only allowing one connection per IP address

Trustin Lee tlee at redhat.com
Sun Mar 22 12:47:32 EDT 2009 

On Sun, Mar 22, 2009 at 5:23 PM, Frederic Bregier <fredbregier at free.fr> wrote:
> * the package name is ok with "ipfiltering" ?

'ipfilter' sounds better to me. :)

> * for handleRefusedChannel(), did you mean that any actions
> other than closing could be done here? Or say in another way,
> closing is still outside of this method in order to be factorized
> whatever the action (or no action) is done in the method ?

I mean even the close request should be done in
handlerRefusedChannel() and therefore its default implementation
should be:

    protected void handleRefusedChannel(ctx, evt) {
        ctx.getChannel().close();
    }

and a user could override this method if necessary.

> * One thing however, which I state with a warning comment in the new impl:
> If the implementation of the method write back a message before closing,
> it has to wait for the termination of the write, otherwise it
> could be lost since the close is immediately done after.
> So it is just a warning about what the implementation have to be cautious.

Yes.  We can cover this in documentation.

> * OneIpFilter data structure: do you think a hashmap could be ok?
> I see what to put as the key (InetAddress since the port is not useful
> there),
> but as object ? InetSocketAddress ? Channel ? What could be useful ?

We have Set.  No need to worry about the value type. ;)

> * On BannedIp, yes I agree that it should be more "generic".
> I will spend times on CIDR since your idea seems very interesting.

I thought about this and perhaps we could name it as
'RuleBasedIpFilter' and let user specify an implementation of the
following interface:

  public interface IpFilterRule {
      boolean accept(InetSocketAddress remoteAddress);
  }

And its implementations could be:

  * CidrFilterRule
  * SubnetFilterRule
  * IpRangeRule (e.g. "192.168.0.0-128")

When a user adds an IpFilterRule, one needs to specify it's an allow or a deny.

> * On the branch, I've got two questions:
>  - what name to give to this branch ?

whatever you want.  If I were you, I'd name it 'ipfilter'

>  - Am I correct if I do like the following in Eclipse (still not confident
> with SVN):
>    # first create a branch from Team menu from head status
>    # then create a new project based on this branch and maintain its update
> from
>      this new project directly linked to the branch

I usually use a command-line client so I don't know much about Eclipse
way to maintain branches.  I think it sounds right, but you can
experiment. :)

Cheers,

— Trustin Lee, http://gleamynode.net/

More information about the netty-users mailing list