|
Mixe for Privacy and Anonymity in the Internet
|
The purpose of this class is to store a list of IP-Addresses. More...
#include <CAIPList.hpp>
Public Member Functions | |
| CAIPList () | |
| TODO: Fix LOG_TRAFFIC output which is not done anymore, as per default no log message are ommited... | |
| CAIPList (UINT32 allowedConnections) | |
| Constructs a empty CAIPList, there allowedConnections insertions are allowed, until an error is returned. | |
| ~CAIPList () | |
| Deletes the IPList and frees all used resources. | |
| SINT32 | insertIP (const UINT8 ip[4]) |
| Inserts the IP-Address into the list. | |
| SINT32 | removeIP (const UINT8 ip[4]) |
| Removes the IP-Address from the list. | |
Private Attributes | |
| UINT32 | m_allowedConnections |
| volatile VOLATILE_PIPLIST * | m_HashTable |
| CAMutex * | m_pMutex |
The purpose of this class is to store a list of IP-Addresses.
If an IP-Address is inserted more than 'x' times, than an error is returned. The First mix uses this functionalty to do some basic Denial Of Service defense. If someone tries to do connection flooding to the First Mix, only 'x' connections are accepted and the others are droped. The internal organisation is a hash-table with overrun lists. The hashtable has 0x10000 buckets. The last two bytes of an IP-Address are the hash-key.
Definition at line 61 of file CAIPList.hpp.
TODO: Fix LOG_TRAFFIC output which is not done anymore, as per default no log message are ommited...
Constructs an empty CAIPList. The default number MAX_IP_CONNECTIONS of allowed insertions is used
Definition at line 39 of file CAIPList.cpp.
References getRandom(), m_allowedConnections, m_HashTable, m_pMutex, and MAX_IP_CONNECTIONS.
{
m_pMutex=new CAMutex();
m_HashTable=new PIPLIST[0x10000];
memset((void*)m_HashTable,0,0x10000*sizeof(PIPLIST));
m_allowedConnections=MAX_IP_CONNECTIONS;
#if defined (_DEBUG)
m_Random=new UINT8[56];
getRandom(m_Random,56);
#endif
}
| CAIPList::CAIPList | ( | UINT32 | allowedConnections | ) |
Constructs a empty CAIPList, there allowedConnections insertions are allowed, until an error is returned.
| allowedConnections | number of insertions of the same IP-Address, until an error is returned |
Definition at line 55 of file CAIPList.cpp.
References getRandom(), m_allowedConnections, m_HashTable, and m_pMutex.
{
m_pMutex=new CAMutex();
m_HashTable=new PIPLIST[0x10000];
memset((void*)m_HashTable,0,0x10000*sizeof(PIPLIST));
m_allowedConnections=allowedConnections;
#if defined (_DEBUG)
m_Random=new UINT8[56];
getRandom(m_Random,56);
#endif
}
Deletes the IPList and frees all used resources.
Definition at line 68 of file CAIPList.cpp.
References m_HashTable, m_pMutex, and _iplist_t::next.
{
for(UINT32 i=0;i<=0xFFFF;i++)
{
VOLATILE_PIPLIST entry=m_HashTable[i];
PIPLIST tmpEntry;
while(entry!=NULL)
{
tmpEntry=entry;
entry=entry->next;
delete tmpEntry;
tmpEntry = NULL;
}
}
#ifdef _DEUBG
delete[] m_Random;
m_Random = NULL;
#endif
delete[] m_HashTable;
m_HashTable = NULL;
delete m_pMutex;
m_pMutex = NULL;
}
| SINT32 CAIPList::insertIP | ( | const UINT8 | ip[4] | ) |
Inserts the IP-Address into the list.
If the IP-Address is already in the list then the number of insert() called for this IP-Adress is returned. If this number is larger than m_allowedConnections an error is returned. Intern handelt es sich um eine Hashtabelle mit Ueberlaufliste. Die letzten 16 Bit der IP-Adresse bilden dabei den Hashkey. Die Hashtabelle hat 16^2 Eintraege. In den Ueberlauflisten der einzelnen Hasheintraege sind die ersten 16 Bit der IP-Adresse gespeichert.
| ip | the IP-Address to insert |
| E_UNKNOWN | if an error occured or an IP is inserted more than m_allowedConnections times |
Definition at line 103 of file CAIPList.cpp.
References _iplist_t::count, E_SUCCESS, E_UNKNOWN, _iplist_t::ip, CAMutex::lock(), m_allowedConnections, m_HashTable, m_pMutex, _iplist_t::next, CAMsg::printMsg(), and CAMutex::unlock().
Referenced by fm_loopAcceptUsers().
{
#ifdef PAYMENT
return E_SUCCESS;
#else
UINT16 hashvalue=(ip[2]<<8)|ip[3];
SINT32 ret;
m_pMutex->lock();
PIPLIST entry=m_HashTable[hashvalue];
if(entry==NULL)
{//Hashkey nicht in der Hashtabelle gefunden --> neuer Eintrag in Hashtabelle
#ifndef PSEUDO_LOG
#ifdef _DEBUG
UINT8 hash[16];
memcpy(m_Random,ip,4);
MD5(m_Random,56,hash);
CAMsg::printMsg(LOG_DEBUG,"Inserting new IP-Address: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X !\n",hash[0],hash[1],hash[2],hash[3],hash[4],hash[5],hash[6],hash[7],hash[8],hash[9],hash[10],hash[11],hash[12],hash[13],hash[14],hash[15]);
#endif
#else
CAMsg::printMsg(LOG_DEBUG,"Inserting new IP-Address: {%u.%u.%u.%u} !\n",ip[0],ip[1],ip[2],ip[3]);
#endif
entry=new IPLISTENTRY;
memcpy(entry->ip,ip,2);
entry->count=1;
entry->next=NULL;
m_HashTable[hashvalue]=entry;
ret = entry->count;
#ifdef DEBUG
#ifndef PSEUDO_LOG
#ifdef DEBUG
CAMsg::printMsg(LOG_DEBUG,"New IP-Address inserted: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X !\n",hash[0],hash[1],hash[2],hash[3],hash[4],hash[5],hash[6],hash[7],hash[8],hash[9],hash[10],hash[11],hash[12],hash[13],hash[14],hash[15]);
#endif
#else
CAMsg::printMsg(LOG_DEBUG,"New IP-Address inserted: {%u.%u.%u.%u} !\n",ip[0],ip[1],ip[2],ip[3]);
#endif
#endif
m_pMutex->unlock();
return ret;
}
else
{//Hashkey in Hashtabelle gefunden --> suche in Ueberlaufliste nach Eintrag bzw. lege neuen Eitnrag an
PIPLIST last;
do
{
if(memcmp(entry->ip,ip,2)==0) //we have found the entry
{
#ifdef PSEUDO_LOG
CAMsg::printMsg(LOG_DEBUG,"Inserting IP-Address: {%u.%u.%u.%u} !\n",ip[0],ip[1],ip[2],ip[3]);
#endif
if(entry->count>=m_allowedConnections) //an Attack...
{
//#if !defined(PSEUDO_LOG)&&defined(FIREWALL_SUPPORT)
CAMsg::printMsg(LOG_CRIT,"Possible flooding attack from: %u.%u.x.x !\n",ip[0],ip[1],ip[2],ip[3]);
//#endif
m_pMutex->unlock();
return E_UNKNOWN;
}
entry->count++;
ret = entry->count;
#ifdef PSEUDO_LOG
CAMsg::printMsg(LOG_DEBUG,"IP-Address inserted: {%u.%u.%u.%u} !\n",ip[0],ip[1],ip[2],ip[3]);
#endif
m_pMutex->unlock();
return ret;
}
last=entry;
entry=entry->next;
} while(entry!=NULL);
//Nicht in der Ueberlaufliste gefunden
last->next=new IPLISTENTRY;
entry=last->next;
memcpy(entry->ip,ip,2);
entry->count=1;
entry->next=NULL;
ret = entry->count;
m_pMutex->unlock();
return ret;
}
#endif
}
| SINT32 CAIPList::removeIP | ( | const UINT8 | ip[4] | ) |
Removes the IP-Address from the list.
| ip | IP-Address to remove |
| 0 | if IP-Address is delete form the list |
Definition at line 189 of file CAIPList.cpp.
References _iplist_t::count, E_SUCCESS, _iplist_t::ip, CAMutex::lock(), m_HashTable, m_pMutex, _iplist_t::next, CAMsg::printMsg(), and CAMutex::unlock().
Referenced by CAFirstMixA::closeConnection(), CAFirstMix::doUserLogin_internal(), fm_loopAcceptUsers(), and CAFirstMixB::loop().
{
#ifdef PAYMENT
return E_SUCCESS;
#else
UINT16 hashvalue=(ip[2]<<8)|ip[3];
SINT32 ret;
m_pMutex->lock();
PIPLIST entry=m_HashTable[hashvalue];
if(entry==NULL)
{
m_pMutex->unlock();
CAMsg::printMsg(LOG_INFO,"Try to remove IP which is not in the hashtable of the IP-list - possible inconsistences in IPList!\n");
return 0;
}
else
{
PIPLIST before=NULL;
while(entry!=NULL)
{
if(memcmp(entry->ip,ip,2)==0)
{
entry->count--;
if(entry->count==0)
{
#ifndef PSEUDO_LOG
#if defined (_DEBUG)
UINT8 hash[16];
memcpy(m_Random,ip,4);
MD5(m_Random,56,hash);
CAMsg::printMsg(LOG_DEBUG,"Removing IP-Address: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X !\n",hash[0],hash[1],hash[2],hash[3],hash[4],hash[5],hash[6],hash[7],hash[8],hash[9],hash[10],hash[11],hash[12],hash[13],hash[14],hash[15]);
#endif
#else
CAMsg::printMsg(LOG_DEBUG,"Removing IP-Address: {%u.%u.%u.%u} !\n",ip[0],ip[1],ip[2],ip[3]);
#endif
if(before==NULL)
m_HashTable[hashvalue]=entry->next;
else
before->next=entry->next;
delete entry;
entry = NULL;
m_pMutex->unlock();
return 0;
}
ret = entry->count;
m_pMutex->unlock();
return ret;
}
before=entry;
entry=entry->next;
}
m_pMutex->unlock();
CAMsg::printMsg(LOG_INFO,"Try to remove IP which is not in list - possible inconsistences in IPList!\n");
return 0;
}
#endif
}
UINT32 CAIPList::m_allowedConnections [private] |
Definition at line 70 of file CAIPList.hpp.
Referenced by CAIPList(), and insertIP().
volatile VOLATILE_PIPLIST* CAIPList::m_HashTable [private] |
Definition at line 71 of file CAIPList.hpp.
Referenced by CAIPList(), insertIP(), removeIP(), and ~CAIPList().
CAMutex* CAIPList::m_pMutex [private] |
Definition at line 76 of file CAIPList.hpp.
Referenced by CAIPList(), insertIP(), removeIP(), and ~CAIPList().
1.7.6.1