Don't send private ip addresses on pex

src/File/FileRequest.py

@@ -292,7 +292,7 @@ class FileRequest(object):
                 added += 1
 
         # Send back peers that is not in the sent list and connectable (not port 0)
-        packed_peers = helper.packPeers(site.getConnectablePeers(params["need"], got_peer_keys))
+        packed_peers = helper.packPeers(site.getConnectablePeers(params["need"], got_peer_keys, allow_private=False))
 
         if added:
             site.worker_manager.onPeers()

src/Peer/Peer.py

@@ -71,6 +71,7 @@ class Peer(object):
             self.log("Getting connection...")
 
         if connection:  # Connection specified
+            self.log("Assigning connection %s" % connection)
             self.connection = connection
             self.connection.sites += 1
         else:  # Try to find from connection pool or create new connection
@@ -242,7 +243,7 @@ class Peer(object):
             site = self.site  # If no site defined request peers for this site
 
         # give back 5 connectible peers
-        packed_peers = helper.packPeers(self.site.getConnectablePeers(5))
+        packed_peers = helper.packPeers(self.site.getConnectablePeers(5, allow_private=False))
         request = {"site": site.address, "peers": packed_peers["ip4"], "need": need_num}
         if packed_peers["onion"]:
             request["peers_onion"] = packed_peers["onion"]

src/Site/Site.py

@@ -996,7 +996,7 @@ class Site(object):
         return connected
 
     # Return: Probably peers verified to be connectable recently
-    def getConnectablePeers(self, need_num=5, ignore=[]):
+    def getConnectablePeers(self, need_num=5, ignore=[], allow_private=True):
         peers = self.peers.values()
         found = []
         for peer in peers:
@@ -1009,12 +1009,19 @@ class Site(object):
             if time.time() - peer.connection.last_recv_time > 60 * 60 * 2:  # Last message more than 2 hours ago
                 peer.connection = None  # Cleanup: Dead connection
                 continue
+            if not allow_private and helper.isPrivateIp(peer.ip):
+                continue
             found.append(peer)
             if len(found) >= need_num:
                 break  # Found requested number of peers
 
         if len(found) < need_num:  # Return not that good peers
-            found = [peer for peer in peers if not peer.key.endswith(":0") and peer.key not in ignore][0:need_num - len(found)]
+            found = [
+                peer for peer in peers
+                if not peer.key.endswith(":0") and
+                peer.key not in ignore and
+                (allow_private or not helper.isPrivateIp(peer.ip))
+            ][0:need_num - len(found)]
 
         return found
 

src/Test/TestFileRequest.py

@@ -103,5 +103,16 @@ class TestFileRequest:
         assert peer_file_server.pex()
         assert "1.2.3.4:11337" in site_temp.peers
 
+        # Should not exchange private peers from local network
+        fake_peer_private = site.addPeer("192.168.0.1", 11337, return_peer=True)
+        assert fake_peer_private not in site.getConnectablePeers(allow_private=False)
+        fake_peer_private.connection = Connection(file_server, "192.168.0.1", 11337)
+        fake_peer_private.connection.last_recv_time = time.time()
+
+        assert "192.168.0.1:11337" not in site_temp.peers
+        assert not peer_file_server.pex()
+        assert "192.168.0.1:11337" not in site_temp.peers
+
+
         connection.close()
         client.stop()

src/util/helper.py

@@ -217,3 +217,7 @@ def avg(items):
         return sum(items) / len(items)
     else:
         return 0
+
+local_ip_pattern = re.compile(r"^(127\.)|(192\.168\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(::1$)|([fF][cCdD])")
+def isPrivateIp(ip):
+    return local_ip_pattern.match(ip)