Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008291opensim[GRID] Robust Serverpublic2018-02-16 23:342018-02-17 15:51
Assigned To 
Statuspatch includedResolutionopen 
PlatformOSOS Version
Product Versionmaster (dev code) 
Target VersionFixed in Version 
Summary0008291: Add ability for banning via mac address
DescriptionCurrently, although not documented, banning users can be done via their names or client names. This method works for both local and hypergrid users. However since names can be easily changed and viewer banning is not really effective either implementing another system for banning users would make sense.

The most obvious choice is the mac banning method described on the wiki, unfortunately said method only works on local users, hypergrid users retain the ability to visit even if their mac is blocked in iptables.

acircuit and login data both contain various information about the user, including their mac, which makes it fairly easy to create a list of banned mac addresses both login and gatekeeper can check against.

I choose not to use the regex system for this and instead opted for the system.Contains function, as matching may result in a set of macs to be banned. Contains should match the absolute parts of the list only.

There appears to have been an attempt to write a BanService in the past, however it is unclear from lack of documentation if said service actually functions. It also uses the circuit Id instead of just the mac. Which approach yields better results is unclear. Beyond even that, since macs, IPs and various other parts of the login or HG request can be easily switched out in the viewer I am led to believe that it would be very difficult to fully ban a user.

Regardless, I have implemented a way to add a list of banned mac addresses to the Robust.ini both in the LoginService and GatekeeperService.
Steps To ReproduceFor testing:

Fetch your mac string from the login or gatekeeper service(should both be the same anyways), and add inside the GateKeeper and LoginService section:


Keep spaces between each mac, do not use vertical bars e.g. | to separate the mac strings.

Attempt to login or hypergrid in to the grid, teleport should timeout and login should fail.
Additional InformationBoth DeniedClients, AllowedClients,.. etc seem to not be defined in the Robust.ini.example, however I do have their definition and explanation in my version of said file and in the in-use Robust.ini, it would probably make sense to add this back into the file.

Patch file is attached, please excuse the slight mess in it. Tested on ZetaWorlds using local and foreign user with the same mac address.
TagsNo tags attached.
Git Revision or version number
Run ModeStandalone (1 Region) , Standalone (Multiple Regions) , Grid (1 Region per Sim) , Grid (Multiple Regions per Sim)
Physics EngineOther
Mono VersionNone
Attached Filesdiff file icon mac_banning.diff [^] (12,280 bytes) 2018-02-16 23:34 [Show Content]

- Relationships

-  Notes
Fredy Kyong (reporter)
2018-02-17 12:30
edited on: 2018-02-17 12:38

Won´t realy help when you use a CopyBot Viewer with proxy/mac masking. SL has the same problem. Only option: Close your sim for the public. When a bad guy has such tools he/she will alway be able to get in otherwise.

watcher64 (reporter)
2018-02-17 15:51

That is really a poor attitude, just because there are armor piercing rounds, I guess we should make tanks out of paper, and bulletproof vests out of fishnets ..

I vote for this, not only this but possibly a wildcard IP/Grid Deny access list.

- Issue History
Date Modified Username Field Change
2018-02-16 23:34 tampa New Issue
2018-02-16 23:34 tampa File Added: mac_banning.diff
2018-02-16 23:34 tampa Status new => patch included
2018-02-17 12:30 Fredy Kyong Note Added: 0032546
2018-02-17 12:35 Fredy Kyong Note Edited: 0032546 View Revisions
2018-02-17 12:35 Fredy Kyong Note Edited: 0032546 View Revisions
2018-02-17 12:36 Fredy Kyong Note Edited: 0032546 View Revisions
2018-02-17 12:38 Fredy Kyong Note Edited: 0032546 View Revisions
2018-02-17 15:51 watcher64 Note Added: 0032548

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker