Improvements to BadPeer Filter.

* Enabling Local BadPeer Filter. - This will remove any peer you detect is spoofing yourself or your friends. - This list is also shared with you friends. (in Test Mode). * added Cleanup of BadPeer Filter. - Instead of permanent ban, peers are be banned for 6 hours. - bdManager periodically calls this - which prints out ban list too. * added #define to disable the Filter - for testing purposes. NOTES: This Ip Filter should probably be moved from DHT level to UdpLayer level. This will enable it to filter STUN / UDP Connection Packets too. git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-dhtmods@4716 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2025-02-03 11:00:14 -05:00 · 2011-12-08 20:00:20 +00:00 · 2011-12-08 20:00:20 +00:00 · b6dbdf9396
commit b6dbdf9396
parent 92c53ff0d2
4 changed files with 84 additions and 39 deletions
--- a/libbitdht/src/bitdht/bdfilter.cc
+++ b/libbitdht/src/bitdht/bdfilter.cc
@ -36,6 +36,8 @@
 * #define DEBUG_FILTER 1
 **/

+#define BDFILTER_ENTRY_DROP_PERIOD	(6 * 3600)
+

 bdFilter::bdFilter(const bdNodeId *ownId, std::list<bdFilteredPeer> &startList, 
 		uint32_t filterFlags, bdDhtFunctions *fns)
@ -129,6 +131,7 @@ int bdFilter::addPeerToFilter(const bdId *id, uint32_t flags)

 		return true;
 	}
+
 	return false;
 }

@ -171,4 +174,56 @@ bool bdFilter::isOwnIdWithoutBitDhtFlags(const bdId *id, uint32_t peerFlags)
 }


+/* periodically we want to cleanup the filter....
+ * if we haven't had an IP address reported as filtered for several hours.
+ * remove it from the list.
+ */
+
+bool bdFilter::cleanupFilter()
+{
+	std::cerr << "bdFilter::cleanupFilter() Current BanList" << std::endl;
+	struct in_addr inaddr;
+
+	std::set<uint32_t>::iterator sit;
+	for(sit = mIpsBanned.begin(); sit != mIpsBanned.end(); sit++)
+	{
+		inaddr.s_addr = *sit;
+		std::cerr << "\tBanned: " << inet_ntoa(inaddr) << std::endl;
+	}
+
+	mIpsBanned.clear();
+	
+	std::cerr << "Filter List:" << std::endl;
+
+	time_t now = time(NULL);
+	time_t dropTime = now - BDFILTER_ENTRY_DROP_PERIOD;
+
+	std::list<bdFilteredPeer>::iterator it;
+	for(it = mFiltered.begin(); it != mFiltered.end();)
+	{
+		std::cerr << "\t" << inet_ntoa(it->mAddr.sin_addr);
+		std::cerr << " Flags: " << it->mFilterFlags;
+		std::cerr << " FilterTS: " << now - it->mFilterTS;
+		std::cerr << " LastSeen: " << now - it->mLastSeen;
+
+		if (it->mLastSeen < dropTime)
+		{
+			/* remove from filter */
+			std::cerr << " OLD DROPPING" << std::endl;
+			it = mFiltered.erase(it);
+		}
+		else
+		{
+			std::cerr << " OK" << std::endl;
+			uint32_t saddr = it->mAddr.sin_addr.s_addr;
+			mIpsBanned.insert(saddr);
+
+			it++;
+		}
+	}
+
+	return true;
+}
+
+

--- a/libbitdht/src/bitdht/bdfilter.h
+++ b/libbitdht/src/bitdht/bdfilter.h
@ -60,10 +60,12 @@ bool	filteredIPs(std::list<struct sockaddr_in> &answer);
 int 	checkPeer(const bdId *id, uint32_t peerFlags);

 int 	addrOkay(struct sockaddr_in *addr);
+int 	addPeerToFilter(const bdId *id, uint32_t flags);
+
+bool 	cleanupFilter();

 	private:

-int 	addPeerToFilter(const bdId *id, uint32_t flags);
 bool	isOwnIdWithoutBitDhtFlags(const bdId *id, uint32_t peerFlags);

 	// searching for
--- a/libbitdht/src/bitdht/bdmanager.cc
+++ b/libbitdht/src/bitdht/bdmanager.cc
@ -43,6 +43,7 @@
 #include "bitdht/bdmsgs.h"
 #include "bitdht/bencode.h"
 #include "bitdht/bdquerymgr.h"
+#include "bitdht/bdfilter.h"

 #include <algorithm>
 #include <sstream>
@ -386,6 +387,14 @@ void bdNodeManager::iteration()

 				updateStore();

+#ifdef DEBUG_MGR
+				std::cerr << "bdNodeManager::iteration(): Cleaning up Filter (should do less frequently)";
+				std::cerr << std::endl;
+#endif
+
+				mFilterPeers->cleanupFilter();
+
+
 #ifdef DEBUG_MGR
 				std::cerr << "bdNodeManager::iteration(): Do App Search";
 				std::cerr << std::endl;
--- a/libbitdht/src/bitdht/bdnode.cc
+++ b/libbitdht/src/bitdht/bdnode.cc
@ -3,7 +3,7 @@
 *
 * BitDHT: An Flexible DHT library.
 *
- * Copyright 2010 by Robert Fernie
+ * Copyright 2010-2011 by Robert Fernie
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
@ -428,8 +428,7 @@ void bdNode::send_connect_msg(bdId *id, int msgtype, bdId *srcAddr, bdId *destAd



-
-#define TEST_BAD_PEER	1
+//#define DISABLE_BAD_PEER_FILTER		1

 void bdNode::checkPotentialPeer(bdId *id, bdId *src)
 {
@ -443,12 +442,7 @@ void bdNode::checkPotentialPeer(bdId *id, bdId *src)
 		std::cerr << ") BAD ADDRESS!!!! SHOULD DISCARD POTENTIAL PEER";
 		std::cerr << std::endl;

-#ifdef TEST_BAD_PEER
-		std::cerr << "IN TEST MODE... so letting it through.";
-		std::cerr << std::endl;
-#else
 		return;
-#endif
 	}

 	/* is it masquarading? */
@ -465,17 +459,12 @@ void bdNode::checkPotentialPeer(bdId *id, bdId *src)
 				std::cerr << ") MASQARADING AS KNOWN PEER - FLAGGING AS BAD";
 				std::cerr << std::endl;

-#ifdef TEST_BAD_PEER
-				std::cerr << "IN TEST MODE... Notifying, but letting it through.";
-				std::cerr << std::endl;
-
-	        		mBadPeerQueue.queuePeer(id, 0);
-#else
-				
-	        		mFilterPeers->addBadPeer(id, 0);
 				// Stores in queue for later callback and desemination around the network.
 	        		mBadPeerQueue.queuePeer(id, 0);

+#ifndef DISABLE_BAD_PEER_FILTER	
+	        		mFilterPeers->addPeerToFilter(id, 0);
+
 				std::list<struct sockaddr_in> filteredIPs;
 				mFilterPeers->filteredIPs(filteredIPs);
 				mStore.filterIpList(filteredIPs);
@ -533,17 +522,14 @@ void bdNode::addPeer(const bdId *id, uint32_t peerflags)
 		mFilterPeers->filteredIPs(filteredIPs);
 		mStore.filterIpList(filteredIPs);

+	        mBadPeerQueue.queuePeer(id, peerflags);
+
 		return;
 	}

-// NB: TODO CLEANUP THIS CODE - ONCE LOGIC IS TESTED!
-
 	/* next we check if it is a friend, whitelist etc, and adjust flags */
 	bdFriendEntry entry;

-#ifdef TEST_BAD_PEER
-	bool peerBad = false;
-#endif
 	if (mFriendList.findPeerEntry(&(id->id), entry))
 	{
 		/* found! */
@ -560,21 +546,26 @@ void bdNode::addPeer(const bdId *id, uint32_t peerflags)
 				std::cerr << ") MASQARADING AS KNOWN PEER - FLAGGING AS BAD";
 				std::cerr << std::endl;
 				
-#ifdef TEST_BAD_PEER
-				peerBad = true;
-#else
-	        		mFilterPeers->addBadPeer(id, peerflags);
+
 				// Stores in queue for later callback and desemination around the network.
-	        		mBadPeerList->queuePeer(id, peerflags);
+	        		mBadPeerQueue.queuePeer(id, peerflags);
+
+#ifndef DISABLE_BAD_PEER_FILTER	
+	        		mFilterPeers->addPeerToFilter(id, peerflags);

 				std::list<struct sockaddr_in> filteredIPs;
 				mFilterPeers->filteredIPs(filteredIPs);
 				mStore.filterIpList(filteredIPs);
+#endif

 				// DO WE EXPLICITLY NEED TO DO THIS, OR WILL THEY JUST BE DROPPED?
 				//mNodeSpace.remove_badpeer(id);
 				//mQueryMgr->remove_badpeer(id);
+	
+				// FLAG in NodeSpace (Should be dropped very quickly anyway)
+				mNodeSpace.flagpeer(id, 0, BITDHT_PEER_EXFLAG_BADPEER);

+#ifndef DISABLE_BAD_PEER_FILTER	
 				return;		
 #endif
 			}
@ -584,18 +575,6 @@ void bdNode::addPeer(const bdId *id, uint32_t peerflags)
 	mQueryMgr->addPeer(id, peerflags);
 	mNodeSpace.add_peer(id, peerflags);

-#ifdef TEST_BAD_PEER
-	// NOTE: We will push bad peers to Query in the testing case.
-	// This allows us to test the multiple solutions... as well.
-	// In normal behaviour - they will just get stripped and never added.
-	if (peerBad)
-	{
-		mNodeSpace.flagpeer(id, 0, BITDHT_PEER_EXFLAG_BADPEER);
-		//mQueryMgr->flag_badpeer(id);
-	}
-#endif
-
-
 	bdPeer peer;
 	peer.mPeerId = *id;
 	peer.mPeerFlags = peerflags;