src: rename blocklist to banlist to avoid confusion

This commit is contained in:
0xFFFC0000 2024-11-24 17:17:07 +00:00
parent 893916ad09
commit b5cd7f870b
18 changed files with 238 additions and 228 deletions

View file

@ -89,7 +89,7 @@ namespace net_utils
bool is_local() const; bool is_local() const;
static constexpr address_type get_type_id() noexcept { return address_type::ipv4; } static constexpr address_type get_type_id() noexcept { return address_type::ipv4; }
static constexpr zone get_zone() noexcept { return zone::public_; } static constexpr zone get_zone() noexcept { return zone::public_; }
static constexpr bool is_blockable() noexcept { return true; } static constexpr bool is_bannable() noexcept { return true; }
BEGIN_KV_SERIALIZE_MAP() BEGIN_KV_SERIALIZE_MAP()
if (is_store) if (is_store)
@ -145,7 +145,7 @@ namespace net_utils
bool is_local() const; bool is_local() const;
static constexpr address_type get_type_id() noexcept { return address_type::invalid; } static constexpr address_type get_type_id() noexcept { return address_type::invalid; }
static constexpr zone get_zone() noexcept { return zone::public_; } static constexpr zone get_zone() noexcept { return zone::public_; }
static constexpr bool is_blockable() noexcept { return true; } static constexpr bool is_bannable() noexcept { return true; }
BEGIN_KV_SERIALIZE_MAP() BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(m_ip) KV_SERIALIZE(m_ip)
@ -195,7 +195,7 @@ namespace net_utils
bool is_local() const; bool is_local() const;
static constexpr address_type get_type_id() noexcept { return address_type::ipv6; } static constexpr address_type get_type_id() noexcept { return address_type::ipv6; }
static constexpr zone get_zone() noexcept { return zone::public_; } static constexpr zone get_zone() noexcept { return zone::public_; }
static constexpr bool is_blockable() noexcept { return true; } static constexpr bool is_bannable() noexcept { return true; }
static const uint8_t ID = 2; static const uint8_t ID = 2;
BEGIN_KV_SERIALIZE_MAP() BEGIN_KV_SERIALIZE_MAP()
@ -235,7 +235,7 @@ namespace net_utils
virtual bool is_local() const = 0; virtual bool is_local() const = 0;
virtual address_type get_type_id() const = 0; virtual address_type get_type_id() const = 0;
virtual zone get_zone() const = 0; virtual zone get_zone() const = 0;
virtual bool is_blockable() const = 0; virtual bool is_bannable() const = 0;
virtual std::uint16_t port() const = 0; virtual std::uint16_t port() const = 0;
}; };
@ -266,7 +266,7 @@ namespace net_utils
virtual bool is_local() const override { return value.is_local(); } virtual bool is_local() const override { return value.is_local(); }
virtual address_type get_type_id() const override { return value.get_type_id(); } virtual address_type get_type_id() const override { return value.get_type_id(); }
virtual zone get_zone() const override { return value.get_zone(); } virtual zone get_zone() const override { return value.get_zone(); }
virtual bool is_blockable() const override { return value.is_blockable(); } virtual bool is_bannable() const override { return value.is_bannable(); }
virtual std::uint16_t port() const override { return value.port(); } virtual std::uint16_t port() const override { return value.port(); }
}; };
@ -313,7 +313,7 @@ namespace net_utils
bool is_local() const { return self ? self->is_local() : false; } bool is_local() const { return self ? self->is_local() : false; }
address_type get_type_id() const { return self ? self->get_type_id() : address_type::invalid; } address_type get_type_id() const { return self ? self->get_type_id() : address_type::invalid; }
zone get_zone() const { return self ? self->get_zone() : zone::invalid; } zone get_zone() const { return self ? self->get_zone() : zone::invalid; }
bool is_blockable() const { return self ? self->is_blockable() : false; } bool is_bannable() const { return self ? self->is_bannable() : false; }
std::uint16_t port() const { return self ? self->port() : 0; } std::uint16_t port() const { return self ? self->port() : 0; }
template<typename Type> const Type &as() const { return as_mutable<const Type>(); } template<typename Type> const Type &as() const { return as_mutable<const Type>(); }

View file

@ -149,14 +149,14 @@
#define P2P_DEFAULT_LIMIT_RATE_DOWN 8192 // kB/s #define P2P_DEFAULT_LIMIT_RATE_DOWN 8192 // kB/s
#define P2P_FAILED_ADDR_FORGET_SECONDS (60*60) //1 hour #define P2P_FAILED_ADDR_FORGET_SECONDS (60*60) //1 hour
#define P2P_IP_BLOCKTIME (60*60*24) //24 hour #define P2P_IP_BANTIME (60*60*24) //24 hour
#define P2P_IP_FAILS_BEFORE_BLOCK 10 #define P2P_IP_FAILS_BEFORE_BAN 10
#define P2P_IDLE_CONNECTION_KILL_INTERVAL (5*60) //5 minutes #define P2P_IDLE_CONNECTION_KILL_INTERVAL (5*60) //5 minutes
#define P2P_SUPPORT_FLAG_FLUFFY_BLOCKS 0x01 #define P2P_SUPPORT_FLAG_FLUFFY_BLOCKS 0x01
#define P2P_SUPPORT_FLAGS P2P_SUPPORT_FLAG_FLUFFY_BLOCKS #define P2P_SUPPORT_FLAGS P2P_SUPPORT_FLAG_FLUFFY_BLOCKS
#define RPC_IP_FAILS_BEFORE_BLOCK 3 #define RPC_IP_FAILS_BEFORE_BAN 3
#define CRYPTONOTE_NAME "bitmonero" #define CRYPTONOTE_NAME "bitmonero"
#define CRYPTONOTE_BLOCKCHAINDATA_FILENAME "data.mdb" #define CRYPTONOTE_BLOCKCHAINDATA_FILENAME "data.mdb"
@ -205,7 +205,7 @@
#define RPC_CREDITS_PER_HASH_SCALE ((float)(1<<24)) #define RPC_CREDITS_PER_HASH_SCALE ((float)(1<<24))
#define DNS_BLOCKLIST_LIFETIME (86400 * 8) #define DNS_BANLIST_LIFETIME (86400 * 8)
//The limit is enough for the mandatory transaction content with 16 outputs (547 bytes), //The limit is enough for the mandatory transaction content with 16 outputs (547 bytes),
//a custom tag (1 byte) and up to 32 bytes of custom data for each recipient. //a custom tag (1 byte) and up to 32 bytes of custom data for each recipient.

View file

@ -519,7 +519,7 @@ namespace cryptonote
if(bvc.m_verifivation_failed) if(bvc.m_verifivation_failed)
{ {
LOG_PRINT_CCONTEXT_L0("Block verification failed, dropping connection"); LOG_PRINT_CCONTEXT_L0("Block verification failed, dropping connection");
drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BLOCK : 1, false); drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BAN : 1, false);
return 1; return 1;
} }
if(bvc.m_added_to_main_chain) if(bvc.m_added_to_main_chain)
@ -802,7 +802,7 @@ namespace cryptonote
if( bvc.m_verifivation_failed ) if( bvc.m_verifivation_failed )
{ {
LOG_PRINT_CCONTEXT_L0("Block verification failed, dropping connection"); LOG_PRINT_CCONTEXT_L0("Block verification failed, dropping connection");
drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BLOCK : 1, false); drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BAN : 1, false);
return 1; return 1;
} }
if( bvc.m_added_to_main_chain ) if( bvc.m_added_to_main_chain )
@ -1605,7 +1605,7 @@ namespace cryptonote
drop_connections(span_origin); drop_connections(span_origin);
if (!m_p2p->for_connection(span_connection_id, [&](cryptonote_connection_context& context, nodetool::peerid_type peer_id, uint32_t f)->bool{ if (!m_p2p->for_connection(span_connection_id, [&](cryptonote_connection_context& context, nodetool::peerid_type peer_id, uint32_t f)->bool{
LOG_PRINT_CCONTEXT_L1("Block verification failed, dropping connection"); LOG_PRINT_CCONTEXT_L1("Block verification failed, dropping connection");
drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BLOCK : 1, true); drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BAN : 1, true);
return 1; return 1;
})) }))
LOG_ERROR_CCONTEXT("span connection id not found"); LOG_ERROR_CCONTEXT("span connection id not found");

View file

@ -660,7 +660,7 @@ bool t_command_parser_executor::ban(const std::vector<std::string>& args)
std::cout << "Invalid syntax: Expects one or two parameters. For more details, use the help command." << std::endl; std::cout << "Invalid syntax: Expects one or two parameters. For more details, use the help command." << std::endl;
return true; return true;
} }
time_t seconds = P2P_IP_BLOCKTIME; time_t seconds = P2P_IP_BANTIME;
if (args.size() > 1) if (args.size() > 1)
{ {
try try

View file

@ -192,7 +192,7 @@ bool t_rpc_command_executor::print_peer_list(bool white, bool gray, size_t limit
std::string failure_message = "Couldn't retrieve peer list"; std::string failure_message = "Couldn't retrieve peer list";
req.include_blocked = true; req.include_banned = req.include_blocked = true;
if (m_is_rpc) if (m_is_rpc)
{ {
@ -240,7 +240,7 @@ bool t_rpc_command_executor::print_peer_list_stats() {
std::string failure_message = "Couldn't retrieve peer list"; std::string failure_message = "Couldn't retrieve peer list";
req.public_only = false; req.public_only = false;
req.include_blocked = true; req.include_banned = req.include_blocked = true;
if (m_is_rpc) if (m_is_rpc)
{ {

View file

@ -119,7 +119,7 @@ namespace net
} }
//! \return `!is_unknown()`. //! \return `!is_unknown()`.
bool is_blockable() const noexcept { return !is_unknown(); } bool is_bannable() const noexcept { return !is_unknown(); }
}; };
inline bool operator==(const i2p_address& lhs, const i2p_address& rhs) noexcept inline bool operator==(const i2p_address& lhs, const i2p_address& rhs) noexcept

View file

@ -121,7 +121,7 @@ namespace net
} }
//! \return `!is_unknown()`. //! \return `!is_unknown()`.
bool is_blockable() const noexcept { return !is_unknown(); } bool is_bannable() const noexcept { return !is_unknown(); }
}; };
inline bool operator==(const tor_address& lhs, const tor_address& rhs) noexcept inline bool operator==(const tor_address& lhs, const tor_address& rhs) noexcept

View file

@ -152,7 +152,8 @@ namespace nodetool
const command_line::arg_descriptor<std::string> arg_ban_list = {"ban-list", "Specify ban list file, one IP address per line"}; const command_line::arg_descriptor<std::string> arg_ban_list = {"ban-list", "Specify ban list file, one IP address per line"};
const command_line::arg_descriptor<bool> arg_p2p_hide_my_port = {"hide-my-port", "Do not announce yourself as peerlist candidate", false, true}; const command_line::arg_descriptor<bool> arg_p2p_hide_my_port = {"hide-my-port", "Do not announce yourself as peerlist candidate", false, true};
const command_line::arg_descriptor<bool> arg_no_sync = {"no-sync", "Don't synchronize the blockchain with other peers", false}; const command_line::arg_descriptor<bool> arg_no_sync = {"no-sync", "Don't synchronize the blockchain with other peers", false};
const command_line::arg_descriptor<bool> arg_enable_dns_blocklist = {"enable-dns-blocklist", "Apply realtime blocklist from DNS", false}; const command_line::arg_descriptor<bool> arg_enable_dns_banlist = {"enable-dns-banlist", "Apply realtime banlist from DNS", false};
const command_line::arg_descriptor<bool> arg_enable_dns_blocklist = {"enable-dns-blocklist", "Apply realtime banlist from DNS, alias for --enable-dns-banlist flag", false};
const command_line::arg_descriptor<bool> arg_no_igd = {"no-igd", "Disable UPnP port mapping"}; const command_line::arg_descriptor<bool> arg_no_igd = {"no-igd", "Disable UPnP port mapping"};
const command_line::arg_descriptor<std::string> arg_igd = {"igd", "UPnP port mapping (disabled, enabled, delayed)", "delayed"}; const command_line::arg_descriptor<std::string> arg_igd = {"igd", "UPnP port mapping (disabled, enabled, delayed)", "delayed"};

View file

@ -285,13 +285,13 @@ namespace nodetool
uint32_t get_max_out_public_peers() const; uint32_t get_max_out_public_peers() const;
void change_max_in_public_peers(size_t count); void change_max_in_public_peers(size_t count);
uint32_t get_max_in_public_peers() const; uint32_t get_max_in_public_peers() const;
virtual bool block_host(epee::net_utils::network_address address, time_t seconds = P2P_IP_BLOCKTIME, bool add_only = false); virtual bool ban_host(epee::net_utils::network_address address, time_t seconds = P2P_IP_BANTIME, bool add_only = false);
virtual bool unblock_host(const epee::net_utils::network_address &address); virtual bool unban_host(const epee::net_utils::network_address &address);
virtual bool block_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds = P2P_IP_BLOCKTIME); virtual bool ban_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds = P2P_IP_BANTIME);
virtual bool unblock_subnet(const epee::net_utils::ipv4_network_subnet &subnet); virtual bool unban_subnet(const epee::net_utils::ipv4_network_subnet &subnet);
virtual bool is_host_blocked(const epee::net_utils::network_address &address, time_t *seconds) { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return !is_remote_host_allowed(address, seconds); } virtual bool is_host_banned(const epee::net_utils::network_address &address, time_t *seconds) { CRITICAL_REGION_LOCAL(m_banned_hosts_lock); return !is_remote_host_allowed(address, seconds); }
virtual std::map<std::string, time_t> get_blocked_hosts() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_hosts; } virtual std::map<std::string, time_t> get_banned_hosts() { CRITICAL_REGION_LOCAL(m_banned_hosts_lock); return m_banned_hosts; }
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_subnets; } virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_banned_subnets() { CRITICAL_REGION_LOCAL(m_banned_hosts_lock); return m_banned_subnets; }
virtual void add_used_stripe_peer(const typename t_payload_net_handler::connection_context &context); virtual void add_used_stripe_peer(const typename t_payload_net_handler::connection_context &context);
virtual void remove_used_stripe_peer(const typename t_payload_net_handler::connection_context &context); virtual void remove_used_stripe_peer(const typename t_payload_net_handler::connection_context &context);
@ -366,7 +366,7 @@ namespace nodetool
bool peer_sync_idle_maker(); bool peer_sync_idle_maker();
bool do_handshake_with_peer(peerid_type& pi, p2p_connection_context& context, bool just_take_peerlist = false); bool do_handshake_with_peer(peerid_type& pi, p2p_connection_context& context, bool just_take_peerlist = false);
bool do_peer_timed_sync(const epee::net_utils::connection_context_base& context, peerid_type peer_id); bool do_peer_timed_sync(const epee::net_utils::connection_context_base& context, peerid_type peer_id);
bool update_dns_blocklist(); bool update_dns_banlist();
bool make_new_connection_from_anchor_peerlist(const std::vector<anchor_peerlist_entry>& anchor_peerlist); bool make_new_connection_from_anchor_peerlist(const std::vector<anchor_peerlist_entry>& anchor_peerlist);
bool make_new_connection_from_peerlist(network_zone& zone, bool use_white_list); bool make_new_connection_from_peerlist(network_zone& zone, bool use_white_list);
@ -472,7 +472,7 @@ namespace nodetool
epee::math_helper::once_a_time_seconds<60*30, false> m_peerlist_store_interval; epee::math_helper::once_a_time_seconds<60*30, false> m_peerlist_store_interval;
epee::math_helper::once_a_time_seconds<60> m_gray_peerlist_housekeeping_interval; epee::math_helper::once_a_time_seconds<60> m_gray_peerlist_housekeeping_interval;
epee::math_helper::once_a_time_seconds<3600, false> m_incoming_connections_interval; epee::math_helper::once_a_time_seconds<3600, false> m_incoming_connections_interval;
epee::math_helper::once_a_time_seconds<7000> m_dns_blocklist_interval; epee::math_helper::once_a_time_seconds<7000> m_dns_banlist_interval;
std::list<epee::net_utils::network_address> m_priority_peers; std::list<epee::net_utils::network_address> m_priority_peers;
std::vector<epee::net_utils::network_address> m_exclusive_peers; std::vector<epee::net_utils::network_address> m_exclusive_peers;
@ -497,9 +497,9 @@ namespace nodetool
std::map<std::string, time_t> m_conn_fails_cache; std::map<std::string, time_t> m_conn_fails_cache;
epee::critical_section m_conn_fails_cache_lock; epee::critical_section m_conn_fails_cache_lock;
epee::critical_section m_blocked_hosts_lock; // for both hosts and subnets epee::critical_section m_banned_hosts_lock; // for both hosts and subnets
std::map<std::string, time_t> m_blocked_hosts; std::map<std::string, time_t> m_banned_hosts;
std::map<epee::net_utils::ipv4_network_subnet, time_t> m_blocked_subnets; std::map<epee::net_utils::ipv4_network_subnet, time_t> m_banned_subnets;
epee::critical_section m_host_fails_score_lock; epee::critical_section m_host_fails_score_lock;
std::map<std::string, uint64_t> m_host_fails_score; std::map<std::string, uint64_t> m_host_fails_score;
@ -513,7 +513,7 @@ namespace nodetool
epee::net_utils::ssl_support_t m_ssl_support; epee::net_utils::ssl_support_t m_ssl_support;
bool m_enable_dns_seed_nodes; bool m_enable_dns_seed_nodes;
bool m_enable_dns_blocklist; bool m_enable_dns_banlist;
uint32_t max_connections; uint32_t max_connections;
}; };
@ -537,6 +537,7 @@ namespace nodetool
extern const command_line::arg_descriptor<std::string> arg_ban_list; extern const command_line::arg_descriptor<std::string> arg_ban_list;
extern const command_line::arg_descriptor<bool> arg_p2p_hide_my_port; extern const command_line::arg_descriptor<bool> arg_p2p_hide_my_port;
extern const command_line::arg_descriptor<bool> arg_no_sync; extern const command_line::arg_descriptor<bool> arg_no_sync;
extern const command_line::arg_descriptor<bool> arg_enable_dns_banlist;
extern const command_line::arg_descriptor<bool> arg_enable_dns_blocklist; extern const command_line::arg_descriptor<bool> arg_enable_dns_blocklist;
extern const command_line::arg_descriptor<bool> arg_no_igd; extern const command_line::arg_descriptor<bool> arg_no_igd;

View file

@ -116,6 +116,7 @@ namespace nodetool
command_line::add_arg(desc, arg_ban_list); command_line::add_arg(desc, arg_ban_list);
command_line::add_arg(desc, arg_p2p_hide_my_port); command_line::add_arg(desc, arg_p2p_hide_my_port);
command_line::add_arg(desc, arg_no_sync); command_line::add_arg(desc, arg_no_sync);
command_line::add_arg(desc, arg_enable_dns_banlist);
command_line::add_arg(desc, arg_enable_dns_blocklist); command_line::add_arg(desc, arg_enable_dns_blocklist);
command_line::add_arg(desc, arg_no_igd); command_line::add_arg(desc, arg_no_igd);
command_line::add_arg(desc, arg_igd); command_line::add_arg(desc, arg_igd);
@ -174,19 +175,19 @@ namespace nodetool
template<class t_payload_net_handler> template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::is_remote_host_allowed(const epee::net_utils::network_address &address, time_t *t) bool node_server<t_payload_net_handler>::is_remote_host_allowed(const epee::net_utils::network_address &address, time_t *t)
{ {
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
const time_t now = time(nullptr); const time_t now = time(nullptr);
// look in the hosts list // look in the hosts list
auto it = m_blocked_hosts.find(address.host_str()); auto it = m_banned_hosts.find(address.host_str());
if (it != m_blocked_hosts.end()) if (it != m_banned_hosts.end())
{ {
if (now >= it->second) if (now >= it->second)
{ {
m_blocked_hosts.erase(it); m_banned_hosts.erase(it);
MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unblocked."); MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unbanned.");
it = m_blocked_hosts.end(); it = m_banned_hosts.end();
} }
else else
{ {
@ -201,12 +202,12 @@ namespace nodetool
{ {
auto ipv4_address = address.template as<epee::net_utils::ipv4_network_address>(); auto ipv4_address = address.template as<epee::net_utils::ipv4_network_address>();
std::map<epee::net_utils::ipv4_network_subnet, time_t>::iterator it; std::map<epee::net_utils::ipv4_network_subnet, time_t>::iterator it;
for (it = m_blocked_subnets.begin(); it != m_blocked_subnets.end(); ) for (it = m_banned_subnets.begin(); it != m_banned_subnets.end(); )
{ {
if (now >= it->second) if (now >= it->second)
{ {
it = m_blocked_subnets.erase(it); it = m_banned_subnets.erase(it);
MCLOG_CYAN(el::Level::Info, "global", "Subnet " << it->first.host_str() << " unblocked."); MCLOG_CYAN(el::Level::Info, "global", "Subnet " << it->first.host_str() << " unbanned.");
continue; continue;
} }
if (it->first.matches(ipv4_address)) if (it->first.matches(ipv4_address))
@ -224,41 +225,41 @@ namespace nodetool
} }
//----------------------------------------------------------------------------------- //-----------------------------------------------------------------------------------
template<class t_payload_net_handler> template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::block_host(epee::net_utils::network_address addr, time_t seconds, bool add_only) bool node_server<t_payload_net_handler>::ban_host(epee::net_utils::network_address addr, time_t seconds, bool add_only)
{ {
if(!addr.is_blockable()) if(!addr.is_bannable())
return false; return false;
const time_t now = time(nullptr); const time_t now = time(nullptr);
bool added = false; bool added = false;
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
time_t limit; time_t limit;
if (now > std::numeric_limits<time_t>::max() - seconds) if (now > std::numeric_limits<time_t>::max() - seconds)
limit = std::numeric_limits<time_t>::max(); limit = std::numeric_limits<time_t>::max();
else else
limit = now + seconds; limit = now + seconds;
const std::string host_str = addr.host_str(); const std::string host_str = addr.host_str();
auto it = m_blocked_hosts.find(host_str); auto it = m_banned_hosts.find(host_str);
if (it == m_blocked_hosts.end()) if (it == m_banned_hosts.end())
{ {
m_blocked_hosts[host_str] = limit; m_banned_hosts[host_str] = limit;
// if the host was already blocked due to being in a blocked subnet, let it be silent // if the host was already banned due to being in a banned subnet, let it be silent
bool matches_blocked_subnet = false; bool matches_banned_subnet = false;
if (addr.get_type_id() == epee::net_utils::address_type::ipv4) if (addr.get_type_id() == epee::net_utils::address_type::ipv4)
{ {
auto ipv4_address = addr.template as<epee::net_utils::ipv4_network_address>(); auto ipv4_address = addr.template as<epee::net_utils::ipv4_network_address>();
for (auto jt = m_blocked_subnets.begin(); jt != m_blocked_subnets.end(); ++jt) for (auto jt = m_banned_subnets.begin(); jt != m_banned_subnets.end(); ++jt)
{ {
if (jt->first.matches(ipv4_address)) if (jt->first.matches(ipv4_address))
{ {
matches_blocked_subnet = true; matches_banned_subnet = true;
break; break;
} }
} }
} }
if (!matches_blocked_subnet) if (!matches_banned_subnet)
added = true; added = true;
} }
else if (it->second < limit || !add_only) else if (it->second < limit || !add_only)
@ -300,37 +301,37 @@ namespace nodetool
} }
if (added) if (added)
MCLOG_CYAN(el::Level::Info, "global", "Host " << host_str << " blocked."); MCLOG_CYAN(el::Level::Info, "global", "Host " << host_str << " banned.");
else else
MINFO("Host " << host_str << " block time updated."); MINFO("Host " << host_str << " ban time updated.");
return true; return true;
} }
//----------------------------------------------------------------------------------- //-----------------------------------------------------------------------------------
template<class t_payload_net_handler> template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::unblock_host(const epee::net_utils::network_address &address) bool node_server<t_payload_net_handler>::unban_host(const epee::net_utils::network_address &address)
{ {
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
auto i = m_blocked_hosts.find(address.host_str()); auto i = m_banned_hosts.find(address.host_str());
if (i == m_blocked_hosts.end()) if (i == m_banned_hosts.end())
return false; return false;
m_blocked_hosts.erase(i); m_banned_hosts.erase(i);
MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unblocked."); MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unbanned.");
return true; return true;
} }
//----------------------------------------------------------------------------------- //-----------------------------------------------------------------------------------
template<class t_payload_net_handler> template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::block_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds) bool node_server<t_payload_net_handler>::ban_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds)
{ {
const time_t now = time(nullptr); const time_t now = time(nullptr);
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
time_t limit; time_t limit;
if (now > std::numeric_limits<time_t>::max() - seconds) if (now > std::numeric_limits<time_t>::max() - seconds)
limit = std::numeric_limits<time_t>::max(); limit = std::numeric_limits<time_t>::max();
else else
limit = now + seconds; limit = now + seconds;
const bool added = m_blocked_subnets.find(subnet) == m_blocked_subnets.end(); const bool added = m_banned_subnets.find(subnet) == m_banned_subnets.end();
m_blocked_subnets[subnet] = limit; m_banned_subnets[subnet] = limit;
// drop any connection to that subnet. This should only have to look into // drop any connection to that subnet. This should only have to look into
// the zone related to the connection, but really make sure everything is // the zone related to the connection, but really make sure everything is
@ -363,39 +364,39 @@ namespace nodetool
} }
if (added) if (added)
MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " blocked."); MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " banned.");
else else
MINFO("Subnet " << subnet.host_str() << " blocked."); MINFO("Subnet " << subnet.host_str() << " banned.");
return true; return true;
} }
//----------------------------------------------------------------------------------- //-----------------------------------------------------------------------------------
template<class t_payload_net_handler> template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::unblock_subnet(const epee::net_utils::ipv4_network_subnet &subnet) bool node_server<t_payload_net_handler>::unban_subnet(const epee::net_utils::ipv4_network_subnet &subnet)
{ {
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
auto i = m_blocked_subnets.find(subnet); auto i = m_banned_subnets.find(subnet);
if (i == m_blocked_subnets.end()) if (i == m_banned_subnets.end())
return false; return false;
m_blocked_subnets.erase(i); m_banned_subnets.erase(i);
MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " unblocked."); MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " unbanned.");
return true; return true;
} }
//----------------------------------------------------------------------------------- //-----------------------------------------------------------------------------------
template<class t_payload_net_handler> template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::add_host_fail(const epee::net_utils::network_address &address, unsigned int score) bool node_server<t_payload_net_handler>::add_host_fail(const epee::net_utils::network_address &address, unsigned int score)
{ {
if(!address.is_blockable()) if(!address.is_bannable())
return false; return false;
CRITICAL_REGION_LOCAL(m_host_fails_score_lock); CRITICAL_REGION_LOCAL(m_host_fails_score_lock);
uint64_t fails = m_host_fails_score[address.host_str()] += score; uint64_t fails = m_host_fails_score[address.host_str()] += score;
MDEBUG("Host " << address.host_str() << " fail score=" << fails); MDEBUG("Host " << address.host_str() << " fail score=" << fails);
if(fails > P2P_IP_FAILS_BEFORE_BLOCK) if(fails > P2P_IP_FAILS_BEFORE_BAN)
{ {
auto it = m_host_fails_score.find(address.host_str()); auto it = m_host_fails_score.find(address.host_str());
CHECK_AND_ASSERT_MES(it != m_host_fails_score.end(), false, "internal error"); CHECK_AND_ASSERT_MES(it != m_host_fails_score.end(), false, "internal error");
it->second = P2P_IP_FAILS_BEFORE_BLOCK/2; it->second = P2P_IP_FAILS_BEFORE_BAN/2;
block_host(address); ban_host(address);
} }
return true; return true;
} }
@ -530,13 +531,13 @@ namespace nodetool
auto subnet = net::get_ipv4_subnet_address(line); auto subnet = net::get_ipv4_subnet_address(line);
if (subnet) if (subnet)
{ {
block_subnet(*subnet, std::numeric_limits<time_t>::max()); ban_subnet(*subnet, std::numeric_limits<time_t>::max());
continue; continue;
} }
const expect<epee::net_utils::network_address> parsed_addr = net::get_network_address(line, 0); const expect<epee::net_utils::network_address> parsed_addr = net::get_network_address(line, 0);
if (parsed_addr) if (parsed_addr)
{ {
block_host(*parsed_addr, std::numeric_limits<time_t>::max()); ban_host(*parsed_addr, std::numeric_limits<time_t>::max());
continue; continue;
} }
MERROR("Invalid IP address or IPv4 subnet: " << line); MERROR("Invalid IP address or IPv4 subnet: " << line);
@ -549,7 +550,8 @@ namespace nodetool
if (command_line::has_arg(vm, arg_no_sync)) if (command_line::has_arg(vm, arg_no_sync))
m_payload_handler.set_no_sync(true); m_payload_handler.set_no_sync(true);
m_enable_dns_blocklist = command_line::get_arg(vm, arg_enable_dns_blocklist); m_enable_dns_banlist = command_line::get_arg(vm, arg_enable_dns_banlist)
|| command_line::get_arg(vm, arg_enable_dns_blocklist);
if ( !set_max_out_peers(public_zone, command_line::get_arg(vm, arg_out_peers) ) ) if ( !set_max_out_peers(public_zone, command_line::get_arg(vm, arg_out_peers) ) )
return false; return false;
@ -907,7 +909,7 @@ namespace nodetool
public_zone.m_proxy_address = *endpoint; public_zone.m_proxy_address = *endpoint;
public_zone.m_can_pingback = false; public_zone.m_can_pingback = false;
m_enable_dns_seed_nodes &= proxy_dns_leaks_allowed; m_enable_dns_seed_nodes &= proxy_dns_leaks_allowed;
m_enable_dns_blocklist &= proxy_dns_leaks_allowed; m_enable_dns_banlist &= proxy_dns_leaks_allowed;
} }
if (m_nettype == cryptonote::TESTNET) if (m_nettype == cryptonote::TESTNET)
@ -2015,14 +2017,14 @@ namespace nodetool
m_gray_peerlist_housekeeping_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::gray_peerlist_housekeeping, this)); m_gray_peerlist_housekeeping_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::gray_peerlist_housekeeping, this));
m_peerlist_store_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::store_config, this)); m_peerlist_store_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::store_config, this));
m_incoming_connections_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::check_incoming_connections, this)); m_incoming_connections_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::check_incoming_connections, this));
m_dns_blocklist_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::update_dns_blocklist, this)); m_dns_banlist_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::update_dns_banlist, this));
return true; return true;
} }
//----------------------------------------------------------------------------------- //-----------------------------------------------------------------------------------
template<class t_payload_net_handler> template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::update_dns_blocklist() bool node_server<t_payload_net_handler>::update_dns_banlist()
{ {
if (!m_enable_dns_blocklist) if (!m_enable_dns_banlist)
return true; return true;
if (m_nettype != cryptonote::MAINNET) if (m_nettype != cryptonote::MAINNET)
return true; return true;
@ -2053,23 +2055,23 @@ namespace nodetool
auto subnet = net::get_ipv4_subnet_address(ip); auto subnet = net::get_ipv4_subnet_address(ip);
if (subnet) if (subnet)
{ {
block_subnet(*subnet, DNS_BLOCKLIST_LIFETIME); ban_subnet(*subnet, DNS_BANLIST_LIFETIME);
++good; ++good;
continue; continue;
} }
const expect<epee::net_utils::network_address> parsed_addr = net::get_network_address(ip, 0); const expect<epee::net_utils::network_address> parsed_addr = net::get_network_address(ip, 0);
if (parsed_addr) if (parsed_addr)
{ {
block_host(*parsed_addr, DNS_BLOCKLIST_LIFETIME, true); ban_host(*parsed_addr, DNS_BANLIST_LIFETIME, true);
++good; ++good;
continue; continue;
} }
MWARNING("Invalid IP address or subnet from DNS blocklist: " << ip << " - " << parsed_addr.error()); MWARNING("Invalid IP address or subnet from DNS banlist: " << ip << " - " << parsed_addr.error());
++bad; ++bad;
} }
} }
if (good > 0) if (good > 0)
MINFO(good << " addresses added to the blocklist"); MINFO(good << " addresses added to the banlist");
return true; return true;
} }
//----------------------------------------------------------------------------------- //-----------------------------------------------------------------------------------
@ -2188,7 +2190,7 @@ namespace nodetool
LOG_DEBUG_CC(context, "REMOTE PEERLIST: remote peerlist size=" << peerlist_.size()); LOG_DEBUG_CC(context, "REMOTE PEERLIST: remote peerlist size=" << peerlist_.size());
LOG_TRACE_CC(context, "REMOTE PEERLIST: " << ENDL << print_peerlist_to_string(peerlist_)); LOG_TRACE_CC(context, "REMOTE PEERLIST: " << ENDL << print_peerlist_to_string(peerlist_));
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
return m_network_zones.at(context.m_remote_address.get_zone()).m_peerlist.merge_peerlist(peerlist_, [this](const peerlist_entry &pe) { return m_network_zones.at(context.m_remote_address.get_zone()).m_peerlist.merge_peerlist(peerlist_, [this](const peerlist_entry &pe) {
return !is_addr_recently_failed(pe.adr) && is_remote_host_allowed(pe.adr); return !is_addr_recently_failed(pe.adr) && is_remote_host_allowed(pe.adr);
}); });

View file

@ -59,10 +59,10 @@ namespace nodetool
virtual uint64_t get_public_connections_count()=0; virtual uint64_t get_public_connections_count()=0;
virtual void for_each_connection(std::function<bool(t_connection_context&, peerid_type, uint32_t)> f)=0; virtual void for_each_connection(std::function<bool(t_connection_context&, peerid_type, uint32_t)> f)=0;
virtual bool for_connection(const boost::uuids::uuid&, std::function<bool(t_connection_context&, peerid_type, uint32_t)> f)=0; virtual bool for_connection(const boost::uuids::uuid&, std::function<bool(t_connection_context&, peerid_type, uint32_t)> f)=0;
virtual bool block_host(epee::net_utils::network_address address, time_t seconds = 0, bool add_only = false)=0; virtual bool ban_host(epee::net_utils::network_address address, time_t seconds = 0, bool add_only = false)=0;
virtual bool unblock_host(const epee::net_utils::network_address &address)=0; virtual bool unban_host(const epee::net_utils::network_address &address)=0;
virtual std::map<std::string, time_t> get_blocked_hosts()=0; virtual std::map<std::string, time_t> get_banned_hosts()=0;
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets()=0; virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_banned_subnets()=0;
virtual bool add_host_fail(const epee::net_utils::network_address &address, unsigned int score = 1)=0; virtual bool add_host_fail(const epee::net_utils::network_address &address, unsigned int score = 1)=0;
virtual void add_used_stripe_peer(const t_connection_context &context)=0; virtual void add_used_stripe_peer(const t_connection_context &context)=0;
virtual void remove_used_stripe_peer(const t_connection_context &context)=0; virtual void remove_used_stripe_peer(const t_connection_context &context)=0;
@ -105,19 +105,19 @@ namespace nodetool
{ {
return false; return false;
} }
virtual bool block_host(epee::net_utils::network_address address, time_t seconds, bool add_only) virtual bool ban_host(epee::net_utils::network_address address, time_t seconds, bool add_only)
{ {
return true; return true;
} }
virtual bool unblock_host(const epee::net_utils::network_address &address) virtual bool unban_host(const epee::net_utils::network_address &address)
{ {
return true; return true;
} }
virtual std::map<std::string, time_t> get_blocked_hosts() virtual std::map<std::string, time_t> get_banned_hosts()
{ {
return std::map<std::string, time_t>(); return std::map<std::string, time_t>();
} }
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets() virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_banned_subnets()
{ {
return std::map<epee::net_utils::ipv4_network_subnet, time_t>(); return std::map<epee::net_utils::ipv4_network_subnet, time_t>();
} }

View file

@ -197,7 +197,7 @@ namespace cryptonote
request.gray = true; request.gray = true;
request.white = true; request.white = true;
request.include_blocked = false; request.include_banned = request.include_blocked = false;
if (!on_get_public_nodes(request, response) || response.status != CORE_RPC_STATUS_OK) if (!on_get_public_nodes(request, response) || response.status != CORE_RPC_STATUS_OK)
{ {
return {}; return {};
@ -465,18 +465,18 @@ namespace cryptonote
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
bool core_rpc_server::add_host_fail(const connection_context *ctx, unsigned int score) bool core_rpc_server::add_host_fail(const connection_context *ctx, unsigned int score)
{ {
if(!ctx || !ctx->m_remote_address.is_blockable() || disable_rpc_ban) if(!ctx || !ctx->m_remote_address.is_bannable() || disable_rpc_ban)
return false; return false;
CRITICAL_REGION_LOCAL(m_host_fails_score_lock); CRITICAL_REGION_LOCAL(m_host_fails_score_lock);
uint64_t fails = m_host_fails_score[ctx->m_remote_address.host_str()] += score; uint64_t fails = m_host_fails_score[ctx->m_remote_address.host_str()] += score;
MDEBUG("Host " << ctx->m_remote_address.host_str() << " fail score=" << fails); MDEBUG("Host " << ctx->m_remote_address.host_str() << " fail score=" << fails);
if(fails > RPC_IP_FAILS_BEFORE_BLOCK) if(fails > RPC_IP_FAILS_BEFORE_BAN)
{ {
auto it = m_host_fails_score.find(ctx->m_remote_address.host_str()); auto it = m_host_fails_score.find(ctx->m_remote_address.host_str());
CHECK_AND_ASSERT_MES(it != m_host_fails_score.end(), false, "internal error"); CHECK_AND_ASSERT_MES(it != m_host_fails_score.end(), false, "internal error");
it->second = RPC_IP_FAILS_BEFORE_BLOCK/2; it->second = RPC_IP_FAILS_BEFORE_BAN/2;
m_p2p.block_host(ctx->m_remote_address); m_p2p.ban_host(ctx->m_remote_address);
} }
return true; return true;
} }
@ -1548,6 +1548,7 @@ namespace cryptonote
RPC_TRACKER(get_peer_list); RPC_TRACKER(get_peer_list);
std::vector<nodetool::peerlist_entry> white_list; std::vector<nodetool::peerlist_entry> white_list;
std::vector<nodetool::peerlist_entry> gray_list; std::vector<nodetool::peerlist_entry> gray_list;
bool dont_include_banned = (!req.include_blocked && !req.include_banned);
if (req.public_only) if (req.public_only)
{ {
@ -1560,7 +1561,7 @@ namespace cryptonote
for (auto & entry : white_list) for (auto & entry : white_list)
{ {
if (!req.include_blocked && m_p2p.is_host_blocked(entry.adr, NULL)) if (dont_include_banned && m_p2p.is_host_banned(entry.adr, NULL))
continue; continue;
if (entry.adr.get_type_id() == epee::net_utils::ipv4_network_address::get_type_id()) if (entry.adr.get_type_id() == epee::net_utils::ipv4_network_address::get_type_id())
res.white_list.emplace_back(entry.id, entry.adr.as<epee::net_utils::ipv4_network_address>().ip(), res.white_list.emplace_back(entry.id, entry.adr.as<epee::net_utils::ipv4_network_address>().ip(),
@ -1574,7 +1575,7 @@ namespace cryptonote
for (auto & entry : gray_list) for (auto & entry : gray_list)
{ {
if (!req.include_blocked && m_p2p.is_host_blocked(entry.adr, NULL)) if (dont_include_banned && m_p2p.is_host_banned(entry.adr, NULL))
continue; continue;
if (entry.adr.get_type_id() == epee::net_utils::ipv4_network_address::get_type_id()) if (entry.adr.get_type_id() == epee::net_utils::ipv4_network_address::get_type_id())
res.gray_list.emplace_back(entry.id, entry.adr.as<epee::net_utils::ipv4_network_address>().ip(), res.gray_list.emplace_back(entry.id, entry.adr.as<epee::net_utils::ipv4_network_address>().ip(),
@ -1596,7 +1597,7 @@ namespace cryptonote
COMMAND_RPC_GET_PEER_LIST::request peer_list_req; COMMAND_RPC_GET_PEER_LIST::request peer_list_req;
COMMAND_RPC_GET_PEER_LIST::response peer_list_res; COMMAND_RPC_GET_PEER_LIST::response peer_list_res;
peer_list_req.include_blocked = req.include_blocked; peer_list_req.include_banned = req.include_blocked || req.include_banned;
const bool success = on_get_peer_list(peer_list_req, peer_list_res, ctx); const bool success = on_get_peer_list(peer_list_req, peer_list_res, ctx);
res.status = peer_list_res.status; res.status = peer_list_res.status;
if (!success) if (!success)
@ -2779,8 +2780,8 @@ namespace cryptonote
RPC_TRACKER(get_bans); RPC_TRACKER(get_bans);
auto now = time(nullptr); auto now = time(nullptr);
std::map<std::string, time_t> blocked_hosts = m_p2p.get_blocked_hosts(); std::map<std::string, time_t> banned_hosts = m_p2p.get_banned_hosts();
for (std::map<std::string, time_t>::const_iterator i = blocked_hosts.begin(); i != blocked_hosts.end(); ++i) for (std::map<std::string, time_t>::const_iterator i = banned_hosts.begin(); i != banned_hosts.end(); ++i)
{ {
if (i->second > now) { if (i->second > now) {
COMMAND_RPC_GETBANS::ban b; COMMAND_RPC_GETBANS::ban b;
@ -2793,8 +2794,8 @@ namespace cryptonote
res.bans.push_back(b); res.bans.push_back(b);
} }
} }
std::map<epee::net_utils::ipv4_network_subnet, time_t> blocked_subnets = m_p2p.get_blocked_subnets(); std::map<epee::net_utils::ipv4_network_subnet, time_t> banned_subnets = m_p2p.get_banned_subnets();
for (std::map<epee::net_utils::ipv4_network_subnet, time_t>::const_iterator i = blocked_subnets.begin(); i != blocked_subnets.end(); ++i) for (std::map<epee::net_utils::ipv4_network_subnet, time_t>::const_iterator i = banned_subnets.begin(); i != banned_subnets.end(); ++i)
{ {
if (i->second > now) { if (i->second > now) {
COMMAND_RPC_GETBANS::ban b; COMMAND_RPC_GETBANS::ban b;
@ -2823,7 +2824,7 @@ namespace cryptonote
epee::net_utils::network_address na = std::move(*na_parsed); epee::net_utils::network_address na = std::move(*na_parsed);
time_t seconds; time_t seconds;
if (m_p2p.is_host_blocked(na, &seconds)) if (m_p2p.is_host_banned(na, &seconds))
{ {
res.banned = true; res.banned = true;
res.seconds = seconds; res.seconds = seconds;
@ -2853,9 +2854,9 @@ namespace cryptonote
if (ns_parsed) if (ns_parsed)
{ {
if (i->ban) if (i->ban)
m_p2p.block_subnet(*ns_parsed, i->seconds); m_p2p.ban_subnet(*ns_parsed, i->seconds);
else else
m_p2p.unblock_subnet(*ns_parsed); m_p2p.unban_subnet(*ns_parsed);
continue; continue;
} }
} }
@ -2877,9 +2878,9 @@ namespace cryptonote
na = epee::net_utils::ipv4_network_address{i->ip, 0}; na = epee::net_utils::ipv4_network_address{i->ip, 0};
} }
if (i->ban) if (i->ban)
m_p2p.block_host(na, i->seconds); m_p2p.ban_host(na, i->seconds);
else else
m_p2p.unblock_host(na); m_p2p.unban_host(na);
} }
res.status = CORE_RPC_STATUS_OK; res.status = CORE_RPC_STATUS_OK;

View file

@ -1390,12 +1390,14 @@ inline const std::string get_rpc_status(const bool trusted_daemon, const std::st
struct request_t: public rpc_request_base struct request_t: public rpc_request_base
{ {
bool public_only; bool public_only;
bool include_blocked; bool include_blocked; // alias for include_banned
bool include_banned;
BEGIN_KV_SERIALIZE_MAP() BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE_PARENT(rpc_request_base) KV_SERIALIZE_PARENT(rpc_request_base)
KV_SERIALIZE_OPT(public_only, true) KV_SERIALIZE_OPT(public_only, true)
KV_SERIALIZE_OPT(include_blocked, false) KV_SERIALIZE_OPT(include_blocked, false)
KV_SERIALIZE_OPT(include_banned, false)
END_KV_SERIALIZE_MAP() END_KV_SERIALIZE_MAP()
}; };
typedef epee::misc_utils::struct_init<request_t> request; typedef epee::misc_utils::struct_init<request_t> request;
@ -1441,12 +1443,14 @@ inline const std::string get_rpc_status(const bool trusted_daemon, const std::st
{ {
bool gray; bool gray;
bool white; bool white;
bool include_blocked; bool include_banned;
bool include_blocked; // alias for banned
BEGIN_KV_SERIALIZE_MAP() BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE_PARENT(rpc_request_base) KV_SERIALIZE_PARENT(rpc_request_base)
KV_SERIALIZE_OPT(gray, false) KV_SERIALIZE_OPT(gray, false)
KV_SERIALIZE_OPT(white, true) KV_SERIALIZE_OPT(white, true)
KV_SERIALIZE_OPT(include_banned, false)
KV_SERIALIZE_OPT(include_blocked, false) KV_SERIALIZE_OPT(include_blocked, false)
END_KV_SERIALIZE_MAP() END_KV_SERIALIZE_MAP()
}; };

View file

@ -15505,7 +15505,7 @@ std::vector<cryptonote::public_node> wallet2::get_public_nodes(bool white_only)
req.white = true; req.white = true;
req.gray = !white_only; req.gray = !white_only;
req.include_blocked = false; req.include_banned = req.include_blocked = false;
{ {
const boost::lock_guard<boost::recursive_mutex> lock{m_daemon_rpc_mutex}; const boost::lock_guard<boost::recursive_mutex> lock{m_daemon_rpc_mutex};

View file

@ -1543,7 +1543,7 @@ TEST(NetUtils, NetworkAddress)
static std::string host_str() { return {}; } static std::string host_str() { return {}; }
constexpr static epee::net_utils::address_type get_type_id() noexcept { return epee::net_utils::address_type(-1); } constexpr static epee::net_utils::address_type get_type_id() noexcept { return epee::net_utils::address_type(-1); }
constexpr static epee::net_utils::zone get_zone() noexcept { return epee::net_utils::zone::invalid; } constexpr static epee::net_utils::zone get_zone() noexcept { return epee::net_utils::zone::invalid; }
constexpr static bool is_blockable() noexcept { return false; } constexpr static bool is_bannable() noexcept { return false; }
constexpr static uint16_t port() { return 0; } constexpr static uint16_t port() { return 0; }
}; };
@ -1556,7 +1556,7 @@ TEST(NetUtils, NetworkAddress)
EXPECT_FALSE(empty.is_local()); EXPECT_FALSE(empty.is_local());
EXPECT_EQ(epee::net_utils::address_type::invalid, empty.get_type_id()); EXPECT_EQ(epee::net_utils::address_type::invalid, empty.get_type_id());
EXPECT_EQ(epee::net_utils::zone::invalid, empty.get_zone()); EXPECT_EQ(epee::net_utils::zone::invalid, empty.get_zone());
EXPECT_FALSE(empty.is_blockable()); EXPECT_FALSE(empty.is_bannable());
EXPECT_THROW(empty.as<custom_address>(), std::bad_cast); EXPECT_THROW(empty.as<custom_address>(), std::bad_cast);
epee::net_utils::network_address address1{ epee::net_utils::network_address address1{
@ -1574,7 +1574,7 @@ TEST(NetUtils, NetworkAddress)
EXPECT_FALSE(address1.is_local()); EXPECT_FALSE(address1.is_local());
EXPECT_EQ(epee::net_utils::ipv4_network_address::get_type_id(), address1.get_type_id()); EXPECT_EQ(epee::net_utils::ipv4_network_address::get_type_id(), address1.get_type_id());
EXPECT_EQ(epee::net_utils::zone::public_, address1.get_zone()); EXPECT_EQ(epee::net_utils::zone::public_, address1.get_zone());
EXPECT_TRUE(address1.is_blockable()); EXPECT_TRUE(address1.is_bannable());
EXPECT_NO_THROW(address1.as<epee::net_utils::ipv4_network_address>()); EXPECT_NO_THROW(address1.as<epee::net_utils::ipv4_network_address>());
EXPECT_THROW(address1.as<custom_address>(), std::bad_cast); EXPECT_THROW(address1.as<custom_address>(), std::bad_cast);

View file

@ -108,7 +108,7 @@ TEST(tor_address, invalid)
EXPECT_TRUE(net::tor_address::make(onion).has_error()); EXPECT_TRUE(net::tor_address::make(onion).has_error());
} }
TEST(tor_address, unblockable_types) TEST(tor_address, unbannable_types)
{ {
net::tor_address tor{}; net::tor_address tor{};
@ -144,14 +144,14 @@ TEST(tor_address, valid)
EXPECT_EQ(0u, address1->port()); EXPECT_EQ(0u, address1->port());
EXPECT_STREQ(v3_onion, address1->host_str()); EXPECT_STREQ(v3_onion, address1->host_str());
EXPECT_STREQ(v3_onion, address1->str().c_str()); EXPECT_STREQ(v3_onion, address1->str().c_str());
EXPECT_TRUE(address1->is_blockable()); EXPECT_TRUE(address1->is_bannable());
net::tor_address address2{*address1}; net::tor_address address2{*address1};
EXPECT_EQ(0u, address2.port()); EXPECT_EQ(0u, address2.port());
EXPECT_STREQ(v3_onion, address2.host_str()); EXPECT_STREQ(v3_onion, address2.host_str());
EXPECT_STREQ(v3_onion, address2.str().c_str()); EXPECT_STREQ(v3_onion, address2.str().c_str());
EXPECT_TRUE(address2.is_blockable()); EXPECT_TRUE(address2.is_bannable());
EXPECT_TRUE(address2.equal(*address1)); EXPECT_TRUE(address2.equal(*address1));
EXPECT_TRUE(address1->equal(address2)); EXPECT_TRUE(address1->equal(address2));
EXPECT_TRUE(address2 == *address1); EXPECT_TRUE(address2 == *address1);
@ -168,7 +168,7 @@ TEST(tor_address, valid)
EXPECT_EQ(6545, address2.port()); EXPECT_EQ(6545, address2.port());
EXPECT_STREQ(v3_onion_2, address2.host_str()); EXPECT_STREQ(v3_onion_2, address2.host_str());
EXPECT_EQ(std::string{v3_onion_2} + ":6545", address2.str().c_str()); EXPECT_EQ(std::string{v3_onion_2} + ":6545", address2.str().c_str());
EXPECT_TRUE(address2.is_blockable()); EXPECT_TRUE(address2.is_bannable());
EXPECT_FALSE(address2.equal(*address1)); EXPECT_FALSE(address2.equal(*address1));
EXPECT_FALSE(address1->equal(address2)); EXPECT_FALSE(address1->equal(address2));
EXPECT_FALSE(address2 == *address1); EXPECT_FALSE(address2 == *address1);
@ -185,7 +185,7 @@ TEST(tor_address, valid)
EXPECT_EQ(65535, address3.port()); EXPECT_EQ(65535, address3.port());
EXPECT_STREQ(v3_onion, address3.host_str()); EXPECT_STREQ(v3_onion, address3.host_str());
EXPECT_EQ(std::string{v3_onion} + ":65535", address3.str().c_str()); EXPECT_EQ(std::string{v3_onion} + ":65535", address3.str().c_str());
EXPECT_TRUE(address3.is_blockable()); EXPECT_TRUE(address3.is_bannable());
EXPECT_FALSE(address3.equal(*address1)); EXPECT_FALSE(address3.equal(*address1));
EXPECT_FALSE(address1->equal(address3)); EXPECT_FALSE(address1->equal(address3));
EXPECT_FALSE(address3 == *address1); EXPECT_FALSE(address3 == *address1);
@ -227,9 +227,9 @@ TEST(tor_address, generic_network_address)
EXPECT_EQ(epee::net_utils::zone::tor, tor1.get_zone()); EXPECT_EQ(epee::net_utils::zone::tor, tor1.get_zone());
EXPECT_EQ(epee::net_utils::zone::tor, tor2.get_zone()); EXPECT_EQ(epee::net_utils::zone::tor, tor2.get_zone());
EXPECT_EQ(epee::net_utils::zone::public_, ip.get_zone()); EXPECT_EQ(epee::net_utils::zone::public_, ip.get_zone());
EXPECT_TRUE(tor1.is_blockable()); EXPECT_TRUE(tor1.is_bannable());
EXPECT_TRUE(tor2.is_blockable()); EXPECT_TRUE(tor2.is_bannable());
EXPECT_TRUE(ip.is_blockable()); EXPECT_TRUE(ip.is_bannable());
} }
namespace namespace
@ -478,7 +478,7 @@ TEST(i2p_address, invalid)
EXPECT_TRUE(net::i2p_address::make(i2p).has_error()); EXPECT_TRUE(net::i2p_address::make(i2p).has_error());
} }
TEST(i2p_address, unblockable_types) TEST(i2p_address, unbannable_types)
{ {
net::i2p_address i2p{}; net::i2p_address i2p{};
@ -514,14 +514,14 @@ TEST(i2p_address, valid)
EXPECT_EQ(1u, address1->port()); EXPECT_EQ(1u, address1->port());
EXPECT_STREQ(b32_i2p, address1->host_str()); EXPECT_STREQ(b32_i2p, address1->host_str());
EXPECT_STREQ(b32_i2p, address1->str().c_str()); EXPECT_STREQ(b32_i2p, address1->str().c_str());
EXPECT_TRUE(address1->is_blockable()); EXPECT_TRUE(address1->is_bannable());
net::i2p_address address2{*address1}; net::i2p_address address2{*address1};
EXPECT_EQ(1u, address2.port()); EXPECT_EQ(1u, address2.port());
EXPECT_STREQ(b32_i2p, address2.host_str()); EXPECT_STREQ(b32_i2p, address2.host_str());
EXPECT_STREQ(b32_i2p, address2.str().c_str()); EXPECT_STREQ(b32_i2p, address2.str().c_str());
EXPECT_TRUE(address2.is_blockable()); EXPECT_TRUE(address2.is_bannable());
EXPECT_TRUE(address2.equal(*address1)); EXPECT_TRUE(address2.equal(*address1));
EXPECT_TRUE(address1->equal(address2)); EXPECT_TRUE(address1->equal(address2));
EXPECT_TRUE(address2 == *address1); EXPECT_TRUE(address2 == *address1);
@ -538,7 +538,7 @@ TEST(i2p_address, valid)
EXPECT_EQ(1u, address2.port()); EXPECT_EQ(1u, address2.port());
EXPECT_STREQ(b32_i2p_2, address2.host_str()); EXPECT_STREQ(b32_i2p_2, address2.host_str());
EXPECT_EQ(std::string{b32_i2p_2}, address2.str().c_str()); EXPECT_EQ(std::string{b32_i2p_2}, address2.str().c_str());
EXPECT_TRUE(address2.is_blockable()); EXPECT_TRUE(address2.is_bannable());
EXPECT_FALSE(address2.equal(*address1)); EXPECT_FALSE(address2.equal(*address1));
EXPECT_FALSE(address1->equal(address2)); EXPECT_FALSE(address1->equal(address2));
EXPECT_FALSE(address2 == *address1); EXPECT_FALSE(address2 == *address1);
@ -555,7 +555,7 @@ TEST(i2p_address, valid)
EXPECT_EQ(1u, address3.port()); EXPECT_EQ(1u, address3.port());
EXPECT_STREQ(b32_i2p, address3.host_str()); EXPECT_STREQ(b32_i2p, address3.host_str());
EXPECT_EQ(std::string{b32_i2p}, address3.str().c_str()); EXPECT_EQ(std::string{b32_i2p}, address3.str().c_str());
EXPECT_TRUE(address3.is_blockable()); EXPECT_TRUE(address3.is_bannable());
EXPECT_TRUE(address3.equal(*address1)); EXPECT_TRUE(address3.equal(*address1));
EXPECT_TRUE(address1->equal(address3)); EXPECT_TRUE(address1->equal(address3));
EXPECT_TRUE(address3 == *address1); EXPECT_TRUE(address3 == *address1);
@ -597,9 +597,9 @@ TEST(i2p_address, generic_network_address)
EXPECT_EQ(epee::net_utils::zone::i2p, i2p1.get_zone()); EXPECT_EQ(epee::net_utils::zone::i2p, i2p1.get_zone());
EXPECT_EQ(epee::net_utils::zone::i2p, i2p2.get_zone()); EXPECT_EQ(epee::net_utils::zone::i2p, i2p2.get_zone());
EXPECT_EQ(epee::net_utils::zone::public_, ip.get_zone()); EXPECT_EQ(epee::net_utils::zone::public_, ip.get_zone());
EXPECT_TRUE(i2p1.is_blockable()); EXPECT_TRUE(i2p1.is_bannable());
EXPECT_TRUE(i2p2.is_blockable()); EXPECT_TRUE(i2p2.is_bannable());
EXPECT_TRUE(ip.is_blockable()); EXPECT_TRUE(ip.is_bannable());
} }
namespace namespace

View file

@ -102,9 +102,9 @@ public:
typedef nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<test_core>> Server; typedef nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<test_core>> Server;
static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL) static bool is_banned(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
{ {
std::map<std::string, time_t> hosts = server.get_blocked_hosts(); std::map<std::string, time_t> hosts = server.get_banned_hosts();
for (auto rec: hosts) for (auto rec: hosts)
{ {
if (rec.first == address.host_str()) if (rec.first == address.host_str())
@ -125,80 +125,80 @@ TEST(ban, add)
cprotocol.set_p2p_endpoint(&server); cprotocol.set_p2p_endpoint(&server);
// starts empty // starts empty
ASSERT_TRUE(server.get_blocked_hosts().empty()); ASSERT_TRUE(server.get_banned_hosts().empty());
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// add an IP // add an IP
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1); ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// add the same, should not change // add the same, should not change
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1); ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// remove an unblocked IP, should not change // remove an unbanned IP, should not change
ASSERT_FALSE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_FALSE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1); ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// remove the IP, ends up empty // remove the IP, ends up empty
ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_blocked_hosts().size() == 0); ASSERT_TRUE(server.get_banned_hosts().size() == 0);
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// remove the IP from an empty list, still empty // remove the IP from an empty list, still empty
ASSERT_FALSE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_FALSE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_blocked_hosts().size() == 0); ASSERT_TRUE(server.get_banned_hosts().size() == 0);
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// add two for known amounts of time, they're both blocked // add two for known amounts of time, they're both banned
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1)); ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,5), 3)); ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,5), 3));
ASSERT_TRUE(server.get_blocked_hosts().size() == 2); ASSERT_TRUE(server.get_banned_hosts().size() == 2);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,5)));
// these tests would need to call is_remote_ip_allowed, which is private // these tests would need to call is_remote_ip_allowed, which is private
#if 0 #if 0
// after two seconds, the first IP is unblocked, but not the second yet // after two seconds, the first IP is unbanned, but not the second yet
sleep(2); sleep(2);
ASSERT_TRUE(server.get_blocked_hosts().size() == 1); ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// after two more seconds, the second IP is also unblocked // after two more seconds, the second IP is also unbanned
sleep(2); sleep(2);
ASSERT_TRUE(server.get_blocked_hosts().size() == 0); ASSERT_TRUE(server.get_banned_hosts().size() == 0);
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
#endif #endif
// add an IP again, then re-ban for longer, then shorter // add an IP again, then re-ban for longer, then shorter
time_t t; time_t t;
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 2)); ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 2));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1); ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t)); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(t >= 1); ASSERT_TRUE(t >= 1);
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 9)); ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 9));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1); ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t)); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(t >= 8); ASSERT_TRUE(t >= 8);
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 5)); ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 5));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1); ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t)); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(t >= 4); ASSERT_TRUE(t >= 4);
} }
@ -210,12 +210,12 @@ TEST(ban, limit)
cprotocol.set_p2p_endpoint(&server); cprotocol.set_p2p_endpoint(&server);
// starts empty // starts empty
ASSERT_TRUE(server.get_blocked_hosts().empty()); ASSERT_TRUE(server.get_banned_hosts().empty());
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), std::numeric_limits<time_t>::max() - 1)); ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), std::numeric_limits<time_t>::max() - 1));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1)); ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
} }
TEST(ban, subnet) TEST(ban, subnet)
@ -226,28 +226,28 @@ TEST(ban, subnet)
Server server(cprotocol); Server server(cprotocol);
cprotocol.set_p2p_endpoint(&server); cprotocol.set_p2p_endpoint(&server);
ASSERT_TRUE(server.block_subnet(MAKE_IPV4_SUBNET(1,2,3,4,24), 10)); ASSERT_TRUE(server.ban_subnet(MAKE_IPV4_SUBNET(1,2,3,4,24), 10));
ASSERT_TRUE(server.get_blocked_subnets().size() == 1); ASSERT_TRUE(server.get_banned_subnets().size() == 1);
ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,4), &seconds)); ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,4), &seconds));
ASSERT_TRUE(seconds >= 9); ASSERT_TRUE(seconds >= 9);
ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds)); ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds));
ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds)); ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds));
ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,4,0), &seconds)); ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,4,0), &seconds));
ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,2,0), &seconds)); ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,2,0), &seconds));
ASSERT_TRUE(server.unblock_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24))); ASSERT_TRUE(server.unban_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24)));
ASSERT_TRUE(server.get_blocked_subnets().size() == 0); ASSERT_TRUE(server.get_banned_subnets().size() == 0);
ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds)); ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds));
ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds)); ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds));
ASSERT_TRUE(server.block_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10)); ASSERT_TRUE(server.ban_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10));
ASSERT_TRUE(server.get_blocked_subnets().size() == 1); ASSERT_TRUE(server.get_banned_subnets().size() == 1);
ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,255,3,255), &seconds)); ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,255,3,255), &seconds));
ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,0,3,255), &seconds)); ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,0,3,255), &seconds));
ASSERT_FALSE(server.unblock_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24))); ASSERT_FALSE(server.unban_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24)));
ASSERT_TRUE(server.get_blocked_subnets().size() == 1); ASSERT_TRUE(server.get_banned_subnets().size() == 1);
ASSERT_TRUE(server.block_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10)); ASSERT_TRUE(server.ban_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10));
ASSERT_TRUE(server.get_blocked_subnets().size() == 1); ASSERT_TRUE(server.get_banned_subnets().size() == 1);
ASSERT_TRUE(server.unblock_subnet(MAKE_IPV4_SUBNET(1,255,0,0,8))); ASSERT_TRUE(server.unban_subnet(MAKE_IPV4_SUBNET(1,255,0,0,8)));
ASSERT_TRUE(server.get_blocked_subnets().size() == 0); ASSERT_TRUE(server.get_banned_subnets().size() == 0);
} }
TEST(ban, ignores_port) TEST(ban, ignores_port)
@ -257,13 +257,13 @@ TEST(ban, ignores_port)
Server server(cprotocol); Server server(cprotocol);
cprotocol.set_p2p_endpoint(&server); cprotocol.set_p2p_endpoint(&server);
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5), std::numeric_limits<time_t>::max() - 1)); ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5), std::numeric_limits<time_t>::max() - 1));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6))); ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6))); ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
} }
TEST(node_server, bind_same_p2p_port) TEST(node_server, bind_same_p2p_port)
@ -511,7 +511,7 @@ TEST(cryptonote_protocol_handler, race_condition)
virtual bool add_host_fail(const address_t&, unsigned int = {}) override { virtual bool add_host_fail(const address_t&, unsigned int = {}) override {
return {}; return {};
} }
virtual bool block_host(address_t address, time_t = {}, bool = {}) override { virtual bool ban_host(address_t address, time_t = {}, bool = {}) override {
return {}; return {};
} }
virtual bool drop_connection(const contexts::basic& context) override { virtual bool drop_connection(const contexts::basic& context) override {
@ -541,16 +541,16 @@ TEST(cryptonote_protocol_handler, race_condition)
} }
return {}; return {};
} }
virtual bool unblock_host(const address_t&) override { virtual bool unban_host(const address_t&) override {
return {}; return {};
} }
virtual zone_t send_txs(blobs_t, const zone_t, const uuid_t&, relay_t) override { virtual zone_t send_txs(blobs_t, const zone_t, const uuid_t&, relay_t) override {
return {}; return {};
} }
virtual bans::subnets get_blocked_subnets() override { virtual bans::subnets get_banned_subnets() override {
return {}; return {};
} }
virtual bans::hosts get_blocked_hosts() override { virtual bans::hosts get_banned_hosts() override {
return {}; return {};
} }
virtual uint64_t get_public_connections_count() override { virtual uint64_t get_public_connections_count() override {

View file

@ -71,7 +71,8 @@ complete -c monerod -l anonymous-inbound -r -d "<hidden-service-address>,<[bind-
complete -c monerod -l ban-list -r -F -d "Specify ban list file, one IP address per line" complete -c monerod -l ban-list -r -F -d "Specify ban list file, one IP address per line"
complete -c monerod -l hide-my-port -d "Do not announce yourself as peerlist candidate" complete -c monerod -l hide-my-port -d "Do not announce yourself as peerlist candidate"
complete -c monerod -l no-sync -d "Don't synchronize the blockchain with other peers" complete -c monerod -l no-sync -d "Don't synchronize the blockchain with other peers"
complete -c monerod -l enable-dns-blocklist -d "Apply realtime blocklist from DNS" complete -c monerod -l enable-dns-blocklist -d "Apply realtime banlist from DNS"
complete -c monerod -l enable-dns-banlist -d "Apply realtime banlist from DNS"
complete -c monerod -l no-igd -d "Disable UPnP port mapping" complete -c monerod -l no-igd -d "Disable UPnP port mapping"
complete -c monerod -l igd -r -a "Enabled disabled enabled" -d "UPnP port mapping. Default: delayed" complete -c monerod -l igd -r -a "Enabled disabled enabled" -d "UPnP port mapping. Default: delayed"
complete -c monerod -l out-peers -r -d "Set max number of out peers. Default: -1" complete -c monerod -l out-peers -r -d "Set max number of out peers. Default: -1"