From 05cbf79fd474724e7356eb3901577bda4aa67bbe Mon Sep 17 00:00:00 2001
From: Donald Adu-Poku <donald.adu@gmail.com>
Date: Fri, 5 Nov 2021 00:07:01 +0000
Subject: [PATCH] server: add additional peer banning checks.

This updates various peer handler methods to enforce additional
peer banning checks.

- OnGetMiningState: a decaying ban score has been added for
repeated messages from the same peer.
- OnGetInitState: a decaying ban score has been added for
repeated messages from the same peer.
- OnGetBlocks: increment ban score for known inventory from peer.
- OnGetAddr: a decaying ban score has been added for repeated
messages from the same peer.
---
 server.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/server.go b/server.go
index 955ec5776a..09ca268356 100644
--- a/server.go
+++ b/server.go
@@ -827,6 +827,7 @@ func (sp *serverPeer) pushMiningStateMsg(height uint32, blockHashes []chainhash.
 // mined on and pushes a miningstate wire message back to the requesting peer.
 func (sp *serverPeer) OnGetMiningState(p *peer.Peer, msg *wire.MsgGetMiningState) {
 	if sp.getMiningStateSent {
+		_ = sp.banManager.AddBanScore(p, 0, 25, "repeated mining state request")
 		peerLog.Tracef("Ignoring getminingstate from %v - already sent", sp.Peer)
 		return
 	}
@@ -905,6 +906,7 @@ func (sp *serverPeer) OnMiningState(p *peer.Peer, msg *wire.MsgMiningState) {
 // It sends the available requested info to the remote peer.
 func (sp *serverPeer) OnGetInitState(p *peer.Peer, msg *wire.MsgGetInitState) {
 	if sp.initStateSent {
+		_ = sp.banManager.AddBanScore(p, 0, 25, "repeated init state request")
 		peerLog.Tracef("Ignoring getinitstate from %v - already sent", sp.Peer)
 		return
 	}
@@ -937,6 +939,8 @@ func (sp *serverPeer) OnGetInitState(p *peer.Peer, msg *wire.MsgGetInitState) {
 		// parent of the current tip.
 		children, err := sp.server.chain.TipGeneration()
 		if err != nil {
+			// revert the preemptive init state flag for the peer on an error.
+			sp.initStateSent = false
 			peerLog.Warnf("Failed to access sync manager to get the generation "+
 				"for a init state request (block: %v): %v", best.Hash, err)
 			return
@@ -1202,7 +1206,7 @@ func (sp *serverPeer) OnGetBlocks(p *peer.Peer, msg *wire.MsgGetBlocks) {
 	for i := range hashList {
 		iv := wire.NewInvVect(wire.InvTypeBlock, &hashList[i])
 		if sp.IsKnownInventory(iv) {
-			// TODO: Increase ban score
+			_ = sp.banManager.AddBanScore(p, 10, 0, "known inventory")
 			continue
 		}
 		invMsg.AddInvVect(iv)
@@ -1348,6 +1352,7 @@ func (sp *serverPeer) OnGetAddr(p *peer.Peer, msg *wire.MsgGetAddr) {
 	// Only respond with addresses once per connection.  This helps reduce
 	// traffic and further reduces fingerprinting attacks.
 	if sp.addrsSent {
+		_ = sp.banManager.AddBanScore(p, 0, 25, "repeated get address request")
 		peerLog.Tracef("Ignoring getaddr from %v - already sent", sp.Peer)
 		return
 	}