server: add EPICS_PVAS_IGNORE_ADDR_LIST

documentation/server.rst

@@ -69,6 +69,11 @@ EPICS_PVAS_BROADCAST_PORT or EPICS_PVA_BROADCAST_PORT
     If already in use, then an exception is thrown.
     Sets `pvxs::server::Config::udp_port`
 
+EPICS_PVAS_IGNORE_ADDR_LIST
+    Space seperated list of addresses with optional port.
+    Port zero is treated as a wildcard to match any port.
+    UDP traffic from matched addresses will be ignored with no further processing.
+
 .. doxygenstruct:: pvxs::server::Config
     :members:
 

src/config.cpp

@@ -182,6 +182,10 @@ void _fromDefs(Config& self, const std::map<std::string, std::string>& defs, boo
         split_addr_into(pickone.name.c_str(), self.interfaces, pickone.val, self.tcp_port, true);
     }
 
+    if(pickone({"EPICS_PVAS_IGNORE_ADDR_LIST"})) {
+        split_addr_into(pickone.name.c_str(), self.ignoreAddrs, pickone.val, 0, true);
+    }
+
     if(pickone({"EPICS_PVAS_BEACON_ADDR_LIST", "EPICS_PVA_ADDR_LIST"})) {
         split_addr_into(pickone.name.c_str(), self.beaconDestinations, pickone.val, self.udp_port);
     }
@@ -223,6 +227,7 @@ void Config::updateDefs(defs_t& defs) const
     defs["EPICS_PVA_AUTO_ADDR_LIST"] = defs["EPICS_PVAS_AUTO_BEACON_ADDR_LIST"] = auto_beacon ? "YES" : "NO";
     defs["EPICS_PVA_ADDR_LIST"]      = defs["EPICS_PVAS_BEACON_ADDR_LIST"] = join_addr(beaconDestinations);
     defs["EPICS_PVA_INTF_ADDR_LIST"] = defs["EPICS_PVAS_INTF_ADDR_LIST"]   = join_addr(interfaces);
+    defs["EPICS_PVAS_IGNORE_ADDR_LIST"]   = join_addr(ignoreAddrs);
 }
 
 void Config::expand()
@@ -240,33 +245,27 @@ void Config::expand()
 
     removeDups(interfaces);
     removeDups(beaconDestinations);
+    removeDups(ignoreAddrs);
 }
 
 std::ostream& operator<<(std::ostream& strm, const Config& conf)
 {
-    bool first;
+    auto showAddrs = [&strm](const char* var, const std::vector<std::string>& addrs) {
+        strm<<indent{}<<var<<"=\"";
+        bool first = true;
+        for(auto& iface : addrs) {
+            if(first)
+                first = false;
+            else
+                strm<<' ';
+            strm<<iface;
+        }
+        strm<<"\"\n";
+    };
 
-    strm<<indent{}<<"EPICS_PVAS_INTF_ADDR_LIST=\"";
-    first = true;
-    for(auto& iface : conf.interfaces) {
-        if(first)
-            first = false;
-        else
-            strm<<' ';
-        strm<<iface;
-    }
-    strm<<"\"\n";
-
-    strm<<indent{}<<"EPICS_PVAS_BEACON_ADDR_LIST=\"";
-    first = true;
-    for(auto& iface : conf.beaconDestinations) {
-        if(first)
-            first = false;
-        else
-            strm<<' ';
-        strm<<iface;
-    }
-    strm<<"\"\n";
+    showAddrs("EPICS_PVAS_INTF_ADDR_LIST", conf.interfaces);
+    showAddrs("EPICS_PVAS_BEACON_ADDR_LIST", conf.beaconDestinations);
+    showAddrs("EPICS_PVAS_IGNORE_ADDR_LIST", conf.ignoreAddrs);
 
     strm<<indent{}<<"EPICS_PVAS_AUTO_BEACON_ADDR_LIST="<<(conf.auto_beacon?"YES":"NO")<<'\n';
 

src/pvxs/server.h

@@ -133,6 +133,11 @@ struct PVXS_API Config {
     //! interfaces.empty() treated as an alias for "0.0.0.0", which may also be given explicitly.
     //! Port numbers are optional and unused (parsed and ignored)
     std::vector<std::string> interfaces;
+    //! Ignore client requests originating from addresses in this list.
+    //! Entries must be IP addresses with optional port numbers.
+    //! Port number zero (default) is treated as a wildcard which matches any port.
+    //! @since UNRELEASED
+    std::vector<std::string> ignoreAddrs;
     //! Addresses (**not** host names) to which (UDP) beacons message will be sent.
     //! May include broadcast and/or unicast addresses.
     //! Supplemented iif auto_beacon==true

src/server.cpp

@@ -364,6 +364,11 @@ Server::Pvt::Pvt(const Config &conf)
 #endif
     }
 
+    for(const auto& addr : effective.ignoreAddrs) {
+        SockAddr temp(AF_INET, addr.c_str());
+        ignoreList.push_back(temp);
+    }
+
 
     acceptor_loop.call([this](){
         // from acceptor worker
@@ -535,6 +540,20 @@ void Server::Pvt::onSearch(const UDPManager::Search& msg)
 {
     // on UDPManager worker
 
+    for(const auto& addr : ignoreList) { // expected to be a short list
+        if(msg.src.family()!=addr.family()) {
+            // skip
+        } else if(msg.src->in.sin_addr.s_addr != addr->in.sin_addr.s_addr) {
+            // skip
+        } else if(addr->in.sin_port==0) {
+            // ignore all ports
+            return;
+        } else if(msg.src->in.sin_port == addr->in.sin_port) {
+            // ignore specific sender port
+            return;
+        }
+    }
+
     log_debug_printf(serverio, "%s searching\n", msg.src.tostring().c_str());
 
     searchOp._names.resize(msg.names.size());

src/serverconn.h

@@ -217,6 +217,7 @@ struct Server::Pvt
 
     std::list<std::unique_ptr<UDPListener> > listeners;
     std::vector<SockAddr> beaconDest;
+    std::vector<SockAddr> ignoreList;
 
     std::list<ServIface> interfaces;
     std::map<ServerConn*, std::shared_ptr<ServerConn> > connections;