mirror of
https://github.com/0glabs/0g-storage-node.git
synced 2025-01-12 16:15:17 +00:00
Verify announced IP with seen ip for pubsub msg (#130)
* Verify announced IP with seen ip for pubsub msg * do not verify announced ip at local mode
This commit is contained in:
parent
920efe0b59
commit
a5f95e2e7b
@ -1,3 +1,4 @@
|
|||||||
|
use std::net::IpAddr;
|
||||||
use std::{ops::Neg, sync::Arc};
|
use std::{ops::Neg, sync::Arc};
|
||||||
|
|
||||||
use chunk_pool::ChunkPoolMessage;
|
use chunk_pool::ChunkPoolMessage;
|
||||||
@ -517,6 +518,39 @@ impl Libp2pEventHandler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Verify the announced IP address and `libp2p` seen IP address to prevent DDOS attack.
|
||||||
|
fn verify_announced_address(&self, peer_id: &PeerId, addr: &Multiaddr) -> bool {
|
||||||
|
let mut announced_ip = None;
|
||||||
|
|
||||||
|
for c in addr.iter() {
|
||||||
|
match c {
|
||||||
|
Protocol::Ip4(addr) => announced_ip = Some(IpAddr::V4(addr)),
|
||||||
|
Protocol::Ip6(addr) => announced_ip = Some(IpAddr::V6(addr)),
|
||||||
|
_ => {}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let announced_ip = match announced_ip {
|
||||||
|
Some(v) => v,
|
||||||
|
None => return false,
|
||||||
|
};
|
||||||
|
|
||||||
|
let seen_ips: Vec<IpAddr> = match self.network_globals.peers.read().peer_info(peer_id) {
|
||||||
|
Some(v) => v.seen_ip_addresses().collect(),
|
||||||
|
None => {
|
||||||
|
debug!(%announced_ip, "Failed to verify announced IP address, no peer info found");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
if seen_ips.iter().any(|x| *x == announced_ip) {
|
||||||
|
true
|
||||||
|
} else {
|
||||||
|
debug!(%announced_ip, ?seen_ips, "Failed to verify announced IP address, mismatch with seen ips");
|
||||||
|
false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
fn on_announce_file(
|
fn on_announce_file(
|
||||||
&self,
|
&self,
|
||||||
propagation_source: PeerId,
|
propagation_source: PeerId,
|
||||||
@ -533,6 +567,11 @@ impl Libp2pEventHandler {
|
|||||||
return MessageAcceptance::Reject;
|
return MessageAcceptance::Reject;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// verify announced ip address if required
|
||||||
|
if !self.config.private_ip_enabled && !self.verify_announced_address(&msg.peer_id, &addr) {
|
||||||
|
return MessageAcceptance::Reject;
|
||||||
|
}
|
||||||
|
|
||||||
// propagate gossip to peers
|
// propagate gossip to peers
|
||||||
let d = duration_since(msg.resend_timestamp);
|
let d = duration_since(msg.resend_timestamp);
|
||||||
if d < TOLERABLE_DRIFT.neg() || d > *ANNOUNCE_FILE_TIMEOUT {
|
if d < TOLERABLE_DRIFT.neg() || d > *ANNOUNCE_FILE_TIMEOUT {
|
||||||
@ -569,6 +608,11 @@ impl Libp2pEventHandler {
|
|||||||
return MessageAcceptance::Reject;
|
return MessageAcceptance::Reject;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// verify announced ip address if required
|
||||||
|
if !self.config.private_ip_enabled && !self.verify_announced_address(&msg.peer_id, &addr) {
|
||||||
|
return MessageAcceptance::Reject;
|
||||||
|
}
|
||||||
|
|
||||||
// propagate gossip to peers
|
// propagate gossip to peers
|
||||||
let d = duration_since(msg.resend_timestamp);
|
let d = duration_since(msg.resend_timestamp);
|
||||||
if d < TOLERABLE_DRIFT.neg() || d > *ANNOUNCE_SHARD_CONFIG_TIMEOUT {
|
if d < TOLERABLE_DRIFT.neg() || d > *ANNOUNCE_SHARD_CONFIG_TIMEOUT {
|
||||||
@ -610,6 +654,11 @@ impl Libp2pEventHandler {
|
|||||||
return MessageAcceptance::Reject;
|
return MessageAcceptance::Reject;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// verify announced ip address if required
|
||||||
|
if !self.config.private_ip_enabled && !self.verify_announced_address(&msg.peer_id, &addr) {
|
||||||
|
return MessageAcceptance::Reject;
|
||||||
|
}
|
||||||
|
|
||||||
// propagate gossip to peers
|
// propagate gossip to peers
|
||||||
let d = duration_since(msg.resend_timestamp);
|
let d = duration_since(msg.resend_timestamp);
|
||||||
if d < TOLERABLE_DRIFT.neg() || d > *ANNOUNCE_FILE_TIMEOUT {
|
if d < TOLERABLE_DRIFT.neg() || d > *ANNOUNCE_FILE_TIMEOUT {
|
||||||
|
Loading…
Reference in New Issue
Block a user