mirror of
https://github.com/monero-project/monero.git
synced 2024-11-17 16:27:39 +00:00
p2p: fix bans taking port into account
This commit is contained in:
parent
2c171a9b02
commit
7b076d5170
5 changed files with 33 additions and 15 deletions
|
@ -271,7 +271,7 @@ namespace nodetool
|
||||||
virtual bool block_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds = P2P_IP_BLOCKTIME);
|
virtual bool block_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds = P2P_IP_BLOCKTIME);
|
||||||
virtual bool unblock_subnet(const epee::net_utils::ipv4_network_subnet &subnet);
|
virtual bool unblock_subnet(const epee::net_utils::ipv4_network_subnet &subnet);
|
||||||
virtual bool is_host_blocked(const epee::net_utils::network_address &address, time_t *seconds) { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return !is_remote_host_allowed(address, seconds); }
|
virtual bool is_host_blocked(const epee::net_utils::network_address &address, time_t *seconds) { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return !is_remote_host_allowed(address, seconds); }
|
||||||
virtual std::map<epee::net_utils::network_address, time_t> get_blocked_hosts() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_hosts; }
|
virtual std::map<std::string, time_t> get_blocked_hosts() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_hosts; }
|
||||||
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_subnets; }
|
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_subnets; }
|
||||||
|
|
||||||
virtual void add_used_stripe_peer(const typename t_payload_net_handler::connection_context &context);
|
virtual void add_used_stripe_peer(const typename t_payload_net_handler::connection_context &context);
|
||||||
|
@ -484,11 +484,11 @@ namespace nodetool
|
||||||
std::map<epee::net_utils::zone, network_zone> m_network_zones;
|
std::map<epee::net_utils::zone, network_zone> m_network_zones;
|
||||||
|
|
||||||
|
|
||||||
std::map<epee::net_utils::network_address, time_t> m_conn_fails_cache;
|
std::map<std::string, time_t> m_conn_fails_cache;
|
||||||
epee::critical_section m_conn_fails_cache_lock;
|
epee::critical_section m_conn_fails_cache_lock;
|
||||||
|
|
||||||
epee::critical_section m_blocked_hosts_lock; // for both hosts and subnets
|
epee::critical_section m_blocked_hosts_lock; // for both hosts and subnets
|
||||||
std::map<epee::net_utils::network_address, time_t> m_blocked_hosts;
|
std::map<std::string, time_t> m_blocked_hosts;
|
||||||
std::map<epee::net_utils::ipv4_network_subnet, time_t> m_blocked_subnets;
|
std::map<epee::net_utils::ipv4_network_subnet, time_t> m_blocked_subnets;
|
||||||
|
|
||||||
epee::critical_section m_host_fails_score_lock;
|
epee::critical_section m_host_fails_score_lock;
|
||||||
|
|
|
@ -166,7 +166,7 @@ namespace nodetool
|
||||||
const time_t now = time(nullptr);
|
const time_t now = time(nullptr);
|
||||||
|
|
||||||
// look in the hosts list
|
// look in the hosts list
|
||||||
auto it = m_blocked_hosts.find(address);
|
auto it = m_blocked_hosts.find(address.host_str());
|
||||||
if (it != m_blocked_hosts.end())
|
if (it != m_blocked_hosts.end())
|
||||||
{
|
{
|
||||||
if (now >= it->second)
|
if (now >= it->second)
|
||||||
|
@ -224,7 +224,7 @@ namespace nodetool
|
||||||
limit = std::numeric_limits<time_t>::max();
|
limit = std::numeric_limits<time_t>::max();
|
||||||
else
|
else
|
||||||
limit = now + seconds;
|
limit = now + seconds;
|
||||||
m_blocked_hosts[addr] = limit;
|
m_blocked_hosts[addr.host_str()] = limit;
|
||||||
|
|
||||||
// drop any connection to that address. This should only have to look into
|
// drop any connection to that address. This should only have to look into
|
||||||
// the zone related to the connection, but really make sure everything is
|
// the zone related to the connection, but really make sure everything is
|
||||||
|
@ -254,7 +254,7 @@ namespace nodetool
|
||||||
bool node_server<t_payload_net_handler>::unblock_host(const epee::net_utils::network_address &address)
|
bool node_server<t_payload_net_handler>::unblock_host(const epee::net_utils::network_address &address)
|
||||||
{
|
{
|
||||||
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
|
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
|
||||||
auto i = m_blocked_hosts.find(address);
|
auto i = m_blocked_hosts.find(address.host_str());
|
||||||
if (i == m_blocked_hosts.end())
|
if (i == m_blocked_hosts.end())
|
||||||
return false;
|
return false;
|
||||||
m_blocked_hosts.erase(i);
|
m_blocked_hosts.erase(i);
|
||||||
|
@ -1342,7 +1342,7 @@ namespace nodetool
|
||||||
bool node_server<t_payload_net_handler>::is_addr_recently_failed(const epee::net_utils::network_address& addr)
|
bool node_server<t_payload_net_handler>::is_addr_recently_failed(const epee::net_utils::network_address& addr)
|
||||||
{
|
{
|
||||||
CRITICAL_REGION_LOCAL(m_conn_fails_cache_lock);
|
CRITICAL_REGION_LOCAL(m_conn_fails_cache_lock);
|
||||||
auto it = m_conn_fails_cache.find(addr);
|
auto it = m_conn_fails_cache.find(addr.host_str());
|
||||||
if(it == m_conn_fails_cache.end())
|
if(it == m_conn_fails_cache.end())
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
|
|
@ -58,7 +58,7 @@ namespace nodetool
|
||||||
virtual bool for_connection(const boost::uuids::uuid&, std::function<bool(t_connection_context&, peerid_type, uint32_t)> f)=0;
|
virtual bool for_connection(const boost::uuids::uuid&, std::function<bool(t_connection_context&, peerid_type, uint32_t)> f)=0;
|
||||||
virtual bool block_host(const epee::net_utils::network_address &address, time_t seconds = 0)=0;
|
virtual bool block_host(const epee::net_utils::network_address &address, time_t seconds = 0)=0;
|
||||||
virtual bool unblock_host(const epee::net_utils::network_address &address)=0;
|
virtual bool unblock_host(const epee::net_utils::network_address &address)=0;
|
||||||
virtual std::map<epee::net_utils::network_address, time_t> get_blocked_hosts()=0;
|
virtual std::map<std::string, time_t> get_blocked_hosts()=0;
|
||||||
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets()=0;
|
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets()=0;
|
||||||
virtual bool add_host_fail(const epee::net_utils::network_address &address)=0;
|
virtual bool add_host_fail(const epee::net_utils::network_address &address)=0;
|
||||||
virtual void add_used_stripe_peer(const t_connection_context &context)=0;
|
virtual void add_used_stripe_peer(const t_connection_context &context)=0;
|
||||||
|
@ -114,9 +114,9 @@ namespace nodetool
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
virtual std::map<epee::net_utils::network_address, time_t> get_blocked_hosts()
|
virtual std::map<std::string, time_t> get_blocked_hosts()
|
||||||
{
|
{
|
||||||
return std::map<epee::net_utils::network_address, time_t>();
|
return std::map<std::string, time_t>();
|
||||||
}
|
}
|
||||||
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets()
|
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets()
|
||||||
{
|
{
|
||||||
|
|
|
@ -1985,12 +1985,12 @@ namespace cryptonote
|
||||||
PERF_TIMER(on_get_bans);
|
PERF_TIMER(on_get_bans);
|
||||||
|
|
||||||
auto now = time(nullptr);
|
auto now = time(nullptr);
|
||||||
std::map<epee::net_utils::network_address, time_t> blocked_hosts = m_p2p.get_blocked_hosts();
|
std::map<std::string, time_t> blocked_hosts = m_p2p.get_blocked_hosts();
|
||||||
for (std::map<epee::net_utils::network_address, time_t>::const_iterator i = blocked_hosts.begin(); i != blocked_hosts.end(); ++i)
|
for (std::map<std::string, time_t>::const_iterator i = blocked_hosts.begin(); i != blocked_hosts.end(); ++i)
|
||||||
{
|
{
|
||||||
if (i->second > now) {
|
if (i->second > now) {
|
||||||
COMMAND_RPC_GETBANS::ban b;
|
COMMAND_RPC_GETBANS::ban b;
|
||||||
b.host = i->first.host_str();
|
b.host = i->first;
|
||||||
b.ip = 0;
|
b.ip = 0;
|
||||||
uint32_t ip;
|
uint32_t ip;
|
||||||
if (epee::string_tools::get_ip_int32_from_string(ip, b.host))
|
if (epee::string_tools::get_ip_int32_from_string(ip, b.host))
|
||||||
|
|
|
@ -36,6 +36,7 @@
|
||||||
#include "cryptonote_protocol/cryptonote_protocol_handler.inl"
|
#include "cryptonote_protocol/cryptonote_protocol_handler.inl"
|
||||||
|
|
||||||
#define MAKE_IPV4_ADDRESS(a,b,c,d) epee::net_utils::ipv4_network_address{MAKE_IP(a,b,c,d),0}
|
#define MAKE_IPV4_ADDRESS(a,b,c,d) epee::net_utils::ipv4_network_address{MAKE_IP(a,b,c,d),0}
|
||||||
|
#define MAKE_IPV4_ADDRESS_PORT(a,b,c,d,e) epee::net_utils::ipv4_network_address{MAKE_IP(a,b,c,d),e}
|
||||||
#define MAKE_IPV4_SUBNET(a,b,c,d,e) epee::net_utils::ipv4_network_subnet{MAKE_IP(a,b,c,d),e}
|
#define MAKE_IPV4_SUBNET(a,b,c,d,e) epee::net_utils::ipv4_network_subnet{MAKE_IP(a,b,c,d),e}
|
||||||
|
|
||||||
namespace cryptonote {
|
namespace cryptonote {
|
||||||
|
@ -94,10 +95,10 @@ typedef nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<test_cor
|
||||||
|
|
||||||
static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
|
static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
|
||||||
{
|
{
|
||||||
std::map<epee::net_utils::network_address, time_t> hosts = server.get_blocked_hosts();
|
std::map<std::string, time_t> hosts = server.get_blocked_hosts();
|
||||||
for (auto rec: hosts)
|
for (auto rec: hosts)
|
||||||
{
|
{
|
||||||
if (rec.first == address)
|
if (rec.first == address.host_str())
|
||||||
{
|
{
|
||||||
if (t)
|
if (t)
|
||||||
*t = rec.second;
|
*t = rec.second;
|
||||||
|
@ -240,5 +241,22 @@ TEST(ban, subnet)
|
||||||
ASSERT_TRUE(server.get_blocked_subnets().size() == 0);
|
ASSERT_TRUE(server.get_blocked_subnets().size() == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TEST(ban, ignores_port)
|
||||||
|
{
|
||||||
|
time_t seconds;
|
||||||
|
test_core pr_core;
|
||||||
|
cryptonote::t_cryptonote_protocol_handler<test_core> cprotocol(pr_core, NULL);
|
||||||
|
Server server(cprotocol);
|
||||||
|
cprotocol.set_p2p_endpoint(&server);
|
||||||
|
|
||||||
|
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
|
||||||
|
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5), std::numeric_limits<time_t>::max() - 1));
|
||||||
|
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
|
||||||
|
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
|
||||||
|
ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
|
||||||
|
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
|
||||||
|
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
|
||||||
|
}
|
||||||
|
|
||||||
namespace nodetool { template class node_server<cryptonote::t_cryptonote_protocol_handler<test_core>>; }
|
namespace nodetool { template class node_server<cryptonote::t_cryptonote_protocol_handler<test_core>>; }
|
||||||
namespace cryptonote { template class t_cryptonote_protocol_handler<test_core>; }
|
namespace cryptonote { template class t_cryptonote_protocol_handler<test_core>; }
|
||||||
|
|
Loading…
Reference in a new issue