added whitelist system and GUI for it. Not used in pqissl yet.

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8319 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2024-10-01 02:35:48 -04:00 · 2015-05-30 13:57:10 +00:00 · 2015-05-30 13:57:10 +00:00 · f699855b7d
commit f699855b7d
parent 0a42b334ae
6 changed files with 477 additions and 235 deletions
--- a/libretroshare/src/retroshare/rsbanlist.h
+++ b/libretroshare/src/retroshare/rsbanlist.h
@ -80,10 +80,25 @@ public:
    virtual void enableIPFiltering(bool b) =0;
    virtual bool ipFilteringEnabled() =0;

-    virtual void addIpRange(const struct sockaddr_storage& addr,int masked_bytes,const std::string& comment) =0;
+    // addIpRange()/removeIpRange()
+    // 	addr: 		full IPv4 address. Port is ignored.
+    // 	masked_bytes: 	0=full IP, 1="/24", 2="/16"
+    // 	list_type: 	RSBANLIST_CHECKING_FLAGS_BLACKLIST or RSBANLIST_CHECKING_FLAGS_WHITELIST
+    // 	comment: 	anything, user-based.
+
+    virtual void addIpRange(const struct sockaddr_storage& addr,int masked_bytes,uint32_t list_type,const std::string& comment) =0;
+    virtual void removeIpRange(const struct sockaddr_storage& addr,int masked_bytes,uint32_t list_type) =0;
+
+    // isAddressAccepted()
+    // 	addr: 		full IPv4 address. Port is ignored.
+    // 	checking flags: any combination of  RSBANLIST_CHECKING_FLAGS_BLACKLIST and RSBANLIST_CHECKING_FLAGS_WHITELIST
+    // 	check_result: 	returned result of the check in RSBANLIST_CHECK_RESULT_*
+    // 	returned value: true=address is accepted, false=address is rejected.

    virtual bool isAddressAccepted(const struct sockaddr_storage& addr,uint32_t checking_flags,uint32_t& check_result) =0;
-    virtual void getListOfBannedIps(std::list<BanListPeer>& list) =0;
+
+    virtual void getBannedIps(std::list<BanListPeer>& list) =0;
+    virtual void getWhiteListedIps(std::list<BanListPeer>& list) =0;

    virtual bool autoRangeEnabled() =0;
    virtual void enableAutoRange(bool b) =0 ;
--- a/libretroshare/src/services/p3banlist.cc
+++ b/libretroshare/src/services/p3banlist.cc
@ -238,36 +238,38 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &addr, uint32_t checkin
    if(!mIPFilteringEnabled)
        return true ;

+    std::cerr << "isAddressAccepted(): tested addr=" << sockaddr_storage_iptostring(addr) << ", checking flags=" << checking_flags ;
+
    // we should normally work this including entire ranges of IPs. For now, just check the exact IPs.

    sockaddr_storage addr_24 = makeBitsRange(addr,1) ;
    sockaddr_storage addr_16 = makeBitsRange(addr,2) ;

-    if(checking_flags & RSBANLIST_CHECKING_FLAGS_WHITELIST)
+    bool white_list_found = false ;
+
+    white_list_found = white_list_found || (mWhiteListedRanges.find(addr_16) != mWhiteListedRanges.end()) ;
+    white_list_found = white_list_found || (mWhiteListedRanges.find(addr_24) != mWhiteListedRanges.end()) ;
+    white_list_found = white_list_found || (mWhiteListedRanges.find(addr   ) != mWhiteListedRanges.end()) ;
+
+    if(white_list_found)
    {
-        bool found = false ;
-
-        found = found || (mWhiteListedRanges.find(addr   ) != mWhiteListedRanges.end()) ;
-        found = found || (mWhiteListedRanges.find(addr_16) != mWhiteListedRanges.end()) ;
-        found = found || (mWhiteListedRanges.find(addr_24) != mWhiteListedRanges.end()) ;
-
-        if(found)
-        {
-            check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
-            return true ;
-        }
-        else
-        {
-            check_result = RSBANLIST_CHECK_RESULT_NOT_WHITELISTED ;
-            return false ;
-        }
+        check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
+    std::cerr << ". Address is in whitelist. Accepting" << std::endl;
+        return true ;
+    }
+
+    if(checking_flags & RSBANLIST_CHECKING_FLAGS_WHITELIST)
+    {
+        check_result = RSBANLIST_CHECK_RESULT_NOT_WHITELISTED ;
+    std::cerr << ". Address is not whitelist, and whitelist is required. Rejecting" << std::endl;
+        return false ;
    }

-#ifdef DEBUG_BANLIST
-    std::cerr << "p3BanList::isAddressAccepted() testing " << sockaddr_storage_iptostring(addr) << " and range " << sockaddr_storage_iptostring(addr_24) ;
-#endif
    if(!(checking_flags & RSBANLIST_CHECKING_FLAGS_BLACKLIST))
+    {
+        std::cerr << ". No blacklisting required. Accepting." << std::endl;
        return true;
+    }

    std::map<sockaddr_storage,BanListPeer>::iterator it ;

@ -275,7 +277,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &addr, uint32_t checkin
    {
        ++it->second.connect_attempts;
 #ifdef DEBUG_BANLIST
-        std::cerr << " returning false. attempts=" << it->second.connect_attempts << std::endl;
+        std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/16. returning false. attempts=" << it->second.connect_attempts << std::endl;
 #endif
    check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
        return false ;
@ -285,7 +287,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &addr, uint32_t checkin
    {
        ++it->second.connect_attempts;
 #ifdef DEBUG_BANLIST
-        std::cerr << " returning false. attempts=" << it->second.connect_attempts << std::endl;
+        std::cerr << "found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/24.  returning false. attempts=" << it->second.connect_attempts << std::endl;
 #endif
    check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
        return false ;
@ -295,23 +297,31 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &addr, uint32_t checkin
    {
        ++it->second.connect_attempts;
 #ifdef DEBUG_BANLIST
-        std::cerr << " returning false. attempts=" << it->second.connect_attempts << std::endl;
+        std::cerr << "found as blacklisted address " << sockaddr_storage_iptostring(it->first) << ".  returning false. attempts=" << it->second.connect_attempts << std::endl;
 #endif
    check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
        return false ;
    }

 #ifdef DEBUG_BANLIST
-    std::cerr << " returning true " << std::endl;
+    std::cerr << " not blacklisted. Accepting." << std::endl;
 #endif
    check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
    return true ;
 }
-
-void p3BanList::getListOfBannedIps(std::list<BanListPeer> &lst)
+void p3BanList::getWhiteListedIps(std::list<BanListPeer> &lst)
 {
    RS_STACK_MUTEX(mBanMtx) ;

+    lst.clear() ;
+    for(std::map<sockaddr_storage,BanListPeer>::const_iterator it(mWhiteListedRanges.begin());it!=mWhiteListedRanges.end();++it)
+        lst.push_back(it->second) ;
+}
+void p3BanList::getBannedIps(std::list<BanListPeer> &lst)
+{
+    RS_STACK_MUTEX(mBanMtx) ;
+
+    lst.clear() ;
    for(std::map<sockaddr_storage,BanListPeer>::const_iterator it(mBanSet.begin());it!=mBanSet.end();++it)
        if(mBanRanges.find(makeBitsRange(it->first,1)) == mBanRanges.end()
                    && mBanRanges.find(makeBitsRange(it->first,2)) == mBanRanges.end())
@ -321,7 +331,12 @@ void p3BanList::getListOfBannedIps(std::list<BanListPeer> &lst)
        lst.push_back(it->second) ;
 }

-void p3BanList::addIpRange(const sockaddr_storage &addr, int masked_bytes,const std::string& comment)
+void p3BanList::removeIpRange(const struct sockaddr_storage& addr,int masked_bytes,uint32_t list_type)
+{
+#warning NOT IMPLEMENTED YET
+}
+
+void p3BanList::addIpRange(const sockaddr_storage &addr, int masked_bytes,uint32_t list_type,const std::string& comment)
 {
    RS_STACK_MUTEX(mBanMtx) ;

@ -342,10 +357,15 @@ void p3BanList::addIpRange(const sockaddr_storage &addr, int masked_bytes,const

    sockaddr_storage addrrange = makeBitsRange(addr,masked_bytes) ;

-    mBanRanges[addrrange] = blp ;
+    if(list_type == RSBANLIST_CHECKING_FLAGS_BLACKLIST)
+        mBanRanges[addrrange] = blp ;
+    else if(list_type == RSBANLIST_CHECKING_FLAGS_WHITELIST)
+        mWhiteListedRanges[addrrange] = blp ;
+    else
+        std::cerr << "(EE) Cannot add IP range. Bad list_type. Should be eiter RSBANLIST_CHECKING_FLAGS_BLACKLIST or RSBANLIST_CHECKING_FLAGS_WHITELIST" << std::endl;
 }

-int	p3BanList::tick()
+int p3BanList::tick()
 {
    processIncoming();
    sendPackets();
--- a/libretroshare/src/services/p3banlist.h
+++ b/libretroshare/src/services/p3banlist.h
@ -62,9 +62,12 @@ public:
    /***** overloaded from RsBanList *****/

    virtual bool isAddressAccepted(const struct sockaddr_storage& addr, uint32_t checking_flags,uint32_t& check_result) ;
-    virtual void getListOfBannedIps(std::list<BanListPeer>& list) ;

-    virtual void addIpRange(const struct sockaddr_storage& addr,int masked_bytes,const std::string& comment) ;
+    virtual void getBannedIps(std::list<BanListPeer>& list) ;
+    virtual void getWhiteListedIps(std::list<BanListPeer>& list) ;
+
+    virtual void addIpRange(const struct sockaddr_storage& addr,int masked_bytes,uint32_t list_type,const std::string& comment) ;
+    virtual void removeIpRange(const sockaddr_storage &addr, int masked_bytes, uint32_t list_type);

    virtual void enableIPFiltering(bool b) ;
    virtual bool ipFilteringEnabled() ;
--- a/retroshare-gui/src/gui/settings/ServerPage.cpp
+++ b/retroshare-gui/src/gui/settings/ServerPage.cpp
@ -72,12 +72,14 @@ ServerPage::ServerPage(QWidget * parent, Qt::WindowFlags flags)
    ui.filteredIpsTable->verticalHeader()->hide() ;

    QObject::connect(ui.filteredIpsTable,SIGNAL(customContextMenuRequested(const QPoint&)),this,SLOT(ipFilterContextMenu(const QPoint&))) ;
+    QObject::connect(ui.whiteListIpsTable,SIGNAL(customContextMenuRequested(const QPoint&)),this,SLOT(ipWhiteListContextMenu(const QPoint&))) ;
    QObject::connect(ui.denyAll_CB,SIGNAL(toggled(bool)),this,SLOT(toggleIpFiltering(bool)));
    QObject::connect(ui.includeFromDHT_CB,SIGNAL(toggled(bool)),this,SLOT(toggleAutoIncludeDHT(bool)));
    QObject::connect(ui.includeFromFriends_CB,SIGNAL(toggled(bool)),this,SLOT(toggleAutoIncludeFriends(bool)));
    QObject::connect(ui.groupIPRanges_CB,SIGNAL(toggled(bool)),this,SLOT(toggleGroupIps(bool)));
    QObject::connect(ui.groupIPRanges_SB,SIGNAL(valueChanged(int)),this,SLOT(setGroupIpLimit(int)));
-    QObject::connect(ui.ipInputAdd_PB,SIGNAL(clicked()),this,SLOT(addIpRange()));
+    QObject::connect(ui.ipInputAddBlackList_PB,SIGNAL(clicked()),this,SLOT(addIpRangeToBlackList()));
+    QObject::connect(ui.ipInputAddWhiteList_PB,SIGNAL(clicked()),this,SLOT(addIpRangeToWhiteList()));
    QObject::connect(ui.ipInput_LE,SIGNAL(textChanged(const QString&)),this,SLOT(checkIpRange(const QString&)));

   QTimer *timer = new QTimer(this);
@ -171,7 +173,7 @@ void ServerPage::checkIpRange(const QString& ipstr)
    ui.ipInput_LE->setPalette(palette);
 }

-void ServerPage::addIpRange()
+void ServerPage::addIpRangeToBlackList()
 {
    QString ipstr = ui.ipInput_LE->text() ;
    sockaddr_storage addr ;
@ -182,7 +184,21 @@ void ServerPage::addIpRange()

    bytes = 4 - ui.ipInputRange_SB->value()/8;

-    rsBanList->addIpRange(addr,bytes,ui.ipInputComment_LE->text().toStdString());
+    rsBanList->addIpRange(addr,bytes, RSBANLIST_CHECKING_FLAGS_BLACKLIST,ui.ipInputComment_LE->text().toStdString());
+}
+
+void ServerPage::addIpRangeToWhiteList()
+{
+    QString ipstr = ui.ipInput_LE->text() ;
+    sockaddr_storage addr ;
+    int bytes = 0 ;
+
+    if(!parseAddrFromQString(ipstr,addr,bytes) || bytes != 0)
+        return ;
+
+    bytes = 4 - ui.ipInputRange_SB->value()/8;
+
+    rsBanList->addIpRange(addr,bytes, RSBANLIST_CHECKING_FLAGS_WHITELIST,ui.ipInputComment_LE->text().toStdString());
 }

 void ServerPage::clearKnownAddressList()
@ -394,7 +410,8 @@ void ServerPage::loadFilteredIps()
        ui.ipInput_LE->setEnabled(true) ;
        ui.ipInputRange_SB->setEnabled(true) ;
        ui.ipInputComment_LE->setEnabled(true) ;
-        ui.ipInputAdd_PB->setEnabled(true) ;
+        ui.ipInputAddBlackList_PB->setEnabled(true) ;
+        ui.ipInputAddWhiteList_PB->setEnabled(true) ;
        ui.groupIPRanges_CB->setEnabled(true) ;
        ui.groupIPRanges_SB->setEnabled(true) ;
    }
@ -407,7 +424,8 @@ void ServerPage::loadFilteredIps()
        ui.ipInput_LE->setEnabled(false) ;
        ui.ipInputRange_SB->setEnabled(false) ;
        ui.ipInputComment_LE->setEnabled(false) ;
-        ui.ipInputAdd_PB->setEnabled(false) ;
+        ui.ipInputAddBlackList_PB->setEnabled(false) ;
+        ui.ipInputAddWhiteList_PB->setEnabled(true) ;
        ui.groupIPRanges_CB->setEnabled(false) ;
        ui.groupIPRanges_SB->setEnabled(false) ;
    }
@ -418,58 +436,62 @@ void ServerPage::loadFilteredIps()
    ui.groupIPRanges_SB->setValue(rsBanList->autoRangeLimit()) ;

    std::list<BanListPeer> lst ;
-
-    rsBanList->getListOfBannedIps(lst) ;
+    rsBanList->getBannedIps(lst) ;

    ui.filteredIpsTable->setRowCount(lst.size()) ;

-    //std::cerr << "Adding " << lst.size() << " entries to table." << std::endl;
-
    int row = 0 ;
    for(std::list<BanListPeer>::const_iterator it(lst.begin());it!=lst.end();++it,++row)
-    {
-       //std::cerr << "  adding banned lst peer: " << print_addr((*it).addr) << std::endl;
+        addPeerToIPTable(ui.filteredIpsTable,row,*it) ;

-       ui.filteredIpsTable->setItem(row,COLUMN_RANGE,new QTableWidgetItem(QString::fromStdString(print_addr_range((*it).addr,(*it).masked_bytes)))) ;
+    rsBanList->getWhiteListedIps(lst) ;
+    ui.whiteListIpsTable->setRowCount(lst.size()) ;

-       if( (*it).state )
-          ui.filteredIpsTable->setItem(row,COLUMN_STATUS,new QTableWidgetItem(QString("active"))) ;
-       else
-          ui.filteredIpsTable->setItem(row,COLUMN_STATUS,new QTableWidgetItem(QString(""))) ;
-
-       ui.filteredIpsTable->item(row,COLUMN_STATUS)->setData(Qt::UserRole,QVariant( (*it).state )) ;
-
-       switch((*it).level)
-       {
-       case RSBANLIST_ORIGIN_FOF:  ui.filteredIpsTable->setItem(row,COLUMN_ORIGIN,new QTableWidgetItem(QString("From friend of a friend"))) ;
-          break ;
-       case RSBANLIST_ORIGIN_FRIEND:  ui.filteredIpsTable->setItem(row,COLUMN_ORIGIN,new QTableWidgetItem(QString("From friend"))) ;
-          break ;
-       case RSBANLIST_ORIGIN_SELF:  ui.filteredIpsTable->setItem(row,COLUMN_ORIGIN,new QTableWidgetItem(QString("From you"))) ;
-          break ;
-       default:
-       case RSBANLIST_ORIGIN_UNKNOWN:  ui.filteredIpsTable->setItem(row,COLUMN_ORIGIN,new QTableWidgetItem(QString("Unknown"))) ;
-          break ;
-       }
-
-       switch( (*it).reason )
-       {
-       case RSBANLIST_REASON_DHT:  ui.filteredIpsTable->setItem(row,COLUMN_REASON,new QTableWidgetItem(QString("Bad peer (DHT)"))) ;
-          break ;
-       case RSBANLIST_REASON_USER:  ui.filteredIpsTable->setItem(row,COLUMN_REASON,new QTableWidgetItem(QString("Home-made rule"))) ;
-          break ;
-       case RSBANLIST_REASON_AUTO_RANGE:  ui.filteredIpsTable->setItem(row,COLUMN_REASON,new QTableWidgetItem(QString("Auto-generated range"))) ;
-                                            ui.filteredIpsTable->setItem(row,COLUMN_COMMENT,new QTableWidgetItem(tr("Range made from %1 collected addresses").arg(QString::number((*it).connect_attempts)))) ;
-          break ;
-       default:
-       case RSBANLIST_REASON_UNKNOWN:  ui.filteredIpsTable->setItem(row,COLUMN_REASON,new QTableWidgetItem(QString("Unknown"))) ;
-          break ;
-       }
-
-       ui.filteredIpsTable->setItem(row,COLUMN_COMMENT,new QTableWidgetItem(QString::fromStdString((*it).comment))) ;
-    }
+    row = 0;
+    for(std::list<BanListPeer>::const_iterator it(lst.begin());it!=lst.end();++it,++row)
+        addPeerToIPTable(ui.whiteListIpsTable,row,*it) ;
 }

+void ServerPage::addPeerToIPTable(QTableWidget *table,int row,const BanListPeer& blp)
+{
+    table->setItem(row,COLUMN_RANGE,new QTableWidgetItem(QString::fromStdString(print_addr_range(blp.addr,blp.masked_bytes)))) ;
+
+    if( blp.state )
+        table->setItem(row,COLUMN_STATUS,new QTableWidgetItem(QString("active"))) ;
+    else
+        table->setItem(row,COLUMN_STATUS,new QTableWidgetItem(QString(""))) ;
+
+    table->item(row,COLUMN_STATUS)->setData(Qt::UserRole,QVariant( blp.state )) ;
+
+    switch(blp.level)
+    {
+    case RSBANLIST_ORIGIN_FOF:  table->setItem(row,COLUMN_ORIGIN,new QTableWidgetItem(QString("From friend of a friend"))) ;
+        break ;
+    case RSBANLIST_ORIGIN_FRIEND:  table->setItem(row,COLUMN_ORIGIN,new QTableWidgetItem(QString("From friend"))) ;
+        break ;
+    case RSBANLIST_ORIGIN_SELF:  table->setItem(row,COLUMN_ORIGIN,new QTableWidgetItem(QString("From you"))) ;
+        break ;
+    default:
+    case RSBANLIST_ORIGIN_UNKNOWN:  table->setItem(row,COLUMN_ORIGIN,new QTableWidgetItem(QString("Unknown"))) ;
+        break ;
+    }
+
+    switch( blp.reason )
+    {
+    case RSBANLIST_REASON_DHT:  table->setItem(row,COLUMN_REASON,new QTableWidgetItem(QString("Bad peer (DHT)"))) ;
+        break ;
+    case RSBANLIST_REASON_USER:  table->setItem(row,COLUMN_REASON,new QTableWidgetItem(QString("Home-made rule"))) ;
+        break ;
+    case RSBANLIST_REASON_AUTO_RANGE:  table->setItem(row,COLUMN_REASON,new QTableWidgetItem(QString("Auto-generated range"))) ;
+        table->setItem(row,COLUMN_COMMENT,new QTableWidgetItem(tr("Range made from %1 collected addresses").arg(QString::number(blp.connect_attempts)))) ;
+        break ;
+    default:
+    case RSBANLIST_REASON_UNKNOWN:  table->setItem(row,COLUMN_REASON,new QTableWidgetItem(QString("Unknown"))) ;
+        break ;
+    }
+
+    table->setItem(row,COLUMN_COMMENT,new QTableWidgetItem(QString::fromStdString(blp.comment))) ;
+}


 void ServerPage::toggleGroupIps(bool b) { rsBanList->enableAutoRange(b) ; }
@ -487,8 +509,7 @@ void ServerPage::ipFilterContextMenu(const QPoint& point)

    bool status = item->data(Qt::UserRole).toBool();

-    if(!status)
-        contextMenu.addAction(tr("Disable/remove"),this,SLOT(removeBannedIp()))->setEnabled(false) ;
+    contextMenu.addAction(tr("Remove"),this,SLOT(removeBannedIp()))->setEnabled(false) ;

    QString addr_string = ui.filteredIpsTable->item(row,COLUMN_RANGE)->text() ;

@ -505,20 +526,115 @@ void ServerPage::ipFilterContextMenu(const QPoint& point)
    QString range1 = QString::fromStdString(print_addr_range(addr,1)) ;
    QString range2 = QString::fromStdString(print_addr_range(addr,2)) ;

-    contextMenu.addAction(QObject::tr("Filter IP "          )+range0,this,SLOT(enableBannedIp()))->setEnabled(false) ;
-#warning UNIMPLEMENTED CODE
-    contextMenu.addAction(QObject::tr("Filter entire range ")+range1,this,SLOT(enableBannedIp()))->setEnabled(false) ;
-    contextMenu.addAction(QObject::tr("Filter entire range ")+range2,this,SLOT(enableBannedIp()))->setEnabled(false) ;
+    if(masked_bytes != 0)
+        contextMenu.addAction(QObject::tr("Ban only IP %1").arg(range0),this,SLOT(enableBannedIp()))->setEnabled(false) ;
+
+    if(masked_bytes != 1)
+        contextMenu.addAction(QObject::tr("Ban entire range %2").arg(range1),this,SLOT(enableBannedIp()))->setEnabled(false) ;
+
+    if(masked_bytes != 2)
+        contextMenu.addAction(QObject::tr("Ban entire range %1").arg(range2),this,SLOT(enableBannedIp()))->setEnabled(false) ;
+
+    contextMenu.addAction(QObject::tr("Move IP %1 to whitelist"  ).arg(range0),this,SLOT(moveToWhiteList0())) ;
+    contextMenu.addAction(QObject::tr("Whitelist entire range %1").arg(range1),this,SLOT(moveToWhiteList1())) ;
+    contextMenu.addAction(QObject::tr("whitelist entire range %1").arg(range2),this,SLOT(moveToWhiteList2())) ;

    contextMenu.exec(QCursor::pos()) ;
 }

+bool ServerPage::removeCurrentRowFromBlackList(sockaddr_storage& collected_addr,int &masked_bytes)
+{
+    int row = ui.filteredIpsTable->currentRow();
+    QTableWidgetItem *item = ui.filteredIpsTable->item(row, COLUMN_STATUS);
+
+    if(item == NULL)
+        return false;
+
+    QString addr_string = ui.filteredIpsTable->item(row,COLUMN_RANGE)->text() ;
+
+    if(!parseAddrFromQString(addr_string,collected_addr,masked_bytes))
+    {
+        std::cerr <<"Cannot parse IP \"" << addr_string.toStdString() << "\"" << std::endl;
+        return false;
+    }
+    rsBanList->removeIpRange(collected_addr,masked_bytes,RSBANLIST_CHECKING_FLAGS_BLACKLIST);
+    return true ;
+}
+
+void ServerPage::moveToWhiteList0()
+{
+    sockaddr_storage addr ;
+    int bytes ;
+
+    removeCurrentRowFromBlackList(addr,bytes) ;
+
+    rsBanList->addIpRange(addr,0,RSBANLIST_CHECKING_FLAGS_WHITELIST, tr("Added by you").toStdString());
+}
+void ServerPage::moveToWhiteList1()
+{
+    sockaddr_storage addr ;
+    int bytes ;
+
+    removeCurrentRowFromBlackList(addr,bytes) ;
+
+    rsBanList->addIpRange(addr,1,RSBANLIST_CHECKING_FLAGS_WHITELIST, tr("Added by you").toStdString());
+}
+void ServerPage::moveToWhiteList2()
+{
+    sockaddr_storage addr ;
+    int bytes ;
+
+    removeCurrentRowFromBlackList(addr,bytes) ;
+
+    rsBanList->addIpRange(addr,2,RSBANLIST_CHECKING_FLAGS_WHITELIST, tr("Added by you").toStdString());
+}
+void ServerPage::ipWhiteListContextMenu(const QPoint& point)
+{
+    QMenu contextMenu(this) ;
+    int row = ui.whiteListIpsTable->currentRow();
+
+    QTableWidgetItem *item = ui.whiteListIpsTable->item(row, COLUMN_STATUS);
+
+    if(item == NULL)
+        return ;
+
+    bool status = item->data(Qt::UserRole).toBool();
+
+    if(!status)
+        contextMenu.addAction(tr("Remove"),this,SLOT(removeWhiteListedIp()))->setEnabled(false) ;
+
+    QString addr_string = ui.whiteListIpsTable->item(row,COLUMN_RANGE)->text() ;
+
+    sockaddr_storage addr ;
+    int masked_bytes ;
+
+    if(!parseAddrFromQString(addr_string,addr,masked_bytes))
+    {
+        std::cerr <<"Cannot parse IP \"" << addr_string.toStdString() << "\"" << std::endl;
+        return ;
+    }
+
+    QString range0 = QString::fromStdString(print_addr_range(addr,0)) ;
+    QString range1 = QString::fromStdString(print_addr_range(addr,1)) ;
+    QString range2 = QString::fromStdString(print_addr_range(addr,2)) ;
+
+    contextMenu.addAction(QObject::tr("Whitelist only IP "          )+range0,this,SLOT(enableBannedIp()))->setEnabled(false) ;
+#warning UNIMPLEMENTED CODE
+    contextMenu.addAction(QObject::tr("Whitelist entire range ")+range1,this,SLOT(enableBannedIp()))->setEnabled(false) ;
+    contextMenu.addAction(QObject::tr("Whitelist entire range ")+range2,this,SLOT(enableBannedIp()))->setEnabled(false) ;
+
+    contextMenu.exec(QCursor::pos()) ;
+}
 void ServerPage::removeBannedIp()
 {
 #warning UNIMPLEMENTED CODE
    std::cerr << "Removing banned IP" << std::endl;
 }
-
+void ServerPage::removeWhiteListedIp()
+{
+#warning UNIMPLEMENTED CODE
+    std::cerr << "Removing White-Listed IP" << std::endl;
+}
 void ServerPage::enableBannedIp()
 {
 #warning UNIMPLEMENTED CODE
--- a/retroshare-gui/src/gui/settings/ServerPage.h
+++ b/retroshare-gui/src/gui/settings/ServerPage.h
@ -28,6 +28,8 @@

 class QNetworkReply;
 class QNetworkAccessManager;
+class BanListPeer;
+struct sockaddr_storage;

 class ServerPage: public ConfigPage
 {
@ -50,7 +52,12 @@ public slots:
    void updateStatus();

 private slots:
-    void addIpRange();
+    void addIpRangeToBlackList();
+    void addIpRangeToWhiteList();
+    void moveToWhiteList0();
+    void moveToWhiteList1();
+    void moveToWhiteList2();
+    void removeWhiteListedIp();
    void checkIpRange(const QString &);
    void setGroupIpLimit(int n);
    void toggleGroupIps(bool b);
@ -58,6 +65,7 @@ private slots:
    void toggleAutoIncludeFriends(bool b);
    void toggleIpFiltering(bool b);
    void ipFilterContextMenu(const QPoint &);
+    void ipWhiteListContextMenu(const QPoint &point);
    void removeBannedIp();
    void enableBannedIp();
    void saveAddresses();
@ -71,6 +79,8 @@ private slots:
 private:

    // Alternative Versions for HiddenNode Mode.
+    void addPeerToIPTable(QTableWidget *table, int row, const BanListPeer &blp);
+    bool removeCurrentRowFromBlackList(sockaddr_storage& collected_addr,int& masked_bytes);
    void loadHiddenNode();
    void updateStatusHiddenNode();
    void saveAddressesHiddenNode();
--- a/retroshare-gui/src/gui/settings/ServerPage.ui
+++ b/retroshare-gui/src/gui/settings/ServerPage.ui
@ -6,8 +6,8 @@
   <rect>
    <x>0</x>
    <y>0</y>
-    <width>661</width>
-    <height>548</height>
+    <width>722</width>
+    <height>650</height>
   </rect>
  </property>
  <layout class="QVBoxLayout" name="verticalLayout_3">
@ -502,162 +502,240 @@ behind a firewall or a VPN.</string>
      <attribute name="title">
       <string>IP Filters</string>
      </attribute>
-      <layout class="QVBoxLayout" name="verticalLayout_4">
+      <layout class="QVBoxLayout" name="verticalLayout_11">
       <item>
-        <widget class="QCheckBox" name="denyAll_CB">
-         <property name="text">
-          <string>Deny all connections from the following IP ranges:</string>
+        <widget class="QGroupBox" name="groupBox">
+         <property name="title">
+          <string>IP blacklist</string>
         </property>
+         <layout class="QVBoxLayout" name="verticalLayout_4">
+          <item>
+           <widget class="QCheckBox" name="denyAll_CB">
+            <property name="text">
+             <string>Deny all connections from the following IP ranges:</string>
+            </property>
+           </widget>
+          </item>
+          <item>
+           <widget class="QTableWidget" name="filteredIpsTable">
+            <property name="contextMenuPolicy">
+             <enum>Qt::CustomContextMenu</enum>
+            </property>
+            <property name="toolTip">
+             <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;This list get automatically filled from information gathered at multiple sources: masquerading peers reported by the DHT, IP ranged entered by you, and IP ranges reported by your friends. Default settings should protect you against large scale traffic relaying.&lt;/p&gt;&lt;p&gt;Automatically guessing masquerading IPs can put your friends IPs in the blacklist. This case, use the context menu to whitelist them.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+            </property>
+            <property name="alternatingRowColors">
+             <bool>true</bool>
+            </property>
+            <property name="sortingEnabled">
+             <bool>false</bool>
+            </property>
+            <attribute name="horizontalHeaderStretchLastSection">
+             <bool>true</bool>
+            </attribute>
+            <column>
+             <property name="text">
+              <string>IP range</string>
+             </property>
+            </column>
+            <column>
+             <property name="text">
+              <string>Status</string>
+             </property>
+            </column>
+            <column>
+             <property name="text">
+              <string>Origin</string>
+             </property>
+            </column>
+            <column>
+             <property name="text">
+              <string>Reason</string>
+             </property>
+            </column>
+            <column>
+             <property name="text">
+              <string>Comment</string>
+             </property>
+            </column>
+           </widget>
+          </item>
+          <item>
+           <widget class="QCheckBox" name="includeFromFriends_CB">
+            <property name="text">
+             <string>Include the  IPs reported by your friends</string>
+            </property>
+           </widget>
+          </item>
+          <item>
+           <layout class="QHBoxLayout" name="horizontalLayout_11">
+            <item>
+             <widget class="QCheckBox" name="groupIPRanges_CB">
+              <property name="text">
+               <string>Auto-group IPs by ranges when at least :</string>
+              </property>
+             </widget>
+            </item>
+            <item>
+             <widget class="QSpinBox" name="groupIPRanges_SB">
+              <property name="suffix">
+               <string>  IPs</string>
+              </property>
+              <property name="minimum">
+               <number>2</number>
+              </property>
+              <property name="maximum">
+               <number>255</number>
+              </property>
+             </widget>
+            </item>
+            <item>
+             <spacer name="horizontalSpacer_2">
+              <property name="orientation">
+               <enum>Qt::Horizontal</enum>
+              </property>
+              <property name="sizeHint" stdset="0">
+               <size>
+                <width>40</width>
+                <height>20</height>
+               </size>
+              </property>
+             </spacer>
+            </item>
+           </layout>
+          </item>
+          <item>
+           <widget class="QCheckBox" name="includeFromDHT_CB">
+            <property name="text">
+             <string>Automatically include masquerading IPs reported by DHT</string>
+            </property>
+           </widget>
+          </item>
+         </layout>
        </widget>
       </item>
       <item>
-        <widget class="QTableWidget" name="filteredIpsTable">
-         <property name="contextMenuPolicy">
-          <enum>Qt::CustomContextMenu</enum>
+        <widget class="QGroupBox" name="groupBox_2">
+         <property name="title">
+          <string>IP whitelist</string>
         </property>
-         <property name="toolTip">
-          <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;This list get automatically filled from information gathered at multiple sources: masquerading peers reported by the DHT, IP ranged entered by you, and IP ranges reported by your friends. &lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
-         </property>
-         <property name="alternatingRowColors">
-          <bool>true</bool>
-         </property>
-         <property name="sortingEnabled">
-          <bool>false</bool>
-         </property>
-         <attribute name="horizontalHeaderStretchLastSection">
-          <bool>true</bool>
-         </attribute>
-         <column>
-          <property name="text">
-           <string>IP range</string>
-          </property>
-         </column>
-         <column>
-          <property name="text">
-           <string>Status</string>
-          </property>
-         </column>
-         <column>
-          <property name="text">
-           <string>Origin</string>
-          </property>
-         </column>
-         <column>
-          <property name="text">
-           <string>Reason</string>
-          </property>
-         </column>
-         <column>
-          <property name="text">
-           <string>Comment</string>
-          </property>
-         </column>
+         <layout class="QVBoxLayout" name="verticalLayout_9">
+          <item>
+           <widget class="QTableWidget" name="whiteListIpsTable">
+            <property name="contextMenuPolicy">
+             <enum>Qt::CustomContextMenu</enum>
+            </property>
+            <property name="toolTip">
+             <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;White listed IPs are gathered from the following sources: IPs coming inside a manually exchanged certificate, IP ranges entered by you in this window, or in the security feed items.&lt;/p&gt;&lt;p&gt;The default behavior for Retroshare is to disallow connections to peers not in the white-list. You can change this behavior for each peer in the &amp;quot;Details&amp;quot; window of each Retroshare node. If not activated, connections will still be checked w.r.t. the whitelist, and the blacklit above, but will pass if not in the whitelist.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+            </property>
+            <property name="alternatingRowColors">
+             <bool>true</bool>
+            </property>
+            <property name="sortingEnabled">
+             <bool>false</bool>
+            </property>
+            <attribute name="horizontalHeaderStretchLastSection">
+             <bool>true</bool>
+            </attribute>
+            <column>
+             <property name="text">
+              <string>IP range</string>
+             </property>
+            </column>
+            <column>
+             <property name="text">
+              <string>Status</string>
+             </property>
+            </column>
+            <column>
+             <property name="text">
+              <string>Origin</string>
+             </property>
+            </column>
+            <column>
+             <property name="text">
+              <string>Reason</string>
+             </property>
+            </column>
+            <column>
+             <property name="text">
+              <string>Comment</string>
+             </property>
+            </column>
+           </widget>
+          </item>
+         </layout>
        </widget>
       </item>
       <item>
-        <widget class="QCheckBox" name="includeFromFriends_CB">
-         <property name="text">
-          <string>Include the  IPs reported by your friends</string>
+        <widget class="QGroupBox" name="groupBox_3">
+         <property name="title">
+          <string>Manual input</string>
         </property>
+         <layout class="QVBoxLayout" name="verticalLayout_10">
+          <item>
+           <layout class="QHBoxLayout" name="horizontalLayout_10">
+            <item>
+             <widget class="QLineEdit" name="ipInput_LE">
+              <property name="sizePolicy">
+               <sizepolicy hsizetype="Maximum" vsizetype="Fixed">
+                <horstretch>0</horstretch>
+                <verstretch>0</verstretch>
+               </sizepolicy>
+              </property>
+              <property name="toolTip">
+               <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Enter an IP range.  Accepted formats:&lt;/p&gt;&lt;p&gt;193.190.209.15&lt;/p&gt;&lt;p&gt;193.190.209.15/24&lt;/p&gt;&lt;p&gt;193.190.209.15/16&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+              </property>
+             </widget>
+            </item>
+            <item>
+             <widget class="QSpinBox" name="ipInputRange_SB">
+              <property name="minimum">
+               <number>16</number>
+              </property>
+              <property name="maximum">
+               <number>24</number>
+              </property>
+              <property name="singleStep">
+               <number>8</number>
+              </property>
+              <property name="value">
+               <number>24</number>
+              </property>
+             </widget>
+            </item>
+            <item>
+             <widget class="QLineEdit" name="ipInputComment_LE">
+              <property name="sizePolicy">
+               <sizepolicy hsizetype="MinimumExpanding" vsizetype="Fixed">
+                <horstretch>0</horstretch>
+                <verstretch>0</verstretch>
+               </sizepolicy>
+              </property>
+              <property name="toolTip">
+               <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Enter any comment you'd like&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+              </property>
+             </widget>
+            </item>
+            <item>
+             <widget class="QPushButton" name="ipInputAddBlackList_PB">
+              <property name="text">
+               <string>Add to blacklist</string>
+              </property>
+             </widget>
+            </item>
+            <item>
+             <widget class="QPushButton" name="ipInputAddWhiteList_PB">
+              <property name="text">
+               <string>Add to whitelist</string>
+              </property>
+             </widget>
+            </item>
+           </layout>
+          </item>
+         </layout>
        </widget>
       </item>
-       <item>
-        <layout class="QHBoxLayout" name="horizontalLayout_11">
-         <item>
-          <widget class="QCheckBox" name="groupIPRanges_CB">
-           <property name="text">
-            <string>Group IPs by ranges when at least :</string>
-           </property>
-          </widget>
-         </item>
-         <item>
-          <widget class="QSpinBox" name="groupIPRanges_SB">
-           <property name="suffix">
-            <string>  IPs</string>
-           </property>
-           <property name="minimum">
-            <number>2</number>
-           </property>
-           <property name="maximum">
-            <number>255</number>
-           </property>
-          </widget>
-         </item>
-         <item>
-          <spacer name="horizontalSpacer_2">
-           <property name="orientation">
-            <enum>Qt::Horizontal</enum>
-           </property>
-           <property name="sizeHint" stdset="0">
-            <size>
-             <width>40</width>
-             <height>20</height>
-            </size>
-           </property>
-          </spacer>
-         </item>
-        </layout>
-       </item>
-       <item>
-        <widget class="QCheckBox" name="includeFromDHT_CB">
-         <property name="text">
-          <string>Include masquerading IPs reported by DHT</string>
-         </property>
-        </widget>
-       </item>
-       <item>
-        <layout class="QHBoxLayout" name="horizontalLayout_10">
-         <item>
-          <widget class="QLineEdit" name="ipInput_LE">
-           <property name="sizePolicy">
-            <sizepolicy hsizetype="Maximum" vsizetype="Fixed">
-             <horstretch>0</horstretch>
-             <verstretch>0</verstretch>
-            </sizepolicy>
-           </property>
-           <property name="toolTip">
-            <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Enter an IP range.  Accepted formats:&lt;/p&gt;&lt;p&gt;193.190.209.15&lt;/p&gt;&lt;p&gt;193.190.209.15/24&lt;/p&gt;&lt;p&gt;193.190.209.15/16&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
-           </property>
-          </widget>
-         </item>
-         <item>
-          <widget class="QSpinBox" name="ipInputRange_SB">
-           <property name="minimum">
-            <number>16</number>
-           </property>
-           <property name="maximum">
-            <number>24</number>
-           </property>
-           <property name="singleStep">
-            <number>8</number>
-           </property>
-           <property name="value">
-            <number>24</number>
-           </property>
-          </widget>
-         </item>
-         <item>
-          <widget class="QLineEdit" name="ipInputComment_LE">
-           <property name="sizePolicy">
-            <sizepolicy hsizetype="MinimumExpanding" vsizetype="Fixed">
-             <horstretch>0</horstretch>
-             <verstretch>0</verstretch>
-            </sizepolicy>
-           </property>
-           <property name="toolTip">
-            <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Enter any comment you'd like&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
-           </property>
-          </widget>
-         </item>
-         <item>
-          <widget class="QPushButton" name="ipInputAdd_PB">
-           <property name="text">
-            <string>Add</string>
-           </property>
-          </widget>
-         </item>
-        </layout>
-       </item>
      </layout>
     </widget>
     <widget class="QWidget" name="TorTAB">