Mixe for Privacy and Anonymity in the Internet
Public Member Functions | Private Attributes | List of all members
CAIPList Class Reference

The purpose of this class is to store a list of IP-Addresses. More...

#include <CAIPList.hpp>

Collaboration diagram for CAIPList:

Public Member Functions

 CAIPList ()
 TODO: Fix LOG_TRAFFIC output which is not done anymore, as per default no log message are ommited... More...
 
 CAIPList (UINT32 allowedConnections)
 Constructs a empty CAIPList, there allowedConnections insertions are allowed, until an error is returned. More...
 
 ~CAIPList ()
 Deletes the IPList and frees all used resources. More...
 
SINT32 insertIP (const UINT8 ip[4])
 Inserts the IP-Address into the list. More...
 
SINT32 removeIP (const UINT8 ip[4])
 Removes the IP-Address from the list. More...
 

Private Attributes

UINT32 m_allowedConnections
 
volatile VOLATILE_PIPLISTm_HashTable
 
CAMutexm_pMutex
 

Detailed Description

The purpose of this class is to store a list of IP-Addresses.

If an IP-Address is inserted more than 'x' times, than an error is returned. The First mix uses this functionalty to do some basic Denial Of Service defense. If someone tries to do connection flooding to the First Mix, only 'x' connections are accepted and the others are droped. The internal organisation is a hash-table with overrun lists. The hashtable has 0x10000 buckets. The last two bytes of an IP-Address are the hash-key.

Note
This class only supports IPv4.
Warning
If there is less memory, CAIPList will crash!
Version
1.0 first version

Definition at line 61 of file CAIPList.hpp.

Constructor & Destructor Documentation

◆ CAIPList() [1/2]

CAIPList::CAIPList ( )

TODO: Fix LOG_TRAFFIC output which is not done anymore, as per default no log message are ommited...

Constructs an empty CAIPList. The default number MAX_IP_CONNECTIONS of allowed insertions is used

Definition at line 39 of file CAIPList.cpp.

40  {
41  m_pMutex=new CAMutex();
42  m_HashTable=new PIPLIST[0x10000];
43  memset((void*)m_HashTable,0,0x10000*sizeof(PIPLIST));
44  m_allowedConnections=MAX_IP_CONNECTIONS;
45 #if defined (_DEBUG)
46  m_Random=new UINT8[56];
47  getRandom(m_Random,56);
48 #endif
49  }
MAX_IP_CONNECTIONS
#define MAX_IP_CONNECTIONS
The default value of allowed insertions, until insertIP() will return an error.
Definition: CAIPList.hpp:47
getRandom
SINT32 getRandom(UINT32 *val)
Gets 32 random bits.
Definition: CAUtil.cpp:346
UINT8
unsigned char UINT8
Definition: basetypedefs.h:135
CAIPList::m_allowedConnections
UINT32 m_allowedConnections
Definition: CAIPList.hpp:70
CAIPList::m_pMutex
CAMutex * m_pMutex
Definition: CAIPList.hpp:76
CAIPList::m_HashTable
volatile VOLATILE_PIPLIST * m_HashTable
Definition: CAIPList.hpp:71
_iplist_t
This structure is used for building the IP-List.
Definition: CAIPList.hpp:40

References getRandom(), m_allowedConnections, m_HashTable, m_pMutex, and MAX_IP_CONNECTIONS.

Here is the call graph for this function:

◆ CAIPList() [2/2]

CAIPList::CAIPList ( UINT32  allowedConnections)

Constructs a empty CAIPList, there allowedConnections insertions are allowed, until an error is returned.

Parameters
allowedConnectionsnumber of insertions of the same IP-Address, until an error is returned

Definition at line 55 of file CAIPList.cpp.

56  {
57  m_pMutex=new CAMutex();
58  m_HashTable=new PIPLIST[0x10000];
59  memset((void*)m_HashTable,0,0x10000*sizeof(PIPLIST));
60  m_allowedConnections=allowedConnections;
61 #if defined (_DEBUG)
62  m_Random=new UINT8[56];
63  getRandom(m_Random,56);
64 #endif
65  }

References getRandom(), m_allowedConnections, m_HashTable, and m_pMutex.

Here is the call graph for this function:

◆ ~CAIPList()

CAIPList::~CAIPList ( )

Deletes the IPList and frees all used resources.

Definition at line 68 of file CAIPList.cpp.

69  {
70  for(UINT32 i=0;i<=0xFFFF;i++)
71  {
72  VOLATILE_PIPLIST entry=m_HashTable[i];
73  PIPLIST tmpEntry;
74  while(entry!=NULL)
75  {
76  tmpEntry=entry;
77  entry=entry->next;
78  delete tmpEntry;
79  tmpEntry = NULL;
80  }
81  }
82 #ifdef _DEBUG
83  delete[] m_Random;
84  m_Random = NULL;
85 #endif
86  delete[] m_HashTable;
87  m_HashTable = NULL;
88  delete m_pMutex;
89  m_pMutex = NULL;
90  }
VOLATILE_PIPLIST
volatile PIPLIST VOLATILE_PIPLIST
Definition: CAIPList.hpp:34
UINT32
unsigned int UINT32
Definition: basetypedefs.h:131
_iplist_t::next
VOLATILE_PIPLIST next
Definition: CAIPList.hpp:41

References m_HashTable, m_pMutex, and _iplist_t::next.

Member Function Documentation

◆ insertIP()

SINT32 CAIPList::insertIP ( const UINT8  ip[4])

Inserts the IP-Address into the list.

If the IP-Address is already in the list then the number of insert() called for this IP-Adress is returned. If this number is larger than m_allowedConnections an error is returned. Intern handelt es sich um eine Hashtabelle mit Ueberlaufliste. Die letzten 16 Bit der IP-Adresse bilden dabei den Hashkey. Die Hashtabelle hat 16^2 Eintraege. In den Ueberlauflisten der einzelnen Hasheintraege sind die ersten 16 Bit der IP-Adresse gespeichert.

Parameters
ipthe IP-Address to insert
Returns
number of inserts for this IP-Address
Return values
E_UNKNOWNif an error occured or an IP is inserted more than m_allowedConnections times

Definition at line 103 of file CAIPList.cpp.

104  {
105 #ifdef PAYMENT
106  return E_SUCCESS;
107 #else
108  UINT16 hashvalue=(ip[2]<<8)|ip[3];
109  SINT32 ret;
110  m_pMutex->lock();
111  PIPLIST entry=m_HashTable[hashvalue];
112  if(entry==NULL)
113  {//Hashkey nicht in der Hashtabelle gefunden --> neuer Eintrag in Hashtabelle
114 #ifndef PSEUDO_LOG
115 #ifdef _DEBUG
116  UINT8 hash[16];
117  memcpy(m_Random,ip,4);
118  MD5(m_Random,56,hash);
119  CAMsg::printMsg(LOG_DEBUG,"Inserting new IP-Address: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X !\n",hash[0],hash[1],hash[2],hash[3],hash[4],hash[5],hash[6],hash[7],hash[8],hash[9],hash[10],hash[11],hash[12],hash[13],hash[14],hash[15]);
120 #endif
121 #else
122  CAMsg::printMsg(LOG_DEBUG,"Inserting new IP-Address: {%u.%u.%u.%u} !\n",ip[0],ip[1],ip[2],ip[3]);
123 #endif
124  entry=new IPLISTENTRY;
125  memcpy(entry->ip,ip,2);
126  entry->count=1;
127  entry->next=NULL;
128  m_HashTable[hashvalue]=entry;
129  ret = entry->count;
130 #ifdef DEBUG
131 #ifndef PSEUDO_LOG
132 #ifdef DEBUG
133  CAMsg::printMsg(LOG_DEBUG,"New IP-Address inserted: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X !\n",hash[0],hash[1],hash[2],hash[3],hash[4],hash[5],hash[6],hash[7],hash[8],hash[9],hash[10],hash[11],hash[12],hash[13],hash[14],hash[15]);
134 #endif
135 #else
136  CAMsg::printMsg(LOG_DEBUG,"New IP-Address inserted: {%u.%u.%u.%u} !\n",ip[0],ip[1],ip[2],ip[3]);
137 #endif
138 #endif
139  m_pMutex->unlock();
140  return ret;
141  }
142  else
143  {//Hashkey in Hashtabelle gefunden --> suche in Ueberlaufliste nach Eintrag bzw. lege neuen Eitnrag an
144  PIPLIST last;
145  do
146  {
147  if(memcmp(entry->ip,ip,2)==0) //we have found the entry
148  {
149  #ifdef PSEUDO_LOG
150  CAMsg::printMsg(LOG_DEBUG,"Inserting IP-Address: {%u.%u.%u.%u} !\n",ip[0],ip[1],ip[2],ip[3]);
151  #endif
152  if(entry->count>=m_allowedConnections) //an Attack...
153  {
154  //#if !defined(PSEUDO_LOG)&&defined(FIREWALL_SUPPORT)
155  CAMsg::printMsg(LOG_CRIT,"Possible flooding attack from: %u.%u.x.x !\n",ip[0],ip[1],ip[2],ip[3]);
156  //#endif
157  m_pMutex->unlock();
158  return E_UNKNOWN;
159  }
160  entry->count++;
161  ret = entry->count;
162  #ifdef PSEUDO_LOG
163  CAMsg::printMsg(LOG_DEBUG,"IP-Address inserted: {%u.%u.%u.%u} !\n",ip[0],ip[1],ip[2],ip[3]);
164  #endif
165  m_pMutex->unlock();
166  return ret;
167  }
168  last=entry;
169  entry=entry->next;
170  } while(entry!=NULL);
171 //Nicht in der Ueberlaufliste gefunden
172  last->next=new IPLISTENTRY;
173  entry=last->next;
174  memcpy(entry->ip,ip,2);
175  entry->count=1;
176  entry->next=NULL;
177  ret = entry->count;
178  m_pMutex->unlock();
179  return ret;
180  }
181 #endif
182  }
IPLISTENTRY
struct _iplist_t IPLISTENTRY
Definition: CAIPList.hpp:32
UINT16
unsigned short UINT16
Definition: basetypedefs.h:133
SINT32
signed int SINT32
Definition: basetypedefs.h:132
CAMsg::printMsg
static SINT32 printMsg(UINT32 typ, const char *format,...)
Writes a given message to the log.
Definition: CAMsg.cpp:251
CAMutex::unlock
SINT32 unlock()
Definition: CAMutex.hpp:52
CAMutex::lock
SINT32 lock()
Definition: CAMutex.hpp:41
E_SUCCESS
const SINT32 E_SUCCESS
Definition: errorcodes.hpp:2
E_UNKNOWN
#define E_UNKNOWN
Definition: errorcodes.hpp:3
_iplist_t::ip
UINT8 ip[2]
Next element, NULL if element is the last one.
Definition: CAIPList.hpp:42
_iplist_t::count
volatile UINT8 count
First two Bytes of the IP-Address.
Definition: CAIPList.hpp:43

References _iplist_t::count, E_SUCCESS, E_UNKNOWN, _iplist_t::ip, CAMutex::lock(), m_allowedConnections, m_HashTable, m_pMutex, _iplist_t::next, CAMsg::printMsg(), and CAMutex::unlock().

Here is the call graph for this function:

◆ removeIP()

SINT32 CAIPList::removeIP ( const UINT8  ip[4])

Removes the IP-Address from the list.

Parameters
ipIP-Address to remove
Returns
the remaining count of inserts for this IP-Address.
Return values
0if IP-Address is delete form the list

Definition at line 189 of file CAIPList.cpp.

190  {
191 #ifdef PAYMENT
192  return E_SUCCESS;
193 #else
194  UINT16 hashvalue=(ip[2]<<8)|ip[3];
195  SINT32 ret;
196  m_pMutex->lock();
197  PIPLIST entry=m_HashTable[hashvalue];
198  if(entry==NULL)
199  {
200  m_pMutex->unlock();
201  CAMsg::printMsg(LOG_INFO,"Try to remove IP which is not in the hashtable of the IP-list - possible inconsistences in IPList!\n");
202  return 0;
203  }
204  else
205  {
206  PIPLIST before=NULL;
207  while(entry!=NULL)
208  {
209  if(memcmp(entry->ip,ip,2)==0)
210  {
211  entry->count--;
212  if(entry->count==0)
213  {
214  #ifndef PSEUDO_LOG
215  #if defined (_DEBUG)
216  UINT8 hash[16];
217  memcpy(m_Random,ip,4);
218  MD5(m_Random,56,hash);
219  CAMsg::printMsg(LOG_DEBUG,"Removing IP-Address: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X !\n",hash[0],hash[1],hash[2],hash[3],hash[4],hash[5],hash[6],hash[7],hash[8],hash[9],hash[10],hash[11],hash[12],hash[13],hash[14],hash[15]);
220  #endif
221  #else
222  CAMsg::printMsg(LOG_DEBUG,"Removing IP-Address: {%u.%u.%u.%u} !\n",ip[0],ip[1],ip[2],ip[3]);
223  #endif
224  if(before==NULL)
225  m_HashTable[hashvalue]=entry->next;
226  else
227  before->next=entry->next;
228  delete entry;
229  entry = NULL;
230  m_pMutex->unlock();
231  return 0;
232  }
233  ret = entry->count;
234  m_pMutex->unlock();
235  return ret;
236  }
237  before=entry;
238  entry=entry->next;
239  }
240  m_pMutex->unlock();
241  CAMsg::printMsg(LOG_INFO,"Try to remove IP which is not in list - possible inconsistences in IPList!\n");
242  return 0;
243  }
244 #endif
245  }

References _iplist_t::count, E_SUCCESS, _iplist_t::ip, CAMutex::lock(), m_HashTable, m_pMutex, _iplist_t::next, CAMsg::printMsg(), and CAMutex::unlock().

Referenced by CAFirstMixA::closeConnection(), CAFirstMix::doUserLogin_internal(), and CAFirstMixB::loop().

Here is the call graph for this function:
Here is the caller graph for this function:

Member Data Documentation

◆ m_allowedConnections

UINT32 CAIPList::m_allowedConnections
private

Definition at line 70 of file CAIPList.hpp.

Referenced by CAIPList(), and insertIP().

◆ m_HashTable

volatile VOLATILE_PIPLIST* CAIPList::m_HashTable
private

Definition at line 71 of file CAIPList.hpp.

Referenced by CAIPList(), insertIP(), removeIP(), and ~CAIPList().

◆ m_pMutex

CAMutex* CAIPList::m_pMutex
private

Definition at line 76 of file CAIPList.hpp.

Referenced by CAIPList(), insertIP(), removeIP(), and ~CAIPList().

The documentation for this class was generated from the following files:
Generated on Sat Jul 22 2023 00:20:20 for Mixe for Privacy and Anonymity in the Internet by doxygen 1.9.1