介绍开源的.net通信框架NetworkComms框架 源码分析(十)DOSProtection

时间:2022-01-30 19:41:59

原文网址: http://www.cnblogs.com/csdev

Networkcomms 是一款C# 语言编写的TCP/UDP通信框架  作者是英国人  以前是收费的 目前作者已经开源  许可是:Apache License v2

开源地址是:https://github.com/MarcFletcher/NetworkComms.Net

DOSProtection用于放置Dos攻击,可以封IP,默认没有启用
namespace NetworkCommsDotNet.Tools
{
    /// <summary>
    /// NetworkComms.Net class used for providing Denial Of Service (DOS) protection features.
    /// If enabled, malformed data events and connection initialises are tracked. If above
    /// set thresholds IPAddresses are banned.
    /// 用于DOS攻击防御的类
    /// 如果启用  则格式不正确的数据和连接请求将会被跟踪  并对相应的IP进行查封
    /// </summary>
    public class DOSProtection
    {
        /// <summary>
        /// A local thread safety locker
        /// 同步锁
        /// </summary>
        object _syncRoot = new object();

        /// <summary>
        /// Addresses that are currently banned. Key is remote IPAddress, value is time banned.
        /// 被查封的IP
        /// </summary>
        Dictionary<IPAddress, DateTime> _bannedAddresses = new Dictionary<IPAddress, DateTime>();

        /// <summary>
        /// First key is remote IPAddress, second key is DateTime.Ticks, value is the malformed count for that DateTime.ticks
        /// 格式不正确的数据的相关信息    IP  发生的时间  次数
        /// </summary>
        Dictionary<IPAddress, Dictionary<long, int>> _malformedCountDict = new Dictionary<IPAddress, Dictionary<long, int>>();

        /// <summary>
        /// First key is remote IPAddress, second key is DateTime.Ticks, value is the connection initialisation count for that DateTime.ticks
        /// 格式不正确的连接请求    IP  发生的时间  次数
        /// </summary>
        Dictionary<IPAddress, Dictionary<long, int>> _connectionInitialiseCountDict = new Dictionary<IPAddress, Dictionary<long, int>>();

        /// <summary>
        /// The current state of DOS protection
        /// 是否启用DOS攻击防御
        /// </summary>
        public bool Enabled { get; set; }

        /// <summary>
        /// The timeout after which time a banned IPAddress may have access again. Default is 10 minutes.
        /// 相关IP查封的时间
        /// </summary>
        public TimeSpan BanTimeout { get; set; }

        /// <summary>
        /// The time within which if MalformedCountInIntervalBeforeBan or ConnectionInitialiseCountInIntervalBeforeBan
        /// is reached a peer will be banned. Default is 5 minutes.
        /// 查封相关的一个时间段
        /// 默认5分钟
        /// 比如说5分钟内收到2个不规则数据,启用查封
        /// </summary>
        public TimeSpan LogInterval { get; set; }

        /// <summary>
        /// The number of malformed data counts to log within LogInterval before an IPAddress is banned. Default is 2.
        /// LogInterval时间内收到不规则数据将会被查封  默认为2个
        /// </summary>
        public int MalformedCountInIntervalBeforeBan { get; set; }

        /// <summary>
        /// The number of connection initialises to log within LogInterval before an IPAddress is banned. Default is 100
        /// LogInterval时间内收到不规则连接请求  默认为100个  启用查封
        /// </summary>
        public int ConnectionInitialiseCountInIntervalBeforeBan { get; set; }

        /// <summary>
        /// Initialise a new instance of DOS protection.
        /// 初始化
        /// </summary>
        public DOSProtection()
        {
            Enabled = false;
            BanTimeout = , , );
            LogInterval = , , );
            MalformedCountInIntervalBeforeBan = ;
            ConnectionInitialiseCountInIntervalBeforeBan = ;
        }

        /// <summary>
        /// Log a malformed data event for the provided remote IPAddress.
        /// 记录不规则数据时间 根据指定的IP
        /// </summary>
        /// <param name="remoteIPAddress"></param>
        /// <returns>如果指定IP已经查封 返回True *** True if the remote IPAddress is now banned, otherwise false.</returns>
        public bool LogMalformedData(IPAddress remoteIPAddress)
        {
            bool ipAddressNowBanned = false;

            lock (_syncRoot)
            {
                //Record the malformed data count
                //记录不规则数据数量
                long tick = DateTime.Now.Ticks;
                if (_malformedCountDict.ContainsKey(remoteIPAddress))
                {
                    if (_malformedCountDict[remoteIPAddress].ContainsKey(tick))
                        _malformedCountDict[remoteIPAddress][tick]++;
                    else
                        _malformedCountDict[remoteIPAddress].Add(tick, );
                }
                else
                    _malformedCountDict.Add(remoteIPAddress,  } });

                //Delete any tick keys which are greater than LogInterval
                //删除超过LogInterval时间段的数据
                List<long> existingIPAddressTickKeys = new List<long>(_malformedCountDict[remoteIPAddress].Keys);

                //Sort from oldest to newest
                //排序
                existingIPAddressTickKeys.Sort();

                //Keep removing tick keys until we are within LogInterval
                //删除超过指定时间段的数据
                ; i < existingIPAddressTickKeys.Count; i++)
                {
                    if (DateTime.Now - new DateTime(existingIPAddressTickKeys[i]) > LogInterval)
                        _malformedCountDict[remoteIPAddress].Remove(existingIPAddressTickKeys[i]);
                    else
                        break;
                }

                //Add up the remaining counts and see if we need to ban this peer
                //查看是否需要查封此IP
                ;
                foreach(int count in _malformedCountDict[remoteIPAddress].Values)
                    currentMalformedCount += count;

                if (currentMalformedCount >= MalformedCountInIntervalBeforeBan)
                {
                    ipAddressNowBanned = true;
                    _bannedAddresses[remoteIPAddress] = new DateTime(tick);
                }
                else
                {
                    ipAddressNowBanned = false;
                    _bannedAddresses.Remove(remoteIPAddress);
                }

                //Remove the remote IPAddress key if no events are left
                //如果没有响应的时间 删除相应的IP
                )
                    _malformedCountDict.Remove(remoteIPAddress);
            }

            return ipAddressNowBanned;
        }

        /// <summary>
        /// Log a connection initialisation for the provided remote IPAddress.
        /// 记录一个格式错误的连接初始化 根据指定IP
        /// </summary>
        /// <param name="remoteIPAddress"></param>
        /// <returns>True if the remote IPAddress is now banned, otherwise false.</returns>
        public bool LogConnectionInitialise(IPAddress remoteIPAddress)
        {
            bool ipAddressNowBanned = false;

            lock (_syncRoot)
            {
                //Record the malformed data count
                //记录格式错误的数据的次数
                long tick = DateTime.Now.Ticks;
                if (_connectionInitialiseCountDict.ContainsKey(remoteIPAddress))
                {
                    if (_connectionInitialiseCountDict[remoteIPAddress].ContainsKey(tick))
                        _connectionInitialiseCountDict[remoteIPAddress][tick]++;
                    else
                        _connectionInitialiseCountDict[remoteIPAddress].Add(tick, );
                }
                else
                    _connectionInitialiseCountDict.Add(remoteIPAddress,  } });

                //Delete any tick keys which are greater than LogInterval
                //删除超过LogInterval时间段的数据
                List<long> existingIPAddressTickKeys = new List<long>(_connectionInitialiseCountDict[remoteIPAddress].Keys);

                //Sort from oldest to newest
                //排序
                existingIPAddressTickKeys.Sort();

                //Keep removing tick keys until we are within LogInterval
                //删除超过LogInterval时间段的数据
                ; i < existingIPAddressTickKeys.Count; i++)
                {
                    if (DateTime.Now - new DateTime(existingIPAddressTickKeys[i]) > LogInterval)
                        _connectionInitialiseCountDict[remoteIPAddress].Remove(existingIPAddressTickKeys[i]);
                    else
                        break;
                }

                //Add up the remaining counts and see if we need to ban this peer
                //查看是否需要查封相关的数据
                ;
                foreach (int count in _connectionInitialiseCountDict[remoteIPAddress].Values)
                    currentConnectionInitialisationCount += count;

                //Make a decision based on currentConnectionInitialisationCount
                //是否查封
                if (currentConnectionInitialisationCount >= ConnectionInitialiseCountInIntervalBeforeBan)
                {
                    ipAddressNowBanned = true;
                    _bannedAddresses[remoteIPAddress] = new DateTime(tick);
                }
                else
                {
                    ipAddressNowBanned = false;
                    _bannedAddresses.Remove(remoteIPAddress);
                }

                //Remove the remote IPAddress key if no events are left
                //如果事件不存在 删除相关IP
                )
                    _connectionInitialiseCountDict.Remove(remoteIPAddress);
            }

            return ipAddressNowBanned;
        }

        /// <summary>
        /// Returns true if the provided IPAddress has been banned due to DOSProtection.
        /// 如果参数中IP已经被查封  返回True
        /// </summary>
        /// <param name="remoteIPAddress">The IPAddress to check</param>
        /// <returns></returns>
        public bool RemoteIPAddressBanned(IPAddress remoteIPAddress)
        {
            lock(_syncRoot)
            {
                if (_bannedAddresses.ContainsKey(remoteIPAddress))
                {
                    //If the ban time is longer than the timeout we can allow it again
                    //如果过了封杀的时间  从查封列表中删除
                    if (DateTime.Now - _bannedAddresses[remoteIPAddress] > BanTimeout)
                    {
                        _bannedAddresses.Remove(remoteIPAddress);
                        return false;
                    }
                    else
                        return true;
                }
                else
                    return false;
            }
        }
    }
}