only allowing one connection per IP address
Trustin Lee
tlee at redhat.com
Sun Mar 22 12:47:32 EDT 2009
On Sun, Mar 22, 2009 at 5:23 PM, Frederic Bregier <fredbregier at free.fr> wrote:
> * the package name is ok with "ipfiltering" ?
'ipfilter' sounds better to me. :)
> * for handleRefusedChannel(), did you mean that any actions
> other than closing could be done here? Or say in another way,
> closing is still outside of this method in order to be factorized
> whatever the action (or no action) is done in the method ?
I mean even the close request should be done in
handlerRefusedChannel() and therefore its default implementation
should be:
protected void handleRefusedChannel(ctx, evt) {
ctx.getChannel().close();
}
and a user could override this method if necessary.
> * One thing however, which I state with a warning comment in the new impl:
> If the implementation of the method write back a message before closing,
> it has to wait for the termination of the write, otherwise it
> could be lost since the close is immediately done after.
> So it is just a warning about what the implementation have to be cautious.
Yes. We can cover this in documentation.
> * OneIpFilter data structure: do you think a hashmap could be ok?
> I see what to put as the key (InetAddress since the port is not useful
> there),
> but as object ? InetSocketAddress ? Channel ? What could be useful ?
We have Set. No need to worry about the value type. ;)
> * On BannedIp, yes I agree that it should be more "generic".
> I will spend times on CIDR since your idea seems very interesting.
I thought about this and perhaps we could name it as
'RuleBasedIpFilter' and let user specify an implementation of the
following interface:
public interface IpFilterRule {
boolean accept(InetSocketAddress remoteAddress);
}
And its implementations could be:
* CidrFilterRule
* SubnetFilterRule
* IpRangeRule (e.g. "192.168.0.0-128")
When a user adds an IpFilterRule, one needs to specify it's an allow or a deny.
> * On the branch, I've got two questions:
> - what name to give to this branch ?
whatever you want. If I were you, I'd name it 'ipfilter'
> - Am I correct if I do like the following in Eclipse (still not confident
> with SVN):
> # first create a branch from Team menu from head status
> # then create a new project based on this branch and maintain its update
> from
> this new project directly linked to the branch
I usually use a command-line client so I don't know much about Eclipse
way to maintain branches. I think it sounds right, but you can
experiment. :)
Cheers,
— Trustin Lee, http://gleamynode.net/
More information about the netty-users
mailing list