net.i2p.router
Class Blocklist

java.lang.Object
  extended by net.i2p.router.Blocklist

public class Blocklist
extends Object

Manage blocking by IP address, in a manner similar to the Banlist, which blocks by router hash. We also try to keep the two lists in sync: if a router at a given IP is blocked, we will also banlist it "forever" (until the next reboot). While the reverse case (blocking the IP of a router banlisted forever) is not automatic, the transports will call add() below to block the IP, which allows the transports to terminate an inbound connection before the router ident handshake. And the on-disk blocklist can also contain router hashes to be banlisted. So, this class maintains three separate lists:

   1) The list of IP ranges, read in from a file at startup
   2) The list of hashes, read in from the same file
   3) A list of single IPs, initially empty, added to as needed
Read in the IP blocklist from a file, store it in-memory as efficiently as we can, and perform tests against it as requested. When queried for a peer that is blocklisted but isn't banlisted, banlist it forever, then go back to the file to get the original entry so we can add the reason to the banlist text. On-disk blocklist supports IPv4 only. In-memory supports both IPv4 and IPv6.


Constructor Summary
Blocklist(RouterContext context)
           
 
Method Summary
 void add(byte[] ip)
          Maintain a simple in-memory single-IP blocklist This is used for new additions, NOT for the main list of IP ranges read in from the file.
 void add(String ip)
          Maintain a simple in-memory single-IP blocklist This is used for new additions, NOT for the main list of IP ranges read in from the file.
 void disable()
           
 boolean isBlocklisted(byte[] ip)
          calling this externally won't banlist the peer, this is just an IP check
 boolean isBlocklisted(Hash peer)
          Does the peer's IP address appear in the blocklist? If so, and it isn't banlisted, banlist it forever...
 boolean isBlocklisted(String ip)
          calling this externally won't banlist the peer, this is just an IP check
 void renderStatusHTML(Writer out)
          Write directly to the stream so we don't OOM on a huge list.
 void startup()
          Loads the following files in-order: $I2P/blocklist.txt ~/.i2p/blocklist.txt File if specified with router.blocklist.file
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

Blocklist

public Blocklist(RouterContext context)
Method Detail

startup

public void startup()
Loads the following files in-order: $I2P/blocklist.txt ~/.i2p/blocklist.txt File if specified with router.blocklist.file


disable

public void disable()

add

public void add(String ip)
Maintain a simple in-memory single-IP blocklist This is used for new additions, NOT for the main list of IP ranges read in from the file.

Parameters:
ip - IPv4 or IPv6

add

public void add(byte[] ip)
Maintain a simple in-memory single-IP blocklist This is used for new additions, NOT for the main list of IP ranges read in from the file.

Parameters:
ip - IPv4 or IPv6

isBlocklisted

public boolean isBlocklisted(Hash peer)
Does the peer's IP address appear in the blocklist? If so, and it isn't banlisted, banlist it forever...


isBlocklisted

public boolean isBlocklisted(String ip)
calling this externally won't banlist the peer, this is just an IP check

Parameters:
ip - IPv4 or IPv6

isBlocklisted

public boolean isBlocklisted(byte[] ip)
calling this externally won't banlist the peer, this is just an IP check

Parameters:
ip - IPv4 or IPv6

renderStatusHTML

public void renderStatusHTML(Writer out)
                      throws IOException
Write directly to the stream so we don't OOM on a huge list. Go through each list twice since we store out-of-order. TODO move to routerconsole, but that would require exposing the _blocklist array.

Throws:
IOException