jeans/Tasmota
jeans/Tasmota
1
0
Fork 0
mirror of https://github.com/arendst/Tasmota.git synced 2025-04-25 15:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add IP filter to TCPStart command

Browse Source 
This is an optional second parameter to enable some very basic security.
This commit is contained in:
James Lakin 2021-08-01 12:26:42 +01:00
parent f58c191bd7
commit f6bc8b6cd4
No known key found for this signature in database
GPG Key ID: E0CDB2EAA7FED7B9
1 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
tasmota/xdrv_41_tcp_bridge.ino
View File

@ -35,6 +35,7 @@ WiFiServer *server_tcp = nullptr;
WiFiClient client_tcp[TCP_BRIDGE_CONNECTIONS]; WiFiClient client_tcp[TCP_BRIDGE_CONNECTIONS];
uint8_t client_next = 0; uint8_t client_next = 0;
uint8_t *tcp_buf = nullptr; // data transfer buffer uint8_t *tcp_buf = nullptr; // data transfer buffer
IPAddress ip_filter = 0;
#include <TasmotaSerial.h> #include <TasmotaSerial.h>
TasmotaSerial *TCPSerial = nullptr; TasmotaSerial *TCPSerial = nullptr;
@ -60,12 +61,25 @@ void TCPLoop(void)
// check for a new client connection // check for a new client connection
if ((server_tcp) && (server_tcp->hasClient())) { if ((server_tcp) && (server_tcp->hasClient())) {
WiFiClient new_client = server_tcp->available();
AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_TCP "Got connection from %s"), new_client.remoteIP().toString().c_str());
// Check for IP filtering if it's enabled.
if (ip_filter) {
if (ip_filter != new_client.remoteIP()) {
AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_TCP "Rejected due to filtering"));
new_client.stop();
} else {
AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_TCP "Allowed through filter"));
}
}
// find an empty slot // find an empty slot
uint32_t i; uint32_t i;
for (i=0; i<nitems(client_tcp); i++) { for (i=0; i<nitems(client_tcp); i++) {
WiFiClient &client = client_tcp[i]; WiFiClient &client = client_tcp[i];
if (!client) { if (!client) {
client = server_tcp->available(); client = new_client;
break; break;
} }
} }
@ -73,7 +87,7 @@ void TCPLoop(void)
i = client_next++ % nitems(client_tcp); i = client_next++ % nitems(client_tcp);
WiFiClient &client = client_tcp[i]; WiFiClient &client = client_tcp[i];
client.stop(); client.stop();
client = server_tcp->available(); client = new_client;
} }
} }
@ -139,12 +153,21 @@ void TCPInit(void) {
\*********************************************************************************************/ \*********************************************************************************************/
// //
// Command `ZbConfig` // Command `TCPStart`
// Params: port,<IPv4 allow>
// //
void CmndTCPStart(void) { void CmndTCPStart(void) {
if (!TCPSerial) { return; } if (!TCPSerial) { return; }
int32_t tcp_port = XdrvMailbox.payload; int32_t tcp_port = XdrvMailbox.payload;
if (ArgC() == 2) {
char sub_string[XdrvMailbox.data_len];
ip_filter.fromString(ArgV(sub_string, 2));
} else {
// Disable whitelist if previously set
ip_filter = (uint32_t)0;
}
if (server_tcp) { if (server_tcp) {
AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_TCP "Stopping TCP server")); AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_TCP "Stopping TCP server"));
@ -159,6 +182,9 @@ void CmndTCPStart(void) {
} }
if (tcp_port > 0) { if (tcp_port > 0) {
AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_TCP "Starting TCP server on port %d"), tcp_port); AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_TCP "Starting TCP server on port %d"), tcp_port);
if (ip_filter) {
AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_TCP "Filtering %s"), ip_filter.toString().c_str());
}
server_tcp = new WiFiServer(tcp_port); server_tcp = new WiFiServer(tcp_port);
server_tcp->begin(); // start TCP server server_tcp->begin(); // start TCP server
server_tcp->setNoDelay(true); server_tcp->setNoDelay(true);