added early discarding of incoming connection attempt (before SSL handshake) for blacklisted IPs

libretroshare/src/pqi/pqissllistener.cc

@@ -35,6 +35,7 @@
 
 #include "util/rsdebug.h"
 #include "util/rsstring.h"
+#include "retroshare/rsbanlist.h"
 #include <unistd.h>
 
 const int pqissllistenzone = 49787;
@@ -373,12 +374,17 @@ int	pqissllistenbase::acceptconnection()
 #endif
 /********************************** WINDOWS/UNIX SPECIFIC PART ******************/
 
-	{
+        if(rsBanList != NULL && !rsBanList->isAddressAccepted(remote_addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST))
-	  std::string out;
+        {
-	  out += "Accepted Connection from ";
+            std::cerr << "(II) pqissllistenner::acceptConnection(): early denying connection attempt from blacklisted IP " << sockaddr_storage_iptostring(remote_addr) << std::endl;
-	  out += sockaddr_storage_tostring(remote_addr);
+            return false ;
-	  pqioutput(PQL_DEBUG_BASIC, pqissllistenzone, out);
+        }
-	}
+    {
+      std::string out;
+      out += "Accepted Connection from ";
+      out += sockaddr_storage_tostring(remote_addr);
+      pqioutput(PQL_DEBUG_BASIC, pqissllistenzone, out);
+    }
 
 	// Negotiate certificates. SSL stylee.
 	// Allow negotiations for secure transaction.