Improvements to BadPeer Filter.

* Enabling Local BadPeer Filter. - This will remove any peer you detect is spoofing yourself or your friends. - This list is also shared with you friends. (in Test Mode). * added Cleanup of BadPeer Filter. - Instead of permanent ban, peers are be banned for 6 hours. - bdManager periodically calls this - which prints out ban list too. * added #define to disable the Filter - for testing purposes. NOTES: This Ip Filter should probably be moved from DHT level to UdpLayer level. This will enable it to filter STUN / UDP Connection Packets too. git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-dhtmods@4716 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2025-05-03 14:45:12 -04:00 · 2011-12-08 20:00:20 +00:00 · 2011-12-08 20:00:20 +00:00 · b6dbdf9396
commit b6dbdf9396
parent 92c53ff0d2
4 changed files with 84 additions and 39 deletions
--- a/libbitdht/src/bitdht/bdfilter.cc
+++ b/libbitdht/src/bitdht/bdfilter.cc
@ -36,6 +36,8 @@
 * #define DEBUG_FILTER 1
 **/
 #define BDFILTER_ENTRY_DROP_PERIOD	(6 * 3600)
 bdFilter::bdFilter(const bdNodeId *ownId, std::list<bdFilteredPeer> &startList, 
 		uint32_t filterFlags, bdDhtFunctions *fns)
@ -129,6 +131,7 @@ int bdFilter::addPeerToFilter(const bdId *id, uint32_t flags)
 		return true;
 	}
 	return false;
 }
@ -171,4 +174,56 @@ bool bdFilter::isOwnIdWithoutBitDhtFlags(const bdId *id, uint32_t peerFlags)
 }
 /* periodically we want to cleanup the filter....
 * if we haven't had an IP address reported as filtered for several hours.
 * remove it from the list.
 */
 bool bdFilter::cleanupFilter()
 {
 	std::cerr << "bdFilter::cleanupFilter() Current BanList" << std::endl;
 	struct in_addr inaddr;
 	std::set<uint32_t>::iterator sit;
 	for(sit = mIpsBanned.begin(); sit != mIpsBanned.end(); sit++)
 	{
 		inaddr.s_addr = *sit;
 		std::cerr << "\tBanned: " << inet_ntoa(inaddr) << std::endl;
 	}
 	mIpsBanned.clear();
 	std::cerr << "Filter List:" << std::endl;
 	time_t now = time(NULL);
 	time_t dropTime = now - BDFILTER_ENTRY_DROP_PERIOD;
 	std::list<bdFilteredPeer>::iterator it;
 	for(it = mFiltered.begin(); it != mFiltered.end();)
 	{
 		std::cerr << "\t" << inet_ntoa(it->mAddr.sin_addr);
 		std::cerr << " Flags: " << it->mFilterFlags;
 		std::cerr << " FilterTS: " << now - it->mFilterTS;
 		std::cerr << " LastSeen: " << now - it->mLastSeen;
 		if (it->mLastSeen < dropTime)
 		{
 			/* remove from filter */
 			std::cerr << " OLD DROPPING" << std::endl;
 			it = mFiltered.erase(it);
 		}
 		else
 		{
 			std::cerr << " OK" << std::endl;
 			uint32_t saddr = it->mAddr.sin_addr.s_addr;
 			mIpsBanned.insert(saddr);
 			it++;
 		}
 	}
 	return true;
 }
--- a/libbitdht/src/bitdht/bdfilter.h
+++ b/libbitdht/src/bitdht/bdfilter.h
@ -60,10 +60,12 @@ bool	filteredIPs(std::list<struct sockaddr_in> &answer);
 int 	checkPeer(const bdId *id, uint32_t peerFlags);
 int 	addrOkay(struct sockaddr_in *addr);
 int 	addPeerToFilter(const bdId *id, uint32_t flags);
 bool 	cleanupFilter();
 	private:
 int 	addPeerToFilter(const bdId *id, uint32_t flags);
 bool	isOwnIdWithoutBitDhtFlags(const bdId *id, uint32_t peerFlags);
 	// searching for
--- a/libbitdht/src/bitdht/bdmanager.cc
+++ b/libbitdht/src/bitdht/bdmanager.cc
@ -43,6 +43,7 @@
 #include "bitdht/bdmsgs.h"
 #include "bitdht/bencode.h"
 #include "bitdht/bdquerymgr.h"
 #include "bitdht/bdfilter.h"
 #include <algorithm>
 #include <sstream>
@ -386,6 +387,14 @@ void bdNodeManager::iteration()
 				updateStore();
 #ifdef DEBUG_MGR
 				std::cerr << "bdNodeManager::iteration(): Cleaning up Filter (should do less frequently)";
 				std::cerr << std::endl;
 #endif
 				mFilterPeers->cleanupFilter();
 #ifdef DEBUG_MGR
 				std::cerr << "bdNodeManager::iteration(): Do App Search";
 				std::cerr << std::endl;
--- a/libbitdht/src/bitdht/bdnode.cc
+++ b/libbitdht/src/bitdht/bdnode.cc
@ -3,7 +3,7 @@
 *
 * BitDHT: An Flexible DHT library.
 *
- * Copyright 2010 by Robert Fernie
+ * Copyright 2010-2011 by Robert Fernie
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
@ -428,8 +428,7 @@ void bdNode::send_connect_msg(bdId *id, int msgtype, bdId *srcAddr, bdId *destAd
-
+//#define DISABLE_BAD_PEER_FILTER		1
 #define TEST_BAD_PEER	1
 void bdNode::checkPotentialPeer(bdId *id, bdId *src)
 {
@ -443,12 +442,7 @@ void bdNode::checkPotentialPeer(bdId *id, bdId *src)
 		std::cerr << ") BAD ADDRESS!!!! SHOULD DISCARD POTENTIAL PEER";
 		std::cerr << std::endl;
 #ifdef TEST_BAD_PEER
 		std::cerr << "IN TEST MODE... so letting it through.";
 		std::cerr << std::endl;
 #else
 		return;
 #endif
 	}
 	/* is it masquarading? */
@ -465,17 +459,12 @@ void bdNode::checkPotentialPeer(bdId *id, bdId *src)
 				std::cerr << ") MASQARADING AS KNOWN PEER - FLAGGING AS BAD";
 				std::cerr << std::endl;
 #ifdef TEST_BAD_PEER
 				std::cerr << "IN TEST MODE... Notifying, but letting it through.";
 				std::cerr << std::endl;
 	        		mBadPeerQueue.queuePeer(id, 0);
 #else
 	        		mFilterPeers->addBadPeer(id, 0);
 				// Stores in queue for later callback and desemination around the network.
 	        		mBadPeerQueue.queuePeer(id, 0);
 #ifndef DISABLE_BAD_PEER_FILTER	
 	        		mFilterPeers->addPeerToFilter(id, 0);
 				std::list<struct sockaddr_in> filteredIPs;
 				mFilterPeers->filteredIPs(filteredIPs);
 				mStore.filterIpList(filteredIPs);
@ -533,17 +522,14 @@ void bdNode::addPeer(const bdId *id, uint32_t peerflags)
 		mFilterPeers->filteredIPs(filteredIPs);
 		mStore.filterIpList(filteredIPs);
 	        mBadPeerQueue.queuePeer(id, peerflags);
 		return;
 	}
 // NB: TODO CLEANUP THIS CODE - ONCE LOGIC IS TESTED!
 	/* next we check if it is a friend, whitelist etc, and adjust flags */
 	bdFriendEntry entry;
 #ifdef TEST_BAD_PEER
 	bool peerBad = false;
 #endif
 	if (mFriendList.findPeerEntry(&(id->id), entry))
 	{
 		/* found! */
@ -560,21 +546,26 @@ void bdNode::addPeer(const bdId *id, uint32_t peerflags)
 				std::cerr << ") MASQARADING AS KNOWN PEER - FLAGGING AS BAD";
 				std::cerr << std::endl;
-#ifdef TEST_BAD_PEER
+
 				peerBad = true;
 #else
 	        		mFilterPeers->addBadPeer(id, peerflags);
 				// Stores in queue for later callback and desemination around the network.
-	        		mBadPeerList->queuePeer(id, peerflags);
+	        		mBadPeerQueue.queuePeer(id, peerflags);
 #ifndef DISABLE_BAD_PEER_FILTER	
 	        		mFilterPeers->addPeerToFilter(id, peerflags);
 				std::list<struct sockaddr_in> filteredIPs;
 				mFilterPeers->filteredIPs(filteredIPs);
 				mStore.filterIpList(filteredIPs);
 #endif
 				// DO WE EXPLICITLY NEED TO DO THIS, OR WILL THEY JUST BE DROPPED?
 				//mNodeSpace.remove_badpeer(id);
 				//mQueryMgr->remove_badpeer(id);
 				// FLAG in NodeSpace (Should be dropped very quickly anyway)
 				mNodeSpace.flagpeer(id, 0, BITDHT_PEER_EXFLAG_BADPEER);
 #ifndef DISABLE_BAD_PEER_FILTER	
 				return;		
 #endif
 			}
@ -584,18 +575,6 @@ void bdNode::addPeer(const bdId *id, uint32_t peerflags)
 	mQueryMgr->addPeer(id, peerflags);
 	mNodeSpace.add_peer(id, peerflags);
 #ifdef TEST_BAD_PEER
 	// NOTE: We will push bad peers to Query in the testing case.
 	// This allows us to test the multiple solutions... as well.
 	// In normal behaviour - they will just get stripped and never added.
 	if (peerBad)
 	{
 		mNodeSpace.flagpeer(id, 0, BITDHT_PEER_EXFLAG_BADPEER);
 		//mQueryMgr->flag_badpeer(id);
 	}
 #endif
 	bdPeer peer;
 	peer.mPeerId = *id;
 	peer.mPeerFlags = peerflags;