PurpleI2P/i2pd
1
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-01-12 18:38:07 +00:00
Code Issues Releases Activity

ban abusing IPs

Browse Source
This commit is contained in:
orignal 2015-02-10 13:05:08 -05:00
parent 6783b22ad0
commit 52f9d5f0aa
2 changed files with 38 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
NTCPSession.cpp
View File

@ -131,11 +131,17 @@ namespace transport
void NTCPSession::ServerLogin () void NTCPSession::ServerLogin ()
{ {
// receive Phase1 boost::system::error_code ec;
boost::asio::async_read (m_Socket, boost::asio::buffer(&m_Establisher->phase1, sizeof (NTCPPhase1)), boost::asio::transfer_all (), auto ep = m_Socket.remote_endpoint(ec);
std::bind(&NTCPSession::HandlePhase1Received, shared_from_this (), if (!ec)
std::placeholders::_1, std::placeholders::_2)); {
ScheduleTermination (); m_ConnectedFrom = ep.address ();
// receive Phase1
boost::asio::async_read (m_Socket, boost::asio::buffer(&m_Establisher->phase1, sizeof (NTCPPhase1)), boost::asio::transfer_all (),
std::bind(&NTCPSession::HandlePhase1Received, shared_from_this (),
std::placeholders::_1, std::placeholders::_2));
ScheduleTermination ();
}
} }
void NTCPSession::HandlePhase1Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred) void NTCPSession::HandlePhase1Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred)
@ -482,6 +488,7 @@ namespace transport
if (ecode) if (ecode)
{ {
LogPrint (eLogError, "Read error: ", ecode.message ()); LogPrint (eLogError, "Read error: ", ecode.message ());
if (!m_NumReceivedBytes) m_Server.Ban (m_ConnectedFrom);
//if (ecode != boost::asio::error::operation_aborted) //if (ecode != boost::asio::error::operation_aborted)
Terminate (); Terminate ();
} }
@ -857,7 +864,20 @@ namespace transport
if (!ec) if (!ec)
{ {
LogPrint (eLogInfo, "Connected from ", ep); LogPrint (eLogInfo, "Connected from ", ep);
conn->ServerLogin (); auto it = m_BanList.find (ep.address ());
if (it != m_BanList.end ())
{
uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
if (ts < it->second)
{
LogPrint (eLogInfo, ep.address (), " is banned for ", it->second - ts, " more seconds");
conn = nullptr;
}
else
m_BanList.erase (it);
}
if (conn)
conn->ServerLogin ();
} }
else else
LogPrint (eLogError, "Connected from error ", ec.message ()); LogPrint (eLogError, "Connected from error ", ec.message ());
@ -923,5 +943,12 @@ namespace transport
conn->ClientLogin (); conn->ClientLogin ();
} }
} }
void NTCPServer::Ban (const boost::asio::ip::address& addr)
{
uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
m_BanList[addr] = ts + NTCP_BAN_EXPIRATION_TIMEOUT;
LogPrint (eLogInfo, addr, " has been banned for ", NTCP_BAN_EXPIRATION_TIMEOUT, " seconds");
}
} }
} }

6
NTCPSession.h
View File

@ -45,6 +45,7 @@ namespace transport
const size_t NTCP_BUFFER_SIZE = 4160; // fits 4 tunnel messages (4*1028) const size_t NTCP_BUFFER_SIZE = 4160; // fits 4 tunnel messages (4*1028)
const int NTCP_TERMINATION_TIMEOUT = 120; // 2 minutes const int NTCP_TERMINATION_TIMEOUT = 120; // 2 minutes
const size_t NTCP_DEFAULT_PHASE3_SIZE = 2/*size*/ + i2p::data::DEFAULT_IDENTITY_SIZE/*387*/ + 4/*ts*/ + 15/*padding*/ + 40/*signature*/; // 448 const size_t NTCP_DEFAULT_PHASE3_SIZE = 2/*size*/ + i2p::data::DEFAULT_IDENTITY_SIZE/*387*/ + 4/*ts*/ + 15/*padding*/ + 40/*signature*/; // 448
const int NTCP_BAN_EXPIRATION_TIMEOUT = 70; // in second
class NTCPServer; class NTCPServer;
class NTCPSession: public TransportSession, public std::enable_shared_from_this<NTCPSession> class NTCPSession: public TransportSession, public std::enable_shared_from_this<NTCPSession>
@ -138,6 +139,7 @@ namespace transport
std::vector<I2NPMessage *> m_SendQueue; std::vector<I2NPMessage *> m_SendQueue;
size_t m_NumSentBytes, m_NumReceivedBytes; size_t m_NumSentBytes, m_NumReceivedBytes;
boost::asio::ip::address m_ConnectedFrom; // for ban
}; };
// TODO: move to NTCP.h/.cpp // TODO: move to NTCP.h/.cpp
@ -157,7 +159,8 @@ namespace transport
void Connect (const boost::asio::ip::address& address, int port, std::shared_ptr<NTCPSession> conn); void Connect (const boost::asio::ip::address& address, int port, std::shared_ptr<NTCPSession> conn);
boost::asio::io_service& GetService () { return m_Service; }; boost::asio::io_service& GetService () { return m_Service; };
void Ban (const boost::asio::ip::address& addr);
private: private:
void Run (); void Run ();
@ -175,6 +178,7 @@ namespace transport
boost::asio::ip::tcp::acceptor * m_NTCPAcceptor, * m_NTCPV6Acceptor; boost::asio::ip::tcp::acceptor * m_NTCPAcceptor, * m_NTCPV6Acceptor;
std::mutex m_NTCPSessionsMutex; std::mutex m_NTCPSessionsMutex;
std::map<i2p::data::IdentHash, std::shared_ptr<NTCPSession> > m_NTCPSessions; std::map<i2p::data::IdentHash, std::shared_ptr<NTCPSession> > m_NTCPSessions;
std::map<boost::asio::ip::address, uint32_t> m_BanList; // IP -> ban expiration time in seconds
public: public: