Do not use peer_id tracking method over i2p/tor

This commit is contained in:
Lee Clagett 2020-11-12 16:42:49 -05:00
parent 0833680c74
commit 37bb59485f
2 changed files with 51 additions and 40 deletions

View file

@ -149,7 +149,7 @@ namespace nodetool
{ {
config_t() config_t()
: m_net_config(), : m_net_config(),
m_peer_id(crypto::rand<uint64_t>()), m_peer_id(1),
m_support_flags(0) m_support_flags(0)
{} {}

View file

@ -139,7 +139,9 @@ namespace nodetool
if (storage) if (storage)
m_peerlist_storage = std::move(*storage); m_peerlist_storage = std::move(*storage);
m_network_zones[epee::net_utils::zone::public_].m_config.m_support_flags = P2P_SUPPORT_FLAGS; network_zone& public_zone = m_network_zones[epee::net_utils::zone::public_];
public_zone.m_config.m_support_flags = P2P_SUPPORT_FLAGS;
public_zone.m_config.m_peer_id = crypto::rand<uint64_t>();
m_first_connection_maker_call = true; m_first_connection_maker_call = true;
CATCH_ENTRY_L0("node_server::init_config", false); CATCH_ENTRY_L0("node_server::init_config", false);
@ -1135,11 +1137,12 @@ namespace nodetool
pi = context.peer_id = rsp.node_data.peer_id; pi = context.peer_id = rsp.node_data.peer_id;
context.m_rpc_port = rsp.node_data.rpc_port; context.m_rpc_port = rsp.node_data.rpc_port;
context.m_rpc_credits_per_hash = rsp.node_data.rpc_credits_per_hash; context.m_rpc_credits_per_hash = rsp.node_data.rpc_credits_per_hash;
network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone()); const auto azone = context.m_remote_address.get_zone();
network_zone& zone = m_network_zones.at(azone);
zone.m_peerlist.set_peer_just_seen(rsp.node_data.peer_id, context.m_remote_address, context.m_pruning_seed, context.m_rpc_port, context.m_rpc_credits_per_hash); zone.m_peerlist.set_peer_just_seen(rsp.node_data.peer_id, context.m_remote_address, context.m_pruning_seed, context.m_rpc_port, context.m_rpc_credits_per_hash);
// move // move
if(rsp.node_data.peer_id == zone.m_config.m_peer_id) if(azone == epee::net_utils::zone::public_ && rsp.node_data.peer_id == zone.m_config.m_peer_id)
{ {
LOG_DEBUG_CC(context, "Connection to self detected, dropping connection"); LOG_DEBUG_CC(context, "Connection to self detected, dropping connection");
hsh_result = false; hsh_result = false;
@ -1231,50 +1234,51 @@ namespace nodetool
template<class t_payload_net_handler> template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::is_peer_used(const peerlist_entry& peer) bool node_server<t_payload_net_handler>::is_peer_used(const peerlist_entry& peer)
{ {
for(const auto& zone : m_network_zones) const auto zone = peer.adr.get_zone();
if(zone.second.m_config.m_peer_id == peer.id) const auto server = m_network_zones.find(zone);
if (server == m_network_zones.end())
return false;
const bool is_public = (zone == epee::net_utils::zone::public_);
if(is_public && server->second.m_config.m_peer_id == peer.id)
return true;//dont make connections to ourself return true;//dont make connections to ourself
bool used = false; bool used = false;
for(auto& zone : m_network_zones) server->second.m_net_server.get_config_object().foreach_connection([&, is_public](const p2p_connection_context& cntxt)
{ {
zone.second.m_net_server.get_config_object().foreach_connection([&](const p2p_connection_context& cntxt) if((is_public && cntxt.peer_id == peer.id) || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address))
{
if(cntxt.peer_id == peer.id || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address))
{ {
used = true; used = true;
return false;//stop enumerating return false;//stop enumerating
} }
return true; return true;
}); });
return used;
if(used)
return true;
}
return false;
} }
//----------------------------------------------------------------------------------- //-----------------------------------------------------------------------------------
template<class t_payload_net_handler> template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::is_peer_used(const anchor_peerlist_entry& peer) bool node_server<t_payload_net_handler>::is_peer_used(const anchor_peerlist_entry& peer)
{ {
for(auto& zone : m_network_zones) { const auto zone = peer.adr.get_zone();
if(zone.second.m_config.m_peer_id == peer.id) { const auto server = m_network_zones.find(zone);
if (server == m_network_zones.end())
return false;
const bool is_public = (zone == epee::net_utils::zone::public_);
if(is_public && server->second.m_config.m_peer_id == peer.id)
return true;//dont make connections to ourself return true;//dont make connections to ourself
}
bool used = false; bool used = false;
zone.second.m_net_server.get_config_object().foreach_connection([&](const p2p_connection_context& cntxt) server->second.m_net_server.get_config_object().foreach_connection([&, is_public](const p2p_connection_context& cntxt)
{ {
if(cntxt.peer_id == peer.id || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address)) if((is_public && cntxt.peer_id == peer.id) || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address))
{ {
used = true; used = true;
return false;//stop enumerating return false;//stop enumerating
} }
return true; return true;
}); });
if (used) return used;
return true;
}
return false;
} }
//----------------------------------------------------------------------------------- //-----------------------------------------------------------------------------------
template<class t_payload_net_handler> template<class t_payload_net_handler>
@ -1320,6 +1324,9 @@ namespace nodetool
if (zone.m_connect == nullptr) // outgoing connections in zone not possible if (zone.m_connect == nullptr) // outgoing connections in zone not possible
return false; return false;
if (zone.m_our_address == na)
return false;
if (zone.m_current_number_of_out_peers == zone.m_config.m_net_config.max_out_connection_count) // out peers limit if (zone.m_current_number_of_out_peers == zone.m_config.m_net_config.max_out_connection_count) // out peers limit
{ {
return false; return false;
@ -1647,6 +1654,9 @@ namespace nodetool
peerid_to_string(pe.id) << " " << pe.adr.str() << ", pruning seed " << epee::string_tools::to_string_hex(pe.pruning_seed) << peerid_to_string(pe.id) << " " << pe.adr.str() << ", pruning seed " << epee::string_tools::to_string_hex(pe.pruning_seed) <<
" (stripe " << next_needed_pruning_stripe << " needed)"); " (stripe " << next_needed_pruning_stripe << " needed)");
if(zone.m_our_address == pe.adr)
continue;
if(is_peer_used(pe)) { if(is_peer_used(pe)) {
_note("Peer is used"); _note("Peer is used");
continue; continue;
@ -2420,11 +2430,12 @@ namespace nodetool
return 1; return 1;
} }
network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone()); const auto azone = context.m_remote_address.get_zone();
network_zone& zone = m_network_zones.at(azone);
// test only the remote end's zone, otherwise an attacker could connect to you on clearnet // test only the remote end's zone, otherwise an attacker could connect to you on clearnet
// and pass in a tor connection's peer id, and deduce the two are the same if you reject it // and pass in a tor connection's peer id, and deduce the two are the same if you reject it
if(arg.node_data.peer_id == zone.m_config.m_peer_id) if(azone == epee::net_utils::zone::public_ && arg.node_data.peer_id == zone.m_config.m_peer_id)
{ {
LOG_DEBUG_CC(context, "Connection to self detected, dropping connection"); LOG_DEBUG_CC(context, "Connection to self detected, dropping connection");
drop_connection(context); drop_connection(context);