|
1 | 1 | package gating |
2 | 2 |
|
3 | 3 | import ( |
4 | | - "net" |
5 | | - |
6 | | - ds "github.com/ipfs/go-datastore" |
7 | | - "github.com/libp2p/go-libp2p/core/connmgr" |
| 4 | + libp2p_dht "github.com/libp2p/go-libp2p-kad-dht" |
8 | 5 | "github.com/libp2p/go-libp2p/core/peer" |
9 | | - "github.com/libp2p/go-libp2p/p2p/net/conngater" |
| 6 | + ma "github.com/multiformats/go-multiaddr" |
10 | 7 | ) |
11 | 8 |
|
12 | | -type BlockingConnectionGater interface { |
13 | | - connmgr.ConnectionGater |
14 | | - |
15 | | - // BlockPeer adds a peer to the set of blocked peers. |
16 | | - // Note: active connections to the peer are not automatically closed. |
17 | | - BlockPeer(p peer.ID) error |
18 | | - UnblockPeer(p peer.ID) error |
19 | | - ListBlockedPeers() []peer.ID |
20 | | - |
21 | | - // BlockAddr adds an IP address to the set of blocked addresses. |
22 | | - // Note: active connections to the IP address are not automatically closed. |
23 | | - BlockAddr(ip net.IP) error |
24 | | - UnblockAddr(ip net.IP) error |
25 | | - ListBlockedAddrs() []net.IP |
| 9 | +// ExpiryConnectionGater enhances a ExtendedConnectionGater by implementing ban-expiration |
| 10 | +type BlockingConnectionGater struct { |
| 11 | + ExtendedConnectionGater |
| 12 | + isGating bool |
| 13 | +} |
26 | 14 |
|
27 | | - // BlockSubnet adds an IP subnet to the set of blocked addresses. |
28 | | - // Note: active connections to the IP subnet are not automatically closed. |
29 | | - BlockSubnet(ipnet *net.IPNet) error |
30 | | - UnblockSubnet(ipnet *net.IPNet) error |
31 | | - ListBlockedSubnets() []*net.IPNet |
| 15 | +func AddBlocking(gater ExtendedConnectionGater, disablePrivateIPScan bool) *BlockingConnectionGater { |
| 16 | + return &BlockingConnectionGater{ |
| 17 | + ExtendedConnectionGater: gater, |
| 18 | + isGating: disablePrivateIPScan, |
| 19 | + } |
32 | 20 | } |
33 | 21 |
|
34 | | -func NewBlockingConnectionGater(store ds.Batching) (BlockingConnectionGater, error) { |
35 | | - return conngater.NewBasicConnectionGater(store) |
| 22 | +// Blocking connections at this stage is typical for address filtering. |
| 23 | +func (g *BlockingConnectionGater) InterceptAddrDial(p peer.ID, m ma.Multiaddr) (allow bool) { |
| 24 | + if g.isGating { |
| 25 | + return libp2p_dht.PublicQueryFilter(nil, peer.AddrInfo{ |
| 26 | + ID: p, |
| 27 | + Addrs: []ma.Multiaddr{m}, |
| 28 | + }) |
| 29 | + } |
| 30 | + return true |
36 | 31 | } |
0 commit comments