extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-06-21 10:18:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

added reset for meta with different fields

Browse Source
This commit is contained in:
crn4 2025-06-19 23:08:31 +02:00
parent 660388889a
commit 6d9cbd5831
2 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
management/server/loginfilter.go
View File

@ -14,7 +14,7 @@ const (
reconnThreshold = 5 * time.Minute reconnThreshold = 5 * time.Minute
blockDuration = 10 * time.Minute // Duration for which a peer is banned after exceeding the reconnection limit blockDuration = 10 * time.Minute // Duration for which a peer is banned after exceeding the reconnection limit
reconnLimitForBan = 30 // Number of reconnections within the reconnTreshold that triggers a ban reconnLimitForBan = 30 // Number of reconnections within the reconnTreshold that triggers a ban
differentMetaReconnects = 3 // Number of reconnections with different metadata that triggers a ban of one peer metaChangeLim = 3 // Number of reconnections with different metadata that triggers a ban of one peer
) )
type config struct { type config struct {
@ -22,7 +22,7 @@ type config struct {
reconnThreshold time.Duration reconnThreshold time.Duration
blockDuration time.Duration blockDuration time.Duration
reconnLimitForBan int reconnLimitForBan int
differentMetaReconnects int metaChangeLim int
} }
type loginFilter struct { type loginFilter struct {
@ -45,7 +45,7 @@ func initCfg() *config {
reconnThreshold: reconnThreshold, reconnThreshold: reconnThreshold,
blockDuration: blockDuration, blockDuration: blockDuration,
reconnLimitForBan: reconnLimitForBan, reconnLimitForBan: reconnLimitForBan,
differentMetaReconnects: differentMetaReconnects, metaChangeLim: metaChangeLim,
} }
} }
@ -64,7 +64,7 @@ func (l *loginFilter) addLogin(wgPubKey string, metaHash uint64) {
l.mu.Lock() l.mu.Lock()
defer l.mu.Unlock() defer l.mu.Unlock()
mh, ok := l.logged[wgPubKey] mh, ok := l.logged[wgPubKey]
if !ok || mh.banned { if !ok || mh.banned || (mh.hash != metaHash && mh.counter > l.cfg.metaChangeLim) {
mh = metahash{ mh = metahash{
hash: metaHash, hash: metaHash,
firstLogin: time.Now(), firstLogin: time.Now(),
@ -89,7 +89,7 @@ func (l *loginFilter) allowLogin(wgPubKey string, metaHash uint64) bool {
if mh.banned && time.Since(mh.lastSeen) < l.cfg.blockDuration { if mh.banned && time.Since(mh.lastSeen) < l.cfg.blockDuration {
return false return false
} }
if mh.hash != metaHash && time.Since(mh.lastSeen) < l.cfg.filterTimeout && mh.counter > l.cfg.differentMetaReconnects { if mh.hash != metaHash && time.Since(mh.lastSeen) < l.cfg.filterTimeout && mh.counter > l.cfg.metaChangeLim {
return false return false
} }
return true return true

4
management/server/loginfilter_test.go
View File

@ -18,7 +18,7 @@ func testCfg() *config {
reconnThreshold: 50 * time.Millisecond, reconnThreshold: 50 * time.Millisecond,
blockDuration: 100 * time.Millisecond, blockDuration: 100 * time.Millisecond,
reconnLimitForBan: 3, reconnLimitForBan: 3,
differentMetaReconnects: 1, metaChangeLim: 1,
} }
} }
@ -100,7 +100,7 @@ func (s *LoginFilterTestSuite) TestDifferentHashIsBlockedWhenActive() {
meta1 := uint64(23424223423) meta1 := uint64(23424223423)
meta2 := uint64(99878798987987) meta2 := uint64(99878798987987)
for range s.filter.cfg.differentMetaReconnects { for range s.filter.cfg.metaChangeLim {
s.filter.addLogin(pubKey, meta1) s.filter.addLogin(pubKey, meta1)
} }