mirror of https://github.com/oxen-io/lokinet
limit client side path builds per ip
This commit is contained in:
parent
5ae428a114
commit
a9c9fe9c24
|
@ -184,12 +184,17 @@ namespace llarp
|
|||
// the actual hop
|
||||
std::shared_ptr< Hop > hop;
|
||||
|
||||
const Addr fromAddr;
|
||||
const RouterContact fromRC;
|
||||
|
||||
LRCMFrameDecrypt(Context* ctx, Decrypter_ptr dec,
|
||||
const LR_CommitMessage* commit)
|
||||
: decrypter(std::move(dec))
|
||||
, frames(commit->frames)
|
||||
, context(ctx)
|
||||
, hop(std::make_shared< Hop >())
|
||||
, fromAddr(commit->session->GetRemoteEndpoint())
|
||||
, fromRC(commit->session->GetRemoteRC())
|
||||
{
|
||||
hop->info.downstream = commit->session->GetPubKey();
|
||||
}
|
||||
|
@ -248,6 +253,17 @@ namespace llarp
|
|||
self->hop = nullptr;
|
||||
return;
|
||||
}
|
||||
|
||||
if(not self->fromRC.IsPublicRouter())
|
||||
{
|
||||
if(self->context->CheckPathLimitHitByIP(self->fromAddr))
|
||||
{
|
||||
llarp::LogError("client path build limited ", self->hop->info);
|
||||
self->hop = nullptr;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if(!self->context->Router()->ConnectionToRouterAllowed(
|
||||
self->hop->info.upstream))
|
||||
{
|
||||
|
|
|
@ -10,7 +10,7 @@ namespace llarp
|
|||
namespace path
|
||||
{
|
||||
PathContext::PathContext(AbstractRouter* router)
|
||||
: m_Router(router), m_AllowTransit(false)
|
||||
: m_Router(router), m_AllowTransit(false), m_PathLimits(500)
|
||||
{
|
||||
}
|
||||
|
||||
|
@ -32,6 +32,14 @@ namespace llarp
|
|||
return m_Router->threadpool();
|
||||
}
|
||||
|
||||
bool
|
||||
PathContext::CheckPathLimitHitByIP(const llarp::Addr& ip)
|
||||
{
|
||||
llarp::Addr remote = ip;
|
||||
remote.port(0);
|
||||
return not m_PathLimits.Insert(remote);
|
||||
}
|
||||
|
||||
std::shared_ptr< Logic >
|
||||
PathContext::logic()
|
||||
{
|
||||
|
@ -277,6 +285,9 @@ namespace llarp
|
|||
void
|
||||
PathContext::ExpirePaths(llarp_time_t now)
|
||||
{
|
||||
// devay limits
|
||||
m_PathLimits.Decay(now);
|
||||
|
||||
{
|
||||
SyncTransitMap_t::Lock_t lock(&m_TransitPaths.first);
|
||||
auto& map = m_TransitPaths.second;
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
#include <routing/handler.hpp>
|
||||
#include <router/i_outbound_message_handler.hpp>
|
||||
#include <util/compare_ptr.hpp>
|
||||
#include <util/decaying_hashset.hpp>
|
||||
#include <util/types.hpp>
|
||||
|
||||
#include <memory>
|
||||
|
@ -50,6 +51,9 @@ namespace llarp
|
|||
void
|
||||
RejectTransit();
|
||||
|
||||
bool
|
||||
CheckPathLimitHitByIP(const llarp::Addr& ip);
|
||||
|
||||
bool
|
||||
AllowingTransit() const;
|
||||
|
||||
|
@ -166,6 +170,7 @@ namespace llarp
|
|||
SyncTransitMap_t m_TransitPaths;
|
||||
SyncOwnedPathsMap_t m_OurPaths;
|
||||
bool m_AllowTransit;
|
||||
util::DecayingHashSet< llarp::Addr > m_PathLimits;
|
||||
};
|
||||
} // namespace path
|
||||
} // namespace llarp
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
#ifndef LLARP_UTIL_DECAYING_HASHSET_HPP
|
||||
#define LLARP_UTIL_DECAYING_HASHSET_HPP
|
||||
|
||||
#include <util/time.hpp>
|
||||
#include <unordered_map>
|
||||
|
||||
namespace llarp
|
||||
{
|
||||
namespace util
|
||||
{
|
||||
template < typename Val_t, typename Hash_t = typename Val_t::Hash >
|
||||
struct DecayingHashSet
|
||||
{
|
||||
DecayingHashSet(llarp_time_t cacheInterval = 5000)
|
||||
: m_CacheInterval(cacheInterval)
|
||||
{
|
||||
}
|
||||
|
||||
/// determine if we have v contained in our decayiny hashset
|
||||
bool
|
||||
Contains(const Val_t& v) const
|
||||
{
|
||||
return m_Values.find(v) != m_Values.end();
|
||||
}
|
||||
|
||||
/// return true if inserted
|
||||
/// return false if not inserted
|
||||
bool
|
||||
Insert(const Val_t& v, llarp_time_t now = 0)
|
||||
{
|
||||
if(Contains(v))
|
||||
return false;
|
||||
if(now == 0)
|
||||
now = llarp::time_now_ms();
|
||||
m_Values.emplace(v, now + m_CacheInterval);
|
||||
return true;
|
||||
}
|
||||
|
||||
/// decay hashset entries
|
||||
void
|
||||
Decay(llarp_time_t now = 0)
|
||||
{
|
||||
if(now == 0)
|
||||
now = llarp::time_now_ms();
|
||||
auto itr = m_Values.begin();
|
||||
while(itr != m_Values.end())
|
||||
{
|
||||
if(itr->second >= now)
|
||||
itr = m_Values.erase(itr);
|
||||
else
|
||||
++itr;
|
||||
}
|
||||
}
|
||||
|
||||
llarp_time_t
|
||||
DecayInterval() const
|
||||
{
|
||||
return m_CacheInterval;
|
||||
}
|
||||
|
||||
private:
|
||||
const llarp_time_t m_CacheInterval;
|
||||
std::unordered_map< Val_t, llarp_time_t, Hash_t > m_Values;
|
||||
};
|
||||
} // namespace util
|
||||
} // namespace llarp
|
||||
|
||||
#endif
|
Loading…
Reference in New Issue