Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008291opensim[GRID] Robust Serverpublic2018-02-16 23:342019-02-06 11:28
Assigned ToUbitUmarov 
PlatformOSOS Version
Product Versionmaster (dev code) 
Target VersionFixed in Version 
Summary0008291: Add ability for banning via mac address
DescriptionCurrently, although not documented, banning users can be done via their names or client names. This method works for both local and hypergrid users. However since names can be easily changed and viewer banning is not really effective either implementing another system for banning users would make sense.

The most obvious choice is the mac banning method described on the wiki, unfortunately said method only works on local users, hypergrid users retain the ability to visit even if their mac is blocked in iptables.

acircuit and login data both contain various information about the user, including their mac, which makes it fairly easy to create a list of banned mac addresses both login and gatekeeper can check against.

I choose not to use the regex system for this and instead opted for the system.Contains function, as matching may result in a set of macs to be banned. Contains should match the absolute parts of the list only.

There appears to have been an attempt to write a BanService in the past, however it is unclear from lack of documentation if said service actually functions. It also uses the circuit Id instead of just the mac. Which approach yields better results is unclear. Beyond even that, since macs, IPs and various other parts of the login or HG request can be easily switched out in the viewer I am led to believe that it would be very difficult to fully ban a user.

Regardless, I have implemented a way to add a list of banned mac addresses to the Robust.ini both in the LoginService and GatekeeperService.
Steps To ReproduceFor testing:

Fetch your mac string from the login or gatekeeper service(should both be the same anyways), and add inside the GateKeeper and LoginService section:


Keep spaces between each mac, do not use vertical bars e.g. | to separate the mac strings.

Attempt to login or hypergrid in to the grid, teleport should timeout and login should fail.
Additional InformationBoth DeniedClients, AllowedClients,.. etc seem to not be defined in the Robust.ini.example, however I do have their definition and explanation in my version of said file and in the in-use Robust.ini, it would probably make sense to add this back into the file.

Patch file is attached, please excuse the slight mess in it. Tested on ZetaWorlds using local and foreign user with the same mac address.
TagsNo tags attached.
Git Revision or version number
Run ModeStandalone (1 Region) , Standalone (Multiple Regions) , Grid (1 Region per Sim) , Grid (Multiple Regions per Sim)
Physics EngineOther
Mono VersionNone
Attached Filesdiff file icon mac_banning.diff [^] (12,280 bytes) 2018-02-16 23:34 [Show Content]
diff file icon mac-banning.diff [^] (5,397 bytes) 2018-07-04 07:45 [Show Content]

- Relationships

-  Notes
Fredy Kyong (reporter)
2018-02-17 12:30
edited on: 2018-02-17 12:38

Won´t realy help when you use a CopyBot Viewer with proxy/mac masking. SL has the same problem. Only option: Close your sim for the public. When a bad guy has such tools he/she will alway be able to get in otherwise.

BillBlight (developer)
2018-02-17 15:51

That is really a poor attitude, just because there are armor piercing rounds, I guess we should make tanks out of paper, and bulletproof vests out of fishnets ..

I vote for this, not only this but possibly a wildcard IP/Grid Deny access list.
UbitUmarov (administrator)
2018-06-16 06:59

actually german leopard I tank was made paper thin because of rounds increased capabilities, It was made a mobile platform for a deadly 105mm gun (back then)
same for other tanks of its generation.

Long before that, body armor was totally abandoned on regular armies, made totally obsolute by guns and other armor piercing weapons. In that case not even replaced by mobility, like we seen on those compact infantry lines of Napolean wars for example.

well just a coment. :)
Fly-Man- (developer)
2018-07-04 05:01

I think this is def. worth implementing. Even if it keeps some people out of grids.

Codewise it looks decent enough to push into a branch @UbitUmarov
tampa (reporter)
2018-07-04 07:47

I added the patch I now use for my fork rather than the messy one of my original development branch. This patch is tested and working in latest httptests.
UbitUmarov (administrator)
2018-07-08 05:45

ok i don't like is that much, but on master now
Thanks :)
UbitUmarov (administrator)
2018-07-08 05:46

patch applied on master
BillBlight (developer)
2019-02-06 11:28

Marked as Resolved but never closed, can be reopened if needed.

- Issue History
Date Modified Username Field Change
2018-02-16 23:34 tampa New Issue
2018-02-16 23:34 tampa File Added: mac_banning.diff
2018-02-16 23:34 tampa Status new => patch included
2018-02-17 12:30 Fredy Kyong Note Added: 0032546
2018-02-17 12:35 Fredy Kyong Note Edited: 0032546 View Revisions
2018-02-17 12:35 Fredy Kyong Note Edited: 0032546 View Revisions
2018-02-17 12:36 Fredy Kyong Note Edited: 0032546 View Revisions
2018-02-17 12:38 Fredy Kyong Note Edited: 0032546 View Revisions
2018-02-17 15:51 BillBlight Note Added: 0032548
2018-06-16 06:59 UbitUmarov Note Added: 0032703
2018-07-04 05:01 Fly-Man- Note Added: 0032718
2018-07-04 07:45 tampa File Added: mac-banning.diff
2018-07-04 07:47 tampa Note Added: 0032723
2018-07-08 05:45 UbitUmarov Note Added: 0032740
2018-07-08 05:46 UbitUmarov Note Added: 0032741
2018-07-08 05:46 UbitUmarov Status patch included => resolved
2018-07-08 05:46 UbitUmarov Resolution open => fixed
2018-07-08 05:46 UbitUmarov Assigned To => UbitUmarov
2019-02-06 11:28 BillBlight Note Added: 0034386
2019-02-06 11:28 BillBlight Status resolved => closed

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker