Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nx-libs
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
1
Issues
1
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
dimbor
nx-libs
Commits
1be1c4a2
Commit
1be1c4a2
authored
Feb 10, 2015
by
Mike Gabriel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Force NX proxy to bind to loopback devices only (loopback option)…
Force NX proxy to bind to loopback devices only (loopback option) (220_nxproxy_bind-loopback-only.full+lite.patch).
parent
79f218b5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
55 additions
and
135 deletions
+55
-135
220_nxproxy_bind-loopback-only.full+lite.patch
...an/patches/220_nxproxy_bind-loopback-only.full+lite.patch
+0
-130
series
debian/patches/series
+0
-1
Loop.cpp
nxcomp/Loop.cpp
+37
-4
Misc.cpp
nxcomp/Misc.cpp
+10
-0
Misc.h
nxcomp/Misc.h
+8
-0
No files found.
debian/patches/220_nxproxy_bind-loopback-only.full+lite.patch
deleted
100644 → 0
View file @
79f218b5
Description: Force NX proxy to bind to loopback devices only (loopback option)
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
--- a/nxcomp/Loop.cpp
+++ b/nxcomp/Loop.cpp
@@ -952,6 +952,7 @@
static char displayHost[DEFAULT_STRING_LENGTH] = { 0 };
static char authCookie[DEFAULT_STRING_LENGTH] = { 0 };
+static int loopbackBind = DEFAULT_LOOPBACK_BIND;
static int proxyPort = DEFAULT_NX_PROXY_PORT;
static int xPort = DEFAULT_NX_X_PORT;
@@ -3959,7 +3960,14 @@
tcpAddr.sin_family = AF_INET;
tcpAddr.sin_port = htons(proxyPortTCP);
- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
+ if ( loopbackBind )
+ {
+ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ }
+ else
+ {
+ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
+ }
if (bind(tcpFD, (sockaddr *) &tcpAddr, sizeof(tcpAddr)) == -1)
{
@@ -4550,7 +4558,14 @@
tcpAddr.sin_family = AF_INET;
tcpAddr.sin_port = htons(portTCP);
- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
+ if ( loopbackBind )
+ {
+ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ }
+ else
+ {
+ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
+ }
if (bind(newFD, (sockaddr *) &tcpAddr, sizeof(tcpAddr)) == -1)
{
@@ -6718,7 +6733,14 @@
#ifdef __APPLE__
- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
+ if ( loopbackBind )
+ {
+ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ }
+ else
+ {
+ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
+ }
#else
@@ -8397,6 +8419,10 @@
listenPort = ValidateArg("local", name, value);
}
+ else if (strcasecmp(name, "loopback") == 0)
+ {
+ loopbackBind = ValidateArg("local", name, value);
+ }
else if (strcasecmp(name, "accept") == 0)
{
if (*connectHost != '\0')
@@ -13778,7 +13804,14 @@
}
else
{
- address = htonl(INADDR_ANY);
+ if ( loopbackBind )
+ {
+ address = htonl(INADDR_LOOPBACK);
+ }
+ else
+ {
+ address = htonl(INADDR_ANY);
+ }
}
}
else
--- a/nxcomp/Misc.cpp
+++ b/nxcomp/Misc.cpp
@@ -42,6 +42,14 @@
#undef DEBUG
//
+// By default nxproxy binds to all network interfaces, setting
+// DEFAULT_LOOPBACK_BIND to 1 enables binding to the loopback
+// device only.
+//
+
+const int DEFAULT_LOOPBACK_BIND = 0;
+
+//
// TCP port offset applied to any NX port specification.
//
@@ -137,6 +145,8 @@
\n\
listen=n Local port used for accepting the proxy connection.\n\
\n\
+ loopback=b Bind to the loopback device only.\n\
+\n\
accept=s Name or IP of host that can connect to the proxy.\n\
\n\
connect=s Name or IP of host that the proxy will connect to.\n\
--- a/nxcomp/Misc.h
+++ b/nxcomp/Misc.h
@@ -90,6 +90,14 @@
extern const int DEFAULT_NX_SLAVE_PORT_SERVER_OFFSET;
//
+// NX proxy binds to all network interfaces by default
+// With the -loopback parameter, you can switch
+// over to binding to the loopback device only.
+//
+
+extern const int DEFAULT_LOOPBACK_BIND;
+
+//
// Return strings containing various info.
//
debian/patches/series
View file @
1be1c4a2
220_nxproxy_bind-loopback-only.full+lite.patch
300_nxagent_set-wm-class.full.patch
301_nx-X11_use-shared-libs.full.patch
302_nx-X11_xkbbasedir-detection.full.patch
...
...
nxcomp/Loop.cpp
View file @
1be1c4a2
...
...
@@ -952,6 +952,7 @@ static char listenHost[DEFAULT_STRING_LENGTH] = { 0 };
static
char
displayHost
[
DEFAULT_STRING_LENGTH
]
=
{
0
};
static
char
authCookie
[
DEFAULT_STRING_LENGTH
]
=
{
0
};
static
int
loopbackBind
=
DEFAULT_LOOPBACK_BIND
;
static
int
proxyPort
=
DEFAULT_NX_PROXY_PORT
;
static
int
xPort
=
DEFAULT_NX_X_PORT
;
...
...
@@ -3959,7 +3960,14 @@ int SetupTcpSocket()
tcpAddr
.
sin_family
=
AF_INET
;
tcpAddr
.
sin_port
=
htons
(
proxyPortTCP
);
tcpAddr
.
sin_addr
.
s_addr
=
htonl
(
INADDR_ANY
);
if
(
loopbackBind
)
{
tcpAddr
.
sin_addr
.
s_addr
=
htonl
(
INADDR_LOOPBACK
);
}
else
{
tcpAddr
.
sin_addr
.
s_addr
=
htonl
(
INADDR_ANY
);
}
if
(
bind
(
tcpFD
,
(
sockaddr
*
)
&
tcpAddr
,
sizeof
(
tcpAddr
))
==
-
1
)
{
...
...
@@ -4550,7 +4558,14 @@ int ListenConnection(int port, const char *label)
tcpAddr
.
sin_family
=
AF_INET
;
tcpAddr
.
sin_port
=
htons
(
portTCP
);
tcpAddr
.
sin_addr
.
s_addr
=
htonl
(
INADDR_ANY
);
if
(
loopbackBind
)
{
tcpAddr
.
sin_addr
.
s_addr
=
htonl
(
INADDR_LOOPBACK
);
}
else
{
tcpAddr
.
sin_addr
.
s_addr
=
htonl
(
INADDR_ANY
);
}
if
(
bind
(
newFD
,
(
sockaddr
*
)
&
tcpAddr
,
sizeof
(
tcpAddr
))
==
-
1
)
{
...
...
@@ -6718,7 +6733,14 @@ int WaitForRemote(int portNum)
#ifdef __APPLE__
tcpAddr
.
sin_addr
.
s_addr
=
htonl
(
INADDR_ANY
);
if
(
loopbackBind
)
{
tcpAddr
.
sin_addr
.
s_addr
=
htonl
(
INADDR_LOOPBACK
);
}
else
{
tcpAddr
.
sin_addr
.
s_addr
=
htonl
(
INADDR_ANY
);
}
#else
...
...
@@ -8397,6 +8419,10 @@ int ParseEnvironmentOptions(const char *env, int force)
listenPort
=
ValidateArg
(
"local"
,
name
,
value
);
}
else
if
(
strcasecmp
(
name
,
"loopback"
)
==
0
)
{
loopbackBind
=
ValidateArg
(
"local"
,
name
,
value
);
}
else
if
(
strcasecmp
(
name
,
"accept"
)
==
0
)
{
if
(
*
connectHost
!=
'\0'
)
...
...
@@ -13778,7 +13804,14 @@ int ParseListenOption(int &address)
}
else
{
address
=
htonl
(
INADDR_ANY
);
if
(
loopbackBind
)
{
address
=
htonl
(
INADDR_LOOPBACK
);
}
else
{
address
=
htonl
(
INADDR_ANY
);
}
}
}
else
...
...
nxcomp/Misc.cpp
View file @
1be1c4a2
...
...
@@ -42,6 +42,14 @@
#undef DEBUG
//
// By default nxproxy binds to all network interfaces, setting
// DEFAULT_LOOPBACK_BIND to 1 enables binding to the loopback
// device only.
//
const
int
DEFAULT_LOOPBACK_BIND
=
0
;
//
// TCP port offset applied to any NX port specification.
//
...
...
@@ -137,6 +145,8 @@ static const char UsageInfo[] =
\n
\
listen=n Local port used for accepting the proxy connection.
\n
\
\n
\
loopback=b Bind to the loopback device only.
\n
\
\n
\
accept=s Name or IP of host that can connect to the proxy.
\n
\
\n
\
connect=s Name or IP of host that the proxy will connect to.
\n
\
...
...
nxcomp/Misc.h
View file @
1be1c4a2
...
...
@@ -90,6 +90,14 @@ extern const int DEFAULT_NX_SLAVE_PORT_CLIENT_OFFSET;
extern
const
int
DEFAULT_NX_SLAVE_PORT_SERVER_OFFSET
;
//
// NX proxy binds to all network interfaces by default
// With the -loopback parameter, you can switch
// over to binding to the loopback device only.
//
extern
const
int
DEFAULT_LOOPBACK_BIND
;
//
// Return strings containing various info.
//
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
