diff options
Diffstat (limited to 'src/p2p/net_node.inl')
| -rw-r--r-- | src/p2p/net_node.inl | 113 |
1 files changed, 66 insertions, 47 deletions
diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl index 93a925971..8000835c4 100644 --- a/src/p2p/net_node.inl +++ b/src/p2p/net_node.inl @@ -139,7 +139,9 @@ namespace nodetool if (storage) m_peerlist_storage = std::move(*storage); - m_network_zones[epee::net_utils::zone::public_].m_config.m_support_flags = P2P_SUPPORT_FLAGS; + network_zone& public_zone = m_network_zones[epee::net_utils::zone::public_]; + public_zone.m_config.m_support_flags = P2P_SUPPORT_FLAGS; + public_zone.m_config.m_peer_id = crypto::rand<uint64_t>(); m_first_connection_maker_call = true; CATCH_ENTRY_L0("node_server::init_config", false); @@ -224,7 +226,7 @@ namespace nodetool } //----------------------------------------------------------------------------------- template<class t_payload_net_handler> - bool node_server<t_payload_net_handler>::block_host(const epee::net_utils::network_address &addr, time_t seconds) + bool node_server<t_payload_net_handler>::block_host(epee::net_utils::network_address addr, time_t seconds) { if(!addr.is_blockable()) return false; @@ -237,7 +239,8 @@ namespace nodetool limit = std::numeric_limits<time_t>::max(); else limit = now + seconds; - m_blocked_hosts[addr.host_str()] = limit; + const std::string host_str = addr.host_str(); + m_blocked_hosts[host_str] = limit; // drop any connection to that address. This should only have to look into // the zone related to the connection, but really make sure everything is @@ -253,17 +256,18 @@ namespace nodetool } return true; }); - for (const auto &c: conns) - zone.second.m_net_server.get_config_object().close(c); - - conns.clear(); peerlist_entry pe{}; pe.adr = addr; zone.second.m_peerlist.remove_from_peer_white(pe); + + for (const auto &c: conns) + zone.second.m_net_server.get_config_object().close(c); + + conns.clear(); } - MCLOG_CYAN(el::Level::Info, "global", "Host " << addr.host_str() << " blocked."); + MCLOG_CYAN(el::Level::Info, "global", "Host " << host_str << " blocked."); return true; } //----------------------------------------------------------------------------------- @@ -796,7 +800,8 @@ namespace nodetool { return { "xwvz3ekocr3dkyxfkmgm2hvbpzx2ysqmaxgter7znnqrhoicygkfswid.onion:18083", - "4pixvbejrvihnkxmduo2agsnmc3rrulrqc7s3cbwwrep6h6hrzsibeqd.onion:18083" + "4pixvbejrvihnkxmduo2agsnmc3rrulrqc7s3cbwwrep6h6hrzsibeqd.onion:18083", + "zbjkbsxc5munw3qusl7j2hpcmikhqocdf4pqhnhtpzw5nt5jrmofptid.onion:18083", }; } case epee::net_utils::zone::i2p: @@ -1132,11 +1137,12 @@ namespace nodetool pi = context.peer_id = rsp.node_data.peer_id; context.m_rpc_port = rsp.node_data.rpc_port; context.m_rpc_credits_per_hash = rsp.node_data.rpc_credits_per_hash; - network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone()); + const auto azone = context.m_remote_address.get_zone(); + network_zone& zone = m_network_zones.at(azone); zone.m_peerlist.set_peer_just_seen(rsp.node_data.peer_id, context.m_remote_address, context.m_pruning_seed, context.m_rpc_port, context.m_rpc_credits_per_hash); // move - if(rsp.node_data.peer_id == zone.m_config.m_peer_id) + if(azone == epee::net_utils::zone::public_ && rsp.node_data.peer_id == zone.m_config.m_peer_id) { LOG_DEBUG_CC(context, "Connection to self detected, dropping connection"); hsh_result = false; @@ -1228,50 +1234,51 @@ namespace nodetool template<class t_payload_net_handler> bool node_server<t_payload_net_handler>::is_peer_used(const peerlist_entry& peer) { - for(const auto& zone : m_network_zones) - if(zone.second.m_config.m_peer_id == peer.id) - return true;//dont make connections to ourself + const auto zone = peer.adr.get_zone(); + const auto server = m_network_zones.find(zone); + if (server == m_network_zones.end()) + return false; + + const bool is_public = (zone == epee::net_utils::zone::public_); + if(is_public && server->second.m_config.m_peer_id == peer.id) + return true;//dont make connections to ourself bool used = false; - for(auto& zone : m_network_zones) + server->second.m_net_server.get_config_object().foreach_connection([&, is_public](const p2p_connection_context& cntxt) { - zone.second.m_net_server.get_config_object().foreach_connection([&](const p2p_connection_context& cntxt) + if((is_public && cntxt.peer_id == peer.id) || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address)) { - if(cntxt.peer_id == peer.id || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address)) - { - used = true; - return false;//stop enumerating - } - return true; - }); - - if(used) - return true; - } - return false; + used = true; + return false;//stop enumerating + } + return true; + }); + return used; } //----------------------------------------------------------------------------------- template<class t_payload_net_handler> bool node_server<t_payload_net_handler>::is_peer_used(const anchor_peerlist_entry& peer) { - for(auto& zone : m_network_zones) { - if(zone.second.m_config.m_peer_id == peer.id) { - return true;//dont make connections to ourself - } - bool used = false; - zone.second.m_net_server.get_config_object().foreach_connection([&](const p2p_connection_context& cntxt) + const auto zone = peer.adr.get_zone(); + const auto server = m_network_zones.find(zone); + if (server == m_network_zones.end()) + return false; + + const bool is_public = (zone == epee::net_utils::zone::public_); + if(is_public && server->second.m_config.m_peer_id == peer.id) + return true;//dont make connections to ourself + + bool used = false; + server->second.m_net_server.get_config_object().foreach_connection([&, is_public](const p2p_connection_context& cntxt) + { + if((is_public && cntxt.peer_id == peer.id) || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address)) { - if(cntxt.peer_id == peer.id || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address)) - { - used = true; - return false;//stop enumerating - } - return true; - }); - if (used) - return true; - } - return false; + used = true; + return false;//stop enumerating + } + return true; + }); + return used; } //----------------------------------------------------------------------------------- template<class t_payload_net_handler> @@ -1311,6 +1318,9 @@ namespace nodetool if (zone.m_connect == nullptr) // outgoing connections in zone not possible return false; + if (zone.m_our_address == na) + return false; + if (zone.m_current_number_of_out_peers == zone.m_config.m_net_config.max_out_connection_count) // out peers limit { return false; @@ -1638,6 +1648,9 @@ namespace nodetool peerid_to_string(pe.id) << " " << pe.adr.str() << ", pruning seed " << epee::string_tools::to_string_hex(pe.pruning_seed) << " (stripe " << next_needed_pruning_stripe << " needed)"); + if(zone.m_our_address == pe.adr) + continue; + if(is_peer_used(pe)) { _note("Peer is used"); continue; @@ -2051,6 +2064,11 @@ namespace nodetool template<class t_payload_net_handler> bool node_server<t_payload_net_handler>::handle_remote_peerlist(const std::vector<peerlist_entry>& peerlist, const epee::net_utils::connection_context_base& context) { + if (peerlist.size() > P2P_MAX_PEERS_IN_HANDSHAKE) + { + MWARNING(context << "peer sent " << peerlist.size() << " peers, considered spamming"); + return false; + } std::vector<peerlist_entry> peerlist_ = peerlist; if(!sanitize_peerlist(peerlist_)) return false; @@ -2411,11 +2429,12 @@ namespace nodetool return 1; } - network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone()); + const auto azone = context.m_remote_address.get_zone(); + network_zone& zone = m_network_zones.at(azone); // test only the remote end's zone, otherwise an attacker could connect to you on clearnet // and pass in a tor connection's peer id, and deduce the two are the same if you reject it - if(arg.node_data.peer_id == zone.m_config.m_peer_id) + if(azone == epee::net_utils::zone::public_ && arg.node_data.peer_id == zone.m_config.m_peer_id) { LOG_DEBUG_CC(context, "Connection to self detected, dropping connection"); drop_connection(context); |