|
| 1 | +{ |
| 2 | + "file": "block-hosts.json", |
| 3 | + "description": "Block failing hosts", |
| 4 | + "required": [ |
| 5 | + "core/bytecoin.json" |
| 6 | + ], |
| 7 | + "files": [ |
| 8 | + { |
| 9 | + "path": "/src/CryptoNoteConfig.h", |
| 10 | + "changes": [ |
| 11 | + { |
| 12 | + "action": "add_below", |
| 13 | + "marker": "const size_t P2P_DEFAULT_HANDSHAKE_INVOKE_TIMEOUT", |
| 14 | + "parameters": { |
| 15 | + "text": [ |
| 16 | + "", |
| 17 | + "const uint32_t P2P_FAILED_ADDR_FORGET_SECONDS = (60*60); //1 hour", |
| 18 | + "const uint32_t P2P_IP_BLOCKTIME = (60*60*24); //24 hour", |
| 19 | + "const uint32_t P2P_IP_FAILS_BEFORE_BLOCK = 10;", |
| 20 | + "const uint32_t P2P_IDLE_CONNECTION_KILL_INTERVAL = (5*60); //5 minutes", |
| 21 | + "" |
| 22 | + ] |
| 23 | + } |
| 24 | + } |
| 25 | + ] |
| 26 | + }, |
| 27 | + { |
| 28 | + "path": "/src/P2p/NetNodeCommon.h", |
| 29 | + "changes": [ |
| 30 | + { |
| 31 | + "action": "add_above", |
| 32 | + "marker": "virtual void for_each_connection(std::function<void(CryptoNote::CryptoNoteConnectionContext&, PeerIdType)> f) = 0;", |
| 33 | + "parameters": { |
| 34 | + "text": [ |
| 35 | + " virtual void drop_connection(CryptoNoteConnectionContext& context, bool add_fail) = 0;" |
| 36 | + ] |
| 37 | + } |
| 38 | + }, |
| 39 | + { |
| 40 | + "action": "add_above", |
| 41 | + "marker": "virtual void for_each_connection(std::function<void(CryptoNote::CryptoNoteConnectionContext&, PeerIdType)> f) override {}", |
| 42 | + "parameters": { |
| 43 | + "text": [ |
| 44 | + " virtual void drop_connection(CryptoNoteConnectionContext& context, bool add_fail) override {}" |
| 45 | + ] |
| 46 | + } |
| 47 | + } |
| 48 | + ] |
| 49 | + }, |
| 50 | + { |
| 51 | + "path": "/src/P2p/NetNode.h", |
| 52 | + "changes": [ |
| 53 | + { |
| 54 | + "action": "add_above", |
| 55 | + "marker": "virtual void for_each_connection(std::function<void(CryptoNote::CryptoNoteConnectionContext&, PeerIdType)> f) override;", |
| 56 | + "parameters": { |
| 57 | + "text": [ |
| 58 | + " virtual void drop_connection(CryptoNoteConnectionContext& context, bool add_fail) override;" |
| 59 | + ] |
| 60 | + } |
| 61 | + }, |
| 62 | + { |
| 63 | + "action": "add_above", |
| 64 | + "marker": "bool handle_command_line(const boost::program_options::variables_map& vm);", |
| 65 | + "parameters": { |
| 66 | + "text": [ |
| 67 | + "bool block_host(const uint32_t address_ip, time_t seconds = P2P_IP_BLOCKTIME);", |
| 68 | + "bool unblock_host(const uint32_t address_ip);", |
| 69 | + "bool add_host_fail(const uint32_t address_ip);" |
| 70 | + ] |
| 71 | + } |
| 72 | + }, |
| 73 | + { |
| 74 | + "action": "add_below", |
| 75 | + "marker": "boost::uuids::uuid m_network_id;", |
| 76 | + "parameters": { |
| 77 | + "text": [ |
| 78 | + " std::map<uint32_t, time_t> m_blocked_hosts;", |
| 79 | + " std::map<uint32_t, uint64_t> m_host_fails_score;", |
| 80 | + "", |
| 81 | + " mutable std::mutex mutex;" |
| 82 | + ] |
| 83 | + } |
| 84 | + } |
| 85 | + ] |
| 86 | + }, |
| 87 | + { |
| 88 | + "path": "/src/P2p/NetNode.cpp", |
| 89 | + "changes": [ |
| 90 | + { |
| 91 | + "action": "add_above", |
| 92 | + "marker": "bool NodeServer::handle_command_line(const boost::program_options::variables_map& vm)", |
| 93 | + "parameters": { |
| 94 | + "text": [ |
| 95 | + "bool NodeServer::block_host(const uint32_t address_ip, time_t seconds)", |
| 96 | + "{", |
| 97 | + " std::unique_lock<std::mutex> lock(mutex);", |
| 98 | + " m_blocked_hosts[address_ip] = time(nullptr) + seconds;", |
| 99 | + "", |
| 100 | + " // drop any connection to that IP", |
| 101 | + " std::list<boost::uuids::uuid> conns;", |
| 102 | + " forEachConnection([&](P2pConnectionContext& cntxt) {", |
| 103 | + " if (cntxt.m_remote_ip == address_ip)", |
| 104 | + " {", |
| 105 | + " conns.push_back(cntxt.m_connection_id);", |
| 106 | + " }", |
| 107 | + " return true;", |
| 108 | + " });", |
| 109 | + " for (const auto &c_id: conns) {", |
| 110 | + " auto c = m_connections.find(c_id);", |
| 111 | + " if (c != m_connections.end())", |
| 112 | + " c->second.m_state = CryptoNoteConnectionContext::state_shutdown;", |
| 113 | + " }", |
| 114 | + "", |
| 115 | + " logger(INFO) << \"Host \" << Common::ipAddressToString(address_ip) << \" blocked.\";", |
| 116 | + " return true;", |
| 117 | + "}", |
| 118 | + "//-----------------------------------------------------------------------------------", |
| 119 | + "bool NodeServer::unblock_host(const uint32_t address_ip)", |
| 120 | + "{", |
| 121 | + " std::unique_lock<std::mutex> lock(mutex);", |
| 122 | + " auto i = m_blocked_hosts.find(address_ip);", |
| 123 | + " if (i == m_blocked_hosts.end())", |
| 124 | + " return false;", |
| 125 | + " m_blocked_hosts.erase(i);", |
| 126 | + " logger(INFO) << \"Host \" << Common::ipAddressToString(address_ip) << \" unblocked.\";", |
| 127 | + " return true;", |
| 128 | + "}", |
| 129 | + "//-----------------------------------------------------------------------------------", |
| 130 | + "bool NodeServer::add_host_fail(const uint32_t address_ip)", |
| 131 | + "{", |
| 132 | + " std::unique_lock<std::mutex> lock(mutex);", |
| 133 | + " uint64_t fails = ++m_host_fails_score[address_ip];", |
| 134 | + " logger(DEBUGGING) << \"Host \" << Common::ipAddressToString(address_ip) << \" fail score=\" << fails;", |
| 135 | + " if(fails > P2P_IP_FAILS_BEFORE_BLOCK)", |
| 136 | + " {", |
| 137 | + " auto it = m_host_fails_score.find(address_ip);", |
| 138 | + " if (it == m_host_fails_score.end()) {", |
| 139 | + " logger(DEBUGGING) << \"Internal error (add_host_fail)\" << fails;", |
| 140 | + " return false;", |
| 141 | + " }", |
| 142 | + " it->second = P2P_IP_FAILS_BEFORE_BLOCK/2;", |
| 143 | + " block_host(address_ip);", |
| 144 | + " }", |
| 145 | + " return true;", |
| 146 | + "}", |
| 147 | + "", |
| 148 | + "//-----------------------------------------------------------------------------------", |
| 149 | + "void NodeServer::drop_connection(CryptoNoteConnectionContext& context, bool add_fail)", |
| 150 | + "{", |
| 151 | + " if (add_fail)", |
| 152 | + " add_host_fail(context.m_remote_ip);", |
| 153 | + "", |
| 154 | + " context.m_state = CryptoNoteConnectionContext::state_shutdown;", |
| 155 | + "}", |
| 156 | + "", |
| 157 | + "//-----------------------------------------------------------------------------------" |
| 158 | + ] |
| 159 | + } |
| 160 | + }, |
| 161 | + { |
| 162 | + "action": "add_below", |
| 163 | + "marker": "if (!handle_remote_peerlist(rsp.local_peerlist, rsp.node_data.local_time, context)) {", |
| 164 | + "parameters": { |
| 165 | + "text": [ |
| 166 | + " add_host_fail(context.m_remote_ip);" |
| 167 | + ] |
| 168 | + } |
| 169 | + }, |
| 170 | + { |
| 171 | + "action": "add_below", |
| 172 | + "marker": "if (arg.node_data.network_id != m_network_id) {", |
| 173 | + "parameters": { |
| 174 | + "text": [ |
| 175 | + " add_host_fail(context.m_remote_ip);" |
| 176 | + ] |
| 177 | + } |
| 178 | + }, |
| 179 | + { |
| 180 | + "action": "add_below", |
| 181 | + "marker": "if(!context.m_is_income) {", |
| 182 | + "parameters": { |
| 183 | + "text": [ |
| 184 | + " add_host_fail(context.m_remote_ip);" |
| 185 | + ] |
| 186 | + } |
| 187 | + } |
| 188 | + ] |
| 189 | + }, |
| 190 | + { |
| 191 | + "path": "/src/CryptoNoteProtocol/CryptoNoteProtocolHandler.cpp", |
| 192 | + "changes": [ |
| 193 | + { |
| 194 | + "action": "add_below", |
| 195 | + "marker": " } else if (result == error::AddBlockErrorCondition::BLOCK_REJECTED) {", |
| 196 | + "parameters": { |
| 197 | + "text": [ |
| 198 | + " m_p2p->drop_connection(context, true);" |
| 199 | + ] |
| 200 | + } |
| 201 | + }, |
| 202 | + { |
| 203 | + "action": "add_below", |
| 204 | + "marker": " } else if (result == error::AddBlockErrorCondition::BLOCK_REJECTED) {", |
| 205 | + "parameters": { |
| 206 | + "text": [ |
| 207 | + " m_p2p->drop_connection(context, true);" |
| 208 | + ] |
| 209 | + } |
| 210 | + } |
| 211 | + ] |
| 212 | + } |
| 213 | + ] |
| 214 | +} |
0 commit comments