remove tunnel allowed port function

renzhn · renzhn · commit 312dbba570f5 · 2015-08-23T09:21:06.000+08:00
diff --git a/config.go b/config.go
@@ -27,24 +27,12 @@ const (
 	loadBalanceLatency
 )
 
-// allow the same tunnel ports as polipo
-var defaultTunnelAllowedPort = []string{
-	"22", "80", "443", // ssh, http, https
-	"873",                      // rsync
-	"143", "220", "585", "993", // imap, imap3, imap4-ssl, imaps
-	"109", "110", "473", "995", // pop2, pop3, hybrid-pop, pop3s
-	"5222", "5269", // jabber-client, jabber-server
-	"2401", "3690", "9418", // cvspserver, svn, git
-}
-
 type Config struct {
 	RcFile      string // config file
 	LogFile     string // path for log file
 	JudgeByIP   bool
 	LoadBalance LoadBalanceMode // select load balance mode
 
-	TunnelAllowedPort map[string]bool // allowed ports to create tunnel
-
 	SshServer []string
 
 	// authenticate client
@@ -88,11 +76,6 @@ func initConfig(rcFile string) {
 	config.JudgeByIP = true
 
 	config.AuthTimeout = 2 * time.Hour
-
-	config.TunnelAllowedPort = make(map[string]bool)
-	for _, port := range defaultTunnelAllowedPort {
-		config.TunnelAllowedPort[port] = true
-	}
 }
 
 // Whether command line options specifies listen addr
@@ -370,17 +353,6 @@ func (p configParser) ParseAddrInPAC(val string) {
 	}
 }
 
-func (p configParser) ParseTunnelAllowedPort(val string) {
-	arr := strings.Split(val, ",")
-	for _, s := range arr {
-		s = strings.TrimSpace(s)
-		if _, err := strconv.Atoi(s); err != nil {
-			Fatal("tunnel allowed ports", err)
-		}
-		config.TunnelAllowedPort[s] = true
-	}
-}
-
 func (p configParser) ParseSocksParent(val string) {
 	var pp proxyParser
 	pp.ProxySocks5(val)
diff --git a/config_test.go b/config_test.go
@@ -23,36 +23,6 @@ func TestParseListen(t *testing.T) {
 	}
 }
 
-func TestTunnelAllowedPort(t *testing.T) {
-	initConfig("")
-	parser := configParser{}
-	parser.ParseTunnelAllowedPort("1, 2, 3, 4, 5")
-	parser.ParseTunnelAllowedPort("6")
-	parser.ParseTunnelAllowedPort("7")
-	parser.ParseTunnelAllowedPort("8")
-
-	testData := []struct {
-		port    string
-		allowed bool
-	}{
-		{"80", true}, // default allowd ports
-		{"443", true},
-		{"1", true},
-		{"3", true},
-		{"5", true},
-		{"7", true},
-		{"8080", false},
-		{"8388", false},
-	}
-
-	for _, td := range testData {
-		allowed := config.TunnelAllowedPort[td.port]
-		if allowed != td.allowed {
-			t.Errorf("port %s allowed %v, got %v\n", td.port, td.allowed, allowed)
-		}
-	}
-}
-
 func TestParseProxy(t *testing.T) {
 	pool, ok := parentProxy.(*backupParentPool)
 	if !ok {
diff --git a/doc/sample-config/rc-full b/doc/sample-config/rc-full
@@ -125,12 +125,6 @@ listen = http://127.0.0.1:4411
 # 最多允许使用多少个 CPU 核
 #core = 2
 
-# 允许建立隧道连接的端口，多个端口用逗号分隔，可重复多次
-# 默认总是允许下列服务的端口: ssh, http, https, rsync, imap, pop, jabber, cvs, git, svn
-# 如需允许其他端口，请用该选项添加
-# 限制隧道连接的端口可以防止将运行 meow 的服务器上只监听本机 ip 的服务暴露给外部
-#tunnelAllowedPort = 80, 443
-
 # 修改 direct/proxy 文件路径，如不指定，默认在配置文件所在目录下
 #directFile = <dir to rc file>/direct
 #proxyFile = <dir to rc file>/proxy
diff --git a/proxy.go b/proxy.go
@@ -404,12 +404,6 @@ func (c *clientConn) serve() {
 			authed = true
 		}
 
-		if r.isConnect && !config.TunnelAllowedPort[r.URL.Port] {
-			sendErrorPage(c, statusForbidden, "Forbidden tunnel port",
-				genErrMsg(&r, nil, "Please contact proxy admin."))
-			return
-		}
-
 		if r.ExpectContinue {
 			sendErrorPage(c, statusExpectFailed, "Expect header not supported",
 				"Please contact meow's developer if you see this.")
