Handle restricted ports

This commit is contained in:
Pierre HUBERT 2024-08-22 09:42:10 +02:00
parent b52fbca4fd
commit ae754241ce
3 changed files with 105 additions and 2 deletions

1
src/lib.rs Normal file
View File

@ -0,0 +1 @@
pub mod restricted_port;

View File

@ -1,6 +1,7 @@
use actix_web::middleware::Logger;
use actix_web::{web, App, HttpResponse, HttpServer};
use clap::Parser;
use hidden_server::restricted_port::is_restricted_port;
use log::LevelFilter;
use rand::Rng;
@ -22,7 +23,7 @@ struct Args {
#[arg(short('M'), long, default_value_t = 1000)]
max_port: u16,
/// Host this server will listen to
#[arg(short, long, default_value="0.0.0.0")]
#[arg(short, long, default_value = "0.0.0.0")]
listen_host: String,
}
@ -43,7 +44,19 @@ async fn main() -> std::io::Result<()> {
log::info!("Choosing a random port to start...");
let mut rng = rand::thread_rng();
let port: u16 = args.min_port + rng.random::<u16>() % (args.max_port - args.min_port);
let mut port: u16;
loop {
port = args.min_port + rng.random::<u16>() % (args.max_port - args.min_port);
if !is_restricted_port(port) {
break;
}
log::info!("I chose a restricted port, I have to choose another one...");
}
log::info!("Can now start server...");
HttpServer::new(|| {
App::new()

89
src/restricted_port.rs Normal file
View File

@ -0,0 +1,89 @@
// Source : https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc
const RESTRICTED_PORTS: [u16; 80] = [
1, // tcpmux
7, // echo
9, // discard
11, // systat
13, // daytime
15, // netstat
17, // qotd
19, // chargen
20, // ftp data
21, // ftp access
22, // ssh
23, // telnet
25, // smtp
37, // time
42, // name
43, // nicname
53, // domain
69, // tftp
77, // priv-rjs
79, // finger
87, // ttylink
95, // supdup
101, // hostriame
102, // iso-tsap
103, // gppitnp
104, // acr-nema
109, // pop2
110, // pop3
111, // sunrpc
113, // auth
115, // sftp
117, // uucp-path
119, // nntp
123, // NTP
135, // loc-srv /epmap
137, // netbios
139, // netbios
143, // imap2
161, // snmp
179, // BGP
389, // ldap
427, // SLP (Also used by Apple Filing Protocol)
465, // smtp+ssl
512, // print / exec
513, // login
514, // shell
515, // printer
526, // tempo
530, // courier
531, // chat
532, // netnews
540, // uucp
548, // AFP (Apple Filing Protocol)
554, // rtsp
556, // remotefs
563, // nntp+ssl
587, // smtp (rfc6409)
601, // syslog-conn (rfc3195)
636, // ldap+ssl
989, // ftps-data
990, // ftps
993, // ldap+ssl
995, // pop3+ssl
1719, // h323gatestat
1720, // h323hostcall
1723, // pptp
2049, // nfs
3659, // apple-sasl / PasswordServer
4045, // lockd
5060, // sip
5061, // sips
6000, // X11
6566, // sane-port
6665, // Alternate IRC [Apple addition]
6666, // Alternate IRC [Apple addition]
6667, // Standard IRC [Apple addition]
6668, // Alternate IRC [Apple addition]
6669, // Alternate IRC [Apple addition]
6697, // IRC + TLS
10080, // Amanda
];
/// Check out wether a port is a restricted port for major browsers
pub fn is_restricted_port(port: u16) -> bool {
RESTRICTED_PORTS.contains(&port)
}