diff options
Diffstat (limited to '')
5 files changed, 904 insertions, 0 deletions
diff --git a/OpenSim/Framework/BasicDOSProtector.cs b/OpenSim/Framework/BasicDOSProtector.cs new file mode 100644 index 0000000..89bfa94 --- /dev/null +++ b/OpenSim/Framework/BasicDOSProtector.cs | |||
@@ -0,0 +1,275 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSimulator Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | using System; | ||
28 | using System.Collections.Generic; | ||
29 | using System.Reflection; | ||
30 | using log4net; | ||
31 | |||
32 | namespace OpenSim.Framework | ||
33 | { | ||
34 | |||
35 | public class BasicDOSProtector | ||
36 | { | ||
37 | public enum ThrottleAction | ||
38 | { | ||
39 | DoThrottledMethod, | ||
40 | DoThrow | ||
41 | } | ||
42 | private readonly CircularBuffer<int> _generalRequestTimes; // General request checker | ||
43 | private readonly BasicDosProtectorOptions _options; | ||
44 | private readonly Dictionary<string, CircularBuffer<int>> _deeperInspection; // per client request checker | ||
45 | private readonly Dictionary<string, int> _tempBlocked; // blocked list | ||
46 | private readonly Dictionary<string, int> _sessions; | ||
47 | private readonly System.Timers.Timer _forgetTimer; // Cleanup timer | ||
48 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | ||
49 | private readonly System.Threading.ReaderWriterLockSlim _blockLockSlim = new System.Threading.ReaderWriterLockSlim(); | ||
50 | private readonly System.Threading.ReaderWriterLockSlim _sessionLockSlim = new System.Threading.ReaderWriterLockSlim(); | ||
51 | public BasicDOSProtector(BasicDosProtectorOptions options) | ||
52 | { | ||
53 | _generalRequestTimes = new CircularBuffer<int>(options.MaxRequestsInTimeframe + 1, true); | ||
54 | _generalRequestTimes.Put(0); | ||
55 | _options = options; | ||
56 | _deeperInspection = new Dictionary<string, CircularBuffer<int>>(); | ||
57 | _tempBlocked = new Dictionary<string, int>(); | ||
58 | _sessions = new Dictionary<string, int>(); | ||
59 | _forgetTimer = new System.Timers.Timer(); | ||
60 | _forgetTimer.Elapsed += delegate | ||
61 | { | ||
62 | _forgetTimer.Enabled = false; | ||
63 | |||
64 | List<string> removes = new List<string>(); | ||
65 | _blockLockSlim.EnterReadLock(); | ||
66 | foreach (string str in _tempBlocked.Keys) | ||
67 | { | ||
68 | if ( | ||
69 | Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(), | ||
70 | _tempBlocked[str]) > 0) | ||
71 | removes.Add(str); | ||
72 | } | ||
73 | _blockLockSlim.ExitReadLock(); | ||
74 | lock (_deeperInspection) | ||
75 | { | ||
76 | _blockLockSlim.EnterWriteLock(); | ||
77 | for (int i = 0; i < removes.Count; i++) | ||
78 | { | ||
79 | _tempBlocked.Remove(removes[i]); | ||
80 | _deeperInspection.Remove(removes[i]); | ||
81 | _sessions.Remove(removes[i]); | ||
82 | } | ||
83 | _blockLockSlim.ExitWriteLock(); | ||
84 | } | ||
85 | foreach (string str in removes) | ||
86 | { | ||
87 | m_log.InfoFormat("[{0}] client: {1} is no longer blocked.", | ||
88 | _options.ReportingName, str); | ||
89 | } | ||
90 | _blockLockSlim.EnterReadLock(); | ||
91 | if (_tempBlocked.Count > 0) | ||
92 | _forgetTimer.Enabled = true; | ||
93 | _blockLockSlim.ExitReadLock(); | ||
94 | }; | ||
95 | |||
96 | _forgetTimer.Interval = _options.ForgetTimeSpan.TotalMilliseconds; | ||
97 | } | ||
98 | |||
99 | /// <summary> | ||
100 | /// Given a string Key, Returns if that context is blocked | ||
101 | /// </summary> | ||
102 | /// <param name="key">A Key identifying the context</param> | ||
103 | /// <returns>bool Yes or No, True or False for blocked</returns> | ||
104 | public bool IsBlocked(string key) | ||
105 | { | ||
106 | bool ret = false; | ||
107 | _blockLockSlim.EnterReadLock(); | ||
108 | ret = _tempBlocked.ContainsKey(key); | ||
109 | _blockLockSlim.ExitReadLock(); | ||
110 | return ret; | ||
111 | } | ||
112 | |||
113 | /// <summary> | ||
114 | /// Process the velocity of this context | ||
115 | /// </summary> | ||
116 | /// <param name="key"></param> | ||
117 | /// <param name="endpoint"></param> | ||
118 | /// <returns></returns> | ||
119 | public bool Process(string key, string endpoint) | ||
120 | { | ||
121 | if (_options.MaxRequestsInTimeframe < 1 || _options.RequestTimeSpan.TotalMilliseconds < 1) | ||
122 | return true; | ||
123 | |||
124 | string clientstring = key; | ||
125 | |||
126 | _blockLockSlim.EnterReadLock(); | ||
127 | if (_tempBlocked.ContainsKey(clientstring)) | ||
128 | { | ||
129 | _blockLockSlim.ExitReadLock(); | ||
130 | |||
131 | if (_options.ThrottledAction == ThrottleAction.DoThrottledMethod) | ||
132 | return false; | ||
133 | else | ||
134 | throw new System.Security.SecurityException("Throttled"); | ||
135 | } | ||
136 | |||
137 | _blockLockSlim.ExitReadLock(); | ||
138 | |||
139 | lock (_generalRequestTimes) | ||
140 | _generalRequestTimes.Put(Util.EnvironmentTickCount()); | ||
141 | |||
142 | if (_options.MaxConcurrentSessions > 0) | ||
143 | { | ||
144 | int sessionscount = 0; | ||
145 | |||
146 | _sessionLockSlim.EnterReadLock(); | ||
147 | if (_sessions.ContainsKey(key)) | ||
148 | sessionscount = _sessions[key]; | ||
149 | _sessionLockSlim.ExitReadLock(); | ||
150 | |||
151 | if (sessionscount > _options.MaxConcurrentSessions) | ||
152 | { | ||
153 | // Add to blocking and cleanup methods | ||
154 | lock (_deeperInspection) | ||
155 | { | ||
156 | _blockLockSlim.EnterWriteLock(); | ||
157 | if (!_tempBlocked.ContainsKey(clientstring)) | ||
158 | { | ||
159 | _tempBlocked.Add(clientstring, | ||
160 | Util.EnvironmentTickCount() + | ||
161 | (int) _options.ForgetTimeSpan.TotalMilliseconds); | ||
162 | _forgetTimer.Enabled = true; | ||
163 | m_log.WarnFormat("[{0}]: client: {1} is blocked for {2} milliseconds based on concurrency, X-ForwardedForAllowed status is {3}, endpoint:{4}", _options.ReportingName, clientstring, _options.ForgetTimeSpan.TotalMilliseconds, _options.AllowXForwardedFor, endpoint); | ||
164 | |||
165 | } | ||
166 | else | ||
167 | _tempBlocked[clientstring] = Util.EnvironmentTickCount() + | ||
168 | (int) _options.ForgetTimeSpan.TotalMilliseconds; | ||
169 | _blockLockSlim.ExitWriteLock(); | ||
170 | |||
171 | } | ||
172 | |||
173 | |||
174 | } | ||
175 | else | ||
176 | ProcessConcurrency(key, endpoint); | ||
177 | } | ||
178 | if (_generalRequestTimes.Size == _generalRequestTimes.Capacity && | ||
179 | (Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(), _generalRequestTimes.Get()) < | ||
180 | _options.RequestTimeSpan.TotalMilliseconds)) | ||
181 | { | ||
182 | //Trigger deeper inspection | ||
183 | if (DeeperInspection(key, endpoint)) | ||
184 | return true; | ||
185 | if (_options.ThrottledAction == ThrottleAction.DoThrottledMethod) | ||
186 | return false; | ||
187 | else | ||
188 | throw new System.Security.SecurityException("Throttled"); | ||
189 | } | ||
190 | return true; | ||
191 | } | ||
192 | private void ProcessConcurrency(string key, string endpoint) | ||
193 | { | ||
194 | _sessionLockSlim.EnterWriteLock(); | ||
195 | if (_sessions.ContainsKey(key)) | ||
196 | _sessions[key] = _sessions[key] + 1; | ||
197 | else | ||
198 | _sessions.Add(key,1); | ||
199 | _sessionLockSlim.ExitWriteLock(); | ||
200 | } | ||
201 | public void ProcessEnd(string key, string endpoint) | ||
202 | { | ||
203 | _sessionLockSlim.EnterWriteLock(); | ||
204 | if (_sessions.ContainsKey(key)) | ||
205 | { | ||
206 | _sessions[key]--; | ||
207 | if (_sessions[key] <= 0) | ||
208 | _sessions.Remove(key); | ||
209 | } | ||
210 | else | ||
211 | _sessions.Add(key, 1); | ||
212 | |||
213 | _sessionLockSlim.ExitWriteLock(); | ||
214 | } | ||
215 | |||
216 | /// <summary> | ||
217 | /// At this point, the rate limiting code needs to track 'per user' velocity. | ||
218 | /// </summary> | ||
219 | /// <param name="key">Context Key, string representing a rate limiting context</param> | ||
220 | /// <param name="endpoint"></param> | ||
221 | /// <returns></returns> | ||
222 | private bool DeeperInspection(string key, string endpoint) | ||
223 | { | ||
224 | lock (_deeperInspection) | ||
225 | { | ||
226 | string clientstring = key; | ||
227 | |||
228 | |||
229 | if (_deeperInspection.ContainsKey(clientstring)) | ||
230 | { | ||
231 | _deeperInspection[clientstring].Put(Util.EnvironmentTickCount()); | ||
232 | if (_deeperInspection[clientstring].Size == _deeperInspection[clientstring].Capacity && | ||
233 | (Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(), _deeperInspection[clientstring].Get()) < | ||
234 | _options.RequestTimeSpan.TotalMilliseconds)) | ||
235 | { | ||
236 | //Looks like we're over the limit | ||
237 | _blockLockSlim.EnterWriteLock(); | ||
238 | if (!_tempBlocked.ContainsKey(clientstring)) | ||
239 | _tempBlocked.Add(clientstring, Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds); | ||
240 | else | ||
241 | _tempBlocked[clientstring] = Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds; | ||
242 | _blockLockSlim.ExitWriteLock(); | ||
243 | |||
244 | m_log.WarnFormat("[{0}]: client: {1} is blocked for {2} milliseconds, X-ForwardedForAllowed status is {3}, endpoint:{4}", _options.ReportingName, clientstring, _options.ForgetTimeSpan.TotalMilliseconds, _options.AllowXForwardedFor, endpoint); | ||
245 | |||
246 | return false; | ||
247 | } | ||
248 | //else | ||
249 | // return true; | ||
250 | } | ||
251 | else | ||
252 | { | ||
253 | _deeperInspection.Add(clientstring, new CircularBuffer<int>(_options.MaxRequestsInTimeframe + 1, true)); | ||
254 | _deeperInspection[clientstring].Put(Util.EnvironmentTickCount()); | ||
255 | _forgetTimer.Enabled = true; | ||
256 | } | ||
257 | |||
258 | } | ||
259 | return true; | ||
260 | } | ||
261 | |||
262 | } | ||
263 | |||
264 | |||
265 | public class BasicDosProtectorOptions | ||
266 | { | ||
267 | public int MaxRequestsInTimeframe; | ||
268 | public TimeSpan RequestTimeSpan; | ||
269 | public TimeSpan ForgetTimeSpan; | ||
270 | public bool AllowXForwardedFor; | ||
271 | public string ReportingName = "BASICDOSPROTECTOR"; | ||
272 | public BasicDOSProtector.ThrottleAction ThrottledAction = BasicDOSProtector.ThrottleAction.DoThrottledMethod; | ||
273 | public int MaxConcurrentSessions; | ||
274 | } | ||
275 | } | ||
diff --git a/OpenSim/Framework/CircularBuffer.cs b/OpenSim/Framework/CircularBuffer.cs new file mode 100644 index 0000000..e919337 --- /dev/null +++ b/OpenSim/Framework/CircularBuffer.cs | |||
@@ -0,0 +1,312 @@ | |||
1 | /* | ||
2 | Copyright (c) 2012, Alex Regueiro | ||
3 | All rights reserved. | ||
4 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the | ||
5 | following conditions are met: | ||
6 | |||
7 | Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. | ||
8 | Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer | ||
9 | in the documentation and/or other materials provided with the distribution. | ||
10 | |||
11 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, | ||
12 | BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
13 | IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, | ||
14 | OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, | ||
15 | OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | ||
16 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
17 | POSSIBILITY OF SUCH DAMAGE. | ||
18 | */ | ||
19 | using System; | ||
20 | using System.Collections; | ||
21 | using System.Collections.Generic; | ||
22 | using System.Threading; | ||
23 | |||
24 | namespace OpenSim.Framework | ||
25 | { | ||
26 | public class CircularBuffer<T> : ICollection<T>, IEnumerable<T>, ICollection, IEnumerable | ||
27 | { | ||
28 | private int capacity; | ||
29 | private int size; | ||
30 | private int head; | ||
31 | private int tail; | ||
32 | private T[] buffer; | ||
33 | |||
34 | [NonSerialized()] | ||
35 | private object syncRoot; | ||
36 | |||
37 | public CircularBuffer(int capacity) | ||
38 | : this(capacity, false) | ||
39 | { | ||
40 | } | ||
41 | |||
42 | public CircularBuffer(int capacity, bool allowOverflow) | ||
43 | { | ||
44 | if (capacity < 0) | ||
45 | throw new ArgumentException("Needs to have at least 1","capacity"); | ||
46 | |||
47 | this.capacity = capacity; | ||
48 | size = 0; | ||
49 | head = 0; | ||
50 | tail = 0; | ||
51 | buffer = new T[capacity]; | ||
52 | AllowOverflow = allowOverflow; | ||
53 | } | ||
54 | |||
55 | public bool AllowOverflow | ||
56 | { | ||
57 | get; | ||
58 | set; | ||
59 | } | ||
60 | |||
61 | public int Capacity | ||
62 | { | ||
63 | get { return capacity; } | ||
64 | set | ||
65 | { | ||
66 | if (value == capacity) | ||
67 | return; | ||
68 | |||
69 | if (value < size) | ||
70 | throw new ArgumentOutOfRangeException("value","Capacity is too small."); | ||
71 | |||
72 | var dst = new T[value]; | ||
73 | if (size > 0) | ||
74 | CopyTo(dst); | ||
75 | buffer = dst; | ||
76 | |||
77 | capacity = value; | ||
78 | } | ||
79 | } | ||
80 | |||
81 | public int Size | ||
82 | { | ||
83 | get { return size; } | ||
84 | } | ||
85 | |||
86 | public bool Contains(T item) | ||
87 | { | ||
88 | int bufferIndex = head; | ||
89 | var comparer = EqualityComparer<T>.Default; | ||
90 | for (int i = 0; i < size; i++, bufferIndex++) | ||
91 | { | ||
92 | if (bufferIndex == capacity) | ||
93 | bufferIndex = 0; | ||
94 | |||
95 | if (item == null && buffer[bufferIndex] == null) | ||
96 | return true; | ||
97 | else if ((buffer[bufferIndex] != null) && | ||
98 | comparer.Equals(buffer[bufferIndex], item)) | ||
99 | return true; | ||
100 | } | ||
101 | |||
102 | return false; | ||
103 | } | ||
104 | |||
105 | public void Clear() | ||
106 | { | ||
107 | size = 0; | ||
108 | head = 0; | ||
109 | tail = 0; | ||
110 | } | ||
111 | |||
112 | public int Put(T[] src) | ||
113 | { | ||
114 | return Put(src, 0, src.Length); | ||
115 | } | ||
116 | |||
117 | public int Put(T[] src, int offset, int count) | ||
118 | { | ||
119 | if (!AllowOverflow && count > capacity - size) | ||
120 | throw new InvalidOperationException("Buffer Overflow"); | ||
121 | |||
122 | int srcIndex = offset; | ||
123 | for (int i = 0; i < count; i++, tail++, srcIndex++) | ||
124 | { | ||
125 | if (tail == capacity) | ||
126 | tail = 0; | ||
127 | buffer[tail] = src[srcIndex]; | ||
128 | } | ||
129 | size = Math.Min(size + count, capacity); | ||
130 | return count; | ||
131 | } | ||
132 | |||
133 | public void Put(T item) | ||
134 | { | ||
135 | if (!AllowOverflow && size == capacity) | ||
136 | throw new InvalidOperationException("Buffer Overflow"); | ||
137 | |||
138 | buffer[tail] = item; | ||
139 | if (++tail == capacity) | ||
140 | tail = 0; | ||
141 | size++; | ||
142 | } | ||
143 | |||
144 | public void Skip(int count) | ||
145 | { | ||
146 | head += count; | ||
147 | if (head >= capacity) | ||
148 | head -= capacity; | ||
149 | } | ||
150 | |||
151 | public T[] Get(int count) | ||
152 | { | ||
153 | var dst = new T[count]; | ||
154 | Get(dst); | ||
155 | return dst; | ||
156 | } | ||
157 | |||
158 | public int Get(T[] dst) | ||
159 | { | ||
160 | return Get(dst, 0, dst.Length); | ||
161 | } | ||
162 | |||
163 | public int Get(T[] dst, int offset, int count) | ||
164 | { | ||
165 | int realCount = Math.Min(count, size); | ||
166 | int dstIndex = offset; | ||
167 | for (int i = 0; i < realCount; i++, head++, dstIndex++) | ||
168 | { | ||
169 | if (head == capacity) | ||
170 | head = 0; | ||
171 | dst[dstIndex] = buffer[head]; | ||
172 | } | ||
173 | size -= realCount; | ||
174 | return realCount; | ||
175 | } | ||
176 | |||
177 | public T Get() | ||
178 | { | ||
179 | if (size == 0) | ||
180 | throw new InvalidOperationException("Buffer Empty"); | ||
181 | |||
182 | var item = buffer[head]; | ||
183 | if (++head == capacity) | ||
184 | head = 0; | ||
185 | size--; | ||
186 | return item; | ||
187 | } | ||
188 | |||
189 | public void CopyTo(T[] array) | ||
190 | { | ||
191 | CopyTo(array, 0); | ||
192 | } | ||
193 | |||
194 | public void CopyTo(T[] array, int arrayIndex) | ||
195 | { | ||
196 | CopyTo(0, array, arrayIndex, size); | ||
197 | } | ||
198 | |||
199 | public void CopyTo(int index, T[] array, int arrayIndex, int count) | ||
200 | { | ||
201 | if (count > size) | ||
202 | throw new ArgumentOutOfRangeException("count", "Count Too Large"); | ||
203 | |||
204 | int bufferIndex = head; | ||
205 | for (int i = 0; i < count; i++, bufferIndex++, arrayIndex++) | ||
206 | { | ||
207 | if (bufferIndex == capacity) | ||
208 | bufferIndex = 0; | ||
209 | array[arrayIndex] = buffer[bufferIndex]; | ||
210 | } | ||
211 | } | ||
212 | |||
213 | public IEnumerator<T> GetEnumerator() | ||
214 | { | ||
215 | int bufferIndex = head; | ||
216 | for (int i = 0; i < size; i++, bufferIndex++) | ||
217 | { | ||
218 | if (bufferIndex == capacity) | ||
219 | bufferIndex = 0; | ||
220 | |||
221 | yield return buffer[bufferIndex]; | ||
222 | } | ||
223 | } | ||
224 | |||
225 | public T[] GetBuffer() | ||
226 | { | ||
227 | return buffer; | ||
228 | } | ||
229 | |||
230 | public T[] ToArray() | ||
231 | { | ||
232 | var dst = new T[size]; | ||
233 | CopyTo(dst); | ||
234 | return dst; | ||
235 | } | ||
236 | |||
237 | #region ICollection<T> Members | ||
238 | |||
239 | int ICollection<T>.Count | ||
240 | { | ||
241 | get { return Size; } | ||
242 | } | ||
243 | |||
244 | bool ICollection<T>.IsReadOnly | ||
245 | { | ||
246 | get { return false; } | ||
247 | } | ||
248 | |||
249 | void ICollection<T>.Add(T item) | ||
250 | { | ||
251 | Put(item); | ||
252 | } | ||
253 | |||
254 | bool ICollection<T>.Remove(T item) | ||
255 | { | ||
256 | if (size == 0) | ||
257 | return false; | ||
258 | |||
259 | Get(); | ||
260 | return true; | ||
261 | } | ||
262 | |||
263 | #endregion | ||
264 | |||
265 | #region IEnumerable<T> Members | ||
266 | |||
267 | IEnumerator<T> IEnumerable<T>.GetEnumerator() | ||
268 | { | ||
269 | return GetEnumerator(); | ||
270 | } | ||
271 | |||
272 | #endregion | ||
273 | |||
274 | #region ICollection Members | ||
275 | |||
276 | int ICollection.Count | ||
277 | { | ||
278 | get { return Size; } | ||
279 | } | ||
280 | |||
281 | bool ICollection.IsSynchronized | ||
282 | { | ||
283 | get { return false; } | ||
284 | } | ||
285 | |||
286 | object ICollection.SyncRoot | ||
287 | { | ||
288 | get | ||
289 | { | ||
290 | if (syncRoot == null) | ||
291 | Interlocked.CompareExchange(ref syncRoot, new object(), null); | ||
292 | return syncRoot; | ||
293 | } | ||
294 | } | ||
295 | |||
296 | void ICollection.CopyTo(Array array, int arrayIndex) | ||
297 | { | ||
298 | CopyTo((T[])array, arrayIndex); | ||
299 | } | ||
300 | |||
301 | #endregion | ||
302 | |||
303 | #region IEnumerable Members | ||
304 | |||
305 | IEnumerator IEnumerable.GetEnumerator() | ||
306 | { | ||
307 | return (IEnumerator)GetEnumerator(); | ||
308 | } | ||
309 | |||
310 | #endregion | ||
311 | } | ||
312 | } | ||
diff --git a/OpenSim/Framework/Servers/HttpServer/BaseStreamHandlerBasicDOSProtector.cs b/OpenSim/Framework/Servers/HttpServer/BaseStreamHandlerBasicDOSProtector.cs new file mode 100644 index 0000000..1b88545 --- /dev/null +++ b/OpenSim/Framework/Servers/HttpServer/BaseStreamHandlerBasicDOSProtector.cs | |||
@@ -0,0 +1,107 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSimulator Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | using OpenSim.Framework; | ||
28 | using System.IO; | ||
29 | |||
30 | namespace OpenSim.Framework.Servers.HttpServer | ||
31 | { | ||
32 | /// <summary> | ||
33 | /// BaseStreamHandlerBasicDOSProtector Base streamed request handler. | ||
34 | /// </summary> | ||
35 | /// <remarks> | ||
36 | /// Inheriting classes should override ProcessRequest() rather than Handle() | ||
37 | /// </remarks> | ||
38 | public abstract class BaseStreamHandlerBasicDOSProtector : BaseRequestHandler, IStreamedRequestHandler | ||
39 | { | ||
40 | |||
41 | private readonly BasicDosProtectorOptions _options; | ||
42 | private readonly BasicDOSProtector _dosProtector; | ||
43 | |||
44 | protected BaseStreamHandlerBasicDOSProtector(string httpMethod, string path, BasicDosProtectorOptions options) : this(httpMethod, path, null, null, options) {} | ||
45 | |||
46 | protected BaseStreamHandlerBasicDOSProtector(string httpMethod, string path, string name, string description, BasicDosProtectorOptions options) | ||
47 | : base(httpMethod, path, name, description) | ||
48 | { | ||
49 | _options = options; | ||
50 | _dosProtector = new BasicDOSProtector(_options); | ||
51 | } | ||
52 | |||
53 | public virtual byte[] Handle( | ||
54 | string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) | ||
55 | { | ||
56 | byte[] result; | ||
57 | RequestsReceived++; | ||
58 | string clientstring = GetClientString(httpRequest); | ||
59 | string endpoint = GetRemoteAddr(httpRequest); | ||
60 | if (_dosProtector.Process(clientstring, endpoint)) | ||
61 | result = ProcessRequest(path, request, httpRequest, httpResponse); | ||
62 | else | ||
63 | result = ThrottledRequest(path, request, httpRequest, httpResponse); | ||
64 | if (_options.MaxConcurrentSessions > 0) | ||
65 | _dosProtector.ProcessEnd(clientstring, endpoint); | ||
66 | |||
67 | RequestsHandled++; | ||
68 | |||
69 | return result; | ||
70 | } | ||
71 | |||
72 | protected virtual byte[] ProcessRequest( | ||
73 | string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) | ||
74 | { | ||
75 | return null; | ||
76 | } | ||
77 | |||
78 | protected virtual byte[] ThrottledRequest( | ||
79 | string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) | ||
80 | { | ||
81 | return new byte[0]; | ||
82 | } | ||
83 | |||
84 | |||
85 | private string GetRemoteAddr(IOSHttpRequest httpRequest) | ||
86 | { | ||
87 | string remoteaddr = string.Empty; | ||
88 | if (httpRequest.Headers["remote_addr"] != null) | ||
89 | remoteaddr = httpRequest.Headers["remote_addr"]; | ||
90 | |||
91 | return remoteaddr; | ||
92 | } | ||
93 | |||
94 | private string GetClientString(IOSHttpRequest httpRequest) | ||
95 | { | ||
96 | string clientstring = string.Empty; | ||
97 | |||
98 | if (_options.AllowXForwardedFor && httpRequest.Headers["x-forwarded-for"] != null) | ||
99 | clientstring = httpRequest.Headers["x-forwarded-for"]; | ||
100 | else | ||
101 | clientstring = GetRemoteAddr(httpRequest); | ||
102 | |||
103 | return clientstring; | ||
104 | |||
105 | } | ||
106 | } | ||
107 | } | ||
diff --git a/OpenSim/Framework/Servers/HttpServer/GenericHTTPBasicDOSProtector.cs b/OpenSim/Framework/Servers/HttpServer/GenericHTTPBasicDOSProtector.cs new file mode 100644 index 0000000..cd4b8ff --- /dev/null +++ b/OpenSim/Framework/Servers/HttpServer/GenericHTTPBasicDOSProtector.cs | |||
@@ -0,0 +1,119 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSimulator Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | using System.Collections; | ||
29 | |||
30 | namespace OpenSim.Framework.Servers.HttpServer | ||
31 | { | ||
32 | public class GenericHTTPDOSProtector | ||
33 | { | ||
34 | private readonly GenericHTTPMethod _normalMethod; | ||
35 | private readonly GenericHTTPMethod _throttledMethod; | ||
36 | |||
37 | private readonly BasicDosProtectorOptions _options; | ||
38 | private readonly BasicDOSProtector _dosProtector; | ||
39 | |||
40 | public GenericHTTPDOSProtector(GenericHTTPMethod normalMethod, GenericHTTPMethod throttledMethod, BasicDosProtectorOptions options) | ||
41 | { | ||
42 | _normalMethod = normalMethod; | ||
43 | _throttledMethod = throttledMethod; | ||
44 | |||
45 | _options = options; | ||
46 | _dosProtector = new BasicDOSProtector(_options); | ||
47 | } | ||
48 | public Hashtable Process(Hashtable request) | ||
49 | { | ||
50 | Hashtable process = null; | ||
51 | string clientstring= GetClientString(request); | ||
52 | string endpoint = GetRemoteAddr(request); | ||
53 | if (_dosProtector.Process(clientstring, endpoint)) | ||
54 | process = _normalMethod(request); | ||
55 | else | ||
56 | process = _throttledMethod(request); | ||
57 | |||
58 | if (_options.MaxConcurrentSessions>0) | ||
59 | _dosProtector.ProcessEnd(clientstring, endpoint); | ||
60 | |||
61 | return process; | ||
62 | } | ||
63 | |||
64 | private string GetRemoteAddr(Hashtable request) | ||
65 | { | ||
66 | string remoteaddr = ""; | ||
67 | if (!request.ContainsKey("headers")) | ||
68 | return remoteaddr; | ||
69 | Hashtable requestinfo = (Hashtable)request["headers"]; | ||
70 | if (!requestinfo.ContainsKey("remote_addr")) | ||
71 | return remoteaddr; | ||
72 | object remote_addrobj = requestinfo["remote_addr"]; | ||
73 | if (remote_addrobj != null) | ||
74 | { | ||
75 | if (!string.IsNullOrEmpty(remote_addrobj.ToString())) | ||
76 | { | ||
77 | remoteaddr = remote_addrobj.ToString(); | ||
78 | } | ||
79 | |||
80 | } | ||
81 | return remoteaddr; | ||
82 | } | ||
83 | |||
84 | private string GetClientString(Hashtable request) | ||
85 | { | ||
86 | string clientstring = ""; | ||
87 | if (!request.ContainsKey("headers")) | ||
88 | return clientstring; | ||
89 | |||
90 | Hashtable requestinfo = (Hashtable)request["headers"]; | ||
91 | if (_options.AllowXForwardedFor && requestinfo.ContainsKey("x-forwarded-for")) | ||
92 | { | ||
93 | object str = requestinfo["x-forwarded-for"]; | ||
94 | if (str != null) | ||
95 | { | ||
96 | if (!string.IsNullOrEmpty(str.ToString())) | ||
97 | { | ||
98 | return str.ToString(); | ||
99 | } | ||
100 | } | ||
101 | } | ||
102 | if (!requestinfo.ContainsKey("remote_addr")) | ||
103 | return clientstring; | ||
104 | |||
105 | object remote_addrobj = requestinfo["remote_addr"]; | ||
106 | if (remote_addrobj != null) | ||
107 | { | ||
108 | if (!string.IsNullOrEmpty(remote_addrobj.ToString())) | ||
109 | { | ||
110 | clientstring = remote_addrobj.ToString(); | ||
111 | } | ||
112 | } | ||
113 | |||
114 | return clientstring; | ||
115 | |||
116 | } | ||
117 | |||
118 | } | ||
119 | } | ||
diff --git a/OpenSim/Framework/Servers/HttpServer/XmlRpcBasicDOSProtector.cs b/OpenSim/Framework/Servers/HttpServer/XmlRpcBasicDOSProtector.cs new file mode 100644 index 0000000..f212208 --- /dev/null +++ b/OpenSim/Framework/Servers/HttpServer/XmlRpcBasicDOSProtector.cs | |||
@@ -0,0 +1,91 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSimulator Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | using System.Net; | ||
29 | using Nwc.XmlRpc; | ||
30 | using OpenSim.Framework; | ||
31 | |||
32 | |||
33 | namespace OpenSim.Framework.Servers.HttpServer | ||
34 | { | ||
35 | public class XmlRpcBasicDOSProtector | ||
36 | { | ||
37 | private readonly XmlRpcMethod _normalMethod; | ||
38 | private readonly XmlRpcMethod _throttledMethod; | ||
39 | |||
40 | private readonly BasicDosProtectorOptions _options; | ||
41 | private readonly BasicDOSProtector _dosProtector; | ||
42 | |||
43 | public XmlRpcBasicDOSProtector(XmlRpcMethod normalMethod, XmlRpcMethod throttledMethod,BasicDosProtectorOptions options) | ||
44 | { | ||
45 | _normalMethod = normalMethod; | ||
46 | _throttledMethod = throttledMethod; | ||
47 | |||
48 | _options = options; | ||
49 | _dosProtector = new BasicDOSProtector(_options); | ||
50 | |||
51 | } | ||
52 | public XmlRpcResponse Process(XmlRpcRequest request, IPEndPoint client) | ||
53 | { | ||
54 | |||
55 | XmlRpcResponse resp = null; | ||
56 | string clientstring = GetClientString(request, client); | ||
57 | string endpoint = GetEndPoint(request, client); | ||
58 | if (_dosProtector.Process(clientstring, endpoint)) | ||
59 | resp = _normalMethod(request, client); | ||
60 | else | ||
61 | resp = _throttledMethod(request, client); | ||
62 | if (_options.MaxConcurrentSessions > 0) | ||
63 | _dosProtector.ProcessEnd(clientstring, endpoint); | ||
64 | return resp; | ||
65 | } | ||
66 | |||
67 | private string GetClientString(XmlRpcRequest request, IPEndPoint client) | ||
68 | { | ||
69 | string clientstring; | ||
70 | if (_options.AllowXForwardedFor && request.Params.Count > 3) | ||
71 | { | ||
72 | object headerstr = request.Params[3]; | ||
73 | if (headerstr != null && !string.IsNullOrEmpty(headerstr.ToString())) | ||
74 | clientstring = request.Params[3].ToString(); | ||
75 | else | ||
76 | clientstring = client.Address.ToString(); | ||
77 | } | ||
78 | else | ||
79 | clientstring = client.Address.ToString(); | ||
80 | return clientstring; | ||
81 | } | ||
82 | |||
83 | private string GetEndPoint(XmlRpcRequest request, IPEndPoint client) | ||
84 | { | ||
85 | return client.Address.ToString(); | ||
86 | } | ||
87 | |||
88 | } | ||
89 | |||
90 | |||
91 | } | ||