package security import ( "fmt" "sync" "sync/atomic" "github.com/harmony-one/harmony/internal/utils" libp2p_network "github.com/libp2p/go-libp2p-core/network" ma "github.com/multiformats/go-multiaddr" "github.com/pkg/errors" ) type Security interface { OnConnectCheck(net libp2p_network.Network, conn libp2p_network.Conn) error OnDisconnectCheck(conn libp2p_network.Conn) error } type Manager struct { maxConnPerIP int maxPeers int64 mutex sync.Mutex peers peerMap // All the connected nodes, key is the Peer's IP, value is the peer's ID array } type peerMap struct { count int64 peers sync.Map } func (peerMap *peerMap) Len() int64 { return atomic.LoadInt64(&peerMap.count) } func (peerMap *peerMap) Store(key, value interface{}) { // only increment if you didn't have this key hasKey := peerMap.HasKey(key) peerMap.peers.Store(key, value) if !hasKey { atomic.AddInt64(&peerMap.count, 1) } } func (peerMap *peerMap) HasKey(key interface{}) bool { hasKey := false peerMap.peers.Range(func(k, v interface{}) bool { if k == key { hasKey = true return false } return true }) return hasKey } func (peerMap *peerMap) Delete(key interface{}) { peerMap.peers.Delete(key) atomic.AddInt64(&peerMap.count, -1) } func (peerMap *peerMap) Load(key interface{}) (value interface{}, ok bool) { return peerMap.peers.Load(key) } func (peerMap *peerMap) Range(f func(key, value any) bool) { peerMap.peers.Range(f) } func NewManager(maxConnPerIP int, maxPeers int64) *Manager { if maxConnPerIP < 0 { panic("maximum connections per IP must not be negative") } if maxPeers < 0 { panic("maximum peers must not be negative") } return &Manager{ maxConnPerIP: maxConnPerIP, maxPeers: maxPeers, } } func (m *Manager) OnConnectCheck(net libp2p_network.Network, conn libp2p_network.Conn) error { m.mutex.Lock() defer m.mutex.Unlock() remoteIp, err := getRemoteIP(conn) if err != nil { return errors.Wrap(err, "failed on get remote ip") } value, ok := m.peers.Load(remoteIp) if !ok { value = []string{} } peers, ok := value.([]string) if !ok { return errors.New("peers info type err") } // avoid add repeatedly peerID := conn.RemotePeer().String() _, ok = find(peers, peerID) if !ok { peers = append(peers, peerID) } if m.maxConnPerIP > 0 && len(peers) > m.maxConnPerIP { utils.Logger().Warn(). Int("len(peers)", len(peers)). Int("maxConnPerIP", m.maxConnPerIP). Msgf("too many connections from %s, closing", remoteIp) return net.ClosePeer(conn.RemotePeer()) } currentPeerCount := m.peers.Len() // only limit addition if it's a new peer and not an existing peer with new connection if m.maxPeers > 0 && currentPeerCount >= m.maxPeers && !m.peers.HasKey(remoteIp) { utils.Logger().Warn(). Int64("connected peers", currentPeerCount). Str("new peer", remoteIp). Msg("too many peers, closing") return net.ClosePeer(conn.RemotePeer()) } m.peers.Store(remoteIp, peers) return nil } func (m *Manager) OnDisconnectCheck(conn libp2p_network.Conn) error { m.mutex.Lock() defer m.mutex.Unlock() ip, err := getRemoteIP(conn) if err != nil { return errors.Wrap(err, "failed on get ip") } value, ok := m.peers.Load(ip) if !ok { return nil } peers, ok := value.([]string) if !ok { return errors.New("peers info type err") } peerID := conn.RemotePeer().String() index, ok := find(peers, peerID) if ok { peers = append(peers[:index], peers[index+1:]...) if len(peers) == 0 { m.peers.Delete(ip) } else { m.peers.Store(ip, peers) } } return nil } func find(slice []string, val string) (int, bool) { for i, item := range slice { if item == val { return i, true } } return -1, false } func getRemoteIP(conn libp2p_network.Conn) (string, error) { for _, protocol := range conn.RemoteMultiaddr().Protocols() { switch protocol.Code { case ma.P_IP4: ip, err := conn.RemoteMultiaddr().ValueForProtocol(ma.P_IP4) if err != nil { return "", errors.Wrap(err, "failed on get ipv4 addr") } return ip, nil case ma.P_IP6: ip, err := conn.RemoteMultiaddr().ValueForProtocol(ma.P_IP6) if err != nil { return "", errors.Wrap(err, "failed on get ipv6 addr") } return ip, nil } } return "", errors.New(fmt.Sprintf("failed on get remote peer ip from addr: %s", conn.RemoteMultiaddr().String())) }