-
-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow blocking whole subnets #5363
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,6 +22,24 @@ namespace epee { namespace net_utils | |
bool ipv4_network_address::is_local() const { return net_utils::is_ip_local(ip()); } | ||
|
||
|
||
bool ipv4_network_subnet::equal(const ipv4_network_subnet& other) const noexcept | ||
{ return is_same_host(other) && m_mask == other.m_mask; } | ||
|
||
bool ipv4_network_subnet::less(const ipv4_network_subnet& other) const noexcept | ||
{ return subnet() < other.subnet() ? true : (other.subnet() < subnet() ? false : (m_mask < other.m_mask)); } | ||
|
||
std::string ipv4_network_subnet::str() const | ||
{ return string_tools::get_ip_string_from_int32(subnet()) + "/" + std::to_string(m_mask); } | ||
|
||
std::string ipv4_network_subnet::host_str() const { return string_tools::get_ip_string_from_int32(subnet()) + "/" + std::to_string(m_mask); } | ||
bool ipv4_network_subnet::is_loopback() const { return net_utils::is_ip_loopback(subnet()); } | ||
bool ipv4_network_subnet::is_local() const { return net_utils::is_ip_local(subnet()); } | ||
bool ipv4_network_subnet::matches(const ipv4_network_address &address) const | ||
{ | ||
return (address.ip() & ~(0xffffffffull << m_mask)) == subnet(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I believe this is broken on big endian machines. |
||
} | ||
|
||
|
||
bool network_address::equal(const network_address& other) const | ||
{ | ||
// clang typeid workaround | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -248,7 +248,11 @@ namespace nodetool | |
void change_max_in_public_peers(size_t count); | ||
virtual bool block_host(const epee::net_utils::network_address &adress, time_t seconds = P2P_IP_BLOCKTIME); | ||
virtual bool unblock_host(const epee::net_utils::network_address &address); | ||
virtual std::map<std::string, time_t> get_blocked_hosts() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_hosts; } | ||
virtual bool block_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds = P2P_IP_BLOCKTIME); | ||
virtual bool unblock_subnet(const epee::net_utils::ipv4_network_subnet &subnet); | ||
virtual bool is_host_blocked(const epee::net_utils::network_address &address, time_t *seconds) { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return !is_remote_host_allowed(address, seconds); } | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why have this alias? It does not appear to be overriding any base class implementation either. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Because it's a public entry point for this, which just piggy backs on the base class stuff, and its override is private below. |
||
virtual std::map<epee::net_utils::network_address, time_t> get_blocked_hosts() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_hosts; } | ||
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_subnets; } | ||
|
||
virtual void add_used_stripe_peer(const typename t_payload_net_handler::connection_context &context); | ||
virtual void remove_used_stripe_peer(const typename t_payload_net_handler::connection_context &context); | ||
|
@@ -319,7 +323,7 @@ namespace nodetool | |
virtual bool for_connection(const boost::uuids::uuid&, std::function<bool(typename t_payload_net_handler::connection_context&, peerid_type, uint32_t)> f); | ||
virtual bool add_host_fail(const epee::net_utils::network_address &address); | ||
//----------------- i_connection_filter -------------------------------------------------------- | ||
virtual bool is_remote_host_allowed(const epee::net_utils::network_address &address); | ||
virtual bool is_remote_host_allowed(const epee::net_utils::network_address &address, time_t *t = NULL); | ||
//----------------------------------------------------------------------------------------------- | ||
bool parse_peer_from_string(epee::net_utils::network_address& pe, const std::string& node_addr, uint16_t default_port = 0); | ||
bool handle_command_line( | ||
|
@@ -461,8 +465,9 @@ namespace nodetool | |
std::map<epee::net_utils::network_address, time_t> m_conn_fails_cache; | ||
epee::critical_section m_conn_fails_cache_lock; | ||
|
||
epee::critical_section m_blocked_hosts_lock; | ||
std::map<std::string, time_t> m_blocked_hosts; | ||
epee::critical_section m_blocked_hosts_lock; // for both hosts and subnets | ||
std::map<epee::net_utils::network_address, time_t> m_blocked_hosts; | ||
std::map<epee::net_utils::ipv4_network_subnet, time_t> m_blocked_subnets; | ||
|
||
epee::critical_section m_host_fails_score_lock; | ||
std::map<std::string, uint64_t> m_host_fails_score; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this replacing instead of adding the functions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
er, this was not intended, I'll fix.