Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-06-07 06:02:41 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

working version of IP banning lists. Default settings should keep users safe from traffic re-routing based on DHT masquerading. Some GUI bugs remain.

Browse source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8308 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2015-05-28 21:44:43 +00:00
parent fc97cdcfa2
commit 562c7c2c20
7 changed files with 338 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

17
libretroshare/src/pqi/pqissl.cc
View file

@ -40,6 +40,7 @@
#include "pqi/p3linkmgr.h" #include "pqi/p3linkmgr.h"
#include <retroshare/rspeers.h> #include <retroshare/rspeers.h>
#include <retroshare/rsdht.h> #include <retroshare/rsdht.h>
#include <retroshare/rsbanlist.h>
const int pqisslzone = 37714; const int pqisslzone = 37714;
@ -1137,14 +1138,14 @@ int pqissl::SSL_Connection_Complete()
if (sslmode) if (sslmode)
{ {
#ifdef PQISSL_LOG_DEBUG #ifdef PQISSL_LOG_DEBUG
rslog(RSL_DEBUG_BASIC, pqisslzone, "--------> Active Connect!"); rslog(RSL_DEBUG_BASIC, pqisslzone, "--------> Active Connect! Client side.");
#endif #endif
err = SSL_connect(ssl_connection); err = SSL_connect(ssl_connection);
} }
else else
{ {
#ifdef PQISSL_LOG_DEBUG #ifdef PQISSL_LOG_DEBUG
rslog(RSL_DEBUG_BASIC, pqisslzone, "--------> Passive Accept!"); rslog(RSL_DEBUG_BASIC, pqisslzone, "--------> Passive Accept! Server side.");
#endif #endif
err = SSL_accept(ssl_connection); err = SSL_accept(ssl_connection);
} }
@ -1310,6 +1311,12 @@ int pqissl::Authorise_SSL_Connection()
bool res = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert); bool res = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
bool certCorrect = true; /* WE know it okay already! */ bool certCorrect = true; /* WE know it okay already! */
if(!rsBanList->isAddressAccepted(remote_addr))
{
std::cerr << "(SS) connection attempt from banned IP address. Refusing it. Attack??" << std::endl;
reset_locked();
return 0 ;
}
if(rsDht->isAddressBanned(remote_addr)) if(rsDht->isAddressBanned(remote_addr))
{ {
std::cerr << "(SS) connection attempt from banned IP address. Refusing it. Attack??" << std::endl; std::cerr << "(SS) connection attempt from banned IP address. Refusing it. Attack??" << std::endl;
@ -1350,6 +1357,12 @@ int pqissl::accept(SSL *ssl, int fd, const struct sockaddr_storage &foreign_addr
int pqissl::accept_locked(SSL *ssl, int fd, const struct sockaddr_storage &foreign_addr) // initiate incoming connection. int pqissl::accept_locked(SSL *ssl, int fd, const struct sockaddr_storage &foreign_addr) // initiate incoming connection.
{ {
if(!rsBanList->isAddressAccepted(foreign_addr))
{
std::cerr << "(SS) refusing incoming SSL connection from blacklisted foreign address " << sockaddr_storage_iptostring(foreign_addr) << std::endl;
reset_locked();
return -1;
}
if (waiting != WAITING_NOT) if (waiting != WAITING_NOT)
{ {
rslog(RSL_WARNING, pqisslzone, "pqissl::accept() Peer: " + PeerId().toStdString() + " - Two connections in progress - Shut 1 down!"); rslog(RSL_WARNING, pqisslzone, "pqissl::accept() Peer: " + PeerId().toStdString() + " - Two connections in progress - Shut 1 down!");

17
libretroshare/src/retroshare/rsbanlist.h
View file

@ -38,10 +38,14 @@ extern RsBanList *rsBanList ;
#define RSBANLIST_REASON_UNKNOWN 0 #define RSBANLIST_REASON_UNKNOWN 0
#define RSBANLIST_REASON_USER 1 #define RSBANLIST_REASON_USER 1
#define RSBANLIST_REASON_DHT 2 #define RSBANLIST_REASON_DHT 2
#define RSBANLIST_REASON_AUTO_RANGE 3
class BanListPeer class BanListPeer
{ {
public: public:
BanListPeer() ;
struct sockaddr_storage addr; struct sockaddr_storage addr;
uint8_t masked_bytes ; // 0 = []/32. 1=[]/24, 2=[]/16 uint8_t masked_bytes ; // 0 = []/32. 1=[]/24, 2=[]/16
uint32_t reason; // User, DHT uint32_t reason; // User, DHT
@ -60,6 +64,19 @@ public:
virtual bool isAddressAccepted(const struct sockaddr_storage& addr) =0; virtual bool isAddressAccepted(const struct sockaddr_storage& addr) =0;
virtual void getListOfBannedIps(std::list<BanListPeer>& list) =0; virtual void getListOfBannedIps(std::list<BanListPeer>& list) =0;
virtual bool autoRangeEnabled() =0;
virtual void enableAutoRange(bool b) =0 ;
virtual int autoRangeLimit() =0;
virtual void setAutoRangeLimit(int n)=0;
virtual void enableIPsFromFriends(bool b) =0;
virtual bool IPsFromFriendsEnabled() =0;
virtual void enableIPsFromDHT(bool b) =0;
virtual bool iPsFromDHTEnabled() =0;
}; };

174
libretroshare/src/services/p3banlist.cc
View file

@ -48,7 +48,11 @@
#define RSBANLIST_SEND_PERIOD 600 // 10 Minutes. #define RSBANLIST_SEND_PERIOD 600 // 10 Minutes.
#define RSBANLIST_DELAY_BETWEEN_TALK_TO_DHT 60 // should be more: e.g. 600 secs. #define RSBANLIST_DELAY_BETWEEN_TALK_TO_DHT 60 // should be more: e.g. 600 secs.
#define RSBANLIST_DEFAULT_AUTORANGE_LIMIT 3 // default number of IPs in same range to trigger a complete IP range filter.
#define RSBANLIST_DEFAULT_AUTORANGE_ENABLED true
#define RSBANLIST_DEFAULT_FRIEND_GATHERING_ENABLED true
#define RSBANLIST_DEFAULT_DHT_GATHERING_ENABLED true
#define RSBANLIST_DEFAULT_ENABLED true
/************ IMPLEMENTATION NOTES ********************************* /************ IMPLEMENTATION NOTES *********************************
* *
@ -65,8 +69,13 @@ p3BanList::p3BanList(p3ServiceControl *sc, p3NetMgr *nm)
mSentListTime = 0; mSentListTime = 0;
mLastDhtInfoRequest = 0 ; mLastDhtInfoRequest = 0 ;
}
mIPFilteringEnabled = RSBANLIST_DEFAULT_ENABLED ;
mAutoRangeLimit = RSBANLIST_DEFAULT_AUTORANGE_LIMIT ;
mAutoRangeIps = RSBANLIST_DEFAULT_AUTORANGE_ENABLED ;
mIPFriendGatheringEnabled = RSBANLIST_DEFAULT_FRIEND_GATHERING_ENABLED ;
mIPDHTGatheringEnabled = RSBANLIST_DEFAULT_DHT_GATHERING_ENABLED ;
}
const std::string BANLIST_APP_NAME = "banlist"; const std::string BANLIST_APP_NAME = "banlist";
const uint16_t BANLIST_APP_MAJOR_VERSION = 1; const uint16_t BANLIST_APP_MAJOR_VERSION = 1;
@ -84,23 +93,127 @@ RsServiceInfo p3BanList::getServiceInfo()
BANLIST_MIN_MINOR_VERSION); BANLIST_MIN_MINOR_VERSION);
} }
bool p3BanList::ipFilteringEnabled() bool p3BanList::ipFilteringEnabled() { return mIPFilteringEnabled ; }
void p3BanList::enableIPFiltering(bool b) { mIPFilteringEnabled = b ; }
void p3BanList::enableIPsFromFriends(bool b) { mIPFriendGatheringEnabled = b; mLastDhtInfoRequest=0;}
void p3BanList::enableIPsFromDHT(bool b)
{ {
return mIPFilteringEnabled ; mIPDHTGatheringEnabled = b;
mLastDhtInfoRequest=0;
}
void p3BanList::enableAutoRange(bool b)
{
mAutoRangeIps = b;
autoFigureOutBanRanges() ;
}
void p3BanList::setAutoRangeLimit(int n)
{
mAutoRangeLimit = n;
autoFigureOutBanRanges();
} }
void p3BanList::enableIPFiltering(bool b) class ZeroedInt
{ {
mIPFilteringEnabled = b ; public:
ZeroedInt() { n = 0 ; }
uint32_t n ;
};
BanListPeer::BanListPeer()
{
masked_bytes=0;
reason=RSBANLIST_REASON_UNKNOWN ;
level=RSBANLIST_ORIGIN_UNKNOWN ;
state = false ;
connect_attempts=0;
mTs=0;
}
static sockaddr_storage make24BitsRange(const sockaddr_storage& addr)
{
sockaddr_storage s ;
sockaddr_storage_clear(s) ;
sockaddr_storage_copyip(s,addr) ;
sockaddr_in *ad = (sockaddr_in*)(&s) ;
ad->sin_addr.s_addr |= 0xff000000 ;
return s ;
}
void p3BanList::autoFigureOutBanRanges()
{
RS_STACK_MUTEX(mBanMtx) ;
mBanRanges.clear() ;
if(!mAutoRangeIps)
return ;
std::cerr << "Automatically figuring out IP ranges from banned IPs." << std::endl;
std::map<sockaddr_storage,ZeroedInt> range_map ;
for(std::map<sockaddr_storage,BanListPeer>::iterator it(mBanSet.begin());it!=mBanSet.end();++it)
++range_map[make24BitsRange(it->first)].n ;
time_t now = time(NULL) ;
for(std::map<sockaddr_storage,ZeroedInt>::const_iterator it=range_map.begin();it!=range_map.end();++it)
{
std::cerr << "Ban range: " << sockaddr_storage_iptostring(it->first) << " : " << it->second.n << std::endl;
if(it->second.n >= mAutoRangeLimit)
{
std::cerr << " --> creating new ban range." << std::endl;
BanListPeer& peer(mBanRanges[it->first]) ;
peer.addr = it->first ;
peer.masked_bytes = 1 ;
peer.reason = RSBANLIST_REASON_AUTO_RANGE ;
peer.level = RSBANLIST_ORIGIN_SELF ;
peer.state = true ;
if(peer.mTs == 0)
{
peer.mTs = now ;
peer.connect_attempts = 0 ;
}
}
}
condenseBanSources_locked() ;
} }
bool p3BanList::isAddressAccepted(const sockaddr_storage &addr) bool p3BanList::isAddressAccepted(const sockaddr_storage &addr)
{ {
if(!mIPFilteringEnabled)
return true ;
// we should normally work this including entire ranges of IPs. For now, just check the exact IPs. // we should normally work this including entire ranges of IPs. For now, just check the exact IPs.
if(mBanSet.find(addr) != mBanSet.end()) sockaddr_storage addr_24 = make24BitsRange(addr) ;
return false ;
std::cerr << "p3BanList::isAddressAccepted() testing " << sockaddr_storage_iptostring(addr) << " and range " << sockaddr_storage_iptostring(addr_24) ;
std::map<sockaddr_storage,BanListPeer>::iterator it ;
if((it=mBanRanges.find(addr_24)) != mBanRanges.end())
{
++it->second.connect_attempts;
std::cerr << " returning false. attempts=" << it->second.connect_attempts << std::endl;
return false ;
}
if((it=mBanSet.find(addr)) != mBanSet.end())
{
++it->second.connect_attempts;
std::cerr << " returning false. attempts=" << it->second.connect_attempts << std::endl;
return false ;
}
std::cerr << " returning true " << std::endl;
return true ; return true ;
} }
@ -108,6 +221,9 @@ void p3BanList::getListOfBannedIps(std::list<BanListPeer> &lst)
{ {
for(std::map<sockaddr_storage,BanListPeer>::const_iterator it(mBanSet.begin());it!=mBanSet.end();++it) for(std::map<sockaddr_storage,BanListPeer>::const_iterator it(mBanSet.begin());it!=mBanSet.end();++it)
lst.push_back(it->second) ; lst.push_back(it->second) ;
for(std::map<sockaddr_storage,BanListPeer>::const_iterator it(mBanRanges.begin());it!=mBanRanges.end();++it)
lst.push_back(it->second) ;
} }
int p3BanList::tick() int p3BanList::tick()
@ -119,8 +235,12 @@ int p3BanList::tick()
if(mLastDhtInfoRequest + RSBANLIST_DELAY_BETWEEN_TALK_TO_DHT < now) if(mLastDhtInfoRequest + RSBANLIST_DELAY_BETWEEN_TALK_TO_DHT < now)
{ {
if(mIPDHTGatheringEnabled)
getDhtInfo() ; getDhtInfo() ;
mLastDhtInfoRequest = now; mLastDhtInfoRequest = now;
if(mAutoRangeIps)
autoFigureOutBanRanges() ;
} }
return 0; return 0;
@ -150,7 +270,9 @@ void p3BanList::getDhtInfo()
int int_reason = RSBANLIST_REASON_DHT ; int int_reason = RSBANLIST_REASON_DHT ;
int time_stamp = (*it).mLastSeen ; int time_stamp = (*it).mLastSeen ;
uint8_t masked_bytes = 0 ; uint8_t masked_bytes = 0 ;
sockaddr_storage ad = *(sockaddr_storage*)&(*it).mAddr ;
sockaddr_storage ad ;
sockaddr_storage_setipv4(ad,&(*it).mAddr) ;
addBanEntry(ownId, ad, RSBANLIST_ORIGIN_SELF, int_reason, time_stamp, masked_bytes); addBanEntry(ownId, ad, RSBANLIST_ORIGIN_SELF, int_reason, time_stamp, masked_bytes);
} }
@ -195,7 +317,6 @@ bool p3BanList::processIncoming()
{ {
RsStackMutex stack(mBanMtx); /****** LOCKED MUTEX *******/ RsStackMutex stack(mBanMtx); /****** LOCKED MUTEX *******/
mBanSet.clear();
condenseBanSources_locked(); condenseBanSources_locked();
} }
@ -236,7 +357,6 @@ void p3BanList::updatePeer(const RsPeerId& /*id*/, const struct sockaddr_storage
{ {
RsStackMutex stack(mBanMtx); /****** LOCKED MUTEX *******/ RsStackMutex stack(mBanMtx); /****** LOCKED MUTEX *******/
mBanSet.clear();
condenseBanSources_locked(); condenseBanSources_locked();
} }
} }
@ -332,6 +452,8 @@ bool p3BanList::addBanEntry(const RsPeerId &peerId, const struct sockaddr_storag
int p3BanList::condenseBanSources_locked() int p3BanList::condenseBanSources_locked()
{ {
mBanSet.clear();
time_t now = time(NULL); time_t now = time(NULL);
RsPeerId ownId = mServiceCtrl->getOwnId(); RsPeerId ownId = mServiceCtrl->getOwnId();
@ -360,21 +482,20 @@ int p3BanList::condenseBanSources_locked()
#endif #endif
std::map<struct sockaddr_storage, BanListPeer>::const_iterator lit; std::map<struct sockaddr_storage, BanListPeer>::const_iterator lit;
for(lit = it->second.mBanPeers.begin(); for(lit = it->second.mBanPeers.begin(); lit != it->second.mBanPeers.end(); ++lit)
lit != it->second.mBanPeers.end(); ++lit)
{ {
/* check timestamp */ /* check timestamp */
// if (now > RSBANLIST_ENTRY_MAX_AGE + lit->second.mTs) // if (now > RSBANLIST_ENTRY_MAX_AGE + lit->second.mTs)
// { // {
//#ifdef DEBUG_BANLIST_CONDENSE //#ifdef DEBUG_BANLIST_CONDENSE
// std::cerr << "p3BanList::condenseBanSources_locked()"; // std::cerr << "p3BanList::condenseBanSources_locked()";
// std::cerr << " Ignoring Out-Of-Date Entry for: "; // std::cerr << " Ignoring Out-Of-Date Entry for: ";
// std::cerr << sockaddr_storage_iptostring(lit->second.addr); // std::cerr << sockaddr_storage_iptostring(lit->second.addr);
// std::cerr << " time stamp= " << lit->second.mTs << ", age=" << now - lit->second.mTs; // std::cerr << " time stamp= " << lit->second.mTs << ", age=" << now - lit->second.mTs;
// std::cerr << std::endl; // std::cerr << std::endl;
//#endif //#endif
// continue; // continue;
// } // }
int lvl = lit->second.level; int lvl = lit->second.level;
if (it->first != ownId) if (it->first != ownId)
@ -388,10 +509,15 @@ int p3BanList::condenseBanSources_locked()
sockaddr_storage_copyip(bannedaddr, lit->second.addr); sockaddr_storage_copyip(bannedaddr, lit->second.addr);
sockaddr_storage_setport(bannedaddr, 0); sockaddr_storage_setport(bannedaddr, 0);
// check if not already filtered in a Ban Range
if(mBanRanges.find(make24BitsRange(bannedaddr)) != mBanRanges.end())
continue ;
/* check if it exists in the Set already */ /* check if it exists in the Set already */
std::map<struct sockaddr_storage, BanListPeer>::iterator sit; std::map<struct sockaddr_storage, BanListPeer>::iterator sit;
sit = mBanSet.find(bannedaddr); sit = mBanSet.find(bannedaddr);
if ((sit == mBanSet.end()) || (lvl < sit->second.level)) if ((sit == mBanSet.end()) || (lvl < sit->second.level))
{ {
BanListPeer bp = lit->second; BanListPeer bp = lit->second;

25
libretroshare/src/services/p3banlist.h
View file

@ -61,11 +61,24 @@ public:
/***** overloaded from RsBanList *****/ /***** overloaded from RsBanList *****/
virtual void enableIPFiltering(bool b) ;
virtual bool ipFilteringEnabled() ;
virtual bool isAddressAccepted(const struct sockaddr_storage& addr) ; virtual bool isAddressAccepted(const struct sockaddr_storage& addr) ;
virtual void getListOfBannedIps(std::list<BanListPeer>& list) ; virtual void getListOfBannedIps(std::list<BanListPeer>& list) ;
virtual void enableIPFiltering(bool b) ;
virtual bool ipFilteringEnabled() ;
virtual bool autoRangeEnabled() { return mAutoRangeIps ; }
virtual void enableAutoRange(bool b) ;
virtual int autoRangeLimit() { return mAutoRangeLimit ; }
virtual void setAutoRangeLimit(int b) ;
virtual void enableIPsFromFriends(bool b) ;
virtual bool IPsFromFriendsEnabled() { return mIPFriendGatheringEnabled ;}
virtual void enableIPsFromDHT(bool b) ;
virtual bool iPsFromDHTEnabled() { return mIPDHTGatheringEnabled ;}
/***** overloaded from pqiNetAssistPeerShare *****/ /***** overloaded from pqiNetAssistPeerShare *****/
virtual void updatePeer(const RsPeerId& id, const struct sockaddr_storage &addr, int type, int reason, int time_stamp); virtual void updatePeer(const RsPeerId& id, const struct sockaddr_storage &addr, int type, int reason, int time_stamp);
@ -105,12 +118,12 @@ public:
//virtual void saveDone(); //virtual void saveDone();
//virtual bool loadList(std::list<RsItem*>& load) ; //virtual bool loadList(std::list<RsItem*>& load) ;
private: private:
void getDhtInfo() ; void getDhtInfo() ;
RsMutex mBanMtx; RsMutex mBanMtx;
void autoFigureOutBanRanges();
int condenseBanSources_locked(); int condenseBanSources_locked();
int printBanSources_locked(std::ostream &out); int printBanSources_locked(std::ostream &out);
int printBanSet_locked(std::ostream &out); int printBanSet_locked(std::ostream &out);
@ -118,12 +131,18 @@ private:
time_t mSentListTime; time_t mSentListTime;
std::map<RsPeerId, BanList> mBanSources; std::map<RsPeerId, BanList> mBanSources;
std::map<struct sockaddr_storage, BanListPeer> mBanSet; std::map<struct sockaddr_storage, BanListPeer> mBanSet;
std::map<struct sockaddr_storage, BanListPeer> mBanRanges;
p3ServiceControl *mServiceCtrl; p3ServiceControl *mServiceCtrl;
p3NetMgr *mNetMgr; p3NetMgr *mNetMgr;
time_t mLastDhtInfoRequest ; time_t mLastDhtInfoRequest ;
bool mIPFilteringEnabled ; bool mIPFilteringEnabled ;
bool mIPFriendGatheringEnabled ;
bool mIPDHTGatheringEnabled ;
uint32_t mAutoRangeLimit ;
bool mAutoRangeIps ;
}; };
#endif // SERVICE_RSBANLIST_HEADER #endif // SERVICE_RSBANLIST_HEADER

46
retroshare-gui/src/gui/settings/ServerPage.cpp
View file

@ -71,9 +71,12 @@ ServerPage::ServerPage(QWidget * parent, Qt::WindowFlags flags)
ui.filteredIpsTable->verticalHeader()->hide() ; ui.filteredIpsTable->verticalHeader()->hide() ;
QObject::connect(ui.filteredIpsTable,SIGNAL(customContextMenuRequested(const QPoint&)),this,SLOT(ipFilterContextMenu(const QPoint&))) ; QObject::connect(ui.filteredIpsTable,SIGNAL(customContextMenuRequested(const QPoint&)),this,SLOT(ipFilterContextMenu(const QPoint&))) ;
QObject::connect(ui.denyAll_CB,SIGNAL(toggled(bool)),this,SLOT(toggleIpFiltering(bool))); QObject::connect(ui.denyAll_CB,SIGNAL(toggled(bool)),this,SLOT(toggleIpFiltering(bool)));
QObject::connect(ui.includeFromDHT_CB,SIGNAL(toggled(bool)),this,SLOT(toggleAutoIncludeDHT(bool)));
QObject::connect(ui.includeFromFriends_CB,SIGNAL(toggled(bool)),this,SLOT(toggleAutoIncludeFriends(bool)));
QObject::connect(ui.groupIPRanges_CB,SIGNAL(toggled(bool)),this,SLOT(toggleGroupIps(bool)));
QObject::connect(ui.groupIPRanges_SB,SIGNAL(valueChanged(int)),this,SLOT(setGroupIpLimit(int)));
QTimer *timer = new QTimer(this); QTimer *timer = new QTimer(this);
timer->connect(timer, SIGNAL(timeout()), this, SLOT(updateStatus())); timer->connect(timer, SIGNAL(timeout()), this, SLOT(updateStatus()));
@ -289,6 +292,15 @@ std::string print_addr_range(const struct sockaddr_storage& addr,uint8_t masked_
return std::string(str) ; return std::string(str) ;
} }
void ServerPage::toggleAutoIncludeFriends(bool b)
{
rsBanList->enableIPsFromFriends(b) ;
}
void ServerPage::toggleAutoIncludeDHT(bool b)
{
rsBanList->enableIPsFromDHT(b) ;
}
void ServerPage::toggleIpFiltering(bool b) void ServerPage::toggleIpFiltering(bool b)
{ {
rsBanList->enableIPFiltering(b) ; rsBanList->enableIPFiltering(b) ;
@ -297,20 +309,18 @@ void ServerPage::toggleIpFiltering(bool b)
void ServerPage::loadFilteredIps() void ServerPage::loadFilteredIps()
{ {
ui.includeFromFriends_CB->setChecked(false) ;
ui.includeFromDHT_CB->setChecked(true) ;
ui.ipInput_LE->setEnabled(false) ;
ui.ipInputRange_SB->setEnabled(false) ;
ui.ipInputComment_LE->setEnabled(false) ;
ui.ipInputAdd_PB->setEnabled(false) ;
if(rsBanList->ipFilteringEnabled()) if(rsBanList->ipFilteringEnabled())
{ {
ui.denyAll_CB->setChecked(true) ; ui.denyAll_CB->setChecked(true) ;
ui.filteredIpsTable->setEnabled(true) ; ui.filteredIpsTable->setEnabled(true) ;
ui.includeFromFriends_CB->setEnabled(false) ; ui.includeFromFriends_CB->setEnabled(true) ;
ui.includeFromDHT_CB->setEnabled(false) ; ui.includeFromDHT_CB->setEnabled(true) ;
ui.ipInput_LE->setEnabled(false) ;
ui.ipInputRange_SB->setEnabled(false) ;
ui.ipInputComment_LE->setEnabled(false) ;
ui.ipInputAdd_PB->setEnabled(false) ;
ui.groupIPRanges_CB->setEnabled(true) ;
ui.groupIPRanges_SB->setEnabled(true) ;
} }
else else
{ {
@ -318,8 +328,19 @@ void ServerPage::loadFilteredIps()
ui.filteredIpsTable->setEnabled(false) ; ui.filteredIpsTable->setEnabled(false) ;
ui.includeFromFriends_CB->setEnabled(false) ; ui.includeFromFriends_CB->setEnabled(false) ;
ui.includeFromDHT_CB->setEnabled(false) ; ui.includeFromDHT_CB->setEnabled(false) ;
ui.ipInput_LE->setEnabled(false) ;
ui.ipInputRange_SB->setEnabled(false) ;
ui.ipInputComment_LE->setEnabled(false) ;
ui.ipInputAdd_PB->setEnabled(false) ;
ui.groupIPRanges_CB->setEnabled(false) ;
ui.groupIPRanges_SB->setEnabled(false) ;
} }
ui.includeFromFriends_CB->setChecked(rsBanList->IPsFromFriendsEnabled()) ;
ui.includeFromDHT_CB->setChecked(rsBanList->iPsFromDHTEnabled()) ;
ui.groupIPRanges_CB->setChecked(rsBanList->autoRangeEnabled()) ;
ui.groupIPRanges_SB->setValue(rsBanList->autoRangeLimit()) ;
std::list<BanListPeer> lst ; std::list<BanListPeer> lst ;
rsBanList->getListOfBannedIps(lst) ; rsBanList->getListOfBannedIps(lst) ;
@ -408,6 +429,9 @@ static bool parseAddrFromQString(const QString& s,struct sockaddr_storage& addr,
return ok; return ok;
} }
void ServerPage::toggleGroupIps(bool b) { rsBanList->enableAutoRange(b) ; }
void ServerPage::setGroupIpLimit(int n) { rsBanList->setAutoRangeLimit(n) ; }
void ServerPage::ipFilterContextMenu(const QPoint& point) void ServerPage::ipFilterContextMenu(const QPoint& point)
{ {
QMenu contextMenu(this) ; QMenu contextMenu(this) ;

4
retroshare-gui/src/gui/settings/ServerPage.h
View file

@ -50,6 +50,10 @@ public slots:
void updateStatus(); void updateStatus();
private slots: private slots:
void setGroupIpLimit(int n);
void toggleGroupIps(bool b);
void toggleAutoIncludeDHT(bool b);
void toggleAutoIncludeFriends(bool b);
void toggleIpFiltering(bool b); void toggleIpFiltering(bool b);
void ipFilterContextMenu(const QPoint &); void ipFilterContextMenu(const QPoint &);
void removeBannedIp(); void removeBannedIp();

44
retroshare-gui/src/gui/settings/ServerPage.ui
View file

@ -515,6 +515,9 @@ behind a firewall or a VPN.</string>
<property name="contextMenuPolicy"> <property name="contextMenuPolicy">
<enum>Qt::CustomContextMenu</enum> <enum>Qt::CustomContextMenu</enum>
</property> </property>
<property name="toolTip">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;This list get automatically filled from information gathered at multiple sources: masquerading peers reported by the DHT, IP ranged entered by you, and IP ranges reported by your friends. &lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="alternatingRowColors"> <property name="alternatingRowColors">
<bool>true</bool> <bool>true</bool>
</property> </property>
@ -554,14 +557,51 @@ behind a firewall or a VPN.</string>
<item> <item>
<widget class="QCheckBox" name="includeFromFriends_CB"> <widget class="QCheckBox" name="includeFromFriends_CB">
<property name="text"> <property name="text">
<string> Automatically include the IPs denied by your friends</string> <string>Include the IPs reported by your friends</string>
</property> </property>
</widget> </widget>
</item> </item>
<item>
<layout class="QHBoxLayout" name="horizontalLayout_11">
<item>
<widget class="QCheckBox" name="groupIPRanges_CB">
<property name="text">
<string>Group IPs by ranges when at least :</string>
</property>
</widget>
</item>
<item>
<widget class="QSpinBox" name="groupIPRanges_SB">
<property name="suffix">
<string> IPs</string>
</property>
<property name="minimum">
<number>2</number>
</property>
<property name="maximum">
<number>255</number>
</property>
</widget>
</item>
<item>
<spacer name="horizontalSpacer_2">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
</layout>
</item>
<item> <item>
<widget class="QCheckBox" name="includeFromDHT_CB"> <widget class="QCheckBox" name="includeFromDHT_CB">
<property name="text"> <property name="text">
<string>Automatically filter suspicious IPs detected by DHT</string> <string>Include masquerading IPs reported by DHT</string>
</property> </property>
</widget> </widget>
</item> </item>