137 lines
3.1 KiB
Go
137 lines
3.1 KiB
Go
package net
|
|
|
|
import (
|
|
"context"
|
|
"net"
|
|
|
|
"golang.org/x/xerrors"
|
|
|
|
logging "github.com/ipfs/go-log/v2"
|
|
manet "github.com/multiformats/go-multiaddr/net"
|
|
|
|
"github.com/filecoin-project/lotus/api"
|
|
)
|
|
|
|
var cLog = logging.Logger("conngater")
|
|
|
|
func (a *NetAPI) NetBlockAdd(ctx context.Context, acl api.NetBlockList) error {
|
|
for _, p := range acl.Peers {
|
|
err := a.ConnGater.BlockPeer(p)
|
|
if err != nil {
|
|
return xerrors.Errorf("error blocking peer %s: %w", p, err)
|
|
}
|
|
|
|
for _, c := range a.Host.Network().ConnsToPeer(p) {
|
|
err = c.Close()
|
|
if err != nil {
|
|
// just log this, don't fail
|
|
cLog.Warnf("error closing connection to %s: %s", p, err)
|
|
}
|
|
}
|
|
}
|
|
|
|
for _, addr := range acl.IPAddrs {
|
|
ip := net.ParseIP(addr)
|
|
if ip == nil {
|
|
return xerrors.Errorf("error parsing IP address %s", addr)
|
|
}
|
|
|
|
err := a.ConnGater.BlockAddr(ip)
|
|
if err != nil {
|
|
return xerrors.Errorf("error blocking IP address %s: %w", addr, err)
|
|
}
|
|
|
|
for _, c := range a.Host.Network().Conns() {
|
|
remote := c.RemoteMultiaddr()
|
|
remoteIP, err := manet.ToIP(remote)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
|
|
if ip.Equal(remoteIP) {
|
|
err = c.Close()
|
|
if err != nil {
|
|
// just log this, don't fail
|
|
cLog.Warnf("error closing connection to %s: %s", remoteIP, err)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
for _, subnet := range acl.IPSubnets {
|
|
_, cidr, err := net.ParseCIDR(subnet)
|
|
if err != nil {
|
|
return xerrors.Errorf("error parsing subnet %s: %w", subnet, err)
|
|
}
|
|
|
|
err = a.ConnGater.BlockSubnet(cidr)
|
|
if err != nil {
|
|
return xerrors.Errorf("error blocking subunet %s: %w", subnet, err)
|
|
}
|
|
|
|
for _, c := range a.Host.Network().Conns() {
|
|
remote := c.RemoteMultiaddr()
|
|
remoteIP, err := manet.ToIP(remote)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
|
|
if cidr.Contains(remoteIP) {
|
|
err = c.Close()
|
|
if err != nil {
|
|
// just log this, don't fail
|
|
cLog.Warnf("error closing connection to %s: %s", remoteIP, err)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (a *NetAPI) NetBlockRemove(ctx context.Context, acl api.NetBlockList) error {
|
|
for _, p := range acl.Peers {
|
|
err := a.ConnGater.UnblockPeer(p)
|
|
if err != nil {
|
|
return xerrors.Errorf("error unblocking peer %s: %w", p, err)
|
|
}
|
|
}
|
|
|
|
for _, addr := range acl.IPAddrs {
|
|
ip := net.ParseIP(addr)
|
|
if ip == nil {
|
|
return xerrors.Errorf("error parsing IP address %s", addr)
|
|
}
|
|
|
|
err := a.ConnGater.UnblockAddr(ip)
|
|
if err != nil {
|
|
return xerrors.Errorf("error unblocking IP address %s: %w", addr, err)
|
|
}
|
|
}
|
|
|
|
for _, subnet := range acl.IPSubnets {
|
|
_, cidr, err := net.ParseCIDR(subnet)
|
|
if err != nil {
|
|
return xerrors.Errorf("error parsing subnet %s: %w", subnet, err)
|
|
}
|
|
|
|
err = a.ConnGater.UnblockSubnet(cidr)
|
|
if err != nil {
|
|
return xerrors.Errorf("error unblocking subunet %s: %w", subnet, err)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (a *NetAPI) NetBlockList(ctx context.Context) (result api.NetBlockList, err error) {
|
|
result.Peers = a.ConnGater.ListBlockedPeers()
|
|
for _, ip := range a.ConnGater.ListBlockedAddrs() {
|
|
result.IPAddrs = append(result.IPAddrs, ip.String())
|
|
}
|
|
for _, subnet := range a.ConnGater.ListBlockedSubnets() {
|
|
result.IPSubnets = append(result.IPSubnets, subnet.String())
|
|
}
|
|
return
|
|
}
|