIREWALL_HPP
#define ESP32_FIREWALL_HPP
#include "../Utils.hpp"
#include "Storage.hpp"
#include "WiFiClient.h"
#include "lwip/netif.h"
#include "lwip/pbuf.h"
#include "lwip/ip4.h"
#include "lwip/udp.h"
#include "lwip/tcp.h"
#include "lwip/prot/tcp.h"
namespace fw
{
class Firewall : public Storage
{
public:
Firewall();
~Firewall();
firewall_rule_t *get_rule_head();
void add_rule_to_firewall(firewall_rule_t *rule_ptr, const bool save_in_eeprom = true);
firewall_rule_t *add_rule_to_firewall(String *args);
firewall_rule_t *update_rule_of_firewall(String *args, const uint8_t key);
firewall_rule_t *get_rule_from_firewall(const uint8_t key);
ok_t delete_rule_from_firewall(const uint8_t key);
bool is_packet_allowed(struct pbuf *pbuf);
protected:
bool rule_allows_packet(firewall_rule_t *rule_ptr, my_packet_t *packet);
my_packet_t *get_packet_information(struct pbuf *pbuf);
uint8_t amount_of_rules = 0;
firewall_rule_t *rule_head = NULL;
};
}
#endif

72
src/esp32/Storage.cpp
View file

@ -1,72 +0,0 @@
#if !defined(ESP8266)
#include "Storage.hpp"
namespace fw
{
Storage::Storage()
{
}
Storage::~Storage()
{
}
uint8_t Storage::retrieve_amount_of_rules()
{
this->memory.begin("settings", true);
const uint8_t amount_of_rules = memory.getUChar("amount_of_rules", 0);
this->memory.end();
return amount_of_rules;
}
void Storage::store_amount_of_rules(const uint8_t new_amount)
{
this->memory.begin("settings", false);
this->memory.putUChar("amount_of_rules", new_amount);
this->memory.end();
}
firewall_rule_t *Storage::retrieve_firewall_rule(const uint8_t key)
{
firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t));
rule_ptr->key = key;
char rulename[10]; // fwRule99\n
sprintf(rulename, "fwRule%i", key);
this->memory.begin(rulename, true);
strncpy(rule_ptr->ip, this->memory.getString(firewall_fields[IP], "0.0.0.0").c_str(), sizeof(rule_ptr->ip));
rule_ptr->port_from = this->memory.getUShort(firewall_fields[PORT_FROM], 0);
rule_ptr->port_to = this->memory.getUShort(firewall_fields[PORT_TO], 0);
rule_ptr->protocol = static_cast<firewall_protocol_t>(this->memory.getUChar(firewall_fields[PROTOCOL], PROTOCOL_ALL));
rule_ptr->target = static_cast<firewall_target_t>(this->memory.getUChar(firewall_fields[TARGET], TARGET_ACCEPT));
this->memory.end();
return rule_ptr;
}
void Storage::store_all_firewall_rules(firewall_rule_t *rule_head)
{
firewall_rule_t *temp = rule_head;
while (temp != NULL)
{
store_firewall_rule(temp);
temp = temp->next;
}
}
void Storage::store_firewall_rule(firewall_rule_t *rule_ptr)
{
char rulename[10]; // fwRule99\n
sprintf(rulename, "fwRule%i", rule_ptr->key);
this->memory.begin(rulename, false);
this->memory.putString(firewall_fields[IP], rule_ptr->ip);
this->memory.putUShort(firewall_fields[PORT_FROM], rule_ptr->port_from);
this->memory.putUShort(firewall_fields[PORT_TO], rule_ptr->port_to);
this->memory.putUChar(firewall_fields[PROTOCOL], rule_ptr->protocol);
this->memory.putUChar(firewall_fields[TARGET], rule_ptr->target);
this->memory.end();
}
}
#endif

27
src/esp32/Storage.hpp
View file

@ -1,27 +0,0 @@
#ifndef ESP32_STORAGE_HPP
#define ESP32_STORAGE_HPP
#include "Preferences.h"
#include "../Utils.hpp"
namespace fw
{
class Storage
{
public:
Storage();
~Storage();
private:
Preferences memory;
protected:
uint8_t retrieve_amount_of_rules();
void store_amount_of_rules(const uint8_t new_amount);
firewall_rule_t *retrieve_firewall_rule(const uint8_t key);
void store_all_firewall_rules(firewall_rule_t *rule_head);
void store_firewall_rule(firewall_rule_t *rule_ptr);
};
}
#endif