rebased patch 0001-Removed-flawed-logic-samenet-samesubnet-you-cannot-d.patch to new IPv6 branch

git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.6-IPv6-2@8233 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2015-05-14 12:19:44 +00:00
parent c854139d65
commit 87f932f3a4
11 changed files with 32 additions and 314 deletions

View file

@ -1687,7 +1687,7 @@ bool p3LinkMgrIMPL::retryConnectTCP(const RsPeerId &id)
#define MAX_TCP_ADDR_AGE (3600 * 24 * 14) // two weeks in seconds.
bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &addr, time_t age)
bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &addr, time_t age)
{
#ifdef LINKMGR_DEBUG
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr(";
@ -1697,9 +1697,9 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad
#endif
/*
* if it is old - quick rejection
* if it is old - quick rejection
*/
if (age > MAX_TCP_ADDR_AGE)
if ( age > MAX_TCP_ADDR_AGE )
{
#ifdef LINKMGR_DEBUG
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() REJECTING - TOO OLD";
@ -1708,13 +1708,8 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad
return false;
}
bool isValid = sockaddr_storage_isValidNet(addr);
bool isLoopback = sockaddr_storage_isLoopbackNet(addr);
// bool isPrivate = sockaddr_storage_isPrivateNet(addr);
bool isExternal = sockaddr_storage_isExternalNet(addr);
/* if invalid - quick rejection */
if (!isValid)
if ( ! sockaddr_storage_isValidNet(addr) )
{
#ifdef LINKMGR_DEBUG
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() REJECTING - INVALID";
@ -1723,9 +1718,27 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad
return false;
}
/* if it is on the ban list - ignore */
/* checks - is it the dreaded 1.0.0.0 */
/* if loopback, then okay - probably proxy connection (or local testing). */
if ( sockaddr_storage_isLoopbackNet(addr) )
{
#ifdef LINKMGR_DEBUG
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - LOOPBACK";
std::cerr << std::endl;
#endif
return true;
}
if ( sockaddr_storage_isPrivateNet(addr) )
{
#ifdef LINKMGR_DEBUG
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - PRIVATE";
std::cerr << std::endl;
#endif
return true;
}
/* if it is on the ban list reject it */
/* is it the dreaded 1.0.0.0 */
std::list<struct sockaddr_storage>::const_iterator it;
for(it = mBannedIpList.begin(); it != mBannedIpList.end(); ++it)
{
@ -1739,61 +1752,7 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad
}
}
/* if it is an external address, we'll accept it.
* - even it is meant to be a local address.
*/
if (isExternal)
{
#ifdef LINKMGR_DEBUG
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - EXTERNAL";
std::cerr << std::endl;
#endif
return true;
}
/* if loopback, then okay - probably proxy connection (or local testing).
*/
if (isLoopback)
{
#ifdef LINKMGR_DEBUG
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - LOOPBACK";
std::cerr << std::endl;
#endif
return true;
}
/* get here, it is private or loopback
* - can only connect to these addresses if we are on the same subnet.
- check net against our local address.
*/
#ifdef LINKMGR_DEBUG
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() Checking sameNet against: ";
std::cerr << sockaddr_storage_iptostring(mLocalAddress);
std::cerr << ")";
std::cerr << std::endl;
#endif
if (sockaddr_storage_samenet(mLocalAddress, addr))
{
#ifdef LINKMGR_DEBUG
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - PRIVATE & sameNET";
std::cerr << std::endl;
#endif
return true;
}
#ifdef LINKMGR_DEBUG
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() REJECTING - PRIVATE & !sameNET";
std::cerr << std::endl;
#endif
/* else it fails */
return false;
return true;
}

View file

@ -336,7 +336,11 @@ private:
std::list<RsPeerGroupItem *> groupList;
uint32_t lastGroupId;
/* relatively static list of banned ip addresses */
/* Relatively static list of banned ip addresses
* TODO: We should use a real bad ip lists, and an appropriated
* data structure to access them, list access is linear time while
* constant or at least logaritmic is possible with hashtable or tree
*/
std::list<struct sockaddr_storage> mBannedIpList;
};

View file

@ -759,51 +759,6 @@ bool getLocalInterfaces(struct sockaddr_storage &existAddr, std::list<struct soc
}
bool sameNet(const struct in_addr *addr, const struct in_addr *addr2)
{
#ifdef NET_DEBUG
std::cerr << "sameNet: " << rs_inet_ntoa(*addr);
std::cerr << " VS " << rs_inet_ntoa(*addr2);
std::cerr << std::endl;
#endif
struct in_addr addrnet, addrnet2;
addrnet.s_addr = inet_netof(*addr);
addrnet2.s_addr = inet_netof(*addr2);
#ifdef NET_DEBUG
std::cerr << " (" << rs_inet_ntoa(addrnet);
std::cerr << " =?= " << rs_inet_ntoa(addrnet2);
std::cerr << ")" << std::endl;
#endif
in_addr_t address1 = htonl(addr->s_addr);
in_addr_t address2 = htonl(addr2->s_addr);
// handle case for private net: 172.16.0.0/12
if (address1>>20 == (172<<4 | 16>>4))
{
return (address1>>20 == address2>>20);
}
return (inet_netof(*addr) == inet_netof(*addr2));
}
bool isSameSubnet(struct in_addr *addr1, struct in_addr *addr2)
{
/*
* check that the (addr1 & 255.255.255.0) == (addr2 & 255.255.255.0)
*/
unsigned long a1 = ntohl(addr1->s_addr);
unsigned long a2 = ntohl(addr2->s_addr);
return ((a1 & 0xffffff00) == (a2 & 0xffffff00));
}
/* This just might be portable!!! will see!!!
* Unfortunately this is usable on winXP+, determined by: (_WIN32_WINNT >= 0x0501)
* but not older platforms.... which must use gethostbyname.

View file

@ -97,6 +97,7 @@ extern int errno; /* Define extern errno, to duplicate unix behaviour */
void showSocketError(std::string &out);
std::string socket_errorType(int err);
int sockaddr_cmp(struct sockaddr_in &addr1, struct sockaddr_in &addr2 );
int inaddr_cmp(struct sockaddr_in addr1, struct sockaddr_in addr2 );
int inaddr_cmp(struct sockaddr_in addr1, unsigned long);
@ -104,10 +105,6 @@ int inaddr_cmp(struct sockaddr_in addr1, unsigned long);
bool getPreferredInterface(struct sockaddr_storage &existAddr, struct sockaddr_storage &prefAddr); // returns best addr.
bool getLocalInterfaces(struct sockaddr_storage &existAddr, std::list<struct sockaddr_storage> &addrs); // returns all possible addrs.
// checks (addr1 & 255.255.255.0) == (addr2 & 255.255.255.0)
bool isSameSubnet(struct in_addr *addr1, struct in_addr *addr2);
bool sameNet(const struct in_addr *addr, const struct in_addr *addr2);
in_addr_t pqi_inet_netof(struct in_addr addr); // our implementation.
bool LookupDNSAddr(std::string name, struct sockaddr_in &addr);

View file

@ -99,7 +99,7 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3LinkMgr *lm)
sslmode(PQISSL_ACTIVE), ssl_connection(NULL), sockfd(-1),
readpkt(NULL), pktlen(0), total_len(0),
attempt_ts(0),
sameLAN(false), n_read_zero(0), mReadZeroTS(0),
n_read_zero(0), mReadZeroTS(0),
mConnectDelay(0), mConnectTS(0),
mConnectTimeout(0), mTimeoutTS(0)
{
@ -251,7 +251,6 @@ int pqissl::reset_locked()
sockfd = -1;
waiting = WAITING_NOT;
ssl_connection = NULL;
sameLAN = false;
n_read_zero = 0;
mReadZeroTS = 0;
total_len = 0 ;
@ -1431,22 +1430,12 @@ int pqissl::accept_locked(SSL *ssl, int fd, const struct sockaddr_storage &forei
struct sockaddr_storage localaddr;
mLinkMgr->getLocalAddress(localaddr);
sameLAN = sockaddr_storage_samesubnet(remote_addr, localaddr);
{
std::string out = "pqissl::accept() SUCCESSFUL connection to: " + PeerId().toStdString();
out += " localaddr: " + sockaddr_storage_iptostring(localaddr);
out += " remoteaddr: " + sockaddr_storage_iptostring(remote_addr);
if (sameLAN)
{
out += " SAME LAN";
}
else
{
out += " DIFF LANs";
}
rslog(RSL_WARNING, pqisslzone, out);
}

View file

@ -195,8 +195,6 @@ virtual int net_internal_fcntl_nonblock(int fd);
int attempt_ts;
bool sameLAN; /* flag use to allow high-speed transfers */
int n_read_zero; /* a counter to determine if the connection is really dead */
time_t mReadZeroTS; /* timestamp of first READ_ZERO occurance */

View file

@ -70,9 +70,7 @@ Description:
(1) isExternalNet()
(2) isPrivateNet()
(3) isLoopbackNet()
(4) sameNet()
(5) isValidNet()
(6) isSameSubnet()
(7) pqi_inet_netof()
------------------------------------------------------------

View file

@ -227,13 +227,8 @@ bool isExternalNet(struct in_addr *addr); // if Valid & is not Private or Loo
bool isPrivateNet(struct in_addr *addr); // if inside 10.0.0.0 or
// other then firewalled.
bool isLoopbackNet(struct in_addr *addr);
bool sameNet(struct in_addr *addr, struct in_addr *addr2);
bool isValidNet(struct in_addr *addr);
// checks (addr1 & 255.255.255.0) == (addr2 & 255.255.255.0)
bool isSameSubnet(struct in_addr *addr1, struct in_addr *addr2);
struct in_addr getPreferredInterface(); // returns best addr.
in_addr_t pqi_inet_netof(struct in_addr addr); // our implementation.

View file

@ -53,9 +53,7 @@ const char * invalid_addrstr = "AAA.BBB.256.256";
int test_isExternalNet();
int test_isPrivateNet();
int test_isLoopbackNet();
int test_sameNet();
int test_isValidNet();
int test_isSameSubnet();
int test_pqi_inet_netof();
INITTEST();
@ -67,9 +65,7 @@ int main(int argc, char **argv)
test_isExternalNet();
test_isPrivateNet();
test_isLoopbackNet();
test_sameNet();
test_isValidNet();
test_isSameSubnet();
test_pqi_inet_netof();
FINALREPORT("net_test1");
@ -158,42 +154,6 @@ int test_isLoopbackNet()
return 1;
}
int test_sameNet()
{
struct in_addr localnet1_addr;
struct in_addr localnet2_addr;
struct in_addr localnet3_addr;
struct in_addr localnet4_addr;
struct in_addr localnet5_addr;
struct in_addr localnet6_addr;
struct in_addr localnet7_addr;
struct in_addr localnet8_addr;
struct in_addr external_addr;
inet_aton(localnet1_addrstr, &localnet1_addr);
inet_aton(localnet2_addrstr, &localnet2_addr);
inet_aton(localnet3_addrstr, &localnet3_addr);
inet_aton(localnet4_addrstr, &localnet4_addr);
inet_aton(localnet5_addrstr, &localnet5_addr);
inet_aton(localnet6_addrstr, &localnet6_addr);
inet_aton(localnet7_addrstr, &localnet7_addr);
inet_aton(localnet8_addrstr, &localnet8_addr);
inet_aton(external_addrstr, &external_addr);
CHECK(sameNet(&localnet1_addr, &localnet5_addr)==true);
CHECK(sameNet(&localnet2_addr, &localnet6_addr)==true);
CHECK(sameNet(&localnet3_addr, &localnet7_addr)==true);
CHECK(sameNet(&localnet4_addr, &localnet8_addr)==true);
CHECK(sameNet(&localnet1_addr, &external_addr)==false);
CHECK(sameNet(&localnet2_addr, &external_addr)==false);
CHECK(sameNet(&localnet3_addr, &external_addr)==false);
CHECK(sameNet(&localnet4_addr, &external_addr)==false);
REPORT("sameNet()");
return 1;
}
int test_isValidNet()
{
struct in_addr localnet1_addr;
@ -211,25 +171,6 @@ int test_isValidNet()
return 1;
}
int test_isSameSubnet()
{
struct in_addr localnet1_addr;
struct in_addr classc1_addr;
struct in_addr classc2_addr;
inet_aton(localnet1_addrstr, &localnet1_addr);
//random class C addresses
inet_aton("197.67.28.93", &classc1_addr);
inet_aton("197.67.28.3", &classc2_addr);
CHECK(isSameSubnet(&localnet1_addr, &classc1_addr)==false);
CHECK(isSameSubnet(&classc1_addr, &classc2_addr)==true);
REPORT("isSameSubnet()");
return 1;
}
int test_pqi_inet_netof()
{
struct in_addr localnet1_addr;

View file

@ -104,8 +104,6 @@ bool operator<(const struct sockaddr_storage &a, const struct sockaddr_storage &
bool sockaddr_storage_same(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_samefamily(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_sameip(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
// string,
std::string sockaddr_storage_tostring(const struct sockaddr_storage &addr);

View file

@ -56,15 +56,10 @@ bool sockaddr_storage_ipv6_setport(struct sockaddr_storage &addr, uint16_t port)
bool sockaddr_storage_ipv4_lessthan(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_ipv4_same(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_ipv4_sameip(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_ipv4_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_ipv4_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_ipv6_lessthan(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_ipv6_same(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_ipv6_sameip(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_ipv6_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
bool sockaddr_storage_ipv6_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2);
/********************************* Output ***********************************/
std::string sockaddr_storage_ipv4_iptostring(const struct sockaddr_storage &addr);
@ -364,59 +359,6 @@ bool sockaddr_storage_sameip(const struct sockaddr_storage &addr, const struct s
}
bool sockaddr_storage_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2)
{
#ifdef SS_DEBUG
std::cerr << "sockaddr_storage_samenet()";
std::cerr << std::endl;
#endif
if (!sockaddr_storage_samefamily(addr, addr2))
return false;
switch(addr.ss_family)
{
case AF_INET:
return sockaddr_storage_ipv4_samenet(addr, addr2);
break;
case AF_INET6:
return sockaddr_storage_ipv6_samenet(addr, addr2);
break;
default:
std::cerr << "sockaddr_storage_samenet() INVALID Family - error";
std::cerr << std::endl;
break;
}
return false;
}
bool sockaddr_storage_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2)
{
#ifdef SS_DEBUG
std::cerr << "sockaddr_storage_samesubnet()";
std::cerr << std::endl;
#endif
if (!sockaddr_storage_samefamily(addr, addr2))
return false;
switch(addr.ss_family)
{
case AF_INET:
return sockaddr_storage_ipv4_samesubnet(addr, addr2);
break;
case AF_INET6:
return sockaddr_storage_ipv6_samesubnet(addr, addr2);
break;
default:
std::cerr << "sockaddr_storage_samesubnet() INVALID Family - error";
std::cerr << std::endl;
break;
}
return false;
}
/********************************* Output ***********************************/
std::string sockaddr_storage_tostring(const struct sockaddr_storage &addr)
@ -794,37 +736,6 @@ bool sockaddr_storage_ipv4_sameip(const struct sockaddr_storage &addr, const str
}
bool sockaddr_storage_ipv4_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2)
{
(void) addr;
(void) addr2;
#ifdef SS_DEBUG
std::cerr << "sockaddr_storage_ipv4_samenet()";
std::cerr << std::endl;
#endif
const struct sockaddr_in *ptr1 = to_const_ipv4_ptr(addr);
const struct sockaddr_in *ptr2 = to_const_ipv4_ptr(addr2);
return sameNet(&(ptr1->sin_addr),&(ptr2->sin_addr));
}
bool sockaddr_storage_ipv4_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2)
{
(void) addr;
(void) addr2;
#ifdef SS_DEBUG
std::cerr << "sockaddr_storage_ipv4_samesubnet() using pqinetwork::isSameSubnet()";
std::cerr << std::endl;
#endif
const struct sockaddr_in *ptr1 = to_const_ipv4_ptr(addr);
const struct sockaddr_in *ptr2 = to_const_ipv4_ptr(addr2);
return isSameSubnet((struct in_addr *) &(ptr1->sin_addr),(struct in_addr *) &(ptr2->sin_addr));
}
// IPV6
bool sockaddr_storage_ipv6_lessthan(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2)
{
@ -887,33 +798,6 @@ bool sockaddr_storage_ipv6_sameip(const struct sockaddr_storage &addr, const str
}
bool sockaddr_storage_ipv6_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2)
{
(void) addr;
(void) addr2;
#ifdef SS_DEBUG
std::cerr << "sockaddr_storage_ipv6_samenet() TODO";
std::cerr << std::endl;
#endif
return false;
}
bool sockaddr_storage_ipv6_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2)
{
(void) addr;
(void) addr2;
#ifdef SS_DEBUG
std::cerr << "sockaddr_storage_ipv6_samesubnet() TODO";
std::cerr << std::endl;
#endif
return false;
}
/********************************* Output ***********************************/
std::string sockaddr_storage_ipv4_iptostring(const struct sockaddr_storage &addr)
{