Don't send private ip addresses on pex

This commit is contained in:
shortcutme 2018-01-30 13:58:01 +01:00
parent a6f86329c5
commit c2edbb30b5
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
5 changed files with 28 additions and 5 deletions

View file

@ -292,7 +292,7 @@ class FileRequest(object):
added += 1
# Send back peers that is not in the sent list and connectable (not port 0)
packed_peers = helper.packPeers(site.getConnectablePeers(params["need"], got_peer_keys))
packed_peers = helper.packPeers(site.getConnectablePeers(params["need"], got_peer_keys, allow_private=False))
if added:
site.worker_manager.onPeers()

View file

@ -71,6 +71,7 @@ class Peer(object):
self.log("Getting connection...")
if connection: # Connection specified
self.log("Assigning connection %s" % connection)
self.connection = connection
self.connection.sites += 1
else: # Try to find from connection pool or create new connection
@ -242,7 +243,7 @@ class Peer(object):
site = self.site # If no site defined request peers for this site
# give back 5 connectible peers
packed_peers = helper.packPeers(self.site.getConnectablePeers(5))
packed_peers = helper.packPeers(self.site.getConnectablePeers(5, allow_private=False))
request = {"site": site.address, "peers": packed_peers["ip4"], "need": need_num}
if packed_peers["onion"]:
request["peers_onion"] = packed_peers["onion"]

View file

@ -996,7 +996,7 @@ class Site(object):
return connected
# Return: Probably peers verified to be connectable recently
def getConnectablePeers(self, need_num=5, ignore=[]):
def getConnectablePeers(self, need_num=5, ignore=[], allow_private=True):
peers = self.peers.values()
found = []
for peer in peers:
@ -1009,12 +1009,19 @@ class Site(object):
if time.time() - peer.connection.last_recv_time > 60 * 60 * 2: # Last message more than 2 hours ago
peer.connection = None # Cleanup: Dead connection
continue
if not allow_private and helper.isPrivateIp(peer.ip):
continue
found.append(peer)
if len(found) >= need_num:
break # Found requested number of peers
if len(found) < need_num: # Return not that good peers
found = [peer for peer in peers if not peer.key.endswith(":0") and peer.key not in ignore][0:need_num - len(found)]
found = [
peer for peer in peers
if not peer.key.endswith(":0") and
peer.key not in ignore and
(allow_private or not helper.isPrivateIp(peer.ip))
][0:need_num - len(found)]
return found

View file

@ -103,5 +103,16 @@ class TestFileRequest:
assert peer_file_server.pex()
assert "1.2.3.4:11337" in site_temp.peers
# Should not exchange private peers from local network
fake_peer_private = site.addPeer("192.168.0.1", 11337, return_peer=True)
assert fake_peer_private not in site.getConnectablePeers(allow_private=False)
fake_peer_private.connection = Connection(file_server, "192.168.0.1", 11337)
fake_peer_private.connection.last_recv_time = time.time()
assert "192.168.0.1:11337" not in site_temp.peers
assert not peer_file_server.pex()
assert "192.168.0.1:11337" not in site_temp.peers
connection.close()
client.stop()

View file

@ -216,4 +216,8 @@ def avg(items):
if len(items) > 0:
return sum(items) / len(items)
else:
return 0
return 0
local_ip_pattern = re.compile(r"^(127\.)|(192\.168\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(::1$)|([fF][cCdD])")
def isPrivateIp(ip):
return local_ip_pattern.match(ip)