From 82d4d1927d7db22ea71f5b7e3f5396bcee3b5513 Mon Sep 17 00:00:00 2001 From: arvidn Date: Wed, 15 Jan 2020 19:47:41 +0100 Subject: [PATCH] restrict DHT nodes to the network they are associated with (multi-homed) --- ChangeLog | 1 + src/kademlia/node.cpp | 56 ++++++++++++++++++++++++------------------- src/session_impl.cpp | 3 ++- 3 files changed, 34 insertions(+), 26 deletions(-) diff --git a/ChangeLog b/ChangeLog index f5313bf54..b02c20381 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,4 @@ + * fix external IP voting for multi-homed DHT nodes * deprecate broadcast_lsd setting. Just use multicast * deprecate upnp_ignore_nonrouters setting * don't attempt sending event=stopped if event=start never succeeded diff --git a/src/kademlia/node.cpp b/src/kademlia/node.cpp index 89260cb59..efb403ea0 100644 --- a/src/kademlia/node.cpp +++ b/src/kademlia/node.cpp @@ -269,32 +269,37 @@ void node::incoming(aux::listen_socket_handle const& s, msg const& m) return; } - const char y = *(y_ent.string_ptr()); + char const y = *(y_ent.string_ptr()); - bdecode_node ext_ip = m.message.dict_find_string("ip"); + // we can only ascribe the external IP this node is saying we have to the + // listen socket the packet was received on + if (s == m_sock) + { + bdecode_node ext_ip = m.message.dict_find_string("ip"); - // backwards compatibility - if (!ext_ip) - { - bdecode_node const r = m.message.dict_find_dict("r"); - if (r) - ext_ip = r.dict_find_string("ip"); - } + // backwards compatibility + if (!ext_ip) + { + bdecode_node const r = m.message.dict_find_dict("r"); + if (r) + ext_ip = r.dict_find_string("ip"); + } - if (ext_ip && ext_ip.string_length() >= int(detail::address_size(udp::v6()))) - { - // this node claims we use the wrong node-ID! - char const* ptr = ext_ip.string_ptr(); - if (m_observer != nullptr) - m_observer->set_external_address(m_sock, detail::read_v6_address(ptr) - , m.addr.address()); - } - else if (ext_ip && ext_ip.string_length() >= int(detail::address_size(udp::v4()))) - { - char const* ptr = ext_ip.string_ptr(); - if (m_observer != nullptr) - m_observer->set_external_address(m_sock, detail::read_v4_address(ptr) - , m.addr.address()); + if (ext_ip && ext_ip.string_length() >= int(detail::address_size(udp::v6()))) + { + // this node claims we use the wrong node-ID! + char const* ptr = ext_ip.string_ptr(); + if (m_observer != nullptr) + m_observer->set_external_address(m_sock, detail::read_v6_address(ptr) + , m.addr.address()); + } + else if (ext_ip && ext_ip.string_length() >= int(detail::address_size(udp::v4()))) + { + char const* ptr = ext_ip.string_ptr(); + if (m_observer != nullptr) + m_observer->set_external_address(m_sock, detail::read_v4_address(ptr) + , m.addr.address()); + } } switch (y) @@ -312,8 +317,9 @@ void node::incoming(aux::listen_socket_handle const& s, msg const& m) // responds to 'query' messages that it receives. if (m_settings.read_only) break; - // only respond to requests if they're addressed to this node - if (s != m_sock) break; + // ignore packets arriving on a different interface than the one we're + // associated with + if (s != m_sock) return; if (!m_sock_man->has_quota()) { diff --git a/src/session_impl.cpp b/src/session_impl.cpp index 8fc07e50a..0f99cca1a 100644 --- a/src/session_impl.cpp +++ b/src/session_impl.cpp @@ -6908,7 +6908,8 @@ namespace aux { , ip_source_t const source_type, address const& source) { auto sock = std::find_if(m_listen_sockets.begin(), m_listen_sockets.end() - , [&](std::shared_ptr const& v) { return v->local_endpoint == local_endpoint; }); + , [&](std::shared_ptr const& v) + { return v->local_endpoint.address() == local_endpoint.address(); }); if (sock != m_listen_sockets.end()) set_external_address(*sock, ip, source_type, source);