Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-06-19 11:54:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

switch from rsDht to rsBanList to decide on adding friend IP

Browse source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8328 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2015-05-31 19:52:51 +00:00
parent db40002dda
commit e65785e1bc
6 changed files with 109 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

7
libretroshare/src/pqi/p3linkmgr.cc
View file

@ -48,6 +48,7 @@ const int p3connectzone = 3431;
#include "retroshare/rsiface.h" #include "retroshare/rsiface.h"
#include "retroshare/rspeers.h" #include "retroshare/rspeers.h"
#include "retroshare/rsdht.h" #include "retroshare/rsdht.h"
#include "retroshare/rsbanlist.h"
/* Network setup States */ /* Network setup States */
@ -1726,9 +1727,6 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad
return false; return false;
} }
/* if it is on the ban list - ignore */
/* checks - is it the dreaded 1.0.0.0 */
std::list<struct sockaddr_storage>::const_iterator it; std::list<struct sockaddr_storage>::const_iterator it;
for(it = mBannedIpList.begin(); it != mBannedIpList.end(); ++it) for(it = mBannedIpList.begin(); it != mBannedIpList.end(); ++it)
{ {
@ -1746,13 +1744,12 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad
} }
} }
if(rsDht != NULL && rsDht->isAddressBanned(addr)) if(rsBanList != NULL && !rsBanList->isAddressAccepted(addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST))
{ {
#ifdef LINKMGR_DEBUG #ifdef LINKMGR_DEBUG
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() adding to local Banned IPList"; std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() adding to local Banned IPList";
std::cerr << std::endl; std::cerr << std::endl;
#endif #endif
mBannedIpList.push_back(addr) ;
return false ; return false ;
} }

6
libretroshare/src/pqi/p3peermgr.cc
View file

@ -994,11 +994,9 @@ bool p3PeerMgrIMPL::UpdateOwnAddress(const struct sockaddr_storage &localAddr,
std::cerr << ")" << std::endl; std::cerr << ")" << std::endl;
#endif #endif
uint32_t banlist_response ; if(!rsBanList->isAddressAccepted(localAddr, RSBANLIST_CHECKING_FLAGS_BLACKLIST))
if(!rsBanList->isAddressAccepted(localAddr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, banlist_response))
{ {
std::cerr << "(SS) Trying to set own IP to a banned IP " << sockaddr_storage_iptostring(localAddr) << ". Attack?" << std::endl; std::cerr << "(SS) Trying to set own IP to a banned IP " << sockaddr_storage_iptostring(localAddr) << ". This probably means that a friend in under traffic re-routing attack." << std::endl;
return false ; return false ;
} }

10
libretroshare/src/pqi/pqissl.cc
View file

@ -1313,17 +1313,11 @@ int pqissl::Authorise_SSL_Connection()
uint32_t check_result ; uint32_t check_result ;
if(!rsBanList->isAddressAccepted(remote_addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,check_result)) if(!rsBanList->isAddressAccepted(remote_addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,&check_result))
{ {
std::cerr << "(SS) connection attempt from banned IP address. Refusing it. Reason: " << check_result << ". Attack??" << std::endl; std::cerr << "(SS) connection attempt from banned IP address. Refusing it. Reason: " << check_result << ". Attack??" << std::endl;
reset_locked(); reset_locked();
return 0 ; return 0 ;
}
if(rsDht->isAddressBanned(remote_addr))
{
std::cerr << "(SS) connection attempt from banned IP address. Refusing it. Attack??" << std::endl;
reset_locked();
return 0 ;
} }
// check it's the right one. // check it's the right one.
if (certCorrect) if (certCorrect)
@ -1361,7 +1355,7 @@ int pqissl::accept_locked(SSL *ssl, int fd, const struct sockaddr_storage &forei
{ {
uint32_t check_result; uint32_t check_result;
if(!rsBanList->isAddressAccepted(foreign_addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,check_result)) if(!rsBanList->isAddressAccepted(foreign_addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,&check_result))
{ {
std::cerr << "(SS) refusing incoming SSL connection from blacklisted foreign address " << sockaddr_storage_iptostring(foreign_addr) std::cerr << "(SS) refusing incoming SSL connection from blacklisted foreign address " << sockaddr_storage_iptostring(foreign_addr)
<< ". Reason: " << check_result << "." << std::endl; << ". Reason: " << check_result << "." << std::endl;

2
libretroshare/src/retroshare/rsbanlist.h
View file

@ -99,7 +99,7 @@ public:
// check_result: returned result of the check in RSBANLIST_CHECK_RESULT_* // check_result: returned result of the check in RSBANLIST_CHECK_RESULT_*
// returned value: true=address is accepted, false=address is rejected. // returned value: true=address is accepted, false=address is rejected.
virtual bool isAddressAccepted(const struct sockaddr_storage& addr,uint32_t checking_flags,uint32_t& check_result) =0; virtual bool isAddressAccepted(const struct sockaddr_storage& addr,uint32_t checking_flags,uint32_t *check_result=NULL) =0;
virtual void getBannedIps(std::list<BanListPeer>& list) =0; virtual void getBannedIps(std::list<BanListPeer>& list) =0;
virtual void getWhiteListedIps(std::list<BanListPeer>& list) =0; virtual void getWhiteListedIps(std::list<BanListPeer>& list) =0;

43
libretroshare/src/services/p3banlist.cc
View file

@ -239,9 +239,10 @@ void p3BanList::autoFigureOutBanRanges()
condenseBanSources_locked() ; condenseBanSources_locked() ;
} }
bool p3BanList::isAddressAccepted(const sockaddr_storage &addr, uint32_t checking_flags,uint32_t& check_result) bool p3BanList::isAddressAccepted(const sockaddr_storage &addr, uint32_t checking_flags,uint32_t *check_result)
{ {
check_result = RSBANLIST_CHECK_RESULT_NOCHECK ; if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_NOCHECK ;
if(!mIPFilteringEnabled) if(!mIPFilteringEnabled)
return true ; return true ;
@ -261,14 +262,16 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &addr, uint32_t checkin
if(white_list_found) if(white_list_found)
{ {
check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ; if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
std::cerr << ". Address is in whitelist. Accepting" << std::endl; std::cerr << ". Address is in whitelist. Accepting" << std::endl;
return true ; return true ;
} }
if(checking_flags & RSBANLIST_CHECKING_FLAGS_WHITELIST) if(checking_flags & RSBANLIST_CHECKING_FLAGS_WHITELIST)
{ {
check_result = RSBANLIST_CHECK_RESULT_NOT_WHITELISTED ; if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_NOT_WHITELISTED ;
std::cerr << ". Address is not whitelist, and whitelist is required. Rejecting" << std::endl; std::cerr << ". Address is not whitelist, and whitelist is required. Rejecting" << std::endl;
return false ; return false ;
} }
@ -276,6 +279,8 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &addr, uint32_t checkin
if(!(checking_flags & RSBANLIST_CHECKING_FLAGS_BLACKLIST)) if(!(checking_flags & RSBANLIST_CHECKING_FLAGS_BLACKLIST))
{ {
std::cerr << ". No blacklisting required. Accepting." << std::endl; std::cerr << ". No blacklisting required. Accepting." << std::endl;
if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
return true; return true;
} }
@ -287,7 +292,8 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &addr, uint32_t checkin
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/16. returning false. attempts=" << it->second.connect_attempts << std::endl; std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/16. returning false. attempts=" << it->second.connect_attempts << std::endl;
#endif #endif
check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ; if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
return false ; return false ;
} }
@ -297,7 +303,8 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &addr, uint32_t checkin
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << "found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/24. returning false. attempts=" << it->second.connect_attempts << std::endl; std::cerr << "found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/24. returning false. attempts=" << it->second.connect_attempts << std::endl;
#endif #endif
check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ; if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
return false ; return false ;
} }
@ -307,14 +314,16 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &addr, uint32_t checkin
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << "found as blacklisted address " << sockaddr_storage_iptostring(it->first) << ". returning false. attempts=" << it->second.connect_attempts << std::endl; std::cerr << "found as blacklisted address " << sockaddr_storage_iptostring(it->first) << ". returning false. attempts=" << it->second.connect_attempts << std::endl;
#endif #endif
check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ; if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
return false ; return false ;
} }
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << " not blacklisted. Accepting." << std::endl; std::cerr << " not blacklisted. Accepting." << std::endl;
#endif #endif
check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ; if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
return true ; return true ;
} }
void p3BanList::getWhiteListedIps(std::list<BanListPeer> &lst) void p3BanList::getWhiteListedIps(std::list<BanListPeer> &lst)
@ -792,6 +801,21 @@ bool p3BanList::addBanEntry(const RsPeerId &peerId, const struct sockaddr_storag
return updated; return updated;
} }
bool p3BanList::isWhiteListed_locked(const sockaddr_storage& addr)
{
if(mWhiteListedRanges.find(addr) != mWhiteListedRanges.end())
return true ;
if(mWhiteListedRanges.find(makeBitsRange(addr,1)) != mWhiteListedRanges.end())
return true ;
if(mWhiteListedRanges.find(makeBitsRange(addr,2)) != mWhiteListedRanges.end())
return true ;
return false ;
}
/*** /***
* EXTRA DEBUGGING. * EXTRA DEBUGGING.
* #define DEBUG_BANLIST_CONDENSE 1 * #define DEBUG_BANLIST_CONDENSE 1
@ -856,6 +880,9 @@ int p3BanList::condenseBanSources_locked()
sockaddr_storage_copyip(bannedaddr, lit->second.addr); sockaddr_storage_copyip(bannedaddr, lit->second.addr);
sockaddr_storage_setport(bannedaddr, 0); sockaddr_storage_setport(bannedaddr, 0);
if(isWhiteListed_locked(bannedaddr))
continue ;
/* check if it exists in the Set already */ /* check if it exists in the Set already */
std::map<struct sockaddr_storage, BanListPeer>::iterator sit; std::map<struct sockaddr_storage, BanListPeer>::iterator sit;
sit = mBanSet.find(bannedaddr); sit = mBanSet.find(bannedaddr);

3
libretroshare/src/services/p3banlist.h
View file

@ -61,7 +61,7 @@ public:
/***** overloaded from RsBanList *****/ /***** overloaded from RsBanList *****/
virtual bool isAddressAccepted(const struct sockaddr_storage& addr, uint32_t checking_flags,uint32_t& check_result) ; virtual bool isAddressAccepted(const struct sockaddr_storage& addr, uint32_t checking_flags,uint32_t *check_result=NULL) ;
virtual void getBannedIps(std::list<BanListPeer>& list) ; virtual void getBannedIps(std::list<BanListPeer>& list) ;
virtual void getWhiteListedIps(std::list<BanListPeer>& list) ; virtual void getWhiteListedIps(std::list<BanListPeer>& list) ;
@ -137,6 +137,7 @@ private:
int condenseBanSources_locked(); int condenseBanSources_locked();
int printBanSources_locked(std::ostream &out); int printBanSources_locked(std::ostream &out);
int printBanSet_locked(std::ostream &out); int printBanSet_locked(std::ostream &out);
bool isWhiteListed_locked(const sockaddr_storage &addr);
time_t mSentListTime; time_t mSentListTime;
std::map<RsPeerId, BanList> mBanSources; std::map<RsPeerId, BanList> mBanSources;