You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by el...@apache.org on 2014/09/10 16:41:26 UTC
git commit: Added support of IPV6 for the BlackListFilter
Repository: mina
Updated Branches:
refs/heads/2.0 46f929204 -> dd83fecdb
Added support of IPV6 for the BlackListFilter
Project: http://git-wip-us.apache.org/repos/asf/mina/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina/commit/dd83fecd
Tree: http://git-wip-us.apache.org/repos/asf/mina/tree/dd83fecd
Diff: http://git-wip-us.apache.org/repos/asf/mina/diff/dd83fecd
Branch: refs/heads/2.0
Commit: dd83fecdbb85fdd2276a350e509f91aa12e9e3ce
Parents: 46f9292
Author: Emmanuel Lécharny <el...@symas.com>
Authored: Wed Sep 10 16:40:30 2014 +0200
Committer: Emmanuel Lécharny <el...@symas.com>
Committed: Wed Sep 10 16:40:30 2014 +0200
----------------------------------------------------------------------
.../mina/filter/firewall/BlacklistFilter.java | 9 +++
.../org/apache/mina/filter/firewall/Subnet.java | 82 ++++++++++++++++----
2 files changed, 74 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mina/blob/dd83fecd/mina-core/src/main/java/org/apache/mina/filter/firewall/BlacklistFilter.java
----------------------------------------------------------------------
diff --git a/mina-core/src/main/java/org/apache/mina/filter/firewall/BlacklistFilter.java b/mina-core/src/main/java/org/apache/mina/filter/firewall/BlacklistFilter.java
index 9803062..19819d7 100644
--- a/mina-core/src/main/java/org/apache/mina/filter/firewall/BlacklistFilter.java
+++ b/mina-core/src/main/java/org/apache/mina/filter/firewall/BlacklistFilter.java
@@ -41,6 +41,7 @@ import org.slf4j.LoggerFactory;
* @org.apache.xbean.XBean
*/
public class BlacklistFilter extends IoFilterAdapter {
+ /** The list of blocked addresses */
private final List<Subnet> blacklist = new CopyOnWriteArrayList<Subnet>();
private final static Logger LOGGER = LoggerFactory.getLogger(BlacklistFilter.class);
@@ -56,7 +57,9 @@ public class BlacklistFilter extends IoFilterAdapter {
if (addresses == null) {
throw new IllegalArgumentException("addresses");
}
+
blacklist.clear();
+
for (int i = 0; i < addresses.length; i++) {
InetAddress addr = addresses[i];
block(addr);
@@ -74,7 +77,9 @@ public class BlacklistFilter extends IoFilterAdapter {
if (subnets == null) {
throw new IllegalArgumentException("Subnets must not be null");
}
+
blacklist.clear();
+
for (Subnet subnet : subnets) {
block(subnet);
}
@@ -113,7 +118,9 @@ public class BlacklistFilter extends IoFilterAdapter {
if (subnets == null) {
throw new IllegalArgumentException("Subnets must not be null");
}
+
blacklist.clear();
+
for (Subnet subnet : subnets) {
block(subnet);
}
@@ -159,6 +166,7 @@ public class BlacklistFilter extends IoFilterAdapter {
if (subnet == null) {
throw new IllegalArgumentException("Subnet can not be null");
}
+
blacklist.remove(subnet);
}
@@ -229,6 +237,7 @@ public class BlacklistFilter extends IoFilterAdapter {
private boolean isBlocked(IoSession session) {
SocketAddress remoteAddress = session.getRemoteAddress();
+
if (remoteAddress instanceof InetSocketAddress) {
InetAddress address = ((InetSocketAddress) remoteAddress).getAddress();
http://git-wip-us.apache.org/repos/asf/mina/blob/dd83fecd/mina-core/src/main/java/org/apache/mina/filter/firewall/Subnet.java
----------------------------------------------------------------------
diff --git a/mina-core/src/main/java/org/apache/mina/filter/firewall/Subnet.java b/mina-core/src/main/java/org/apache/mina/filter/firewall/Subnet.java
index c5d65ca..08ea46e 100644
--- a/mina-core/src/main/java/org/apache/mina/filter/firewall/Subnet.java
+++ b/mina-core/src/main/java/org/apache/mina/filter/firewall/Subnet.java
@@ -31,15 +31,21 @@ import java.net.InetAddress;
*/
public class Subnet {
- private static final int IP_MASK = 0x80000000;
+ private static final int IP_MASK_V4 = 0x80000000;
+
+ private static final long IP_MASK_V6 = 0x8000000000000000L;
private static final int BYTE_MASK = 0xFF;
private InetAddress subnet;
+ /** An int representation of a subnet for IPV4 addresses */
private int subnetInt;
- private int subnetMask;
+ /** An long representation of a subnet for IPV6 addresses */
+ private long subnetLong;
+
+ private long subnetMask;
private int suffix;
@@ -54,20 +60,36 @@ public class Subnet {
if (subnet == null) {
throw new IllegalArgumentException("Subnet address can not be null");
}
+
if (!(subnet instanceof Inet4Address)) {
throw new IllegalArgumentException("Only IPv4 supported");
}
- if (mask < 0 || mask > 32) {
- throw new IllegalArgumentException("Mask has to be an integer between 0 and 32");
+ if (subnet instanceof Inet4Address) {
+ // IPV4 address
+ if ((mask < 0) || (mask > 32)) {
+ throw new IllegalArgumentException("Mask has to be an integer between 0 and 32 for an IPV4 address");
+ } else {
+ this.subnet = subnet;
+ subnetInt = toInt(subnet);
+ this.suffix = mask;
+
+ // binary mask for this subnet
+ this.subnetMask = IP_MASK_V4 >> (mask - 1);
+ }
+ } else {
+ // IPV6 address
+ if ((mask < 0) || (mask > 128)) {
+ throw new IllegalArgumentException("Mask has to be an integer between 0 and 128 for an IPV6 address");
+ } else {
+ this.subnet = subnet;
+ subnetLong = toLong(subnet);
+ this.suffix = mask;
+
+ // binary mask for this subnet
+ this.subnetMask = IP_MASK_V6 >> (mask - 1);
+ }
}
-
- this.subnet = subnet;
- this.subnetInt = toInt(subnet);
- this.suffix = mask;
-
- // binary mask for this subnet
- this.subnetMask = IP_MASK >> (mask - 1);
}
/**
@@ -76,21 +98,43 @@ public class Subnet {
private int toInt(InetAddress inetAddress) {
byte[] address = inetAddress.getAddress();
int result = 0;
+
for (int i = 0; i < address.length; i++) {
result <<= 8;
result |= address[i] & BYTE_MASK;
}
+
return result;
}
/**
- * Converts an IP address to a subnet using the provided
- * mask
- * @param address The address to convert into a subnet
+ * Converts an IP address into a long
+ */
+ private long toLong(InetAddress inetAddress) {
+ byte[] address = inetAddress.getAddress();
+ long result = 0;
+
+ for (int i = 0; i < address.length; i++) {
+ result <<= 8;
+ result |= address[i] & BYTE_MASK;
+ }
+
+ return result;
+ }
+
+ /**
+ * Converts an IP address to a subnet using the provided mask
+ *
+ * @param address
+ * The address to convert into a subnet
* @return The subnet as an integer
*/
- private int toSubnet(InetAddress address) {
- return toInt(address) & subnetMask;
+ private long toSubnet(InetAddress address) {
+ if (address instanceof Inet4Address) {
+ return toInt(address) & (int) subnetMask;
+ } else {
+ return toLong(address) & subnetMask;
+ }
}
/**
@@ -103,7 +147,11 @@ public class Subnet {
return true;
}
- return toSubnet(address) == subnetInt;
+ if (address instanceof Inet4Address) {
+ return (int) toSubnet(address) == subnetInt;
+ } else {
+ return toSubnet(address) == subnetLong;
+ }
}
/**