From efafb59647fcd1a08ad4a547eda05efd3e23ede2 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Sun, 2 Oct 2016 13:37:45 +0800 Subject: [PATCH] Fix #863 --- src/acl.c | 19 +++++++++++++++---- src/acl.h | 1 + src/json.c | 2 +- src/local.c | 16 ++++++++-------- src/redir.c | 1 - src/server.c | 25 +++++++++++++++++++------ src/utils.c | 2 +- 7 files changed, 45 insertions(+), 21 deletions(-) diff --git a/src/acl.c b/src/acl.c index cf33a947..4a5302f0 100644 --- a/src/acl.c +++ b/src/acl.c @@ -41,13 +41,23 @@ static int acl_mode = BLACK_LIST; static struct cache *block_list; -void init_block_list() +void +init_block_list() { // Initialize cache cache_create(&block_list, 256, NULL); } -int check_block_list(char* addr, int err_level) +int +remove_from_block_list(char *addr) +{ + size_t addr_len = strlen(addr); + + return cache_remove(block_list, addr, addr_len); +} + +int +check_block_list(char *addr, int err_level) { size_t addr_len = strlen(addr); @@ -55,11 +65,12 @@ int check_block_list(char* addr, int err_level) int *count = NULL; cache_lookup(block_list, addr, addr_len, &count); if (count != NULL) { - if (*count > MAX_TRIES) return 1; + if (*count > MAX_TRIES) + return 1; (*count) += err_level; } } else { - int *count = (int*)ss_malloc(sizeof(int)); + int *count = (int *)ss_malloc(sizeof(int)); *count = 1; cache_insert(block_list, addr, addr_len, count); } diff --git a/src/acl.h b/src/acl.h index e98c8a28..114d782a 100644 --- a/src/acl.h +++ b/src/acl.h @@ -42,5 +42,6 @@ int get_acl_mode(void); void init_block_list(); int check_block_list(char* addr, int err_level); +int remove_from_block_list(char *addr); #endif // _ACL_H diff --git a/src/json.c b/src/json.c index 2f4a3492..6d53962a 100644 --- a/src/json.c +++ b/src/json.c @@ -248,7 +248,7 @@ json_parse_ex(json_settings *settings, json_value *top, *root, *alloc = 0; json_state state = { 0UL, 0U, 0UL, { 0UL, 0, NULL, NULL, NULL }, 0 }; long flags; - long num_digits = 0, num_e = 0; + long num_digits = 0, num_e = 0; json_int_t num_fraction = 0; /* Skip UTF-8 BOM diff --git a/src/local.c b/src/local.c index 859d4aec..109cccbc 100644 --- a/src/local.c +++ b/src/local.c @@ -467,13 +467,13 @@ server_recv_cb(EV_P_ ev_io *w, int revents) memcpy(resp_buf->array, &response, sizeof(struct socks5_response)); memcpy(resp_buf->array + sizeof(struct socks5_response), - &sock_addr.sin_addr, sizeof(sock_addr.sin_addr)); + &sock_addr.sin_addr, sizeof(sock_addr.sin_addr)); memcpy(resp_buf->array + sizeof(struct socks5_response) + - sizeof(sock_addr.sin_addr), - &sock_addr.sin_port, sizeof(sock_addr.sin_port)); + sizeof(sock_addr.sin_addr), + &sock_addr.sin_port, sizeof(sock_addr.sin_port)); int reply_size = sizeof(struct socks5_response) + - sizeof(sock_addr.sin_addr) + sizeof(sock_addr.sin_port); + sizeof(sock_addr.sin_addr) + sizeof(sock_addr.sin_port); int s = send(server->fd, resp_buf->array, reply_size, 0); @@ -511,7 +511,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents) if (acl || verbose) { uint16_t p = ntohs(*(uint16_t *)(buf->array + 4 + in_addr_len)); dns_ntop(AF_INET, (const void *)(buf->array + 4), - ip, INET_ADDRSTRLEN); + ip, INET_ADDRSTRLEN); sprintf(port, "%d", p); } } else if (atyp == 3) { @@ -537,7 +537,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents) if (acl || verbose) { uint16_t p = ntohs(*(uint16_t *)(buf->array + 4 + in6_addr_len)); dns_ntop(AF_INET6, (const void *)(buf->array + 4), - ip, INET6_ADDRSTRLEN); + ip, INET6_ADDRSTRLEN); sprintf(port, "%d", p); } } else { @@ -557,10 +557,10 @@ server_recv_cb(EV_P_ ev_io *w, int revents) int ret = 0; if (p == http_protocol->default_port) ret = http_protocol->parse_packet(buf->array + 3 + abuf->len, - buf->len - 3 - abuf->len, &hostname); + buf->len - 3 - abuf->len, &hostname); else if (p == tls_protocol->default_port) ret = tls_protocol->parse_packet(buf->array + 3 + abuf->len, - buf->len - 3 - abuf->len, &hostname); + buf->len - 3 - abuf->len, &hostname); if (ret == -1) { server->stage = 2; bfree(abuf); diff --git a/src/redir.c b/src/redir.c index 5a40d67d..751a7b97 100644 --- a/src/redir.c +++ b/src/redir.c @@ -435,7 +435,6 @@ remote_send_cb(EV_P_ ev_io *w, int revents) memcpy(abuf->array + abuf->len, server->hostname, server->hostname_len); abuf->len += server->hostname_len; memcpy(abuf->array + abuf->len, &port, 2); - } else if (AF_INET6 == server->destaddr.ss_family) { // IPv6 abuf->array[abuf->len++] = 4; // Type 4 is IPv6 address diff --git a/src/server.c b/src/server.c index 2d1b9961..d761bd75 100644 --- a/src/server.c +++ b/src/server.c @@ -298,6 +298,16 @@ get_peer_name(int fd) return peer_name; } +static void +reset_addr(int fd) +{ + char *peer_name; + peer_name = get_peer_name(fd); + if (peer_name != NULL) { + remove_from_block_list(peer_name); + } +} + static void report_addr(int fd, int err_level) { @@ -305,10 +315,10 @@ report_addr(int fd, int err_level) peer_name = get_peer_name(fd); if (peer_name != NULL) { LOGE("failed to handshake with %s", peer_name); - } - // Block all requests from this IP, if the err# exceeds 128. - if (check_block_list(peer_name, err_level)) { - LOGE("add %s to block list", peer_name); + // Block all requests from this IP, if the err# exceeds 128. + if (check_block_list(peer_name, err_level)) { + LOGE("add %s to block list", peer_name); + } } } @@ -983,7 +993,7 @@ server_timeout_cb(EV_P_ ev_timer *watcher, int revents) if (server->stage < 2) { if (verbose) { size_t len = server->stage ? - server->header_buf->len : server->buf->len; + server->header_buf->len : server->buf->len; #ifdef __MINGW32__ LOGI("incomplete header: %u", len); #else @@ -1166,6 +1176,9 @@ remote_send_cb(EV_P_ ev_io *w, int revents) } remote_send_ctx->connected = 1; + // Clear the state of this address in the block list + reset_addr(server->fd); + if (remote->buf->len == 0) { server->stage = 5; ev_io_stop(EV_A_ & remote_send_ctx->io); @@ -1429,7 +1442,7 @@ accept_cb(EV_P_ ev_io *w, int revents) } if (acl) { if ((get_acl_mode() == BLACK_LIST && acl_match_host(peer_name) == 1) - || (get_acl_mode() == WHITE_LIST && acl_match_host(peer_name) >= 0)) { + || (get_acl_mode() == WHITE_LIST && acl_match_host(peer_name) >= 0)) { LOGE("Access denied from %s", peer_name); close(serverfd); return; diff --git a/src/utils.c b/src/utils.c index bdab59d7..139e7c69 100644 --- a/src/utils.c +++ b/src/utils.c @@ -215,7 +215,7 @@ void usage() { printf("\n"); - printf("shadowsocks-libev %s with %s\n\n", VERSION, USING_CRYPTO); + printf("shadowsocks-libev %s with %s\n\n", VERSION, USING_CRYPTO); printf( " maintained by Max Lv and Linus Yang \n\n"); printf(" usage:\n\n");