Archives
/
lokinet
mirror of https://github.com/oxen-io/lokinet
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

limit client side path builds per ip

Browse Source
pull/1014/head
Jeff Becker 4 years ago
parent 5ae428a114
commit a9c9fe9c24
No known key found for this signature in database
GPG Key ID: F357B3B42F6F9B05
4 changed files with 101 additions and 1 deletions
Show Stats Download Patch File Download Diff File

16
llarp/messages/relay_commit.cpp
Unescape Escape View File

@ -184,12 +184,17 @@ namespace llarp
// the actual hop
std::shared_ptr< Hop > hop;
const Addr fromAddr;
const RouterContact fromRC;
LRCMFrameDecrypt(Context* ctx, Decrypter_ptr dec,
const LR_CommitMessage* commit)
: decrypter(std::move(dec))
, frames(commit->frames)
, context(ctx)
, hop(std::make_shared< Hop >())
, fromAddr(commit->session->GetRemoteEndpoint())
, fromRC(commit->session->GetRemoteRC())
{
hop->info.downstream = commit->session->GetPubKey();
}
@ -248,6 +253,17 @@ namespace llarp
self->hop = nullptr;
return;
}
if(not self->fromRC.IsPublicRouter())
{
if(self->context->CheckPathLimitHitByIP(self->fromAddr))
{
llarp::LogError("client path build limited ", self->hop->info);
self->hop = nullptr;
return;
}
}
if(!self->context->Router()->ConnectionToRouterAllowed(
self->hop->info.upstream))
{

13
llarp/path/path_context.cpp
Unescape Escape View File

@ -10,7 +10,7 @@ namespace llarp
namespace path
{
PathContext::PathContext(AbstractRouter* router)
: m_Router(router), m_AllowTransit(false)
: m_Router(router), m_AllowTransit(false), m_PathLimits(500)
{
}
@ -32,6 +32,14 @@ namespace llarp
return m_Router->threadpool();
}
bool
PathContext::CheckPathLimitHitByIP(const llarp::Addr& ip)
{
llarp::Addr remote = ip;
remote.port(0);
return not m_PathLimits.Insert(remote);
}
std::shared_ptr< Logic >
PathContext::logic()
{
@ -277,6 +285,9 @@ namespace llarp
void
PathContext::ExpirePaths(llarp_time_t now)
{
// devay limits
m_PathLimits.Decay(now);
{
SyncTransitMap_t::Lock_t lock(&m_TransitPaths.first);
auto& map = m_TransitPaths.second;

5
llarp/path/path_context.hpp
Unescape Escape View File

@ -9,6 +9,7 @@
#include <routing/handler.hpp>
#include <router/i_outbound_message_handler.hpp>
#include <util/compare_ptr.hpp>
#include <util/decaying_hashset.hpp>
#include <util/types.hpp>
#include <memory>
@ -50,6 +51,9 @@ namespace llarp
void
RejectTransit();
bool
CheckPathLimitHitByIP(const llarp::Addr& ip);
bool
AllowingTransit() const;
@ -166,6 +170,7 @@ namespace llarp
SyncTransitMap_t m_TransitPaths;
SyncOwnedPathsMap_t m_OurPaths;
bool m_AllowTransit;
util::DecayingHashSet< llarp::Addr > m_PathLimits;
};
} // namespace path
} // namespace llarp

68
llarp/util/decaying_hashset.hpp
Unescape Escape View File

@ -0,0 +1,68 @@
#ifndef LLARP_UTIL_DECAYING_HASHSET_HPP
#define LLARP_UTIL_DECAYING_HASHSET_HPP
#include <util/time.hpp>
#include <unordered_map>
namespace llarp
{
namespace util
{
template < typename Val_t, typename Hash_t = typename Val_t::Hash >
struct DecayingHashSet
{
DecayingHashSet(llarp_time_t cacheInterval = 5000)
: m_CacheInterval(cacheInterval)
{
}
/// determine if we have v contained in our decayiny hashset
bool
Contains(const Val_t& v) const
{
return m_Values.find(v) != m_Values.end();
}
/// return true if inserted
/// return false if not inserted
bool
Insert(const Val_t& v, llarp_time_t now = 0)
{
if(Contains(v))
return false;
if(now == 0)
now = llarp::time_now_ms();
m_Values.emplace(v, now + m_CacheInterval);
return true;
}
/// decay hashset entries
void
Decay(llarp_time_t now = 0)
{
if(now == 0)
now = llarp::time_now_ms();
auto itr = m_Values.begin();
while(itr != m_Values.end())
{
if(itr->second >= now)
itr = m_Values.erase(itr);
else
++itr;
}
}
llarp_time_t
DecayInterval() const
{
return m_CacheInterval;
}
private:
const llarp_time_t m_CacheInterval;
std::unordered_map< Val_t, llarp_time_t, Hash_t > m_Values;
};
} // namespace util
} // namespace llarp
#endif
Write Preview
Loading…
Cancel
Save