Charon/blockchain
1
0
Fork 0
forked from lthn/blockchain
Code Pull requests Activity

p2p: IP blocking refactored, blocked IPs are now removed from peerlists

Browse source
This commit is contained in:
sowle 2021-11-02 21:47:25 +01:00
parent 4fbc383d0f
commit 37755b5b1f
No known key found for this signature in database
GPG key ID: C07A24B2D89D49FC
3 changed files with 55 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/currency_protocol/currency_protocol_handler.inl
View file

@ -914,7 +914,8 @@ namespace currency
LOG_ERROR_CCONTEXT("sent wrong NOTIFY_RESPONSE_CHAIN_ENTRY, with \r\nm_total_height=" << arg.total_height
<< "\r\nm_start_height=" << arg.start_height
<< "\r\nm_block_ids.size()=" << arg.m_block_ids.size());
//m_p2p->drop_connection(context);
m_p2p->drop_connection(context);
m_p2p->add_ip_fail(context.m_remote_ip);
}
BOOST_FOREACH(auto& bl_details, arg.m_block_ids)

39
src/p2p/net_node.inl
View file

@ -107,21 +107,17 @@ namespace nodetool
if (m_offline_mode)
return false;
//@#@ temporary workaround
return true;
#if 0
CRITICAL_REGION_LOCAL(m_blocked_ips_lock);
auto it = m_blocked_ips.find(addr);
if(it == m_blocked_ips.end())
if (it == m_blocked_ips.end())
return true;
if(time(nullptr) - it->second > P2P_IP_BLOCKTIME )
if (time(nullptr) - it->second > P2P_IP_BLOCKTIME)
{
m_blocked_ips.erase(it);
LOG_PRINT_CYAN("Ip " << string_tools::get_ip_string_from_int32(addr) << "is unblocked.", LOG_LEVEL_0);
LOG_PRINT_CYAN("IP " << string_tools::get_ip_string_from_int32(addr) << " is unblocked due to blocking expiration.", LOG_LEVEL_0);
return true;
}
return false;
#endif
}
//-----------------------------------------------------------------------------------
template<class t_payload_net_handler>
@ -129,7 +125,8 @@ namespace nodetool
{
CRITICAL_REGION_LOCAL(m_blocked_ips_lock);
m_blocked_ips[addr] = time(nullptr);
LOG_PRINT_CYAN("Ip " << string_tools::get_ip_string_from_int32(addr) << " blocked.", LOG_LEVEL_0);
m_peerlist.remove_peers_by_ip_from_all(addr);
LOG_PRINT_CYAN("IP " << string_tools::get_ip_string_from_int32(addr) << " blocked and removed from peerlist", LOG_LEVEL_0);
return true;
}
//-----------------------------------------------------------------------------------
@ -145,6 +142,10 @@ namespace nodetool
it->second = P2P_IP_FAILS_BEFOR_BLOCK/2;
block_ip(address);
}
else
{
LOG_PRINT_CYAN("IP " << string_tools::get_ip_string_from_int32(address) << ": fail recorded, total fails count: " << fails, LOG_LEVEL_2);
}
return true;
}
//-----------------------------------------------------------------------------------
@ -686,7 +687,6 @@ namespace nodetool
<< string_tools::get_ip_string_from_int32(na.ip)
<< ":" << string_tools::num_to_string_fast(na.port)
/*<< ", try " << try_count*/);
//m_peerlist.set_peer_unreachable(pe);
return false;
}
peerid_type pi = AUTO_VAL_INIT(pi);
@ -708,12 +708,15 @@ namespace nodetool
return true;
}
peerlist_entry pe_local = AUTO_VAL_INIT(pe_local);
pe_local.adr = na;
pe_local.id = pi;
time(&pe_local.last_seen);
m_peerlist.append_with_peer_white(pe_local);
//update last seen and push it to peerlist manager
if (is_remote_ip_allowed(na.ip)) // additional check to avoid IP shown up in peers in the case of non-blocking incoming connections
{
//update last seen and push it to peerlist manager
peerlist_entry pe_local = AUTO_VAL_INIT(pe_local);
pe_local.adr = na;
pe_local.id = pi;
time(&pe_local.last_seen);
m_peerlist.append_with_peer_white(pe_local);
}
LOG_PRINT_CC_GREEN(con, "CONNECTION HANDSHAKED OK with peer " << string_tools::get_ip_string_from_int32(na.ip) << ":" << string_tools::num_to_string_fast(na.port), LOG_LEVEL_2);
return true;
@ -784,11 +787,14 @@ namespace nodetool
continue;
}
// IP blocking for incoming connections is temporary disabled
/*
if (!is_remote_ip_allowed(pe.adr.ip))
{
++peer_index;
continue;
}
*/
if (is_addr_recently_failed(pe.adr))
{
@ -1380,7 +1386,8 @@ namespace nodetool
//associate peer_id with this connection
context.peer_id = arg.node_data.peer_id;
if(arg.node_data.peer_id != m_config.m_peer_id && arg.node_data.my_port)
if(arg.node_data.peer_id != m_config.m_peer_id && arg.node_data.my_port
&& is_remote_ip_allowed(context.m_remote_ip)) // additional check to avoid IP shown up in peers in the case of non-blocking incoming connections
{
peerid_type peer_id_l = arg.node_data.peer_id;
uint32_t port_l = arg.node_data.my_port;

63
src/p2p/net_peerlist.h
View file

@ -1,4 +1,4 @@
// Copyright (c) 2014-2019 Zano Project
// Copyright (c) 2014-2021 Zano Project
// Copyright (c) 2014-2018 The Louisdor Project
// Copyright (c) 2012-2013 The Cryptonote developers
// Distributed under the MIT/X11 software license, see the accompanying
@ -11,8 +11,6 @@
#include <map>
#include <iterator>
#include <boost/foreach.hpp>
//#include <boost/bimap.hpp>
//#include <boost/bimap/multiset_of.hpp>
#include <boost/archive/binary_oarchive.hpp>
#include <boost/archive/binary_iarchive.hpp>
#include <boost/serialization/version.hpp>
@ -55,10 +53,10 @@ namespace nodetool
bool append_with_peer_gray(const peerlist_entry& pr);
bool set_peer_just_seen(peerid_type peer, uint32_t ip, uint32_t port);
bool set_peer_just_seen(peerid_type peer, const net_address& addr);
bool set_peer_unreachable(const peerlist_entry& pr);
bool is_ip_allowed(uint32_t ip);
void trim_white_peerlist();
void trim_gray_peerlist();
bool remove_peers_by_ip_from_all(const uint32_t ip);
private:
@ -110,17 +108,6 @@ namespace nodetool
>
> peers_indexed;
typedef boost::multi_index_container<
peerlist_entry,
boost::multi_index::indexed_by<
// access by peerlist_entry::id<
boost::multi_index::ordered_unique<boost::multi_index::tag<by_id>, boost::multi_index::member<peerlist_entry,uint64_t,&peerlist_entry::id> >,
// access by peerlist_entry::net_adress
boost::multi_index::ordered_unique<boost::multi_index::tag<by_addr>, boost::multi_index::member<peerlist_entry,net_address,&peerlist_entry::adr> >,
// sort by peerlist_entry::last_seen<
boost::multi_index::ordered_non_unique<boost::multi_index::tag<by_time>, boost::multi_index::member<peerlist_entry,time_t,&peerlist_entry::last_seen> >
>
> peers_indexed_old;
public:
template <class Archive, class t_version_type>
@ -134,9 +121,7 @@ namespace nodetool
ar & m_peers_gray;
}
private:
bool peers_indexed_from_old(const peers_indexed_old& pio, peers_indexed& pi);
private:
friend class boost::serialization::access;
epee::critical_section m_peerlist_lock;
std::string m_config_folder;
@ -188,21 +173,6 @@ namespace nodetool
return true;
}
//--------------------------------------------------------------------------------------------------
inline
bool peerlist_manager::peers_indexed_from_old(const peers_indexed_old& pio, peers_indexed& pi)
{
for(auto x: pio)
{
auto by_addr_it = pi.get<by_addr>().find(x.adr);
if(by_addr_it == pi.get<by_addr>().end())
{
pi.insert(x);
}
}
return true;
}
//--------------------------------------------------------------------------------------------------
inline void peerlist_manager::trim_white_peerlist()
{
CRITICAL_REGION_LOCAL(m_peerlist_lock);
@ -393,6 +363,33 @@ namespace nodetool
return true;
}
//--------------------------------------------------------------------------------------------------
inline
bool peerlist_manager::remove_peers_by_ip_from_all(const uint32_t ip)
{
TRY_ENTRY();
CRITICAL_REGION_LOCAL(m_peerlist_lock);
for (auto it = m_peers_white.begin(); it != m_peers_white.end();)
{
if (it->adr.ip == ip)
it = m_peers_white.erase(it);
else
++it;
}
for (auto it = m_peers_gray.begin(); it != m_peers_gray.end();)
{
if (it->adr.ip == ip)
it = m_peers_gray.erase(it);
else
++it;
}
return true;
CATCH_ENTRY_L0("peerlist_manager::remove_peers_by_ip_from_all()", false);
}
//--------------------------------------------------------------------------------------------------
}
BOOST_CLASS_VERSION(nodetool::peerlist_manager, CURRENT_PEERLIST_STORAGE_ARCHIVE_VER)