net: move ban and addrman functions into CConnman
This commit is contained in:
Cory Fields
parent
aaf018e3b7
commit
a0f3d3cdad
7 changed files with 174 additions and 132 deletions
14
src/main.cpp
14
src/main.cpp
|
|
@ -4944,7 +4944,7 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
|
|||
pfrom->nServices = ServiceFlags(nServiceInt);
|
||||
if (!pfrom->fInbound)
|
||||
{
|
||||
addrman.SetServices(pfrom->addr, pfrom->nServices);
|
||||
connman.SetServices(pfrom->addr, pfrom->nServices);
|
||||
}
|
||||
if (pfrom->nServicesExpected & ~pfrom->nServices)
|
||||
{
|
||||
|
|
@ -5038,12 +5038,12 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
|
|||
}
|
||||
|
||||
// Get recent addresses
|
||||
if (pfrom->fOneShot || pfrom->nVersion >= CADDR_TIME_VERSION || addrman.size() < 1000)
|
||||
if (pfrom->fOneShot || pfrom->nVersion >= CADDR_TIME_VERSION || connman.GetAddressCount() < 1000)
|
||||
{
|
||||
pfrom->PushMessage(NetMsgType::GETADDR);
|
||||
pfrom->fGetAddr = true;
|
||||
}
|
||||
addrman.Good(pfrom->addr);
|
||||
connman.MarkAddressGood(pfrom->addr);
|
||||
}
|
||||
|
||||
pfrom->fSuccessfullyConnected = true;
|
||||
|
|
@ -5108,7 +5108,7 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
|
|||
vRecv >> vAddr;
|
||||
|
||||
// Don't want addr from older versions unless seeding
|
||||
if (pfrom->nVersion < CADDR_TIME_VERSION && addrman.size() > 1000)
|
||||
if (pfrom->nVersion < CADDR_TIME_VERSION && connman.GetAddressCount() > 1000)
|
||||
return true;
|
||||
if (vAddr.size() > 1000)
|
||||
{
|
||||
|
|
@ -5160,7 +5160,7 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
|
|||
if (fReachable)
|
||||
vAddrOk.push_back(addr);
|
||||
}
|
||||
addrman.Add(vAddrOk, pfrom->addr, 2 * 60 * 60);
|
||||
connman.AddNewAddresses(vAddrOk, pfrom->addr, 2 * 60 * 60);
|
||||
if (vAddr.size() < 1000)
|
||||
pfrom->fGetAddr = false;
|
||||
if (pfrom->fOneShot)
|
||||
|
|
@ -5950,7 +5950,7 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
|
|||
pfrom->fSentAddr = true;
|
||||
|
||||
pfrom->vAddrToSend.clear();
|
||||
vector<CAddress> vAddr = addrman.GetAddr();
|
||||
vector<CAddress> vAddr = connman.GetAddresses();
|
||||
BOOST_FOREACH(const CAddress &addr, vAddr)
|
||||
pfrom->PushAddress(addr);
|
||||
}
|
||||
|
|
@ -6393,7 +6393,7 @@ bool SendMessages(CNode* pto, CConnman& connman)
|
|||
LogPrintf("Warning: not banning local peer %s!\n", pto->addr.ToString());
|
||||
else
|
||||
{
|
||||
CNode::Ban(pto->addr, BanReasonNodeMisbehaving);
|
||||
connman.Ban(pto->addr, BanReasonNodeMisbehaving);
|
||||
}
|
||||
}
|
||||
state.fShouldBan = false;
|
||||
|
|
|
|||
126
src/net.cpp
126
src/net.cpp
|
|
@ -84,9 +84,7 @@ std::map<CNetAddr, LocalServiceInfo> mapLocalHost;
|
|||
static bool vfLimited[NET_MAX] = {};
|
||||
static CNode* pnodeLocalHost = NULL;
|
||||
uint64_t nLocalHostNonce = 0;
|
||||
CAddrMan addrman;
|
||||
int nMaxConnections = DEFAULT_MAX_PEER_CONNECTIONS;
|
||||
bool fAddressesInitialized = false;
|
||||
std::string strSubVersion;
|
||||
|
||||
std::vector<CNode*> vNodes;
|
||||
|
|
@ -446,21 +444,21 @@ CNode* CConnman::ConnectNode(CAddress addrConnect, const char *pszDest, bool fCo
|
|||
return NULL;
|
||||
}
|
||||
|
||||
static void DumpBanlist()
|
||||
void CConnman::DumpBanlist()
|
||||
{
|
||||
CNode::SweepBanned(); // clean unused entries (if bantime has expired)
|
||||
SweepBanned(); // clean unused entries (if bantime has expired)
|
||||
|
||||
if (!CNode::BannedSetIsDirty())
|
||||
if (!BannedSetIsDirty())
|
||||
return;
|
||||
|
||||
int64_t nStart = GetTimeMillis();
|
||||
|
||||
CBanDB bandb;
|
||||
banmap_t banmap;
|
||||
CNode::SetBannedSetDirty(false);
|
||||
CNode::GetBanned(banmap);
|
||||
SetBannedSetDirty(false);
|
||||
GetBanned(banmap);
|
||||
if (!bandb.Write(banmap))
|
||||
CNode::SetBannedSetDirty(true);
|
||||
SetBannedSetDirty(true);
|
||||
|
||||
LogPrint("net", "Flushed %d banned node ips/subnets to banlist.dat %dms\n",
|
||||
banmap.size(), GetTimeMillis() - nStart);
|
||||
|
|
@ -501,11 +499,7 @@ void CNode::PushVersion()
|
|||
|
||||
|
||||
|
||||
banmap_t CNode::setBanned;
|
||||
CCriticalSection CNode::cs_setBanned;
|
||||
bool CNode::setBannedIsDirty;
|
||||
|
||||
void CNode::ClearBanned()
|
||||
void CConnman::ClearBanned()
|
||||
{
|
||||
{
|
||||
LOCK(cs_setBanned);
|
||||
|
|
@ -516,7 +510,7 @@ void CNode::ClearBanned()
|
|||
uiInterface.BannedListChanged();
|
||||
}
|
||||
|
||||
bool CNode::IsBanned(CNetAddr ip)
|
||||
bool CConnman::IsBanned(CNetAddr ip)
|
||||
{
|
||||
bool fResult = false;
|
||||
{
|
||||
|
|
@ -533,7 +527,7 @@ bool CNode::IsBanned(CNetAddr ip)
|
|||
return fResult;
|
||||
}
|
||||
|
||||
bool CNode::IsBanned(CSubNet subnet)
|
||||
bool CConnman::IsBanned(CSubNet subnet)
|
||||
{
|
||||
bool fResult = false;
|
||||
{
|
||||
|
|
@ -549,12 +543,12 @@ bool CNode::IsBanned(CSubNet subnet)
|
|||
return fResult;
|
||||
}
|
||||
|
||||
void CNode::Ban(const CNetAddr& addr, const BanReason &banReason, int64_t bantimeoffset, bool sinceUnixEpoch) {
|
||||
void CConnman::Ban(const CNetAddr& addr, const BanReason &banReason, int64_t bantimeoffset, bool sinceUnixEpoch) {
|
||||
CSubNet subNet(addr);
|
||||
Ban(subNet, banReason, bantimeoffset, sinceUnixEpoch);
|
||||
}
|
||||
|
||||
void CNode::Ban(const CSubNet& subNet, const BanReason &banReason, int64_t bantimeoffset, bool sinceUnixEpoch) {
|
||||
void CConnman::Ban(const CSubNet& subNet, const BanReason &banReason, int64_t bantimeoffset, bool sinceUnixEpoch) {
|
||||
CBanEntry banEntry(GetTime());
|
||||
banEntry.banReason = banReason;
|
||||
if (bantimeoffset <= 0)
|
||||
|
|
@ -585,12 +579,12 @@ void CNode::Ban(const CSubNet& subNet, const BanReason &banReason, int64_t banti
|
|||
DumpBanlist(); //store banlist to disk immediately if user requested ban
|
||||
}
|
||||
|
||||
bool CNode::Unban(const CNetAddr &addr) {
|
||||
bool CConnman::Unban(const CNetAddr &addr) {
|
||||
CSubNet subNet(addr);
|
||||
return Unban(subNet);
|
||||
}
|
||||
|
||||
bool CNode::Unban(const CSubNet &subNet) {
|
||||
bool CConnman::Unban(const CSubNet &subNet) {
|
||||
{
|
||||
LOCK(cs_setBanned);
|
||||
if (!setBanned.erase(subNet))
|
||||
|
|
@ -602,20 +596,20 @@ bool CNode::Unban(const CSubNet &subNet) {
|
|||
return true;
|
||||
}
|
||||
|
||||
void CNode::GetBanned(banmap_t &banMap)
|
||||
void CConnman::GetBanned(banmap_t &banMap)
|
||||
{
|
||||
LOCK(cs_setBanned);
|
||||
banMap = setBanned; //create a thread safe copy
|
||||
}
|
||||
|
||||
void CNode::SetBanned(const banmap_t &banMap)
|
||||
void CConnman::SetBanned(const banmap_t &banMap)
|
||||
{
|
||||
LOCK(cs_setBanned);
|
||||
setBanned = banMap;
|
||||
setBannedIsDirty = true;
|
||||
}
|
||||
|
||||
void CNode::SweepBanned()
|
||||
void CConnman::SweepBanned()
|
||||
{
|
||||
int64_t now = GetTime();
|
||||
|
||||
|
|
@ -636,13 +630,13 @@ void CNode::SweepBanned()
|
|||
}
|
||||
}
|
||||
|
||||
bool CNode::BannedSetIsDirty()
|
||||
bool CConnman::BannedSetIsDirty()
|
||||
{
|
||||
LOCK(cs_setBanned);
|
||||
return setBannedIsDirty;
|
||||
}
|
||||
|
||||
void CNode::SetBannedSetDirty(bool dirty)
|
||||
void CConnman::SetBannedSetDirty(bool dirty)
|
||||
{
|
||||
LOCK(cs_setBanned); //reuse setBanned lock for the isDirty flag
|
||||
setBannedIsDirty = dirty;
|
||||
|
|
@ -1047,7 +1041,7 @@ void CConnman::AcceptConnection(const ListenSocket& hListenSocket) {
|
|||
setsockopt(hSocket, IPPROTO_TCP, TCP_NODELAY, (void*)&set, sizeof(int));
|
||||
#endif
|
||||
|
||||
if (CNode::IsBanned(addr) && !whitelisted)
|
||||
if (IsBanned(addr) && !whitelisted)
|
||||
{
|
||||
LogPrintf("connection from %s dropped (banned)\n", addr.ToString());
|
||||
CloseSocket(hSocket);
|
||||
|
|
@ -1548,7 +1542,7 @@ void CConnman::ThreadDNSAddressSeed()
|
|||
|
||||
|
||||
|
||||
void DumpAddresses()
|
||||
void CConnman::DumpAddresses()
|
||||
{
|
||||
int64_t nStart = GetTimeMillis();
|
||||
|
||||
|
|
@ -1559,7 +1553,7 @@ void DumpAddresses()
|
|||
addrman.size(), GetTimeMillis() - nStart);
|
||||
}
|
||||
|
||||
void DumpData()
|
||||
void CConnman::DumpData()
|
||||
{
|
||||
DumpAddresses();
|
||||
DumpBanlist();
|
||||
|
|
@ -1813,7 +1807,7 @@ bool CConnman::OpenNetworkConnection(const CAddress& addrConnect, bool fCountFai
|
|||
boost::this_thread::interruption_point();
|
||||
if (!pszDest) {
|
||||
if (IsLocal(addrConnect) ||
|
||||
FindNode((CNetAddr)addrConnect) || CNode::IsBanned(addrConnect) ||
|
||||
FindNode((CNetAddr)addrConnect) || IsBanned(addrConnect) ||
|
||||
FindNode(addrConnect.ToStringIPPort()))
|
||||
return false;
|
||||
} else if (FindNode(std::string(pszDest)))
|
||||
|
|
@ -2054,10 +2048,22 @@ void static Discover(boost::thread_group& threadGroup)
|
|||
|
||||
CConnman::CConnman()
|
||||
{
|
||||
setBannedIsDirty = false;
|
||||
fAddressesInitialized = false;
|
||||
}
|
||||
|
||||
bool StartNode(CConnman& connman, boost::thread_group& threadGroup, CScheduler& scheduler, std::string& strNodeError)
|
||||
{
|
||||
Discover(threadGroup);
|
||||
|
||||
bool ret = connman.Start(threadGroup, scheduler, strNodeError);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
bool CConnman::Start(boost::thread_group& threadGroup, CScheduler& scheduler, std::string& strNodeError)
|
||||
{
|
||||
|
||||
uiInterface.InitMessage(_("Loading addresses..."));
|
||||
// Load addresses from peers.dat
|
||||
int64_t nStart = GetTimeMillis();
|
||||
|
|
@ -2078,15 +2084,15 @@ bool StartNode(CConnman& connman, boost::thread_group& threadGroup, CScheduler&
|
|||
CBanDB bandb;
|
||||
banmap_t banmap;
|
||||
if (bandb.Read(banmap)) {
|
||||
CNode::SetBanned(banmap); // thread save setter
|
||||
CNode::SetBannedSetDirty(false); // no need to write down, just read data
|
||||
CNode::SweepBanned(); // sweep out unused entries
|
||||
SetBanned(banmap); // thread save setter
|
||||
SetBannedSetDirty(false); // no need to write down, just read data
|
||||
SweepBanned(); // sweep out unused entries
|
||||
|
||||
LogPrint("net", "Loaded %d banned node ips/subnets from banlist.dat %dms\n",
|
||||
banmap.size(), GetTimeMillis() - nStart);
|
||||
} else {
|
||||
LogPrintf("Invalid or missing banlist.dat; recreating\n");
|
||||
CNode::SetBannedSetDirty(true); // force write
|
||||
SetBannedSetDirty(true); // force write
|
||||
DumpBanlist();
|
||||
}
|
||||
|
||||
|
|
@ -2094,17 +2100,6 @@ bool StartNode(CConnman& connman, boost::thread_group& threadGroup, CScheduler&
|
|||
|
||||
fAddressesInitialized = true;
|
||||
|
||||
Discover(threadGroup);
|
||||
|
||||
bool ret = connman.Start(threadGroup, strNodeError);
|
||||
|
||||
// Dump network addresses
|
||||
scheduler.scheduleEvery(DumpData, DUMP_ADDRESSES_INTERVAL);
|
||||
return ret;
|
||||
}
|
||||
|
||||
bool CConnman::Start(boost::thread_group& threadGroup, std::string& strNodeError)
|
||||
{
|
||||
if (semOutbound == NULL) {
|
||||
// initialize semaphore
|
||||
int nMaxOutbound = std::min((MAX_OUTBOUND_CONNECTIONS + MAX_FEELER_CONNECTIONS), nMaxConnections);
|
||||
|
|
@ -2142,6 +2137,9 @@ bool CConnman::Start(boost::thread_group& threadGroup, std::string& strNodeError
|
|||
// Process messages
|
||||
threadGroup.create_thread(boost::bind(&TraceThread<boost::function<void()> >, "msghand", boost::function<void()>(boost::bind(&CConnman::ThreadMessageHandler, this))));
|
||||
|
||||
// Dump network addresses
|
||||
scheduler.scheduleEvery(boost::bind(&CConnman::DumpData, this), DUMP_ADDRESSES_INTERVAL);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -2150,12 +2148,6 @@ bool StopNode(CConnman& connman)
|
|||
LogPrintf("StopNode()\n");
|
||||
MapPort(false);
|
||||
|
||||
if (fAddressesInitialized)
|
||||
{
|
||||
DumpData();
|
||||
fAddressesInitialized = false;
|
||||
}
|
||||
|
||||
connman.Stop();
|
||||
return true;
|
||||
}
|
||||
|
|
@ -2181,6 +2173,12 @@ void CConnman::Stop()
|
|||
for (int i=0; i<(MAX_OUTBOUND_CONNECTIONS + MAX_FEELER_CONNECTIONS); i++)
|
||||
semOutbound->post();
|
||||
|
||||
if (fAddressesInitialized)
|
||||
{
|
||||
DumpData();
|
||||
fAddressesInitialized = false;
|
||||
}
|
||||
|
||||
// Close sockets
|
||||
BOOST_FOREACH(CNode* pnode, vNodes)
|
||||
if (pnode->hSocket != INVALID_SOCKET)
|
||||
|
|
@ -2221,6 +2219,36 @@ CConnman::~CConnman()
|
|||
{
|
||||
}
|
||||
|
||||
size_t CConnman::GetAddressCount() const
|
||||
{
|
||||
return addrman.size();
|
||||
}
|
||||
|
||||
void CConnman::SetServices(const CService &addr, ServiceFlags nServices)
|
||||
{
|
||||
addrman.SetServices(addr, nServices);
|
||||
}
|
||||
|
||||
void CConnman::MarkAddressGood(const CAddress& addr)
|
||||
{
|
||||
addrman.Good(addr);
|
||||
}
|
||||
|
||||
void CConnman::AddNewAddress(const CAddress& addr, const CAddress& addrFrom, int64_t nTimePenalty)
|
||||
{
|
||||
addrman.Add(addr, addrFrom, nTimePenalty);
|
||||
}
|
||||
|
||||
void CConnman::AddNewAddresses(const std::vector<CAddress>& vAddr, const CAddress& addrFrom, int64_t nTimePenalty)
|
||||
{
|
||||
addrman.Add(vAddr, addrFrom, nTimePenalty);
|
||||
}
|
||||
|
||||
std::vector<CAddress> CConnman::GetAddresses()
|
||||
{
|
||||
return addrman.GetAddr();
|
||||
}
|
||||
|
||||
void RelayTransaction(const CTransaction& tx)
|
||||
{
|
||||
CInv inv(MSG_TX, tx.GetHash());
|
||||
|
|
|
|||
89
src/net.h
89
src/net.h
|
|
@ -7,6 +7,7 @@
|
|||
#define BITCOIN_NET_H
|
||||
|
||||
#include "addrdb.h"
|
||||
#include "addrman.h"
|
||||
#include "amount.h"
|
||||
#include "bloom.h"
|
||||
#include "compat.h"
|
||||
|
|
@ -87,7 +88,6 @@ unsigned int SendBufferSize();
|
|||
typedef int NodeId;
|
||||
|
||||
void AddOneShot(const std::string& strDest);
|
||||
void AddressCurrentlyConnected(const CService& addr);
|
||||
CNode* FindNode(const CNetAddr& ip);
|
||||
CNode* FindNode(const CSubNet& subNet);
|
||||
CNode* FindNode(const std::string& addrName);
|
||||
|
|
@ -99,11 +99,44 @@ class CConnman
|
|||
public:
|
||||
CConnman();
|
||||
~CConnman();
|
||||
bool Start(boost::thread_group& threadGroup, std::string& strNodeError);
|
||||
bool Start(boost::thread_group& threadGroup, CScheduler& scheduler, std::string& strNodeError);
|
||||
void Stop();
|
||||
bool BindListenPort(const CService &bindAddr, std::string& strError, bool fWhitelisted = false);
|
||||
bool OpenNetworkConnection(const CAddress& addrConnect, bool fCountFailure, CSemaphoreGrant *grantOutbound = NULL, const char *strDest = NULL, bool fOneShot = false, bool fFeeler = false);
|
||||
|
||||
// Addrman functions
|
||||
size_t GetAddressCount() const;
|
||||
void SetServices(const CService &addr, ServiceFlags nServices);
|
||||
void MarkAddressGood(const CAddress& addr);
|
||||
void AddNewAddress(const CAddress& addr, const CAddress& addrFrom, int64_t nTimePenalty = 0);
|
||||
void AddNewAddresses(const std::vector<CAddress>& vAddr, const CAddress& addrFrom, int64_t nTimePenalty = 0);
|
||||
std::vector<CAddress> GetAddresses();
|
||||
void AddressCurrentlyConnected(const CService& addr);
|
||||
|
||||
// Denial-of-service detection/prevention
|
||||
// The idea is to detect peers that are behaving
|
||||
// badly and disconnect/ban them, but do it in a
|
||||
// one-coding-mistake-won't-shatter-the-entire-network
|
||||
// way.
|
||||
// IMPORTANT: There should be nothing I can give a
|
||||
// node that it will forward on that will make that
|
||||
// node's peers drop it. If there is, an attacker
|
||||
// can isolate a node and/or try to split the network.
|
||||
// Dropping a node for sending stuff that is invalid
|
||||
// now but might be valid in a later version is also
|
||||
// dangerous, because it can cause a network split
|
||||
// between nodes running old code and nodes running
|
||||
// new code.
|
||||
void Ban(const CNetAddr& netAddr, const BanReason& reason, int64_t bantimeoffset = 0, bool sinceUnixEpoch = false);
|
||||
void Ban(const CSubNet& subNet, const BanReason& reason, int64_t bantimeoffset = 0, bool sinceUnixEpoch = false);
|
||||
void ClearBanned(); // needed for unit testing
|
||||
bool IsBanned(CNetAddr ip);
|
||||
bool IsBanned(CSubNet subnet);
|
||||
bool Unban(const CNetAddr &ip);
|
||||
bool Unban(const CSubNet &ip);
|
||||
void GetBanned(banmap_t &banmap);
|
||||
void SetBanned(const banmap_t &banmap);
|
||||
|
||||
private:
|
||||
struct ListenSocket {
|
||||
SOCKET socket;
|
||||
|
|
@ -122,8 +155,22 @@ private:
|
|||
|
||||
CNode* ConnectNode(CAddress addrConnect, const char *pszDest, bool fCountFailure);
|
||||
void DeleteNode(CNode* pnode);
|
||||
//!check is the banlist has unwritten changes
|
||||
bool BannedSetIsDirty();
|
||||
//!set the "dirty" flag for the banlist
|
||||
void SetBannedSetDirty(bool dirty=true);
|
||||
//!clean unused entries (if bantime has expired)
|
||||
void SweepBanned();
|
||||
void DumpAddresses();
|
||||
void DumpData();
|
||||
void DumpBanlist();
|
||||
|
||||
std::vector<ListenSocket> vhListenSocket;
|
||||
banmap_t setBanned;
|
||||
CCriticalSection cs_setBanned;
|
||||
bool setBannedIsDirty;
|
||||
bool fAddressesInitialized;
|
||||
CAddrMan addrman;
|
||||
};
|
||||
extern std::unique_ptr<CConnman> g_connman;
|
||||
void MapPort(bool fUseUPnP);
|
||||
|
|
@ -195,7 +242,6 @@ extern ServiceFlags nLocalServices;
|
|||
extern ServiceFlags nRelevantServices;
|
||||
extern bool fRelayTxes;
|
||||
extern uint64_t nLocalHostNonce;
|
||||
extern CAddrMan addrman;
|
||||
|
||||
/** Maximum number of connections to simultaneously allow (aka connection slots) */
|
||||
extern int nMaxConnections;
|
||||
|
|
@ -347,12 +393,6 @@ public:
|
|||
const uint64_t nKeyedNetGroup;
|
||||
protected:
|
||||
|
||||
// Denial-of-service detection/prevention
|
||||
// Key is IP address, value is banned-until-time
|
||||
static banmap_t setBanned;
|
||||
static CCriticalSection cs_setBanned;
|
||||
static bool setBannedIsDirty;
|
||||
|
||||
// Whitelisted ranges. Any node connecting from these is automatically
|
||||
// whitelisted (as well as those connecting to whitelisted binds).
|
||||
static std::vector<CSubNet> vWhitelistedRange;
|
||||
|
|
@ -722,37 +762,6 @@ public:
|
|||
|
||||
void CloseSocketDisconnect();
|
||||
|
||||
// Denial-of-service detection/prevention
|
||||
// The idea is to detect peers that are behaving
|
||||
// badly and disconnect/ban them, but do it in a
|
||||
// one-coding-mistake-won't-shatter-the-entire-network
|
||||
// way.
|
||||
// IMPORTANT: There should be nothing I can give a
|
||||
// node that it will forward on that will make that
|
||||
// node's peers drop it. If there is, an attacker
|
||||
// can isolate a node and/or try to split the network.
|
||||
// Dropping a node for sending stuff that is invalid
|
||||
// now but might be valid in a later version is also
|
||||
// dangerous, because it can cause a network split
|
||||
// between nodes running old code and nodes running
|
||||
// new code.
|
||||
static void ClearBanned(); // needed for unit testing
|
||||
static bool IsBanned(CNetAddr ip);
|
||||
static bool IsBanned(CSubNet subnet);
|
||||
static void Ban(const CNetAddr &ip, const BanReason &banReason, int64_t bantimeoffset = 0, bool sinceUnixEpoch = false);
|
||||
static void Ban(const CSubNet &subNet, const BanReason &banReason, int64_t bantimeoffset = 0, bool sinceUnixEpoch = false);
|
||||
static bool Unban(const CNetAddr &ip);
|
||||
static bool Unban(const CSubNet &ip);
|
||||
static void GetBanned(banmap_t &banmap);
|
||||
static void SetBanned(const banmap_t &banmap);
|
||||
|
||||
//!check is the banlist has unwritten changes
|
||||
static bool BannedSetIsDirty();
|
||||
//!set the "dirty" flag for the banlist
|
||||
static void SetBannedSetDirty(bool dirty=true);
|
||||
//!clean unused entries (if bantime has expired)
|
||||
static void SweepBanned();
|
||||
|
||||
void copyStats(CNodeStats &stats);
|
||||
|
||||
static bool IsWhitelistedRange(const CNetAddr &ip);
|
||||
|
|
|
|||
|
|
@ -48,7 +48,8 @@ public:
|
|||
void refreshBanlist()
|
||||
{
|
||||
banmap_t banMap;
|
||||
CNode::GetBanned(banMap);
|
||||
if(g_connman)
|
||||
g_connman->GetBanned(banMap);
|
||||
|
||||
cachedBanlist.clear();
|
||||
#if QT_VERSION >= 0x040700
|
||||
|
|
|
|||
|
|
@ -887,26 +887,23 @@ void RPCConsole::disconnectSelectedNode()
|
|||
|
||||
void RPCConsole::banSelectedNode(int bantime)
|
||||
{
|
||||
if (!clientModel)
|
||||
if (!clientModel || !g_connman)
|
||||
return;
|
||||
|
||||
// Get currently selected peer address
|
||||
QString strNode = GUIUtil::getEntryData(ui->peerWidget, 0, PeerTableModel::Address).toString();
|
||||
// Find possible nodes, ban it and clear the selected node
|
||||
if (FindNode(strNode.toStdString())) {
|
||||
std::string nStr = strNode.toStdString();
|
||||
std::string addr;
|
||||
int port = 0;
|
||||
SplitHostPort(nStr, port, addr);
|
||||
std::string nStr = strNode.toStdString();
|
||||
std::string addr;
|
||||
int port = 0;
|
||||
SplitHostPort(nStr, port, addr);
|
||||
|
||||
CNetAddr resolved;
|
||||
if(!LookupHost(addr.c_str(), resolved, false))
|
||||
return;
|
||||
CNode::Ban(resolved, BanReasonManuallyAdded, bantime);
|
||||
|
||||
clearSelectedNode();
|
||||
clientModel->getBanTableModel()->refresh();
|
||||
}
|
||||
CNetAddr resolved;
|
||||
if(!LookupHost(addr.c_str(), resolved, false))
|
||||
return;
|
||||
g_connman->Ban(resolved, BanReasonManuallyAdded, bantime);
|
||||
clearSelectedNode();
|
||||
clientModel->getBanTableModel()->refresh();
|
||||
}
|
||||
|
||||
void RPCConsole::unbanSelectedNode()
|
||||
|
|
@ -919,9 +916,9 @@ void RPCConsole::unbanSelectedNode()
|
|||
CSubNet possibleSubnet;
|
||||
|
||||
LookupSubNet(strNode.toStdString().c_str(), possibleSubnet);
|
||||
if (possibleSubnet.IsValid())
|
||||
if (possibleSubnet.IsValid() && g_connman)
|
||||
{
|
||||
CNode::Unban(possibleSubnet);
|
||||
g_connman->Unban(possibleSubnet);
|
||||
clientModel->getBanTableModel()->refresh();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -488,6 +488,8 @@ UniValue setban(const UniValue& params, bool fHelp)
|
|||
+ HelpExampleCli("setban", "\"192.168.0.0/24\" \"add\"")
|
||||
+ HelpExampleRpc("setban", "\"192.168.0.6\", \"add\", 86400")
|
||||
);
|
||||
if(!g_connman)
|
||||
throw JSONRPCError(RPC_CLIENT_P2P_DISABLED, "Error: Peer-to-peer functionality missing or disabled");
|
||||
|
||||
CSubNet subNet;
|
||||
CNetAddr netAddr;
|
||||
|
|
@ -509,7 +511,7 @@ UniValue setban(const UniValue& params, bool fHelp)
|
|||
|
||||
if (strCommand == "add")
|
||||
{
|
||||
if (isSubnet ? CNode::IsBanned(subNet) : CNode::IsBanned(netAddr))
|
||||
if (isSubnet ? g_connman->IsBanned(subNet) : g_connman->IsBanned(netAddr))
|
||||
throw JSONRPCError(RPC_CLIENT_NODE_ALREADY_ADDED, "Error: IP/Subnet already banned");
|
||||
|
||||
int64_t banTime = 0; //use standard bantime if not specified
|
||||
|
|
@ -520,11 +522,11 @@ UniValue setban(const UniValue& params, bool fHelp)
|
|||
if (params.size() == 4 && params[3].isTrue())
|
||||
absolute = true;
|
||||
|
||||
isSubnet ? CNode::Ban(subNet, BanReasonManuallyAdded, banTime, absolute) : CNode::Ban(netAddr, BanReasonManuallyAdded, banTime, absolute);
|
||||
isSubnet ? g_connman->Ban(subNet, BanReasonManuallyAdded, banTime, absolute) : g_connman->Ban(netAddr, BanReasonManuallyAdded, banTime, absolute);
|
||||
}
|
||||
else if(strCommand == "remove")
|
||||
{
|
||||
if (!( isSubnet ? CNode::Unban(subNet) : CNode::Unban(netAddr) ))
|
||||
if (!( isSubnet ? g_connman->Unban(subNet) : g_connman->Unban(netAddr) ))
|
||||
throw JSONRPCError(RPC_MISC_ERROR, "Error: Unban failed");
|
||||
}
|
||||
return NullUniValue;
|
||||
|
|
@ -541,8 +543,11 @@ UniValue listbanned(const UniValue& params, bool fHelp)
|
|||
+ HelpExampleRpc("listbanned", "")
|
||||
);
|
||||
|
||||
if(!g_connman)
|
||||
throw JSONRPCError(RPC_CLIENT_P2P_DISABLED, "Error: Peer-to-peer functionality missing or disabled");
|
||||
|
||||
banmap_t banMap;
|
||||
CNode::GetBanned(banMap);
|
||||
g_connman->GetBanned(banMap);
|
||||
|
||||
UniValue bannedAddresses(UniValue::VARR);
|
||||
for (banmap_t::iterator it = banMap.begin(); it != banMap.end(); it++)
|
||||
|
|
@ -570,8 +575,10 @@ UniValue clearbanned(const UniValue& params, bool fHelp)
|
|||
+ HelpExampleCli("clearbanned", "")
|
||||
+ HelpExampleRpc("clearbanned", "")
|
||||
);
|
||||
if(!g_connman)
|
||||
throw JSONRPCError(RPC_CLIENT_P2P_DISABLED, "Error: Peer-to-peer functionality missing or disabled");
|
||||
|
||||
CNode::ClearBanned();
|
||||
g_connman->ClearBanned();
|
||||
|
||||
return NullUniValue;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,15 +44,15 @@ BOOST_FIXTURE_TEST_SUITE(DoS_tests, TestingSetup)
|
|||
|
||||
BOOST_AUTO_TEST_CASE(DoS_banning)
|
||||
{
|
||||
CNode::ClearBanned();
|
||||
connman->ClearBanned();
|
||||
CAddress addr1(ip(0xa0b0c001), NODE_NONE);
|
||||
CNode dummyNode1(INVALID_SOCKET, addr1, "", true);
|
||||
GetNodeSignals().InitializeNode(dummyNode1.GetId(), &dummyNode1);
|
||||
dummyNode1.nVersion = 1;
|
||||
Misbehaving(dummyNode1.GetId(), 100); // Should get banned
|
||||
SendMessages(&dummyNode1, *connman);
|
||||
BOOST_CHECK(CNode::IsBanned(addr1));
|
||||
BOOST_CHECK(!CNode::IsBanned(ip(0xa0b0c001|0x0000ff00))); // Different IP, not banned
|
||||
BOOST_CHECK(connman->IsBanned(addr1));
|
||||
BOOST_CHECK(!connman->IsBanned(ip(0xa0b0c001|0x0000ff00))); // Different IP, not banned
|
||||
|
||||
CAddress addr2(ip(0xa0b0c002), NODE_NONE);
|
||||
CNode dummyNode2(INVALID_SOCKET, addr2, "", true);
|
||||
|
|
@ -60,16 +60,16 @@ BOOST_AUTO_TEST_CASE(DoS_banning)
|
|||
dummyNode2.nVersion = 1;
|
||||
Misbehaving(dummyNode2.GetId(), 50);
|
||||
SendMessages(&dummyNode2, *connman);
|
||||
BOOST_CHECK(!CNode::IsBanned(addr2)); // 2 not banned yet...
|
||||
BOOST_CHECK(CNode::IsBanned(addr1)); // ... but 1 still should be
|
||||
BOOST_CHECK(!connman->IsBanned(addr2)); // 2 not banned yet...
|
||||
BOOST_CHECK(connman->IsBanned(addr1)); // ... but 1 still should be
|
||||
Misbehaving(dummyNode2.GetId(), 50);
|
||||
SendMessages(&dummyNode2, *connman);
|
||||
BOOST_CHECK(CNode::IsBanned(addr2));
|
||||
BOOST_CHECK(connman->IsBanned(addr2));
|
||||
}
|
||||
|
||||
BOOST_AUTO_TEST_CASE(DoS_banscore)
|
||||
{
|
||||
CNode::ClearBanned();
|
||||
connman->ClearBanned();
|
||||
mapArgs["-banscore"] = "111"; // because 11 is my favorite number
|
||||
CAddress addr1(ip(0xa0b0c001), NODE_NONE);
|
||||
CNode dummyNode1(INVALID_SOCKET, addr1, "", true);
|
||||
|
|
@ -77,19 +77,19 @@ BOOST_AUTO_TEST_CASE(DoS_banscore)
|
|||
dummyNode1.nVersion = 1;
|
||||
Misbehaving(dummyNode1.GetId(), 100);
|
||||
SendMessages(&dummyNode1, *connman);
|
||||
BOOST_CHECK(!CNode::IsBanned(addr1));
|
||||
BOOST_CHECK(!connman->IsBanned(addr1));
|
||||
Misbehaving(dummyNode1.GetId(), 10);
|
||||
SendMessages(&dummyNode1, *connman);
|
||||
BOOST_CHECK(!CNode::IsBanned(addr1));
|
||||
BOOST_CHECK(!connman->IsBanned(addr1));
|
||||
Misbehaving(dummyNode1.GetId(), 1);
|
||||
SendMessages(&dummyNode1, *connman);
|
||||
BOOST_CHECK(CNode::IsBanned(addr1));
|
||||
BOOST_CHECK(connman->IsBanned(addr1));
|
||||
mapArgs.erase("-banscore");
|
||||
}
|
||||
|
||||
BOOST_AUTO_TEST_CASE(DoS_bantime)
|
||||
{
|
||||
CNode::ClearBanned();
|
||||
connman->ClearBanned();
|
||||
int64_t nStartTime = GetTime();
|
||||
SetMockTime(nStartTime); // Overrides future calls to GetTime()
|
||||
|
||||
|
|
@ -100,13 +100,13 @@ BOOST_AUTO_TEST_CASE(DoS_bantime)
|
|||
|
||||
Misbehaving(dummyNode.GetId(), 100);
|
||||
SendMessages(&dummyNode, *connman);
|
||||
BOOST_CHECK(CNode::IsBanned(addr));
|
||||
BOOST_CHECK(connman->IsBanned(addr));
|
||||
|
||||
SetMockTime(nStartTime+60*60);
|
||||
BOOST_CHECK(CNode::IsBanned(addr));
|
||||
BOOST_CHECK(connman->IsBanned(addr));
|
||||
|
||||
SetMockTime(nStartTime+60*60*24+1);
|
||||
BOOST_CHECK(!CNode::IsBanned(addr));
|
||||
BOOST_CHECK(!connman->IsBanned(addr));
|
||||
}
|
||||
|
||||
CTransaction RandomOrphan()
|
||||
|
|
|
|||
Loading…
Reference in a new issue