-
Notifications
You must be signed in to change notification settings - Fork 212
/
gater.go
118 lines (104 loc) · 2.77 KB
/
gater.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package p2p
import (
"fmt"
"net"
"github.com/libp2p/go-libp2p/core/connmgr"
"github.com/libp2p/go-libp2p/core/control"
"github.com/libp2p/go-libp2p/core/host"
"github.com/libp2p/go-libp2p/core/network"
"github.com/libp2p/go-libp2p/core/peer"
"github.com/multiformats/go-multiaddr"
)
var _ connmgr.ConnectionGater = (*gater)(nil)
func newGater(cfg Config) (*gater, error) {
// leaves a small room for outbound connections in order to
// reduce risk of network isolation
g := &gater{
inbound: int(float64(cfg.HighPeers) * cfg.InboundFraction),
outbound: int(float64(cfg.HighPeers) * cfg.OutboundFraction),
direct: map[peer.ID]struct{}{},
}
direct, err := parseIntoAddr(cfg.Direct)
if err != nil {
return nil, err
}
if !cfg.PrivateNetwork {
g.ip4blocklist, err = parseCIDR(cfg.IP4Blocklist)
if err != nil {
return nil, err
}
g.ip6blocklist, err = parseCIDR(cfg.IP6Blocklist)
if err != nil {
return nil, err
}
}
for _, pid := range direct {
g.direct[pid.ID] = struct{}{}
}
return g, nil
}
type gater struct {
h host.Host
inbound, outbound int
direct map[peer.ID]struct{}
ip4blocklist []*net.IPNet
ip6blocklist []*net.IPNet
}
func (g *gater) updateHost(h host.Host) {
g.h = h
}
func (g *gater) InterceptPeerDial(pid peer.ID) bool {
if _, exist := g.direct[pid]; exist {
return true
}
return len(g.h.Network().Peers()) <= g.outbound
}
func (g *gater) InterceptAddrDial(pid peer.ID, m multiaddr.Multiaddr) bool {
if _, exist := g.direct[pid]; exist {
return true
}
return len(g.h.Network().Peers()) <= g.outbound && g.allowed(m)
}
func (g *gater) InterceptAccept(n network.ConnMultiaddrs) bool {
return len(g.h.Network().Peers()) <= g.inbound
}
func (*gater) InterceptSecured(_ network.Direction, _ peer.ID, _ network.ConnMultiaddrs) bool {
return true
}
func (*gater) InterceptUpgraded(_ network.Conn) (allow bool, reason control.DisconnectReason) {
return true, 0
}
func (g *gater) allowed(m multiaddr.Multiaddr) bool {
allow := true
multiaddr.ForEach(m, func(c multiaddr.Component) bool {
switch c.Protocol().Code {
case multiaddr.P_IP4:
allow = !inAddrRange(net.IP(c.RawValue()), g.ip4blocklist)
return false
case multiaddr.P_IP6:
allow = !inAddrRange(net.IP(c.RawValue()), g.ip6blocklist)
return false
}
return true
})
return allow
}
func parseCIDR(cidrs []string) ([]*net.IPNet, error) {
ipnets := make([]*net.IPNet, len(cidrs))
for i, cidr := range cidrs {
_, ipnet, err := net.ParseCIDR(cidr)
if err != nil {
return nil, fmt.Errorf("can't parse %s as valid cidr: %w", cidr, err)
}
ipnets[i] = ipnet
}
return ipnets, nil
}
func inAddrRange(ip net.IP, ipnets []*net.IPNet) bool {
for _, ipnet := range ipnets {
if ipnet.Contains(ip) {
return true
}
}
return false
}