From 1ffb1aea75c36def56b709bd0892b19df78d9249 Mon Sep 17 00:00:00 2001
From: Trustin Lee
+ * i.e.:
+ * CIDR subnet = newCIDR ("10.10.10.0/24"); or
+ * CIDR subnet = newCIDR ("1fff:0:0a88:85a3:0:0:ac1f:8001/24"); or
+ * CIDR subnet = newCIDR ("10.10.10.0/255.255.255.0");
+ * @param cidr
+ * @return the generated CIDR
+ * @throws UnknownHostException
+ */
+ public static CIDR newCIDR(String cidr) throws UnknownHostException
+ {
+ int p = cidr.indexOf("/");
+ if (p < 0)
+ {
+ throw new UnknownHostException("Invalid CIDR notation used: " + cidr);
+ }
+ String addrString = cidr.substring(0, p);
+ String maskString = cidr.substring(p + 1);
+ InetAddress addr = addressStringToInet(addrString);
+ int mask = 0;
+ if (maskString.indexOf(".") < 0)
+ {
+ mask = parseInt(maskString, -1);
+ }
+ else
+ {
+ mask = getNetMask(maskString);
+ if (addr instanceof Inet6Address)
+ {
+ mask += 96;
+ }
+ }
+ if (mask < 0)
+ {
+ throw new UnknownHostException("Invalid mask length used: " + maskString);
+ }
+ return newCIDR(addr, mask);
+ }
+
+ /** @return the baseAddress of the CIDR block. */
+ public InetAddress getBaseAddress()
+ {
+ return baseAddress;
+ }
+
+ /** @return the Mask length. */
+ public int getMask()
+ {
+ return cidrMask;
+ }
+
+ /** @return the textual CIDR notation. */
+ @Override
+ public String toString()
+ {
+ return baseAddress.getHostAddress() + "/" + cidrMask;
+ }
+
+ /** @return the end address of this block. */
+ public abstract InetAddress getEndAddress();
+
+ /**
+ * Compares the given InetAddress against the CIDR and returns true if
+ * the ip is in the subnet-ip-range and false if not.
+ * @param inetAddress
+ * @return returns true if the given IP address is inside the currently
+ * set network.
+ */
+ public abstract boolean contains(InetAddress inetAddress);
+
+ /** Convert an IPv4 or IPv6 textual representation into an
+ * InetAddress.
+ * @param addr
+ * @return the created InetAddress
+ * @throws UnknownHostException
+ */
+ private static InetAddress addressStringToInet(String addr) throws UnknownHostException
+ {
+ return InetAddress.getByName(addr);
+ }
+
+ /**
+ * Get the Subnet's Netmask in Decimal format.
+ * i.e.: getNetMask("255.255.255.0") returns the integer CIDR mask
+ * @param netMask a network mask
+ * @return the integer CIDR mask
+ * */
+ private static int getNetMask(String netMask)
+ {
+ StringTokenizer nm = new StringTokenizer(netMask, ".");
+ int i = 0;
+ int[] netmask = new int[4];
+ while (nm.hasMoreTokens())
+ {
+ netmask[i] = Integer.parseInt(nm.nextToken());
+ i++;
+ }
+ int mask1 = 0;
+ for (i = 0; i < 4; i++)
+ {
+ mask1 += Integer.bitCount(netmask[i]);
+ }
+ return mask1;
+ }
+
+ /** @param intstr a string containing an integer.
+ * @param def the default if the string does not contain a valid
+ * integer.
+ * @return the inetAddress from the integer
+ */
+ private static int parseInt(String intstr, int def)
+ {
+ Integer res;
+ if (intstr == null)
+ {
+ return def;
+ }
+ try
+ {
+ res = Integer.decode(intstr);
+ }
+ catch (Exception e)
+ {
+ res = new Integer(def);
+ }
+ return res.intValue();
+ }
+
+ /**
+ * Compute a byte representation of IpV4 from a IpV6
+ * @param address
+ * @return the byte representation
+ * @throws IllegalArgumentException if the IpV6 cannot be mapped to IpV4
+ */
+ public static byte[] getIpV4FromIpV6(Inet6Address address) throws IllegalArgumentException
+ {
+ byte[] baddr = address.getAddress();
+ for (int i = 0; i < 9; i++)
+ {
+ if (baddr[i] != 0)
+ {
+ throw new IllegalArgumentException("This IPv6 address cannot be used in IPv4 context");
+ }
+ }
+ if (baddr[10] != 0 && baddr[10] != 0xFF || baddr[11] != 0 && baddr[11] != 0xFF)
+ {
+ throw new IllegalArgumentException("This IPv6 address cannot be used in IPv4 context");
+ }
+ return new byte[]
+ {baddr[12], baddr[13], baddr[14], baddr[15]};
+ }
+
+ /**
+ * Compute a byte representation of IpV6 from a IpV4
+ * @param address
+ * @return the byte representation
+ * @throws IllegalArgumentException if the IpV6 cannot be mapped to IpV4
+ */
+ public static byte[] getIpV6FromIpV4(Inet4Address address) throws IllegalArgumentException
+ {
+ byte[] baddr = address.getAddress();
+ return new byte[]
+ {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, baddr[0], baddr[1], baddr[2], baddr[3]};
+ }
+}
diff --git a/src/main/java/org/jboss/netty/handler/ipfilter/CIDR4.java b/src/main/java/org/jboss/netty/handler/ipfilter/CIDR4.java
new file mode 100644
index 0000000000..80b42fd90f
--- /dev/null
+++ b/src/main/java/org/jboss/netty/handler/ipfilter/CIDR4.java
@@ -0,0 +1,197 @@
+/*
+ * Copyright 2009 Red Hat, Inc.
+ *
+ * Red Hat licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ipfilter;
+
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+/**
+ * @author frederic bregier
+ */
+public class CIDR4 extends CIDR
+{
+ /**
+ * The integer for the base address
+ */
+ private int addressInt;
+
+ /**
+ * The integer for the end address
+ */
+ private final int addressEndInt;
+
+ /**
+ * @param newaddr
+ * @param mask
+ */
+ protected CIDR4(Inet4Address newaddr, int mask)
+ {
+ cidrMask = mask;
+ addressInt = ipv4AddressToInt(newaddr);
+ int newmask = ipv4PrefixLengthToMask(mask);
+ addressInt &= newmask;
+ try
+ {
+ baseAddress = intToIPv4Address(addressInt);
+ }
+ catch (UnknownHostException e)
+ {
+ // this should never happen
+ }
+ addressEndInt = addressInt + ipv4PrefixLengthToLength(cidrMask) - 1;
+ }
+
+ @Override
+ public InetAddress getEndAddress()
+ {
+ try
+ {
+ return intToIPv4Address(addressEndInt);
+ }
+ catch (UnknownHostException e)
+ {
+ // this should never happen
+ return null;
+ }
+ }
+
+ @Override
+public int compareTo(CIDR arg)
+ {
+ if (arg instanceof CIDR6)
+ {
+ byte[] address = getIpV4FromIpV6((Inet6Address) arg.baseAddress);
+ int net = ipv4AddressToInt(address);
+ if (net == addressInt && arg.cidrMask == cidrMask)
+ {
+ return 0;
+ }
+ if (net < addressInt)
+ {
+ return 1;
+ }
+ else if (net > addressInt)
+ {
+ return -1;
+ }
+ else if (arg.cidrMask < cidrMask)
+ {
+ return -1;
+ }
+ return 1;
+ }
+ CIDR4 o = (CIDR4) arg;
+ if (o.addressInt == addressInt && o.cidrMask == cidrMask)
+ {
+ return 0;
+ }
+ if (o.addressInt < addressInt)
+ {
+ return 1;
+ }
+ else if (o.addressInt > addressInt)
+ {
+ return -1;
+ }
+ else if (o.cidrMask < cidrMask)
+ {
+ // greater Mask means less IpAddresses so -1
+ return -1;
+ }
+ return 1;
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.netty.handler.ipfilter.CIDR#contains(java.net.InetAddress)
+ */
+ @Override
+ public boolean contains(InetAddress inetAddress)
+ {
+ int search = ipv4AddressToInt(inetAddress);
+ return search >= addressInt && search <= addressEndInt;
+ }
+
+ /** Given an IPv4 baseAddress length, return the block length. I.e., a
+ * baseAddress length of 24 will return 256. */
+ private static int ipv4PrefixLengthToLength(int prefix_length)
+ {
+ return 1 << 32 - prefix_length;
+ }
+
+ /** Given a baseAddress length, return a netmask. I.e, a baseAddress length
+ * of 24 will return 0xFFFFFF00. */
+ private static int ipv4PrefixLengthToMask(int prefix_length)
+ {
+ return ~((1 << 32 - prefix_length) - 1);
+ }
+
+ /** Convert an integer into an (IPv4) InetAddress.
+ * @param addr
+ * @return the created InetAddress
+ * @throws UnknownHostException
+ * @throws UnknownHostException
+ */
+ private static InetAddress intToIPv4Address(int addr) throws UnknownHostException
+ {
+ byte[] a = new byte[4];
+ a[0] = (byte) (addr >> 24 & 0xFF);
+ a[1] = (byte) (addr >> 16 & 0xFF);
+ a[2] = (byte) (addr >> 8 & 0xFF);
+ a[3] = (byte) (addr & 0xFF);
+ return InetAddress.getByAddress(a);
+ }
+
+ /** Given an IPv4 address, convert it into an integer.
+ * @param addr
+ * @return the integer representation of the InetAddress
+ *
+ * @throws IllegalArgumentException if the address is really an
+ * IPv6 address.
+ */
+ private static int ipv4AddressToInt(InetAddress addr)
+ {
+ byte[] address = null;
+ if (addr instanceof Inet6Address)
+ {
+ address = getIpV4FromIpV6((Inet6Address) addr);
+ }
+ else
+ {
+ address = addr.getAddress();
+ }
+ return ipv4AddressToInt(address);
+ }
+
+ /** Given an IPv4 address as array of bytes, convert it into an integer.
+ * @param address
+ * @return the integer representation of the InetAddress
+ *
+ * @throws IllegalArgumentException if the address is really an
+ * IPv6 address.
+ */
+ private static int ipv4AddressToInt(byte[] address)
+ {
+ int net = 0;
+ for (byte addres : address)
+ {
+ net <<= 8;
+ net |= addres & 0xFF;
+ }
+ return net;
+ }
+}
diff --git a/src/main/java/org/jboss/netty/handler/ipfilter/CIDR6.java b/src/main/java/org/jboss/netty/handler/ipfilter/CIDR6.java
new file mode 100644
index 0000000000..160a86e43e
--- /dev/null
+++ b/src/main/java/org/jboss/netty/handler/ipfilter/CIDR6.java
@@ -0,0 +1,201 @@
+/*
+ * Copyright 2009 Red Hat, Inc.
+ *
+ * Red Hat licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ipfilter;
+
+import java.math.BigInteger;
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+import org.jboss.netty.logging.InternalLogger;
+import org.jboss.netty.logging.InternalLoggerFactory;
+
+/**
+ * @author frederic bregier
+ */
+public class CIDR6 extends CIDR
+{
+
+ private static final InternalLogger logger = InternalLoggerFactory.getInstance(CIDR6.class);
+
+ /**
+ * The big integer for the base address
+ */
+ private BigInteger addressBigInt;
+
+ /**
+ * The big integer for the end address
+ */
+ private final BigInteger addressEndBigInt;
+
+ /**
+ * @param newaddress
+ * @param newmask
+ */
+ protected CIDR6(Inet6Address newaddress, int newmask)
+ {
+ cidrMask = newmask;
+ addressBigInt = ipv6AddressToBigInteger(newaddress);
+ BigInteger mask = ipv6CidrMaskToMask(newmask);
+ try
+ {
+ addressBigInt = addressBigInt.and(mask);
+ baseAddress = bigIntToIPv6Address(addressBigInt);
+ }
+ catch (UnknownHostException e)
+ {
+ // this should never happen.
+ }
+ addressEndBigInt = addressBigInt.add(ipv6CidrMaskToBaseAddress(cidrMask)).subtract(BigInteger.ONE);
+ }
+
+ @Override
+ public InetAddress getEndAddress()
+ {
+ try
+ {
+ return bigIntToIPv6Address(addressEndBigInt);
+ }
+ catch (UnknownHostException e)
+ {
+ logger.error("invalid ip address calculated as an end address");
+ return null;
+ }
+ }
+
+ @Override
+public int compareTo(CIDR arg)
+ {
+ if (arg instanceof CIDR4)
+ {
+ BigInteger net = ipv6AddressToBigInteger(arg.baseAddress);
+ int res = net.compareTo(addressBigInt);
+ if (res == 0)
+ {
+ if (arg.cidrMask == cidrMask)
+ {
+ return 0;
+ }
+ else if (arg.cidrMask < cidrMask)
+ {
+ return -1;
+ }
+ return 1;
+ }
+ return res;
+ }
+ CIDR6 o = (CIDR6) arg;
+ if (o.addressBigInt.equals(addressBigInt) && o.cidrMask == cidrMask)
+ {
+ return 0;
+ }
+ int res = o.addressBigInt.compareTo(addressBigInt);
+ if (res == 0)
+ {
+ if (o.cidrMask < cidrMask)
+ {
+ // greater Mask means less IpAddresses so -1
+ return -1;
+ }
+ return 1;
+ }
+ return res;
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.netty.handler.ipfilter.CIDR#contains(java.net.InetAddress)
+ */
+ @Override
+ public boolean contains(InetAddress inetAddress)
+ {
+ BigInteger search = ipv6AddressToBigInteger(inetAddress);
+ return search.compareTo(addressBigInt) >= 0 && search.compareTo(addressEndBigInt) <= 0;
+ }
+
+ /** Given an IPv6 baseAddress length, return the block length. I.e., a
+ * baseAddress length of 96 will return 2**32. */
+ private static BigInteger ipv6CidrMaskToBaseAddress(int cidrMask)
+ {
+ return BigInteger.ONE.shiftLeft(128 - cidrMask);
+ }
+
+ private static BigInteger ipv6CidrMaskToMask(int cidrMask)
+ {
+ return BigInteger.ONE.shiftLeft(128 - cidrMask).subtract(BigInteger.ONE).not();
+ }
+
+ /** Given an IPv6 address, convert it into a BigInteger.
+ * @param addr
+ * @return the integer representation of the InetAddress
+ *
+ * @throws IllegalArgumentException if the address is not an IPv6
+ * address.
+ */
+ private static BigInteger ipv6AddressToBigInteger(InetAddress addr)
+ {
+ byte[] ipv6;
+ if (addr instanceof Inet4Address)
+ {
+ ipv6 = getIpV6FromIpV4((Inet4Address) addr);
+ }
+ else
+ {
+ ipv6 = addr.getAddress();
+ }
+ if (ipv6[0] == -1)
+ {
+ return new BigInteger(1, ipv6);
+ }
+ return new BigInteger(ipv6);
+ }
+
+ /** Convert a big integer into an IPv6 address.
+ * @param addr
+ * @return the inetAddress from the integer
+ *
+ * @throws UnknownHostException if the big integer is too large,
+ * and thus an invalid IPv6 address.
+ */
+ private static InetAddress bigIntToIPv6Address(BigInteger addr) throws UnknownHostException
+ {
+ byte[] a = new byte[16];
+ byte[] b = addr.toByteArray();
+ if (b.length > 16 && !(b.length == 17 && b[0] == 0))
+ {
+ throw new UnknownHostException("invalid IPv6 address (too big)");
+ }
+ if (b.length == 16)
+ {
+ return InetAddress.getByAddress(b);
+ }
+ // handle the case where the IPv6 address starts with "FF".
+ if (b.length == 17)
+ {
+ System.arraycopy(b, 1, a, 0, 16);
+ }
+ else
+ {
+ // copy the address into a 16 byte array, zero-filled.
+ int p = 16 - b.length;
+ for (int i = 0; i < b.length; i++)
+ {
+ a[p + i] = b[i];
+ }
+ }
+ return InetAddress.getByAddress(a);
+ }
+}
diff --git a/src/main/java/org/jboss/netty/handler/ipfilter/IpFilterListener.java b/src/main/java/org/jboss/netty/handler/ipfilter/IpFilterListener.java
new file mode 100644
index 0000000000..605ce143a8
--- /dev/null
+++ b/src/main/java/org/jboss/netty/handler/ipfilter/IpFilterListener.java
@@ -0,0 +1,74 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.netty.handler.ipfilter;
+
+import java.net.InetSocketAddress;
+
+import org.jboss.netty.channel.ChannelEvent;
+import org.jboss.netty.channel.ChannelFuture;
+import org.jboss.netty.channel.ChannelHandlerContext;
+
+/**
+ * The listener interface for receiving ipFilter events.
+ *
+ * @see IpFilteringHandler
+ *
+ * @author Ron
+ */
+public interface IpFilterListener
+{
+
+ /**
+ * Called when the channel has the CONNECTED status and the channel was allowed by a previous call to accept().
+ * This method enables your implementation to send a message back to the client before closing
+ * or whatever you need. This method returns a ChannelFuture on which the implementation
+ * can wait uninterruptibly before continuing.
+ * For instance, If a message is sent back, the corresponding ChannelFuture has to be returned.
+ * @param ctx
+ * @param e
+ * @param inetSocketAddress the remote {@link InetSocketAddress} from client
+ * @return the associated ChannelFuture to be waited for before closing the channel. Null is allowed.
+ */
+ public ChannelFuture allowed(ChannelHandlerContext ctx, ChannelEvent e, InetSocketAddress inetSocketAddress);
+
+ /**
+ * Called when the channel has the CONNECTED status and the channel was refused by a previous call to accept().
+ * This method enables your implementation to send a message back to the client before closing
+ * or whatever you need. This method returns a ChannelFuture on which the implementation
+ * will wait uninterruptibly before closing the channel.
+ * For instance, If a message is sent back, the corresponding ChannelFuture has to be returned.
+ * @param ctx
+ * @param e
+ * @param inetSocketAddress the remote {@link InetSocketAddress} from client
+ * @return the associated ChannelFuture to be waited for before closing the channel. Null is allowed.
+ */
+ public ChannelFuture refused(ChannelHandlerContext ctx, ChannelEvent e, InetSocketAddress inetSocketAddress);
+
+ /**
+ * Called in handleUpstream, if this channel was previously blocked,
+ * to check if whatever the event, it should be passed to the next entry in the pipeline.
+ * If one wants to not block events, just overridden this method by returning always true.
+ * Note that OPENED and BOUND events are still passed to the next entry in the pipeline since
+ * those events come out before the CONNECTED event and so the possibility to filter the connection.
+ * @param ctx
+ * @param e
+ * @return True if the event should continue, False if the event should not continue
+ * since this channel was blocked by this filter
+ */
+ public boolean continues(ChannelHandlerContext ctx, ChannelEvent e);
+
+}
diff --git a/src/main/java/org/jboss/netty/handler/ipfilter/IpFilterRule.java b/src/main/java/org/jboss/netty/handler/ipfilter/IpFilterRule.java
new file mode 100644
index 0000000000..cae6b16270
--- /dev/null
+++ b/src/main/java/org/jboss/netty/handler/ipfilter/IpFilterRule.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2009 Red Hat, Inc.
+ *
+ * Red Hat licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ipfilter;
+
+/**
+ * This Interface defines an Ip Filter Rule.
+ *
+ * @author frederic bregier
+ *
+ */
+public interface IpFilterRule extends IpSet
+{
+ /**
+ *
+ * @return True if this Rule is an ALLOW rule
+ */
+ public boolean isAllowRule();
+
+ /**
+ *
+ * @return True if this Rule is a DENY rule
+ */
+ public boolean isDenyRule();
+}
diff --git a/src/main/java/org/jboss/netty/handler/ipfilter/IpFilterRuleHandler.java b/src/main/java/org/jboss/netty/handler/ipfilter/IpFilterRuleHandler.java
new file mode 100644
index 0000000000..a9c35c5ebb
--- /dev/null
+++ b/src/main/java/org/jboss/netty/handler/ipfilter/IpFilterRuleHandler.java
@@ -0,0 +1,328 @@
+/*
+ * Copyright 2009 Red Hat, Inc.
+ *
+ * Red Hat licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ipfilter;
+
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import java.util.concurrent.CopyOnWriteArrayList;
+
+import org.jboss.netty.channel.ChannelEvent;
+import org.jboss.netty.channel.ChannelHandler.Sharable;
+import org.jboss.netty.channel.ChannelHandlerContext;
+
+/**
+ * Implementation of Filter of IP based on ALLOW and DENY rules.
+ *
+ * This implementation could be changed by implementing a new {@link IpFilterRule} than default
+ * {@link IpV4SubnetFilterRule} (IPV4 support only), {@link IpSubnetFilterRule} (IPV4 and IPV6 support) or {@link IpFilterRule} (IP and host name string pattern support) .
+ *
+ * The check is done by going from step to step in the underlying array of IpFilterRule.
+ * Each {@link IpFilterRule} answers to the method accept if the {@link InetAddress} is accepted or not,
+ * according to its implementation. If an InetAddress arrives at the end of the list, as in Firewall
+ * usual rules, the InetAddress is therefore accepted by default.
+ *
+ *
+ *
+ * An empty list means allow all (no limitation).
+ * For efficiency reason, you should not add/remove too frequently IpFilterRules to/from this handler.
+ * You should prefer to replace an entry (set method) with an ALLOW/DENY ALL IpFilterRule
+ * if possible.
+ * This handler should be created only once and reused on every pipeline since it handles
+ * a global status of what is allowed or blocked.
+ *
+ * Note that {@link IpSubnetFilterRule} which supports IPV4 and IPV6 should be used with as much as
+ * possible no mixed IP protocol. Both IPV4 and IPV6 are supported but a mix (IpFilter in IPV6 notation
+ * and the address from the channel in IPV4, or the reverse) can lead to wrong result.
+ * @author frederic bregier
+ *
+ */
+@Sharable
+public class IpFilterRuleHandler extends IpFilteringHandlerImpl
+{
+ /**
+ * List of {@link IpFilterRule}
+ */
+ private final CopyOnWriteArrayList
+ * Rule List Syntax:
+ *
+ *
+ * RuleList ::= Rule[,Rule]*
+ * Rule ::= AllowRule | BlockRule
+ * AllowRule ::= +Filter
+ * BlockRule ::= -Filter
+ * Filter ::= PatternFilter | CIDRFilter
+ * PatternFilter ::= @see PatternRule
+ * CIDRFilter ::= c:CIDRFilter
+ * CIDRFilter ::= @see CIDR.newCIDR(String)
+ *
+ *
+ * Example: allow only localhost:
+ *
+ * new IPFilterRuleHandler().addAll(new IpFilterRuleList("+n:localhost, -n:*"));
+ *
+ *
+ * @author Ron
+ */
+public class IpFilterRuleList extends ArrayList
+ * Users can add an {@link IpFilterListener} to add specific actions in case a connection is allowed or refused.
+ *
+ * @author Ron
+ */
+public interface IpFilteringHandler
+{
+
+ /**
+ * Sets the filter listener.
+ *
+ * @param listener the new ip filter listener
+ */
+ public void setIpFilterListener(IpFilterListener listener);
+
+ /**
+ * Remove the filter listener.
+ */
+ public void removeIpFilterListener();
+}
diff --git a/src/main/java/org/jboss/netty/handler/ipfilter/IpFilteringHandlerImpl.java b/src/main/java/org/jboss/netty/handler/ipfilter/IpFilteringHandlerImpl.java
new file mode 100644
index 0000000000..b0cb22c4a8
--- /dev/null
+++ b/src/main/java/org/jboss/netty/handler/ipfilter/IpFilteringHandlerImpl.java
@@ -0,0 +1,207 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.netty.handler.ipfilter;
+
+import java.net.InetSocketAddress;
+
+import org.jboss.netty.channel.ChannelEvent;
+import org.jboss.netty.channel.ChannelFuture;
+import org.jboss.netty.channel.ChannelFutureListener;
+import org.jboss.netty.channel.ChannelHandlerContext;
+import org.jboss.netty.channel.ChannelStateEvent;
+import org.jboss.netty.channel.ChannelUpstreamHandler;
+import org.jboss.netty.channel.Channels;
+
+// TODO: Auto-generated Javadoc
+/**
+ * General class that handle Ip Filtering.
+ *
+ * @author frederic bregier
+ */
+public abstract class IpFilteringHandlerImpl implements ChannelUpstreamHandler, IpFilteringHandler
+{
+
+ private IpFilterListener listener = null;
+
+ /**
+ * Called when the channel is connected. It returns True if the corresponding connection
+ * is to be allowed. Else it returns False.
+ * @param ctx
+ * @param e
+ * @param inetSocketAddress the remote {@link InetSocketAddress} from client
+ * @return True if the corresponding connection is allowed, else False.
+ * @throws Exception
+ */
+ protected abstract boolean accept(ChannelHandlerContext ctx, ChannelEvent e, InetSocketAddress inetSocketAddress)
+ throws Exception;
+
+ /**
+ * Called when the channel has the CONNECTED status and the channel was refused by a previous call to accept().
+ * This method enables your implementation to send a message back to the client before closing
+ * or whatever you need. This method returns a ChannelFuture on which the implementation
+ * will wait uninterruptibly before closing the channel.
+ * For instance, If a message is sent back, the corresponding ChannelFuture has to be returned.
+ * @param ctx
+ * @param e
+ * @param inetSocketAddress the remote {@link InetSocketAddress} from client
+ * @return the associated ChannelFuture to be waited for before closing the channel. Null is allowed.
+ * @throws Exception
+ */
+ protected ChannelFuture handleRefusedChannel(ChannelHandlerContext ctx, ChannelEvent e,
+ InetSocketAddress inetSocketAddress) throws Exception
+ {
+ if (listener == null)
+ return null;
+ ChannelFuture result = listener.refused(ctx, e, inetSocketAddress);
+ return result;
+ }
+
+ protected ChannelFuture handleAllowedChannel(ChannelHandlerContext ctx, ChannelEvent e,
+ InetSocketAddress inetSocketAddress) throws Exception
+ {
+ if (listener == null)
+ return null;
+ ChannelFuture result = listener.allowed(ctx, e, inetSocketAddress);
+ return result;
+ }
+
+ /**
+ * Internal method to test if the current channel is blocked. Should not be overridden.
+ * @param ctx
+ * @return True if the current channel is blocked, else False
+ */
+ protected boolean isBlocked(ChannelHandlerContext ctx)
+ {
+ return ctx.getAttachment() != null;
+ }
+
+ /**
+ * Called in handleUpstream, if this channel was previously blocked,
+ * to check if whatever the event, it should be passed to the next entry in the pipeline.
+ * If one wants to not block events, just overridden this method by returning always true.
+ * Note that OPENED and BOUND events are still passed to the next entry in the pipeline since
+ * those events come out before the CONNECTED event and so the possibility to filter the connection.
+ * @param ctx
+ * @param e
+ * @return True if the event should continue, False if the event should not continue
+ * since this channel was blocked by this filter
+ * @throws Exception
+ */
+ protected boolean continues(ChannelHandlerContext ctx, ChannelEvent e) throws Exception
+ {
+ if (listener != null)
+ return listener.continues(ctx, e);
+ else
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.netty.channel.ChannelUpstreamHandler#handleUpstream(org.jboss.netty.channel.ChannelHandlerContext, org.jboss.netty.channel.ChannelEvent)
+ */
+ @Override
+public void handleUpstream(ChannelHandlerContext ctx, ChannelEvent e) throws Exception
+ {
+ if (e instanceof ChannelStateEvent)
+ {
+ ChannelStateEvent evt = (ChannelStateEvent) e;
+ switch (evt.getState())
+ {
+ case OPEN :
+ case BOUND :
+ // Special case: OPEND and BOUND events are before CONNECTED,
+ // but CLOSED and UNBOUND events are after DISCONNECTED: should those events be blocked too?
+ if (isBlocked(ctx) && !continues(ctx, evt))
+ {
+ // don't pass to next level since channel was blocked early
+ return;
+ }
+ else
+ {
+ ctx.sendUpstream(e);
+ return;
+ }
+ case CONNECTED :
+ if (evt.getValue() != null)
+ {
+ // CONNECTED
+ InetSocketAddress inetSocketAddress = (InetSocketAddress) e.getChannel().getRemoteAddress();
+ if (!accept(ctx, e, inetSocketAddress))
+ {
+ ctx.setAttachment(Boolean.TRUE);
+ ChannelFuture future = handleRefusedChannel(ctx, e, inetSocketAddress);
+ if (future != null)
+ {
+ future.addListener(ChannelFutureListener.CLOSE);
+ }
+ else
+ {
+ Channels.close(e.getChannel());
+ }
+ if (isBlocked(ctx) && !continues(ctx, evt))
+ {
+ // don't pass to next level since channel was blocked early
+ return;
+ }
+ }
+ else
+ {
+ handleAllowedChannel(ctx, e, inetSocketAddress);
+ }
+ // This channel is not blocked
+ ctx.setAttachment(null);
+ }
+ else
+ {
+ // DISCONNECTED
+ if (isBlocked(ctx) && !continues(ctx, evt))
+ {
+ // don't pass to next level since channel was blocked early
+ return;
+ }
+ }
+ break;
+ }
+ }
+ if (isBlocked(ctx) && !continues(ctx, e))
+ {
+ // don't pass to next level since channel was blocked early
+ return;
+ }
+ // Whatever it is, if not blocked, goes to the next level
+ ctx.sendUpstream(e);
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.netty.handler.ipfilter.IpFilteringHandler#setIpFilterListener(org.jboss.netty.handler.ipfilter.IpFilterListener)
+ */
+ @Override
+public void setIpFilterListener(IpFilterListener listener)
+ {
+ this.listener = listener;
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.netty.handler.ipfilter.IpFilteringHandler#removeIpFilterListener()
+ */
+ @Override
+public void removeIpFilterListener()
+ {
+ this.listener = null;
+
+ }
+
+}
diff --git a/src/main/java/org/jboss/netty/handler/ipfilter/IpSet.java b/src/main/java/org/jboss/netty/handler/ipfilter/IpSet.java
new file mode 100644
index 0000000000..a349b3f4f1
--- /dev/null
+++ b/src/main/java/org/jboss/netty/handler/ipfilter/IpSet.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2009 Red Hat, Inc.
+ *
+ * Red Hat licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ipfilter;
+
+import java.net.InetAddress;
+
+/**
+ * This Interface defines an IpSet object.
+ *
+ * @author frederic bregier
+ *
+ */
+public interface IpSet
+{
+ /**
+ * Compares the given InetAddress against the IpSet and returns true if
+ * the InetAddress is contained in this Rule and false if not.
+ * @param inetAddress1
+ * @return returns true if the given IP address is contained in the current
+ * IpSet.
+ */
+ public boolean contains(InetAddress inetAddress1);
+}
diff --git a/src/main/java/org/jboss/netty/handler/ipfilter/IpSubnet.java b/src/main/java/org/jboss/netty/handler/ipfilter/IpSubnet.java
new file mode 100644
index 0000000000..85d4be9079
--- /dev/null
+++ b/src/main/java/org/jboss/netty/handler/ipfilter/IpSubnet.java
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2009 Red Hat, Inc.
+ *
+ * Red Hat licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ipfilter;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+/**
+ * This class allows to check if an IP V4 or V6 Address is contained in a subnet.
+ *
+ * Supported IP V4 Formats for the Subnets are: 1.1.1.1/255.255.255.255 or 1.1.1.1/32 (CIDR-Notation)
+ * and (InetAddress,Mask) where Mask is a integer for CIDR-notation or a String for Standard Mask notation.
+ *
Example1:
+ * IpV4Subnet ips = new IpV4Subnet("192.168.1.0/24");
+ * System.out.println("Result: "+ ips.contains("192.168.1.123"));
+ * System.out.println("Result: "+ ips.contains(inetAddress2));
+ *
Example1 bis:
+ * IpV4Subnet ips = new IpV4Subnet(inetAddress, 24);
+ * where inetAddress is 192.168.1.0 and inetAddress2 is 192.168.1.123
+ *
Example2:
+ * IpV4Subnet ips = new IpV4Subnet("192.168.1.0/255.255.255.0");
+ * System.out.println("Result: "+ ips.contains("192.168.1.123"));
+ * System.out.println("Result: "+ ips.contains(inetAddress2));
+ *
Example2 bis:
+ * IpV4Subnet ips = new IpV4Subnet(inetAddress, "255.255.255.0");
+ * where inetAddress is 192.168.1.0 and inetAddress2 is 192.168.1.123
+ *
+ * Supported IP V6 Formats for the Subnets are: a:b:c:d:e:f:g:h/NN (CIDR-Notation)
+ * or any IPV6 notations (like a:b:c:d::/NN, a:b:c:d:e:f:w.x.y.z/NN)
+ * and (InetAddress,Mask) where Mask is a integer for CIDR-notation
+ * and (InetAddress,subnet).
+ *
Example1:
+ * IpSubnet ips = new IpSubnet("1fff:0:0a88:85a3:0:0:0:0/24");
+ * IpSubnet ips = new IpSubnet("1fff:0:0a88:85a3::/24");
+ * System.out.println("Result: "+ ips.contains("1fff:0:0a88:85a3:0:0:ac1f:8001"));
+ * System.out.println("Result: "+ ips.contains(inetAddress2));
+ *
Example1 bis:
+ * IpSubnet ips = new IpSubnet(inetAddress, 24);
+ * where inetAddress2 is 1fff:0:0a88:85a3:0:0:ac1f:8001
+ *
+ * @author frederic bregier
+ *
+ */
+public class IpSubnet implements IpSet, Comparable
+ * i.e.:
+ * IpSubnet subnet = new IpSubnet("10.10.10.0/24"); or
+ * IpSubnet subnet = new IpSubnet("10.10.10.0/255.255.255.0"); or
+ * IpSubnet subnet = new IpSubnet("1fff:0:0a88:85a3:0:0:0:0/24");
+ * @param netAddress a network address as string.
+ * @throws UnknownHostException
+ * */
+ public IpSubnet(String netAddress) throws UnknownHostException
+ {
+ cidr = CIDR.newCIDR(netAddress);
+ }
+
+ /**
+ * Create IpSubnet using the CIDR Notation
+ * @param inetAddress
+ * @param cidrNetMask
+ * @throws UnknownHostException
+ */
+ public IpSubnet(InetAddress inetAddress, int cidrNetMask) throws UnknownHostException
+ {
+ cidr = CIDR.newCIDR(inetAddress, cidrNetMask);
+ }
+
+ /**
+ * Create IpSubnet using the normal Notation
+ * @param inetAddress
+ * @param netMask
+ * @throws UnknownHostException
+ */
+ public IpSubnet(InetAddress inetAddress, String netMask) throws UnknownHostException
+ {
+ cidr = CIDR.newCIDR(inetAddress, netMask);
+ }
+
+ /**
+ * Compares the given IP-Address against the Subnet and returns true if
+ * the ip is in the subnet-ip-range and false if not.
+ * @param ipAddr an ipaddress
+ * @return returns true if the given IP address is inside the currently
+ * set network.
+ * @throws UnknownHostException
+ * */
+ public boolean contains(String ipAddr) throws UnknownHostException
+ {
+ InetAddress inetAddress1 = InetAddress.getByName(ipAddr);
+ return this.contains(inetAddress1);
+ }
+
+ /**
+ * Compares the given InetAddress against the Subnet and returns true if
+ * the ip is in the subnet-ip-range and false if not.
+ * @param inetAddress
+ * @return returns true if the given IP address is inside the currently
+ * set network.
+ * */
+ @Override
+public boolean contains(InetAddress inetAddress)
+ {
+ if (cidr == null)
+ {
+ // ANY
+ return true;
+ }
+ return cidr.contains(inetAddress);
+ }
+
+ @Override
+ public String toString()
+ {
+ return cidr.toString();
+ }
+
+ @Override
+ public boolean equals(Object o)
+ {
+ if (!(o instanceof IpSubnet))
+ {
+ return false;
+ }
+ IpSubnet ipSubnet = (IpSubnet) o;
+ return ipSubnet.cidr.equals(cidr);
+ }
+
+ /**
+ * Compare two IpSubnet
+ */
+ @Override
+public int compareTo(IpSubnet o)
+ {
+ return cidr.toString().compareTo(o.cidr.toString());
+ }
+
+ /**
+ * Simple test functions
+ * @param args
+ * where args[0] is the netmask (standard or CIDR notation) and optional args[1] is
+ * the inetAddress to test with this IpSubnet
+ */
+ public static void main(String[] args) throws Exception
+ {
+ if (args.length != 0)
+ {
+ IpSubnet ipSubnet = null;
+ try
+ {
+ ipSubnet = new IpSubnet(args[0]);
+ }
+ catch (UnknownHostException e)
+ {
+ return;
+ }
+ System.out.println("IpSubnet: " + ipSubnet.toString() + " from " + ipSubnet.cidr.getBaseAddress() + " to "
+ + ipSubnet.cidr.getEndAddress() + " mask " + ipSubnet.cidr.getMask());
+ if (args.length > 1)
+ {
+ System.out.println("Is IN: " + args[1] + " " + ipSubnet.contains(args[1]));
+ }
+ }
+ }
+}
diff --git a/src/main/java/org/jboss/netty/handler/ipfilter/IpSubnetFilterRule.java b/src/main/java/org/jboss/netty/handler/ipfilter/IpSubnetFilterRule.java
new file mode 100644
index 0000000000..d4009c09b3
--- /dev/null
+++ b/src/main/java/org/jboss/netty/handler/ipfilter/IpSubnetFilterRule.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2009 Red Hat, Inc.
+ *
+ * Red Hat licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ipfilter;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+/**
+ * Ip V4 and Ip V6 filter rule.
+ *
+ * Note that mix of IPV4 and IPV6 is allowed but it is not recommended. So it is preferable to not
+ * mix IPV4 addresses with IPV6 rules, even if it should work.
+ * @author frederic bregier
+ *
+ */
+public class IpSubnetFilterRule extends IpSubnet implements IpFilterRule
+{
+ /**
+ * Is this IpV4Subnet an ALLOW or DENY rule
+ */
+ private boolean isAllowRule = true;
+
+ /**
+ * Constructor for a ALLOW or DENY ALL
+ * @param allow True for ALLOW, False for DENY
+ */
+ public IpSubnetFilterRule(boolean allow)
+ {
+ super();
+ isAllowRule = allow;
+ }
+
+ /**
+ * @param allow True for ALLOW, False for DENY
+ * @param inetAddress
+ * @param cidrNetMask
+ * @throws UnknownHostException
+ */
+ public IpSubnetFilterRule(boolean allow, InetAddress inetAddress, int cidrNetMask) throws UnknownHostException
+ {
+ super(inetAddress, cidrNetMask);
+ isAllowRule = allow;
+ }
+
+ /**
+ * @param allow True for ALLOW, False for DENY
+ * @param inetAddress
+ * @param netMask
+ * @throws UnknownHostException
+ */
+ public IpSubnetFilterRule(boolean allow, InetAddress inetAddress, String netMask) throws UnknownHostException
+ {
+ super(inetAddress, netMask);
+ isAllowRule = allow;
+ }
+
+ /**
+ * @param allow True for ALLOW, False for DENY
+ * @param netAddress
+ * @throws UnknownHostException
+ */
+ public IpSubnetFilterRule(boolean allow, String netAddress) throws UnknownHostException
+ {
+ super(netAddress);
+ isAllowRule = allow;
+ }
+
+ @Override
+public boolean isAllowRule()
+ {
+ return isAllowRule;
+ }
+
+ @Override
+public boolean isDenyRule()
+ {
+ return !isAllowRule;
+ }
+
+}
diff --git a/src/main/java/org/jboss/netty/handler/ipfilter/IpV4Subnet.java b/src/main/java/org/jboss/netty/handler/ipfilter/IpV4Subnet.java
new file mode 100644
index 0000000000..80374a9eb2
--- /dev/null
+++ b/src/main/java/org/jboss/netty/handler/ipfilter/IpV4Subnet.java
@@ -0,0 +1,328 @@
+/*
+ * Copyright 2009 Red Hat, Inc.
+ *
+ * Red Hat licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ipfilter;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.StringTokenizer;
+import java.util.Vector;
+
+/**
+ * This class allows to check if an IP-V4-Address is contained in a subnet.
+ * Supported Formats for the Subnets are: 1.1.1.1/255.255.255.255 or 1.1.1.1/32 (CIDR-Notation)
+ * and (InetAddress,Mask) where Mask is a integer for CIDR-notation or a String for Standard Mask notation.
+ *
Example1:
+ * IpV4Subnet ips = new IpV4Subnet("192.168.1.0/24");
+ * System.out.println("Result: "+ ips.contains("192.168.1.123"));
+ * System.out.println("Result: "+ ips.contains(inetAddress2));
+ *
Example1 bis:
+ * IpV4Subnet ips = new IpV4Subnet(inetAddress, 24);
+ * where inetAddress is 192.168.1.0 and inetAddress2 is 192.168.1.123
+ *
Example2:
+ * IpV4Subnet ips = new IpV4Subnet("192.168.1.0/255.255.255.0");
+ * System.out.println("Result: "+ ips.contains("192.168.1.123"));
+ * System.out.println("Result: "+ ips.contains(inetAddress2));
+ *
Example2 bis:
+ * IpV4Subnet ips = new IpV4Subnet(inetAddress, "255.255.255.0");
+ * where inetAddress is 192.168.1.0 and inetAddress2 is 192.168.1.123
+
+ * @author frederic bregier
+ *
+ */
+public class IpV4Subnet implements IpSet, Comparable
+ * i.e.:
+ * IpV4Subnet subnet = new IpV4Subnet("10.10.10.0/24"); or
+ * IpV4Subnet subnet = new IpV4Subnet("10.10.10.0/255.255.255.0");
+ * @param netAddress a network address as string.
+ * @throws UnknownHostException
+ * */
+ public IpV4Subnet(String netAddress) throws UnknownHostException
+ {
+ setNetAddress(netAddress);
+ }
+
+ /**
+ * Create IpV4Subnet using the CIDR Notation
+ * @param inetAddress
+ * @param cidrNetMask
+ */
+ public IpV4Subnet(InetAddress inetAddress, int cidrNetMask)
+ {
+ setNetAddress(inetAddress, cidrNetMask);
+ }
+
+ /**
+ * Create IpV4Subnet using the normal Notation
+ * @param inetAddress
+ * @param netMask
+ */
+ public IpV4Subnet(InetAddress inetAddress, String netMask)
+ {
+ setNetAddress(inetAddress, netMask);
+ }
+
+ /**
+ * Sets the Network Address in either CIDR or Decimal Notation.
+ * i.e.: setNetAddress("1.1.1.1/24"); or
+ * setNetAddress("1.1.1.1/255.255.255.0");
+ * @param netAddress a network address as string.
+ * @throws UnknownHostException
+ * */
+ private void setNetAddress(String netAddress) throws UnknownHostException
+ {
+ Vector
Standard use could be as follow: The accept method must be overridden (of course you can + * override others).
+ * + *+ * {@link org.jboss.netty.channel.ChannelPipeline} pipeline = ...; + * + * IpFilterRuleHandler firewall = new IpFilterRuleHandler(); + * firewall.addAll(new IpFilterRuleList("+n:localhost, +c:192.168.0.0/27, -n:*")); + * pipeline.addFirst("firewall", firewall); + *+ * + * @apiviz.exclude ^java\.lang\. + */ +package org.jboss.netty.handler.ipfilter; + +