Do not use peer_id tracking method over i2p/tor

This commit is contained in:
Lee Clagett 2020-11-12 16:42:49 -05:00 committed by wowario
parent 3208d97f9c
commit a840b7e20c
No known key found for this signature in database
GPG key ID: 24DCBE762DE9C111
2 changed files with 51 additions and 40 deletions

View file

@ -149,7 +149,7 @@ namespace nodetool
{
config_t()
: m_net_config(),
m_peer_id(crypto::rand<uint64_t>()),
m_peer_id(1),
m_support_flags(0)
{}

View file

@ -139,7 +139,9 @@ namespace nodetool
if (storage)
m_peerlist_storage = std::move(*storage);
m_network_zones[epee::net_utils::zone::public_].m_config.m_support_flags = P2P_SUPPORT_FLAGS;
network_zone& public_zone = m_network_zones[epee::net_utils::zone::public_];
public_zone.m_config.m_support_flags = P2P_SUPPORT_FLAGS;
public_zone.m_config.m_peer_id = crypto::rand<uint64_t>();
m_first_connection_maker_call = true;
CATCH_ENTRY_L0("node_server::init_config", false);
@ -1099,11 +1101,12 @@ namespace nodetool
pi = context.peer_id = rsp.node_data.peer_id;
context.m_rpc_port = rsp.node_data.rpc_port;
context.m_rpc_credits_per_hash = rsp.node_data.rpc_credits_per_hash;
network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone());
const auto azone = context.m_remote_address.get_zone();
network_zone& zone = m_network_zones.at(azone);
zone.m_peerlist.set_peer_just_seen(rsp.node_data.peer_id, context.m_remote_address, context.m_pruning_seed, context.m_rpc_port, context.m_rpc_credits_per_hash);
// move
if(rsp.node_data.peer_id == zone.m_config.m_peer_id)
if(azone == epee::net_utils::zone::public_ && rsp.node_data.peer_id == zone.m_config.m_peer_id)
{
LOG_DEBUG_CC(context, "Connection to self detected, dropping connection");
hsh_result = false;
@ -1195,50 +1198,51 @@ namespace nodetool
template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::is_peer_used(const peerlist_entry& peer)
{
for(const auto& zone : m_network_zones)
if(zone.second.m_config.m_peer_id == peer.id)
const auto zone = peer.adr.get_zone();
const auto server = m_network_zones.find(zone);
if (server == m_network_zones.end())
return false;
const bool is_public = (zone == epee::net_utils::zone::public_);
if(is_public && server->second.m_config.m_peer_id == peer.id)
return true;//dont make connections to ourself
bool used = false;
for(auto& zone : m_network_zones)
server->second.m_net_server.get_config_object().foreach_connection([&, is_public](const p2p_connection_context& cntxt)
{
zone.second.m_net_server.get_config_object().foreach_connection([&](const p2p_connection_context& cntxt)
{
if(cntxt.peer_id == peer.id || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address))
if((is_public && cntxt.peer_id == peer.id) || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address))
{
used = true;
return false;//stop enumerating
}
return true;
});
if(used)
return true;
}
return false;
return used;
}
//-----------------------------------------------------------------------------------
template<class t_payload_net_handler>
bool node_server<t_payload_net_handler>::is_peer_used(const anchor_peerlist_entry& peer)
{
for(auto& zone : m_network_zones) {
if(zone.second.m_config.m_peer_id == peer.id) {
const auto zone = peer.adr.get_zone();
const auto server = m_network_zones.find(zone);
if (server == m_network_zones.end())
return false;
const bool is_public = (zone == epee::net_utils::zone::public_);
if(is_public && server->second.m_config.m_peer_id == peer.id)
return true;//dont make connections to ourself
}
bool used = false;
zone.second.m_net_server.get_config_object().foreach_connection([&](const p2p_connection_context& cntxt)
server->second.m_net_server.get_config_object().foreach_connection([&, is_public](const p2p_connection_context& cntxt)
{
if(cntxt.peer_id == peer.id || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address))
if((is_public && cntxt.peer_id == peer.id) || (!cntxt.m_is_income && peer.adr == cntxt.m_remote_address))
{
used = true;
return false;//stop enumerating
}
return true;
});
if (used)
return true;
}
return false;
return used;
}
//-----------------------------------------------------------------------------------
template<class t_payload_net_handler>
@ -1281,6 +1285,9 @@ namespace nodetool
if (zone.m_connect == nullptr) // outgoing connections in zone not possible
return false;
if (zone.m_our_address == na)
return false;
if (zone.m_current_number_of_out_peers == zone.m_config.m_net_config.max_out_connection_count) // out peers limit
{
return false;
@ -1608,6 +1615,9 @@ namespace nodetool
peerid_to_string(pe.id) << " " << pe.adr.str() << ", pruning seed " << epee::string_tools::to_string_hex(pe.pruning_seed) <<
" (stripe " << next_needed_pruning_stripe << " needed)");
if(zone.m_our_address == pe.adr)
continue;
if(is_peer_used(pe)) {
_note("Peer is used");
continue;
@ -2376,11 +2386,12 @@ namespace nodetool
return 1;
}
network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone());
const auto azone = context.m_remote_address.get_zone();
network_zone& zone = m_network_zones.at(azone);
// test only the remote end's zone, otherwise an attacker could connect to you on clearnet
// and pass in a tor connection's peer id, and deduce the two are the same if you reject it
if(arg.node_data.peer_id == zone.m_config.m_peer_id)
if(azone == epee::net_utils::zone::public_ && arg.node_data.peer_id == zone.m_config.m_peer_id)
{
LOG_DEBUG_CC(context, "Connection to self detected, dropping connection");
drop_connection(context);