public static XmlElement CreateItemAllowAddress(string title, IpAddressRange range)
{
string address = range.GetAddress().ToString();
string mask = range.GetMask();
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", title);
if (range.IsV4)
{
xmlRule.SetAttribute("layer", "ipv4");
}
else if (range.IsV6)
{
xmlRule.SetAttribute("layer", "ipv6");
}
xmlRule.SetAttribute("action", "permit");
XmlElement XmlIf1 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf1);
XmlIf1.SetAttribute("field", "ip_remote_address");
XmlIf1.SetAttribute("match", "equal");
XmlIf1.SetAttribute("address", address);
XmlIf1.SetAttribute("mask", mask);
return(xmlRule);
}
public void DefaultRangeTest()
{
var generator = new IpAddressGenerator();
var ranges = generator.DefaultIpAddressRanges;
for (var i = 0; i < 10; i++)
{
var value = generator.NextValue();
Assert.IsNotNull(value);
var bytes = value.GetAddressBytes();
IpAddressRange selectedRange = null;
foreach (var range in ranges)
{
var start = range.Start.GetAddressBytes();
var end = range.End.GetAddressBytes();
for (var b = 0; b < bytes.Length; b++)
{
if ((bytes[b] >= start[b]) && (bytes[b] <= end[b]))
{
selectedRange = range;
break;
}
}
if (selectedRange != null)
{
break;
}
}
Assert.IsNotNull(selectedRange);
}
}
private async Task <List <IpAddressRange> > GetDotaIpRanges()
{
List <IpAddressRange> result;
if (!_cache.TryGetValue("dota_ip_ranges", out result))
{
result = new List <IpAddressRange>();
WebRequest request = WebRequest.CreateHttp("http://media.steampowered.com/apps/sdr/network_config.json");
request.Method = "GET";
var response = await request.GetResponseAsync();
var responseStream = response.GetResponseStream();
StreamReader reader = new StreamReader(responseStream, Encoding.UTF8);
string content = reader.ReadToEnd();
reader.Close();
var json = JsonDocument.Parse(content).RootElement;
if (json.TryGetProperty("data_centers", out var datacenters))
{
foreach (var datacenter in datacenters.EnumerateArray())
{
if (datacenter.TryGetProperty("address_ranges", out var addressRanges))
{
foreach (var addressRange in addressRanges.EnumerateArray())
{
result.Add(IpAddressRange.Parse(addressRange.ToString()));
}
}
}
}
result.Add(new IpAddressRange("127.0.0.1", "127.0.0.1"));
result.Add(new IpAddressRange("::1", "::1"));
_cache.Set("dota_ip_ranges", result, TimeSpan.FromDays(1));
}
return(result);
}
private void SetIps(Faker faker, Func <bool> r)
{
var low = faker.Internet.Ip();
var high = faker.Internet.Ip();
var lowBytes = IPAddress.Parse(low).GetAddressBytes();
var highBytes = IPAddress.Parse(high).GetAddressBytes();
for (int i = 0; i < lowBytes.Length; i++)
{
var comparison = lowBytes[i].CompareTo(highBytes[i]);
if (comparison == 0)
{
continue;
}
if (comparison > 0)
{
var s = low;
low = high;
high = s;
}
break;
}
var d = new IpAddressRange();
SwapAssign(r(), low, v => d.GreaterThan = v, v => d.GreaterThanOrEqualTo = v);
SwapAssign(r(), high, v => d.LessThan = v, v => d.LessThanOrEqualTo = v);
this.Ips = d;
}
public void NotEqualsTest()
{
var r1 = new IpAddressRange(IPAddress.Parse("1.2.3.4"), IPAddress.Parse("4.3.2.1"));
var r2 = new IpAddressRange(IPAddress.Parse("5.6.7.8"), IPAddress.Parse("8.7.6.5"));
Assert.IsFalse(r1.Equals(r2));
Assert.IsFalse(r2.Equals(r1));
}
public void EqualsTest()
{
var r1 = new IpAddressRange(IPAddress.Parse("1.2.3.4"), IPAddress.Parse("4.3.2.1"));
var r2 = new IpAddressRange(IPAddress.Parse("4.3.2.1"), IPAddress.Parse("1.2.3.4"));
Assert.IsTrue(r1.Equals(r2));
Assert.IsTrue(r2.Equals(r1));
}
public void SimpleIPRangeTest()
{
var ipRange = new IpAddressRange();
Console.WriteLine(ipRange.IsVaid("255.255.225.222"));
Console.WriteLine(ipRange.IsVaid("1.1.1.1"));
ipRange.AddIp("0.0.0.1");
ipRange.AddIp("0.0.1.0");
ipRange.AddIp("0.1.0.0");
ipRange.AddIp("1.0.0.0");
Console.WriteLine(string.Join(",",
ipRange.GetIpRange(1, Convert.ToInt32(Math.Pow(2, 24)) + 1)));
}
protected void ValidateArrayInputs()
{
if (IpAddressRange != null &&
IpAddressRange.Length > 0 &&
IpAddressRange.Where(item => { return(string.IsNullOrWhiteSpace(item)); }).Any())
{
throw new ArgumentException("The array of IpAddressRange input cannot contain null or empty strings");
}
if (VirtualNetworkResourceId != null &&
VirtualNetworkResourceId.Length > 0 &&
VirtualNetworkResourceId.Where(item => { return(string.IsNullOrWhiteSpace(item)); }).Any())
{
throw new ArgumentException("The array of VirtualNetworkResourceId input cannot contain null or empty strings");
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="id">The internal id of the Service</param>
/// <param name="name">The name of the Service</param>
/// <param name="type">The Type of the service</param>
/// <param name="sourceIpRange">The valid source ip range for the Service</param>
/// <param name="version">The version of the Service</param>
/// <param name="dtCompiled">The date the Service was compiled</param>
/// <param name="isLogged">Is this a logged Service</param>
/// <param name="isPublic">Is this service publicly available</param>
/// <param name="isAuthenticatedUserRequired">is an authenticated user required to call this Service</param>
/// <param name="isAuthorizedUserRequired">is an authorized user required to call this Service</param>
public Service(int id, string name, Type type, IpAddressRange sourceIpRange, string version, string dtCompiled, bool isPublic, bool isLogged, bool isAuthenticatedUserRequired, bool isAuthorizedUserRequired)
{
_id = id;
_name = name;
_open = new Dictionary <string, Method>();
_restricted = new Dictionary <string, Method>();
_special = new Dictionary <string, Method>();
_serviceType = type;
_sourceIpRange = sourceIpRange;
_version = version;
_dtCompiled = dtCompiled;
_isPublic = isPublic;
_isLogged = isLogged;
_isAuthenticatedUserRequired = isAuthenticatedUserRequired;
_isAuthorizedUserRequired = isAuthorizedUserRequired;
}
public override List <IpAddressRange> GetNetworkLockAllowedIps()
{
List <IpAddressRange> result = base.GetNetworkLockAllowedIps();
// Hosts
XmlNodeList nodesUrls = Storage.DocumentElement.SelectNodes("//urls/url");
foreach (XmlNode nodeUrl in nodesUrls)
{
string url = nodeUrl.Attributes["address"].Value;
string host = Utils.HostFromUrl(url);
IpAddressRange ip = new IpAddressRange(host); // TOFIX: Presume it's an IP address, but can be hostname.
result.Add(ip);
}
return(result);
}
public static bool?IsInternetIp(string ip, bool nullOnException = false)
{
try
{
return(IpAddressRange.IsInternetIp(ip));
}
catch (Exception x)
{
if (nullOnException)
{
return(null);
}
else
{
throw x;
}
}
}
private async Task <List <IpAddressRange> > GetDotaIpRanges()
{
List <IpAddressRange> result = null;
if (!_cache.TryGetValue("dota_ip_ranges", out result))
{
result = new List <IpAddressRange>();
WebRequest request = WebRequest.CreateHttp("http://media.steampowered.com/apps/sdr/network_config.json");
request.Method = "GET";
var response = await request.GetResponseAsync();
var responseStream = response.GetResponseStream();
StreamReader reader = new StreamReader(responseStream, Encoding.UTF8);
string content = reader.ReadToEnd();
var json = JObject.Parse(content);
var datacenters = json["data_centers"] as JObject;
if (datacenters != null)
{
foreach (var datacenter in datacenters)
{
var addressRanges = datacenter.Value["address_ranges"] as JArray;
if (addressRanges != null)
{
foreach (var addressRange in addressRanges)
{
result.Add(IpAddressRange.Parse((string)addressRange));
}
}
}
}
result.Add(new IpAddressRange("127.0.0.1", "127.0.0.1"));
result.Add(new IpAddressRange("::1", "::1"));
_cache.Set("dota_ip_ranges", result, TimeSpan.FromDays(1));
}
return(result);
}
public static bool IsLoopbackIp(IPAddress ip)
{
return(IpAddressRange.IsLoopbackIp(ip));
}
public List<IpAddressRange> GetAllIps()
{
List<IpAddressRange> result = new List<IpAddressRange>();
// Custom
{
string list = Engine.Instance.Storage.Get("netlock.allowed_ips");
List<string> ips = Utils.CommaStringToListString(list);
foreach (string ip in ips)
{
string ip2 = ip.Trim();
int posComment = ip2.IndexOf("#");
if (posComment != -1)
ip2 = ip2.Substring(0, posComment).Trim();
if (ip2 == "")
continue;
AddToIpsList(result, new IpAddressRange(ip2), true);
}
}
// Routes Out
{
string routes = Engine.Instance.Storage.Get("routes.custom");
string[] routes2 = routes.Split(';');
foreach (string route in routes2)
{
string[] routeEntries = route.Split(',');
if (routeEntries.Length < 2)
continue;
string ip = routeEntries[0];
string action = routeEntries[1];
if (action == "out")
{
AddToIpsList(result, new IpAddressRange(ip), true);
}
}
}
// Hosts
if (Engine.Instance.Storage.Manifest != null)
{
XmlNodeList nodesHosts = Engine.Instance.Storage.Manifest.SelectNodes("//hosts/host");
foreach (XmlNode nodeHost in nodesHosts)
{
IpAddressRange ip = new IpAddressRange(nodeHost.Attributes["address"].Value);
AddToIpsList(result, ip, false);
}
}
// Servers
lock (Engine.Instance.Servers)
{
Dictionary<string, ServerInfo> servers = new Dictionary<string, ServerInfo>(Engine.Instance.Servers);
foreach (ServerInfo infoServer in servers.Values)
{
AddToIpsList(result, infoServer.IpEntry, false);
if (infoServer.IpEntry2.Trim() != "")
AddToIpsList(result, infoServer.IpEntry2, false);
}
}
return result;
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="apiKey">The API key of the application</param>
public Application(string apiKey)
{
if (apiKey != null && apiKey.Length > 0)
{
object oApplication = Cache.Get(CACHE_TYPE, apiKey);
if (oApplication != null)
{
Application application = (Application)oApplication;
_apikey = application._apikey;
_name = application._name;
_description = application._description;
_id = application._id;
_isPublic = application._isPublic;
_isLogged = application._isLogged;
_sourceIpRange = application._sourceIpRange;
_permissions = application._permissions;
_rateLimit = application._rateLimit;
_rateInterval = application._rateInterval;
_rateType = application._rateType;
}
else
{
string sourceIpRange = null, rateType = null;
bool? isLogged = null, isPublic = null;
int? rateLimitId = null, rateLimit = null, rateInterval = null;
using (LegionLinqDataContext legion = new LegionLinqDataContext(ConfigurationManager.ConnectionStrings["LegionConnectionString"].ToString())) {
legion.xspGetApplication(apiKey, ref _id, ref _name, ref sourceIpRange, ref _description, ref rateLimitId, ref rateType, ref rateLimit, ref rateInterval, ref isPublic, ref isLogged);
}
_apikey = apiKey;
_rateLimit = rateLimit ?? Settings.GetInt("RateLimitDefault");
_rateInterval = rateInterval ?? Settings.GetInt("RateLimitIntervalDefault");
_rateType = (rateType == null ? RateType.Default : (RateType)Enum.Parse(typeof(RateType), rateType, true));
_isPublic = (isPublic == true ? true : false);
_isLogged = (isLogged == true ? true : false);
if (sourceIpRange != null && sourceIpRange != string.Empty)
{
try {
_sourceIpRange = new IpAddressRange(sourceIpRange);
}
catch {
string message = Settings.GetString("ExceptionMessageApplicationInvalidIpRange", new Dictionary <string, string>()
{
{ "IpRange", sourceIpRange },
{ "ApplicationName", _name },
{ "ApiKey", apiKey }
});
Logging.Module.WriteException(new LoggedException()
{
Type = "BadIPRange",
Message = message
});
throw new Exception(message);
}
}
Cache.Add(CACHE_TYPE, apiKey, this);
}
}
else
{
_apikey = null;
_name = Settings.GetString("SymbolUnknown");
_description = string.Empty;
_id = 0;
_isPublic = false;
_isLogged = false;
_sourceIpRange = null;
_permissions = null;
_rateLimit = Settings.GetInt("RateLimitDefault");
_rateInterval = Settings.GetInt("RateLimitIntervalDefault");
_rateType = RateType.Default;
}
}
public static bool IsInternetIp(IPAddress ip)
{
return(IpAddressRange.IsInternetIp(ip));
}
public static bool IsIpInRange(IPAddress ip, IPAddress lowerBandIp, IPAddress upperBandIp)
{
var range = new IpAddressRange(lowerBandIp, upperBandIp);
return(range.IsInRange(ip));
}
public static bool IsIpInRange(string ip, string lowerBandIp, string upperBandIp)
{
var range = new IpAddressRange(lowerBandIp, upperBandIp);
return(range.IsInRange(ip));
}
public override List<IpAddressRange> GetNetworkLockAllowedIps()
{
List<IpAddressRange> result = base.GetNetworkLockAllowedIps();
// Hosts
XmlNodeList nodesUrls = Storage.DocumentElement.SelectNodes("//urls/url");
foreach (XmlNode nodeUrl in nodesUrls)
{
string url = nodeUrl.Attributes["address"].Value;
string host = Utils.HostFromUrl(url);
IpAddressRange ip = new IpAddressRange(host); // TOFIX: Presume it's an IP address, but can be hostname.
result.Add(ip);
}
return result;
}
public void BuildOVPN(string protocol, int port, int alt, int proxyPort)
{
DateTime now = DateTime.UtcNow;
Storage s = Engine.Instance.Storage;
string ip = CurrentServer.IpEntry;
if (alt == 1)
ip = CurrentServer.IpEntry2;
string ovpn = "";
ovpn += "# " + GenerateFileHeader() + "\n";
ovpn += "# " + now.ToLongDateString() + " " + now.ToLongTimeString() + " UTC\n";
if (s.GetBool("openvpn.skip_defaults") == false)
ovpn += s.Manifest.Attributes["openvpn_directives_common"].Value.Replace("\t", "").Trim() + "\n";
if (s.Get("openvpn.dev_node") != "")
ovpn += "dev-node " + s.Get("openvpn.dev_node") + "\n";
// 2.10.1
if (s.GetInt("openvpn.rcvbuf") != -1)
ovpn += "rcvbuf " + s.GetInt("openvpn.rcvbuf").ToString() + "\n";
if (s.GetInt("openvpn.sndbuf") != -1)
ovpn += "sndbuf " + s.GetInt("openvpn.sndbuf").ToString() + "\n";
if (protocol == "UDP")
{
ovpn += "proto udp\n";
if (s.GetBool("openvpn.skip_defaults") == false)
ovpn += s.Manifest.Attributes["openvpn_directives_udp"].Value.Replace("\t", "").Trim() + "\n";
}
else // TCP, SSH, SSL, Tor
{
ovpn += "proto tcp\n";
if (s.GetBool("openvpn.skip_defaults") == false)
ovpn += s.Manifest.Attributes["openvpn_directives_tcp"].Value.Replace("\t", "").Trim() + "\n";
}
if (protocol == "SSH")
ovpn += "remote 127.0.0.1 " + Conversions.ToString(proxyPort) + "\n";
else if (protocol == "SSL")
ovpn += "remote 127.0.0.1 " + Conversions.ToString(proxyPort) + "\n";
else
ovpn += "remote " + ip + " " + port.ToString() + "\n";
if (protocol == "TOR")
{
ovpn += "socks-proxy " + s.Get("mode.tor.host") + " " + s.Get("mode.tor.port") + "\n";
}
else
{
string proxyMode = s.GetLower("proxy.mode");
if (proxyMode == "http")
{
ovpn += "http-proxy " + s.Get("proxy.host") + " " + s.Get("proxy.port");
}
else if (proxyMode == "socks")
{
ovpn += "socks-proxy " + s.Get("proxy.host") + " " + s.Get("proxy.port");
}
if (s.GetLower("proxy.mode") != "none")
{
if (s.Get("proxy.auth") != "None")
{
string fileNameAuth = s.GetPath("AirVPN.ppw");
string fileNameAuthOvpn = fileNameAuth.Replace("\\", "\\\\"); // 2.6, Escaping for Windows
string fileNameData = s.Get("proxy.login") + "\n" + s.Get("proxy.password") + "\n";
Utils.SaveFile(fileNameAuth, fileNameData);
ovpn += " \"" + fileNameAuthOvpn + "\" " + s.Get("proxy.auth").ToLowerInvariant() + "\n"; // 2.6 Auth Fix
}
else
{
ovpn += "\n";
}
}
}
string routesDefault = s.Get("routes.default");
if (routesDefault == "out")
{
ovpn += "route-nopull\n";
// For Checking
ovpn += "route " + CurrentServer.IpExit + " 255.255.255.255 vpn_gateway # For Checking Route\n";
// For DNS
// < 2.9. route directive useless, and DNS are forced manually in every supported platform. // TOCLEAN
/*
ovpn += "dhcp-option DNS " + Constants.DnsVpn + "\n"; // Manually because route-nopull skip it
ovpn += "route 10.4.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
ovpn += "route 10.5.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
ovpn += "route 10.6.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
ovpn += "route 10.7.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
ovpn += "route 10.8.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
ovpn += "route 10.9.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
ovpn += "route 10.30.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
ovpn += "route 10.50.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
*/
// 2.9, Can be removed when resolv-conf method it's not binded anymore in up/down ovpn directive // TOFIX
ovpn += "dhcp-option DNS " + Constants.DnsVpn + "\n";
}
string routes = s.Get("routes.custom");
string[] routes2 = routes.Split(';');
foreach (string route in routes2)
{
string[] routeEntries = route.Split(',');
if (routeEntries.Length != 3)
continue;
IpAddressRange ipCustomRoute = new IpAddressRange(routeEntries[0]);
if (ipCustomRoute.Valid == false)
Log(LogType.Warning, Messages.Format(Messages.CustomRouteInvalid, ipCustomRoute.ToString()));
else
{
string action = routeEntries[1];
string notes = routeEntries[2];
if ((routesDefault == "out") && (action == "in"))
ovpn += "route " + ipCustomRoute.ToOpenVPN() + " vpn_gateway # " + Utils.SafeString(notes) + "\n";
if ((routesDefault == "in") && (action == "out"))
ovpn += "route " + ipCustomRoute.ToOpenVPN() + " net_gateway # " + Utils.SafeString(notes) + "\n";
}
}
if (routesDefault == "in")
{
if ((protocol == "SSH") || (protocol == "SSL"))
{
ovpn += "route " + ip + " 255.255.255.255 net_gateway # VPN Entry IP\n";
}
if (protocol == "TOR")
{
List<string> torNodeIps = TorControl.GetGuardIps();
foreach (string torNodeIp in torNodeIps)
{
ovpn += "route " + torNodeIp + " 255.255.255.255 net_gateway # Tor Circuit\n";
}
}
}
ovpn += "management localhost " + Engine.Instance.Storage.Get("openvpn.management_port") + "\n";
Platform.Instance.OnBuildOvpn(ref ovpn);
ovpn += "\n";
ovpn += s.Get("openvpn.custom").Replace("\t", "").Trim();
ovpn += "\n";
// Experimental - Allow identification as Public Network in Windows. Advanced Option?
// ovpn += "route-metric 512\n";
// ovpn += "route 0.0.0.0 0.0.0.0\n";
//XmlNode nodeUser = s.Manifest.SelectSingleNode("//user");
XmlNode nodeUser = s.User;
ovpn += "<ca>\n" + nodeUser.Attributes["ca"].Value + "</ca>\n";
XmlNode nodeUserKey = s.User.SelectSingleNode("keys/key[@id='default']"); // TODO
ovpn += "<cert>\n" + nodeUserKey.Attributes["crt"].Value + "</cert>\n";
ovpn += "<key>\n" + nodeUserKey.Attributes["key"].Value + "</key>\n";
ovpn += "key-direction 1\n";
ovpn += "<tls-auth>\n" + nodeUser.Attributes["ta"].Value + "</tls-auth>\n";
// Custom replacement, useful to final adjustment of generated OVPN by server-side rules.
// Never used yet, available for urgent maintenance.
int iCustomReplaces = 0;
for(;;)
{
if(s.Manifest.Attributes["openvpn_replace" + iCustomReplaces.ToString() + "_pattern"] == null)
break;
string pattern = s.Manifest.Attributes["openvpn_replace" + iCustomReplaces.ToString() + "_pattern"].Value;
string replacement = s.Manifest.Attributes["openvpn_replace" + iCustomReplaces.ToString() + "_replacement"].Value;
ovpn = Regex.Replace(ovpn, pattern, replacement);
iCustomReplaces++;
}
ConnectedOVPN = ovpn;
ConnectedEntryIP = ip;
ConnectedPort = port;
ConnectedProtocol = protocol;
}
public void AddToIpsList(List<IpAddressRange> result, IpAddressRange ip, bool warning)
{
if (ip.Valid == false)
{
if(warning == true)
Engine.Instance.Log(Engine.LogType.Error, Messages.Format(Messages.NetworkLockAllowedIpInvalid, ip.ToString()));
return;
}
if (result.Contains(ip))
{
if (warning == true)
Engine.Instance.Log(Engine.LogType.Warning, Messages.Format(Messages.NetworkLockAllowedIpDuplicated, ip.ToString()));
return;
}
result.Add(ip);
}
