From 3f269e988c9dae849208dca4167cbadbcd1ab90d Mon Sep 17 00:00:00 2001 From: Miguel Herranz Date: Sat, 14 Jan 2017 13:21:20 +0100 Subject: [PATCH 1/2] Limit incoming connections from the same IP --- src/p2p/net_node.h | 2 ++ src/p2p/net_node.inl | 30 ++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/src/p2p/net_node.h b/src/p2p/net_node.h index cc6a486d3..3f5a5ad93 100644 --- a/src/p2p/net_node.h +++ b/src/p2p/net_node.h @@ -227,6 +227,8 @@ namespace nodetool bool set_rate_down_limit(const boost::program_options::variables_map& vm, int64_t limit); bool set_rate_limit(const boost::program_options::variables_map& vm, int64_t limit); + bool has_too_many_connections(const uint32_t ip); + void kill() { ///< will be called e.g. from deinit() _info("Killing the net_node"); is_closing = true; diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl index f32e7a435..e9847b64d 100644 --- a/src/p2p/net_node.inl +++ b/src/p2p/net_node.inl @@ -1457,6 +1457,14 @@ namespace nodetool drop_connection(context); return 1; } + + if(has_too_many_connections(context.m_remote_ip)) + { + LOG_PRINT_CCONTEXT_L1("CONNECTION FROM " << epee::string_tools::get_ip_string_from_int32(context.m_remote_ip) << " REFUSED, too many connections from the same address"); + drop_connection(context); + return 1; + } + //associate peer_id with this connection context.peer_id = arg.node_data.peer_id; @@ -1677,4 +1685,26 @@ namespace nodetool return true; } + + template + bool node_server::has_too_many_connections(const uint32_t ip) + { + const uint8_t max_connections = 3; + uint8_t count = 0; + + m_net_server.get_config_object().foreach_connection([&](const p2p_connection_context& cntxt) + { + if (cntxt.m_is_income && cntxt.m_remote_ip == ip) { + count++; + + if (count > max_connections) { + return false; + } + } + + return true; + }); + + return count > max_connections; + } } From 0e0e6c5f391769dddeead94e0535164f04bac5d6 Mon Sep 17 00:00:00 2001 From: Miguel Herranz Date: Mon, 16 Jan 2017 18:16:32 +0100 Subject: [PATCH 2/2] Reduce to one connection per IP --- src/p2p/net_node.inl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl index e9847b64d..452f6d1a6 100644 --- a/src/p2p/net_node.inl +++ b/src/p2p/net_node.inl @@ -1689,7 +1689,7 @@ namespace nodetool template bool node_server::has_too_many_connections(const uint32_t ip) { - const uint8_t max_connections = 3; + const uint8_t max_connections = 1; uint8_t count = 0; m_net_server.get_config_object().foreach_connection([&](const p2p_connection_context& cntxt)