mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-10-01 02:35:48 -04:00
added additional filter for incoming IP lists to remove banned IPs. Removed some debug info but left the testing info when checking IPs
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8360 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler
parent
908d308fc6
commit
ad13962e1f
@ -1131,6 +1131,13 @@ bool p3PeerMgrIMPL::setLocalAddress(const RsPeerId &id, const struct sockaddr
|
||||
bool p3PeerMgrIMPL::setExtAddress(const RsPeerId &id, const struct sockaddr_storage &addr)
|
||||
{
|
||||
bool changed = false;
|
||||
uint32_t check_res = 0 ;
|
||||
|
||||
if(!rsBanList->isAddressAccepted(addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,&check_res))
|
||||
{
|
||||
std::cerr << "(SS) trying to set external contact address for peer " << id << " to a banned address " << sockaddr_storage_iptostring(addr )<< std::endl;
|
||||
return false ;
|
||||
}
|
||||
|
||||
if (id == AuthSSL::getAuthSSL()->OwnId())
|
||||
{
|
||||
@ -1244,19 +1251,54 @@ bool p3PeerMgrIMPL::addCandidateForOwnExternalAddress(const RsPeerId &from, cons
|
||||
}
|
||||
return true ;
|
||||
}
|
||||
static bool cleanIpList(std::list<pqiIpAddress>& lst,const RsPeerId& pid,p3LinkMgr *link_mgr)
|
||||
{
|
||||
bool changed = false ;
|
||||
time_t now = time(NULL) ;
|
||||
|
||||
for(std::list<pqiIpAddress>::iterator it2(lst.begin());it2 != lst.end();)
|
||||
{
|
||||
#ifdef PEER_DEBUG
|
||||
std::cerr << "Checking IP address " << sockaddr_storage_iptostring( (*it2).mAddr) << " for peer " << pid << ", age = " << now - (*it2).mSeenTime << std::endl;
|
||||
#endif
|
||||
if(!link_mgr->checkPotentialAddr( (*it2).mAddr,now - (*it2).mSeenTime))
|
||||
{
|
||||
#ifdef PEER_DEBUG
|
||||
std::cerr << " (SS) Removing Banned/old IP address " << sockaddr_storage_iptostring( (*it2).mAddr) << " from peer " << pid << ", age = " << now - (*it2).mSeenTime << std::endl;
|
||||
#endif
|
||||
|
||||
std::list<pqiIpAddress>::iterator ittmp = it2 ;
|
||||
++ittmp ;
|
||||
lst.erase(it2) ;
|
||||
it2 = ittmp ;
|
||||
|
||||
changed = true ;
|
||||
}
|
||||
else
|
||||
++it2 ;
|
||||
}
|
||||
|
||||
return changed ;
|
||||
}
|
||||
|
||||
bool p3PeerMgrIMPL::updateAddressList(const RsPeerId& id, const pqiIpAddrSet &addrs)
|
||||
{
|
||||
#ifdef PEER_DEBUG
|
||||
std::cerr << "p3PeerMgrIMPL::setAddressList() called for id : " << id << std::endl;
|
||||
#endif
|
||||
// first clean the list from potentially banned IPs.
|
||||
|
||||
pqiIpAddrSet clean_set = addrs ;
|
||||
|
||||
cleanIpList(clean_set.mExt.mAddrs,id,mLinkMgr) ;
|
||||
cleanIpList(clean_set.mLocal.mAddrs,id,mLinkMgr) ;
|
||||
|
||||
RsStackMutex stack(mPeerMtx); /****** STACK LOCK MUTEX *******/
|
||||
|
||||
/* check if it is our own ip */
|
||||
if (id == getOwnId())
|
||||
{
|
||||
mOwnState.ipAddrs.updateAddrs(addrs);
|
||||
mOwnState.ipAddrs.updateAddrs(clean_set);
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -1274,7 +1316,7 @@ bool p3PeerMgrIMPL::updateAddressList(const RsPeerId& id, const pqiIpAddrSet
|
||||
}
|
||||
|
||||
/* "it" points to peer */
|
||||
it->second.ipAddrs.updateAddrs(addrs);
|
||||
it->second.ipAddrs.updateAddrs(clean_set);
|
||||
#ifdef PEER_DEBUG
|
||||
std::cerr << "p3PeerMgrIMPL::setLocalAddress() Updated Address for: " << id;
|
||||
std::cerr << std::endl;
|
||||
@ -2268,45 +2310,24 @@ bool p3PeerMgrIMPL::getAssociatedPeers(const RsPgpId &gpg_id, std::list<RsPeerId
|
||||
|
||||
// goes through the list of known friend IPs and remove the ones that are banned by p3LinkMgr.
|
||||
|
||||
static bool cleanIpList(std::list<pqiIpAddress>& lst,const RsPeerId& pid,p3LinkMgr *link_mgr)
|
||||
{
|
||||
bool changed = false ;
|
||||
time_t now = time(NULL) ;
|
||||
|
||||
for(std::list<pqiIpAddress>::iterator it2(lst.begin());it2 != lst.end();)
|
||||
{
|
||||
#ifdef PEER_DEBUG
|
||||
std::cerr << "Checking IP address " << sockaddr_storage_iptostring( (*it2).mAddr) << " for peer " << pid << ", age = " << now - (*it2).mSeenTime << std::endl;
|
||||
#endif
|
||||
if(!link_mgr->checkPotentialAddr( (*it2).mAddr,now - (*it2).mSeenTime))
|
||||
{
|
||||
#ifdef PEER_DEBUG
|
||||
std::cerr << " ==> Removing Banned/old IP address " << sockaddr_storage_iptostring( (*it2).mAddr) << " from peer " << pid << ", age = " << now - (*it2).mSeenTime << std::endl;
|
||||
#endif
|
||||
|
||||
std::list<pqiIpAddress>::iterator ittmp = it2 ;
|
||||
++ittmp ;
|
||||
lst.erase(it2) ;
|
||||
it2 = ittmp ;
|
||||
|
||||
changed = true ;
|
||||
}
|
||||
else
|
||||
++it2 ;
|
||||
}
|
||||
|
||||
return changed ;
|
||||
}
|
||||
|
||||
bool p3PeerMgrIMPL::removeBannedIps()
|
||||
{
|
||||
RsStackMutex stack(mPeerMtx); /****** STACK LOCK MUTEX *******/
|
||||
|
||||
std::cerr << "Cleaning known IPs for all peers." << std::endl;
|
||||
|
||||
bool changed = false ;
|
||||
for( std::map<RsPeerId, peerState>::iterator it = mFriendList.begin(); it != mFriendList.end(); ++it)
|
||||
{
|
||||
if(cleanIpList(it->second.ipAddrs.mExt.mAddrs,it->first,mLinkMgr)) changed = true ;
|
||||
if(cleanIpList(it->second.ipAddrs.mLocal.mAddrs,it->first,mLinkMgr)) changed = true ;
|
||||
|
||||
if(!rsBanList->isAddressAccepted(it->second.serveraddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST))
|
||||
{
|
||||
sockaddr_storage_clear(it->second.serveraddr) ;
|
||||
std::cerr << "(SS) Peer " << it->first << " has a banned server address. Wiping it out." << std::endl;
|
||||
}
|
||||
}
|
||||
|
||||
if(cleanIpList(mOwnState.ipAddrs.mExt.mAddrs,mOwnState.id,mLinkMgr) ) changed = true ;
|
||||
|
||||
@ -1111,11 +1111,11 @@ int p3BanList::sendBanSet(const RsPeerId& peerid)
|
||||
|
||||
int p3BanList::printBanSet_locked(std::ostream &out)
|
||||
{
|
||||
time_t now = time(NULL);
|
||||
#ifdef DEBUG_BANLIST
|
||||
out << "p3BanList::printBanSet_locked()";
|
||||
out << std::endl;
|
||||
|
||||
time_t now = time(NULL);
|
||||
|
||||
std::map<struct sockaddr_storage, BanListPeer>::iterator it;
|
||||
for(it = mBanSet.begin(); it != mBanSet.end(); ++it)
|
||||
{
|
||||
@ -1130,13 +1130,14 @@ int p3BanList::printBanSet_locked(std::ostream &out)
|
||||
out << " Age: " << now - it->second.mTs;
|
||||
out << std::endl;
|
||||
}
|
||||
std::cerr << "Current black list: " << std::dec << std::endl;
|
||||
#endif
|
||||
std::cerr << "Current IP black list (only showing manual ranges, not automatically banned IPs): " << std::dec << std::endl;
|
||||
|
||||
for(std::map<sockaddr_storage,BanListPeer>::const_iterator it(mBanRanges.begin());it!=mBanRanges.end();++it)
|
||||
std::cerr << " " << sockaddr_storage_iptostring(it->first) << ". masked_bytes=" << (int)it->second.masked_bytes
|
||||
<< ", IP=" << sockaddr_storage_iptostring(it->second.addr) << "/" << ((int)32 - 8*(int)(it->second.masked_bytes)) << std::endl;
|
||||
|
||||
std::cerr << "Current white list: " << std::endl;
|
||||
std::cerr << "Current IP white list: " << std::endl;
|
||||
|
||||
for(std::map<sockaddr_storage,BanListPeer>::const_iterator it(mWhiteListedRanges.begin());it!=mWhiteListedRanges.end();++it)
|
||||
std::cerr << " " << sockaddr_storage_iptostring(it->first) << ". masked_bytes=" << (int)it->second.masked_bytes
|
||||
|
||||
Loading…
Reference in New Issue
Block a user