aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-09-16 19:20:23 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-09-16 22:45:45 +0000
commit7b076d5170f3299b1933f990e8b35777083c1809 (patch)
tree752ecbe4a7eb6d3717bad3f9189ba823a34092e3
parentMerge pull request #5861 (diff)
downloadmonero-7b076d5170f3299b1933f990e8b35777083c1809.tar.xz
p2p: fix bans taking port into account
-rw-r--r--src/p2p/net_node.h6
-rw-r--r--src/p2p/net_node.inl8
-rw-r--r--src/p2p/net_node_common.h6
-rw-r--r--src/rpc/core_rpc_server.cpp6
-rw-r--r--tests/unit_tests/ban.cpp22
5 files changed, 33 insertions, 15 deletions
diff --git a/src/p2p/net_node.h b/src/p2p/net_node.h
index 255a1fc1f..d7e2e91f5 100644
--- a/src/p2p/net_node.h
+++ b/src/p2p/net_node.h
@@ -271,7 +271,7 @@ namespace nodetool
virtual bool block_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds = P2P_IP_BLOCKTIME);
virtual bool unblock_subnet(const epee::net_utils::ipv4_network_subnet &subnet);
virtual bool is_host_blocked(const epee::net_utils::network_address &address, time_t *seconds) { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return !is_remote_host_allowed(address, seconds); }
- virtual std::map<epee::net_utils::network_address, time_t> get_blocked_hosts() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_hosts; }
+ virtual std::map<std::string, time_t> get_blocked_hosts() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_hosts; }
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_subnets; }
virtual void add_used_stripe_peer(const typename t_payload_net_handler::connection_context &context);
@@ -484,11 +484,11 @@ namespace nodetool
std::map<epee::net_utils::zone, network_zone> m_network_zones;
- std::map<epee::net_utils::network_address, time_t> m_conn_fails_cache;
+ std::map<std::string, time_t> m_conn_fails_cache;
epee::critical_section m_conn_fails_cache_lock;
epee::critical_section m_blocked_hosts_lock; // for both hosts and subnets
- std::map<epee::net_utils::network_address, time_t> m_blocked_hosts;
+ std::map<std::string, time_t> m_blocked_hosts;
std::map<epee::net_utils::ipv4_network_subnet, time_t> m_blocked_subnets;
epee::critical_section m_host_fails_score_lock;
diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl
index 97a18b519..24c87cef8 100644
--- a/src/p2p/net_node.inl
+++ b/src/p2p/net_node.inl
@@ -166,7 +166,7 @@ namespace nodetool
const time_t now = time(nullptr);
// look in the hosts list
- auto it = m_blocked_hosts.find(address);
+ auto it = m_blocked_hosts.find(address.host_str());
if (it != m_blocked_hosts.end())
{
if (now >= it->second)
@@ -224,7 +224,7 @@ namespace nodetool
limit = std::numeric_limits<time_t>::max();
else
limit = now + seconds;
- m_blocked_hosts[addr] = limit;
+ m_blocked_hosts[addr.host_str()] = limit;
// drop any connection to that address. This should only have to look into
// the zone related to the connection, but really make sure everything is
@@ -254,7 +254,7 @@ namespace nodetool
bool node_server<t_payload_net_handler>::unblock_host(const epee::net_utils::network_address &address)
{
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
- auto i = m_blocked_hosts.find(address);
+ auto i = m_blocked_hosts.find(address.host_str());
if (i == m_blocked_hosts.end())
return false;
m_blocked_hosts.erase(i);
@@ -1342,7 +1342,7 @@ namespace nodetool
bool node_server<t_payload_net_handler>::is_addr_recently_failed(const epee::net_utils::network_address& addr)
{
CRITICAL_REGION_LOCAL(m_conn_fails_cache_lock);
- auto it = m_conn_fails_cache.find(addr);
+ auto it = m_conn_fails_cache.find(addr.host_str());
if(it == m_conn_fails_cache.end())
return false;
diff --git a/src/p2p/net_node_common.h b/src/p2p/net_node_common.h
index 239814c2c..e0046cd86 100644
--- a/src/p2p/net_node_common.h
+++ b/src/p2p/net_node_common.h
@@ -58,7 +58,7 @@ namespace nodetool
virtual bool for_connection(const boost::uuids::uuid&, std::function<bool(t_connection_context&, peerid_type, uint32_t)> f)=0;
virtual bool block_host(const epee::net_utils::network_address &address, time_t seconds = 0)=0;
virtual bool unblock_host(const epee::net_utils::network_address &address)=0;
- virtual std::map<epee::net_utils::network_address, time_t> get_blocked_hosts()=0;
+ virtual std::map<std::string, time_t> get_blocked_hosts()=0;
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets()=0;
virtual bool add_host_fail(const epee::net_utils::network_address &address)=0;
virtual void add_used_stripe_peer(const t_connection_context &context)=0;
@@ -114,9 +114,9 @@ namespace nodetool
{
return true;
}
- virtual std::map<epee::net_utils::network_address, time_t> get_blocked_hosts()
+ virtual std::map<std::string, time_t> get_blocked_hosts()
{
- return std::map<epee::net_utils::network_address, time_t>();
+ return std::map<std::string, time_t>();
}
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets()
{
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index 529cdbf2d..7192db122 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -1985,12 +1985,12 @@ namespace cryptonote
PERF_TIMER(on_get_bans);
auto now = time(nullptr);
- std::map<epee::net_utils::network_address, time_t> blocked_hosts = m_p2p.get_blocked_hosts();
- for (std::map<epee::net_utils::network_address, time_t>::const_iterator i = blocked_hosts.begin(); i != blocked_hosts.end(); ++i)
+ std::map<std::string, time_t> blocked_hosts = m_p2p.get_blocked_hosts();
+ for (std::map<std::string, time_t>::const_iterator i = blocked_hosts.begin(); i != blocked_hosts.end(); ++i)
{
if (i->second > now) {
COMMAND_RPC_GETBANS::ban b;
- b.host = i->first.host_str();
+ b.host = i->first;
b.ip = 0;
uint32_t ip;
if (epee::string_tools::get_ip_int32_from_string(ip, b.host))
diff --git a/tests/unit_tests/ban.cpp b/tests/unit_tests/ban.cpp
index 17fba90c6..b710f9226 100644
--- a/tests/unit_tests/ban.cpp
+++ b/tests/unit_tests/ban.cpp
@@ -36,6 +36,7 @@
#include "cryptonote_protocol/cryptonote_protocol_handler.inl"
#define MAKE_IPV4_ADDRESS(a,b,c,d) epee::net_utils::ipv4_network_address{MAKE_IP(a,b,c,d),0}
+#define MAKE_IPV4_ADDRESS_PORT(a,b,c,d,e) epee::net_utils::ipv4_network_address{MAKE_IP(a,b,c,d),e}
#define MAKE_IPV4_SUBNET(a,b,c,d,e) epee::net_utils::ipv4_network_subnet{MAKE_IP(a,b,c,d),e}
namespace cryptonote {
@@ -94,10 +95,10 @@ typedef nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<test_cor
static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
{
- std::map<epee::net_utils::network_address, time_t> hosts = server.get_blocked_hosts();
+ std::map<std::string, time_t> hosts = server.get_blocked_hosts();
for (auto rec: hosts)
{
- if (rec.first == address)
+ if (rec.first == address.host_str())
{
if (t)
*t = rec.second;
@@ -240,5 +241,22 @@ TEST(ban, subnet)
ASSERT_TRUE(server.get_blocked_subnets().size() == 0);
}
+TEST(ban, ignores_port)
+{
+ time_t seconds;
+ test_core pr_core;
+ cryptonote::t_cryptonote_protocol_handler<test_core> cprotocol(pr_core, NULL);
+ Server server(cprotocol);
+ cprotocol.set_p2p_endpoint(&server);
+
+ ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
+ ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5), std::numeric_limits<time_t>::max() - 1));
+ ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
+ ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
+ ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
+ ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
+ ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
+}
+
namespace nodetool { template class node_server<cryptonote::t_cryptonote_protocol_handler<test_core>>; }
namespace cryptonote { template class t_cryptonote_protocol_handler<test_core>; }