diff --git a/libretroshare/src/dht/p3bitdht.cc b/libretroshare/src/dht/p3bitdht.cc index a1fed1824..f6ed68b68 100644 --- a/libretroshare/src/dht/p3bitdht.cc +++ b/libretroshare/src/dht/p3bitdht.cc @@ -85,7 +85,10 @@ virtual int dhtInfoCallback(const bdId *id, uint32_t type, uint32_t flags, std:: return 0; // now check the filter - if(rsBanList->isAddressAccepted(*(const sockaddr_storage*)addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, NULL)) { + if(rsBanList->isAddressAccepted( + *reinterpret_cast(addr), + RSBANLIST_CHECKING_FLAGS_BLACKLIST )) + { *isBanned = false; } else { #ifdef DEBUG_BITDHT diff --git a/libretroshare/src/pqi/p3peermgr.cc b/libretroshare/src/pqi/p3peermgr.cc index f3d8b08f2..f0d340f39 100644 --- a/libretroshare/src/pqi/p3peermgr.cc +++ b/libretroshare/src/pqi/p3peermgr.cc @@ -1476,12 +1476,12 @@ bool p3PeerMgrIMPL::setExtAddress( const RsPeerId &id, bool changed = false; uint32_t check_res = 0; - if( rsBanList!=NULL && !rsBanList->isAddressAccepted( - addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, &check_res) ) + if(rsBanList && !rsBanList->isAddressAccepted( + addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, check_res )) { - std::cerr << "(SS) trying to set external contact address for peer " - << id << " to a banned address " - << sockaddr_storage_iptostring(addr) << std::endl; + RsErr() << __PRETTY_FUNCTION__ << " trying to set external contact " + << "address for peer: " << id << " to a banned address " << addr + << std::endl; return false; } diff --git a/libretroshare/src/pqi/pqissl.cc b/libretroshare/src/pqi/pqissl.cc index 16fd78cc9..b2abcc414 100644 --- a/libretroshare/src/pqi/pqissl.cc +++ b/libretroshare/src/pqi/pqissl.cc @@ -1251,9 +1251,8 @@ int pqissl::accept_locked( SSL *ssl, int fd, if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL) checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST; - if( rsBanList && !rsBanList->isAddressAccepted( foreign_addr, - checking_flags, - &check_result ) ) + if(rsBanList && !rsBanList->isAddressAccepted( + foreign_addr, checking_flags, check_result )) { RsErr() << __PRETTY_FUNCTION__ << " Refusing incoming SSL connection from blacklisted " diff --git a/libretroshare/src/retroshare/rsbanlist.h b/libretroshare/src/retroshare/rsbanlist.h index 194186b5f..c46ea0203 100644 --- a/libretroshare/src/retroshare/rsbanlist.h +++ b/libretroshare/src/retroshare/rsbanlist.h @@ -1,9 +1,9 @@ /******************************************************************************* - * libretroshare/src/retroshare: rsbanlist.h * + * IPv4 address filtering interface * * * * libretroshare: retroshare core library * * * - * Copyright 2011-2011 by Robert Fernie * + * Copyright (C) 2015 Cyril Soler * * * * This program is free software: you can redistribute it and/or modify * * it under the terms of the GNU Lesser General Public License as * @@ -21,12 +21,21 @@ *******************************************************************************/ #pragma once +#include + #include "util/rsnet.h" #include "util/rstime.h" +#include "util/rsmemory.h" class RsBanList; -extern RsBanList *rsBanList ; +/** + * Pointer to global instance of RsBanList service implementation + * @jsonapi{development} + */ +extern RsBanList* rsBanList; + +// TODO: use enum class instead of defines #define RSBANLIST_ORIGIN_UNKNOWN 0 #define RSBANLIST_ORIGIN_SELF 1 #define RSBANLIST_ORIGIN_FRIEND 2 @@ -55,7 +64,7 @@ extern RsBanList *rsBanList ; #define RSBANLIST_TYPE_BLACKLIST 2 #define RSBANLIST_TYPE_WHITELIST 3 -class RsTlvBanListEntry ; +class RsTlvBanListEntry; class BanListPeer { @@ -78,42 +87,71 @@ public: class RsBanList { public: - virtual void enableIPFiltering(bool b) =0; - virtual bool ipFilteringEnabled() =0; + /** + * @brief Enable or disable IP filtering service + * @jsonapi{development} + * @param[in] enable pass true to enable, false to disable + */ + virtual void enableIPFiltering(bool enable) = 0; - // addIpRange()/removeIpRange() - // addr: full IPv4 address. Port is ignored. - // masked_bytes: 0=full IP, 1="/24", 2="/16" - // list_type: RSBANLIST_TYPE_WHITELIST or RSBANLIST_TYPE_BLACKLIST - // comment: anything, user-based. + /** + * @brief Get ip filtering service status + * @jsonapi{development} + * @return true if enabled, false if disabled + */ + virtual bool ipFilteringEnabled() = 0; - virtual bool addIpRange(const struct sockaddr_storage& addr,int masked_bytes,uint32_t list_type,const std::string& comment) =0; - virtual bool removeIpRange(const struct sockaddr_storage& addr,int masked_bytes,uint32_t list_type) =0; + /** + * @brief addIpRange + * @param addr full IPv4 address. Port is ignored. + * @param masked_bytes 0=full IP, 1="/24", 2="/16" + * @param list_type RSBANLIST_TYPE_WHITELIST or RSBANLIST_TYPE_BLACKLIST + * @param comment anything, user-based + * @return + */ + virtual bool addIpRange( + const sockaddr_storage& addr, int masked_bytes, uint32_t list_type, + const std::string& comment ) = 0; - // isAddressAccepted() - // addr: full IPv4 address. Port is ignored. - // checking flags: any combination of RSBANLIST_CHECKING_FLAGS_BLACKLIST and RSBANLIST_CHECKING_FLAGS_WHITELIST - // check_result: returned result of the check in RSBANLIST_CHECK_RESULT_* - // returned value: true=address is accepted, false=address is rejected. + /** + * @brief removeIpRange + * @param addr full IPv4 address. Port is ignored. + * @param masked_bytes 0=full IP, 1="/24", 2="/16" + * @param list_type RSBANLIST_TYPE_WHITELIST or RSBANLIST_TYPE_BLACKLIST + * @return + */ + virtual bool removeIpRange( + const sockaddr_storage& addr, int masked_bytes, uint32_t list_type + ) = 0; - virtual bool isAddressAccepted(const struct sockaddr_storage& addr,uint32_t checking_flags,uint32_t *check_result=NULL) =0; + /** + * @brief isAddressAccepted + * @param addr full IPv4 address. Port is ignored. + * @param checking_flags any combination of + * RSBANLIST_CHECKING_FLAGS_BLACKLIST and + * RSBANLIST_CHECKING_FLAGS_WHITELIST + * @param check_result returned result of the check in + * RSBANLIST_CHECK_RESULT_* + * @return true if address is accepted, false false if address is rejected. + */ + virtual bool isAddressAccepted( + const sockaddr_storage& addr, uint32_t checking_flags, + uint32_t& check_result = RS_DEFAULT_STORAGE_PARAM(uint32_t) ) = 0; - virtual void getBannedIps(std::list& list) =0; - virtual void getWhiteListedIps(std::list& list) =0; + virtual void getBannedIps(std::list& list) = 0; + virtual void getWhiteListedIps(std::list& list) = 0; - virtual bool autoRangeEnabled() =0; - virtual void enableAutoRange(bool b) =0 ; + virtual bool autoRangeEnabled() = 0; + virtual void enableAutoRange(bool b) = 0; - virtual int autoRangeLimit() =0; - virtual void setAutoRangeLimit(int n)=0; + virtual int autoRangeLimit() = 0; + virtual void setAutoRangeLimit(int n) = 0; - virtual void enableIPsFromFriends(bool b) =0; - virtual bool IPsFromFriendsEnabled() =0; + virtual void enableIPsFromFriends(bool b) = 0; + virtual bool IPsFromFriendsEnabled() = 0; - virtual void enableIPsFromDHT(bool b) =0; - virtual bool iPsFromDHTEnabled() =0; + virtual void enableIPsFromDHT(bool b) = 0; + virtual bool iPsFromDHTEnabled() = 0; + virtual ~RsBanList(); }; - - - diff --git a/libretroshare/src/services/p3banlist.cc b/libretroshare/src/services/p3banlist.cc index c1e8f9a1e..7fd70f71b 100644 --- a/libretroshare/src/services/p3banlist.cc +++ b/libretroshare/src/services/p3banlist.cc @@ -306,12 +306,15 @@ bool p3BanList::acceptedBanRanges_locked(const BanListPeer& blp) } return false ; } -bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checking_flags,uint32_t *check_result) +bool p3BanList::isAddressAccepted( + const sockaddr_storage& dAddr, uint32_t checking_flags, + uint32_t& check_result ) { + check_result = RSBANLIST_CHECK_RESULT_NOCHECK; + if(!mIPFilteringEnabled) return true; + sockaddr_storage addr; sockaddr_storage_copy(dAddr, addr); - if(!mIPFilteringEnabled) return true; - if(check_result != NULL) *check_result = RSBANLIST_CHECK_RESULT_NOCHECK; if(!sockaddr_storage_ipv6_to_ipv4(addr)) return true; if(sockaddr_storage_isLoopbackNet(addr)) return true; @@ -332,9 +335,8 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki white_list_found = white_list_found || (mWhiteListedRanges.find(addr_32) != mWhiteListedRanges.end()) ; if(white_list_found) - { - if(check_result != NULL) - *check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ; + { + check_result = RSBANLIST_CHECK_RESULT_ACCEPTED; #ifdef DEBUG_BANLIST std::cerr << ". Address is in whitelist. Accepting" << std::endl; #endif @@ -342,9 +344,8 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki } if(checking_flags & RSBANLIST_CHECKING_FLAGS_WHITELIST) - { - if(check_result != NULL) - *check_result = RSBANLIST_CHECK_RESULT_NOT_WHITELISTED ; + { + check_result = RSBANLIST_CHECK_RESULT_NOT_WHITELISTED; #ifdef DEBUG_BANLIST std::cerr << ". Address is not whitelist, and whitelist is required. Rejecting" << std::endl; #endif @@ -356,8 +357,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki #ifdef DEBUG_BANLIST std::cerr << ". No blacklisting required. Accepting." << std::endl; #endif - if(check_result != NULL) - *check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ; + check_result = RSBANLIST_CHECK_RESULT_ACCEPTED; return true; } @@ -369,8 +369,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki #ifdef DEBUG_BANLIST std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/16. returning false. attempts=" << it->second.connect_attempts << std::endl; #endif - if(check_result != NULL) - *check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ; + check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED; return false ; } @@ -380,8 +379,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki #ifdef DEBUG_BANLIST std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/24. returning false. attempts=" << it->second.connect_attempts << std::endl; #endif - if(check_result != NULL) - *check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ; + check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED; return false ; } @@ -391,8 +389,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki #ifdef DEBUG_BANLIST std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/32. returning false. attempts=" << it->second.connect_attempts << std::endl; #endif - if(check_result != NULL) - *check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ; + check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED; return false ; } @@ -402,16 +399,14 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki #ifdef DEBUG_BANLIST std::cerr << "found as blacklisted address " << sockaddr_storage_iptostring(it->first) << ". returning false. attempts=" << it->second.connect_attempts << std::endl; #endif - if(check_result != NULL) - *check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ; + check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED; return false ; } #ifdef DEBUG_BANLIST std::cerr << " not blacklisted. Accepting." << std::endl; #endif - if(check_result != NULL) - *check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ; + check_result = RSBANLIST_CHECK_RESULT_ACCEPTED; return true ; } void p3BanList::getWhiteListedIps(std::list &lst) @@ -1304,4 +1299,4 @@ int p3BanList::printBanSources_locked(std::ostream &out) return true ; } - +RsBanList::~RsBanList() = default; diff --git a/libretroshare/src/services/p3banlist.h b/libretroshare/src/services/p3banlist.h index eac722cda..788e33e65 100644 --- a/libretroshare/src/services/p3banlist.h +++ b/libretroshare/src/services/p3banlist.h @@ -56,9 +56,11 @@ public: /***** overloaded from RsBanList *****/ - virtual bool isAddressAccepted( const sockaddr_storage& addr, - uint32_t checking_flags, - uint32_t *check_result=NULL ); + /// @see RsBanList + virtual bool isAddressAccepted( + const sockaddr_storage& addr, uint32_t checking_flags, + uint32_t& check_result = RS_DEFAULT_STORAGE_PARAM(uint32_t) + ) override; virtual void getBannedIps(std::list& list) ; virtual void getWhiteListedIps(std::list& list) ;