#include "common.h"
#include "ban.h"
#include "sockets.h"
#include "version.h"
#include "token.h"
#include "lib/atoms.h"
#include "lib/file.h"
#include "lib/cq.h"
#include "lib/misc.h"
#include "lib/tm.h"
#include "lib/zalloc.h"
#include "if/gnet_property.h"
#include "if/gnet_property_priv.h"
#include "lib/override.h"
Data Structures | |
| struct | addr_info |
| Information kept in the info table, per IP address. More... | |
Defines | |
| #define | BAN_DELAY 300 /**< Initial ban delay: 5 minutes */ |
| Initial ban delay: 5 minutes. | |
| #define | MAX_REQUEST 5 /**< Maximum of 5 requests... */ |
| Maximum of 5 requests.. | |
| #define | MAX_PERIOD 60 /**< ...per minute */ |
| ...per minute | |
| #define | MAX_BAN 10800 /**< 3 hours */ |
| 3 hours | |
| #define | BAN_REMIND 5 /**< Every so many attemps, tell them about it */ |
| Every so many attemps, tell them about it. | |
| #define | SOCK_BUFFER 512 /**< Reduced socket buffer */ |
| Reduced socket buffer. | |
Functions | |
| RCSID ("$Id:ban.c, v 1.18 2005/09/16 21:51:44 rmanfredi Exp $") | |
| void | ipf_destroy (cqueue_t *cq, gpointer obj) |
| Called from callout queue when it's time to destroy the record. | |
| addr_info * | ipf_make (const host_addr_t addr, time_t now) |
| Create new addr_info structure for said IP. | |
| void | ipf_free (struct addr_info *ipf) |
| Free addr_info structure. | |
| void | ipf_unban (cqueue_t *unused_cq, gpointer obj) |
| Called from callout queue when it's time to unban the IP. | |
| ban_type_t | ban_allow (const host_addr_t addr) |
| Check whether we can allow connection from `ip' to proceed. | |
| void | ban_record (const host_addr_t addr, const gchar *msg) |
| Record banning with specific message for a given IP, for MAX_BAN seconds. | |
| gboolean | reclaim_fd (void) |
| Internal version of ban_reclaim_fd(). | |
| gboolean | ban_reclaim_fd (void) |
| Reclaim a file descriptor used for banning. | |
| void | ban_force (struct gnutella_socket *s) |
| Force banning of the connection. | |
| gboolean | ban_is_banned (const host_addr_t addr) |
| Check whether IP is already recorded as being banned. | |
| gint | ban_delay (const host_addr_t addr) |
| gchar * | ban_message (const host_addr_t addr) |
| void | ban_init (void) |
| Initialize the banning system. | |
| void | ban_max_recompute (void) |
| Recompute the maximum amount of file descriptors we dedicate to banning. | |
| void | free_info (gpointer unused_key, gpointer value, gpointer unused_udata) |
| void | ban_close (void) |
| Called at shutdown time to reclaim all memory. | |
| const gchar * | ban_vendor (const gchar *vendor) |
| Check whether servent identified by its vendor string should be banned. | |
Variables | |
| GHashTable * | info |
| Info by IP address. | |
| gfloat | decay_coeff |
| Decay coefficient, per second. | |
| zone_t * | ipf_zone |
| Zone for addr_info allocation. | |
| GList * | banned_head = NULL |
| GList * | banned_tail = NULL |
| const gchar | harmful [] = "Harmful version banned, upgrade required" |
| const gchar | refused [] = "Connection refused" |
| const gchar | too_old [] = "Outdated version, please upgrade" |
|
|
Initial ban delay: 5 minutes.
|
|
|
Every so many attemps, tell them about it.
|
|
|
3 hours
|
|
|
...per minute
|
|
|
Maximum of 5 requests..
|
|
|
Reduced socket buffer.
|
|
|
Check whether we can allow connection from `ip' to proceed. Returns: BAN_OK ok, can proceed with connection. BAN_FIRST will ban, but send back message, then close connection. BAN_FORCE don't send back anything, and call ban_force(). BAN_MSG will ban with explicit message and tailored error code. Every BAN_REMIND attempts, return BAN_FIRST to let them know that they have been banned, in case they "missed" our previous indications or did not get the Retry-After right. --RAM, 2004-06-21 |
|
|
Called at shutdown time to reclaim all memory.
|
|
|
|
|
|
Force banning of the connection. We're putting it in a list and forgetting about it. |
|
|
Initialize the banning system.
|
|
|
Check whether IP is already recorded as being banned.
|
|
|
Recompute the maximum amount of file descriptors we dedicate to banning.
|
|
|
|
|
|
Reclaim a file descriptor used for banning. Invoked from the outside as a callback to reclaim file descriptors. This routine is called when there is a shortage of file descriptors, so we activate the "file_descriptor_shortage" property. However, if we have nothing to reclaim, we activate the "file_descriptor_runout" property instead, which signifies that processing will be degraded.
|
|
||||||||||||
|
Record banning with specific message for a given IP, for MAX_BAN seconds.
|
|
|
Check whether servent identified by its vendor string should be banned. When we ban, we ban for both gnet and download connections. Such banning is exceptional, usually restricted to some versions and the servent's author is informed about the banning.
|
|
||||||||||||||||
|
|
|
||||||||||||
|
Called from callout queue when it's time to destroy the record.
|
|
|
Free addr_info structure.
|
|
||||||||||||
|
Create new addr_info structure for said IP.
|
|
||||||||||||
|
Called from callout queue when it's time to unban the IP.
Compute new scheduling delay. If counter is negative or null, we can remove the entry. Since we round to an integer, we must consider `delay' and not the original counter. |
|
||||||||||||
|
|
|
|
Internal version of ban_reclaim_fd(). Reclaim a file descriptor used for banning.
|
|
|
|
|
|
|
|
|
Decay coefficient, per second.
|
|
|
|
|
|
Info by IP address.
|
|
|
Zone for addr_info allocation.
|
|
|
|
|
|
|
1.3.6