Started implementation of ban list. For now, just gathers the list of banned IPs from

the DHT and is not used to reject IPs yet (the DHT list is, even if DHT is desactivated).
Next steps: GUI with switch controls, exchange of IP ban lists between friends, handling IP ranges.


git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8297 b45a01b8-16f6-495d-af2f-9b41ad6348cc

libbitdht/src/bitdht/bdfilter.cc

@@ -66,7 +66,7 @@ void bdFilter::writeBannedIpFile()
 
     for( std::map<uint32_t,bdFilteredPeer>::iterator it=mFiltered.begin();it!=mFiltered.end();++it)
     {
-        fprintf(fd, "%s %d %ld %ld\n", bdnet_inet_ntoa(it->second.mAddr.sin_addr).c_str(), it->second.mFilterFlags, it->second.mFilterTS, it->second.mLastSeen) ;
+        fprintf(fd, "%s %u %lu %lu\n", bdnet_inet_ntoa(it->second.mAddr.sin_addr).c_str(), it->second.mFilterFlags, it->second.mFilterTS, it->second.mLastSeen) ;
 #ifdef DEBUG_FILTER
         fprintf(stderr, "Storing Peer Address: %s \n", bdnet_inet_ntoa(it->second.mAddr.sin_addr).c_str()) ;
 #endif
@@ -212,11 +212,11 @@ int bdFilter::addPeerToFilter(const struct sockaddr_in& addr, uint32_t flags)
 //         mFiltered[saddr] = *it ;
 //     }
 // }
-// void bdFilter::getFilteredPeers(std::list<bdFilteredPeer>& peers)
-// {
-//     for(std::map<uint32_t,bdFilteredPeer>::iterator it = mFiltered.begin(); it != mFiltered.end();++it)
-//         peers.push_back(it->second) ;
-// }
+void bdFilter::getFilteredPeers(std::list<bdFilteredPeer>& peers)
+{
+    for(std::map<uint32_t,bdFilteredPeer>::iterator it = mFiltered.begin(); it != mFiltered.end();++it)
+        peers.push_back(it->second) ;
+}
 /* fast check if the addr is in the structure */
 int bdFilter::addrOkay(struct sockaddr_in *addr)
 {

libbitdht/src/bitdht/bdfilter.h

@@ -56,7 +56,7 @@ class bdFilter
 //bool	filtered(std::list<bdFilteredPeer> &answer);
 bool	filteredIPs(std::list<struct sockaddr_in> &answer);
 
-void    loadFilteredPeers(const std::list<bdFilteredPeer>& peers) ;
+//void    loadFilteredPeers(const std::list<bdFilteredPeer>& peers) ;
 void 	getFilteredPeers(std::list<bdFilteredPeer> &peers);
 
 int 	checkPeer(const bdId *id, uint32_t peerFlags);

libbitdht/src/bitdht/bdnode.cc

@@ -93,10 +93,11 @@ void bdNode::init()
 	setNodeDhtMode(BITDHT_MODE_TRAFFIC_DEFAULT);
 
 }
-//void bdNode::getFilteredPeers(std::list<bdFilteredPeer>& peers)
-//{
-//    mFilterPeers.getFilteredPeers(peers) ;
-//}
+bool bdNode::getFilteredPeers(std::list<bdFilteredPeer>& peers)
+{
+    mFilterPeers.getFilteredPeers(peers) ;
+    return true ;
+}
 //
 //void bdNode::loadFilteredPeers(const std::list<bdFilteredPeer>& peers)
 //{

libbitdht/src/bitdht/bdnode.h

@@ -149,8 +149,8 @@ class bdNode: public bdNodePublisher
 	void updateStore();
 
     bool addressBanned(const sockaddr_in &raddr) ;
-    void getFilteredPeers(std::list<bdFilteredPeer> &peers);
-    void loadFilteredPeers(const std::list<bdFilteredPeer> &peers);
+    bool getFilteredPeers(std::list<bdFilteredPeer> &peers);
+    //void loadFilteredPeers(const std::list<bdFilteredPeer> &peers);
 
 	/* simplified outgoing msg functions (for the managers) */
 	virtual void send_ping(bdId *id); /* message out */

libbitdht/src/udp/udpbitdht.cc

@@ -217,6 +217,11 @@ bool UdpBitDht::isAddressBanned(const sockaddr_in &raddr)
     return mBitDhtManager->addressBanned(raddr) ;
 }
 
+bool UdpBitDht::getListOfBannedIps(std::list<bdFilteredPeer>& ipl)
+{
+    return mBitDhtManager->getFilteredPeers(ipl) ;
+}
+
 
 
         /* stats and Dht state */

libbitdht/src/udp/udpbitdht.h

@@ -88,6 +88,7 @@ virtual int getDhtQueries(std::map<bdNodeId, bdQueryStatus> &queries);
 virtual int getDhtQueryStatus(const bdNodeId *id, bdQuerySummary &query);
 
     virtual bool isAddressBanned(const sockaddr_in &raddr) ;
+    virtual bool getListOfBannedIps(std::list<bdFilteredPeer> &ipl);
 
         /* stats and Dht state */
 virtual int startDht();
@@ -112,7 +113,6 @@ virtual void run();
 
 	/**** do whats to be done ***/
 int tick();
-
 private:
 
 void clearDataTransferred();

libretroshare/src/dht/p3bitdht.cc

@@ -23,6 +23,7 @@
  *
  */
 
+#include <list>
 
 #include "dht/p3bitdht.h"
 
@@ -387,6 +388,22 @@ bool p3BitDht::isAddressBanned(const sockaddr_storage &raddr)
     return false ;
 }
 
+void p3BitDht::getListOfBannedIps(std::list<RsDhtFilteredPeer>& ips)
+{
+    std::list<bdFilteredPeer> lst ;
+
+    mUdpBitDht->getListOfBannedIps(lst) ;
+
+    for(std::list<bdFilteredPeer>::const_iterator it(lst.begin());it!=lst.end();++it)
+    {
+        RsDhtFilteredPeer fp ;
+        fp.mAddr = (*it).mAddr ;
+        fp.mFilterFlags = (*it).mFilterFlags ;
+        fp.mFilterTS = (*it).mFilterTS ;
+        fp.mLastSeen = (*it).mLastSeen ;
+        ips.push_back(fp) ;
+    }
+}
 
 bool 	p3BitDht::setAttachMode(bool on)
 {

libretroshare/src/dht/p3bitdht.h

@@ -215,6 +215,7 @@ virtual bool 	getExternalInterface(struct sockaddr_storage &raddr,
                                          uint32_t &mode);
 
     virtual bool	isAddressBanned(const struct sockaddr_storage& raddr) ;
+    virtual void	getListOfBannedIps(std::list<RsDhtFilteredPeer> &lst) ;
 
     virtual bool    setAttachMode(bool on);
 

libretroshare/src/libretroshare.pro

@@ -101,6 +101,7 @@ PUBLIC_HEADERS =	retroshare/rsdisc.h \
 					retroshare/rsrank.h \
 					retroshare/rsstatus.h \
 					retroshare/rsturtle.h \
+					retroshare/rsbanlist.h \
 					retroshare/rstypes.h \
 					retroshare/rsdht.h \
 					retroshare/rsrtt.h \

libretroshare/src/retroshare/rsbanlist.h

@@ -0,0 +1,53 @@
+/*
+ * libretroshare/src/services/p3banlist.h
+ *
+ * Exchange list of Peers for Banning / Whitelisting.
+ *
+ * Copyright 2011 by Robert Fernie.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License Version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA.
+ *
+ * Please report all bugs and problems to "retroshare@lunamutt.com".
+ *
+ */
+
+#pragma once
+
+#include <netinet/in.h>
+
+class RsBanList;
+extern RsBanList *rsBanList ;
+
+class BanListPeer
+{
+public:
+
+    struct sockaddr_storage addr;
+    uint8_t masked_bytes ;
+    uint32_t reason; 		// Dup Self, Dup Friend
+    int level; 			// LOCAL, FRIEND, FoF.
+    time_t mTs;
+    bool state ; 			// true=>active, false=>just stored but inactive
+};
+
+class RsBanList
+{
+	public:
+		virtual bool isAddressAccepted(const struct sockaddr_storage& addr) =0;
+        virtual void getListOfBannedIps(std::list<BanListPeer>& list) =0;
+};
+
+
+

libretroshare/src/retroshare/rsdht.h

@@ -26,6 +26,7 @@
  *
  */
 
+#include <netinet/in.h>
 #include <inttypes.h>
 #include <string>
 #include <list>
@@ -35,11 +36,9 @@
 class RsDht;
 extern RsDht *rsDht;
 
-
 //std::ostream &operator<<(std::ostream &out, const RsPhotoShowDetails &detail);
 //std::ostream &operator<<(std::ostream &out, const RsPhotoDetails &detail);
 
-
 #define RSDHT_NETSTART_NETWORKMODE	0x0001
 #define RSDHT_NETSTART_NATTYPE		0x0002
 #define RSDHT_NETSTART_NATHOLE		0x0003
@@ -157,7 +156,14 @@ class RsDhtRelayProxy
         //time_t mLastBandwidthTS;
 
 };
-
+class RsDhtFilteredPeer
+{
+public:
+    struct sockaddr_in mAddr;
+    uint32_t mFilterFlags; /* reasons why we are filtering */
+    time_t mFilterTS;
+    time_t mLastSeen;
+};
 
 class RsDht
 {
@@ -196,6 +202,7 @@ virtual int	setRelayAllowance(int classIdx, uint32_t  count, uint32_t  bandwidth
 virtual bool    getOwnDhtId(std::string &ownDhtId) = 0;
 
 virtual bool	isAddressBanned(const struct sockaddr_storage& raddr) =0;
+virtual void	getListOfBannedIps(std::list<RsDhtFilteredPeer>& lst) =0;
 
 #if 0
 virtual std::string getPeerStatusString();

libretroshare/src/services/p3banlist.cc

@@ -30,12 +30,14 @@
 
 #include "services/p3banlist.h"
 #include "serialiser/rsbanlistitems.h"
+#include "retroshare/rsdht.h"
 
 #include <sys/time.h>
 
 /****
  * #define DEBUG_BANLIST		1
  ****/
+ #define DEBUG_BANLIST		1
 
 
 /* DEFINE INTERFACE POINTER! */
@@ -48,6 +50,8 @@
 #define RSBANLIST_SOURCE_FRIEND		1
 #define RSBANLIST_SOURCE_FOF		2
 
+#define RSBANLIST_DELAY_BETWEEN_TALK_TO_DHT 60	// should be more: e.g. 600 secs.
+
 
 /************ IMPLEMENTATION NOTES *********************************
  * 
@@ -55,7 +59,7 @@
  * we distribute and track the network list of bad peers.
  *
  */
-
+RsBanList *rsBanList = NULL ;
 
 p3BanList::p3BanList(p3ServiceControl *sc, p3NetMgr *nm)
 	:p3Service(), mBanMtx("p3BanList"), mServiceCtrl(sc), mNetMgr(nm) 
@@ -63,6 +67,7 @@ p3BanList::p3BanList(p3ServiceControl *sc, p3NetMgr *nm)
 	addSerialType(new RsBanListSerialiser());
 
     mSentListTime = 0;
+    mLastDhtInfoRequest = 0 ;
 }
 
 
@@ -82,13 +87,35 @@ RsServiceInfo p3BanList::getServiceInfo()
                              BANLIST_MIN_MINOR_VERSION);
 }
 
+bool p3BanList::isAddressAccepted(const sockaddr_storage &addr)
+{
+    // we should normally work this including entire ranges of IPs. For now, just check the exact IPs.
 
+    if(mBanSet.find(addr) != mBanSet.end())
+        return false ;
+
+    return true ;
+}
+
+void p3BanList::getListOfBannedIps(std::list<BanListPeer> &lst)
+{
+    for(std::map<sockaddr_storage,BanListPeer>::const_iterator it(mBanSet.begin());it!=mBanSet.end();++it)
+        lst.push_back(it->second) ;
+}
 
 int	p3BanList::tick()
 {
 	processIncoming();
 	sendPackets();
 
+    time_t now = time(NULL) ;
+
+    if(mLastDhtInfoRequest + RSBANLIST_DELAY_BETWEEN_TALK_TO_DHT < now)
+    {
+        getDhtInfo() ;
+        mLastDhtInfoRequest = now;
+    }
+
 	return 0;
 }
 
@@ -97,6 +124,31 @@ int	p3BanList::status()
 	return 1;
 }
 
+void p3BanList::getDhtInfo()
+{
+    // Get the list of masquerading peers from the DHT. Add them as potential IPs to be banned.
+    // Don't make them active. Just insert them in the list.
+
+    std::list<RsDhtFilteredPeer> filtered_peers ;
+
+    rsDht->getListOfBannedIps(filtered_peers) ;
+
+    std::cerr << "p3BanList::getDhtInfo() Got list of banned IPs." << std::endl;
+    RsPeerId ownId = mServiceCtrl->getOwnId();
+
+    for(std::list<RsDhtFilteredPeer>::const_iterator it(filtered_peers.begin());it!=filtered_peers.end();++it)
+    {
+        std::cerr << "  filtered peer: " << rs_inet_ntoa((*it).mAddr.sin_addr) << std::endl;
+
+        int int_reason = 0 ;
+        int age = 0 ;
+        sockaddr_storage ad = *(sockaddr_storage*)&(*it).mAddr ;
+
+        addBanEntry(ownId, ad, RSBANLIST_SOURCE_SELF, int_reason, age);
+    }
+
+    condenseBanSources_locked() ;
+}
 
 /***** Implementation ******/
 
@@ -187,7 +239,7 @@ bool p3BanList::addBanEntry(const RsPeerId &peerId, const struct sockaddr_storag
 	bool updated = false;
 
 #ifdef DEBUG_BANLIST
-	std::cerr << "p3BanList::addBanEntry() Addr: " << rs_inet_ntoa(addr.sin_addr) << " Level: " << level;
+    std::cerr << "p3BanList::addBanEntry() Addr: " << sockaddr_storage_iptostring(addr) << " Level: " << level;
 	std::cerr << " Reason: " << reason << " Age: " << age;
 	std::cerr << std::endl;
 #endif

libretroshare/src/services/p3banlist.h

@@ -33,20 +33,12 @@
 
 #include "serialiser/rsbanlistitems.h"
 #include "services/p3service.h"
-//#include "retroshare/rsbanlist.h"
+#include "retroshare/rsbanlist.h"
 
 class p3ServiceControl;
 class p3NetMgr;
 
-class BanListPeer
-{
-	public:
 
-	struct sockaddr_storage addr;
-	uint32_t reason; // Dup Self, Dup Friend
-	int level; // LOCAL, FRIEND, FoF.
-	time_t mTs;
-};
 
 class BanList
 {
@@ -65,7 +57,7 @@ class BanList
   * Exchange list of Banned IP addresses with peers.
   */
 
-class p3BanList: /* public RsBanList, */ public p3Service, public pqiNetAssistPeerShare /* , public p3Config, public pqiMonitor */
+class p3BanList: public RsBanList, public p3Service, public pqiNetAssistPeerShare /* , public p3Config, public pqiMonitor */
 {
 	public:
 		p3BanList(p3ServiceControl *sc, p3NetMgr *nm);
@@ -73,11 +65,13 @@ class p3BanList: /* public RsBanList, */ public p3Service, public pqiNetAssistPe
 
 		/***** overloaded from RsBanList *****/
 
+        virtual bool isAddressAccepted(const struct sockaddr_storage& addr) ;
+        virtual void getListOfBannedIps(std::list<BanListPeer>& list) ;
+
         /***** overloaded from pqiNetAssistPeerShare *****/
 
 		virtual void    updatePeer(const RsPeerId& id, const struct sockaddr_storage &addr, int type, int reason, int age);
 
-
 		/***** overloaded from p3Service *****/
 		/*!
 		 * This retrieves all chat msg items and also (important!)
@@ -94,8 +88,7 @@ class p3BanList: /* public RsBanList, */ public p3Service, public pqiNetAssistPe
 		bool 	processIncoming();
 
 		bool recvBanItem(RsBanListItem *item);
-		bool addBanEntry(const RsPeerId &peerId, const struct sockaddr_storage &addr, 
-			int level, uint32_t reason, uint32_t age);
+        bool addBanEntry(const RsPeerId &peerId, const struct sockaddr_storage &addr, int level, uint32_t reason, uint32_t age);
 		void sendBanLists();
 		int sendBanSet(const RsPeerId& peerid);
 
@@ -116,6 +109,8 @@ class p3BanList: /* public RsBanList, */ public p3Service, public pqiNetAssistPe
 
 
     private:
+        void getDhtInfo() ;
+
 		RsMutex mBanMtx;
 
 		int condenseBanSources_locked();
@@ -128,6 +123,7 @@ class p3BanList: /* public RsBanList, */ public p3Service, public pqiNetAssistPe
 
 		p3ServiceControl *mServiceCtrl;
         p3NetMgr *mNetMgr;
+        time_t mLastDhtInfoRequest ;
 
 };