public void SpeedSingleThread()
{
const int CNT = 2000000;
using (var gate = new NetGate(null))
{
gate.Configure(CONFIG_DEFAULT_DENY.AsLaconicConfig());
gate.Start();
var sw = System.Diagnostics.Stopwatch.StartNew();
for (int i = 0; i < CNT; i++)
{
Rule rule;
Aver.IsTrue(GateAction.Allow == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "45.2.2.75"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("Workgroups", rule.Name);
}
var elapsed = sw.ElapsedMilliseconds;
Console.WriteLine("{0} in {1}ms at {2} ops/sec".Args(CNT, elapsed, CNT / ((double)elapsed / 1000)));
}
}
public void SpeedManyThreads()
{
const int CNT = 2000000;
using (var gate = new NetGate(null))
{
gate.Configure(CONFIG_DEFAULT_DENY.AsLaconicConfig());
gate.Start();
var sw = System.Diagnostics.Stopwatch.StartNew();
System.Threading.Tasks.Parallel.For(0, CNT,
(i) =>
{
Rule rule;
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "45.2.2.75"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Workgroups", rule.Name);
});
var elapsed = sw.ElapsedMilliseconds;
Console.WriteLine("{0} in {1}ms at {2} ops/sec".Args(CNT, elapsed, CNT / ((double)elapsed / 1000)));
}
}
/// <summary>
/// Override to get session object using whatever parameters are available in response context (i.e. a cookie),
/// or create a new one if 'onlyExisting'=false(default)
/// </summary>
protected internal virtual void FetchExistingOrMakeNewSession(WorkContext work, bool onlyExisting = false)
{
if (work.Session != null)
{
return;
}
WaveSession session = null;
ulong sidSecret = 0;
var sid = ExtractSessionID(work, out sidSecret);
if (sid.HasValue)
{
session = App.ObjectStore.CheckOut(sid.Value) as WaveSession;
if (session != null && session.IDSecret != sidSecret)
{
App.ObjectStore.UndoCheckout(sid.Value);
session = null;//The secret password does not match
if (Server.m_InstrumentationEnabled)
{
Interlocked.Increment(ref Server.m_Stat_SessionInvalidID);
}
}
}
if (session == null)
{
if (onlyExisting)
{
return; //do not create anything
}
if (NetGate != null && NetGate.Enabled)
{
NetGate.IncreaseVariable(IO.Net.Gate.TrafficDirection.Incoming,
work.Request.RemoteEndPoint.Address.ToString(),
NETGATE_NEWSESSION_VAR_NAME,
1);
}
session = MakeNewSession(work);
}
else
if (Server.m_InstrumentationEnabled)
{
Interlocked.Increment(ref Server.m_Stat_SessionExisting);
}
session.Acquire();
if (work.GeoEntity != null)
{
session.GeoEntity = work.GeoEntity;
}
work.m_Session = session;
ApplicationModel.ExecutionContext.__SetThreadLevelSessionContext(session);
}
public App()
{
InitializeComponent();
LocalDirectory = FileSystem.AppDataDirectory;
if (NetGate.TryLoadCachedAccessToken())
{
MainPage = new NavigationPage(new AppBody());
}
else
{
LandingPage = new LandingPage();
MainPage = new NavigationPage(LandingPage);
}
}
public void Variables_SessionFlood_Parallel_Create_Decay()
{
using (var gate = new NetGate(null))
{
gate.Configure(CONFIG_SESSION.AsLaconicConfig());
gate.Start();
Rule rule;
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "170.12.14.12"
}, out rule));
Assert.IsNull(rule);
gate.IncreaseVariable(TrafficDirection.Incoming, "5.5.5.5", "newSession", 8);
Assert.AreEqual(GateAction.Deny, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "5.5.5.5"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Session Flood", rule.Name);
const int CNT = 10000;
System.Threading.Tasks.Parallel.For(0, CNT,
(i) =>
{
var address = "addr-{0}".Args(i);
gate.IncreaseVariable(TrafficDirection.Incoming, address, "newSession", 8);
Rule lr;
Assert.AreEqual(GateAction.Deny, gate.CheckTraffic(new GeneralTraffic {
FromAddress = address
}, out lr));
Assert.IsNotNull(lr);
Assert.AreEqual("Session Flood", lr.Name);
System.Threading.Thread.Sleep(ExternalRandomGenerator.Instance.NextScaledRandomInteger(1, 5));
});
Assert.AreEqual(CNT + 1, gate[TrafficDirection.Incoming].NetState.Count);
System.Threading.Thread.Sleep(12000);
Assert.AreEqual(0, gate[TrafficDirection.Incoming].NetState.Count);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "5.5.5.5"
}, out rule));
Assert.IsNull(rule);
}
}
public void Variables_SessionFlood_2()
{
using (var gate = new NetGate(null))
{
gate.Configure(CONFIG_SESSION.AsLaconicConfig());
gate.Start();
Rule rule;
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "170.12.14.12"
}, out rule));
Assert.IsNull(rule);
gate.IncreaseVariable(TrafficDirection.Incoming, "5.5.5.5", "newSession", 5);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "170.12.14.12"
}, out rule));
Assert.IsNull(rule);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "170.1.99.144"
}, out rule));
Assert.IsNull(rule);
Assert.AreEqual(GateAction.Deny, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "5.5.5.5"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Session Flood", rule.Name);
System.Threading.Thread.Sleep(5000);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "5.5.5.5"
}, out rule));
Assert.IsNull(rule);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "170.1.99.144"
}, out rule));
Assert.IsNull(rule);
}
}
/// <summary>
/// Override to get session object using whatever parameters are available in response context (i.e. a cookie),
/// or create a new one if 'onlyExisting'=false(default)
/// </summary>
protected internal virtual void FetchExistingOrMakeNewSession(WorkContext work, bool onlyExisting = false)
{
if (work.Session != null)
{
return;
}
WaveSession session = null;
ulong sidSecret = 0;
var sid = ExtractSessionID(work, out sidSecret);
if (sid.HasValue)
{
session = App.ObjectStore.CheckOut(sid.Value) as WaveSession;
if (session != null && session.IDSecret != sidSecret)
{
App.ObjectStore.UndoCheckout(sid.Value);
session = null;//The secret password does not match
if (Server.m_InstrumentationEnabled)
{
Interlocked.Increment(ref Server.m_stat_SessionInvalidID);
}
}
}
var foundExisting = true;
if (session == null)
{
//20160124 DKh to use long term tokens
//if (onlyExisting) return;//do not create anything
if (onlyExisting)
{
session = TryMakeSessionFromExistingLongTermToken(work);
if (session == null)
{
return; //do not create anything
}
}
if (session == null)
{
foundExisting = false;
if (NetGate != null && NetGate.Enabled)
{
NetGate.IncreaseVariable(IO.Net.Gate.TrafficDirection.Incoming,
work.EffectiveCallerIPEndPoint.Address.ToString(),
NETGATE_NEWSESSION_VAR_NAME,
1);
}
session = MakeNewSession(work);
}
}
if (foundExisting && Server.m_InstrumentationEnabled)
{
Interlocked.Increment(ref Server.m_stat_SessionExisting);
}
session.Acquire();
if (work.GeoEntity != null)
{
session.GeoEntity = work.GeoEntity;
}
work.m_Session = session;
ApplicationModel.ExecutionContext.__SetThreadLevelSessionContext(session);
work.SetAuthenticated(session.User.IsAuthenticated);
}
public void DefaultDeny()
{
using (var gate = new NetGate(null))
{
gate.Configure(CONFIG_DEFAULT_DENY.AsLaconicConfig());
gate.Start();
Assert.AreEqual(GateAction.Deny, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "123.0.0.1"
}));
Rule rule;
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "170.12.14.12"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("AdminAccess", rule.Name);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "170.12.14.13"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("AdminAccess", rule.Name);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "14.2.1.12"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Workgroups", rule.Name);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "14.2.1.46"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Workgroups", rule.Name);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "14.2.1.18"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Workgroups", rule.Name);
Assert.AreEqual(GateAction.Deny, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "14.2.2.18"
}, out rule));
Assert.IsNull(rule);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "3.118.2.12"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Workgroups", rule.Name);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "3.118.2.13"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Workgroups", rule.Name);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "3.118.2.14"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Workgroups", rule.Name);
Assert.AreEqual(GateAction.Deny, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "3.118.2.15"
}, out rule));
Assert.IsNull(rule);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "77.123.1.14"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Workgroups", rule.Name);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "45.2.2.12"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Workgroups", rule.Name);
Assert.AreEqual(GateAction.Allow, gate.CheckTraffic(new GeneralTraffic {
FromAddress = "45.2.2.75"
}, out rule));
Assert.IsNotNull(rule);
Assert.AreEqual("Workgroups", rule.Name);
}
}
private async void SubmitClicked(object sender, EventArgs e)
{
if (image == null)
{
return;
}
SubmitButton.IsEnabled = false;
TakePhoto.IsEnabled = false;
Upload_Image.IsEnabled = false;
Meal meal = null;
try
{
ProgressReport progress = new ProgressReport();
UploadBar.IsVisible = true;
UploadBar.BindingContext = UploadLabel.BindingContext = progress;
NetGate netGate = new NetGate(progress);
await Task.Run(async() =>
{
meal = await netGate.GetMeal(image);
});
UploadBar.IsVisible = false;
progress.Percentage = 0;
}
catch (InvalidDataException ee)
{
await DisplayAlert("Error", ee.Message, "Ok");
SubmitButton.IsEnabled = true;
return;
}
if (meal == null)
{
await DisplayAlert("Error", "Couldn't find food in the picture", "Ok");
SubmitButton.IsEnabled = true;
TakePhoto.IsEnabled = true;
Upload_Image.IsEnabled = true;
return;
}
App.HistoryMealsPage.AddToHistory(new AppMealHistory(meal, Convert.ToBase64String(image)));
ImageViewer.IsVisible = false;
MealStackLayout.IsVisible = true;
MealImage.Source = ImageSource.FromStream(() => new MemoryStream(image));
MealName.Text = meal.Title;
StepsStackLayout.Children.Clear();
foreach (var i in meal.Instructions)
{
StepsStackLayout.Children.Add(new Label
{
TextColor = Color.FromHex("#d47691"),
Margin = new Thickness(10, 5, 10, 5),
FontSize = 16,
Text = i
});
StepsStackLayout.Children.Add(new BoxView
{
WidthRequest = 0.1,
HeightRequest = 0.5,
Color = Color.LightGray
});
}
IngredientsListView.ItemsSource = meal.Ingredients;
IngredientsListView.HeightRequest = meal.Ingredients.Count * 45;
SubmitButton.IsEnabled = true;
TakePhoto.IsEnabled = true;
Upload_Image.IsEnabled = true;
}
public void DefaultAllow()
{
using (var gate = new NetGate(NOPApplication.Instance))
{
gate.Configure(CONFIG_DEFAULT_ALLOW.AsLaconicConfig());
gate.Start();
Aver.IsTrue(GateAction.Allow == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "123.0.0.1"
}));
Rule rule;
Aver.IsTrue(GateAction.Deny == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "170.12.14.12"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("AdminAccess", rule.Name);
Aver.IsTrue(GateAction.Deny == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "170.12.14.13"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("AdminAccess", rule.Name);
Aver.IsTrue(GateAction.Deny == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "14.2.1.12"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("Workgroups", rule.Name);
Aver.IsTrue(GateAction.Deny == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "14.2.1.46"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("Workgroups", rule.Name);
Aver.IsTrue(GateAction.Deny == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "14.2.1.18"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("Workgroups", rule.Name);
Aver.IsTrue(GateAction.Allow == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "14.2.2.18"
}, out rule));
Aver.IsNull(rule);
Aver.IsTrue(GateAction.Deny == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "3.118.2.12"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("Workgroups", rule.Name);
Aver.IsTrue(GateAction.Deny == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "3.118.2.13"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("Workgroups", rule.Name);
Aver.IsTrue(GateAction.Deny == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "3.118.2.14"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("Workgroups", rule.Name);
Aver.IsTrue(GateAction.Allow == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "3.118.2.15"
}, out rule));
Aver.IsNull(rule);
Aver.IsTrue(GateAction.Deny == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "77.123.1.14"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("Workgroups", rule.Name);
Aver.IsTrue(GateAction.Deny == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "45.2.2.12"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("Workgroups", rule.Name);
Aver.IsTrue(GateAction.Deny == gate.CheckTraffic(new GeneralTraffic {
FromAddress = "45.2.2.75"
}, out rule));
Aver.IsNotNull(rule);
Aver.AreEqual("Workgroups", rule.Name);
}
}
//We always make a new in-memory ephemeral session which gets collected right after this request
protected override WaveSession MakeNewSessionInstance(WorkContext work)
{
const string BASIC = WebConsts.AUTH_SCHEME_BASIC + " ";
const string BEARER = WebConsts.AUTH_SCHEME_BEARER + " ";
//Always create new session
var session = base.MakeNewSessionInstance(work);
//try to inject session.DataContextName
var dch = DataContextHeader;
if (dch.IsNotNullOrWhiteSpace())
{
var dcn = work.Request.Headers[dch];
if (dcn.IsNotNullOrWhiteSpace())
{
dcn = dcn.Trim().TakeFirstChars(1024);//hard limit safeguard
session.DataContextName = dcn;
}
}
string hdr = null;
var altHdrName = AltAuthorizationHeader;
if (altHdrName.IsNotNullOrWhiteSpace())
{
hdr = work.Request.Headers[altHdrName]?.TrimStart(' ');
}
if (hdr.IsNullOrWhiteSpace())
{
//real AUTHORIZATION header
hdr = work.Request.Headers[WebConsts.HTTP_HDR_AUTHORIZATION]?.TrimStart(' ');
if (hdr.IsNullOrWhiteSpace())
{
var mockHdrName = DefaultImpersonationAuthorizationHeaderValue;
if (mockHdrName.IsNotNullOrEmpty())
{
hdr = mockHdrName;
}
else
{
return(session);//unauthorized
}
}
}
Credentials credentials = null;
try
{
if (hdr.StartsWith(BASIC, StringComparison.OrdinalIgnoreCase))
{
var basic = hdr.Substring(BASIC.Length).Trim();
credentials = IDPasswordCredentials.FromBasicAuth(basic);
}
else if (hdr.StartsWith(BEARER, StringComparison.OrdinalIgnoreCase))
{
var pfxBasic = BearerBasicPrefix;
var bearer = hdr.Substring(BEARER.Length).Trim();
if (pfxBasic.IsNotNullOrWhiteSpace() && bearer.IsNotNullOrWhiteSpace() && bearer.StartsWith(pfxBasic))
{
var basicContent = bearer.Substring(pfxBasic.Length).Trim();
credentials = IDPasswordCredentials.FromBasicAuth(basicContent);
}
else
{
credentials = new BearerCredentials(bearer);
}
}
}
catch { }
if (credentials == null)
{
throw HTTPStatusException.BadRequest_400("Bad [Authorization] header");
}
var user = App.SecurityManager.Authenticate(credentials);//authenticate the user
session.User = user;
work.SetAuthenticated(user.IsAuthenticated);
//gate traffic
if (!user.IsAuthenticated && NetGate != null && NetGate.Enabled)
{
var vn = GateBadAuthVar;
if (vn.IsNotNullOrWhiteSpace())
{
NetGate.IncreaseVariable(IO.Net.Gate.TrafficDirection.Incoming,
work.EffectiveCallerIPEndPoint.Address.ToString(),
vn,
1);
}
}
return(session);
}
