mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-11-13 04:03:19 +00:00
fix(ip-restriction): protect usrIpRstrct from concurrent access
This commit is contained in:
parent
6a0ff0efce
commit
e1843be1c8
|
@ -5,6 +5,7 @@ import (
|
|||
"io"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/xtls/xray-core/common"
|
||||
|
@ -35,6 +36,8 @@ func init() {
|
|||
|
||||
// Server is an inbound connection handler that handles messages in trojan protocol.
|
||||
type Server struct {
|
||||
sync.Mutex
|
||||
|
||||
policyManager policy.Manager
|
||||
validator *Validator
|
||||
fallbacks map[string]map[string]map[string]*Fallback // or nil
|
||||
|
@ -225,12 +228,15 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con
|
|||
addr := conn.RemoteAddr().(*net.TCPAddr)
|
||||
|
||||
uniqueIps := make(map[string]bool)
|
||||
|
||||
s.Lock()
|
||||
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
|
||||
for _, conn := range *usrIpRstrct {
|
||||
if conn.User == user.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
|
||||
uniqueIps[conn.IpAddress.String()] = true
|
||||
}
|
||||
}
|
||||
s.Unlock()
|
||||
|
||||
if (len(uniqueIps) >= int(user.IpLimit)) {
|
||||
return newError("User ", user, " has exceeded their allowed IPs.").AtWarning()
|
||||
|
|
|
@ -10,6 +10,7 @@ import (
|
|||
"reflect"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
"syscall"
|
||||
"time"
|
||||
"unsafe"
|
||||
|
@ -53,6 +54,8 @@ func init() {
|
|||
|
||||
// Handler is an inbound connection handler that handles messages in VLess protocol.
|
||||
type Handler struct {
|
||||
sync.Mutex
|
||||
|
||||
inboundHandlerManager feature_inbound.Manager
|
||||
policyManager policy.Manager
|
||||
validator *vless.Validator
|
||||
|
@ -451,12 +454,15 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
|
|||
addr := connection.RemoteAddr().(*net.TCPAddr)
|
||||
|
||||
uniqueIps := make(map[string]bool)
|
||||
|
||||
h.Lock()
|
||||
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
|
||||
for _, conn := range *usrIpRstrct {
|
||||
if conn.User == request.User.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
|
||||
uniqueIps[conn.IpAddress.String()] = true
|
||||
}
|
||||
}
|
||||
h.Unlock()
|
||||
|
||||
if (len(uniqueIps) >= int(request.User.IpLimit)) {
|
||||
return newError("User ", request.User.Email, " has exceeded their allowed IPs.").AtWarning()
|
||||
|
|
|
@ -97,6 +97,8 @@ func (v *userByEmail) Remove(email string) bool {
|
|||
|
||||
// Handler is an inbound connection handler that handles messages in VMess protocol.
|
||||
type Handler struct {
|
||||
sync.Mutex
|
||||
|
||||
policyManager policy.Manager
|
||||
inboundHandlerManager feature_inbound.Manager
|
||||
clients *vmess.TimedUserValidator
|
||||
|
@ -268,12 +270,14 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
|
|||
addr := connection.RemoteAddr().(*net.TCPAddr)
|
||||
|
||||
uniqueIps := make(map[string]bool)
|
||||
h.Lock()
|
||||
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
|
||||
for _, conn := range *usrIpRstrct {
|
||||
if conn.User == request.User.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
|
||||
uniqueIps[conn.IpAddress.String()] = true
|
||||
}
|
||||
}
|
||||
h.Unlock()
|
||||
|
||||
if (len(uniqueIps) >= int(request.User.IpLimit)) {
|
||||
return newError("User ", request.User.Email, " has exceeded their allowed IPs.").AtWarning()
|
||||
|
|
Loading…
Reference in a new issue