Merge pull request #5916

7b076d5 p2p: fix bans taking port into account (moneromooo-monero)
This commit is contained in:
luigi1111 2019-09-24 10:42:29 -05:00
commit 3f6096867d
No known key found for this signature in database
GPG Key ID: F4ACA0183641E010
5 changed files with 33 additions and 15 deletions

View File

@ -271,7 +271,7 @@ namespace nodetool
virtual bool block_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds = P2P_IP_BLOCKTIME);
virtual bool unblock_subnet(const epee::net_utils::ipv4_network_subnet &subnet);
virtual bool is_host_blocked(const epee::net_utils::network_address &address, time_t *seconds) { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return !is_remote_host_allowed(address, seconds); }
virtual std::map<epee::net_utils::network_address, time_t> get_blocked_hosts() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_hosts; }
virtual std::map<std::string, time_t> get_blocked_hosts() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_hosts; }
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_subnets; }
virtual void add_used_stripe_peer(const typename t_payload_net_handler::connection_context &context);
@ -484,11 +484,11 @@ namespace nodetool
std::map<epee::net_utils::zone, network_zone> m_network_zones;
std::map<epee::net_utils::network_address, time_t> m_conn_fails_cache;
std::map<std::string, time_t> m_conn_fails_cache;
epee::critical_section m_conn_fails_cache_lock;
epee::critical_section m_blocked_hosts_lock; // for both hosts and subnets
std::map<epee::net_utils::network_address, time_t> m_blocked_hosts;
std::map<std::string, time_t> m_blocked_hosts;
std::map<epee::net_utils::ipv4_network_subnet, time_t> m_blocked_subnets;
epee::critical_section m_host_fails_score_lock;

View File

@ -166,7 +166,7 @@ namespace nodetool
const time_t now = time(nullptr);
// look in the hosts list
auto it = m_blocked_hosts.find(address);
auto it = m_blocked_hosts.find(address.host_str());
if (it != m_blocked_hosts.end())
{
if (now >= it->second)
@ -224,7 +224,7 @@ namespace nodetool
limit = std::numeric_limits<time_t>::max();
else
limit = now + seconds;
m_blocked_hosts[addr] = limit;
m_blocked_hosts[addr.host_str()] = limit;
// drop any connection to that address. This should only have to look into
// the zone related to the connection, but really make sure everything is
@ -254,7 +254,7 @@ namespace nodetool
bool node_server<t_payload_net_handler>::unblock_host(const epee::net_utils::network_address &address)
{
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
auto i = m_blocked_hosts.find(address);
auto i = m_blocked_hosts.find(address.host_str());
if (i == m_blocked_hosts.end())
return false;
m_blocked_hosts.erase(i);
@ -1342,7 +1342,7 @@ namespace nodetool
bool node_server<t_payload_net_handler>::is_addr_recently_failed(const epee::net_utils::network_address& addr)
{
CRITICAL_REGION_LOCAL(m_conn_fails_cache_lock);
auto it = m_conn_fails_cache.find(addr);
auto it = m_conn_fails_cache.find(addr.host_str());
if(it == m_conn_fails_cache.end())
return false;

View File

@ -58,7 +58,7 @@ namespace nodetool
virtual bool for_connection(const boost::uuids::uuid&, std::function<bool(t_connection_context&, peerid_type, uint32_t)> f)=0;
virtual bool block_host(const epee::net_utils::network_address &address, time_t seconds = 0)=0;
virtual bool unblock_host(const epee::net_utils::network_address &address)=0;
virtual std::map<epee::net_utils::network_address, time_t> get_blocked_hosts()=0;
virtual std::map<std::string, time_t> get_blocked_hosts()=0;
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets()=0;
virtual bool add_host_fail(const epee::net_utils::network_address &address)=0;
virtual void add_used_stripe_peer(const t_connection_context &context)=0;
@ -114,9 +114,9 @@ namespace nodetool
{
return true;
}
virtual std::map<epee::net_utils::network_address, time_t> get_blocked_hosts()
virtual std::map<std::string, time_t> get_blocked_hosts()
{
return std::map<epee::net_utils::network_address, time_t>();
return std::map<std::string, time_t>();
}
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets()
{

View File

@ -1985,12 +1985,12 @@ namespace cryptonote
PERF_TIMER(on_get_bans);
auto now = time(nullptr);
std::map<epee::net_utils::network_address, time_t> blocked_hosts = m_p2p.get_blocked_hosts();
for (std::map<epee::net_utils::network_address, time_t>::const_iterator i = blocked_hosts.begin(); i != blocked_hosts.end(); ++i)
std::map<std::string, time_t> blocked_hosts = m_p2p.get_blocked_hosts();
for (std::map<std::string, time_t>::const_iterator i = blocked_hosts.begin(); i != blocked_hosts.end(); ++i)
{
if (i->second > now) {
COMMAND_RPC_GETBANS::ban b;
b.host = i->first.host_str();
b.host = i->first;
b.ip = 0;
uint32_t ip;
if (epee::string_tools::get_ip_int32_from_string(ip, b.host))

View File

@ -36,6 +36,7 @@
#include "cryptonote_protocol/cryptonote_protocol_handler.inl"
#define MAKE_IPV4_ADDRESS(a,b,c,d) epee::net_utils::ipv4_network_address{MAKE_IP(a,b,c,d),0}
#define MAKE_IPV4_ADDRESS_PORT(a,b,c,d,e) epee::net_utils::ipv4_network_address{MAKE_IP(a,b,c,d),e}
#define MAKE_IPV4_SUBNET(a,b,c,d,e) epee::net_utils::ipv4_network_subnet{MAKE_IP(a,b,c,d),e}
namespace cryptonote {
@ -94,10 +95,10 @@ typedef nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<test_cor
static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
{
std::map<epee::net_utils::network_address, time_t> hosts = server.get_blocked_hosts();
std::map<std::string, time_t> hosts = server.get_blocked_hosts();
for (auto rec: hosts)
{
if (rec.first == address)
if (rec.first == address.host_str())
{
if (t)
*t = rec.second;
@ -240,5 +241,22 @@ TEST(ban, subnet)
ASSERT_TRUE(server.get_blocked_subnets().size() == 0);
}
TEST(ban, ignores_port)
{
time_t seconds;
test_core pr_core;
cryptonote::t_cryptonote_protocol_handler<test_core> cprotocol(pr_core, NULL);
Server server(cprotocol);
cprotocol.set_p2p_endpoint(&server);
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5), std::numeric_limits<time_t>::max() - 1));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
}
namespace nodetool { template class node_server<cryptonote::t_cryptonote_protocol_handler<test_core>>; }
namespace cryptonote { template class t_cryptonote_protocol_handler<test_core>; }