ircd::net::listener: Add callback to proffer the connection before handshake.

2024-06-01 01:28:54 +02:00 · 2018-09-01 22:00:38 -07:00 · 2018-09-01 22:00:38 -07:00 · 384f5917d0
parent e3262a7b31
commit 384f5917d0
3 changed files with 28 additions and 8 deletions
--- a/include/ircd/net/acceptor.h
+++ b/include/ircd/net/acceptor.h
@ -28,6 +28,7 @@ struct ircd::net::listener::acceptor
 	std::string opts;
 	size_t backlog;
 	listener::callback cb;
+	listener::proffer pcb;
 	asio::ssl::context ssl;
 	ip::tcp::endpoint ep;
 	ip::tcp::acceptor a;
@ -55,7 +56,8 @@ struct ircd::net::listener::acceptor

 	acceptor(const string_view &name,
 	         const json::object &opts,
-	         listener::callback);
+	         listener::callback,
+	         listener::proffer);

 	~acceptor() noexcept;

--- a/include/ircd/net/listener.h
+++ b/include/ircd/net/listener.h
@ -21,6 +21,7 @@ struct ircd::net::listener
 {
 	struct acceptor;
 	using callback = std::function<void (const std::shared_ptr<socket> &)>;
+	using proffer = std::function<bool (const ipport &)>;

 	IRCD_EXCEPTION(net::error, error)

@ -33,12 +34,14 @@ struct ircd::net::listener

 	listener(const string_view &name,
 	         const json::object &options,
-	         callback);
+	         callback,
+	         proffer = {});

 	explicit
 	listener(const string_view &name,
 	         const std::string &options,
-	         callback);
+	         callback,
+	         proffer = {});

 	~listener() noexcept;

--- a/ircd/net.cc
+++ b/ircd/net.cc
@ -902,20 +902,22 @@ ircd::net::operator<<(std::ostream &s, const listener &a)

 ircd::net::listener::listener(const string_view &name,
                              const std::string &opts,
-                              callback cb)
+                              callback cb,
+                              proffer pcb)
 :listener
 {
-	name, json::object{opts}, std::move(cb)
+	name, json::object{opts}, std::move(cb), std::move(pcb)
 }
 {
 }

 ircd::net::listener::listener(const string_view &name,
                              const json::object &opts,
-                              callback cb)
+                              callback cb,
+                              proffer pcb)
 :acceptor
 {
-	std::make_shared<struct acceptor>(name, opts, std::move(cb))
+	std::make_shared<struct acceptor>(name, opts, std::move(cb), std::move(pcb))
 }
 {
 	// Starts the first asynchronous accept. This has to be done out here after
@ -1047,7 +1049,8 @@ ircd::net::operator<<(std::ostream &s, const struct listener::acceptor &a)

 ircd::net::listener::acceptor::acceptor(const string_view &name,
                                        const json::object &opts,
-                                        listener::callback cb)
+                                        listener::callback cb,
+                                        listener::proffer pcb)
 try
 :name
 {
@ -1067,6 +1070,10 @@ try
 {
 	std::move(cb)
 }
+,pcb
+{
+	std::move(pcb)
+}
 ,ssl
 {
 	asio::ssl::context::method::sslv23_server
@ -1220,6 +1227,14 @@ noexcept try
 	if(!check_accept_error(ec, *sock))
 		return;

+	// Call the proffer-callback if available. This allows the application
+	// to check whether to allow or deny this remote before the handshake.
+	if(pcb && !pcb(remote_ipport(*sock)))
+	{
+		net::close(*sock, dc::RST, close_ignore);
+		return;
+	}
+
 	// Toggles the behavior of non-async functions; see func comment
 	blocking(*sock, false);