From fb14276aab794a877986dbc397ede66ea563c7fb Mon Sep 17 00:00:00 2001 From: Dirk Koopman Date: Mon, 9 Jan 2023 17:43:13 +0000 Subject: [PATCH] PC61 with badip will now also stop following PC11s --- Changes | 6 +++++ cmd/Commands_en.hlp | 22 +++++++++++++++++ perl/DXProtHandle.pm | 56 ++++++++++++++++++++++++-------------------- 3 files changed, 59 insertions(+), 25 deletions(-) diff --git a/Changes b/Changes index 12216135..ab75b6b1 100644 --- a/Changes +++ b/Changes @@ -1,3 +1,9 @@ +09Jan23======================================================================= +1. Finish implemention of DXCIDR ip address filtering. This works on both + logins (treated the same as locked out - i.e. just disconnected) and also + with PC61s where these sentences are just dropped. Also attempt to prevent + any *following* PC11s with the same data getting through. +2. Recognise PC18s coming from CC Clusters more nicely. 04Jan23======================================================================= 1. Fillout DXCIDR, attach checks in PC61 and logins. Login that fail will simply disconnect, like locked out callsigns diff --git a/cmd/Commands_en.hlp b/cmd/Commands_en.hlp index ee148a08..5320002a 100644 --- a/cmd/Commands_en.hlp +++ b/cmd/Commands_en.hlp @@ -995,6 +995,21 @@ running in order for the changes to take effect. Reload the /spider/data/bands.pl file if you have changed it manually whilst the cluster is running. +=== 6^LOAD/BADIP^Reload the bad IP address table +Reload the badip address file(s) if you have changed any of them manually +whilst the cluster is running. + +You can edit the badip.* files manually in local_data or (for instance) +obtain some bad IP addresses from the web to replace badip.base for TOR +IP addresses (this filename may change). + +There is (currently) no UNSET/BADIP command so you will need to edit +the badip.local file to remove IP addresses. + +After modification, you can reload the database with: + + LOAD/BADIP + === 9^LOAD/BADMSG^Reload the bad msg table Reload the /spider/msg/badmsg.pl file if you have changed it manually whilst the cluster is running. This table contains a number of perl regular @@ -1598,6 +1613,13 @@ To allow a word again, use the following command ... unset/baddx VIDEO +=== 6^SET/BADIP ..^Stop logins and spots with this IP address +This command will prevent logins to this node from this IP address. +It will also drop spots (PC61) from this address thus preventing them +from being propagated. + + set/badip 217.61.58.23 + === 6^SET/BADNODE ..^Stop spots from this node being propagated === 6^UNSET/BADNODE ..^Allow spots from this node again Setting a callsign as a 'badnode' will prevent spots from that node diff --git a/perl/DXProtHandle.pm b/perl/DXProtHandle.pm index d7d92707..f1972b09 100644 --- a/perl/DXProtHandle.pm +++ b/perl/DXProtHandle.pm @@ -195,17 +195,6 @@ sub handle_11 return; } - # check IP addresses - if (@$pc > 8 && is_ipaddr($pc->[8])) { - my $ip = $pc->[8]; - $ip =~ s/,/:/g; - $ip =~ s/^::ffff://; - if (DXCIDR::find($ip)) { - dbg($line) if isdbg('nologchan'); - dbg("PCProt: $ip in badip list, dropped"); - return; - } - } # convert the date to a unix date my $d = cltounix($pc->[3], $pc->[4]); @@ -235,6 +224,20 @@ sub handle_11 my @spot = Spot::prepare($pc->[1], $pc->[2], $d, $pc->[5], $nossid, $pc->[7], $pc->[8]); + # check IP addresses + if (@$pc > 8 && is_ipaddr($pc->[8])) { + my $ip = $pc->[8]; + $ip =~ s/,/:/g; + $ip =~ s/^::ffff://; + if (DXCIDR::find($ip)) { + dbg($line) if isdbg('nologchan'); + dbg("PCPROT: $ip in badip list, dropped"); + # sneakily put it into the dup list to prevent following PC11s also getting through :-) + Spot::dup(@spot[0..4,7]); + return; + } + } + # global spot filtering on INPUT if ($self->{inspotsfilter}) { my ($filter, $hops) = $self->{inspotsfilter}->it(@spot); @@ -323,7 +326,7 @@ sub handle_11 if ($s) { my $action = $senderverify > 1 ? ", DUMPED" : ''; $s =~ s/, $//; - dbg("PCProt: Suspicious Spot $pc->[2] on $pc->[1] by $pc->[6]($ip)\@$pc->[7] $s$action"); + dbg("PCPROT: Suspicious Spot $pc->[2] on $pc->[1] by $pc->[6]($ip)\@$pc->[7] $s$action"); return unless $senderverify < 2; } } @@ -758,14 +761,17 @@ sub handle_18 my $parent = Route::Node::get($self->{call}); # record the type and version offered - if (my ($version) = $pc->[1] =~ /DXSpider Version: (\d+\.\d+)/) { - $self->{version} = 53 + $version; - $self->user->version(53 + $version); - $parent->version(0 + $version); + if (my ($version) = $pc->[1] =~ /(?:DXSpider|CC\s*Cluster)\s+Version: (\d+(?:\.\d+))/) { + $version += 0; + $version += 53 if $version < 6; + $self->{version} = $version; + $self->user->version($version); + $parent->version($version); my ($build) = $pc->[1] =~ /Build: (\d+(?:\.\d+)?)/; - $self->{build} = 0 + $build; - $self->user->build(0 + $build); - $parent->build(0 + $build); + $build += 0; + $self->{build} = $build; + $self->user->build($build); + $parent->build($build); dbg("$self->{call} = DXSpider version $version build $build"); unless ($self->is_spider) { dbg("Change U " . $self->user->sort . " C $self->{sort} -> S"); @@ -1691,12 +1697,12 @@ sub _add_thingy my $old = $user->sort; if ($user->is_ak1a && (($version >= 5455 && $build > 0) || ($version >= 3000 && $version <= 3500)) ) { $user->sort('S'); - dbg("PCProt::_add_thingy node $call v: $version b: $build sort ($old) updated to " . $user->sort); + dbg("PCPROT::_add_thingy node $call v: $version b: $build sort ($old) updated to " . $user->sort); } elsif ($user->is_spider && ($version < 3000 || ($version > 4000 && $version < 5455))) { unless ($version > 0 && $build == 0) { $user->sort('A'); $build ||= 0; - dbg("PCProt::_add_thingy node $call v: $version b: $build sort ($old) downgraded to " . $user->sort); + dbg("PCPROT::_add_thingy node $call v: $version b: $build sort ($old) downgraded to " . $user->sort); } } } @@ -2053,23 +2059,23 @@ sub handle_92 my $user = check_add_user($parent->call, 'S'); my $oldsort = $user->sort // ''; - dbg("PCProt PC92 K v: $version ov: $oldversion b: $build ob: $oldbuild pk: " . ($parent->K || '0') . " uk: " . ($user->K || 0)) if isdbg('pc92k'); + dbg("PCPROT: PC92 K v: $version ov: $oldversion b: $build ob: $oldbuild pk: " . ($parent->K || '0') . " uk: " . ($user->K || 0)) if isdbg('pc92k'); if (is_numeric($version) || is_numeric($build)) { my $changed = 0; if (($oldversion ne $version || $build ne $oldbuild)) { - dbg("PCProt PC92 K node $call updated version: $version (was $oldversion) build: $build (was $oldbuild)"); + dbg("PCPROT: PC92 K node $call updated version: $version (was $oldversion) build: $build (was $oldbuild)"); $user->version($parent->version($version)); $user->build($parent->build($build)); ++$changed; } if ($oldsort ne 'S') { - dbg("PCProt PC92 K node $call updated sort: $sort (was $oldsort)"); + dbg("PCPROT: PC92 K node $call updated sort: $sort (was $oldsort)"); $user->sort('S'); ++$changed; } unless ($user->K) { - dbg("PCProt PC92 K node $call updated - marked as PC92 K user"); + dbg("PCPROT: PC92 K node $call updated - marked as PC92 K user"); $user->K(1); ++$changed; } -- 2.43.0