4rkal/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2024-12-04 23:51:08 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge b5cd7f870b into 893916ad09

Browse Source
This commit is contained in:
0xFFFC0000 2024-11-24 09:20:39 -08:00 committed by GitHub
commit 2473fcb1fb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
18 changed files with 238 additions and 228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
contrib/epee/include/net/net_utils_base.h
View File

@ -89,7 +89,7 @@ namespace net_utils
bool is_local() const;
static constexpr address_type get_type_id() noexcept { return address_type::ipv4; }
static constexpr zone get_zone() noexcept { return zone::public_; }
static constexpr bool is_blockable() noexcept { return true; }
static constexpr bool is_bannable() noexcept { return true; }
BEGIN_KV_SERIALIZE_MAP()
if (is_store)
@ -145,7 +145,7 @@ namespace net_utils
bool is_local() const;
static constexpr address_type get_type_id() noexcept { return address_type::invalid; }
static constexpr zone get_zone() noexcept { return zone::public_; }
static constexpr bool is_blockable() noexcept { return true; }
static constexpr bool is_bannable() noexcept { return true; }
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(m_ip)
@ -195,7 +195,7 @@ namespace net_utils
bool is_local() const;
static constexpr address_type get_type_id() noexcept { return address_type::ipv6; }
static constexpr zone get_zone() noexcept { return zone::public_; }
static constexpr bool is_blockable() noexcept { return true; }
static constexpr bool is_bannable() noexcept { return true; }
static const uint8_t ID = 2;
BEGIN_KV_SERIALIZE_MAP()
@ -235,7 +235,7 @@ namespace net_utils
virtual bool is_local() const = 0;
virtual address_type get_type_id() const = 0;
virtual zone get_zone() const = 0;
virtual bool is_blockable() const = 0;
virtual bool is_bannable() const = 0;
virtual std::uint16_t port() const = 0;
};
@ -266,7 +266,7 @@ namespace net_utils
virtual bool is_local() const override { return value.is_local(); }
virtual address_type get_type_id() const override { return value.get_type_id(); }
virtual zone get_zone() const override { return value.get_zone(); }
virtual bool is_blockable() const override { return value.is_blockable(); }
virtual bool is_bannable() const override { return value.is_bannable(); }
virtual std::uint16_t port() const override { return value.port(); }
};
@ -313,7 +313,7 @@ namespace net_utils
bool is_local() const { return self ? self->is_local() : false; }
address_type get_type_id() const { return self ? self->get_type_id() : address_type::invalid; }
zone get_zone() const { return self ? self->get_zone() : zone::invalid; }
bool is_blockable() const { return self ? self->is_blockable() : false; }
bool is_bannable() const { return self ? self->is_bannable() : false; }
std::uint16_t port() const { return self ? self->port() : 0; }
template<typename Type> const Type &as() const { return as_mutable<const Type>(); }

8
src/cryptonote_config.h
View File

@ -149,14 +149,14 @@
#define P2P_DEFAULT_LIMIT_RATE_DOWN 8192 // kB/s
#define P2P_FAILED_ADDR_FORGET_SECONDS (60*60) //1 hour
#define P2P_IP_BLOCKTIME (60*60*24) //24 hour
#define P2P_IP_FAILS_BEFORE_BLOCK 10
#define P2P_IP_BANTIME (60*60*24) //24 hour
#define P2P_IP_FAILS_BEFORE_BAN 10
#define P2P_IDLE_CONNECTION_KILL_INTERVAL (5*60) //5 minutes
#define P2P_SUPPORT_FLAG_FLUFFY_BLOCKS 0x01
#define P2P_SUPPORT_FLAGS P2P_SUPPORT_FLAG_FLUFFY_BLOCKS
#define RPC_IP_FAILS_BEFORE_BLOCK 3
#define RPC_IP_FAILS_BEFORE_BAN 3
#define CRYPTONOTE_NAME "bitmonero"
#define CRYPTONOTE_BLOCKCHAINDATA_FILENAME "data.mdb"
@ -205,7 +205,7 @@
#define RPC_CREDITS_PER_HASH_SCALE ((float)(1<<24))
#define DNS_BLOCKLIST_LIFETIME (86400 * 8)
#define DNS_BANLIST_LIFETIME (86400 * 8)
//The limit is enough for the mandatory transaction content with 16 outputs (547 bytes),
//a custom tag (1 byte) and up to 32 bytes of custom data for each recipient.

6
src/cryptonote_protocol/cryptonote_protocol_handler.inl
View File

@ -519,7 +519,7 @@ namespace cryptonote
if(bvc.m_verifivation_failed)
{
LOG_PRINT_CCONTEXT_L0("Block verification failed, dropping connection");
drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BLOCK : 1, false);
drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BAN : 1, false);
return 1;
}
if(bvc.m_added_to_main_chain)
@ -802,7 +802,7 @@ namespace cryptonote
if( bvc.m_verifivation_failed )
{
LOG_PRINT_CCONTEXT_L0("Block verification failed, dropping connection");
drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BLOCK : 1, false);
drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BAN : 1, false);
return 1;
}
if( bvc.m_added_to_main_chain )
@ -1605,7 +1605,7 @@ namespace cryptonote
drop_connections(span_origin);
if (!m_p2p->for_connection(span_connection_id, [&](cryptonote_connection_context& context, nodetool::peerid_type peer_id, uint32_t f)->bool{
LOG_PRINT_CCONTEXT_L1("Block verification failed, dropping connection");
drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BLOCK : 1, true);
drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BAN : 1, true);
return 1;
}))
LOG_ERROR_CCONTEXT("span connection id not found");

2
src/daemon/command_parser_executor.cpp
View File

@ -660,7 +660,7 @@ bool t_command_parser_executor::ban(const std::vector<std::string>& args)
std::cout << "Invalid syntax: Expects one or two parameters. For more details, use the help command." << std::endl;
return true;
}
time_t seconds = P2P_IP_BLOCKTIME;
time_t seconds = P2P_IP_BANTIME;
if (args.size() > 1)
{
try

4
src/daemon/rpc_command_executor.cpp
View File

@ -192,7 +192,7 @@ bool t_rpc_command_executor::print_peer_list(bool white, bool gray, size_t limit
std::string failure_message = "Couldn't retrieve peer list";
req.include_blocked = true;
req.include_banned = req.include_blocked = true;
if (m_is_rpc)
{
@ -240,7 +240,7 @@ bool t_rpc_command_executor::print_peer_list_stats() {
std::string failure_message = "Couldn't retrieve peer list";
req.public_only = false;
req.include_blocked = true;
req.include_banned = req.include_blocked = true;
if (m_is_rpc)
{

2
src/net/i2p_address.h
View File

@ -119,7 +119,7 @@ namespace net
}
//! \return `!is_unknown()`.
bool is_blockable() const noexcept { return !is_unknown(); }
bool is_bannable() const noexcept { return !is_unknown(); }
};
inline bool operator==(const i2p_address& lhs, const i2p_address& rhs) noexcept

2
src/net/tor_address.h
View File

@ -121,7 +121,7 @@ namespace net
}
//! \return `!is_unknown()`.
bool is_blockable() const noexcept { return !is_unknown(); }
bool is_bannable() const noexcept { return !is_unknown(); }
};
inline bool operator==(const tor_address& lhs, const tor_address& rhs) noexcept

3
src/p2p/net_node.cpp
View File

@ -152,7 +152,8 @@ namespace nodetool
const command_line::arg_descriptor<std::string> arg_ban_list = {"ban-list", "Specify ban list file, one IP address per line"};
const command_line::arg_descriptor<bool> arg_p2p_hide_my_port = {"hide-my-port", "Do not announce yourself as peerlist candidate", false, true};
const command_line::arg_descriptor<bool> arg_no_sync = {"no-sync", "Don't synchronize the blockchain with other peers", false};
const command_line::arg_descriptor<bool> arg_enable_dns_blocklist = {"enable-dns-blocklist", "Apply realtime blocklist from DNS", false};
const command_line::arg_descriptor<bool> arg_enable_dns_banlist = {"enable-dns-banlist", "Apply realtime banlist from DNS", false};
const command_line::arg_descriptor<bool> arg_enable_dns_blocklist = {"enable-dns-blocklist", "Apply realtime banlist from DNS, alias for --enable-dns-banlist flag", false};
const command_line::arg_descriptor<bool> arg_no_igd = {"no-igd", "Disable UPnP port mapping"};
const command_line::arg_descriptor<std::string> arg_igd = {"igd", "UPnP port mapping (disabled, enabled, delayed)", "delayed"};

27
src/p2p/net_node.h
View File

@ -285,13 +285,13 @@ namespace nodetool
uint32_t get_max_out_public_peers() const;
void change_max_in_public_peers(size_t count);
uint32_t get_max_in_public_peers() const;
virtual bool block_host(epee::net_utils::network_address address, time_t seconds = P2P_IP_BLOCKTIME, bool add_only = false);
virtual bool unblock_host(const epee::net_utils::network_address &address);
virtual bool block_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds = P2P_IP_BLOCKTIME);
virtual bool unblock_subnet(const epee::net_utils::ipv4_network_subnet &subnet);
virtual bool is_host_blocked(const epee::net_utils::network_address &address, time_t *seconds) { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return !is_remote_host_allowed(address, seconds); }
virtual std::map<std::string, time_t> get_blocked_hosts() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_hosts; }
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_subnets; }
virtual bool ban_host(epee::net_utils::network_address address, time_t seconds = P2P_IP_BANTIME, bool add_only = false);
virtual bool unban_host(const epee::net_utils::network_address &address);
virtual bool ban_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds = P2P_IP_BANTIME);
virtual bool unban_subnet(const epee::net_utils::ipv4_network_subnet &subnet);
virtual bool is_host_banned(const epee::net_utils::network_address &address, time_t *seconds) { CRITICAL_REGION_LOCAL(m_banned_hosts_lock); return !is_remote_host_allowed(address, seconds); }
virtual std::map<std::string, time_t> get_banned_hosts() { CRITICAL_REGION_LOCAL(m_banned_hosts_lock); return m_banned_hosts; }
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_banned_subnets() { CRITICAL_REGION_LOCAL(m_banned_hosts_lock); return m_banned_subnets; }
virtual void add_used_stripe_peer(const typename t_payload_net_handler::connection_context &context);
virtual void remove_used_stripe_peer(const typename t_payload_net_handler::connection_context &context);
@ -366,7 +366,7 @@ namespace nodetool
bool peer_sync_idle_maker();
bool do_handshake_with_peer(peerid_type& pi, p2p_connection_context& context, bool just_take_peerlist = false);
bool do_peer_timed_sync(const epee::net_utils::connection_context_base& context, peerid_type peer_id);
bool update_dns_blocklist();
bool update_dns_banlist();
bool make_new_connection_from_anchor_peerlist(const std::vector<anchor_peerlist_entry>& anchor_peerlist);
bool make_new_connection_from_peerlist(network_zone& zone, bool use_white_list);
@ -472,7 +472,7 @@ namespace nodetool
epee::math_helper::once_a_time_seconds<60*30, false> m_peerlist_store_interval;
epee::math_helper::once_a_time_seconds<60> m_gray_peerlist_housekeeping_interval;
epee::math_helper::once_a_time_seconds<3600, false> m_incoming_connections_interval;
epee::math_helper::once_a_time_seconds<7000> m_dns_blocklist_interval;
epee::math_helper::once_a_time_seconds<7000> m_dns_banlist_interval;
std::list<epee::net_utils::network_address> m_priority_peers;
std::vector<epee::net_utils::network_address> m_exclusive_peers;
@ -497,9 +497,9 @@ namespace nodetool
std::map<std::string, time_t> m_conn_fails_cache;
epee::critical_section m_conn_fails_cache_lock;
epee::critical_section m_blocked_hosts_lock; // for both hosts and subnets
std::map<std::string, time_t> m_blocked_hosts;
std::map<epee::net_utils::ipv4_network_subnet, time_t> m_blocked_subnets;
epee::critical_section m_banned_hosts_lock; // for both hosts and subnets
std::map<std::string, time_t> m_banned_hosts;
std::map<epee::net_utils::ipv4_network_subnet, time_t> m_banned_subnets;
epee::critical_section m_host_fails_score_lock;
std::map<std::string, uint64_t> m_host_fails_score;
@ -513,7 +513,7 @@ namespace nodetool
epee::net_utils::ssl_support_t m_ssl_support;
bool m_enable_dns_seed_nodes;
bool m_enable_dns_blocklist;
bool m_enable_dns_banlist;
uint32_t max_connections;
};
@ -537,6 +537,7 @@ namespace nodetool
extern const command_line::arg_descriptor<std::string> arg_ban_list;
extern const command_line::arg_descriptor<bool> arg_p2p_hide_my_port;
extern const command_line::arg_descriptor<bool> arg_no_sync;
extern const command_line::arg_descriptor<bool> arg_enable_dns_banlist;
extern const command_line::arg_descriptor<bool> arg_enable_dns_blocklist;
extern const command_line::arg_descriptor<bool> arg_no_igd;

114
src/p2p/net_node.inl
View File

@ -116,6 +116,7 @@ namespace nodetool
command_line::add_arg(desc, arg_ban_list);
command_line::add_arg(desc, arg_p2p_hide_my_port);
command_line::add_arg(desc, arg_no_sync);
command_line::add_arg(desc, arg_enable_dns_banlist);
command_line::add_arg(desc, arg_enable_dns_blocklist);
command_line::add_arg(desc, arg_no_igd);
command_line::add_arg(desc, arg_igd);
@ -174,19 +175,19 @@ namespace nodetool
template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::is_remote_host_allowed(const epee::net_utils::network_address &address, time_t *t)
{
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
const time_t now = time(nullptr);
// look in the hosts list
auto it = m_blocked_hosts.find(address.host_str());
if (it != m_blocked_hosts.end())
auto it = m_banned_hosts.find(address.host_str());
if (it != m_banned_hosts.end())
{
if (now >= it->second)
{
m_blocked_hosts.erase(it);
MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unblocked.");
it = m_blocked_hosts.end();
m_banned_hosts.erase(it);
MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unbanned.");
it = m_banned_hosts.end();
}
else
{
@ -201,12 +202,12 @@ namespace nodetool
{
auto ipv4_address = address.template as<epee::net_utils::ipv4_network_address>();
std::map<epee::net_utils::ipv4_network_subnet, time_t>::iterator it;
for (it = m_blocked_subnets.begin(); it != m_blocked_subnets.end(); )
for (it = m_banned_subnets.begin(); it != m_banned_subnets.end(); )
{
if (now >= it->second)
{
it = m_blocked_subnets.erase(it);
MCLOG_CYAN(el::Level::Info, "global", "Subnet " << it->first.host_str() << " unblocked.");
it = m_banned_subnets.erase(it);
MCLOG_CYAN(el::Level::Info, "global", "Subnet " << it->first.host_str() << " unbanned.");
continue;
}
if (it->first.matches(ipv4_address))
@ -224,41 +225,41 @@ namespace nodetool
}
//-----------------------------------------------------------------------------------
template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::block_host(epee::net_utils::network_address addr, time_t seconds, bool add_only)
bool node_server<t_payload_net_handler>::ban_host(epee::net_utils::network_address addr, time_t seconds, bool add_only)
{
if(!addr.is_blockable())
if(!addr.is_bannable())
return false;
const time_t now = time(nullptr);
bool added = false;
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
time_t limit;
if (now > std::numeric_limits<time_t>::max() - seconds)
limit = std::numeric_limits<time_t>::max();
else
limit = now + seconds;
const std::string host_str = addr.host_str();
auto it = m_blocked_hosts.find(host_str);
if (it == m_blocked_hosts.end())
auto it = m_banned_hosts.find(host_str);
if (it == m_banned_hosts.end())
{
m_blocked_hosts[host_str] = limit;
m_banned_hosts[host_str] = limit;
// if the host was already blocked due to being in a blocked subnet, let it be silent
bool matches_blocked_subnet = false;
// if the host was already banned due to being in a banned subnet, let it be silent
bool matches_banned_subnet = false;
if (addr.get_type_id() == epee::net_utils::address_type::ipv4)
{
auto ipv4_address = addr.template as<epee::net_utils::ipv4_network_address>();
for (auto jt = m_blocked_subnets.begin(); jt != m_blocked_subnets.end(); ++jt)
for (auto jt = m_banned_subnets.begin(); jt != m_banned_subnets.end(); ++jt)
{
if (jt->first.matches(ipv4_address))
{
matches_blocked_subnet = true;
matches_banned_subnet = true;
break;
}
}
}
if (!matches_blocked_subnet)
if (!matches_banned_subnet)
added = true;
}
else if (it->second < limit || !add_only)
@ -300,37 +301,37 @@ namespace nodetool
}
if (added)
MCLOG_CYAN(el::Level::Info, "global", "Host " << host_str << " blocked.");
MCLOG_CYAN(el::Level::Info, "global", "Host " << host_str << " banned.");
else
MINFO("Host " << host_str << " block time updated.");
MINFO("Host " << host_str << " ban time updated.");
return true;
}
//-----------------------------------------------------------------------------------
template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::unblock_host(const epee::net_utils::network_address &address)
bool node_server<t_payload_net_handler>::unban_host(const epee::net_utils::network_address &address)
{
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
auto i = m_blocked_hosts.find(address.host_str());
if (i == m_blocked_hosts.end())
CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
auto i = m_banned_hosts.find(address.host_str());
if (i == m_banned_hosts.end())
return false;
m_blocked_hosts.erase(i);
MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unblocked.");
m_banned_hosts.erase(i);
MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unbanned.");
return true;
}
//-----------------------------------------------------------------------------------
template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::block_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds)
bool node_server<t_payload_net_handler>::ban_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds)
{
const time_t now = time(nullptr);
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
time_t limit;
if (now > std::numeric_limits<time_t>::max() - seconds)
limit = std::numeric_limits<time_t>::max();
else
limit = now + seconds;
const bool added = m_blocked_subnets.find(subnet) == m_blocked_subnets.end();
m_blocked_subnets[subnet] = limit;
const bool added = m_banned_subnets.find(subnet) == m_banned_subnets.end();
m_banned_subnets[subnet] = limit;
// drop any connection to that subnet. This should only have to look into
// the zone related to the connection, but really make sure everything is
@ -363,39 +364,39 @@ namespace nodetool
}
if (added)
MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " blocked.");
MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " banned.");
else
MINFO("Subnet " << subnet.host_str() << " blocked.");
MINFO("Subnet " << subnet.host_str() << " banned.");
return true;
}
//-----------------------------------------------------------------------------------
template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::unblock_subnet(const epee::net_utils::ipv4_network_subnet &subnet)
bool node_server<t_payload_net_handler>::unban_subnet(const epee::net_utils::ipv4_network_subnet &subnet)
{
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
auto i = m_blocked_subnets.find(subnet);
if (i == m_blocked_subnets.end())
CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
auto i = m_banned_subnets.find(subnet);
if (i == m_banned_subnets.end())
return false;
m_blocked_subnets.erase(i);
MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " unblocked.");
m_banned_subnets.erase(i);
MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " unbanned.");
return true;
}
//-----------------------------------------------------------------------------------
template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::add_host_fail(const epee::net_utils::network_address &address, unsigned int score)
{
if(!address.is_blockable())
if(!address.is_bannable())
return false;
CRITICAL_REGION_LOCAL(m_host_fails_score_lock);
uint64_t fails = m_host_fails_score[address.host_str()] += score;
MDEBUG("Host " << address.host_str() << " fail score=" << fails);
if(fails > P2P_IP_FAILS_BEFORE_BLOCK)
if(fails > P2P_IP_FAILS_BEFORE_BAN)
{
auto it = m_host_fails_score.find(address.host_str());
CHECK_AND_ASSERT_MES(it != m_host_fails_score.end(), false, "internal error");
it->second = P2P_IP_FAILS_BEFORE_BLOCK/2;
block_host(address);
it->second = P2P_IP_FAILS_BEFORE_BAN/2;
ban_host(address);
}
return true;
}
@ -530,13 +531,13 @@ namespace nodetool
auto subnet = net::get_ipv4_subnet_address(line);
if (subnet)
{
block_subnet(*subnet, std::numeric_limits<time_t>::max());
ban_subnet(*subnet, std::numeric_limits<time_t>::max());
continue;
}
const expect<epee::net_utils::network_address> parsed_addr = net::get_network_address(line, 0);
if (parsed_addr)
{
block_host(*parsed_addr, std::numeric_limits<time_t>::max());
ban_host(*parsed_addr, std::numeric_limits<time_t>::max());
continue;
}
MERROR("Invalid IP address or IPv4 subnet: " << line);
@ -549,7 +550,8 @@ namespace nodetool
if (command_line::has_arg(vm, arg_no_sync))
m_payload_handler.set_no_sync(true);
m_enable_dns_blocklist = command_line::get_arg(vm, arg_enable_dns_blocklist);
m_enable_dns_banlist = command_line::get_arg(vm, arg_enable_dns_banlist)
|| command_line::get_arg(vm, arg_enable_dns_blocklist);
if ( !set_max_out_peers(public_zone, command_line::get_arg(vm, arg_out_peers) ) )
return false;
@ -907,7 +909,7 @@ namespace nodetool
public_zone.m_proxy_address = *endpoint;
public_zone.m_can_pingback = false;
m_enable_dns_seed_nodes &= proxy_dns_leaks_allowed;
m_enable_dns_blocklist &= proxy_dns_leaks_allowed;
m_enable_dns_banlist &= proxy_dns_leaks_allowed;
}
if (m_nettype == cryptonote::TESTNET)
@ -2015,14 +2017,14 @@ namespace nodetool
m_gray_peerlist_housekeeping_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::gray_peerlist_housekeeping, this));
m_peerlist_store_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::store_config, this));
m_incoming_connections_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::check_incoming_connections, this));
m_dns_blocklist_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::update_dns_blocklist, this));
m_dns_banlist_interval.do_call(boost::bind(&node_server<t_payload_net_handler>::update_dns_banlist, this));
return true;
}
//-----------------------------------------------------------------------------------
template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::update_dns_blocklist()
bool node_server<t_payload_net_handler>::update_dns_banlist()
{
if (!m_enable_dns_blocklist)
if (!m_enable_dns_banlist)
return true;
if (m_nettype != cryptonote::MAINNET)
return true;
@ -2053,23 +2055,23 @@ namespace nodetool
auto subnet = net::get_ipv4_subnet_address(ip);
if (subnet)
{
block_subnet(*subnet, DNS_BLOCKLIST_LIFETIME);
ban_subnet(*subnet, DNS_BANLIST_LIFETIME);
++good;
continue;
}
const expect<epee::net_utils::network_address> parsed_addr = net::get_network_address(ip, 0);
if (parsed_addr)
{
block_host(*parsed_addr, DNS_BLOCKLIST_LIFETIME, true);
ban_host(*parsed_addr, DNS_BANLIST_LIFETIME, true);
++good;
continue;
}
MWARNING("Invalid IP address or subnet from DNS blocklist: " << ip << " - " << parsed_addr.error());
MWARNING("Invalid IP address or subnet from DNS banlist: " << ip << " - " << parsed_addr.error());
++bad;
}
}
if (good > 0)
MINFO(good << " addresses added to the blocklist");
MINFO(good << " addresses added to the banlist");
return true;
}
//-----------------------------------------------------------------------------------
@ -2188,7 +2190,7 @@ namespace nodetool
LOG_DEBUG_CC(context, "REMOTE PEERLIST: remote peerlist size=" << peerlist_.size());
LOG_TRACE_CC(context, "REMOTE PEERLIST: " << ENDL << print_peerlist_to_string(peerlist_));
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
CRITICAL_REGION_LOCAL(m_banned_hosts_lock);
return m_network_zones.at(context.m_remote_address.get_zone()).m_peerlist.merge_peerlist(peerlist_, [this](const peerlist_entry &pe) {
return !is_addr_recently_failed(pe.adr) && is_remote_host_allowed(pe.adr);
});

16
src/p2p/net_node_common.h
View File

@ -59,10 +59,10 @@ namespace nodetool
virtual uint64_t get_public_connections_count()=0;
virtual void for_each_connection(std::function<bool(t_connection_context&, peerid_type, uint32_t)> f)=0;
virtual bool for_connection(const boost::uuids::uuid&, std::function<bool(t_connection_context&, peerid_type, uint32_t)> f)=0;
virtual bool block_host(epee::net_utils::network_address address, time_t seconds = 0, bool add_only = false)=0;
virtual bool unblock_host(const epee::net_utils::network_address &address)=0;
virtual std::map<std::string, time_t> get_blocked_hosts()=0;
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets()=0;
virtual bool ban_host(epee::net_utils::network_address address, time_t seconds = 0, bool add_only = false)=0;
virtual bool unban_host(const epee::net_utils::network_address &address)=0;
virtual std::map<std::string, time_t> get_banned_hosts()=0;
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_banned_subnets()=0;
virtual bool add_host_fail(const epee::net_utils::network_address &address, unsigned int score = 1)=0;
virtual void add_used_stripe_peer(const t_connection_context &context)=0;
virtual void remove_used_stripe_peer(const t_connection_context &context)=0;
@ -105,19 +105,19 @@ namespace nodetool
{
return false;
}
virtual bool block_host(epee::net_utils::network_address address, time_t seconds, bool add_only)
virtual bool ban_host(epee::net_utils::network_address address, time_t seconds, bool add_only)
{
return true;
}
virtual bool unblock_host(const epee::net_utils::network_address &address)
virtual bool unban_host(const epee::net_utils::network_address &address)
{
return true;
}
virtual std::map<std::string, time_t> get_blocked_hosts()
virtual std::map<std::string, time_t> get_banned_hosts()
{
return std::map<std::string, time_t>();
}
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_blocked_subnets()
virtual std::map<epee::net_utils::ipv4_network_subnet, time_t> get_banned_subnets()
{
return std::map<epee::net_utils::ipv4_network_subnet, time_t>();
}

35
src/rpc/core_rpc_server.cpp
View File

@ -197,7 +197,7 @@ namespace cryptonote
request.gray = true;
request.white = true;
request.include_blocked = false;
request.include_banned = request.include_blocked = false;
if (!on_get_public_nodes(request, response) || response.status != CORE_RPC_STATUS_OK)
{
return {};
@ -465,18 +465,18 @@ namespace cryptonote
//------------------------------------------------------------------------------------------------------------------------------
bool core_rpc_server::add_host_fail(const connection_context *ctx, unsigned int score)
{
if(!ctx || !ctx->m_remote_address.is_blockable() || disable_rpc_ban)
if(!ctx || !ctx->m_remote_address.is_bannable() || disable_rpc_ban)
return false;
CRITICAL_REGION_LOCAL(m_host_fails_score_lock);
uint64_t fails = m_host_fails_score[ctx->m_remote_address.host_str()] += score;
MDEBUG("Host " << ctx->m_remote_address.host_str() << " fail score=" << fails);
if(fails > RPC_IP_FAILS_BEFORE_BLOCK)
if(fails > RPC_IP_FAILS_BEFORE_BAN)
{
auto it = m_host_fails_score.find(ctx->m_remote_address.host_str());
CHECK_AND_ASSERT_MES(it != m_host_fails_score.end(), false, "internal error");
it->second = RPC_IP_FAILS_BEFORE_BLOCK/2;
m_p2p.block_host(ctx->m_remote_address);
it->second = RPC_IP_FAILS_BEFORE_BAN/2;
m_p2p.ban_host(ctx->m_remote_address);
}
return true;
}
@ -1548,6 +1548,7 @@ namespace cryptonote
RPC_TRACKER(get_peer_list);
std::vector<nodetool::peerlist_entry> white_list;
std::vector<nodetool::peerlist_entry> gray_list;
bool dont_include_banned = (!req.include_blocked && !req.include_banned);
if (req.public_only)
{
@ -1560,7 +1561,7 @@ namespace cryptonote
for (auto & entry : white_list)
{
if (!req.include_blocked && m_p2p.is_host_blocked(entry.adr, NULL))
if (dont_include_banned && m_p2p.is_host_banned(entry.adr, NULL))
continue;
if (entry.adr.get_type_id() == epee::net_utils::ipv4_network_address::get_type_id())
res.white_list.emplace_back(entry.id, entry.adr.as<epee::net_utils::ipv4_network_address>().ip(),
@ -1574,7 +1575,7 @@ namespace cryptonote
for (auto & entry : gray_list)
{
if (!req.include_blocked && m_p2p.is_host_blocked(entry.adr, NULL))
if (dont_include_banned && m_p2p.is_host_banned(entry.adr, NULL))
continue;
if (entry.adr.get_type_id() == epee::net_utils::ipv4_network_address::get_type_id())
res.gray_list.emplace_back(entry.id, entry.adr.as<epee::net_utils::ipv4_network_address>().ip(),
@ -1596,7 +1597,7 @@ namespace cryptonote
COMMAND_RPC_GET_PEER_LIST::request peer_list_req;
COMMAND_RPC_GET_PEER_LIST::response peer_list_res;
peer_list_req.include_blocked = req.include_blocked;
peer_list_req.include_banned = req.include_blocked || req.include_banned;
const bool success = on_get_peer_list(peer_list_req, peer_list_res, ctx);
res.status = peer_list_res.status;
if (!success)
@ -2779,8 +2780,8 @@ namespace cryptonote
RPC_TRACKER(get_bans);
auto now = time(nullptr);
std::map<std::string, time_t> blocked_hosts = m_p2p.get_blocked_hosts();
for (std::map<std::string, time_t>::const_iterator i = blocked_hosts.begin(); i != blocked_hosts.end(); ++i)
std::map<std::string, time_t> banned_hosts = m_p2p.get_banned_hosts();
for (std::map<std::string, time_t>::const_iterator i = banned_hosts.begin(); i != banned_hosts.end(); ++i)
{
if (i->second > now) {
COMMAND_RPC_GETBANS::ban b;
@ -2793,8 +2794,8 @@ namespace cryptonote
res.bans.push_back(b);
}
}
std::map<epee::net_utils::ipv4_network_subnet, time_t> blocked_subnets = m_p2p.get_blocked_subnets();
for (std::map<epee::net_utils::ipv4_network_subnet, time_t>::const_iterator i = blocked_subnets.begin(); i != blocked_subnets.end(); ++i)
std::map<epee::net_utils::ipv4_network_subnet, time_t> banned_subnets = m_p2p.get_banned_subnets();
for (std::map<epee::net_utils::ipv4_network_subnet, time_t>::const_iterator i = banned_subnets.begin(); i != banned_subnets.end(); ++i)
{
if (i->second > now) {
COMMAND_RPC_GETBANS::ban b;
@ -2823,7 +2824,7 @@ namespace cryptonote
epee::net_utils::network_address na = std::move(*na_parsed);
time_t seconds;
if (m_p2p.is_host_blocked(na, &seconds))
if (m_p2p.is_host_banned(na, &seconds))
{
res.banned = true;
res.seconds = seconds;
@ -2853,9 +2854,9 @@ namespace cryptonote
if (ns_parsed)
{
if (i->ban)
m_p2p.block_subnet(*ns_parsed, i->seconds);
m_p2p.ban_subnet(*ns_parsed, i->seconds);
else
m_p2p.unblock_subnet(*ns_parsed);
m_p2p.unban_subnet(*ns_parsed);
continue;
}
}
@ -2877,9 +2878,9 @@ namespace cryptonote
na = epee::net_utils::ipv4_network_address{i->ip, 0};
}
if (i->ban)
m_p2p.block_host(na, i->seconds);
m_p2p.ban_host(na, i->seconds);
else
m_p2p.unblock_host(na);
m_p2p.unban_host(na);
}
res.status = CORE_RPC_STATUS_OK;

8
src/rpc/core_rpc_server_commands_defs.h
View File

@ -1390,12 +1390,14 @@ inline const std::string get_rpc_status(const bool trusted_daemon, const std::st
struct request_t: public rpc_request_base
{
bool public_only;
bool include_blocked;
bool include_blocked; // alias for include_banned
bool include_banned;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE_PARENT(rpc_request_base)
KV_SERIALIZE_OPT(public_only, true)
KV_SERIALIZE_OPT(include_blocked, false)
KV_SERIALIZE_OPT(include_banned, false)
END_KV_SERIALIZE_MAP()
};
typedef epee::misc_utils::struct_init<request_t> request;
@ -1441,12 +1443,14 @@ inline const std::string get_rpc_status(const bool trusted_daemon, const std::st
{
bool gray;
bool white;
bool include_blocked;
bool include_banned;
bool include_blocked; // alias for banned
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE_PARENT(rpc_request_base)
KV_SERIALIZE_OPT(gray, false)
KV_SERIALIZE_OPT(white, true)
KV_SERIALIZE_OPT(include_banned, false)
KV_SERIALIZE_OPT(include_blocked, false)
END_KV_SERIALIZE_MAP()
};

2
src/wallet/wallet2.cpp
View File

@ -15505,7 +15505,7 @@ std::vector<cryptonote::public_node> wallet2::get_public_nodes(bool white_only)
req.white = true;
req.gray = !white_only;
req.include_blocked = false;
req.include_banned = req.include_blocked = false;
{
const boost::lock_guard<boost::recursive_mutex> lock{m_daemon_rpc_mutex};

6
tests/unit_tests/epee_utils.cpp
View File

@ -1543,7 +1543,7 @@ TEST(NetUtils, NetworkAddress)
static std::string host_str() { return {}; }
constexpr static epee::net_utils::address_type get_type_id() noexcept { return epee::net_utils::address_type(-1); }
constexpr static epee::net_utils::zone get_zone() noexcept { return epee::net_utils::zone::invalid; }
constexpr static bool is_blockable() noexcept { return false; }
constexpr static bool is_bannable() noexcept { return false; }
constexpr static uint16_t port() { return 0; }
};
@ -1556,7 +1556,7 @@ TEST(NetUtils, NetworkAddress)
EXPECT_FALSE(empty.is_local());
EXPECT_EQ(epee::net_utils::address_type::invalid, empty.get_type_id());
EXPECT_EQ(epee::net_utils::zone::invalid, empty.get_zone());
EXPECT_FALSE(empty.is_blockable());
EXPECT_FALSE(empty.is_bannable());
EXPECT_THROW(empty.as<custom_address>(), std::bad_cast);
epee::net_utils::network_address address1{
@ -1574,7 +1574,7 @@ TEST(NetUtils, NetworkAddress)
EXPECT_FALSE(address1.is_local());
EXPECT_EQ(epee::net_utils::ipv4_network_address::get_type_id(), address1.get_type_id());
EXPECT_EQ(epee::net_utils::zone::public_, address1.get_zone());
EXPECT_TRUE(address1.is_blockable());
EXPECT_TRUE(address1.is_bannable());
EXPECT_NO_THROW(address1.as<epee::net_utils::ipv4_network_address>());
EXPECT_THROW(address1.as<custom_address>(), std::bad_cast);

32
tests/unit_tests/net.cpp
View File

@ -108,7 +108,7 @@ TEST(tor_address, invalid)
EXPECT_TRUE(net::tor_address::make(onion).has_error());
}
TEST(tor_address, unblockable_types)
TEST(tor_address, unbannable_types)
{
net::tor_address tor{};
@ -144,14 +144,14 @@ TEST(tor_address, valid)
EXPECT_EQ(0u, address1->port());
EXPECT_STREQ(v3_onion, address1->host_str());
EXPECT_STREQ(v3_onion, address1->str().c_str());
EXPECT_TRUE(address1->is_blockable());
EXPECT_TRUE(address1->is_bannable());
net::tor_address address2{*address1};
EXPECT_EQ(0u, address2.port());
EXPECT_STREQ(v3_onion, address2.host_str());
EXPECT_STREQ(v3_onion, address2.str().c_str());
EXPECT_TRUE(address2.is_blockable());
EXPECT_TRUE(address2.is_bannable());
EXPECT_TRUE(address2.equal(*address1));
EXPECT_TRUE(address1->equal(address2));
EXPECT_TRUE(address2 == *address1);
@ -168,7 +168,7 @@ TEST(tor_address, valid)
EXPECT_EQ(6545, address2.port());
EXPECT_STREQ(v3_onion_2, address2.host_str());
EXPECT_EQ(std::string{v3_onion_2} + ":6545", address2.str().c_str());
EXPECT_TRUE(address2.is_blockable());
EXPECT_TRUE(address2.is_bannable());
EXPECT_FALSE(address2.equal(*address1));
EXPECT_FALSE(address1->equal(address2));
EXPECT_FALSE(address2 == *address1);
@ -185,7 +185,7 @@ TEST(tor_address, valid)
EXPECT_EQ(65535, address3.port());
EXPECT_STREQ(v3_onion, address3.host_str());
EXPECT_EQ(std::string{v3_onion} + ":65535", address3.str().c_str());
EXPECT_TRUE(address3.is_blockable());
EXPECT_TRUE(address3.is_bannable());
EXPECT_FALSE(address3.equal(*address1));
EXPECT_FALSE(address1->equal(address3));
EXPECT_FALSE(address3 == *address1);
@ -227,9 +227,9 @@ TEST(tor_address, generic_network_address)
EXPECT_EQ(epee::net_utils::zone::tor, tor1.get_zone());
EXPECT_EQ(epee::net_utils::zone::tor, tor2.get_zone());
EXPECT_EQ(epee::net_utils::zone::public_, ip.get_zone());
EXPECT_TRUE(tor1.is_blockable());
EXPECT_TRUE(tor2.is_blockable());
EXPECT_TRUE(ip.is_blockable());
EXPECT_TRUE(tor1.is_bannable());
EXPECT_TRUE(tor2.is_bannable());
EXPECT_TRUE(ip.is_bannable());
}
namespace
@ -478,7 +478,7 @@ TEST(i2p_address, invalid)
EXPECT_TRUE(net::i2p_address::make(i2p).has_error());
}
TEST(i2p_address, unblockable_types)
TEST(i2p_address, unbannable_types)
{
net::i2p_address i2p{};
@ -514,14 +514,14 @@ TEST(i2p_address, valid)
EXPECT_EQ(1u, address1->port());
EXPECT_STREQ(b32_i2p, address1->host_str());
EXPECT_STREQ(b32_i2p, address1->str().c_str());
EXPECT_TRUE(address1->is_blockable());
EXPECT_TRUE(address1->is_bannable());
net::i2p_address address2{*address1};
EXPECT_EQ(1u, address2.port());
EXPECT_STREQ(b32_i2p, address2.host_str());
EXPECT_STREQ(b32_i2p, address2.str().c_str());
EXPECT_TRUE(address2.is_blockable());
EXPECT_TRUE(address2.is_bannable());
EXPECT_TRUE(address2.equal(*address1));
EXPECT_TRUE(address1->equal(address2));
EXPECT_TRUE(address2 == *address1);
@ -538,7 +538,7 @@ TEST(i2p_address, valid)
EXPECT_EQ(1u, address2.port());
EXPECT_STREQ(b32_i2p_2, address2.host_str());
EXPECT_EQ(std::string{b32_i2p_2}, address2.str().c_str());
EXPECT_TRUE(address2.is_blockable());
EXPECT_TRUE(address2.is_bannable());
EXPECT_FALSE(address2.equal(*address1));
EXPECT_FALSE(address1->equal(address2));
EXPECT_FALSE(address2 == *address1);
@ -555,7 +555,7 @@ TEST(i2p_address, valid)
EXPECT_EQ(1u, address3.port());
EXPECT_STREQ(b32_i2p, address3.host_str());
EXPECT_EQ(std::string{b32_i2p}, address3.str().c_str());
EXPECT_TRUE(address3.is_blockable());
EXPECT_TRUE(address3.is_bannable());
EXPECT_TRUE(address3.equal(*address1));
EXPECT_TRUE(address1->equal(address3));
EXPECT_TRUE(address3 == *address1);
@ -597,9 +597,9 @@ TEST(i2p_address, generic_network_address)
EXPECT_EQ(epee::net_utils::zone::i2p, i2p1.get_zone());
EXPECT_EQ(epee::net_utils::zone::i2p, i2p2.get_zone());
EXPECT_EQ(epee::net_utils::zone::public_, ip.get_zone());
EXPECT_TRUE(i2p1.is_blockable());
EXPECT_TRUE(i2p2.is_blockable());
EXPECT_TRUE(ip.is_blockable());
EXPECT_TRUE(i2p1.is_bannable());
EXPECT_TRUE(i2p2.is_bannable());
EXPECT_TRUE(ip.is_bannable());
}
namespace

184
tests/unit_tests/node_server.cpp
View File

@ -102,9 +102,9 @@ public:
typedef nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<test_core>> Server;
static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
static bool is_banned(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
{
std::map<std::string, time_t> hosts = server.get_blocked_hosts();
std::map<std::string, time_t> hosts = server.get_banned_hosts();
for (auto rec: hosts)
{
if (rec.first == address.host_str())
@ -125,80 +125,80 @@ TEST(ban, add)
cprotocol.set_p2p_endpoint(&server);
// starts empty
ASSERT_TRUE(server.get_blocked_hosts().empty());
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.get_banned_hosts().empty());
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// add an IP
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// add the same, should not change
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// remove an unblocked IP, should not change
ASSERT_FALSE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// remove an unbanned IP, should not change
ASSERT_FALSE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// remove the IP, ends up empty
ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_blocked_hosts().size() == 0);
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_banned_hosts().size() == 0);
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// remove the IP from an empty list, still empty
ASSERT_FALSE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_blocked_hosts().size() == 0);
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_FALSE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_banned_hosts().size() == 0);
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// add two for known amounts of time, they're both blocked
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,5), 3));
ASSERT_TRUE(server.get_blocked_hosts().size() == 2);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,5)));
// add two for known amounts of time, they're both banned
ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1));
ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,5), 3));
ASSERT_TRUE(server.get_banned_hosts().size() == 2);
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,5)));
// these tests would need to call is_remote_ip_allowed, which is private
#if 0
// after two seconds, the first IP is unblocked, but not the second yet
// after two seconds, the first IP is unbanned, but not the second yet
sleep(2);
ASSERT_TRUE(server.get_blocked_hosts().size() == 1);
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
// after two more seconds, the second IP is also unblocked
// after two more seconds, the second IP is also unbanned
sleep(2);
ASSERT_TRUE(server.get_blocked_hosts().size() == 0);
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.get_banned_hosts().size() == 0);
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
#endif
// add an IP again, then re-ban for longer, then shorter
time_t t;
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 2));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 2));
ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(t >= 1);
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 9));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 9));
ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(t >= 8);
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 5));
ASSERT_TRUE(server.get_blocked_hosts().size() == 1);
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 5));
ASSERT_TRUE(server.get_banned_hosts().size() == 1);
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5)));
ASSERT_TRUE(t >= 4);
}
@ -210,12 +210,12 @@ TEST(ban, limit)
cprotocol.set_p2p_endpoint(&server);
// starts empty
ASSERT_TRUE(server.get_blocked_hosts().empty());
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), std::numeric_limits<time_t>::max() - 1));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.get_banned_hosts().empty());
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), std::numeric_limits<time_t>::max() - 1));
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1));
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
}
TEST(ban, subnet)
@ -226,28 +226,28 @@ TEST(ban, subnet)
Server server(cprotocol);
cprotocol.set_p2p_endpoint(&server);
ASSERT_TRUE(server.block_subnet(MAKE_IPV4_SUBNET(1,2,3,4,24), 10));
ASSERT_TRUE(server.get_blocked_subnets().size() == 1);
ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,4), &seconds));
ASSERT_TRUE(server.ban_subnet(MAKE_IPV4_SUBNET(1,2,3,4,24), 10));
ASSERT_TRUE(server.get_banned_subnets().size() == 1);
ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,4), &seconds));
ASSERT_TRUE(seconds >= 9);
ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds));
ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds));
ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,4,0), &seconds));
ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,2,0), &seconds));
ASSERT_TRUE(server.unblock_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24)));
ASSERT_TRUE(server.get_blocked_subnets().size() == 0);
ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds));
ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds));
ASSERT_TRUE(server.block_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10));
ASSERT_TRUE(server.get_blocked_subnets().size() == 1);
ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,255,3,255), &seconds));
ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,0,3,255), &seconds));
ASSERT_FALSE(server.unblock_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24)));
ASSERT_TRUE(server.get_blocked_subnets().size() == 1);
ASSERT_TRUE(server.block_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10));
ASSERT_TRUE(server.get_blocked_subnets().size() == 1);
ASSERT_TRUE(server.unblock_subnet(MAKE_IPV4_SUBNET(1,255,0,0,8)));
ASSERT_TRUE(server.get_blocked_subnets().size() == 0);
ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds));
ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds));
ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,4,0), &seconds));
ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,2,0), &seconds));
ASSERT_TRUE(server.unban_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24)));
ASSERT_TRUE(server.get_banned_subnets().size() == 0);
ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds));
ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds));
ASSERT_TRUE(server.ban_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10));
ASSERT_TRUE(server.get_banned_subnets().size() == 1);
ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,255,3,255), &seconds));
ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,0,3,255), &seconds));
ASSERT_FALSE(server.unban_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24)));
ASSERT_TRUE(server.get_banned_subnets().size() == 1);
ASSERT_TRUE(server.ban_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10));
ASSERT_TRUE(server.get_banned_subnets().size() == 1);
ASSERT_TRUE(server.unban_subnet(MAKE_IPV4_SUBNET(1,255,0,0,8)));
ASSERT_TRUE(server.get_banned_subnets().size() == 0);
}
TEST(ban, ignores_port)
@ -257,13 +257,13 @@ TEST(ban, ignores_port)
Server server(cprotocol);
cprotocol.set_p2p_endpoint(&server);
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5), std::numeric_limits<time_t>::max() - 1));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5), std::numeric_limits<time_t>::max() - 1));
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5)));
ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6)));
}
TEST(node_server, bind_same_p2p_port)
@ -511,7 +511,7 @@ TEST(cryptonote_protocol_handler, race_condition)
virtual bool add_host_fail(const address_t&, unsigned int = {}) override {
return {};
}
virtual bool block_host(address_t address, time_t = {}, bool = {}) override {
virtual bool ban_host(address_t address, time_t = {}, bool = {}) override {
return {};
}
virtual bool drop_connection(const contexts::basic& context) override {
@ -541,16 +541,16 @@ TEST(cryptonote_protocol_handler, race_condition)
}
return {};
}
virtual bool unblock_host(const address_t&) override {
virtual bool unban_host(const address_t&) override {
return {};
}
virtual zone_t send_txs(blobs_t, const zone_t, const uuid_t&, relay_t) override {
return {};
}
virtual bans::subnets get_blocked_subnets() override {
virtual bans::subnets get_banned_subnets() override {
return {};
}
virtual bans::hosts get_blocked_hosts() override {
virtual bans::hosts get_banned_hosts() override {
return {};
}
virtual uint64_t get_public_connections_count() override {

3
utils/fish/monerod.fish
View File

@ -71,7 +71,8 @@ complete -c monerod -l anonymous-inbound -r -d "<hidden-service-address>,<[bind-
complete -c monerod -l ban-list -r -F -d "Specify ban list file, one IP address per line"
complete -c monerod -l hide-my-port -d "Do not announce yourself as peerlist candidate"
complete -c monerod -l no-sync -d "Don't synchronize the blockchain with other peers"
complete -c monerod -l enable-dns-blocklist -d "Apply realtime blocklist from DNS"
complete -c monerod -l enable-dns-blocklist -d "Apply realtime banlist from DNS"
complete -c monerod -l enable-dns-banlist -d "Apply realtime banlist from DNS"
complete -c monerod -l no-igd -d "Disable UPnP port mapping"
complete -c monerod -l igd -r -a "Enabled disabled enabled" -d "UPnP port mapping. Default: delayed"
complete -c monerod -l out-peers -r -d "Set max number of out peers. Default: -1"