123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275 |
-
- using System;
- using System.Collections.Generic;
- using System.Reflection;
- using log4net;
- namespace OpenSim.Framework
- {
- public class BasicDOSProtector
- {
- public enum ThrottleAction
- {
- DoThrottledMethod,
- DoThrow
- }
- private readonly CircularBuffer<int> _generalRequestTimes;
- private readonly BasicDosProtectorOptions _options;
- private readonly Dictionary<string, CircularBuffer<int>> _deeperInspection;
- private readonly Dictionary<string, int> _tempBlocked;
- private readonly Dictionary<string, int> _sessions;
- private readonly System.Timers.Timer _forgetTimer;
- private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
- private readonly System.Threading.ReaderWriterLockSlim _blockLockSlim = new System.Threading.ReaderWriterLockSlim();
- private readonly System.Threading.ReaderWriterLockSlim _sessionLockSlim = new System.Threading.ReaderWriterLockSlim();
- public BasicDOSProtector(BasicDosProtectorOptions options)
- {
- _generalRequestTimes = new CircularBuffer<int>(options.MaxRequestsInTimeframe + 1, true);
- _generalRequestTimes.Put(0);
- _options = options;
- _deeperInspection = new Dictionary<string, CircularBuffer<int>>();
- _tempBlocked = new Dictionary<string, int>();
- _sessions = new Dictionary<string, int>();
- _forgetTimer = new System.Timers.Timer();
- _forgetTimer.Elapsed += delegate
- {
- _forgetTimer.Enabled = false;
- List<string> removes = new List<string>();
- _blockLockSlim.EnterReadLock();
- foreach (string str in _tempBlocked.Keys)
- {
- if (
- Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(),
- _tempBlocked[str]) > 0)
- removes.Add(str);
- }
- _blockLockSlim.ExitReadLock();
- lock (_deeperInspection)
- {
- _blockLockSlim.EnterWriteLock();
- for (int i = 0; i < removes.Count; i++)
- {
- _tempBlocked.Remove(removes[i]);
- _deeperInspection.Remove(removes[i]);
- _sessions.Remove(removes[i]);
- }
- _blockLockSlim.ExitWriteLock();
- }
- foreach (string str in removes)
- {
- m_log.InfoFormat("[{0}] client: {1} is no longer blocked.",
- _options.ReportingName, str);
- }
- _blockLockSlim.EnterReadLock();
- if (_tempBlocked.Count > 0)
- _forgetTimer.Enabled = true;
- _blockLockSlim.ExitReadLock();
- };
- _forgetTimer.Interval = _options.ForgetTimeSpan.TotalMilliseconds;
- }
-
-
-
-
-
- public bool IsBlocked(string key)
- {
- bool ret = false;
- _blockLockSlim.EnterReadLock();
- ret = _tempBlocked.ContainsKey(key);
- _blockLockSlim.ExitReadLock();
- return ret;
- }
-
-
-
-
-
-
- public bool Process(string key, string endpoint)
- {
- if (_options.MaxRequestsInTimeframe < 1 || _options.RequestTimeSpan.TotalMilliseconds < 1)
- return true;
- string clientstring = key;
- _blockLockSlim.EnterReadLock();
- if (_tempBlocked.ContainsKey(clientstring))
- {
- _blockLockSlim.ExitReadLock();
- if (_options.ThrottledAction == ThrottleAction.DoThrottledMethod)
- return false;
- else
- throw new System.Security.SecurityException("Throttled");
- }
- _blockLockSlim.ExitReadLock();
- lock (_generalRequestTimes)
- _generalRequestTimes.Put(Util.EnvironmentTickCount());
- if (_options.MaxConcurrentSessions > 0)
- {
- int sessionscount = 0;
- _sessionLockSlim.EnterReadLock();
- if (_sessions.ContainsKey(key))
- sessionscount = _sessions[key];
- _sessionLockSlim.ExitReadLock();
- if (sessionscount > _options.MaxConcurrentSessions)
- {
-
- lock (_deeperInspection)
- {
- _blockLockSlim.EnterWriteLock();
- if (!_tempBlocked.ContainsKey(clientstring))
- {
- _tempBlocked.Add(clientstring,
- Util.EnvironmentTickCount() +
- (int) _options.ForgetTimeSpan.TotalMilliseconds);
- _forgetTimer.Enabled = true;
- m_log.WarnFormat("[{0}]: client: {1} is blocked for {2} milliseconds based on concurrency, X-ForwardedForAllowed status is {3}, endpoint:{4}", _options.ReportingName, clientstring, _options.ForgetTimeSpan.TotalMilliseconds, _options.AllowXForwardedFor, endpoint);
- }
- else
- _tempBlocked[clientstring] = Util.EnvironmentTickCount() +
- (int) _options.ForgetTimeSpan.TotalMilliseconds;
- _blockLockSlim.ExitWriteLock();
- }
- }
- else
- ProcessConcurrency(key, endpoint);
- }
- if (_generalRequestTimes.Size == _generalRequestTimes.Capacity &&
- (Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(), _generalRequestTimes.Get()) <
- _options.RequestTimeSpan.TotalMilliseconds))
- {
-
- if (DeeperInspection(key, endpoint))
- return true;
- if (_options.ThrottledAction == ThrottleAction.DoThrottledMethod)
- return false;
- else
- throw new System.Security.SecurityException("Throttled");
- }
- return true;
- }
- private void ProcessConcurrency(string key, string endpoint)
- {
- _sessionLockSlim.EnterWriteLock();
- if (_sessions.ContainsKey(key))
- _sessions[key] = _sessions[key] + 1;
- else
- _sessions.Add(key,1);
- _sessionLockSlim.ExitWriteLock();
- }
- public void ProcessEnd(string key, string endpoint)
- {
- _sessionLockSlim.EnterWriteLock();
- if (_sessions.ContainsKey(key))
- {
- _sessions[key]--;
- if (_sessions[key] <= 0)
- _sessions.Remove(key);
- }
- else
- _sessions.Add(key, 1);
- _sessionLockSlim.ExitWriteLock();
- }
-
-
-
-
-
-
- private bool DeeperInspection(string key, string endpoint)
- {
- lock (_deeperInspection)
- {
- string clientstring = key;
- if (_deeperInspection.ContainsKey(clientstring))
- {
- _deeperInspection[clientstring].Put(Util.EnvironmentTickCount());
- if (_deeperInspection[clientstring].Size == _deeperInspection[clientstring].Capacity &&
- (Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(), _deeperInspection[clientstring].Get()) <
- _options.RequestTimeSpan.TotalMilliseconds))
- {
-
- _blockLockSlim.EnterWriteLock();
- if (!_tempBlocked.ContainsKey(clientstring))
- _tempBlocked.Add(clientstring, Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds);
- else
- _tempBlocked[clientstring] = Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds;
- _blockLockSlim.ExitWriteLock();
- m_log.WarnFormat("[{0}]: client: {1} is blocked for {2} milliseconds, X-ForwardedForAllowed status is {3}, endpoint:{4}", _options.ReportingName, clientstring, _options.ForgetTimeSpan.TotalMilliseconds, _options.AllowXForwardedFor, endpoint);
- return false;
- }
-
-
- }
- else
- {
- _deeperInspection.Add(clientstring, new CircularBuffer<int>(_options.MaxRequestsInTimeframe + 1, true));
- _deeperInspection[clientstring].Put(Util.EnvironmentTickCount());
- _forgetTimer.Enabled = true;
- }
- }
- return true;
- }
- }
- public class BasicDosProtectorOptions
- {
- public int MaxRequestsInTimeframe;
- public TimeSpan RequestTimeSpan;
- public TimeSpan ForgetTimeSpan;
- public bool AllowXForwardedFor;
- public string ReportingName = "BASICDOSPROTECTOR";
- public BasicDOSProtector.ThrottleAction ThrottledAction = BasicDOSProtector.ThrottleAction.DoThrottledMethod;
- public int MaxConcurrentSessions;
- }
- }
|