Class: IPAccess::TCPSocket

Inherits:

TCPSocket

• Object
• TCPSocket
• IPAccess::TCPSocket

Includes:

Patches::TCPSocket

Defined in:

lib/ipaccess/ghost_doc/ghost_doc_sockets.rb,
lib/ipaccess/socket.rb

Overview

TCPSocket class with IP access control. It uses output access lists.

This class acts the same way as TCPSocket class but provides special member called acl and a few new instance methods for controlling IP access.

This documentation doesn’t cover description of all class and instance methods of the original TCPSocket class, just the patched variants that make use of IP access control.

Example

require 'ipaccess/socket'                                         # load sockets subsystem

acl_set = IPAccess::Set.new                                            # create shared access set
acl_set.output.block 'randomseed.pl'                              # block connections to this host

socket = IPAccess::TCPSocket.new('randomseed.pl', 80)

Instance Attribute Summary

• #acl ⇒ Object

  This member keeps the information about currently used access set.

Attributes included from Patches::ACL

#opened_on_deny

Instance Method Summary

• #acl_recheck ⇒ Object

  This method allows you to re-check access on demad.

• #blacklist(*addresses) ⇒ Object (also: #add_black, #deny, #block)

  This method blacklists IP address(-es) in the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.

  Restrictions

  This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use blacklist! instead.

  Return value

  It will return the result of calling IPAccess::List#blacklist on the list.

  Revalidation

  After modyfing access set current connection is validated again to avoid access leaks.

  DNS Warning

  You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

• #blacklist!(*addresses) ⇒ Object (also: #add_black!, #deny!, #block!)

  This method works same way as blacklist but it will allow you to modify the list even if the global access set is used by object.

• #initialize ⇒ TCPSocket constructor

  Creates a new object and attempts to connect to the host and port.

• #unblacklist(*addresses) ⇒ Object (also: #unblock, #del_black)

  This method removes blacklisted IP address(-es) from the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.

  Restrictions

  This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use unblacklist! instead.

  Return value

  It will return the result of calling IPAccess::List#unblacklist on the list.

  Revalidation

  After modyfing access set current connection is validated again to avoid access leaks.

  DNS Warning

  You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

• #unblacklist!(*addresses) ⇒ Object (also: #unblock!, #del_black!)

  This method works same way as unblacklist but it will allow you to modify the list even if the global access set is used by object.

• #unwhitelist(*addresses) ⇒ Object (also: #del_white)

  This method removes whitelisted IP address(-es) from the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.

  Restrictions

  This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use unwhitelist! instead.

  Return value

  It will return the result of calling IPAccess::List#unwhitelist on the list.

  Revalidation

  After modyfing access set current connection is validated again to avoid access leaks.

  DNS Warning

  You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

• #unwhitelist!(*addresses) ⇒ Object (also: #del_white!)

  This method works same way as unwhitelist but it will allow you to modify the list even if the global access set is used by object.

• #whitelist(*addresses) ⇒ Object

  This method whitelists IP address(-es) in the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.

  Restrictions

  This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use whitelist! instead.

  Return value

  It will return the result of calling IPAccess::List#whitelist on the list.

  Revalidation

  After modyfing access set current connection is validated again to avoid access leaks.

  DNS Warning

  You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

  @overload(*addresses) @overload(list, *addresses)

• #whitelist!(*addresses) ⇒ Object

  This method works same way as whitelist but it will allow you to modify the list even if the global access set is used by object.

Methods included from Patches::ACL

#__ipa_wrap_socket_call, #blacklist_reasonable, #blacklist_reasonable!, #close_on_deny, #close_on_deny=, #default_list, #terminate, #valid_acl?, #whitelist_reasonable, #whitelist_reasonable!

Constructor Details

#new(addr, port) {|socket| ... } ⇒ TCPSocket #new(addr, port, acl) ⇒ TCPSocket

Creates a new object and attempts to connect to the host and port. If a block is provided, it is yielded as socket object. It optionally sets an access set given as the last parameter or as ACL member of opts. The access set given as an argument has precedence over access set given in options. If ACL parameter is not given it defaults to ACL to IPAccess::Set.Global.

Overloads:

• #new(addr, port) {|socket| ... } ⇒ TCPSocket

  Yield Parameters:

  • socket (Socket, TCPSocket, UDPSocket, SOCKSSocket)

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 659

def initialize
  # Real code hidden.
end

Instance Attribute Details

#acl ⇒ Object

This member keeps the information about currently used access set. You may use it to do low-level operations on IPAccess::Set object associated with instance. You cannot however call any of global access set operations – to do that use IPAccess::Set.Global contant referencing to global ACL.

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 644

def acl
  @acl
end

Instance Method Details

#acl_recheck ⇒ Object

This method allows you to re-check access on demad. It uses internal socket’s address and access set assigned to an object. It will close your communication session before throwing an exception in case of denied access – you can prevent it by setting the flag opened_on_deny to true. The flag can be set while initializing object (through argument :opened_on_deny) or by setting the attribute.

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 672

def acl_recheck
  # Real code hidden.
end

#blacklist(*addresses) ⇒ Object #blacklist(list, *addresses) ⇒ Object Also known as: add_black, deny, block

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 582

def blacklist(*addresses); end

#blacklist!(*addresses) ⇒ Object #blacklist!(list, *addresses) ⇒ Object Also known as: add_black!, deny!, block!

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 577

def blacklist!(*addresses); end

#unblacklist(*addresses) ⇒ Object #unblacklist(list, *addresses) ⇒ Object Also known as: unblock, del_black

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 602

def unblacklist(*addresses); end

#unblacklist!(*addresses) ⇒ Object #unblacklist!(list, *addresses) ⇒ Object Also known as: unblock!, del_black!

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 597

def unblacklist!(*addresses); end

#unwhitelist(*addresses) ⇒ Object #unwhitelist(list, *addresses) ⇒ Object Also known as: del_white

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 592

def unwhitelist(*addresses); end

#unwhitelist!(*addresses) ⇒ Object #unwhitelist!(list, *addresses) ⇒ Object Also known as: del_white!

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 587

def unwhitelist!(*addresses); end

#whitelist(*addresses) ⇒ Object #whitelist(list, *addresses) ⇒ Object

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 572

def whitelist(*addresses); end

#whitelist!(*addresses) ⇒ Object #whitelist!(list, *addresses) ⇒ Object

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 567

def whitelist!(*addresses); end