github/darkfi
1
1
Fork 0
mirror of https://github.com/darkrenaissance/darkfi.git synced 2026-04-28 03:00:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

net/channel: Attempt to properly parse IPs in Channel::ban()

Browse Source 
Additionally, skip inbound Tor connections as they're anonymous.
This commit is contained in:
parazyd
2024-07-09 13:06:25 +02:00
parent 3bdae810b3
commit f94094e732
2 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/net/channel.rs
View File

@@ -404,7 +404,17 @@ impl Channel {
return
}
match Url::parse(peer.host_str().unwrap()) {
// An inbound Tor connection can't really be banned :)
#[cfg(feature = "p2p-tor")]
if peer.scheme() == "tor" && self.p2p().hosts().is_local_host(peer) {
return
}
// We do this hack in order to parse IPs properly.
// https://github.com/whatwg/url/issues/749
let addr = Url::parse(&format!("http://{}", peer.host_str().unwrap())).unwrap();
match Url::parse(&addr.as_str().replace("http", peer.scheme())) {
Ok(v) => v,
Err(e) => {
error!("[P2P] ban() failed to parse {:?}: {}", peer, e);

20
src/net/hosts.rs
View File

@@ -1036,7 +1036,7 @@ impl Hosts {
// to move this function to a more appropriate location
// in the codebase.
/// Check whether a URL is local host
pub fn is_local_host(&self, url: Url) -> bool {
pub fn is_local_host(&self, url: &Url) -> bool {
// Reject Urls without host strings.
if url.host_str().is_none() {
return false
@@ -1045,6 +1045,7 @@ impl Hosts {
// We do this hack in order to parse IPs properly.
// https://github.com/whatwg/url/issues/749
let addr = Url::parse(&url.as_str().replace(url.scheme(), "http")).unwrap();
// Filter private IP ranges
match addr.host().unwrap() {
url::Host::Ipv4(ip) => {
@@ -1067,7 +1068,7 @@ impl Hosts {
}
/// Check whether a URL is IPV6
pub fn is_ipv6(&self, url: Url) -> bool {
pub fn is_ipv6(&self, url: &Url) -> bool {
// Reject Urls without host strings.
if url.host_str().is_none() {
return false
@@ -1076,6 +1077,7 @@ impl Hosts {
// We do this hack in order to parse IPs properly.
// https://github.com/whatwg/url/issues/749
let addr = Url::parse(&url.as_str().replace(url.scheme(), "http")).unwrap();
if let url::Host::Ipv6(_) = addr.host().unwrap() {
return true
}
@@ -1189,7 +1191,7 @@ impl Hosts {
// Filter non-global ranges if we're not allowing localnet.
// Should never be allowed in production, so we don't really care
// about some of them (e.g. 0.0.0.0, or broadcast, etc.).
if !settings.localnet && self.is_local_host(addr) {
if !settings.localnet && self.is_local_host(&addr) {
debug!(
target: "net::hosts::filter_addresses",
"[{}] Filtering non-global ranges", addr_,
@@ -1230,7 +1232,7 @@ impl Hosts {
// We will personally ignore this peer but still send it to others in
// Protocol Addr to ensure all transports get propagated.
if !settings.allowed_transports.contains(&addr_.scheme().to_string()) ||
(!self.ipv6_available.load(Ordering::SeqCst) && self.is_ipv6(addr_.clone()))
(!self.ipv6_available.load(Ordering::SeqCst) && self.is_ipv6(addr_))
{
self.container.store_or_update(HostColor::Dark, addr_.clone(), *last_seen);
self.container.sort_by_last_seen(HostColor::Dark as usize);
@@ -1352,7 +1354,7 @@ impl Hosts {
if addr.host_str().is_some() {
// Localhost connections should never enter the blacklist
// This however allows any Tor and Nym connections.
if self.is_local_host(addr.clone()) {
if self.is_local_host(addr) {
return Ok(());
}
@@ -1397,7 +1399,7 @@ mod tests {
];
for host in local_hosts {
eprintln!("{}", host);
assert!(hosts.is_local_host(host));
assert!(hosts.is_local_host(&host));
}
let remote_hosts: Vec<Url> = vec![
Url::parse("https://dyne.org").unwrap(),
@@ -1407,7 +1409,7 @@ mod tests {
.unwrap(),
];
for host in remote_hosts {
assert!(!hosts.is_local_host(host))
assert!(!hosts.is_local_host(&host))
}
}
@@ -1429,11 +1431,11 @@ mod tests {
];
for host in ipv6_hosts {
assert!(hosts.is_ipv6(host))
assert!(hosts.is_ipv6(&host))
}
for host in ipv4_hosts {
assert!(!hosts.is_ipv6(host))
assert!(!hosts.is_ipv6(&host))
}
}