From 3bb03ff89d91a0464e2a1ecb38186dc5c8f76c74 Mon Sep 17 00:00:00 2001
From: sehraf <sehraf@privatdemail.net>
Date: Mon, 20 Jun 2016 22:30:51 +0200
Subject: [PATCH] Added new (optional) callback to libbitdht to ask upper layer
 if an IP is banned. In case this callback is implemented it will be used in
 favour of the built-in ban list.

---
 libbitdht/src/bitdht/bdfilter.cc  | 28 +++++++++++++++++++++-------
 libbitdht/src/bitdht/bdfilter.h   | 13 +++++++++----
 libbitdht/src/bitdht/bdiface.h    | 25 +++++++++++++++----------
 libbitdht/src/bitdht/bdmanager.cc | 30 +++++++++++++++++++++++++-----
 libbitdht/src/bitdht/bdmanager.h  |  3 +++
 libbitdht/src/bitdht/bdnode.cc    |  6 +++---
 libbitdht/src/bitdht/bdnode.h     |  5 +++--
 libretroshare/src/dht/p3bitdht.cc | 23 +++++++++++++++++++++++
 8 files changed, 102 insertions(+), 31 deletions(-)

diff --git a/libbitdht/src/bitdht/bdfilter.cc b/libbitdht/src/bitdht/bdfilter.cc
index f536e74d8..5be9e1178 100644
--- a/libbitdht/src/bitdht/bdfilter.cc
+++ b/libbitdht/src/bitdht/bdfilter.cc
@@ -26,6 +26,7 @@
 
 
 #include "bitdht/bdfilter.h"
+#include "bitdht/bdmanager.h"
 #include "util/bdfile.h"
 
 #include <stdlib.h>
@@ -39,7 +40,7 @@
 **/
 #define BDFILTER_ENTRY_DROP_PERIOD	(7 * 24 * 3600)
 
-bdFilter::bdFilter(const std::string &fname, const bdNodeId *ownid,  uint32_t filterFlags, bdDhtFunctions *fns)
+bdFilter::bdFilter(const std::string &fname, const bdNodeId *ownid,  uint32_t filterFlags, bdDhtFunctions *fns, bdNodeManager *manager)
 {
 	/* */
     mOwnId = *ownid;
@@ -49,6 +50,7 @@ bdFilter::bdFilter(const std::string &fname, const bdNodeId *ownid,  uint32_t fi
     loadBannedIpFile() ;
 
     mFilterFlags = filterFlags;
+    mNodeManager = manager;
 }
 
 void bdFilter::writeBannedIpFile()
@@ -220,16 +222,28 @@ void bdFilter::getFilteredPeers(std::list<bdFilteredPeer>& peers)
 /* fast check if the addr is in the structure */
 int bdFilter::addrOkay(struct sockaddr_in *addr)
 {
-    std::map<uint32_t,bdFilteredPeer>::const_iterator it = mFiltered.find(addr->sin_addr.s_addr);
+	// first check upper layer
+	bool isAvailable, isBanned;
+	mNodeManager->doIsBannedCallback(addr, &isAvailable, &isBanned);
 
-    if (it == mFiltered.end())
-        return 1; // Address is Okay!
+	if(isAvailable) {
+#ifdef DEBUG_FILTER
+		std::cerr << "bdFilter::addrOkay addr: " << inet_ntoa(addr->sin_addr) << " result from upper layer: " << (isBanned ? "banned" : "ok") << std::endl;
+#endif
+		return !isBanned;
+	} else {
+		// fallback to own ban list
+
+		std::map<uint32_t,bdFilteredPeer>::const_iterator it = mFiltered.find(addr->sin_addr.s_addr);
+		if (it == mFiltered.end())
+			return 1; // Address is Okay
+	}
 
 #ifdef DEBUG_FILTER
-    std::cerr << "Detected Packet From Banned Ip Address: " << inet_ntoa(addr->sin_addr);
-    std::cerr << std::endl;
+	std::cerr << "Detected Packet From Banned Ip Address: " << inet_ntoa(addr->sin_addr);
+	std::cerr << std::endl;
 #endif
-    return 0;
+	return 0;
 }
 
 
diff --git a/libbitdht/src/bitdht/bdfilter.h b/libbitdht/src/bitdht/bdfilter.h
index b67127050..7c1d940d3 100644
--- a/libbitdht/src/bitdht/bdfilter.h
+++ b/libbitdht/src/bitdht/bdfilter.h
@@ -47,10 +47,12 @@ class bdFilteredPeer
     time_t mLastSeen;
 };
 
+class bdNodeManager;
+
 class bdFilter
 {
 	public:
-    bdFilter(const std::string& fname,const bdNodeId *ownid, uint32_t filterFlags, bdDhtFunctions *fns);
+    bdFilter(const std::string& fname, const bdNodeId *ownid, uint32_t filterFlags, bdDhtFunctions *fns, bdNodeManager *manager);
 
 	// get the answer.
 //bool	filtered(std::list<bdFilteredPeer> &answer);
@@ -77,9 +79,12 @@ bool	isOwnIdWithoutBitDhtFlags(const bdId *id, uint32_t peerFlags);
 	bdNodeId mOwnId;
 	uint32_t mFilterFlags;
 
-    std::map<uint32_t,bdFilteredPeer> mFiltered;
-    bdDhtFunctions *mFns;
-    std::string mFilename ;
+	std::map<uint32_t,bdFilteredPeer> mFiltered;
+	bdDhtFunctions *mFns;
+	std::string mFilename ;
+
+	// have access to the manager for isBanned callback
+	bdNodeManager* mNodeManager;
 };
 
 
diff --git a/libbitdht/src/bitdht/bdiface.h b/libbitdht/src/bitdht/bdiface.h
index 08582629e..f6f47126c 100644
--- a/libbitdht/src/bitdht/bdiface.h
+++ b/libbitdht/src/bitdht/bdiface.h
@@ -337,20 +337,25 @@ class BitDhtCallback
 	public:
 //        ~BitDhtCallback();
 
-		// dummy cos not needed for standard dht behaviour;
-virtual int dhtNodeCallback(const bdId *  /*id*/, uint32_t /*peerflags*/)  { return 0; } 
+	// dummy cos not needed for standard dht behaviour;
+	virtual int dhtNodeCallback(const bdId *  /*id*/, uint32_t /*peerflags*/)  { return 0; }
 
-		// must be implemented.
-virtual int dhtPeerCallback(const bdId *id, uint32_t status) = 0;
-virtual int dhtValueCallback(const bdNodeId *id, std::string key, uint32_t status) = 0;
+	// must be implemented.
+	virtual int dhtPeerCallback(const bdId *id, uint32_t status) = 0;
+	virtual int dhtValueCallback(const bdNodeId *id, std::string key, uint32_t status) = 0;
 
-		// connection callback. Not required for basic behaviour, but forced for initial development.
-virtual int dhtConnectCallback(const bdId *srcId, const bdId *proxyId, const bdId *destId, 
-			uint32_t mode, uint32_t point, uint32_t param, uint32_t cbtype, uint32_t errcode) = 0; /*  { return 0; }  */
+	// connection callback. Not required for basic behaviour, but forced for initial development.
+	virtual int dhtConnectCallback(const bdId *srcId, const bdId *proxyId, const bdId *destId,
+	uint32_t mode, uint32_t point, uint32_t param, uint32_t cbtype, uint32_t errcode) = 0; /*  { return 0; }  */
 
-		// Generic Info callback - initially will be used to provide bad peers.	
-virtual int dhtInfoCallback(const bdId *id, uint32_t type, uint32_t flags, std::string info) = 0;
+	// Generic Info callback - initially will be used to provide bad peers.
+	virtual int dhtInfoCallback(const bdId *id, uint32_t type, uint32_t flags, std::string info) = 0;
 
+	// ask upper layer whether an IP is banned or not
+	// must not be implemented
+	// when set it will be used instead of the own ban list
+	// return code is used to express availability/absence
+	virtual int dhtIsBannedCallback(const sockaddr_in */*addr*/, bool */*isBanned*/) { return 0;}
 };
 
 
diff --git a/libbitdht/src/bitdht/bdmanager.cc b/libbitdht/src/bitdht/bdmanager.cc
index c40c3ef0d..4fb1e4709 100644
--- a/libbitdht/src/bitdht/bdmanager.cc
+++ b/libbitdht/src/bitdht/bdmanager.cc
@@ -69,7 +69,7 @@
 
 
 bdNodeManager::bdNodeManager(bdNodeId *id, std::string dhtVersion, std::string bootfile, const std::string& filterfile,bdDhtFunctions *fns)
-    :bdNode(id, dhtVersion, bootfile, filterfile, fns)
+    :bdNode(id, dhtVersion, bootfile, filterfile, fns, this)
 {
 	mMode = BITDHT_MGR_STATE_OFF;
 	mFns = fns;
@@ -1179,10 +1179,9 @@ void bdNodeManager::doPeerCallback(const bdId *id, uint32_t status)
 
 void bdNodeManager::doValueCallback(const bdNodeId *id, std::string key, uint32_t status)
 {
+#ifdef DEBUG_MGR
 	std::cerr << "bdNodeManager::doValueCallback()";
 	std::cerr << std::endl;
-
-#ifdef DEBUG_MGR
 #endif
         /* search list */
         std::list<BitDhtCallback *>::iterator it;
@@ -1196,10 +1195,9 @@ void bdNodeManager::doValueCallback(const bdNodeId *id, std::string key, uint32_
 
 void bdNodeManager::doInfoCallback(const bdId *id, uint32_t type, uint32_t flags, std::string info)
 {
+#ifdef DEBUG_MGR
 	std::cerr << "bdNodeManager::doInfoCallback()";
 	std::cerr << std::endl;
-
-#ifdef DEBUG_MGR
 #endif
         /* search list */
         std::list<BitDhtCallback *>::iterator it;
@@ -1210,6 +1208,28 @@ void bdNodeManager::doInfoCallback(const bdId *id, uint32_t type, uint32_t flags
         return;
 }
 
+void bdNodeManager::doIsBannedCallback(const sockaddr_in *addr, bool *isAvailable, bool *isBanned)
+{
+#ifdef DEBUG_MGR
+	std::cerr << "bdNodeManager::doIsBannedCallback()";
+	std::cerr << std::endl;
+#endif
+	/* search list */
+	std::list<BitDhtCallback *>::iterator it;
+	*isBanned = false;
+	*isAvailable = false;
+	for(it = mCallbacks.begin(); it != mCallbacks.end(); it++)
+	{
+		// set isBanned to true as soon as one callback answers with true
+		bool banned;
+		if((*it)->dhtIsBannedCallback(addr, &banned))
+		{
+			*isBanned = *isBanned || banned;
+			*isAvailable = true;
+		}
+	}
+}
+
 
 #define BITDHT_IDENTITY_STRING_V1  	"d1:"
 #define BITDHT_IDENTITY_SIZE_V1    	3
diff --git a/libbitdht/src/bitdht/bdmanager.h b/libbitdht/src/bitdht/bdmanager.h
index 68a6d4d64..d3ddb587f 100644
--- a/libbitdht/src/bitdht/bdmanager.h
+++ b/libbitdht/src/bitdht/bdmanager.h
@@ -153,6 +153,9 @@ virtual void callbackConnect(bdId *srcId, bdId *proxyId, bdId *destId,
 
 int 	isBitDhtPacket(char *data, int size, struct sockaddr_in &from);
 
+	// this function is used by bdFilter (must be public!)
+void	doIsBannedCallback(const sockaddr_in *addr, bool *isAvailable, bool* isBanned);
+
 private:
 
 
diff --git a/libbitdht/src/bitdht/bdnode.cc b/libbitdht/src/bitdht/bdnode.cc
index fb6f35fb2..f7ae5e220 100644
--- a/libbitdht/src/bitdht/bdnode.cc
+++ b/libbitdht/src/bitdht/bdnode.cc
@@ -70,10 +70,10 @@
 
 #define HISTORY_PERIOD  60
 
-bdNode::bdNode(bdNodeId *ownId, std::string dhtVersion, const std::string& bootfile, const std::string& filterfile, bdDhtFunctions *fns)
+bdNode::bdNode(bdNodeId *ownId, std::string dhtVersion, const std::string& bootfile, const std::string& filterfile, bdDhtFunctions *fns, bdNodeManager *manager)
     :mNodeSpace(ownId, fns),
-         mFilterPeers(filterfile,ownId, BITDHT_FILTER_REASON_OWNID, fns),
-      mQueryMgr(NULL),
+          mFilterPeers(filterfile,ownId, BITDHT_FILTER_REASON_OWNID, fns, manager),
+          mQueryMgr(NULL),
           mConnMgr(NULL),
           mOwnId(*ownId), mDhtVersion(dhtVersion), mStore(bootfile, fns), mFns(fns),
           mFriendList(ownId), mHistory(HISTORY_PERIOD)
diff --git a/libbitdht/src/bitdht/bdnode.h b/libbitdht/src/bitdht/bdnode.h
index 77ee0d9ae..5acb1255b 100644
--- a/libbitdht/src/bitdht/bdnode.h
+++ b/libbitdht/src/bitdht/bdnode.h
@@ -85,6 +85,7 @@ output -> call back to Udp().
  *********/
 
 class bdFilteredPeer ;
+class bdNodeManager;
 
 class bdNodeNetMsg
 {
@@ -122,7 +123,7 @@ class bdNode: public bdNodePublisher
 	public:
 
     bdNode(bdNodeId *id, std::string dhtVersion, const std::string& bootfile, const std::string& filterfile,
-		bdDhtFunctions *fns);	
+		bdDhtFunctions *fns, bdNodeManager* manager);
 
 	void init(); /* sets up the self referential classes (mQueryMgr & mConnMgr) */
 
@@ -243,7 +244,7 @@ void	recvPkt(char *msg, int len, struct sockaddr_in addr);
 	protected:
 
 	bdSpace mNodeSpace;
-    bdFilter mFilterPeers;
+	bdFilter mFilterPeers;
 
 	bdQueryManager *mQueryMgr;
 	bdConnectManager *mConnMgr;
diff --git a/libretroshare/src/dht/p3bitdht.cc b/libretroshare/src/dht/p3bitdht.cc
index bbbeb9ad4..02bdae308 100644
--- a/libretroshare/src/dht/p3bitdht.cc
+++ b/libretroshare/src/dht/p3bitdht.cc
@@ -32,6 +32,8 @@
 #include "tcponudp/udprelay.h"
 #include "tcponudp/udpstunner.h"
 
+#include "retroshare/rsbanlist.h"
+
 #include <openssl/sha.h>
 
 
@@ -76,6 +78,27 @@ virtual int dhtInfoCallback(const bdId *id, uint32_t type, uint32_t flags, std::
 	return mParent->InfoCallback(id, type, flags, info);
 }  
 
+	virtual int dhtIsBannedCallback(const sockaddr_in *addr, bool *isBanned)
+	{
+		// check whether ip filtering is enabled
+		// if not return 0 to signal that no filter is available
+		if(!rsBanList->ipFilteringEnabled())
+			return 0;
+
+		// now check the filter
+		if(rsBanList->isAddressAccepted(*(const sockaddr_storage*)addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, NULL)) {
+			*isBanned = false;
+		} else {
+#ifdef DEBUG_BITDHT
+			std::cerr << "p3BitDht dhtIsBannedCallback: peer is banned " << sockaddr_storage_tostring(*(const sockaddr_storage*)addr) << std::endl;
+#endif
+			*isBanned = true;
+		}
+
+		// return 1 to signal that a filter is available
+		return 1;
+	}
+
 	private:
 
 	p3BitDht *mParent;