Added new (optional) callback to libbitdht to ask upper layer if an IP is banned.

In case this callback is implemented it will be used in favour of the built-in ban list.
This commit is contained in:
sehraf 2016-06-20 22:30:51 +02:00
parent ddce43b282
commit 3bb03ff89d
8 changed files with 102 additions and 31 deletions

View File

@ -26,6 +26,7 @@
#include "bitdht/bdfilter.h"
#include "bitdht/bdmanager.h"
#include "util/bdfile.h"
#include <stdlib.h>
@ -39,7 +40,7 @@
**/
#define BDFILTER_ENTRY_DROP_PERIOD (7 * 24 * 3600)
bdFilter::bdFilter(const std::string &fname, const bdNodeId *ownid, uint32_t filterFlags, bdDhtFunctions *fns)
bdFilter::bdFilter(const std::string &fname, const bdNodeId *ownid, uint32_t filterFlags, bdDhtFunctions *fns, bdNodeManager *manager)
{
/* */
mOwnId = *ownid;
@ -49,6 +50,7 @@ bdFilter::bdFilter(const std::string &fname, const bdNodeId *ownid, uint32_t fi
loadBannedIpFile() ;
mFilterFlags = filterFlags;
mNodeManager = manager;
}
void bdFilter::writeBannedIpFile()
@ -220,10 +222,22 @@ void bdFilter::getFilteredPeers(std::list<bdFilteredPeer>& peers)
/* fast check if the addr is in the structure */
int bdFilter::addrOkay(struct sockaddr_in *addr)
{
std::map<uint32_t,bdFilteredPeer>::const_iterator it = mFiltered.find(addr->sin_addr.s_addr);
// first check upper layer
bool isAvailable, isBanned;
mNodeManager->doIsBannedCallback(addr, &isAvailable, &isBanned);
if(isAvailable) {
#ifdef DEBUG_FILTER
std::cerr << "bdFilter::addrOkay addr: " << inet_ntoa(addr->sin_addr) << " result from upper layer: " << (isBanned ? "banned" : "ok") << std::endl;
#endif
return !isBanned;
} else {
// fallback to own ban list
std::map<uint32_t,bdFilteredPeer>::const_iterator it = mFiltered.find(addr->sin_addr.s_addr);
if (it == mFiltered.end())
return 1; // Address is Okay!
return 1; // Address is Okay
}
#ifdef DEBUG_FILTER
std::cerr << "Detected Packet From Banned Ip Address: " << inet_ntoa(addr->sin_addr);

View File

@ -47,10 +47,12 @@ class bdFilteredPeer
time_t mLastSeen;
};
class bdNodeManager;
class bdFilter
{
public:
bdFilter(const std::string& fname,const bdNodeId *ownid, uint32_t filterFlags, bdDhtFunctions *fns);
bdFilter(const std::string& fname, const bdNodeId *ownid, uint32_t filterFlags, bdDhtFunctions *fns, bdNodeManager *manager);
// get the answer.
//bool filtered(std::list<bdFilteredPeer> &answer);
@ -80,6 +82,9 @@ bool isOwnIdWithoutBitDhtFlags(const bdId *id, uint32_t peerFlags);
std::map<uint32_t,bdFilteredPeer> mFiltered;
bdDhtFunctions *mFns;
std::string mFilename ;
// have access to the manager for isBanned callback
bdNodeManager* mNodeManager;
};

View File

@ -338,19 +338,24 @@ class BitDhtCallback
// ~BitDhtCallback();
// dummy cos not needed for standard dht behaviour;
virtual int dhtNodeCallback(const bdId * /*id*/, uint32_t /*peerflags*/) { return 0; }
virtual int dhtNodeCallback(const bdId * /*id*/, uint32_t /*peerflags*/) { return 0; }
// must be implemented.
virtual int dhtPeerCallback(const bdId *id, uint32_t status) = 0;
virtual int dhtValueCallback(const bdNodeId *id, std::string key, uint32_t status) = 0;
virtual int dhtPeerCallback(const bdId *id, uint32_t status) = 0;
virtual int dhtValueCallback(const bdNodeId *id, std::string key, uint32_t status) = 0;
// connection callback. Not required for basic behaviour, but forced for initial development.
virtual int dhtConnectCallback(const bdId *srcId, const bdId *proxyId, const bdId *destId,
virtual int dhtConnectCallback(const bdId *srcId, const bdId *proxyId, const bdId *destId,
uint32_t mode, uint32_t point, uint32_t param, uint32_t cbtype, uint32_t errcode) = 0; /* { return 0; } */
// Generic Info callback - initially will be used to provide bad peers.
virtual int dhtInfoCallback(const bdId *id, uint32_t type, uint32_t flags, std::string info) = 0;
virtual int dhtInfoCallback(const bdId *id, uint32_t type, uint32_t flags, std::string info) = 0;
// ask upper layer whether an IP is banned or not
// must not be implemented
// when set it will be used instead of the own ban list
// return code is used to express availability/absence
virtual int dhtIsBannedCallback(const sockaddr_in */*addr*/, bool */*isBanned*/) { return 0;}
};

View File

@ -69,7 +69,7 @@
bdNodeManager::bdNodeManager(bdNodeId *id, std::string dhtVersion, std::string bootfile, const std::string& filterfile,bdDhtFunctions *fns)
:bdNode(id, dhtVersion, bootfile, filterfile, fns)
:bdNode(id, dhtVersion, bootfile, filterfile, fns, this)
{
mMode = BITDHT_MGR_STATE_OFF;
mFns = fns;
@ -1179,10 +1179,9 @@ void bdNodeManager::doPeerCallback(const bdId *id, uint32_t status)
void bdNodeManager::doValueCallback(const bdNodeId *id, std::string key, uint32_t status)
{
#ifdef DEBUG_MGR
std::cerr << "bdNodeManager::doValueCallback()";
std::cerr << std::endl;
#ifdef DEBUG_MGR
#endif
/* search list */
std::list<BitDhtCallback *>::iterator it;
@ -1196,10 +1195,9 @@ void bdNodeManager::doValueCallback(const bdNodeId *id, std::string key, uint32_
void bdNodeManager::doInfoCallback(const bdId *id, uint32_t type, uint32_t flags, std::string info)
{
#ifdef DEBUG_MGR
std::cerr << "bdNodeManager::doInfoCallback()";
std::cerr << std::endl;
#ifdef DEBUG_MGR
#endif
/* search list */
std::list<BitDhtCallback *>::iterator it;
@ -1210,6 +1208,28 @@ void bdNodeManager::doInfoCallback(const bdId *id, uint32_t type, uint32_t flags
return;
}
void bdNodeManager::doIsBannedCallback(const sockaddr_in *addr, bool *isAvailable, bool *isBanned)
{
#ifdef DEBUG_MGR
std::cerr << "bdNodeManager::doIsBannedCallback()";
std::cerr << std::endl;
#endif
/* search list */
std::list<BitDhtCallback *>::iterator it;
*isBanned = false;
*isAvailable = false;
for(it = mCallbacks.begin(); it != mCallbacks.end(); it++)
{
// set isBanned to true as soon as one callback answers with true
bool banned;
if((*it)->dhtIsBannedCallback(addr, &banned))
{
*isBanned = *isBanned || banned;
*isAvailable = true;
}
}
}
#define BITDHT_IDENTITY_STRING_V1 "d1:"
#define BITDHT_IDENTITY_SIZE_V1 3

View File

@ -153,6 +153,9 @@ virtual void callbackConnect(bdId *srcId, bdId *proxyId, bdId *destId,
int isBitDhtPacket(char *data, int size, struct sockaddr_in &from);
// this function is used by bdFilter (must be public!)
void doIsBannedCallback(const sockaddr_in *addr, bool *isAvailable, bool* isBanned);
private:

View File

@ -70,9 +70,9 @@
#define HISTORY_PERIOD 60
bdNode::bdNode(bdNodeId *ownId, std::string dhtVersion, const std::string& bootfile, const std::string& filterfile, bdDhtFunctions *fns)
bdNode::bdNode(bdNodeId *ownId, std::string dhtVersion, const std::string& bootfile, const std::string& filterfile, bdDhtFunctions *fns, bdNodeManager *manager)
:mNodeSpace(ownId, fns),
mFilterPeers(filterfile,ownId, BITDHT_FILTER_REASON_OWNID, fns),
mFilterPeers(filterfile,ownId, BITDHT_FILTER_REASON_OWNID, fns, manager),
mQueryMgr(NULL),
mConnMgr(NULL),
mOwnId(*ownId), mDhtVersion(dhtVersion), mStore(bootfile, fns), mFns(fns),

View File

@ -85,6 +85,7 @@ output -> call back to Udp().
*********/
class bdFilteredPeer ;
class bdNodeManager;
class bdNodeNetMsg
{
@ -122,7 +123,7 @@ class bdNode: public bdNodePublisher
public:
bdNode(bdNodeId *id, std::string dhtVersion, const std::string& bootfile, const std::string& filterfile,
bdDhtFunctions *fns);
bdDhtFunctions *fns, bdNodeManager* manager);
void init(); /* sets up the self referential classes (mQueryMgr & mConnMgr) */

View File

@ -32,6 +32,8 @@
#include "tcponudp/udprelay.h"
#include "tcponudp/udpstunner.h"
#include "retroshare/rsbanlist.h"
#include <openssl/sha.h>
@ -76,6 +78,27 @@ virtual int dhtInfoCallback(const bdId *id, uint32_t type, uint32_t flags, std::
return mParent->InfoCallback(id, type, flags, info);
}
virtual int dhtIsBannedCallback(const sockaddr_in *addr, bool *isBanned)
{
// check whether ip filtering is enabled
// if not return 0 to signal that no filter is available
if(!rsBanList->ipFilteringEnabled())
return 0;
// now check the filter
if(rsBanList->isAddressAccepted(*(const sockaddr_storage*)addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, NULL)) {
*isBanned = false;
} else {
#ifdef DEBUG_BITDHT
std::cerr << "p3BitDht dhtIsBannedCallback: peer is banned " << sockaddr_storage_tostring(*(const sockaddr_storage*)addr) << std::endl;
#endif
*isBanned = true;
}
// return 1 to signal that a filter is available
return 1;
}
private:
p3BitDht *mParent;