4 år sedan · 005285bf43
--- a/src/BuildUtil/UnixBuildSoftwares.cs
+++ b/src/BuildUtil/UnixBuildSoftwares.cs
@@ -632,7 +632,7 @@ namespace BuildUtil
 
				 			sr.WriteLine("# You have to read and agree the license agreement at the same directory");

			
 
				 			sr.WriteLine("#  before using this software.");

			
 
				 			sr.WriteLine();

			
 
				-			sr.WriteLine("i_read_and_agree_the_license_agreement:");

			
 
				+			sr.WriteLine("main:");

			
 
				 

			
 
				 			sr.WriteLine("\t@echo \"Preparing {0}...\"", BuildHelper.GetSoftwareTitle(this.Software));

			
 
				 

			
--- a/src/Cedar/Cedar.h
+++ b/src/Cedar/Cedar.h
@@ -126,10 +126,10 @@
 
				 

			
 
				 

			
 
				 // Version number

			
 
				-#define	CEDAR_VER					436

			
 
				+#define	CEDAR_VER					437

			
 
				 

			
 
				 // Build Number

			
 
				-#define	CEDAR_BUILD					9754

			
 
				+#define	CEDAR_BUILD					9758

			
 
				 

			
 
				 // Beta number

			
 
				 //#define	BETA_NUMBER					3

			
@@ -149,11 +149,11 @@
 
				 

			
 
				 // Specifies the build date

			
 
				 #define	BUILD_DATE_Y		2021

			
 
				-#define	BUILD_DATE_M		6

			
 
				-#define	BUILD_DATE_D		7

			
 
				-#define	BUILD_DATE_HO		21

			
 
				-#define	BUILD_DATE_MI		29

			
 
				-#define	BUILD_DATE_SE		54

			
 
				+#define	BUILD_DATE_M		8

			
 
				+#define	BUILD_DATE_D		16

			
 
				+#define	BUILD_DATE_HO		0

			
 
				+#define	BUILD_DATE_MI		27

			
 
				+#define	BUILD_DATE_SE		11

			
 
				 

			
 
				 // Tolerable time difference

			
 
				 #define	ALLOW_TIMESTAMP_DIFF		(UINT64)(3 * 24 * 60 * 60 * 1000)

			
--- a/src/Cedar/CedarType.h
+++ b/src/Cedar/CedarType.h
@@ -616,6 +616,7 @@ typedef struct IKE_SA_TRANSFORM_SETTING IKE_SA_TRANSFORM_SETTING;
 
				 typedef struct IKE_CLIENT IKE_CLIENT;

			
 
				 typedef struct IPSECSA IPSECSA;

			
 
				 typedef struct IKE_CAPS IKE_CAPS;

			
 
				+typedef struct IKE_INFOMSG_QUOTA_ENTRY IKE_INFOMSG_QUOTA_ENTRY;

			
 
				 

			
 
				 // ==============================================================

			
 
				 //  IPSec Packet

			
--- a/src/Cedar/Connection.c
+++ b/src/Cedar/Connection.c
@@ -3571,6 +3571,7 @@ CONNECTION *NewServerConnection(CEDAR *cedar, SOCK *s, THREAD *t)
 
				 	{

			
 
				 		AddRef(c->FirstSock->ref);

			
 
				 		Copy(&c->ClientIp, &s->RemoteIP, sizeof(IP));

			
 
				+		c->ClientPort = s->RemotePort;

			
 
				 		StrCpy(c->ClientHostname, sizeof(c->ClientHostname), s->RemoteHostname);

			
 
				 	}

			
 
				 	c->Tcp = ZeroMalloc(sizeof(TCP));

			
--- a/src/Cedar/Connection.h
+++ b/src/Cedar/Connection.h
@@ -300,6 +300,7 @@ struct CONNECTION
 
				 	char *CipherName;				// Encryption algorithm name

			
 
				 	UINT64 ConnectedTick;			// Time it is connected

			
 
				 	IP ClientIp;					// Client IP address

			
 
				+	UINT ClientPort;				// Client Port number

			
 
				 	char ClientHostname[MAX_HOST_NAME_LEN + 1];	// Client host name

			
 
				 	UINT Type;						// Type

			
 
				 	bool DontUseTls1;				// Do not use TLS 1.0

			
--- a/src/Cedar/IPsec.c
+++ b/src/Cedar/IPsec.c
@@ -381,6 +381,13 @@ void IPsecServerUdpPacketRecvProc(UDPLISTENER *u, LIST *packet_list)
 
				 

			
 
				 	ike->Now = now;

			
 
				 

			
 
				+	if (now >= ike->NextInfoMsgQuotaClearTick)

			
 
				+	{

			
 
				+		ike->NextInfoMsgQuotaClearTick = now + 1000ULL;

			
 
				+

			
 
				+		IkeInfoMsgQuotaDeleteAll(ike);

			
 
				+	}

			
 
				+

			
 
				 	if (ipsec_disable == false)

			
 
				 	{

			
 
				 		{

			
--- a/src/Cedar/IPsec_IKE.c
+++ b/src/Cedar/IPsec_IKE.c
@@ -159,6 +159,55 @@ void ProcIKEPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
 
				 	}

			
 
				 }

			
 
				 

			
 
				+IKE_INFOMSG_QUOTA_ENTRY *IkeInfoMsgQuotaGetEntry(IKE_SERVER *ike, IP *client_ip)

			
 
				+{

			
 
				+	UINT i;

			
 
				+	IKE_INFOMSG_QUOTA_ENTRY *new_entry = NULL;

			
 
				+	if (ike == NULL || client_ip == NULL)

			
 
				+	{

			
 
				+		return NULL;

			
 
				+	}

			
 
				+

			
 
				+	for (i = 0;i < LIST_NUM(ike->InfoMsgQuotaList);i++)

			
 
				+	{

			
 
				+		IKE_INFOMSG_QUOTA_ENTRY *q = LIST_DATA(ike->InfoMsgQuotaList, i);

			
 
				+

			
 
				+		if (CmpIpAddr(&q->ClientIp, client_ip) == 0)

			
 
				+		{

			
 
				+			return q;

			
 
				+		}

			
 
				+	}

			
 
				+

			
 
				+	if (LIST_NUM(ike->InfoMsgQuotaList) >= IKE_QUOTA_MAX_INFOMSG_ENTRY_COUNT)

			
 
				+	{

			
 
				+		return NULL;

			
 
				+	}

			
 
				+

			
 
				+	new_entry = ZeroMalloc(sizeof(IKE_INFOMSG_QUOTA_ENTRY));

			
 
				+	CopyIP(&new_entry->ClientIp, client_ip);

			
 
				+	Add(ike->InfoMsgQuotaList, new_entry);

			
 
				+

			
 
				+	return new_entry;

			
 
				+}

			
 
				+

			
 
				+void IkeInfoMsgQuotaDeleteAll(IKE_SERVER *ike)

			
 
				+{

			
 
				+	UINT i;

			
 
				+	if (ike == NULL)

			
 
				+	{

			
 
				+		return;

			
 
				+	}

			
 
				+

			
 
				+	for (i = 0;i < LIST_NUM(ike->InfoMsgQuotaList);i++)

			
 
				+	{

			
 
				+		IKE_INFOMSG_QUOTA_ENTRY *q = LIST_DATA(ike->InfoMsgQuotaList, i);

			
 
				+

			
 
				+		Free(q);

			
 
				+	}

			
 
				+

			
 
				+	DeleteAll(ike->InfoMsgQuotaList);

			
 
				+}

			
 
				+

			
 
				 // Send a packet via IPsec

			
 
				 void IPsecSendPacketByIPsecSa(IKE_SERVER *ike, IPSECSA *sa, UCHAR *data, UINT data_size, UCHAR protocol_id)

			
 
				 {

			
@@ -1337,6 +1386,7 @@ void SendInformationalExchangePacketEx(IKE_SERVER *ike, IKE_CLIENT *c, IKE_PACKE
 
				 	BUF *tmp_buf;

			
 
				 	UCHAR hash[IKE_MAX_HASH_SIZE];

			
 
				 	IKE_CRYPTO_PARAM cp;

			
 
				+	IKE_INFOMSG_QUOTA_ENTRY *quota_entry;

			
 
				 	bool plain = false;

			
 
				 	// Validate arguments

			
 
				 	if (ike == NULL || c == NULL || payload == NULL)

			
@@ -1345,6 +1395,20 @@ void SendInformationalExchangePacketEx(IKE_SERVER *ike, IKE_CLIENT *c, IKE_PACKE
 
				 		return;

			
 
				 	}

			
 
				 

			
 
				+	quota_entry = IkeInfoMsgQuotaGetEntry(ike, &c->ClientIP);

			
 
				+	if (quota_entry == NULL)

			
 
				+	{

			
 
				+		IkeFreePayload(payload);

			
 
				+		return;

			
 
				+	}

			
 
				+

			
 
				+	quota_entry->Count++;

			
 
				+	if (quota_entry->Count >= IKE_QUOTA_MAX_INFOMSG_SEND_PER_IP_PER_SEC)

			
 
				+	{

			
 
				+		IkeFreePayload(payload);

			
 
				+		return;

			
 
				+	}

			
 
				+

			
 
				 	sa = c->CurrentIkeSa;

			
 
				 	if (sa == NULL)

			
 
				 	{

			
@@ -5940,6 +6004,15 @@ void FreeIKEServer(IKE_SERVER *ike)
 
				 

			
 
				 	FreeIkeEngine(ike->Engine);

			
 
				 

			
 
				+	for (i = 0;i < LIST_NUM(ike->InfoMsgQuotaList);i++)

			
 
				+	{

			
 
				+		IKE_INFOMSG_QUOTA_ENTRY *q = LIST_DATA(ike->InfoMsgQuotaList, i);

			
 
				+

			
 
				+		Free(q);

			
 
				+	}

			
 
				+

			
 
				+	ReleaseList(ike->InfoMsgQuotaList);

			
 
				+

			
 
				 	Debug("FreeThreadList()...\n");

			
 
				 	FreeThreadList(ike->ThreadList);

			
 
				 	Debug("FreeThreadList() Done.\n");

			
@@ -5974,6 +6047,8 @@ IKE_SERVER *NewIKEServer(CEDAR *cedar, IPSEC_SERVER *ipsec)
 
				 

			
 
				 	ike->ClientList = NewList(CmpIkeClient);

			
 
				 

			
 
				+	ike->InfoMsgQuotaList = NewList(NULL);

			
 
				+

			
 
				 	ike->Engine = NewIkeEngine();

			
 
				 

			
 
				 	ike->ThreadList = NewThreadList();

			
--- a/src/Cedar/IPsec_IKE.h
+++ b/src/Cedar/IPsec_IKE.h
@@ -148,6 +148,9 @@
 
				 #define	IKE_QUOTA_MAX_NUM_CLIENTS			30000			// Limit number of IKE_CLIENT

			
 
				 #define	IKE_QUOTA_MAX_SA_PER_CLIENT			100				// The limit number of SA for each IKE_CLIENT

			
 
				 

			
 
				+#define IKE_QUOTA_MAX_INFOMSG_SEND_PER_IP_PER_SEC	20

			
 
				+#define IKE_QUOTA_MAX_INFOMSG_ENTRY_COUNT	100

			
 
				+

			
 
				 // Time-out

			
 
				 #define	IKE_TIMEOUT_FOR_IKE_CLIENT			150000			// IKE_CLIENT non-communication disconnect time

			
 
				 #define	IKE_TIMEOUT_FOR_IKE_CLIENT_FOR_NOT_ESTABLISHED		10000 // IKE_CLIENT non-communication disconnect time (connection incomplete)

			
@@ -346,6 +349,12 @@ struct IPSECSA
 
				 	IKE_HASH *SKEYID_Hash;

			
 
				 };

			
 
				 

			
 
				+struct IKE_INFOMSG_QUOTA_ENTRY

			
 
				+{

			
 
				+	IP ClientIp;

			
 
				+	UINT Count;

			
 
				+};

			
 
				+

			
 
				 // IKE server

			
 
				 struct IKE_SERVER

			
 
				 {

			
@@ -360,6 +369,8 @@ struct IKE_SERVER
 
				 	LIST *IkeSaList;							// SA list

			
 
				 	LIST *IPsecSaList;							// IPsec SA list

			
 
				 	LIST *ThreadList;							// L2TP thread list

			
 
				+	LIST *InfoMsgQuotaList;						// Information Message Quota List

			
 
				+	UINT64 NextInfoMsgQuotaClearTick;

			
 
				 	bool StateHasChanged;						// Flag whether the state has changed

			
 
				 	UINT CurrentIkeSaId, CurrentIPsecSaId, CurrentIkeClientId, CurrentEtherId;	// Serial number ID

			
 
				 

			
@@ -463,5 +474,8 @@ void ProcL2TPv3PacketRecv(IKE_SERVER *ike, IKE_CLIENT *c, UCHAR *data, UINT data
 
				 

			
 
				 IKE_SA *SearchIkeSaByCookie(IKE_SERVER *ike, UINT64 init_cookie, UINT64 resp_cookie);

			
 
				 

			
 
				+IKE_INFOMSG_QUOTA_ENTRY *IkeInfoMsgQuotaGetEntry(IKE_SERVER *ike, IP *client_ip);

			
 
				+void IkeInfoMsgQuotaDeleteAll(IKE_SERVER *ike);

			
 
				+

			
 
				 #endif	// IPSEC_IKE_H

			
 
				 

			
--- a/src/Cedar/Logging.c
+++ b/src/Cedar/Logging.c
@@ -1147,11 +1147,23 @@ bool PacketLog(HUB *hub, SESSION *src_session, SESSION *dest_session, PKT *packe
 
				 		if (src_session != NULL && src_session->NormalClient)

			
 
				 		{

			
 
				 			StrCpy(pl->SrcPhysicalIP, sizeof(pl->SrcPhysicalIP), src_session->ClientIP);

			
 
				+			if (src_session->ClientPort != 0)

			
 
				+			{

			
 
				+				char tmp[32] = {0};

			
 
				+				Format(tmp, sizeof(tmp), "(port=%u)", src_session->ClientPort);

			
 
				+				StrCat(pl->SrcPhysicalIP, sizeof(pl->SrcPhysicalIP), tmp);

			
 
				+			}

			
 
				 		}

			
 
				 

			
 
				 		if (dest_session != NULL && dest_session->NormalClient)

			
 
				 		{

			
 
				 			StrCpy(pl->DestPhysicalIP, sizeof(pl->DestPhysicalIP), dest_session->ClientIP);

			
 
				+			if (dest_session->ClientPort != 0)

			
 
				+			{

			
 
				+				char tmp[32] = {0};

			
 
				+				Format(tmp, sizeof(tmp), "(port=%u)", dest_session->ClientPort);

			
 
				+				StrCat(pl->DestPhysicalIP, sizeof(pl->DestPhysicalIP), tmp);

			
 
				+			}

			
 
				 		}

			
 
				 

			
 
				 		pl->WritePhysicalIP = true;

			
--- a/src/Cedar/Protocol.c
+++ b/src/Cedar/Protocol.c
@@ -3736,6 +3736,7 @@ bool ServerAccept(CONNECTION *c)
 
				 			s->NormalClient = true;

			
 
				 

			
 
				 			IPToStr(s->ClientIP, sizeof(s->ClientIP), &c->ClientIp);

			
 
				+			s->ClientPort = c->ClientPort;

			
 
				 

			
 
				 			if (c->FirstSock->IsRUDPSocket)

			
 
				 			{

			
@@ -7783,7 +7784,10 @@ SOCK *SocksConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
 
				 	if (c == NULL || proxy_host_name == NULL || proxy_port == 0 || server_host_name == NULL

			
 
				 		|| server_port == 0)

			
 
				 	{

			
 
				-		c->Err = ERR_PROXY_CONNECT_FAILED;

			
 
				+		if (c != NULL)

			
 
				+		{

			
 
				+			c->Err = ERR_PROXY_CONNECT_FAILED;

			
 
				+		}

			
 
				 		return NULL;

			
 
				 	}

			
 
				 

			
@@ -7977,7 +7981,10 @@ SOCK *ProxyConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
 
				 	if (c == NULL || proxy_host_name == NULL || proxy_port == 0 || server_host_name == NULL ||

			
 
				 		server_port == 0)

			
 
				 	{

			
 
				-		c->Err = ERR_PROXY_CONNECT_FAILED;

			
 
				+		if (c != NULL)

			
 
				+		{

			
 
				+			c->Err = ERR_PROXY_CONNECT_FAILED;

			
 
				+		}

			
 
				 		return NULL;

			
 
				 	}

			
 
				 	if (username != NULL && password != NULL &&

			
@@ -8977,7 +8984,7 @@ UINT WsRecvSync(WS *w, void *data, UINT size)
 
				 			return sz;

			
 
				 		}

			
 
				 		r = Recv(w->Sock, w->TmpBuf, sizeof(w->TmpBuf), w->Sock->SecureMode);

			
 
				-		if (r == 0)

			
 
				+		if (r == 0 || r == SOCK_LATER)

			
 
				 		{

			
 
				 			break;

			
 
				 		}

			
@@ -9589,9 +9596,9 @@ UINT MvpnDoAccept(CONNECTION *c, WS *w)
 
				 		StrCpy(ipc_param.HubName, sizeof(ipc_param.HubName), client_hub_name);

			
 
				 		StrCpy(ipc_param.UserName, sizeof(ipc_param.UserName), auth_username);

			
 
				 		CopyIP(&ipc_param.ClientIp, &w->Sock->RemoteIP);

			
 
				-		ipc_param.ClientPort, w->Sock->RemotePort;

			
 
				+		ipc_param.ClientPort = w->Sock->RemotePort;

			
 
				 		CopyIP(&ipc_param.ServerIp, &w->Sock->LocalIP);

			
 
				-		ipc_param.ServerPort, w->Sock->LocalPort;

			
 
				+		ipc_param.ServerPort = w->Sock->LocalPort;

			
 
				 		StrCpy(ipc_param.ClientHostname, sizeof(ipc_param.ClientHostname), w->Sock->RemoteHostname);

			
 
				 		StrCpy(ipc_param.CryptName, sizeof(ipc_param.CryptName), w->Sock->CipherName);

			
 
				 		ipc_param.Layer = IPC_LAYER_3; // TODO

			
--- a/src/Cedar/Session.h
+++ b/src/Cedar/Session.h
@@ -185,6 +185,7 @@ struct SESSION
 
				 	THREAD *Thread;					// Management thread

			
 
				 	CONNECTION *Connection;			// Connection

			
 
				 	char ClientIP[64];				// Client IP

			
 
				+	UINT ClientPort;				// Client Port

			
 
				 	CLIENT_OPTION *ClientOption;	// Client connection options

			
 
				 	CLIENT_AUTH *ClientAuth;		// Client authentication data

			
 
				 	volatile bool Halt;				// Halting flag

			
--- a/src/CurrentBuild.txt
+++ b/src/CurrentBuild.txt
@@ -1,4 +1,4 @@
 
				-BUILD_NUMBER 9754

			
 
				-VERSION 436

			
 
				+BUILD_NUMBER 9758

			
 
				+VERSION 437

			
 
				 BUILD_NAME beta

			
 
				-BUILD_DATE 20210607_212954

			
 
				+BUILD_DATE 20210816_002711

			
--- a/src/Mayaqua/Encrypt.c
+++ b/src/Mayaqua/Encrypt.c
@@ -2642,6 +2642,7 @@ bool RsaPrivateDecrypt(void *dst, void *src, UINT size, K *k)
 
				 	Unlock(openssl_lock);

			
 
				 	if (ret <= 0)

			
 
				 	{

			
 
				+		Free(tmp);

			
 
				 		return false;

			
 
				 	}

			
 
				 

			
--- a/src/Mayaqua/Kernel.c
+++ b/src/Mayaqua/Kernel.c
@@ -566,7 +566,7 @@ void GetHomeDir(char *path, UINT size)
 
				 		if (GetEnv("HOMEDRIVE", drive, sizeof(drive)) &&

			
 
				 			GetEnv("HOMEPATH", hpath, sizeof(hpath)))

			
 
				 		{

			
 
				-			Format(path, sizeof(path), "%s%s", drive, hpath);

			
 
				+			Format(path, size, "%s%s", drive, hpath);

			
 
				 		}

			
 
				 		else

			
 
				 		{

			
--- a/src/bin/vpnweb.cab
+++ b/src/bin/vpnweb.cab
--- a/src/bin/vpnweb.ocx
+++ b/src/bin/vpnweb.ocx
--- a/src/vpnweb/vpnweb.h
+++ b/src/vpnweb/vpnweb.h
@@ -4,7 +4,7 @@
 
				 

			
 
				 

			
 
				  /* File created by MIDL compiler version 7.00.0500 */

			
 
				-/* at Mon Jun 07 21:30:12 2021

			
 
				+/* at Mon Aug 16 00:27:28 2021

			
 
				  */

			
 
				 /* Compiler settings for .\vpnweb.idl:

			
 
				     Oicf, W1, Zp8, env=Win32 (32b run)

			
--- a/src/vpnweb/vpnweb_i.c
+++ b/src/vpnweb/vpnweb_i.c
@@ -6,7 +6,7 @@
 
				 

			
 
				 

			
 
				  /* File created by MIDL compiler version 7.00.0500 */

			
 
				-/* at Mon Jun 07 21:30:12 2021

			
 
				+/* at Mon Aug 16 00:27:28 2021

			
 
				  */

			
 
				 /* Compiler settings for .\vpnweb.idl:

			
 
				     Oicf, W1, Zp8, env=Win32 (32b run)

			
--- a/src/vpnweb/vpnweb_p.c
+++ b/src/vpnweb/vpnweb_p.c
@@ -4,7 +4,7 @@
 
				 

			
 
				 

			
 
				  /* File created by MIDL compiler version 7.00.0500 */

			
 
				-/* at Mon Jun 07 21:30:12 2021

			
 
				+/* at Mon Aug 16 00:27:28 2021

			
 
				  */

			
 
				 /* Compiler settings for .\vpnweb.idl:

			
 
				     Oicf, W1, Zp8, env=Win32 (32b run)