Package net.i2p.router

Class Blocklist

java.lang.Object

net.i2p.router.Blocklist

public class Blocklist
extends Object

Manage blocking by IP address, in a manner similar to the Banlist, which blocks by router hash. We also try to keep the two lists in sync: if a router at a given IP is blocked, we will also banlist it "forever" (until the next reboot). While the reverse case (blocking the IP of a router banlisted forever) is not automatic, the transports will call add() below to block the IP, which allows the transports to terminate an inbound connection before the router ident handshake. And the on-disk blocklist can also contain router hashes to be banlisted. So, this class maintains three separate lists:

   1) The list of IP ranges, read in from a file at startup
   2) The list of hashes, read in from the same file
   3) A list of single IPs, initially empty, added to as needed

Read in the IP blocklist from a file, store it in-memory as efficiently as we can, and perform tests against it as requested. When queried for a peer that is blocklisted but isn't banlisted, banlist it forever, then go back to the file to get the original entry so we can add the reason to the banlist text. On-disk blocklist supports IPv4 only. In-memory supports both IPv4 and IPv6.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	BLOCKLIST_COUNTRY_FILE
static final String	BLOCKLIST_FILE_DEFAULT
static final String	ID_FEED	For Update Manager
static final String	ID_SYBIL

Constructor Summary

Constructors

Constructor	Description
Blocklist(RouterContext context)	Router MUST call startup()

Method Summary

Modifier and Type	Method	Description
void	add(byte[] ip)	Maintain a simple in-memory single-IP blocklist This is used for new additions, NOT for the main list of IP ranges read in from the file.
void	add(String ip)	Maintain a simple in-memory single-IP blocklist This is used for new additions, NOT for the main list of IP ranges read in from the file.
void	addCountryFile()	The blocklist-country.txt file was created or updated.
void	disable()
int	getBlocklistSize()	Size of permanent blocklist Public for console only, not a public API
static int	getFrom(long entry)	Public for console only, not a public API
long[]	getPermanentBlocks(int max)	IP ranges blocked until restart.
static int	getTo(long entry)	Public for console only, not a public API
List<Integer>	getTransientIPv4Blocks()	Single IPs blocked until restart.
List<BigInteger>	getTransientIPv6Blocks()	Single IPs blocked until restart.
boolean	isBlocklisted(byte[] ip)	calling this externally won't banlist the peer, this is just an IP check
boolean	isBlocklisted(String ip)	calling this externally won't banlist the peer, this is just an IP check
boolean	isBlocklisted(Hash peer)	Does the peer's IP address appear in the blocklist? If so, and it isn't banlisted, banlist it forever...
boolean	isBlocklisted(RouterInfo pinfo)	Does the peer's IP address appear in the blocklist? If so, and it isn't banlisted, banlist it forever...
boolean	isPermanentlyBlocklisted(int ip)	Do a binary search through the in-memory range list which is a sorted array of longs.
void	remove(byte[] ip)	Remove from the in-memory single-IP blocklist.
void	renderStatusHTML(Writer out)	Deprecated.
void	startup()	Loads the following files in-order: $I2P/blocklist.txt ~/.i2p/blocklist.txt ~/.i2p/docs/feed/blocklist/blocklist.txt ~/.i2p/blocklist-countries.txt File if specified with router.blocklist.file
static String	toStr(int ip)	Public for console only, not a public API

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

BLOCKLIST_FILE_DEFAULT

public static final String BLOCKLIST_FILE_DEFAULT

See Also:

• Constant Field Values

BLOCKLIST_COUNTRY_FILE

public static final String BLOCKLIST_COUNTRY_FILE

Since:

0.9.48

See Also:

• Constant Field Values

ID_FEED

public static final String ID_FEED

For Update Manager

Since:

0.9.48

See Also:

• Constant Field Values

ID_SYBIL

public static final String ID_SYBIL

See Also:

• Constant Field Values

Constructor Details

Blocklist

public Blocklist(RouterContext context)

Router MUST call startup()

Method Details

startup

public void startup()

Loads the following files in-order: $I2P/blocklist.txt ~/.i2p/blocklist.txt ~/.i2p/docs/feed/blocklist/blocklist.txt ~/.i2p/blocklist-countries.txt File if specified with router.blocklist.file

addCountryFile

public void addCountryFile()

The blocklist-country.txt file was created or updated. Read it in. Not required normally, as the country file is read by startup().

Since:

0.9.48

disable

public void disable()

add

public void add(String ip)

Maintain a simple in-memory single-IP blocklist This is used for new additions, NOT for the main list of IP ranges read in from the file.

Parameters:

ip - IPv4 or IPv6

add

public void add(byte[] ip)

Maintain a simple in-memory single-IP blocklist This is used for new additions, NOT for the main list of IP ranges read in from the file.

Parameters:

ip - IPv4 or IPv6

remove

public void remove(byte[] ip)

Remove from the in-memory single-IP blocklist. This is only works to undo add()s, NOT for the main list of IP ranges read in from the file.

Parameters:

ip - IPv4 or IPv6

Since:

0.9.28

isBlocklisted

public boolean isBlocklisted(Hash peer)

Does the peer's IP address appear in the blocklist? If so, and it isn't banlisted, banlist it forever...

isBlocklisted

public boolean isBlocklisted(RouterInfo pinfo)

Does the peer's IP address appear in the blocklist? If so, and it isn't banlisted, banlist it forever...

Since:

0.9.29

isBlocklisted

public boolean isBlocklisted(String ip)

calling this externally won't banlist the peer, this is just an IP check

Parameters:

ip - IPv4 or IPv6

isBlocklisted

public boolean isBlocklisted(byte[] ip)

calling this externally won't banlist the peer, this is just an IP check

Parameters:

ip - IPv4 or IPv6

isPermanentlyBlocklisted

public boolean isPermanentlyBlocklisted(int ip)

Do a binary search through the in-memory range list which is a sorted array of longs. The array is sorted in signed order, but we don't care. Each long is ((from << 32) | to) Public for console only, not a public API

Since:

0.9.45 split out from above, public since 0.9.48 for console

getFrom

public static int getFrom(long entry)

Public for console only, not a public API

Since:

public since 0.9.48

getTo

public static int getTo(long entry)

Public for console only, not a public API

Since:

public since 0.9.48

toStr

public static String toStr(int ip)

Public for console only, not a public API

Since:

public since 0.9.48

getTransientIPv4Blocks

public List<Integer> getTransientIPv4Blocks()

Single IPs blocked until restart. Unsorted. Public for console only, not a public API

Returns:

a copy, unsorted

Since:

0.9.48

getTransientIPv6Blocks

public List<BigInteger> getTransientIPv6Blocks()

Single IPs blocked until restart. Unsorted. Public for console only, not a public API

Returns:

a copy, unsorted

Since:

0.9.48

getPermanentBlocks

public long[] getPermanentBlocks(int max)

IP ranges blocked until restart. Sorted, but as signed longs, so 128-255 are first Public for console only, not a public API

Parameters:

max - maximum entries to return

Returns:

a copy, sorted

Since:

0.9.48

getBlocklistSize

public int getBlocklistSize()

Size of permanent blocklist Public for console only, not a public API

Since:

0.9.48

renderStatusHTML

@Deprecated
public void renderStatusHTML(Writer out)
                      throws IOException

Deprecated.

Does nothing, moved to console ConfigPeerHelper

Throws:

IOException