diff --git a/src/main.cpp b/src/main.cpp index 144a02408..94cb1dced 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -2491,71 +2491,6 @@ void runUnitTests() Log::info("UnitTest", "RewindQueue"); RewindQueue::unitTesting(); - Log::info("UnitTest", "IP ban"); - NetworkConfig::get()->unsetNetworking(); - ServerLobby sl; - sl.setSaveServerConfig(false); - - ServerConfig::m_server_ip_ban_list = - { - { "1.2.3.4/32", std::numeric_limits::max() } - }; - sl.updateBanList(); - assert(sl.isBannedForIP(TransportAddress("1.2.3.4"))); - assert(!sl.isBannedForIP(TransportAddress("1.2.3.5"))); - assert(!sl.isBannedForIP(TransportAddress("1.2.3.3"))); - - ServerConfig::m_server_ip_ban_list = - { - { "1.2.3.4/23", std::numeric_limits::max() } - }; - sl.updateBanList(); - assert(!sl.isBannedForIP(TransportAddress("1.2.1.255"))); - assert(sl.isBannedForIP(TransportAddress("1.2.2.0"))); - assert(sl.isBannedForIP(TransportAddress("1.2.2.3"))); - assert(sl.isBannedForIP(TransportAddress("1.2.2.4"))); - assert(sl.isBannedForIP(TransportAddress("1.2.2.5"))); - assert(sl.isBannedForIP(TransportAddress("1.2.3.3"))); - assert(sl.isBannedForIP(TransportAddress("1.2.3.4"))); - assert(sl.isBannedForIP(TransportAddress("1.2.3.5"))); - assert(sl.isBannedForIP(TransportAddress("1.2.3.255"))); - assert(!sl.isBannedForIP(TransportAddress("1.2.4.0"))); - - ServerConfig::m_server_ip_ban_list = - { - { "11.12.13.14/22", std::numeric_limits::max() }, - { "12.13.14.15/24", std::numeric_limits::max() }, - { "123.234.56.78/26", std::numeric_limits::max() }, - { "234.123.56.78/25", std::numeric_limits::max() }, - // Test for overlap handling - { "12.13.14.23/32", std::numeric_limits::max() }, - { "12.13.14.255/32", std::numeric_limits::max() } - }; - sl.updateBanList(); - assert(!sl.isBannedForIP(TransportAddress("11.12.11.255"))); - assert(sl.isBannedForIP(TransportAddress("11.12.12.0"))); - assert(sl.isBannedForIP(TransportAddress("11.12.13.14"))); - assert(sl.isBannedForIP(TransportAddress("11.12.15.255"))); - assert(!sl.isBannedForIP(TransportAddress("11.12.16.0"))); - - assert(!sl.isBannedForIP(TransportAddress("12.13.13.255"))); - assert(sl.isBannedForIP(TransportAddress("12.13.14.0"))); - assert(sl.isBannedForIP(TransportAddress("12.13.14.15"))); - assert(sl.isBannedForIP(TransportAddress("12.13.14.255"))); - assert(!sl.isBannedForIP(TransportAddress("12.13.15.0"))); - - assert(!sl.isBannedForIP(TransportAddress("123.234.56.63"))); - assert(sl.isBannedForIP(TransportAddress("123.234.56.64"))); - assert(sl.isBannedForIP(TransportAddress("123.234.56.78"))); - assert(sl.isBannedForIP(TransportAddress("123.234.56.127"))); - assert(!sl.isBannedForIP(TransportAddress("123.234.56.128"))); - - assert(!sl.isBannedForIP(TransportAddress("234.123.55.255"))); - assert(sl.isBannedForIP(TransportAddress("234.123.56.0"))); - assert(sl.isBannedForIP(TransportAddress("234.123.56.78"))); - assert(sl.isBannedForIP(TransportAddress("234.123.56.127"))); - assert(!sl.isBannedForIP(TransportAddress("234.123.56.128"))); - Log::info("UnitTest", "====================="); Log::info("UnitTest", "Testing successful "); Log::info("UnitTest", "====================="); diff --git a/src/network/network_console.cpp b/src/network/network_console.cpp index e5b65904d..c8fb80ec7 100644 --- a/src/network/network_console.cpp +++ b/src/network/network_console.cpp @@ -93,11 +93,6 @@ void mainLoop(STKHost* host) auto sl = LobbyProtocol::get(); if (sl) sl->saveIPBanTable(peer->getAddress()); - auto lock = sl->acquireConnectionMutex(); - ServerConfig::m_server_ip_ban_list - [peer->getAddress().toString(false/*show_port*/) + "/32"] - = std::numeric_limits::max(); - sl->updateBanList(); } else std::cout << "Unknown host id: " << number << std::endl; @@ -119,21 +114,6 @@ void mainLoop(STKHost* host) auto sl = LobbyProtocol::get(); if (sl) sl->listBanTable(); - - for (auto& ban : ServerConfig::m_server_ip_ban_list) - { - if (ban.first == "0.0.0.0/0") - continue; - std::cout << "IP: " << ban.first << ", expire at: " << - ban.second << std::endl; - } - for (auto& ban : ServerConfig::m_server_online_id_ban_list) - { - if (ban.first == 0) - continue; - std::cout << "Online id: " << ban.first << ", expire at: " << - ban.second << std::endl; - } } else if (str == "speedstats") { diff --git a/src/network/protocols/server_lobby.cpp b/src/network/protocols/server_lobby.cpp index 666aa2f65..29ddd1a61 100644 --- a/src/network/protocols/server_lobby.cpp +++ b/src/network/protocols/server_lobby.cpp @@ -131,7 +131,6 @@ ServerLobby::ServerLobby() : LobbyProtocol(NULL) setHandleDisconnections(true); m_state = SET_PUBLIC_ADDRESS; m_save_server_config = true; - updateBanList(); if (ServerConfig::m_ranked) { Log::info("ServerLobby", "This server will submit ranking scores to " @@ -3027,76 +3026,6 @@ void ServerLobby::playerFinishedResult(Event *event) m_peers_ready.at(peer) = true; } // playerFinishedResult -//----------------------------------------------------------------------------- -void ServerLobby::updateBanList() -{ - m_ip_ban_list.clear(); - m_online_id_ban_list.clear(); - - for (auto& ban : ServerConfig::m_server_ip_ban_list) - { - if (ban.first == "0.0.0.0/0" || - (uint32_t)StkTime::getTimeSinceEpoch() > ban.second) - continue; - uint32_t netbits = 0; - std::vector ip_and_netbits = - StringUtils::split(ban.first, '/'); - if (ip_and_netbits.size() != 2 || - !StringUtils::fromString(ip_and_netbits[1], netbits) || - netbits > 32) - { - Log::error("STKHost", "Wrong CIDR: %s", ban.first.c_str()); - continue; - } - TransportAddress addr(ip_and_netbits[0]); - if (addr.getIP() == 0) - { - Log::error("STKHost", "Wrong CIDR: %s", ban.first.c_str()); - continue; - } - uint32_t mask = ~((1 << (32 - netbits)) - 1); - uint32_t ip_start = addr.getIP() & mask; - uint32_t ip_end = (addr.getIP() & mask) | ~mask; - m_ip_ban_list[ip_start] = - std::make_tuple(ip_end, ban.first, ban.second); - } - - std::map final_ip_ban_list; - for (auto it = m_ip_ban_list.begin(); - it != m_ip_ban_list.end();) - { - auto next_itr = std::next(it); - if (next_itr != m_ip_ban_list.end() && - next_itr->first <= std::get<0>(it->second)) - { - Log::warn("ServerLobby", "%s overlaps %s, removing the first one.", - std::get<1>(next_itr->second).c_str(), - std::get<1>(it->second).c_str()); - m_ip_ban_list.erase(next_itr); - continue; - } - final_ip_ban_list[std::get<1>(it->second)] = - ServerConfig::m_server_ip_ban_list.at(std::get<1>(it->second)); - it++; - } - ServerConfig::m_server_ip_ban_list = final_ip_ban_list; - // Default guided entry - ServerConfig::m_server_ip_ban_list["0.0.0.0/0"] = 0; - - std::map final_online_id_ban_list; - for (auto& ban : ServerConfig::m_server_online_id_ban_list) - { - if (ban.first == 0 || - (uint32_t)StkTime::getTimeSinceEpoch() > ban.second) - continue; - m_online_id_ban_list[ban.first] = ban.second; - final_online_id_ban_list[ban.first] = - ServerConfig::m_server_online_id_ban_list.at(ban.first); - } - ServerConfig::m_server_online_id_ban_list = final_online_id_ban_list; - ServerConfig::m_server_online_id_ban_list[0] = 0; -} // updateBanList - //----------------------------------------------------------------------------- bool ServerLobby::waitingForPlayers() const { @@ -3566,35 +3495,6 @@ void ServerLobby::listBanTable() #endif } // listBanTable -//----------------------------------------------------------------------------- -bool ServerLobby::isBannedForIP(const TransportAddress& addr) const -{ - uint32_t ip_decimal = addr.getIP(); - auto lb = m_ip_ban_list.lower_bound(addr.getIP()); - bool is_banned = false; - if (lb != m_ip_ban_list.end() && ip_decimal >= lb->first/*ip_start*/) - { - if (ip_decimal <= std::get<0>(lb->second)/*ip_end*/ && - (uint32_t)StkTime::getTimeSinceEpoch() < std::get<2>(lb->second)) - is_banned = true; - } - else if (lb != m_ip_ban_list.begin()) - { - lb--; - if (ip_decimal>= lb->first/*ip_start*/ && - ip_decimal <= std::get<0>(lb->second)/*ip_end*/ && - (uint32_t)StkTime::getTimeSinceEpoch() < std::get<2>(lb->second)) - is_banned = true; - } - if (is_banned) - { - Log::info("ServerLobby", "%s is banned by CIDR %s", - addr.toString(false/*show_port*/).c_str(), - std::get<1>(lb->second).c_str()); - } - return is_banned; -} // isBannedForIP - //----------------------------------------------------------------------------- float ServerLobby::getStartupBoostOrPenaltyForKart(uint32_t ping, unsigned kart_id) diff --git a/src/network/protocols/server_lobby.hpp b/src/network/protocols/server_lobby.hpp index 3426694b6..8ea79fcf7 100644 --- a/src/network/protocols/server_lobby.hpp +++ b/src/network/protocols/server_lobby.hpp @@ -133,14 +133,6 @@ private: * starting race. */ mutable std::mutex m_connection_mutex; - /** Ban list of ip ranges. */ - std::map > - m_ip_ban_list; - - /** Ban list of online user id. */ - std::map m_online_id_ban_list; - TransportAddress m_server_address; std::mutex m_keys_mutex; @@ -344,7 +336,6 @@ public: virtual bool allPlayersReady() const OVERRIDE { return m_state.load() >= WAIT_FOR_RACE_STARTED; } virtual bool isRacing() const OVERRIDE { return m_state.load() == RACING; } - bool isBannedForIP(const TransportAddress& addr) const; bool allowJoinedPlayersWaiting() const; void setSaveServerConfig(bool val) { m_save_server_config = val; } float getStartupBoostOrPenaltyForKart(uint32_t ping, unsigned kart_id); diff --git a/src/network/server_config.hpp b/src/network/server_config.hpp index d9d7216fa..d01c7c770 100644 --- a/src/network/server_config.hpp +++ b/src/network/server_config.hpp @@ -345,22 +345,6 @@ namespace ServerConfig "Online ID ban list table name, you need to create the table first, " "see NETWORKING.md for details.")); - SERVER_CFG_PREFIX StringToUIntServerConfigParam m_server_ip_ban_list - SERVER_CFG_DEFAULT(StringToUIntServerConfigParam("server-ip-ban-list", - "ip: IP in X.X.X.X/Y (CIDR) format for banning, use Y of 32 for a " - "specific ip, expired-time: unix timestamp to expire, " - "-1 (uint32_t max) for a permanent ban.", - {{ "ban", "ip", "expired-time" }}, - { { "0.0.0.0/0", 0u } })); - - SERVER_CFG_PREFIX UIntToUIntServerConfigParam m_server_online_id_ban_list - SERVER_CFG_DEFAULT(UIntToUIntServerConfigParam( - "server-online-id-ban-list", - "online-id: online id for banning, expired-time: unix timestamp to " - "expire, -1 (uint32_t max) for a permanent ban.", - {{ "ban", "online-id", "expired-time" }}, - { { 0u, 0u } })); - // ======================================================================== /** Server version, will be advanced if there are protocol changes. */ static const uint32_t m_server_version = 6;