From 87f932f3a4887185a511dc2398b0716c2732f938 Mon Sep 17 00:00:00 2001 From: csoler Date: Thu, 14 May 2015 12:19:44 +0000 Subject: [PATCH] rebased patch 0001-Removed-flawed-logic-samenet-samesubnet-you-cannot-d.patch to new IPv6 branch git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.6-IPv6-2@8233 b45a01b8-16f6-495d-af2f-9b41ad6348cc --- libretroshare/src/pqi/p3linkmgr.cc | 91 +++++------------ libretroshare/src/pqi/p3linkmgr.h | 6 +- libretroshare/src/pqi/pqinetwork.cc | 45 --------- libretroshare/src/pqi/pqinetwork.h | 5 +- libretroshare/src/pqi/pqissl.cc | 13 +-- libretroshare/src/pqi/pqissl.h | 2 - libretroshare/src/tests/pqi/TestNotes.txt | 2 - libretroshare/src/tests/pqi/net_test.cc | 5 - libretroshare/src/tests/pqi/net_test1.cc | 59 ----------- libretroshare/src/util/rsnet.h | 2 - libretroshare/src/util/rsnet_ss.cc | 116 ---------------------- 11 files changed, 32 insertions(+), 314 deletions(-) diff --git a/libretroshare/src/pqi/p3linkmgr.cc b/libretroshare/src/pqi/p3linkmgr.cc index 54010a618..4df7018b7 100644 --- a/libretroshare/src/pqi/p3linkmgr.cc +++ b/libretroshare/src/pqi/p3linkmgr.cc @@ -1687,7 +1687,7 @@ bool p3LinkMgrIMPL::retryConnectTCP(const RsPeerId &id) #define MAX_TCP_ADDR_AGE (3600 * 24 * 14) // two weeks in seconds. -bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &addr, time_t age) +bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &addr, time_t age) { #ifdef LINKMGR_DEBUG std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr("; @@ -1697,9 +1697,9 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad #endif /* - * if it is old - quick rejection + * if it is old - quick rejection */ - if (age > MAX_TCP_ADDR_AGE) + if ( age > MAX_TCP_ADDR_AGE ) { #ifdef LINKMGR_DEBUG std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() REJECTING - TOO OLD"; @@ -1708,13 +1708,8 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad return false; } - bool isValid = sockaddr_storage_isValidNet(addr); - bool isLoopback = sockaddr_storage_isLoopbackNet(addr); - // bool isPrivate = sockaddr_storage_isPrivateNet(addr); - bool isExternal = sockaddr_storage_isExternalNet(addr); - /* if invalid - quick rejection */ - if (!isValid) + if ( ! sockaddr_storage_isValidNet(addr) ) { #ifdef LINKMGR_DEBUG std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() REJECTING - INVALID"; @@ -1723,9 +1718,27 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad return false; } - /* if it is on the ban list - ignore */ - /* checks - is it the dreaded 1.0.0.0 */ + /* if loopback, then okay - probably proxy connection (or local testing). */ + if ( sockaddr_storage_isLoopbackNet(addr) ) + { +#ifdef LINKMGR_DEBUG + std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - LOOPBACK"; + std::cerr << std::endl; +#endif + return true; + } + if ( sockaddr_storage_isPrivateNet(addr) ) + { +#ifdef LINKMGR_DEBUG + std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - PRIVATE"; + std::cerr << std::endl; +#endif + return true; + } + + /* if it is on the ban list reject it */ + /* is it the dreaded 1.0.0.0 */ std::list::const_iterator it; for(it = mBannedIpList.begin(); it != mBannedIpList.end(); ++it) { @@ -1739,61 +1752,7 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad } } - - /* if it is an external address, we'll accept it. - * - even it is meant to be a local address. - */ - if (isExternal) - { -#ifdef LINKMGR_DEBUG - std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - EXTERNAL"; - std::cerr << std::endl; -#endif - return true; - } - - - /* if loopback, then okay - probably proxy connection (or local testing). - */ - if (isLoopback) - { -#ifdef LINKMGR_DEBUG - std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - LOOPBACK"; - std::cerr << std::endl; -#endif - return true; - } - - - /* get here, it is private or loopback - * - can only connect to these addresses if we are on the same subnet. - - check net against our local address. - */ - -#ifdef LINKMGR_DEBUG - std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() Checking sameNet against: "; - std::cerr << sockaddr_storage_iptostring(mLocalAddress); - std::cerr << ")"; - std::cerr << std::endl; -#endif - - if (sockaddr_storage_samenet(mLocalAddress, addr)) - { -#ifdef LINKMGR_DEBUG - std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - PRIVATE & sameNET"; - std::cerr << std::endl; -#endif - return true; - } - -#ifdef LINKMGR_DEBUG - std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() REJECTING - PRIVATE & !sameNET"; - std::cerr << std::endl; -#endif - - /* else it fails */ - return false; - + return true; } diff --git a/libretroshare/src/pqi/p3linkmgr.h b/libretroshare/src/pqi/p3linkmgr.h index 95bc5a26a..e3c439a5c 100644 --- a/libretroshare/src/pqi/p3linkmgr.h +++ b/libretroshare/src/pqi/p3linkmgr.h @@ -336,7 +336,11 @@ private: std::list groupList; uint32_t lastGroupId; - /* relatively static list of banned ip addresses */ + /* Relatively static list of banned ip addresses + * TODO: We should use a real bad ip lists, and an appropriated + * data structure to access them, list access is linear time while + * constant or at least logaritmic is possible with hashtable or tree + */ std::list mBannedIpList; }; diff --git a/libretroshare/src/pqi/pqinetwork.cc b/libretroshare/src/pqi/pqinetwork.cc index 54a8a72ef..b54408fd3 100644 --- a/libretroshare/src/pqi/pqinetwork.cc +++ b/libretroshare/src/pqi/pqinetwork.cc @@ -759,51 +759,6 @@ bool getLocalInterfaces(struct sockaddr_storage &existAddr, std::lists_addr); - in_addr_t address2 = htonl(addr2->s_addr); - - // handle case for private net: 172.16.0.0/12 - if (address1>>20 == (172<<4 | 16>>4)) - { - return (address1>>20 == address2>>20); - } - - return (inet_netof(*addr) == inet_netof(*addr2)); -} - - -bool isSameSubnet(struct in_addr *addr1, struct in_addr *addr2) -{ - /* - * check that the (addr1 & 255.255.255.0) == (addr2 & 255.255.255.0) - */ - - unsigned long a1 = ntohl(addr1->s_addr); - unsigned long a2 = ntohl(addr2->s_addr); - - return ((a1 & 0xffffff00) == (a2 & 0xffffff00)); -} - /* This just might be portable!!! will see!!! * Unfortunately this is usable on winXP+, determined by: (_WIN32_WINNT >= 0x0501) * but not older platforms.... which must use gethostbyname. diff --git a/libretroshare/src/pqi/pqinetwork.h b/libretroshare/src/pqi/pqinetwork.h index f8118f7a0..0ba8d26ca 100644 --- a/libretroshare/src/pqi/pqinetwork.h +++ b/libretroshare/src/pqi/pqinetwork.h @@ -97,6 +97,7 @@ extern int errno; /* Define extern errno, to duplicate unix behaviour */ void showSocketError(std::string &out); std::string socket_errorType(int err); + int sockaddr_cmp(struct sockaddr_in &addr1, struct sockaddr_in &addr2 ); int inaddr_cmp(struct sockaddr_in addr1, struct sockaddr_in addr2 ); int inaddr_cmp(struct sockaddr_in addr1, unsigned long); @@ -104,10 +105,6 @@ int inaddr_cmp(struct sockaddr_in addr1, unsigned long); bool getPreferredInterface(struct sockaddr_storage &existAddr, struct sockaddr_storage &prefAddr); // returns best addr. bool getLocalInterfaces(struct sockaddr_storage &existAddr, std::list &addrs); // returns all possible addrs. - // checks (addr1 & 255.255.255.0) == (addr2 & 255.255.255.0) -bool isSameSubnet(struct in_addr *addr1, struct in_addr *addr2); -bool sameNet(const struct in_addr *addr, const struct in_addr *addr2); - in_addr_t pqi_inet_netof(struct in_addr addr); // our implementation. bool LookupDNSAddr(std::string name, struct sockaddr_in &addr); diff --git a/libretroshare/src/pqi/pqissl.cc b/libretroshare/src/pqi/pqissl.cc index 2e0674e6f..64d48557b 100644 --- a/libretroshare/src/pqi/pqissl.cc +++ b/libretroshare/src/pqi/pqissl.cc @@ -99,7 +99,7 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3LinkMgr *lm) sslmode(PQISSL_ACTIVE), ssl_connection(NULL), sockfd(-1), readpkt(NULL), pktlen(0), total_len(0), attempt_ts(0), - sameLAN(false), n_read_zero(0), mReadZeroTS(0), + n_read_zero(0), mReadZeroTS(0), mConnectDelay(0), mConnectTS(0), mConnectTimeout(0), mTimeoutTS(0) { @@ -251,7 +251,6 @@ int pqissl::reset_locked() sockfd = -1; waiting = WAITING_NOT; ssl_connection = NULL; - sameLAN = false; n_read_zero = 0; mReadZeroTS = 0; total_len = 0 ; @@ -1431,22 +1430,12 @@ int pqissl::accept_locked(SSL *ssl, int fd, const struct sockaddr_storage &forei struct sockaddr_storage localaddr; mLinkMgr->getLocalAddress(localaddr); - sameLAN = sockaddr_storage_samesubnet(remote_addr, localaddr); { std::string out = "pqissl::accept() SUCCESSFUL connection to: " + PeerId().toStdString(); out += " localaddr: " + sockaddr_storage_iptostring(localaddr); out += " remoteaddr: " + sockaddr_storage_iptostring(remote_addr); - if (sameLAN) - { - out += " SAME LAN"; - } - else - { - out += " DIFF LANs"; - } - rslog(RSL_WARNING, pqisslzone, out); } diff --git a/libretroshare/src/pqi/pqissl.h b/libretroshare/src/pqi/pqissl.h index 3f72a0534..00b70b262 100644 --- a/libretroshare/src/pqi/pqissl.h +++ b/libretroshare/src/pqi/pqissl.h @@ -195,8 +195,6 @@ virtual int net_internal_fcntl_nonblock(int fd); int attempt_ts; - bool sameLAN; /* flag use to allow high-speed transfers */ - int n_read_zero; /* a counter to determine if the connection is really dead */ time_t mReadZeroTS; /* timestamp of first READ_ZERO occurance */ diff --git a/libretroshare/src/tests/pqi/TestNotes.txt b/libretroshare/src/tests/pqi/TestNotes.txt index 880eae3ca..655c9d7bc 100644 --- a/libretroshare/src/tests/pqi/TestNotes.txt +++ b/libretroshare/src/tests/pqi/TestNotes.txt @@ -70,9 +70,7 @@ Description: (1) isExternalNet() (2) isPrivateNet() (3) isLoopbackNet() -(4) sameNet() (5) isValidNet() -(6) isSameSubnet() (7) pqi_inet_netof() ------------------------------------------------------------ diff --git a/libretroshare/src/tests/pqi/net_test.cc b/libretroshare/src/tests/pqi/net_test.cc index 50dd6477a..0610b40fd 100644 --- a/libretroshare/src/tests/pqi/net_test.cc +++ b/libretroshare/src/tests/pqi/net_test.cc @@ -227,13 +227,8 @@ bool isExternalNet(struct in_addr *addr); // if Valid & is not Private or Loo bool isPrivateNet(struct in_addr *addr); // if inside 10.0.0.0 or // other then firewalled. bool isLoopbackNet(struct in_addr *addr); -bool sameNet(struct in_addr *addr, struct in_addr *addr2); bool isValidNet(struct in_addr *addr); - // checks (addr1 & 255.255.255.0) == (addr2 & 255.255.255.0) -bool isSameSubnet(struct in_addr *addr1, struct in_addr *addr2); - - struct in_addr getPreferredInterface(); // returns best addr. in_addr_t pqi_inet_netof(struct in_addr addr); // our implementation. diff --git a/libretroshare/src/tests/pqi/net_test1.cc b/libretroshare/src/tests/pqi/net_test1.cc index 599bacbf2..13c7c51ba 100644 --- a/libretroshare/src/tests/pqi/net_test1.cc +++ b/libretroshare/src/tests/pqi/net_test1.cc @@ -53,9 +53,7 @@ const char * invalid_addrstr = "AAA.BBB.256.256"; int test_isExternalNet(); int test_isPrivateNet(); int test_isLoopbackNet(); -int test_sameNet(); int test_isValidNet(); -int test_isSameSubnet(); int test_pqi_inet_netof(); INITTEST(); @@ -67,9 +65,7 @@ int main(int argc, char **argv) test_isExternalNet(); test_isPrivateNet(); test_isLoopbackNet(); - test_sameNet(); test_isValidNet(); - test_isSameSubnet(); test_pqi_inet_netof(); FINALREPORT("net_test1"); @@ -158,42 +154,6 @@ int test_isLoopbackNet() return 1; } -int test_sameNet() -{ - struct in_addr localnet1_addr; - struct in_addr localnet2_addr; - struct in_addr localnet3_addr; - struct in_addr localnet4_addr; - struct in_addr localnet5_addr; - struct in_addr localnet6_addr; - struct in_addr localnet7_addr; - struct in_addr localnet8_addr; - struct in_addr external_addr; - - inet_aton(localnet1_addrstr, &localnet1_addr); - inet_aton(localnet2_addrstr, &localnet2_addr); - inet_aton(localnet3_addrstr, &localnet3_addr); - inet_aton(localnet4_addrstr, &localnet4_addr); - inet_aton(localnet5_addrstr, &localnet5_addr); - inet_aton(localnet6_addrstr, &localnet6_addr); - inet_aton(localnet7_addrstr, &localnet7_addr); - inet_aton(localnet8_addrstr, &localnet8_addr); - inet_aton(external_addrstr, &external_addr); - - CHECK(sameNet(&localnet1_addr, &localnet5_addr)==true); - CHECK(sameNet(&localnet2_addr, &localnet6_addr)==true); - CHECK(sameNet(&localnet3_addr, &localnet7_addr)==true); - CHECK(sameNet(&localnet4_addr, &localnet8_addr)==true); - CHECK(sameNet(&localnet1_addr, &external_addr)==false); - CHECK(sameNet(&localnet2_addr, &external_addr)==false); - CHECK(sameNet(&localnet3_addr, &external_addr)==false); - CHECK(sameNet(&localnet4_addr, &external_addr)==false); - - REPORT("sameNet()"); - - return 1; -} - int test_isValidNet() { struct in_addr localnet1_addr; @@ -211,25 +171,6 @@ int test_isValidNet() return 1; } -int test_isSameSubnet() -{ - struct in_addr localnet1_addr; - struct in_addr classc1_addr; - struct in_addr classc2_addr; - - inet_aton(localnet1_addrstr, &localnet1_addr); - //random class C addresses - inet_aton("197.67.28.93", &classc1_addr); - inet_aton("197.67.28.3", &classc2_addr); - - CHECK(isSameSubnet(&localnet1_addr, &classc1_addr)==false); - CHECK(isSameSubnet(&classc1_addr, &classc2_addr)==true); - - REPORT("isSameSubnet()"); - - return 1; -} - int test_pqi_inet_netof() { struct in_addr localnet1_addr; diff --git a/libretroshare/src/util/rsnet.h b/libretroshare/src/util/rsnet.h index 2bc06e1cd..2fc66ed2f 100644 --- a/libretroshare/src/util/rsnet.h +++ b/libretroshare/src/util/rsnet.h @@ -104,8 +104,6 @@ bool operator<(const struct sockaddr_storage &a, const struct sockaddr_storage & bool sockaddr_storage_same(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); bool sockaddr_storage_samefamily(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); bool sockaddr_storage_sameip(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); -bool sockaddr_storage_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); -bool sockaddr_storage_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); // string, std::string sockaddr_storage_tostring(const struct sockaddr_storage &addr); diff --git a/libretroshare/src/util/rsnet_ss.cc b/libretroshare/src/util/rsnet_ss.cc index e89b7dd0b..be872c709 100644 --- a/libretroshare/src/util/rsnet_ss.cc +++ b/libretroshare/src/util/rsnet_ss.cc @@ -56,15 +56,10 @@ bool sockaddr_storage_ipv6_setport(struct sockaddr_storage &addr, uint16_t port) bool sockaddr_storage_ipv4_lessthan(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); bool sockaddr_storage_ipv4_same(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); bool sockaddr_storage_ipv4_sameip(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); -bool sockaddr_storage_ipv4_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); -bool sockaddr_storage_ipv4_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); bool sockaddr_storage_ipv6_lessthan(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); bool sockaddr_storage_ipv6_same(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); bool sockaddr_storage_ipv6_sameip(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); -bool sockaddr_storage_ipv6_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); -bool sockaddr_storage_ipv6_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2); - /********************************* Output ***********************************/ std::string sockaddr_storage_ipv4_iptostring(const struct sockaddr_storage &addr); @@ -364,59 +359,6 @@ bool sockaddr_storage_sameip(const struct sockaddr_storage &addr, const struct s } -bool sockaddr_storage_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2) -{ -#ifdef SS_DEBUG - std::cerr << "sockaddr_storage_samenet()"; - std::cerr << std::endl; -#endif - - if (!sockaddr_storage_samefamily(addr, addr2)) - return false; - - switch(addr.ss_family) - { - case AF_INET: - return sockaddr_storage_ipv4_samenet(addr, addr2); - break; - case AF_INET6: - return sockaddr_storage_ipv6_samenet(addr, addr2); - break; - default: - std::cerr << "sockaddr_storage_samenet() INVALID Family - error"; - std::cerr << std::endl; - break; - } - return false; -} - -bool sockaddr_storage_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2) -{ -#ifdef SS_DEBUG - std::cerr << "sockaddr_storage_samesubnet()"; - std::cerr << std::endl; -#endif - - if (!sockaddr_storage_samefamily(addr, addr2)) - return false; - - switch(addr.ss_family) - { - case AF_INET: - return sockaddr_storage_ipv4_samesubnet(addr, addr2); - break; - case AF_INET6: - return sockaddr_storage_ipv6_samesubnet(addr, addr2); - break; - default: - std::cerr << "sockaddr_storage_samesubnet() INVALID Family - error"; - std::cerr << std::endl; - break; - } - return false; -} - - /********************************* Output ***********************************/ std::string sockaddr_storage_tostring(const struct sockaddr_storage &addr) @@ -794,37 +736,6 @@ bool sockaddr_storage_ipv4_sameip(const struct sockaddr_storage &addr, const str } -bool sockaddr_storage_ipv4_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2) -{ - (void) addr; - (void) addr2; - -#ifdef SS_DEBUG - std::cerr << "sockaddr_storage_ipv4_samenet()"; - std::cerr << std::endl; -#endif - - - const struct sockaddr_in *ptr1 = to_const_ipv4_ptr(addr); - const struct sockaddr_in *ptr2 = to_const_ipv4_ptr(addr2); - return sameNet(&(ptr1->sin_addr),&(ptr2->sin_addr)); -} - -bool sockaddr_storage_ipv4_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2) -{ - (void) addr; - (void) addr2; - -#ifdef SS_DEBUG - std::cerr << "sockaddr_storage_ipv4_samesubnet() using pqinetwork::isSameSubnet()"; - std::cerr << std::endl; -#endif - - const struct sockaddr_in *ptr1 = to_const_ipv4_ptr(addr); - const struct sockaddr_in *ptr2 = to_const_ipv4_ptr(addr2); - return isSameSubnet((struct in_addr *) &(ptr1->sin_addr),(struct in_addr *) &(ptr2->sin_addr)); -} - // IPV6 bool sockaddr_storage_ipv6_lessthan(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2) { @@ -887,33 +798,6 @@ bool sockaddr_storage_ipv6_sameip(const struct sockaddr_storage &addr, const str } -bool sockaddr_storage_ipv6_samenet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2) -{ - (void) addr; - (void) addr2; - -#ifdef SS_DEBUG - std::cerr << "sockaddr_storage_ipv6_samenet() TODO"; - std::cerr << std::endl; -#endif - - return false; -} - -bool sockaddr_storage_ipv6_samesubnet(const struct sockaddr_storage &addr, const struct sockaddr_storage &addr2) -{ - (void) addr; - (void) addr2; - -#ifdef SS_DEBUG - std::cerr << "sockaddr_storage_ipv6_samesubnet() TODO"; - std::cerr << std::endl; -#endif - - return false; -} - - /********************************* Output ***********************************/ std::string sockaddr_storage_ipv4_iptostring(const struct sockaddr_storage &addr) {