added reset for meta with different fields

2025-06-21 10:18:50 +02:00 · 2025-06-19 23:08:31 +02:00 · 2025-06-19 23:08:31 +02:00 · 6d9cbd5831
commit 6d9cbd5831
parent 660388889a
2 changed files with 22 additions and 22 deletions
--- a/management/server/loginfilter.go
+++ b/management/server/loginfilter.go
@ -11,18 +11,18 @@ import (
 const (
 	filterTimeout = 5 * time.Minute // Duration to secure the previous login information in the filter
-	reconnThreshold         = 5 * time.Minute
+	reconnThreshold   = 5 * time.Minute
-	blockDuration           = 10 * time.Minute // Duration for which a peer is banned after exceeding the reconnection limit
+	blockDuration     = 10 * time.Minute // Duration for which a peer is banned after exceeding the reconnection limit
-	reconnLimitForBan       = 30               // Number of reconnections within the reconnTreshold that triggers a ban
+	reconnLimitForBan = 30               // Number of reconnections within the reconnTreshold that triggers a ban
-	differentMetaReconnects = 3                // Number of reconnections with different metadata that triggers a ban of one peer
+	metaChangeLim     = 3                // Number of reconnections with different metadata that triggers a ban of one peer
 )
 type config struct {
-	filterTimeout           time.Duration
+	filterTimeout     time.Duration
-	reconnThreshold         time.Duration
+	reconnThreshold   time.Duration
-	blockDuration           time.Duration
+	blockDuration     time.Duration
-	reconnLimitForBan       int
+	reconnLimitForBan int
-	differentMetaReconnects int
+	metaChangeLim     int
 }
 type loginFilter struct {
@ -41,11 +41,11 @@ type metahash struct {
 func initCfg() *config {
 	return &config{
-		filterTimeout:           filterTimeout,
+		filterTimeout:     filterTimeout,
-		reconnThreshold:         reconnThreshold,
+		reconnThreshold:   reconnThreshold,
-		blockDuration:           blockDuration,
+		blockDuration:     blockDuration,
-		reconnLimitForBan:       reconnLimitForBan,
+		reconnLimitForBan: reconnLimitForBan,
-		differentMetaReconnects: differentMetaReconnects,
+		metaChangeLim:     metaChangeLim,
 	}
 }
@ -64,7 +64,7 @@ func (l *loginFilter) addLogin(wgPubKey string, metaHash uint64) {
 	l.mu.Lock()
 	defer l.mu.Unlock()
 	mh, ok := l.logged[wgPubKey]
-	if !ok || mh.banned {
+	if !ok || mh.banned || (mh.hash != metaHash && mh.counter > l.cfg.metaChangeLim) {
 		mh = metahash{
 			hash:       metaHash,
 			firstLogin: time.Now(),
@ -89,7 +89,7 @@ func (l *loginFilter) allowLogin(wgPubKey string, metaHash uint64) bool {
 	if mh.banned && time.Since(mh.lastSeen) < l.cfg.blockDuration {
 		return false
 	}
-	if mh.hash != metaHash && time.Since(mh.lastSeen) < l.cfg.filterTimeout && mh.counter > l.cfg.differentMetaReconnects {
+	if mh.hash != metaHash && time.Since(mh.lastSeen) < l.cfg.filterTimeout && mh.counter > l.cfg.metaChangeLim {
 		return false
 	}
 	return true
--- a/management/server/loginfilter_test.go
+++ b/management/server/loginfilter_test.go
@ -14,11 +14,11 @@ import (
 func testCfg() *config {
 	return &config{
-		filterTimeout:           20 * time.Millisecond,
+		filterTimeout:     20 * time.Millisecond,
-		reconnThreshold:         50 * time.Millisecond,
+		reconnThreshold:   50 * time.Millisecond,
-		blockDuration:           100 * time.Millisecond,
+		blockDuration:     100 * time.Millisecond,
-		reconnLimitForBan:       3,
+		reconnLimitForBan: 3,
-		differentMetaReconnects: 1,
+		metaChangeLim:     1,
 	}
 }
@ -100,7 +100,7 @@ func (s *LoginFilterTestSuite) TestDifferentHashIsBlockedWhenActive() {
 	meta1 := uint64(23424223423)
 	meta2 := uint64(99878798987987)
-	for range s.filter.cfg.differentMetaReconnects {
+	for range s.filter.cfg.metaChangeLim {
 		s.filter.addLogin(pubKey, meta1)
 	}