aboutsummaryrefslogtreecommitdiff
path: root/src/p2p/net_node.inl
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2020-10-25 16:22:01 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2020-11-03 17:36:25 +0000
commit1a627e1f891b60f7e1fdffdc1fa02afa653f372a (patch)
treec60f48a3d1539dbc07686f7c2c3b2ddd8831f65d /src/p2p/net_node.inl
parentMerge pull request #6965 (diff)
downloadmonero-1a627e1f891b60f7e1fdffdc1fa02afa653f372a.tar.xz
p2p: use /16 filtering on IPv4-within-IPv6 addresses
IPv6 addresses include a range that can map IPv4 addresses, which allowed those mapped addresses to bypass filtering. This filter should be replaced by AS filtering at some point.
Diffstat (limited to 'src/p2p/net_node.inl')
-rw-r--r--src/p2p/net_node.inl32
1 files changed, 30 insertions, 2 deletions
diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl
index f8cba41aa..b888afc64 100644
--- a/src/p2p/net_node.inl
+++ b/src/p2p/net_node.inl
@@ -1436,6 +1436,20 @@ namespace nodetool
const uint32_t actual_ip = na.as<const epee::net_utils::ipv4_network_address>().ip();
classB.insert(actual_ip & 0x0000ffff);
}
+#if BOOST_VERSION > 106600
+ else if (cntxt.m_remote_address.get_type_id() == epee::net_utils::ipv6_network_address::get_type_id())
+ {
+ const epee::net_utils::network_address na = cntxt.m_remote_address;
+ const boost::asio::ip::address_v6 &actual_ip = na.as<const epee::net_utils::ipv6_network_address>().ip();
+ if (actual_ip.is_v4_mapped())
+ {
+ boost::asio::ip::address_v4 v4ip = make_address_v4(boost::asio::ip::v4_mapped, actual_ip);
+ uint32_t actual_ipv4;
+ memcpy(&actual_ipv4, v4ip.to_bytes().data(), sizeof(actual_ipv4));
+ classB.insert(actual_ipv4 & ntohl(0xffff0000));
+ }
+ }
+#endif
return true;
});
}
@@ -1471,6 +1485,20 @@ namespace nodetool
uint32_t actual_ip = na.as<const epee::net_utils::ipv4_network_address>().ip();
skip = classB.find(actual_ip & 0x0000ffff) != classB.end();
}
+#if BOOST_VERSION > 106600
+ else if (skip_duplicate_class_B && pe.adr.get_type_id() == epee::net_utils::ipv6_network_address::get_type_id())
+ {
+ const epee::net_utils::network_address na = pe.adr;
+ const boost::asio::ip::address_v6 &actual_ip = na.as<const epee::net_utils::ipv6_network_address>().ip();
+ if (actual_ip.is_v4_mapped())
+ {
+ boost::asio::ip::address_v4 v4ip = make_address_v4(boost::asio::ip::v4_mapped, actual_ip);
+ uint32_t actual_ipv4;
+ memcpy(&actual_ipv4, v4ip.to_bytes().data(), sizeof(actual_ipv4));
+ skip = classB.find(actual_ipv4 & ntohl(0xffff0000)) != classB.end();
+ }
+ }
+#endif
// consider each host once, to avoid giving undue inflence to hosts running several nodes
if (!skip)
@@ -1493,11 +1521,11 @@ namespace nodetool
if (skipped == 0 || !filtered.empty())
break;
if (skipped)
- MINFO("Skipping " << skipped << " possible peers as they share a class B with existing peers");
+ MDEBUG("Skipping " << skipped << " possible peers as they share a class B with existing peers");
}
if (filtered.empty())
{
- MDEBUG("No available peer in " << (use_white_list ? "white" : "gray") << " list filtered by " << next_needed_pruning_stripe);
+ MINFO("No available peer in " << (use_white_list ? "white" : "gray") << " list filtered by " << next_needed_pruning_stripe);
return false;
}
if (use_white_list)