From 6d9cbd5831ca6889bfd4deb0655db876913896ec Mon Sep 17 00:00:00 2001 From: crn4 Date: Thu, 19 Jun 2025 23:08:31 +0200 Subject: [PATCH] added reset for meta with different fields --- management/server/loginfilter.go | 32 +++++++++++++-------------- management/server/loginfilter_test.go | 12 +++++----- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/management/server/loginfilter.go b/management/server/loginfilter.go index 6c6d369c8..1b2a2a163 100644 --- a/management/server/loginfilter.go +++ b/management/server/loginfilter.go @@ -11,18 +11,18 @@ import ( const ( filterTimeout = 5 * time.Minute // Duration to secure the previous login information in the filter - reconnThreshold = 5 * time.Minute - blockDuration = 10 * time.Minute // Duration for which a peer is banned after exceeding the reconnection limit - reconnLimitForBan = 30 // Number of reconnections within the reconnTreshold that triggers a ban - differentMetaReconnects = 3 // Number of reconnections with different metadata that triggers a ban of one peer + reconnThreshold = 5 * time.Minute + blockDuration = 10 * time.Minute // Duration for which a peer is banned after exceeding the reconnection limit + reconnLimitForBan = 30 // Number of reconnections within the reconnTreshold that triggers a ban + metaChangeLim = 3 // Number of reconnections with different metadata that triggers a ban of one peer ) type config struct { - filterTimeout time.Duration - reconnThreshold time.Duration - blockDuration time.Duration - reconnLimitForBan int - differentMetaReconnects int + filterTimeout time.Duration + reconnThreshold time.Duration + blockDuration time.Duration + reconnLimitForBan int + metaChangeLim int } type loginFilter struct { @@ -41,11 +41,11 @@ type metahash struct { func initCfg() *config { return &config{ - filterTimeout: filterTimeout, - reconnThreshold: reconnThreshold, - blockDuration: blockDuration, - reconnLimitForBan: reconnLimitForBan, - differentMetaReconnects: differentMetaReconnects, + filterTimeout: filterTimeout, + reconnThreshold: reconnThreshold, + blockDuration: blockDuration, + reconnLimitForBan: reconnLimitForBan, + metaChangeLim: metaChangeLim, } } @@ -64,7 +64,7 @@ func (l *loginFilter) addLogin(wgPubKey string, metaHash uint64) { l.mu.Lock() defer l.mu.Unlock() mh, ok := l.logged[wgPubKey] - if !ok || mh.banned { + if !ok || mh.banned || (mh.hash != metaHash && mh.counter > l.cfg.metaChangeLim) { mh = metahash{ hash: metaHash, firstLogin: time.Now(), @@ -89,7 +89,7 @@ func (l *loginFilter) allowLogin(wgPubKey string, metaHash uint64) bool { if mh.banned && time.Since(mh.lastSeen) < l.cfg.blockDuration { return false } - if mh.hash != metaHash && time.Since(mh.lastSeen) < l.cfg.filterTimeout && mh.counter > l.cfg.differentMetaReconnects { + if mh.hash != metaHash && time.Since(mh.lastSeen) < l.cfg.filterTimeout && mh.counter > l.cfg.metaChangeLim { return false } return true diff --git a/management/server/loginfilter_test.go b/management/server/loginfilter_test.go index 4c2694ec1..fe838e62d 100644 --- a/management/server/loginfilter_test.go +++ b/management/server/loginfilter_test.go @@ -14,11 +14,11 @@ import ( func testCfg() *config { return &config{ - filterTimeout: 20 * time.Millisecond, - reconnThreshold: 50 * time.Millisecond, - blockDuration: 100 * time.Millisecond, - reconnLimitForBan: 3, - differentMetaReconnects: 1, + filterTimeout: 20 * time.Millisecond, + reconnThreshold: 50 * time.Millisecond, + blockDuration: 100 * time.Millisecond, + reconnLimitForBan: 3, + metaChangeLim: 1, } } @@ -100,7 +100,7 @@ func (s *LoginFilterTestSuite) TestDifferentHashIsBlockedWhenActive() { meta1 := uint64(23424223423) meta2 := uint64(99878798987987) - for range s.filter.cfg.differentMetaReconnects { + for range s.filter.cfg.metaChangeLim { s.filter.addLogin(pubKey, meta1) }