Merge pull request #536 from aguycalled/header-spam

proletesseract · web-flow · commit 45c98d56f56a · 2019-06-29T15:00:00.000+12:00
Check node address in header spam protection
diff --git a/src/init.cpp b/src/init.cpp
@@ -561,6 +561,7 @@ std::string HelpMessage(HelpMessageMode mode)
     strUsage += HelpMessageOpt("-headerspamfilter=<n>", strprintf(_("Use header spam filter (default: %u)"), DEFAULT_HEADER_SPAM_FILTER));
     strUsage += HelpMessageOpt("-headerspamfiltermaxsize=<n>", strprintf(_("Maximum size of the list of indexes in the header spam filter (default: %u)"), DEFAULT_HEADER_SPAM_FILTER_MAX_SIZE));
     strUsage += HelpMessageOpt("-headerspamfiltermaxavg=<n>", strprintf(_("Maximum average size of an index occurrence in the header spam filter (default: %u)"), DEFAULT_HEADER_SPAM_FILTER_MAX_AVG));
+    strUsage += HelpMessageOpt("-headerspamfilterignoreport=<n>", strprintf("Ignore the port in the ip address when looking for header spam, determine whether or not multiple nodes can be on the same IP (default: %u)", DEFAULT_HEADER_SPAM_FILTER_IGNORE_PORT));
 
     return strUsage;
 }
diff --git a/src/main.cpp b/src/main.cpp
@@ -408,8 +408,6 @@ struct CNodeState {
     //! Whether this peer can give us witnesses
     bool fHaveWitness;
 
-    CNodeHeaders headers;
-
     CNodeState() {
         fCurrentlyConnected = false;
         nMisbehavior = 0;
@@ -434,6 +432,7 @@ struct CNodeState {
 
 /** Map maintaining per-node state. Requires cs_main. */
 map<NodeId, CNodeState> mapNodeState;
+map<CService, CNodeHeaders> mapServiceHeaders;
 
 // Requires cs_main.
 CNodeState *State(NodeId pnode) {
@@ -443,6 +442,26 @@ CNodeState *State(NodeId pnode) {
     return &it->second;
 }
 
+static CNodeHeaders &ServiceHeaders(const CService& address) EXCLUSIVE_LOCKS_REQUIRED(cs_main) {
+    unsigned short port =
+            GetBoolArg("-headerspamfilterignoreport", DEFAULT_HEADER_SPAM_FILTER_IGNORE_PORT) ? 0 : address.GetPort();
+    CService addr(address, port);
+    return mapServiceHeaders[addr];
+}
+
+static void CleanAddressHeaders(const CAddress& addr) EXCLUSIVE_LOCKS_REQUIRED(cs_main) {
+    CSubNet subNet(addr);
+    for (std::map<CService, CNodeHeaders>::iterator it=mapServiceHeaders.begin(); it!=mapServiceHeaders.end();){
+        if(subNet.Match(it->first))
+        {
+            it = mapServiceHeaders.erase(it);
+        }
+        else{
+            it++;
+        }
+    }
+}
+
 int GetHeight()
 {
     LOCK(cs_main);
@@ -7210,9 +7229,10 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
             LOCK(cs_main);
             CValidationState state;
             CNodeState *nodestate = State(pfrom->GetId());
-            nodestate->headers.addHeaders(nFirst, nLast);
+            CNodeHeaders& headers = ServiceHeaders(nodestate->address);
+            headers.addHeaders(nFirst, nLast);
             int nDoS;
-            ret = nodestate->headers.updateState(state, ret);
+            ret = headers.updateState(state, ret);
             if (state.IsInvalid(nDoS)) {
                 if (nDoS > 0)
                     Misbehaving(pfrom->GetId(), nDoS);
@@ -7791,6 +7811,8 @@ bool SendMessages(CNode* pto)
                 else
                 {
                     CNode::Ban(pto->addr, BanReasonNodeMisbehaving);
+                    // Remove all data from the header spam filter when the address is banned
+                    CleanAddressHeaders(pto->addr);
                 }
             }
             state.fShouldBan = false;
diff --git a/src/main.h b/src/main.h
@@ -161,6 +161,9 @@ static const bool DEFAULT_HEADER_SPAM_FILTER = true;
 static const unsigned int DEFAULT_HEADER_SPAM_FILTER_MAX_SIZE = 50;
 /** Default for -headerspamfiltermaxavg, maximum average size of an index occurrence in the header spam filter */
 static const unsigned int DEFAULT_HEADER_SPAM_FILTER_MAX_AVG = 10;
+/** Default for -headerspamfilterignoreport, ignore the port in the ip address when looking for header spam,
+ multiple nodes on the same ip will be treated as the one when computing the filter*/
+static const unsigned int DEFAULT_HEADER_SPAM_FILTER_IGNORE_PORT = true;
 
 /** Maximum number of headers to announce when relaying blocks with headers message.*/
 static const unsigned int MAX_BLOCKS_TO_ANNOUNCE = 8;

Original file line number	Diff line number	Diff line change
`@@ -561,6 +561,7 @@ std::string HelpMessage(HelpMessageMode mode)`
`561`	`561`	`strUsage += HelpMessageOpt("-headerspamfilter=<n>", strprintf(_("Use header spam filter (default: %u)"), DEFAULT_HEADER_SPAM_FILTER));`
`562`	`562`	`strUsage += HelpMessageOpt("-headerspamfiltermaxsize=<n>", strprintf(_("Maximum size of the list of indexes in the header spam filter (default: %u)"), DEFAULT_HEADER_SPAM_FILTER_MAX_SIZE));`
`563`	`563`	`strUsage += HelpMessageOpt("-headerspamfiltermaxavg=<n>", strprintf(_("Maximum average size of an index occurrence in the header spam filter (default: %u)"), DEFAULT_HEADER_SPAM_FILTER_MAX_AVG));`
	`564`	`+ strUsage += HelpMessageOpt("-headerspamfilterignoreport=<n>", strprintf("Ignore the port in the ip address when looking for header spam, determine whether or not multiple nodes can be on the same IP (default: %u)", DEFAULT_HEADER_SPAM_FILTER_IGNORE_PORT));`
`564`	`565`
`565`	`566`	`return strUsage;`
`566`	`567`	`}`