diff --git a/src/currency_protocol/currency_protocol_handler.inl b/src/currency_protocol/currency_protocol_handler.inl index 65993062..39e42a3c 100644 --- a/src/currency_protocol/currency_protocol_handler.inl +++ b/src/currency_protocol/currency_protocol_handler.inl @@ -914,7 +914,8 @@ namespace currency LOG_ERROR_CCONTEXT("sent wrong NOTIFY_RESPONSE_CHAIN_ENTRY, with \r\nm_total_height=" << arg.total_height << "\r\nm_start_height=" << arg.start_height << "\r\nm_block_ids.size()=" << arg.m_block_ids.size()); - //m_p2p->drop_connection(context); + m_p2p->drop_connection(context); + m_p2p->add_ip_fail(context.m_remote_ip); } BOOST_FOREACH(auto& bl_details, arg.m_block_ids) diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl index 855afd93..ea7716e9 100644 --- a/src/p2p/net_node.inl +++ b/src/p2p/net_node.inl @@ -107,21 +107,17 @@ namespace nodetool if (m_offline_mode) return false; - //@#@ temporary workaround - return true; -#if 0 CRITICAL_REGION_LOCAL(m_blocked_ips_lock); auto it = m_blocked_ips.find(addr); - if(it == m_blocked_ips.end()) + if (it == m_blocked_ips.end()) return true; - if(time(nullptr) - it->second > P2P_IP_BLOCKTIME ) + if (time(nullptr) - it->second > P2P_IP_BLOCKTIME) { m_blocked_ips.erase(it); - LOG_PRINT_CYAN("Ip " << string_tools::get_ip_string_from_int32(addr) << "is unblocked.", LOG_LEVEL_0); + LOG_PRINT_CYAN("IP " << string_tools::get_ip_string_from_int32(addr) << " is unblocked due to blocking expiration.", LOG_LEVEL_0); return true; } return false; -#endif } //----------------------------------------------------------------------------------- template @@ -129,7 +125,8 @@ namespace nodetool { CRITICAL_REGION_LOCAL(m_blocked_ips_lock); m_blocked_ips[addr] = time(nullptr); - LOG_PRINT_CYAN("Ip " << string_tools::get_ip_string_from_int32(addr) << " blocked.", LOG_LEVEL_0); + m_peerlist.remove_peers_by_ip_from_all(addr); + LOG_PRINT_CYAN("IP " << string_tools::get_ip_string_from_int32(addr) << " blocked and removed from peerlist", LOG_LEVEL_0); return true; } //----------------------------------------------------------------------------------- @@ -145,6 +142,10 @@ namespace nodetool it->second = P2P_IP_FAILS_BEFOR_BLOCK/2; block_ip(address); } + else + { + LOG_PRINT_CYAN("IP " << string_tools::get_ip_string_from_int32(address) << ": fail recorded, total fails count: " << fails, LOG_LEVEL_2); + } return true; } //----------------------------------------------------------------------------------- @@ -686,7 +687,6 @@ namespace nodetool << string_tools::get_ip_string_from_int32(na.ip) << ":" << string_tools::num_to_string_fast(na.port) /*<< ", try " << try_count*/); - //m_peerlist.set_peer_unreachable(pe); return false; } peerid_type pi = AUTO_VAL_INIT(pi); @@ -708,12 +708,15 @@ namespace nodetool return true; } - peerlist_entry pe_local = AUTO_VAL_INIT(pe_local); - pe_local.adr = na; - pe_local.id = pi; - time(&pe_local.last_seen); - m_peerlist.append_with_peer_white(pe_local); - //update last seen and push it to peerlist manager + if (is_remote_ip_allowed(na.ip)) // additional check to avoid IP shown up in peers in the case of non-blocking incoming connections + { + //update last seen and push it to peerlist manager + peerlist_entry pe_local = AUTO_VAL_INIT(pe_local); + pe_local.adr = na; + pe_local.id = pi; + time(&pe_local.last_seen); + m_peerlist.append_with_peer_white(pe_local); + } LOG_PRINT_CC_GREEN(con, "CONNECTION HANDSHAKED OK with peer " << string_tools::get_ip_string_from_int32(na.ip) << ":" << string_tools::num_to_string_fast(na.port), LOG_LEVEL_2); return true; @@ -784,11 +787,14 @@ namespace nodetool continue; } + // IP blocking for incoming connections is temporary disabled + /* if (!is_remote_ip_allowed(pe.adr.ip)) { ++peer_index; continue; } + */ if (is_addr_recently_failed(pe.adr)) { @@ -1380,7 +1386,8 @@ namespace nodetool //associate peer_id with this connection context.peer_id = arg.node_data.peer_id; - if(arg.node_data.peer_id != m_config.m_peer_id && arg.node_data.my_port) + if(arg.node_data.peer_id != m_config.m_peer_id && arg.node_data.my_port + && is_remote_ip_allowed(context.m_remote_ip)) // additional check to avoid IP shown up in peers in the case of non-blocking incoming connections { peerid_type peer_id_l = arg.node_data.peer_id; uint32_t port_l = arg.node_data.my_port; diff --git a/src/p2p/net_peerlist.h b/src/p2p/net_peerlist.h index 5cdfa0e8..f133683f 100644 --- a/src/p2p/net_peerlist.h +++ b/src/p2p/net_peerlist.h @@ -1,4 +1,4 @@ -// Copyright (c) 2014-2019 Zano Project +// Copyright (c) 2014-2021 Zano Project // Copyright (c) 2014-2018 The Louisdor Project // Copyright (c) 2012-2013 The Cryptonote developers // Distributed under the MIT/X11 software license, see the accompanying @@ -11,8 +11,6 @@ #include #include #include -//#include -//#include #include #include #include @@ -55,10 +53,10 @@ namespace nodetool bool append_with_peer_gray(const peerlist_entry& pr); bool set_peer_just_seen(peerid_type peer, uint32_t ip, uint32_t port); bool set_peer_just_seen(peerid_type peer, const net_address& addr); - bool set_peer_unreachable(const peerlist_entry& pr); bool is_ip_allowed(uint32_t ip); void trim_white_peerlist(); void trim_gray_peerlist(); + bool remove_peers_by_ip_from_all(const uint32_t ip); private: @@ -110,17 +108,6 @@ namespace nodetool > > peers_indexed; - typedef boost::multi_index_container< - peerlist_entry, - boost::multi_index::indexed_by< - // access by peerlist_entry::id< - boost::multi_index::ordered_unique, boost::multi_index::member >, - // access by peerlist_entry::net_adress - boost::multi_index::ordered_unique, boost::multi_index::member >, - // sort by peerlist_entry::last_seen< - boost::multi_index::ordered_non_unique, boost::multi_index::member > - > - > peers_indexed_old; public: template @@ -134,9 +121,7 @@ namespace nodetool ar & m_peers_gray; } - private: - bool peers_indexed_from_old(const peers_indexed_old& pio, peers_indexed& pi); - + private: friend class boost::serialization::access; epee::critical_section m_peerlist_lock; std::string m_config_folder; @@ -188,21 +173,6 @@ namespace nodetool return true; } //-------------------------------------------------------------------------------------------------- - inline - bool peerlist_manager::peers_indexed_from_old(const peers_indexed_old& pio, peers_indexed& pi) - { - for(auto x: pio) - { - auto by_addr_it = pi.get().find(x.adr); - if(by_addr_it == pi.get().end()) - { - pi.insert(x); - } - } - - return true; - } - //-------------------------------------------------------------------------------------------------- inline void peerlist_manager::trim_white_peerlist() { CRITICAL_REGION_LOCAL(m_peerlist_lock); @@ -393,6 +363,33 @@ namespace nodetool return true; } //-------------------------------------------------------------------------------------------------- + inline + bool peerlist_manager::remove_peers_by_ip_from_all(const uint32_t ip) + { + TRY_ENTRY(); + + CRITICAL_REGION_LOCAL(m_peerlist_lock); + + for (auto it = m_peers_white.begin(); it != m_peers_white.end();) + { + if (it->adr.ip == ip) + it = m_peers_white.erase(it); + else + ++it; + } + + for (auto it = m_peers_gray.begin(); it != m_peers_gray.end();) + { + if (it->adr.ip == ip) + it = m_peers_gray.erase(it); + else + ++it; + } + + return true; + CATCH_ENTRY_L0("peerlist_manager::remove_peers_by_ip_from_all()", false); + } + //-------------------------------------------------------------------------------------------------- } BOOST_CLASS_VERSION(nodetool::peerlist_manager, CURRENT_PEERLIST_STORAGE_ARCHIVE_VER)