Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add setban/listbanned RPC commands #6158

Merged
merged 10 commits into from Jun 18, 2015
Merged

Conversation

@jonasschnelli
Copy link
Member

jonasschnelli commented May 19, 2015

Groundwork for #5866.
If this makes it into master i'd like to add a GUI context menu for the peers table.
A simple disconnect (without banning) would be possible with setban <ip> add 1 (where 1 is the bantime).

At the moment the banned set does not survive a restart (should be added once).
Also currently banning is per IP and not per Node which results in disconnecting all nodes of a given IP (if the nodes uses the same ip but different ports).

Also includes some whitespace fixes for httpbasics.py test.

@jonasschnelli jonasschnelli force-pushed the jonasschnelli:2015/05/rpc_ban branch 2 times, most recently from 9792d11 to ab10e9d May 19, 2015
@jonasschnelli
Copy link
Member Author

jonasschnelli commented May 19, 2015

I'm open to alternatives (naming) for setban and listbanned. I thought adding banning options over the addnode command is a misuse.
I'm also not sure about banning whole IPs instead of only IP:port (node).

src/net.cpp Outdated
@@ -458,13 +458,30 @@ bool CNode::IsBanned(CNetAddr ip)
return fResult;
}

bool CNode::Ban(const CNetAddr &addr) {
bool CNode::Ban(const CNetAddr &addr, int64_t bantimeoffset) {

This comment has been minimized.

Copy link
@Diapolo

Diapolo May 19, 2015

Why was/is this returning a bool, if it seems to be only true?

This comment has been minimized.

Copy link
@jonasschnelli

jonasschnelli May 19, 2015

Author Member

Right. I didn't want to change this in this PR and i kept it for legacy reasons and to lower the risk of breaking something.

This comment has been minimized.

Copy link
@Diapolo

Diapolo May 19, 2015

Understood, but IMHO a function that doesn't need it could just be void. Perhaps you can just add a commit for that at the end? At least it could be changed for GetBanned as you just added it :).

This comment has been minimized.

Copy link
@jonasschnelli

jonasschnelli May 19, 2015

Author Member

Agreed. Added a commit on top.

src/net.cpp Outdated
return false;
}

bool CNode::GetBanned(std::map<CNetAddr, int64_t> &banMap)

This comment has been minimized.

Copy link
@Diapolo

Diapolo May 19, 2015

Same question for this function...

@@ -91,6 +91,7 @@ static const CRPCConvertParam vRPCConvertParams[] =
{ "estimatepriority", 0 },
{ "prioritisetransaction", 1 },
{ "prioritisetransaction", 2 },
{ "setban", 2 },

This comment has been minimized.

Copy link
@Diapolo

Diapolo May 19, 2015

listbanned is not added here?

This comment has been minimized.

Copy link
@jonasschnelli

jonasschnelli May 19, 2015

Author Member

This is only for the rpc client (bitcoin-cli) string to json conversion which is not required for listbanned.

"\nArguments:\n"
"1. \"ip\" (string, required) The IP (see getpeerinfo for nodes ip)\n"
"2. \"command\" (string, required) 'add' to add a IP to the list, 'remove' to remove a IP from the list\n"
"1. \"bantime\" (numeric, optional) time in seconds how long the ip is banned\n"

This comment has been minimized.

Copy link
@Diapolo

Diapolo May 19, 2015

What is the default value, if no bantime is supplied? Perhaps add this information in here?

This comment has been minimized.

Copy link
@jonasschnelli

jonasschnelli May 19, 2015

Author Member

Right. This is a good point. It's actually the cmd arg -bantime. Will add this information.

This comment has been minimized.

Copy link
@jonasschnelli

jonasschnelli May 19, 2015

Author Member

Just added information about the default bantime.

+ HelpExampleRpc("setban", "\"192.168.0.6\", \"add\" 86400")
);

string strNode = params[0].get_str();

This comment has been minimized.

Copy link
@Diapolo

Diapolo May 19, 2015

Why make a copy here, you seem to only use it once anyway?

This comment has been minimized.

Copy link
@jonasschnelli

jonasschnelli May 19, 2015

Author Member

Indeed. This is a relict from copy/paste some code from addnode. Will change.

This comment has been minimized.

Copy link
@jonasschnelli

jonasschnelli May 19, 2015

Author Member

Fixed @Diapolo's nit

while(CNode *bannedNode = FindNode(netAddr))
bannedNode->CloseSocketDisconnect();
}
else if(strCommand == "remove")

This comment has been minimized.

Copy link
@Diapolo

Diapolo May 19, 2015

Suggestion: Perhaps also add a removeall option?

This comment has been minimized.

Copy link
@LeMiner

LeMiner May 19, 2015

+1 for removeall option to clear the list of banned peers. And if possible, adding a right click -> kick/ban option for GUI, which could also be implemented like this: http://i.imgur.com/K5jifJx.png (but better looking obv.)

This comment has been minimized.

Copy link
@jonasschnelli

jonasschnelli May 19, 2015

Author Member

Agreed on the remove all feature. But it would be ugly to have a command like setban <IP> removeall ( would then be dummy). And supporting setban removeall will make the help message unreadable (because of parameter mixups).
IMO adding a clearbanned command could make sense.
Any other suggestions?

This comment has been minimized.

Copy link
@Diapolo

Diapolo May 19, 2015

clearbanned is fine with me, or perhaps setban * remove ;)?

@jonasschnelli jonasschnelli force-pushed the jonasschnelli:2015/05/rpc_ban branch 3 times, most recently from f2a123b to 8339b26 May 19, 2015
@jonasschnelli
Copy link
Member Author

jonasschnelli commented May 19, 2015

Added a clearbanned command (also included in tests).

@jonasschnelli jonasschnelli force-pushed the jonasschnelli:2015/05/rpc_ban branch 4 times, most recently from 83cd720 to 9f1394b May 19, 2015
@laanwj
Copy link
Member

laanwj commented May 21, 2015

Concept ACK, did not test or review code yet, this will be after 0.11 release

@gmaxwell
Copy link
Contributor

gmaxwell commented May 22, 2015

Great; I had an old bitrotted version of this and had implemented almost exactly the same interface. One thing this can't accomplish though is banning netgroups. (thats actually what held up my code: I found issues with out netgroup parser that broke my tests)

@LeMiner
Copy link

LeMiner commented May 22, 2015

In light of what gmaxwell said, perhaps allowing for -- setban 12. * .12.12 or setban 50.50.50. * would make sense as well. To allow for banning of entire octets.

@laanwj
Copy link
Member

laanwj commented May 22, 2015

@LeMiner Good idea, but I'd say the interface should use /n or /x.y.z.w CIDR syntax (as parsed by CSubNet) instead of bringing back 0.9-era wildcards.

@jonasschnelli
Copy link
Member Author

jonasschnelli commented May 22, 2015

Agreed with @laanwj.
I don't think there is a use case for 1.x.2.3

@LeMiner
Copy link

LeMiner commented May 22, 2015

Yep, agreed as well.

@laanwj
Copy link
Member

laanwj commented May 22, 2015

1.x.2.3 in CIDR would be 1.0.2.3/255.0.255.255. But no, I don't see a use-case either.

@jonasschnelli jonasschnelli force-pushed the jonasschnelli:2015/05/rpc_ban branch from 14a37e8 to 1a7ec8a May 26, 2015
@jonasschnelli
Copy link
Member Author

jonasschnelli commented May 26, 2015

Extended this PR to allow subnet banning/unbanning.
This needs testing because it changes the internal ban set from CNetAddr to CSubNet.

@jonasschnelli jonasschnelli force-pushed the jonasschnelli:2015/05/rpc_ban branch 2 times, most recently from 12d6265 to 2eff5b8 May 26, 2015
"\nArguments:\n"
"1. \"ip(/netmask)\" (string, required) The IP/Subnet (see getpeerinfo for nodes ip) with a optional netmask (default is /32 = single ip)\n"
"2. \"command\" (string, required) 'add' to add a IP/Subnet to the list, 'remove' to remove a IP/Subnet from the list\n"
"1. \"bantime\" (numeric, optional) time in seconds how long the ip is banned (0 or empty means using the default time of 24h which can also be overwritten by the -bantime startup argument)\n"

This comment has been minimized.

Copy link
@luke-jr

luke-jr Jun 2, 2015

Member

Should have some way to set an absolute time here, so banlists can be easily saved/restored across restarts.

This comment has been minimized.

Copy link
@jonasschnelli

jonasschnelli Jun 2, 2015

Author Member

The stored time is absolute (int64 Unix timestamp). The offset is more a input thing and I think it's suitable when banning a node.

This comment has been minimized.

Copy link
@luke-jr

luke-jr Jun 2, 2015

Member

Unless you can input an absolute time, restoring a saved list of bans is annoying.

This comment has been minimized.

Copy link
@jonasschnelli

jonasschnelli Jun 2, 2015

Author Member

Right. An additional method to set the bantime over an absolute value would make sense.

@jgarzik
Copy link
Contributor

jgarzik commented Jun 11, 2015

ut ACK

@laanwj
Copy link
Member

laanwj commented Jun 12, 2015

Needs rebase.
I agree with @luke-jr that it should be somehow possible to specify an absolute ban time. Relative times are useful for end-users, but not so much for programmatic use.

@jonasschnelli jonasschnelli force-pushed the jonasschnelli:2015/05/rpc_ban branch 2 times, most recently Jun 12, 2015
@jonasschnelli
Copy link
Member Author

jonasschnelli commented Jun 12, 2015

Rebased and added the possibility of setting an absolute bantime with setban add <ip> <unixtimestamp> true.

@laanwj
laanwj reviewed Jun 12, 2015
View changes
src/netbase.cpp Outdated
@@ -1330,6 +1330,11 @@ bool operator!=(const CSubNet& a, const CSubNet& b)
return !(a==b);
}

bool operator<(const CSubNet& a, const CSubNet& b)
{
return (a.network < b.network || (a.network == b.network && memcmp(a.netmask, b.netmask, 16)));

This comment has been minimized.

Copy link
@laanwj

laanwj Jun 12, 2015

Member

I think this should be:

return (a.network < b.network || (a.network == b.network && memcmp(a.netmask, b.netmask, 16) < 0));

This comment has been minimized.

Copy link
@jonasschnelli

jonasschnelli Jun 12, 2015

Author Member

Good catch! Thanks for the review.
Fixed.

@jonasschnelli jonasschnelli force-pushed the jonasschnelli:2015/05/rpc_ban branch Jun 12, 2015
@jonasschnelli jonasschnelli force-pushed the jonasschnelli:2015/05/rpc_ban branch 2 times, most recently Jun 16, 2015
@jonasschnelli
Copy link
Member Author

jonasschnelli commented Jun 16, 2015

Rebased and added also tests for the new disconnectnode command

@jonasschnelli jonasschnelli force-pushed the jonasschnelli:2015/05/rpc_ban branch to 9d79afe Jun 17, 2015
@laanwj laanwj merged commit 9d79afe into bitcoin:master Jun 18, 2015
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
laanwj added a commit that referenced this pull request Jun 18, 2015
9d79afe add RPC tests for setban & disconnectnode (Jonas Schnelli)
1f02b80 setban: add RPCErrorCode (Jonas Schnelli)
d624167 fix CSubNet comparison operator (Jonas Schnelli)
4e36e9b setban: rewrite to UniValue, allow absolute bantime (Jonas Schnelli)
3de24d7 rename json field "bannedtill" to "banned_until" (Jonas Schnelli)
433fb1a [RPC] extend setban to allow subnets (Jonas Schnelli)
e8b9347 [net] remove unused return type bool from CNode::Ban() (Jonas Schnelli)
1086ffb [QA] add setban/listbanned/clearbanned tests (Jonas Schnelli)
d930b26 [RPC] add setban/listbanned/clearbanned RPC commands (Jonas Schnelli)
2252fb9 [net] extend core functionallity for ban/unban/listban (Jonas Schnelli)
@jonasschnelli
Copy link
Member Author

jonasschnelli commented Jun 18, 2015

Thanks for the merge. I now try to extend this to the UI peers window.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

7 participants
You can’t perform that action at this time.