private void AddIpFilterButton_Click(object sender, EventArgs e)
{
IPTarget ipTarget;
Enum.TryParse <IPTarget>(this.targetIpComboBox.SelectedValue.ToString(), out ipTarget);
FilterOperators filterOperator;
Enum.TryParse <FilterOperators>(this.operationComboBox.SelectedValue.ToString(), out filterOperator);
string ipAddress = this.ipAddressTextBox.Text;
IPFilter filter = new IPFilter(ipTarget, filterOperator, ipAddress.Trim(), FilterStatus.NotConfirmed);
string errorMessage = string.Empty;
if (filter.CheckFilter(out errorMessage))
{
this._resultIpFilters.Add(filter);
this.ipAddressTextBox.Text = string.Empty;
}
else
{
MessageBox.Show(errorMessage, "Warning", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
public void Init(HttpApplication application)
{
application.BeginRequest += (sender, e) =>
{
var ip = Asp.ClientIP;
// IP 黑名单过滤
if (IPFilter.IsBanned(ip))
{
IO.Trace("BanIP : " + ip);
Logger.Log("BanIP", ip);
HttpContext.Current.Request.Abort();
return;
}
// 访问频率限制(10秒一个周期计算访问次数)
if (SiteConfig.Instance.VisitDensity != null)
{
if (VisitCounter.IsHeavy(ip, "", 10, SiteConfig.Instance.VisitDensity.Value * 10))
{
Logger.LogDb("OverFreqency");
IPFilter.Ban(ip, "访问过于频繁被禁", SiteConfig.Instance.BanMinutes);
}
}
};
}
public static bool TryLoadFrom(Stream stream, out IPFilter filter)
{
if (TryReadHeader(stream))
{
if (TryLoadNode(stream, out Node <string> root))
{
filter = new IPFilter(root);
return(true);
}
}
filter = null;
return(false);
}
public void IPFilter_Default()
{
IPFilter filter;
filter = new IPFilter(true);
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("1.2.3.4")));
filter.Add(new IPFilterItem(false, IPAddress.Parse("4.3.2.1")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("1.2.3.4")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("4.3.2.1")));
filter = new IPFilter(false);
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("1.2.3.4")));
filter.Add(new IPFilterItem(true, IPAddress.Parse("4.3.2.1")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("1.2.3.4")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("4.3.2.1")));
}
public void IPFilter_Basic()
{
IPFilter filter;
filter = new IPFilter(false);
filter.Add(new IPFilterItem(true, IPAddress.Parse("10.0.0.1")));
filter.Add(new IPFilterItem(true, IPAddress.Parse("10.0.0.2")));
filter.Add(new IPFilterItem(true, IPAddress.Parse("10.0.0.3")));
filter.Add(new IPFilterItem(true, IPAddress.Parse("168.172.1.1")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("10.0.0.1")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("10.0.0.2")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("10.0.0.3")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("168.172.1.1")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("11.0.0.1")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("12.0.0.2")));
}
public void IPFilter_Parse()
{
IPFilter filter;
filter = IPFilter.Parse(@"");
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("1.2.3.4")));
filter = IPFilter.Parse(@"default:grant");
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("1.2.3.4")));
filter = IPFilter.Parse(@"default:deny");
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("1.2.3.4")));
filter = IPFilter.Parse(" \t default\r\n: grant\r\n,");
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("1.2.3.4")));
filter = IPFilter.Parse(@"
default:deny,
1.2.3.4:grant,
10.0.0.0/24:grant,
");
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("1.2.3.4")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("10.0.0.0")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("10.0.0.128")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("10.0.0.255")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("4.3.2.1")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("10.0.1.0")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("9.255.255.255")));
filter = IPFilter.Parse(@"
default:grant,
1.2.3.4:deny,
10.0.0.0/24:deny,
");
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("1.2.3.4")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("10.0.0.0")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("10.0.0.128")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("10.0.0.255")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("4.3.2.1")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("10.0.1.0")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("9.255.255.255")));
}
public void IPFilter_Subnet()
{
IPFilter filter;
filter = new IPFilter(false);
filter.Add(new IPFilterItem(true, IPAddress.Parse("1.2.3.4"), 24));
filter.Add(new IPFilterItem(true, IPAddress.Parse("10.11.12.13"), 16));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("1.2.3.4")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("1.2.3.0")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("1.2.3.255")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("1.2.4.0")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("1.2.1.255")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("10.11.12.13")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("10.11.255.13")));
Assert.IsTrue(filter.GrantAccess(IPAddress.Parse("10.11.0.13")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("10.12.0.0")));
Assert.IsFalse(filter.GrantAccess(IPAddress.Parse("10.10.255.255")));
}
public void Save(byte[] password)
{
Name = Name.Trim();
if (Name.Length == 0)
{
throw new ArgumentException("Nazwa komputera musi zawierać co najmniej 1 znak");
}
if (Name.Length > 32)
{
throw new ArgumentException("Nazwa komputera musi być krótsza niż 32 znaki");
}
GroupName = GroupName.Trim();
if (GroupName.Length == 0)
{
throw new ArgumentException("Nazwa grupy musi zawierać co najmniej 1 znak");
}
if (GroupName.Length > 32)
{
throw new ArgumentException("Nazwa grupy musi być krótsza niż 32 znaki");
}
if (password.Length < 5)
{
throw new ArgumentException("Hasło musi zawierać co najmniej 5 znaków");
}
IPFilter = IPFilter.Trim();
if (IPFilter.Length == 0) // pominięcie tego pola spowoduje akcpetację wszystkich adresów IP
{
IPFilter = ".*";
}
if (!RegexValidator.IsValidRegex(IPFilter))
{
throw new ArgumentException("Akceptowane adresy IP muszą mieć postać wyrażenia regularnego");
}
if (Servers == null || Servers.Count == 0)
{
throw new ArgumentException("Brak podanych serwerów");
}
PasswordHash = CalculateSHA256(password, Encoding.UTF8.GetBytes(GroupName));
if (File.Exists(settingsFilePath))
{
File.Delete(settingsFilePath);
}
XmlWriterSettings settings = new XmlWriterSettings();
settings.Indent = true;
settings.IndentChars = "\t";
using (XmlWriter writer = XmlWriter.Create("settings.xml", settings))
{
writer.WriteStartDocument();
writer.WriteStartElement("Settings");
writer.WriteElementString("Name", Name);
writer.WriteElementString("GroupName", GroupName);
writer.WriteElementString("Password", PasswordHash);
writer.WriteElementString("AllowedIPsRegex", IPFilter);
writer.WriteElementString("Startup", Startup.ToString());
writer.WriteEndElement();
writer.WriteEndDocument();
}
File.WriteAllLines(serversListFilePath, GetServerStrings(Servers));
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="config">Configurar</param>
public SocketListener(ClientSocketConfig config)
{
_Config = config;
_IsServer = config is ListenSocketConfig;
_IPFilter = _IsServer ? ((ListenSocketConfig)config).IPFilter : null;
}
public static bool TryLoadFrom(string file_name, out IPFilter filter)
{
using (Stream stream = File.Open(file_name, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) {
return(TryLoadFrom(stream, out filter));
}
}
public void AddFilter(IPAddress mask, IPAddress ip)
{
IPFilter filter = new IPFilter(mask, ip);
this.m_Filters.Add(filter);
}
private void ReceiveCallback(IAsyncResult ar)
{
SSUSession session = null;
try
{
EndPoint ep = RemoteEP;
var size = MySocket.EndReceiveFrom(ar, ref ep);
if (ep.AddressFamily != AddressFamily.InterNetwork &&
(!SessionLayer.RouterContext.Inst.UseIpV6 ||
ep.AddressFamily != AddressFamily.InterNetworkV6))
{
return; // TODO: Add IPV6
}
if (size <= 37)
{
Logging.LogDebugData($"SSU Recv: {size} bytes [0x{size:X}] from {ep} (hole punch, ignored)");
return;
}
var sessionendpoint = (IPEndPoint)ep;
Logging.LogDebugData($"SSU Recv: {size} bytes [0x{size:X}] from {ep}");
lock ( Sessions )
{
if (!Sessions.ContainsKey(sessionendpoint))
{
if (IPFilter.IsFiltered(((IPEndPoint)ep).Address))
{
Logging.LogTransport($"SSUHost ReceiveCallback: IPAddress {sessionendpoint} is blocked. {size} bytes.");
return;
}
++IncommingConnectionAttempts;
Logging.LogTransport($"SSUHost: incoming connection " +
$"from {sessionendpoint} created.");
session = new SSUSession(
this,
Send,
(IPEndPoint)ep,
MyRouterContext);
Sessions[sessionendpoint] = session;
Logging.LogTransport($"SSUHost: incoming connection " +
$"{session.DebugId} from {sessionendpoint} created.");
NeedCpu(session);
ConnectionCreated?.Invoke(session);
}
else
{
session = Sessions[sessionendpoint];
}
}
var localbuffer = BufRefLen.Clone(ReceiveBuf, 0, size);
#if DEBUG
Stopwatch Stopwatch1 = new Stopwatch();
Stopwatch1.Start();
#endif
try
{
session.Receive(localbuffer);
}
catch (ThreadAbortException taex)
{
AddFailedSession(session);
Logging.Log(taex);
}
catch (ThreadInterruptedException tiex)
{
AddFailedSession(session);
Logging.Log(tiex);
}
catch (ChecksumFailureException cfex)
{
AddFailedSession(session);
Logging.Log(cfex);
}
catch (SignatureCheckFailureException scex)
{
AddFailedSession(session);
Logging.Log(scex);
}
catch (FailedToConnectException fcex)
{
AddFailedSession(session);
#if LOG_MUCH_TRANSPORT
Logging.LogTransport(fcex);
#endif
if (session != null)
{
NetDb.Inst.Statistics.FailedToConnect(session.RemoteRouterIdentity.IdentHash);
session.RaiseException(fcex);
}
}
#if DEBUG
Stopwatch1.Stop();
if (Stopwatch1.ElapsedMilliseconds > SessionCallWarningLevelMilliseconds)
{
Logging.LogTransport(
$"SSUHost ReceiveCallback: WARNING Session {session} used {Stopwatch1.ElapsedMilliseconds}ms cpu.");
}
#endif
}
catch (Exception ex)
{
AddFailedSession(session);
Logging.Log(ex);
if (session != null && session.RemoteRouterIdentity != null && NetDb.Inst != null)
{
NetDb.Inst.Statistics.DestinationInformationFaulty(session.RemoteRouterIdentity.IdentHash);
session.RaiseException(ex);
}
}
finally
{
RemoteEP = LocalEP;
MySocket.BeginReceiveFrom(ReceiveBuf, 0, ReceiveBuf.Length, SocketFlags.None, ref RemoteEP,
new AsyncCallback(ReceiveCallback), MySocket);
}
}
private void ReceiveCallback(IAsyncResult ar)
{
SSUSession session = null;
try
{
EndPoint ep = RemoteEP;
var size = MySocket.EndReceiveFrom(ar, ref ep);
if (ep.AddressFamily != AddressFamily.InterNetwork)
{
return; // TODO: Add IPV6
}
if (size <= 37)
{
#if LOG_ALL_TRANSPORT
DebugUtils.Log(string.Format("SSU Recv: {0} bytes [0x{0:X}] from {1} (hole punch, ignored)", size, ep));
#endif
return;
}
var key = (IPEndPoint)ep;
#if LOG_ALL_TRANSPORT
DebugUtils.Log(string.Format("SSU Recv: {0} bytes [0x{0:X}] from {1}", size, ep));
#endif
lock ( Sessions )
{
if (!Sessions.ContainsKey(key))
{
if (IPFilter.IsFiltered(((IPEndPoint)ep).Address))
{
DebugUtils.LogDebug(() => string.Format("SSUHost ReceiveCallback: IPAddress {0} is blocked. {1} bytes.",
key, size));
return;
}
++IncommingConnectionAttempts;
session = new SSUSession(this, (IPEndPoint)ep, MTUProvider, MyRouterContext);
Sessions[key] = session;
DebugUtils.LogDebug("SSUHost: incoming connection " + session.DebugId + " from " + key.ToString() + " created.");
NeedCpu(session);
if (ConnectionCreated != null)
{
ConnectionCreated(session);
}
}
else
{
session = Sessions[key];
}
}
var localbuffer = BufRefLen.Clone(ReceiveBuf, 0, size);
#if DEBUG
Stopwatch Stopwatch1 = new Stopwatch();
Stopwatch1.Start();
#endif
try
{
session.Receive(localbuffer);
}
catch (ThreadAbortException taex)
{
AddFailedSession(session);
DebugUtils.Log(taex);
}
catch (ThreadInterruptedException tiex)
{
AddFailedSession(session);
DebugUtils.Log(tiex);
}
catch (ChecksumFailureException cfex)
{
AddFailedSession(session);
DebugUtils.Log(cfex);
}
catch (SignatureCheckFailureException scex)
{
AddFailedSession(session);
DebugUtils.Log(scex);
}
catch (FailedToConnectException fcex)
{
AddFailedSession(session);
#if LOG_ALL_TRANSPORT
DebugUtils.Log(fcex);
#endif
if (session != null)
{
NetDb.Inst.Statistics.FailedToConnect(session.RemoteRouterIdentity.IdentHash);
session.RaiseException(fcex);
}
}
#if DEBUG
Stopwatch1.Stop();
if (Stopwatch1.ElapsedMilliseconds > SessionCallWarningLevelMilliseconds)
{
DebugUtils.LogDebug(() =>
string.Format("SSUHost ReceiveCallback: WARNING Session {0} used {1}ms cpu.", session, Stopwatch1.ElapsedMilliseconds));
}
#endif
}
catch (Exception ex)
{
AddFailedSession(session);
DebugUtils.Log(ex);
if (session != null && session.RemoteRouterIdentity != null && NetDb.Inst != null)
{
NetDb.Inst.Statistics.DestinationInformationFaulty(session.RemoteRouterIdentity.IdentHash);
session.RaiseException(ex);
}
}
finally
{
RemoteEP = LocalEP;
MySocket.BeginReceiveFrom(ReceiveBuf, 0, ReceiveBuf.Length, SocketFlags.None, ref RemoteEP,
new AsyncCallback(ReceiveCallback), MySocket);
}
}
