p2p: use /16 filtering on IPv4-within-IPv6 addresses
IPv6 addresses include a range that can map IPv4 addresses, which allowed those mapped addresses to bypass filtering. This filter should be replaced by AS filtering at some point.
This commit is contained in:
parent
c1229a4432
commit
1a627e1f89
|
@ -1436,6 +1436,20 @@ namespace nodetool
|
||||||
const uint32_t actual_ip = na.as<const epee::net_utils::ipv4_network_address>().ip();
|
const uint32_t actual_ip = na.as<const epee::net_utils::ipv4_network_address>().ip();
|
||||||
classB.insert(actual_ip & 0x0000ffff);
|
classB.insert(actual_ip & 0x0000ffff);
|
||||||
}
|
}
|
||||||
|
#if BOOST_VERSION > 106600
|
||||||
|
else if (cntxt.m_remote_address.get_type_id() == epee::net_utils::ipv6_network_address::get_type_id())
|
||||||
|
{
|
||||||
|
const epee::net_utils::network_address na = cntxt.m_remote_address;
|
||||||
|
const boost::asio::ip::address_v6 &actual_ip = na.as<const epee::net_utils::ipv6_network_address>().ip();
|
||||||
|
if (actual_ip.is_v4_mapped())
|
||||||
|
{
|
||||||
|
boost::asio::ip::address_v4 v4ip = make_address_v4(boost::asio::ip::v4_mapped, actual_ip);
|
||||||
|
uint32_t actual_ipv4;
|
||||||
|
memcpy(&actual_ipv4, v4ip.to_bytes().data(), sizeof(actual_ipv4));
|
||||||
|
classB.insert(actual_ipv4 & ntohl(0xffff0000));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
return true;
|
return true;
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -1471,6 +1485,20 @@ namespace nodetool
|
||||||
uint32_t actual_ip = na.as<const epee::net_utils::ipv4_network_address>().ip();
|
uint32_t actual_ip = na.as<const epee::net_utils::ipv4_network_address>().ip();
|
||||||
skip = classB.find(actual_ip & 0x0000ffff) != classB.end();
|
skip = classB.find(actual_ip & 0x0000ffff) != classB.end();
|
||||||
}
|
}
|
||||||
|
#if BOOST_VERSION > 106600
|
||||||
|
else if (skip_duplicate_class_B && pe.adr.get_type_id() == epee::net_utils::ipv6_network_address::get_type_id())
|
||||||
|
{
|
||||||
|
const epee::net_utils::network_address na = pe.adr;
|
||||||
|
const boost::asio::ip::address_v6 &actual_ip = na.as<const epee::net_utils::ipv6_network_address>().ip();
|
||||||
|
if (actual_ip.is_v4_mapped())
|
||||||
|
{
|
||||||
|
boost::asio::ip::address_v4 v4ip = make_address_v4(boost::asio::ip::v4_mapped, actual_ip);
|
||||||
|
uint32_t actual_ipv4;
|
||||||
|
memcpy(&actual_ipv4, v4ip.to_bytes().data(), sizeof(actual_ipv4));
|
||||||
|
skip = classB.find(actual_ipv4 & ntohl(0xffff0000)) != classB.end();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
// consider each host once, to avoid giving undue inflence to hosts running several nodes
|
// consider each host once, to avoid giving undue inflence to hosts running several nodes
|
||||||
if (!skip)
|
if (!skip)
|
||||||
|
@ -1493,11 +1521,11 @@ namespace nodetool
|
||||||
if (skipped == 0 || !filtered.empty())
|
if (skipped == 0 || !filtered.empty())
|
||||||
break;
|
break;
|
||||||
if (skipped)
|
if (skipped)
|
||||||
MINFO("Skipping " << skipped << " possible peers as they share a class B with existing peers");
|
MDEBUG("Skipping " << skipped << " possible peers as they share a class B with existing peers");
|
||||||
}
|
}
|
||||||
if (filtered.empty())
|
if (filtered.empty())
|
||||||
{
|
{
|
||||||
MDEBUG("No available peer in " << (use_white_list ? "white" : "gray") << " list filtered by " << next_needed_pruning_stripe);
|
MINFO("No available peer in " << (use_white_list ? "white" : "gray") << " list filtered by " << next_needed_pruning_stripe);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (use_white_list)
|
if (use_white_list)
|
||||||
|
|
Loading…
Reference in New Issue