Framework for banning mis-behaving peers

author: Gavin Andresen <gavinandresen@gmail.com> 2011-09-06 16:09:04 -0400
committer: Gavin Andresen <gavinandresen@gmail.com> 2011-09-21 12:49:53 -0400
commit: 15f3ad4dbdf0d245b936e68c51a7ecb9f472d2cd (patch)
tree: 7e06d23ee6fd40fa6a60edb698350e8a96df49d9 /src/net.cpp
parent: 54d02f158d79b078ed9afdca5e37241101b040cd (diff)
1 files changed, 53 insertions, 1 deletions
diff --git a/src/net.cpp b/src/net.cpp
index 2e257a6efc..1792bf78a0 100644
--- a/src/net.cpp
+++ b/src/net.cpp
@@ -726,6 +726,52 @@ void CNode::Cleanup()
 }
 
 
+std::map<unsigned int, int64> CNode::setBanned;
+CCriticalSection CNode::cs_setBanned;
+
+void CNode::ClearBanned()
+{
+    setBanned.clear();
+}
+
+bool CNode::IsBanned(unsigned int ip)
+{
+    bool fResult = false;
+    CRITICAL_BLOCK(cs_setBanned)
+    {
+        std::map<unsigned int, int64>::iterator i = setBanned.find(ip);
+        if (i != setBanned.end())
+        {
+            int64 t = (*i).second;
+            if (GetTime() < t)
+                fResult = true;
+        }
+    }
+    return fResult;
+}
+
+bool CNode::Misbehaving(int howmuch)
+{
+    if (addr.IsLocal())
+    {
+        printf("Warning: local node %s misbehaving\n", addr.ToString().c_str());
+        return false;
+    }
+
+    nMisbehavior += howmuch;
+    if (nMisbehavior >= GetArg("-banscore", 100))
+    {
+        int64 banTime = GetTime()+GetArg("-bantime", 60*60*24);  // Default 24-hour ban
+        CRITICAL_BLOCK(cs_setBanned)
+            if (setBanned[addr.ip] < banTime)
+                setBanned[addr.ip] = banTime;
+        CloseSocketDisconnect();
+        printf("Disconnected %s for misbehavior (score=%d)\n", addr.ToString().c_str(), nMisbehavior);
+        return true;
+    }
+    return false;
+}
+
 
 
 
@@ -896,6 +942,11 @@ void ThreadSocketHandler2(void* parg)
             {
                 closesocket(hSocket);
             }
+            else if (CNode::IsBanned(addr.ip))
+            {
+                printf("connetion from %s dropped (banned)\n", addr.ToString().c_str());
+                closesocket(hSocket);
+            }
             else
             {
                 printf("accepted connection %s\n", addr.ToString().c_str());
@@ -1454,7 +1505,8 @@ bool OpenNetworkConnection(const CAddress& addrConnect)
     //
     if (fShutdown)
         return false;
-    if (addrConnect.ip == addrLocalHost.ip || !addrConnect.IsIPv4() || FindNode(addrConnect.ip))
+    if (addrConnect.ip == addrLocalHost.ip || !addrConnect.IsIPv4() ||
+        FindNode(addrConnect.ip) || CNode::IsBanned(addrConnect.ip))
         return false;
 
     vnThreadsRunning[1]--;
author	Gavin Andresen <gavinandresen@gmail.com>	2011-09-06 16:09:04 -0400
committer	Gavin Andresen <gavinandresen@gmail.com>	2011-09-21 12:49:53 -0400
commit	15f3ad4dbdf0d245b936e68c51a7ecb9f472d2cd (patch)
tree	7e06d23ee6fd40fa6a60edb698350e8a96df49d9 /src/net.cpp
parent	54d02f158d79b078ed9afdca5e37241101b040cd (diff)