Class: IPAccess::Socket

Inherits:

Socket

• Object
• Socket
• IPAccess::Socket

Includes:

Patches::Socket

Defined in:

lib/ipaccess/ghost_doc/ghost_doc_sockets.rb,
lib/ipaccess/socket.rb

Overview

Socket class with IP access control. It uses input and output access lists. Default list for methods that deal with rules is output.

This class acts the same way as Socket class but provides special member called acl and a few new instance methods for controlling IP access.

:include:ghost_doc_patched_usage.rb

This documentation doesn’t cover description of all class and instance methods of the original Socket class, just the patched variants that make use of IP access control.

Example

require 'socket'                                        # load native sockets
require 'ipaccess/socket'                               # load sockets subsystem and IPAccess.arm method
include Socket::Constants

IPAccess::Set::Global.input.blacklist :localhost        # add localhost to global access set
                                                        # as a black rule of input list
socket = IPAccess::Socket.new(AF_INET, SOCK_STREAM, 0)  # create TCP socket
sockaddr = Socket.sockaddr_in(31337, '127.0.0.1')       # create sockadr_in structure
socket.bind(sockaddr)                                   # bind to port 31331 and IP 127.0.0.1
socket.listen(5)                                        # listen on socket
begin
  c_socket, c_sockaddr = socket.accept_nonblock         # call non-blocking accept for connections
rescue Errno::EAGAIN, Errno::ECONNABORTED,
       Errno::EPROTO, Errno::EINTR                  
  IO.select([socket])                                   # retry on retriable errors
  retry
rescue IPAccessDenied                                   # when access is denied
  c_socket.close                                        # close client socket
  socket.close                                          # close listener
  raise                                                 # raise exception
end
c_socket.puts "Hello world!"                            # otherwise continue
c_socket.close
socket.close

Instance Attribute Summary

• #acl ⇒ Object

  This member keeps the information about currently used access set.

Attributes included from Patches::ACL

#opened_on_deny

Instance Method Summary

• #acl_recheck ⇒ Object

  This method allows you to re-check access on demad.

• #blacklist ⇒ Object (also: #add_black, #deny, #block)

  :include:ghost_doc_p_blacklist.rb.

• #blacklist! ⇒ Object (also: #add_black!, #deny!, #block!)

  :include:ghost_doc_p_blacklist_e.rb.

• #unblacklist ⇒ Object (also: #unblock, #del_black)

  :include:ghost_doc_p_unblacklist.rb.

• #unblacklist! ⇒ Object (also: #unblock!, #del_black!)

  :include:ghost_doc_p_unblacklist_e.rb.

• #unwhitelist ⇒ Object (also: #del_white)

  :include:ghost_doc_p_unwhitelist.rb.

• #unwhitelist! ⇒ Object (also: #del_white!)

  :include:ghost_doc_p_unwhitelist_e.rb.

• #whitelist ⇒ Object

  :include:ghost_doc_p_whitelist.rb.

• #whitelist! ⇒ Object

  :include:ghost_doc_p_whitelist_e.rb.

Methods included from Patches::ACL

#__ipa_wrap_socket_call, #blacklist_reasonable, #blacklist_reasonable!, #close_on_deny, #close_on_deny=, #default_list, #terminate, #valid_acl?, #whitelist_reasonable, #whitelist_reasonable!

Instance Attribute Details

#acl ⇒ Object

This member keeps the information about currently used access set. You may use it to do low-level operations on IPAccess::Set object associated with instance. You cannot however call any of global access set operations – to do that use IPAccess::Set.Global contant referencing to global ACL.

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 127

def acl
  @acl
end

Instance Method Details

#acl_recheck ⇒ Object

This method allows you to re-check access on demad. It uses internal socket’s address and access set assigned to an object. It will close your communication session before throwing an exception in case of denied access – you can prevent it by setting the flag opened_on_deny to true. The flag can be set while initializing object (through argument :opened_on_deny) or by setting the attribute.

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 138

def acl_recheck
  # Real code hidden.
end

#blacklist ⇒ Object Also known as: add_black, deny, block

:include:ghost_doc_p_blacklist.rb

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 79

def blacklist; end

#blacklist! ⇒ Object Also known as: add_black!, deny!, block!

:include:ghost_doc_p_blacklist_e.rb

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 76

def blacklist!; end

#unblacklist ⇒ Object Also known as: unblock, del_black

:include:ghost_doc_p_unblacklist.rb

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 91

def unblacklist; end

#unblacklist! ⇒ Object Also known as: unblock!, del_black!

:include:ghost_doc_p_unblacklist_e.rb

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 88

def unblacklist!; end

#unwhitelist ⇒ Object Also known as: del_white

:include:ghost_doc_p_unwhitelist.rb

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 85

def unwhitelist; end

#unwhitelist! ⇒ Object Also known as: del_white!

:include:ghost_doc_p_unwhitelist_e.rb

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 82

def unwhitelist!; end

#whitelist ⇒ Object

:include:ghost_doc_p_whitelist.rb

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 73

def whitelist; end

#whitelist! ⇒ Object

:include:ghost_doc_p_whitelist_e.rb

# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 70

def whitelist!; end