more punishment cleanup
This commit is contained in:
Christien Rioux
parent
3f59f3bde3
commit
9d3e847a68
@ -330,7 +330,15 @@ impl Envelope {
|
|||||||
self.sender_id
|
self.sender_id
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn get_sender_typed_id(&self) -> TypedKey {
|
||||||
|
TypedKey::new(self.crypto_kind, self.sender_id)
|
||||||
|
}
|
||||||
|
|
||||||
pub fn get_recipient_id(&self) -> PublicKey {
|
pub fn get_recipient_id(&self) -> PublicKey {
|
||||||
self.recipient_id
|
self.recipient_id
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn get_recipient_typed_id(&self) -> TypedKey {
|
||||||
|
TypedKey::new(self.crypto_kind, self.recipient_id)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -207,6 +207,11 @@ impl Receipt {
|
|||||||
pub fn get_sender_id(&self) -> PublicKey {
|
pub fn get_sender_id(&self) -> PublicKey {
|
||||||
self.sender_id
|
self.sender_id
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn get_sender_typed_id(&self) -> TypedKey {
|
||||||
|
TypedKey::new(self.crypto_kind, self.sender_id)
|
||||||
|
}
|
||||||
|
|
||||||
pub fn get_extra_data(&self) -> &[u8] {
|
pub fn get_extra_data(&self) -> &[u8] {
|
||||||
&self.extra_data
|
&self.extra_data
|
||||||
}
|
}
|
||||||
|
|||||||
@ -954,6 +954,7 @@ impl NetworkManager {
|
|||||||
Ok(v) => v,
|
Ok(v) => v,
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
log_net!(debug "envelope failed to decode: {}", e);
|
log_net!(debug "envelope failed to decode: {}", e);
|
||||||
|
// safe to punish here because relays also check here to ensure they arent forwarding things that don't decode
|
||||||
self.address_filter().punish_ip_addr(remote_addr);
|
self.address_filter().punish_ip_addr(remote_addr);
|
||||||
return Ok(false);
|
return Ok(false);
|
||||||
}
|
}
|
||||||
@ -1005,12 +1006,12 @@ impl NetworkManager {
|
|||||||
|
|
||||||
// Peek at header and see if we need to relay this
|
// Peek at header and see if we need to relay this
|
||||||
// If the recipient id is not our node id, then it needs relaying
|
// If the recipient id is not our node id, then it needs relaying
|
||||||
let sender_id = TypedKey::new(envelope.get_crypto_kind(), envelope.get_sender_id());
|
let sender_id = envelope.get_sender_typed_id();
|
||||||
if self.address_filter().is_node_id_punished(sender_id) {
|
if self.address_filter().is_node_id_punished(sender_id) {
|
||||||
return Ok(false);
|
return Ok(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
let recipient_id = TypedKey::new(envelope.get_crypto_kind(), envelope.get_recipient_id());
|
let recipient_id = envelope.get_recipient_typed_id();
|
||||||
if !routing_table.matches_own_node_id(&[recipient_id]) {
|
if !routing_table.matches_own_node_id(&[recipient_id]) {
|
||||||
// See if the source node is allowed to resolve nodes
|
// See if the source node is allowed to resolve nodes
|
||||||
// This is a costly operation, so only outbound-relay permitted
|
// This is a costly operation, so only outbound-relay permitted
|
||||||
@ -1089,15 +1090,18 @@ impl NetworkManager {
|
|||||||
) {
|
) {
|
||||||
Ok(v) => v,
|
Ok(v) => v,
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
log_net!(debug "failed to decrypt envelope body: {}",e);
|
log_net!(debug "failed to decrypt envelope body: {}", e);
|
||||||
self.address_filter().punish_ip_addr(remote_addr);
|
// Can't punish by ip address here because relaying can't decrypt envelope bodies to check
|
||||||
|
// But because the envelope was properly signed by the time it gets here, it is safe to
|
||||||
|
// punish by node id
|
||||||
|
self.address_filter().punish_node_id(sender_id);
|
||||||
return Ok(false);
|
return Ok(false);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
// Cache the envelope information in the routing table
|
// Cache the envelope information in the routing table
|
||||||
let source_noderef = match routing_table.register_node_with_existing_connection(
|
let source_noderef = match routing_table.register_node_with_existing_connection(
|
||||||
TypedKey::new(envelope.get_crypto_kind(), envelope.get_sender_id()),
|
envelope.get_sender_typed_id(),
|
||||||
connection_descriptor,
|
connection_descriptor,
|
||||||
ts,
|
ts,
|
||||||
) {
|
) {
|
||||||
|
|||||||
@ -315,7 +315,7 @@ impl NetworkConnection {
|
|||||||
return RecvLoopAction::Finish;
|
return RecvLoopAction::Finish;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Punish invalid messages
|
// Punish invalid framing (tcp framing or websocket framing)
|
||||||
if v.is_invalid_message() {
|
if v.is_invalid_message() {
|
||||||
address_filter.punish_ip_addr(peer_address.to_socket_addr().ip());
|
address_filter.punish_ip_addr(peer_address.to_socket_addr().ip());
|
||||||
return RecvLoopAction::Finish;
|
return RecvLoopAction::Finish;
|
||||||
|
|||||||
@ -319,10 +319,7 @@ impl RPCProcessor {
|
|||||||
};
|
};
|
||||||
|
|
||||||
// Reply directly to the request's source
|
// Reply directly to the request's source
|
||||||
let sender_node_id = TypedKey::new(
|
let sender_node_id = detail.envelope.get_sender_typed_id();
|
||||||
detail.envelope.get_crypto_kind(),
|
|
||||||
detail.envelope.get_sender_id(),
|
|
||||||
);
|
|
||||||
|
|
||||||
// This may be a different node's reference than the 'sender' in the case of a relay
|
// This may be a different node's reference than the 'sender' in the case of a relay
|
||||||
let peer_noderef = detail.peer_noderef.clone();
|
let peer_noderef = detail.peer_noderef.clone();
|
||||||
|
|||||||
@ -126,17 +126,9 @@ impl RPCMessageHeader {
|
|||||||
}
|
}
|
||||||
pub fn direct_sender_node_id(&self) -> TypedKey {
|
pub fn direct_sender_node_id(&self) -> TypedKey {
|
||||||
match &self.detail {
|
match &self.detail {
|
||||||
RPCMessageHeaderDetail::Direct(d) => {
|
RPCMessageHeaderDetail::Direct(d) => d.envelope.get_sender_typed_id(),
|
||||||
TypedKey::new(d.envelope.get_crypto_kind(), d.envelope.get_sender_id())
|
RPCMessageHeaderDetail::SafetyRouted(s) => s.direct.envelope.get_sender_typed_id(),
|
||||||
}
|
RPCMessageHeaderDetail::PrivateRouted(p) => p.direct.envelope.get_sender_typed_id(),
|
||||||
RPCMessageHeaderDetail::SafetyRouted(s) => TypedKey::new(
|
|
||||||
s.direct.envelope.get_crypto_kind(),
|
|
||||||
s.direct.envelope.get_sender_id(),
|
|
||||||
),
|
|
||||||
RPCMessageHeaderDetail::PrivateRouted(p) => TypedKey::new(
|
|
||||||
p.direct.envelope.get_crypto_kind(),
|
|
||||||
p.direct.envelope.get_sender_id(),
|
|
||||||
),
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1464,10 +1456,7 @@ impl RPCProcessor {
|
|||||||
let msg = match &encoded_msg.header.detail {
|
let msg = match &encoded_msg.header.detail {
|
||||||
RPCMessageHeaderDetail::Direct(detail) => {
|
RPCMessageHeaderDetail::Direct(detail) => {
|
||||||
// Get sender node id
|
// Get sender node id
|
||||||
let sender_node_id = TypedKey::new(
|
let sender_node_id = detail.envelope.get_sender_typed_id();
|
||||||
detail.envelope.get_crypto_kind(),
|
|
||||||
detail.envelope.get_sender_id(),
|
|
||||||
);
|
|
||||||
|
|
||||||
// Decode and validate the RPC operation
|
// Decode and validate the RPC operation
|
||||||
let operation = match self.decode_rpc_operation(&encoded_msg) {
|
let operation = match self.decode_rpc_operation(&encoded_msg) {
|
||||||
|
|||||||
@ -104,10 +104,7 @@ impl RPCProcessor {
|
|||||||
// We filter on the -outgoing- protocol capability status not the node's dial info
|
// We filter on the -outgoing- protocol capability status not the node's dial info
|
||||||
// Use the address type though, to ensure we reach an ipv6 capable node if this is
|
// Use the address type though, to ensure we reach an ipv6 capable node if this is
|
||||||
// an ipv6 address
|
// an ipv6 address
|
||||||
let sender_node_id = TypedKey::new(
|
let sender_node_id = detail.envelope.get_sender_typed_id();
|
||||||
detail.envelope.get_crypto_kind(),
|
|
||||||
detail.envelope.get_sender_id(),
|
|
||||||
);
|
|
||||||
let routing_domain = detail.routing_domain;
|
let routing_domain = detail.routing_domain;
|
||||||
let node_count = {
|
let node_count = {
|
||||||
let c = self.config.get();
|
let c = self.config.get();
|
||||||
|
|||||||
@ -91,6 +91,13 @@ extension DHTRecordDescriptorExt on DHTRecordDescriptor {
|
|||||||
}
|
}
|
||||||
return KeyPair(key: owner, secret: ownerSecret!);
|
return KeyPair(key: owner, secret: ownerSecret!);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TypedKeyPair? ownerTypedKeyPair() {
|
||||||
|
if (ownerSecret == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return TypedKeyPair(kind: key.kind, key: owner, secret: ownerSecret!);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//////////////////////////////////////
|
//////////////////////////////////////
|
||||||
|
|||||||
@ -21,6 +21,8 @@ String cryptoKindToString(CryptoKind kind) {
|
|||||||
return "${String.fromCharCode(kind & 0xFF)}${String.fromCharCode((kind >> 8) & 0xFF)}${String.fromCharCode((kind >> 16) & 0xFF)}${String.fromCharCode((kind >> 24) & 0xFF)}";
|
return "${String.fromCharCode(kind & 0xFF)}${String.fromCharCode((kind >> 8) & 0xFF)}${String.fromCharCode((kind >> 16) & 0xFF)}${String.fromCharCode((kind >> 24) & 0xFF)}";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const CryptoKind bestCryptoKind = cryptoKindVLD0;
|
||||||
|
|
||||||
Uint8List cryptoKindToBytes(CryptoKind kind) {
|
Uint8List cryptoKindToBytes(CryptoKind kind) {
|
||||||
var b = Uint8List(4);
|
var b = Uint8List(4);
|
||||||
b[0] = kind & 0xFF;
|
b[0] = kind & 0xFF;
|
||||||
@ -140,6 +142,8 @@ class TypedKeyPair extends Equatable {
|
|||||||
String toJson() => toString();
|
String toJson() => toString();
|
||||||
factory TypedKeyPair.fromJson(dynamic json) =>
|
factory TypedKeyPair.fromJson(dynamic json) =>
|
||||||
TypedKeyPair.fromString(json as String);
|
TypedKeyPair.fromString(json as String);
|
||||||
|
factory TypedKeyPair.fromKeyPair(CryptoKind kind, KeyPair keyPair) =>
|
||||||
|
TypedKeyPair(kind: kind, key: keyPair.key, secret: keyPair.secret);
|
||||||
}
|
}
|
||||||
|
|
||||||
typedef CryptoKey = FixedEncodedString43;
|
typedef CryptoKey = FixedEncodedString43;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user