diff -Nur a/src/chilli.c b/src/chilli.c --- a/src/chilli.c 2010-02-11 20:54:22.000000000 +0800 +++ b/src/chilli.c 2010-03-26 16:15:23.856879471 +0800 @@ -1474,6 +1474,24 @@ } +/* Can bypass ? + * returns 1 if the packet is the the bypass list, so ***CAN*** bypass leaky bucket, + * returns 0 if not in the bypass list, so cannot bypass leaky bucket + * */ +inline int can_bypass(struct pkt_ipphdr_t *ipph) +{ + int i; + for ( i=0; i < _options.bypasstoscount; i++) + if( ipph->tos == _options.bypasstos[i] ) + return 1; + for ( i=0; i < _options.bypasshostcount; i++) + if( ipph->daddr == _options.bypasshost[i].s_addr || ipph->saddr == _options.bypasshost[i].s_addr ) + return 1; + return 0; +} + + + /* * Tun callbacks * @@ -1632,9 +1650,9 @@ } /* If the ip src is uamlisten and psrc is uamport we won't call leaky_bucket */ - if ( ! (ipph->saddr == _options.uamlisten.s_addr && + if ( ! ((ipph->saddr == _options.uamlisten.s_addr && (ipph->sport == htons(_options.uamport) || - ipph->sport == htons(_options.uamuiport)))) { + ipph->sport == htons(_options.uamuiport))) || can_bypass(ipph) )) { if (appconn->s_state.authenticated == 1) { #ifndef ENABLE_LEAKYBUCKET diff -Nur a/src/cmdline.c b/src/cmdline.c --- a/src/cmdline.c 2010-02-11 21:16:08.000000000 +0800 +++ b/src/cmdline.c 2010-03-26 15:54:03.922820679 +0800 @@ -181,6 +181,8 @@ " --natport=INT Port to use when oding nat on the WAN \n (routeidx) (default=`0')", " --redirssl Enable redirection of SSL/HTTP port (requires \n SSL support) (default=off)", " --uamuissl Enable SSL/HTTPS support on the uamuiport \n (default=off)", + " --bypasstos=STRING List of comma separated TOS to bypass leaky bucket", + " --bypasshost=STRING List of comma separated HOST IP addresses to bypass leaky bucket", 0 }; @@ -372,6 +374,8 @@ args_info->maxclients_given = 0 ; args_info->challengetimeout_given = 0 ; args_info->challengetimeout2_given = 0 ; + args_info->bypasstos_given = 0; + args_info->bypasshost_given = 0; args_info->sslkeyfile_given = 0 ; args_info->sslkeypass_given = 0 ; args_info->sslcertfile_given = 0 ; @@ -627,6 +631,10 @@ args_info->challengetimeout_orig = NULL; args_info->challengetimeout2_arg = 1200; args_info->challengetimeout2_orig = NULL; + args_info->bypasstos_arg = NULL; + args_info->bypasstos_orig = NULL; + args_info->bypasshost_arg = NULL; + args_info->bypasshost_orig = NULL; args_info->sslkeyfile_arg = NULL; args_info->sslkeyfile_orig = NULL; args_info->sslkeypass_arg = NULL; @@ -809,6 +817,8 @@ args_info->natport_help = gengetopt_args_info_help[146] ; args_info->redirssl_help = gengetopt_args_info_help[147] ; args_info->uamuissl_help = gengetopt_args_info_help[148] ; + args_info->bypasstos_help = gengetopt_args_info_help[149] ; + args_info->bypasshost_help = gengetopt_args_info_help[150] ; } @@ -1099,6 +1109,10 @@ free_string_field (&(args_info->maxclients_orig)); free_string_field (&(args_info->challengetimeout_orig)); free_string_field (&(args_info->challengetimeout2_orig)); + free_string_field (&(args_info->bypasstos_arg)); + free_string_field (&(args_info->bypasstos_orig)); + free_string_field (&(args_info->bypasshost_arg)); + free_string_field (&(args_info->bypasshost_orig)); free_string_field (&(args_info->sslkeyfile_arg)); free_string_field (&(args_info->sslkeyfile_orig)); free_string_field (&(args_info->sslkeypass_arg)); @@ -1444,6 +1458,10 @@ write_into_file(outfile, "redirssl", 0, 0 ); if (args_info->uamuissl_given) write_into_file(outfile, "uamuissl", 0, 0 ); + if ( args_info->bypasstos_given) + write_into_file(outfile, "bypasstos", args_info->bypasstos_orig, 0); + if ( args_info->bypasshost_given) + write_into_file(outfile, "bypasshost", args_info->bypasshost_orig, 0); i = EXIT_SUCCESS; @@ -2164,6 +2182,8 @@ { "natport", 1, NULL, 0 }, { "redirssl", 0, NULL, 0 }, { "uamuissl", 0, NULL, 0 }, + { "bypasstos", 1, NULL, 0 }, + { "bypasshost", 1, NULL, 0 }, { 0, 0, 0, 0 } }; @@ -4160,6 +4180,32 @@ additional_error)) goto failure; + } + /* TOS for bypass leaky bucket */ + else if (strcmp (long_options[option_index].name, "bypasstos") == 0) + { + + if (update_arg( (void *)&(args_info->bypasstos_arg), + &(args_info->bypasstos_orig), &(args_info->bypasstos_given), + &(local_args_info.bypasstos_given), optarg, 0, 0, ARG_STRING, + check_ambiguity, override, 0, 0, + "bypasstos", '-', + additional_error)) + goto failure; + + } + /* HOST for bypass leaky bucket */ + else if (strcmp (long_options[option_index].name, "bypasshost") == 0) + { + + if (update_arg( (void *)&(args_info->bypasshost_arg), + &(args_info->bypasshost_orig), &(args_info->bypasshost_given), + &(local_args_info.bypasshost_given), optarg, 0, 0, ARG_STRING, + check_ambiguity, override, 0, 0, + "bypasshost", '-', + additional_error)) + goto failure; + } break; diff -Nur a/src/cmdline.h b/src/cmdline.h --- a/src/cmdline.h 2010-02-11 21:16:08.000000000 +0800 +++ b/src/cmdline.h 2010-03-26 15:43:30.529555965 +0800 @@ -427,6 +427,12 @@ int challengetimeout2_arg; /**< @brief Timeout in seconds for challenge during login (default='1200'). */ char * challengetimeout2_orig; /**< @brief Timeout in seconds for challenge during login original value given at command line. */ const char *challengetimeout2_help; /**< @brief Timeout in seconds for challenge during login help description. */ + char * bypasstos_arg; /**<@brief Comma separated TOS values to bypass leaky bucket. */ + char * bypasstos_orig; /**<@brief Comma separated TOS values to bypass leaky bucket original value given at command line. */ + const char * bypasstos_help; /**<@brief TOS values to bypass leaky bucket help description. */ + char * bypasshost_arg; /**<@brief Comma separated HOST values to bypass leaky bucket. */ + char * bypasshost_orig; /**<@brief Comma separated HOST values to bypass leaky bucket original value given at command line. */ + const char * bypasshost_help; /**<@brief HOST values to bypass leaky bucket help description. */ char * sslkeyfile_arg; /**< @brief SSL private key file in PEM format. */ char * sslkeyfile_orig; /**< @brief SSL private key file in PEM format original value given at command line. */ const char *sslkeyfile_help; /**< @brief SSL private key file in PEM format help description. */ @@ -594,6 +600,8 @@ unsigned int maxclients_given ; /**< @brief Whether maxclients was given. */ unsigned int challengetimeout_given ; /**< @brief Whether challengetimeout was given. */ unsigned int challengetimeout2_given ; /**< @brief Whether challengetimeout2 was given. */ + unsigned int bypasstos_given ; /** < @brief Whether bypass tos were given */ + unsigned int bypasshost_given ; /** < @brief Whether bypass hosts were given */ unsigned int sslkeyfile_given ; /**< @brief Whether sslkeyfile was given. */ unsigned int sslkeypass_given ; /**< @brief Whether sslkeypass was given. */ unsigned int sslcertfile_given ; /**< @brief Whether sslcertfile was given. */ diff -Nur a/src/main-opt.c b/src/main-opt.c --- a/src/main-opt.c 2010-02-11 21:15:59.000000000 +0800 +++ b/src/main-opt.c 2010-03-26 16:26:38.259312748 +0800 @@ -630,6 +630,60 @@ _options.proxymask.s_addr = 0; } + memset(_options.bypasstos, 0, sizeof(_options.bypasstos)); + _options.bypasstoscount = 0; + if( args_info.bypasstos_given) { + char* p = args_info.bypasstos_arg; + char* p1 = p; + int len = strlen(p); + int i = 0; + while( *p != '\0' && _options.bypasstoscount < sizeof(_options.bypasstos)/sizeof(int) ) { + if ( *p == ',' ){ + *p = '\0'; + _options.bypasstoscount++; + _options.bypasstos[i] = atoi(p1); + i++; + p1 = p+1; + } + p++; + } + if ( len && _options.bypasstoscount < sizeof(_options.bypasstos)/sizeof(int) ) { + _options.bypasstos[i] = atoi(p1); + _options.bypasstoscount++; + } + } + memset(_options.bypasshost, 0, sizeof(_options.bypasshost)); + _options.bypasshostcount = 0; + if( args_info.bypasshost_given) { + char* p = args_info.bypasshost_arg; + char* p1 = p; + int len = strlen(p); + int i = 0; + while( *p != '\0' && _options.bypasshostcount < sizeof(_options.bypasshostcount)/sizeof(struct in_addr) ) { + if ( *p == ',' ){ + *p = '\0'; + if ( !inet_aton(p1, &_options.bypasshost[i]) ) { + log_err(0,"Invalid bypass host address: %s!", args_info.bypasshost_arg); + goto end_processing; + } + else + _options.bypasshostcount++; + i++; + p1 = p+1; + } + p++; + } + if ( len && _options.bypasshostcount < sizeof(_options.bypasshostcount)/sizeof(struct in_addr)) { + if ( !inet_aton(p1, &_options.bypasshost[i]) ) { + log_err(0,"Invalid bypass host address: %s!", args_info.bypasshost_arg); + goto end_processing; + } + else + _options.bypasshostcount++; + } + } + + memset(_options.macok, 0, sizeof(_options.macok)); _options.macoklen = 0; for (numargs = 0; numargs < args_info.macallowed_given; ++numargs) { diff -Nur a/src/options.h b/src/options.h --- a/src/options.h 2010-02-11 21:23:37.000000000 +0800 +++ b/src/options.h 2010-03-26 16:13:31.586052118 +0800 @@ -234,6 +234,11 @@ #endif char * _data; /* actual data buffer for loaded options */ + + uint8_t bypasstoscount; /* Count of TOS values to bypass leaky bucket */ + unsigned int bypasstos[10]; + uint8_t bypasshostcount; /* Count of HOST values to bypass leaky bucket */ + struct in_addr bypasshost[10]; }; int options_fromfd(int fd, bstring bt);