From 2eb3ff7f06766ddfd1c2a669adfae13e532a460f Mon Sep 17 00:00:00 2001 From: NotTsunami <4589807+NotTsunami@users.noreply.github.com> Date: Sun, 20 Sep 2020 22:46:28 -0400 Subject: [PATCH] Allow users to configure no_connect_privileged_ports Don't hardcode lt::settings_pack::no_connect_privileged_ports. We support the peer alert for it already, so connections blocked by this setting should be logged. --- src/base/bittorrent/session.cpp | 17 ++++++++++++++++- src/base/bittorrent/session.h | 3 +++ src/gui/advancedsettings.cpp | 6 ++++++ src/gui/advancedsettings.h | 3 ++- src/webui/api/appcontroller.cpp | 5 +++++ src/webui/www/private/views/preferences.html | 10 ++++++++++ 6 files changed, 42 insertions(+), 2 deletions(-) diff --git a/src/base/bittorrent/session.cpp b/src/base/bittorrent/session.cpp index a87462fb2..37eee1674 100644 --- a/src/base/bittorrent/session.cpp +++ b/src/base/bittorrent/session.cpp @@ -381,6 +381,7 @@ Session::Session(QObject *parent) , clampValue(MixedModeAlgorithm::TCP, MixedModeAlgorithm::Proportional)) , m_multiConnectionsPerIpEnabled(BITTORRENT_SESSION_KEY("MultiConnectionsPerIp"), false) , m_validateHTTPSTrackerCertificate(BITTORRENT_SESSION_KEY("ValidateHTTPSTrackerCertificate"), false) + , m_blockPeersOnPrivilegedPorts(BITTORRENT_SESSION_KEY("BlockPeersOnPrivilegedPorts"), false) , m_isAddTrackersEnabled(BITTORRENT_SESSION_KEY("AddTrackersEnabled"), false) , m_additionalTrackers(BITTORRENT_SESSION_KEY("AdditionalTrackers")) , m_globalMaxRatio(BITTORRENT_SESSION_KEY("GlobalMaxRatio"), -1, [](qreal r) { return r < 0 ? -1. : r;}) @@ -1044,7 +1045,6 @@ void Session::initializeNativeSession() pack.set_int(lt::settings_pack::auto_scrape_interval, 1200); // 20 minutes pack.set_int(lt::settings_pack::auto_scrape_min_interval, 900); // 15 minutes pack.set_int(lt::settings_pack::connection_speed, 20); // default is 10 - pack.set_bool(lt::settings_pack::no_connect_privileged_ports, false); // libtorrent 1.1 enables UPnP & NAT-PMP by default // turn them off before `lt::session` ctor to avoid split second effects pack.set_bool(lt::settings_pack::enable_upnp, false); @@ -1385,6 +1385,8 @@ void Session::loadLTSettings(lt::settings_pack &settingsPack) settingsPack.set_bool(lt::settings_pack::validate_https_trackers, validateHTTPSTrackerCertificate()); #endif + settingsPack.set_bool(lt::settings_pack::no_connect_privileged_ports, blockPeersOnPrivilegedPorts()); + settingsPack.set_bool(lt::settings_pack::apply_ip_filter_to_trackers, isTrackerFilteringEnabled()); settingsPack.set_bool(lt::settings_pack::enable_dht, isDHTEnabled()); @@ -3527,6 +3529,19 @@ void Session::setValidateHTTPSTrackerCertificate(const bool enabled) configureDeferred(); } +bool Session::blockPeersOnPrivilegedPorts() const +{ + return m_blockPeersOnPrivilegedPorts; +} + +void Session::setBlockPeersOnPrivilegedPorts(const bool enabled) +{ + if (enabled == m_blockPeersOnPrivilegedPorts) return; + + m_blockPeersOnPrivilegedPorts = enabled; + configureDeferred(); +} + bool Session::isTrackerFilteringEnabled() const { return m_isTrackerFilteringEnabled; diff --git a/src/base/bittorrent/session.h b/src/base/bittorrent/session.h index 9e31b372a..0cced546e 100644 --- a/src/base/bittorrent/session.h +++ b/src/base/bittorrent/session.h @@ -418,6 +418,8 @@ namespace BitTorrent void setMultiConnectionsPerIpEnabled(bool enabled); bool validateHTTPSTrackerCertificate() const; void setValidateHTTPSTrackerCertificate(bool enabled); + bool blockPeersOnPrivilegedPorts() const; + void setBlockPeersOnPrivilegedPorts(bool enabled); bool isTrackerFilteringEnabled() const; void setTrackerFilteringEnabled(bool enabled); QStringList bannedIPs() const; @@ -687,6 +689,7 @@ namespace BitTorrent CachedSettingValue m_utpMixedMode; CachedSettingValue m_multiConnectionsPerIpEnabled; CachedSettingValue m_validateHTTPSTrackerCertificate; + CachedSettingValue m_blockPeersOnPrivilegedPorts; CachedSettingValue m_isAddTrackersEnabled; CachedSettingValue m_additionalTrackers; CachedSettingValue m_globalMaxRatio; diff --git a/src/gui/advancedsettings.cpp b/src/gui/advancedsettings.cpp index ea1ef0455..4451ad920 100644 --- a/src/gui/advancedsettings.cpp +++ b/src/gui/advancedsettings.cpp @@ -115,6 +115,7 @@ namespace #ifdef HAS_HTTPS_TRACKER_VALIDATION VALIDATE_HTTPS_TRACKER_CERTIFICATE, #endif + BLOCK_PEERS_ON_PRIVILEGED_PORTS, // embedded tracker TRACKER_STATUS, TRACKER_PORT, @@ -230,6 +231,8 @@ void AdvancedSettings::saveAdvancedSettings() // Validate HTTPS tracker certificate session->setValidateHTTPSTrackerCertificate(m_checkBoxValidateHTTPSTrackerCertificate.isChecked()); #endif + // Disallow connection to peers on privileged ports + session->setBlockPeersOnPrivilegedPorts(m_checkBoxBlockPeersOnPrivilegedPorts.isChecked()); // Recheck torrents on completion pref->recheckTorrentsOnCompletion(m_checkBoxRecheckCompleted.isChecked()); // Transfer list refresh interval @@ -537,6 +540,9 @@ void AdvancedSettings::loadAdvancedSettings() + ' ' + makeLink("https://www.libtorrent.org/reference-Settings.html#validate_https_trackers", "(?)")) , &m_checkBoxValidateHTTPSTrackerCertificate); #endif + // Disallow connection to peers on privileged ports + m_checkBoxBlockPeersOnPrivilegedPorts.setChecked(session->blockPeersOnPrivilegedPorts()); + addRow(BLOCK_PEERS_ON_PRIVILEGED_PORTS, (tr("Disallow connection to peers on privileged ports") + ' ' + makeLink("https://libtorrent.org/single-page-ref.html#no_connect_privileged_ports", "(?)")), &m_checkBoxBlockPeersOnPrivilegedPorts); // Recheck completed torrents m_checkBoxRecheckCompleted.setChecked(pref->recheckTorrentsOnCompletion()); addRow(RECHECK_COMPLETED, tr("Recheck torrents on completion"), &m_checkBoxRecheckCompleted); diff --git a/src/gui/advancedsettings.h b/src/gui/advancedsettings.h index 37962f50c..24a703a07 100644 --- a/src/gui/advancedsettings.h +++ b/src/gui/advancedsettings.h @@ -69,7 +69,8 @@ private: QCheckBox m_checkBoxOsCache, m_checkBoxRecheckCompleted, m_checkBoxResolveCountries, m_checkBoxResolveHosts, m_checkBoxProgramNotifications, m_checkBoxTorrentAddedNotifications, m_checkBoxTrackerFavicon, m_checkBoxTrackerStatus, m_checkBoxConfirmTorrentRecheck, m_checkBoxConfirmRemoveAllTags, m_checkBoxAnnounceAllTrackers, m_checkBoxAnnounceAllTiers, - m_checkBoxMultiConnectionsPerIp, m_checkBoxValidateHTTPSTrackerCertificate, m_checkBoxPieceExtentAffinity, m_checkBoxSuggestMode, m_checkBoxSpeedWidgetEnabled; + m_checkBoxMultiConnectionsPerIp, m_checkBoxValidateHTTPSTrackerCertificate, m_checkBoxBlockPeersOnPrivilegedPorts, m_checkBoxPieceExtentAffinity, + m_checkBoxSuggestMode, m_checkBoxSpeedWidgetEnabled; QComboBox m_comboBoxInterface, m_comboBoxInterfaceAddress, m_comboBoxUtpMixedMode, m_comboBoxChokingAlgorithm, m_comboBoxSeedChokingAlgorithm; QLineEdit m_lineEditAnnounceIP; diff --git a/src/webui/api/appcontroller.cpp b/src/webui/api/appcontroller.cpp index 8f3c75313..e6dc71ada 100644 --- a/src/webui/api/appcontroller.cpp +++ b/src/webui/api/appcontroller.cpp @@ -309,6 +309,8 @@ void AppController::preferencesAction() data["enable_multi_connections_from_same_ip"] = session->multiConnectionsPerIpEnabled(); // Validate HTTPS tracker certificate data["validate_https_tracker_certificate"] = session->validateHTTPSTrackerCertificate(); + // Disallow connection to peers on privileged ports + data["block_peers_on_privileged_ports"] = session->blockPeersOnPrivilegedPorts(); // Embedded tracker data["enable_embedded_tracker"] = session->isTrackerEnabled(); data["embedded_tracker_port"] = pref->getTrackerPort(); @@ -749,6 +751,9 @@ void AppController::setPreferencesAction() // Validate HTTPS tracker certificate if (hasKey("validate_https_tracker_certificate")) session->setValidateHTTPSTrackerCertificate(it.value().toBool()); + // Disallow connection to peers on privileged ports + if (hasKey("block_peers_on_privileged_ports")) + session->setBlockPeersOnPrivilegedPorts(it.value().toBool()); // Embedded tracker if (hasKey("embedded_tracker_port")) pref->setTrackerPort(it.value().toInt()); diff --git a/src/webui/www/private/views/preferences.html b/src/webui/www/private/views/preferences.html index 1c53c0a6f..2165a4eee 100644 --- a/src/webui/www/private/views/preferences.html +++ b/src/webui/www/private/views/preferences.html @@ -1090,6 +1090,14 @@ + + + + + + + + @@ -1881,6 +1889,7 @@ $('utpTCPMixedModeAlgorithm').setProperty('value', pref.utp_tcp_mixed_mode); $('allowMultipleConnectionsFromTheSameIPAddress').setProperty('checked', pref.enable_multi_connections_from_same_ip); $('validateHTTPSTrackerCertificate').setProperty('checked', pref.validate_https_tracker_certificate); + $('blockPeersOnPrivilegedPorts').setProperty('checked', pref.no_connect_privileged_ports); $('enableEmbeddedTracker').setProperty('checked', pref.enable_embedded_tracker); $('embeddedTrackerPort').setProperty('value', pref.embedded_tracker_port); $('uploadSlotsBehavior').setProperty('value', pref.upload_slots_behavior); @@ -2266,6 +2275,7 @@ settings.set('utp_tcp_mixed_mode', $('utpTCPMixedModeAlgorithm').getProperty('value')); settings.set('enable_multi_connections_from_same_ip', $('allowMultipleConnectionsFromTheSameIPAddress').getProperty('checked')); settings.set('validate_https_tracker_certificate', $('validateHTTPSTrackerCertificate').getProperty('checked')); + settings.set('block_peers_on_privileged_ports', $('blockPeersOnPrivilegedPorts').getProperty('checked')); settings.set('enable_embedded_tracker', $('enableEmbeddedTracker').getProperty('checked')); settings.set('embedded_tracker_port', $('embeddedTrackerPort').getProperty('value')); settings.set('upload_slots_behavior', $('uploadSlotsBehavior').getProperty('value'));