CMUCL-chain taking off

[Adrian W. Pasieka Ikane]

Hello,


Firstly, kindly thank You to Mr Raymond Toy for his patience when I tried to learn CMUCL.
Now is time to do something concrete, i.e. to build a CMUCL-chain.

Some elements are already completed (very simple version).
The goal is to create a commercial CMUCL-chain, not easy, but worth trying.


I would need some help with CREATE-INET-LISTENER.
CREATE-INET-LISTENER is the ports opener, a critical moment from the cyber-security standpoint.


Explanation of the DEFUN below, the proposals inside, and the questions at the very end.

The names like "af-inet-mod-1" and "create-inet-listener-mod-1" are in fact COPIES from sources.
I have only added :ALIEN, :C-CALL :UNIX descriptions, to know what is coming from where.

create-inet-listener-mod-1 = CREATE-INET-LISTENER, in sources.


(DEFUN create-inet-listener-mod-1
        (port &OPTIONAL (kind :STREAM) &KEY (host 0) reuse-address (backlog 5))
   (LET ((socket (CREATE-INET-SOCKET kind))
         (addr
          (IF (STRINGP host)
              (HOST-ENTRY-ADDR
               (OR (LOOKUP-HOST-ENTRY host)
                   (ERROR 'socket-error-mod-1
                          :FORMAT-CONTROL (INTL:GETTEXT "Unknown host: ~S.")
                          :FORMAT-ARGUMENTS (LIST host)
                          :ERRNO (UNIX:UNIX-ERRNO))))   host)))


     (WHEN reuse-address
       (MULTIPLE-VALUE-BIND (optval errno)
           (set-socket-option-mod-1 socket sol-socket-mod-1 so-reuseaddr-mod-1 1)
         (OR optval
             (ERROR 'socket-error-mod-1
                    :FORMAT-CONTROL   (INTL:GETTEXT "Error ~S setting socket option on socket ~D.")
                    :FORMAT-ARGUMENTS (LIST (UNIX:GET-UNIX-ERROR-MSG errno) socket)
                    :ERRNO             errno))))

  
  
     (ALIEN:WITH-ALIEN ((sockaddr inet-sockaddr))
      (SETF (ALIEN:SLOT sockaddr 'family) af-inet-mod-1)
      (SETF (ALIEN:SLOT sockaddr 'port) (HTONS port))
      (SETF (ALIEN:SLOT sockaddr 'addr) (HTONL addr))
      (WHEN (MINUSP
           (UNIX:UNIX-BIND socket
                           (ALIEN:ALIEN-SAP sockaddr)
                           (ALIEN:ALIEN-SIZE inet-sockaddr :BYTES)))
        (LET ((errno (UNIX:UNIX-ERRNO)))
      (UNIX:UNIX-CLOSE socket)
          (ERROR 'socket-error-mod-1
                 :FORMAT-CONTROL   (INTL:GETTEXT "Error binding socket to port ~A: ~A")
                 :FORMAT-ARGUMENTS (LIST port (UNIX:GET-UNIX-ERROR-MSG))
                 :ERRNO            errno))))


#|
 ADRIAN PASIEKA's proposals to the :STREAM below.
 
Adding some analytics to the :STREAM below, to see all incoming traffic from an OPEN-NETWORK-STREAM like:

- the  IP incoming number from OPEN-NETWORK-STREAM from an external machine,
- time of connection

Each new connection would be added to a LIST, and sent to the file.
This would create a history of all connections to CREATE-INET-LISTENER.


Additionaly, each CREATE-INET-LISTENER port could have a list of allowed external IP-s.
Otherwise anybody can access it with  OPEN-NETWORK-STREAM, from any external CMUCL, not good.

There will be many thousands computers in the CMUCL-chain networks.
We don't need spamers/hackers scanning all CMUCL-chain ports all the time.
|#

    (WHEN (EQ kind :STREAM)
       (WHEN (MINUSP (UNIX:UNIX-LISTEN socket backlog))
         (LET ((errno (UNIX:UNIX-ERRNO)))
           (UNIX:UNIX-CLOSE socket)
           (ERROR 'socket-error-mod-1
                  :FORMAT-CONTROL   (INTL:GETTEXT "Error listening to socket: ~A")
                  :FORMAT-ARGUMENTS (LIST (UNIX:GET-UNIX-ERROR-MSG))
                  :ERRNO            errno))))  socket) )

;;-----------------------------------------


QUESTION:

Is there any existing solution to the proposals above?
Or, is there any specialist who could advise as much as possible?



Thank You.


-- 
Kind Regards,

Adrian W. Pasieka Ikane