You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Sai Pullabhotla (JIRA)" <ji...@apache.org> on 2010/03/18 19:56:27 UTC
[jira] Created: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Implement IP Filtering based on black or white list
---------------------------------------------------
Key: FTPSERVER-357
URL: https://issues.apache.org/jira/browse/FTPSERVER-357
Project: FtpServer
Issue Type: New Feature
Components: Core
Reporter: Sai Pullabhotla
Fix For: 1.1.0
Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853988#action_12853988 ]
Niklas Gustavsson commented on FTPSERVER-357:
---------------------------------------------
It fits just fine in this issue, perhaps rename the issue.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Assignee: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sai Pullabhotla updated FTPSERVER-357:
--------------------------------------
Attachment: ftpserver-ipfilter.patch
Please review this and provide your feedback.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sai Pullabhotla reassigned FTPSERVER-357:
-----------------------------------------
Assignee: Sai Pullabhotla
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Assignee: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847397#action_12847397 ]
Niklas Gustavsson commented on FTPSERVER-357:
---------------------------------------------
So, if the user constructs the blacklist the "old" way, you will store that config and return it if he calls getBlocked*. If so, sounds good.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853525#action_12853525 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
Cool, I can do that. I will check in the updated code sometime this week.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12856729#action_12856729 ]
Niklas Gustavsson commented on FTPSERVER-357:
---------------------------------------------
Oh, and let's create an issue for MINA to get this into MINA in the long run.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Assignee: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "David Latorre (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847289#action_12847289 ]
David Latorre commented on FTPSERVER-357:
-----------------------------------------
About the metho names... We are keeping the getBlockedSubnets() getBlockedAddresses() methods right? I don't know if we choose a better name for these methods as they are a bit misleading ( I can't think of any though and its one of our internal classes so whatever).
I don't really know what are the capabilities that a Whitelist/blacklist solution should offer but I have some doubts:
- Is it likely that blacklist & whitelist can be used at the same time? For example, we have some range of subnets allowed but there is a specific host which is trying to break into FTPServer or flooding it with connections: an user FTPLet might detect this and try to include that host to the blacklist. I think spam filters define "whitelist" as a list of addresses that are never rejected rather than "the only addresses that are allowed to connect to the server" - is that an useful feature for us?
- Should we extend the black/white listing to the USER level? So, user A can only connect from X.X.X.X whereas user B can connect from Y.Y.Y.Y or Y.Y.Y.Z I find this most useful in our own case at my company where different users means different customers.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847396#action_12847396 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
Well, I don't think we can guarantee an accurate result if we start pulling Inets/Subnets from the new IpFilter. What I mean by accuarate result is, the returned list may not be the same as the one they have been getting with the current public release. This due to the fact that the new filter just maintains everything as Subnets. I think I'm going to cheat here by having a couple of "never used" member variables in AbstractListener which contain the list of InetAddress/Subnets and return them right away. What do you think?
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853520#action_12853520 ]
Niklas Gustavsson commented on FTPSERVER-357:
---------------------------------------------
I think passing IoSession makes sense. How about calling it "SessionFilter" and the implementation "RemoteIpFilter" (following the IoSession of RemoteAddress)?
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847107#action_12847107 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
I think I can get it to work with the old methods and constructors in
the factory classes. Just wanted to get it going so, the quickest way
was to remove/change signatures. I will look into it some more and let
you know.
I will double check the AbstractListener and see if I formatted the
whole class. If I did, I will re-apply may changes to the version from
trunk.
Yeah, the FileSystem class changes were an accidental inclusion in the
patch. I might open a new thread on this as I think it would be nice
to have some of these member variables accessible in subclasses. It
was a while ago I was playing with a subclass and needed those. I'll
have to rewind and figure out what I was doing then.
I don't think the DefaultIpFilter needs to be immutable. The class is
extended from a Set that makes a copy of the Set on every change to
the Set, so it is safe to modify the Set while an iterator is
iterating over the items. Of course, I stole the idea from the
existing filter in MINA.
If everything else looks okay, and if you think the package/class
names are good as they are, I will go ahead and try to wrap this up
this week.
Regards,
Sai Pullabhotla
On Thu, Mar 18, 2010 at 2:54 PM, Niklas Gustavsson (JIRA)
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847373#action_12847373 ]
Niklas Gustavsson commented on FTPSERVER-357:
---------------------------------------------
Yeah, since the Listener interface is part of our published API, we would need to keep those methods as well (feel free to mark now redundant methods as deprecated). Can the methods just get the filter, check if it's blocking and then return what's blocked? If we're whitelisting, I think these methods can return empty lists as whitelisting is a new functionality.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sai Pullabhotla updated FTPSERVER-357:
--------------------------------------
Attachment: ftpserver-ipfilter2.patch
Here is the take 2. Hope this is better than the previous one and preserves the backward compatibility. I still have to do some more testing and update any test cases, but this should be good to start reviewing/testing. Let me know of any comments/suggestions.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847102#action_12847102 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
Oh, BTW, I missed an else block in the DefaultIpFilter.add(String) method which should have been there to filter a specific IP address. It's in now in my local copy. Just an FYI.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12856533#action_12856533 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
Niklas,
Any preference on the package name or the existing packages that the classes should go into?
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Assignee: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853501#action_12853501 ]
Niklas Gustavsson commented on FTPSERVER-357:
---------------------------------------------
If we pass the entire IoSession, it needs to be called something else than IpFilter since the filtering might be done on other factors. Besides that, seems good to me.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853524#action_12853524 ]
Niklas Gustavsson commented on FTPSERVER-357:
---------------------------------------------
Probably good to be consistent so I think we should change the Spring config as well.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853515#action_12853515 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
How about calling the interface (IpFilter) as FtpSessionFilter with boolean accept(IoSession).
Rename the DefaultIpFilter to ClientIpFilter or just IpFilter
Or should we stick to the IpFilter notation and simply change the accept method to have two parameter representing the Socket end points?
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847377#action_12847377 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
Well, I thought about that possibility. We can do it if we enforce the filter type in the IpFilter interface. Right now, the IpFilter has just one method, accept(). We could add getType() method which would return a type too. But I hate to enforce this at the interface level, which may not make sense when implementing custom filters where they do not care about the type or the type of the filter does not fall into the categories we support (DENY/ALLOW). The best we could do is, check to see if IpFilter is an instance of DefaultIpFilter, if so, check if it is of type DENY, and then return the list. Return null/blank list in all other cases. Hope it makes sense. Let me know what you think of this approach or any other ideas you may have.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853427#action_12853427 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
I'm wondering if we need to change the signature on the IpFilter interface.
Currently, it requires that - boolean accept(InetAddress address) method be implemented.
While this does the job pretty good, It does not give any information about the local network interface to which the client attempted to connect. This could be important for some people for the following reasons:
1. Auditing - simply log the remote client's IP, port and local interface IP and port.
2. If some one wants to implement a filter based on the both remote and local IPs. For example, allow client X to connect on interface A, but not on B and C.
If you agree with me on this, the IpFilter interface probably needs to have the below method instead of the current one:
boolean accept(SocketAddress remoteAddress, SocketAddress localAddress)
Your ideas and thoughts are appreciated.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12856728#action_12856728 ]
Niklas Gustavsson commented on FTPSERVER-357:
---------------------------------------------
Assuming it's org.apache.ftpserver.ipfilter, that's fine with me :-)
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Assignee: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12854506#action_12854506 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
I've refactored all classes to the way we wanted it. Now its time to decide the package name/appropriate packages for each of these classes. Currently all supporting interfaces and classes are in a package com.apache.ftpserver.ipfilter. Do you have any preferences?
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Assignee: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847115#action_12847115 ]
Niklas Gustavsson commented on FTPSERVER-357:
---------------------------------------------
Yes, besides those details (breaking the API is a blocker for 1.1), I think it looks good!
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847379#action_12847379 ]
Niklas Gustavsson commented on FTPSERVER-357:
---------------------------------------------
I think that makes perfect sense (we need to update the documentation on Listener to tell the user that if they go advanced and implement their own filter, they can not use these methods. And mark them as deprecated.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853522#action_12853522 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
I like those. I will go ahead and change those names. Are we good with the spring configuration tag names etc.? The tag name is currently <ip-filter>. Not sure if we need to change it to <remote-ip-filter>.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853469#action_12853469 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
may not be a bad idea to just pass the IoSession to the accept() method.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853928#action_12853928 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
Does this change to SessionFilter need to be another JIRA or could be use the same issue as it was never shipped out?
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Assignee: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch, ftpserver-ipfilter2.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847103#action_12847103 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
I think I can get it to work with the old methods and constructors in
the factory classes. Just wanted to get it going so, the quickest way
was to remove/change signatures. I will look into it some more and let
you know.
I will double check the AbstractListener and see if I formatted the
whole class. If I did, I will re-apply may changes to the version from
trunk.
Yeah, the FileSystem class changes were an accidental inclusion in the
patch. I might open a new thread on this as I think it would be nice
to have some of these member variables accessible in subclasses. It
was a while ago I was playing with a subclass and needed those. I'll
have to rewind and figure out what I was doing then.
I don't think the DefaultIpFilter needs to be immutable. The class is
extended from a Set that makes a copy of the Set on every change to
the Set, so it is safe to modify the Set while an iterator is
iterating over the items. Of course, I stole the idea from the
existing filter in MINA.
If everything else looks okay, and if you think the package/class
names are good as they are, I will go ahead and try to wrap this up
this week.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Sai Pullabhotla (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847365#action_12847365 ]
Sai Pullabhotla commented on FTPSERVER-357:
-------------------------------------------
Okay guys, I think I updated the ListenerFactory to have the old methods and marked them as deprecated. If the blockedAddresses or blockedSubnets are specified on the factory, they cannot set ipFilter. In other words, ipFilter and blocked* are mutually exclusive. If both are set, calling the createListener would raise an exception. This is similar to what I did with the spring configuration. Let me know if this is okay with you.
Also, the Listener interface has getBlocked* methods. Do we want to make these available too? I don't think this is possible, especially when there is a custom filter. At the same time, I doubt if anybody is working directly with listeners. Let me know what you think.
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-357) Implement IP Filtering based on
black or white list
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847084#action_12847084 ]
Niklas Gustavsson commented on FTPSERVER-357:
---------------------------------------------
Some comments on the patch:
* We need to do this change without removing method in the public API, otherwise it needs to wait until a future 2.0. Would be good if we can get it into 1.1
* Patch includes lots of changes to AbstractListener, is that part of this change (perhaps only whitespace changes)?
* Patch includes changes to NativeFileSystemView which does not belong in this patch
* //TODO what's the good exception to throw from here? -> FtpServerConfigurationException
* Would it be a good idea to make DefaultIpFilter immutable?
> Implement IP Filtering based on black or white list
> ---------------------------------------------------
>
> Key: FTPSERVER-357
> URL: https://issues.apache.org/jira/browse/FTPSERVER-357
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Sai Pullabhotla
> Fix For: 1.1.0
>
> Attachments: ftpserver-ipfilter.patch
>
>
> Create a new IP Filter based on black or white list to deny or allow incoming client connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.