Sybil: Auto-blocking

2019-05-13 13:28:04 +00:00
parent 48a92ca1e7
commit 8840532ed0
5 changed files with 47 additions and 9 deletions
--- a/apps/routerconsole/java/src/net/i2p/router/sybil/Analysis.java
+++ b/apps/routerconsole/java/src/net/i2p/router/sybil/Analysis.java
@ -87,6 +87,9 @@ public class Analysis extends JobImpl implements RouterApp {
    private static final double POINTS_UNREACHABLE = 4.0;
    private static final double POINTS_NEW = 4.0;
    private static final double POINTS_BANLIST = 25.0;
+    private static final double DEFAULT_BLOCK_THRESHOLD = 50.0;
+    private static final long DEFAULT_BLOCK_TIME = 7*24*60*60*1000L;
+    public static final float MIN_BLOCK_POINTS = 12.01f;

    /** Get via getInstance() */
    private Analysis(RouterContext ctx, ClientAppManager mgr, String[] args) {
@ -339,9 +342,41 @@ public class Analysis extends JobImpl implements RouterApp {
        // Profile analysis
        addProfilePoints(ris, points);
        addVersionPoints(ris, points);
+        if (_context.getBooleanProperty(PROP_BLOCK))
+            doBlocking(points);
        return points;
    }

+    /**
+     *  Blocklist and Banlist if configured
+     *  @since 0.9.41
+     */
+    private void doBlocking(Map<Hash, Points> points) {
+        double threshold = DEFAULT_BLOCK_THRESHOLD;
+        long blockUntil = _context.getProperty(Analysis.PROP_BLOCKTIME, DEFAULT_BLOCK_TIME) + _context.clock().now();
+        try {
+            threshold = Double.parseDouble(_context.getProperty(PROP_THRESHOLD, Double.toString(DEFAULT_BLOCK_THRESHOLD)));
+            if (threshold < MIN_BLOCK_POINTS)
+                threshold = MIN_BLOCK_POINTS;
+        } catch (NumberFormatException nfe) {}
+        for (Map.Entry<Hash, Points> e : points.entrySet()) {
+            double p = e.getValue().getPoints();
+            if (p >= threshold) {
+                Hash h = e.getKey();
+                RouterInfo ri = _context.netDb().lookupRouterInfoLocally(h);
+                if (ri != null) {
+                    for (RouterAddress ra : ri.getAddresses()) {
+                        byte[] ip = ra.getIP();
+                        if (ip != null)
+                             _context.blocklist().add(ip);
+                    }
+                }
+                String reason = "Sybil analysis with " + fmt.format(p) + " threat points";
+                _context.banlist().banlistRouter(h, reason, null, null, blockUntil);
+            }
+        }
+    }
+
    /**
     *  @param pairs out parameter, sorted
     *  @return average distance
--- a/apps/routerconsole/java/src/net/i2p/router/web/helpers/NetDbHelper.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/helpers/NetDbHelper.java
@ -232,7 +232,7 @@ public class NetDbHelper extends FormHandler {
                    }
                    String thresh = getJettyString("threshold");
                    if (thresh != null && thresh.length() > 0) {
-                        float val = Float.parseFloat(thresh);
+                        float val = Math.max(Float.parseFloat(thresh), Analysis.MIN_BLOCK_POINTS);
                        toSave.put(Analysis.PROP_THRESHOLD, Float.toString(val));
                    }
                    String days = getJettyString("days");
--- a/apps/routerconsole/java/src/net/i2p/router/web/helpers/SybilRenderer.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/helpers/SybilRenderer.java
@ -301,13 +301,7 @@ public class SybilRenderer {
        }
        boolean auto = _context.getBooleanProperty(Analysis.PROP_BLOCK);
        String thresh = _context.getProperty(Analysis.PROP_THRESHOLD, "50");
-        long days = 7;
-        String time = _context.getProperty(Analysis.PROP_BLOCKTIME);
-        if (time != null) {
-            try {
-                days = Long.parseLong(time) / (24*60*60*1000L);
-            } catch (NumberFormatException nfe) {}
-        }
+        long days = _context.getProperty(Analysis.PROP_BLOCKTIME, 7*24*60*60*1000L) / (24*60*60*1000L);
        buf.append("</select></td></tr>\n<tr><td>" +
                   "Auto-block routers?</td><td><input type=\"checkbox\" class=\"optbox\" value=\"1\" name=\"block\" ");
        if (auto)
--- a/history.txt
+++ b/history.txt
@ -1,3 +1,12 @@
+2019-05-13 zzz
+ * Console: Hide transport table unless advanced
+ * Sybil: Add support for auto-blocking
+ * Tunnels: Fix connection checker for NTCP2
+
+2019-05-12 zzz
+ * Jetty: Fix webapps in eepsite (ticket #2477)
+ * Util: Consolidate Java version checking code, fix bugs
+
 2019-05-11 zzz
 * Utils: Allow absolute path to certs in I2PSSLSocketFactory

--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@ -18,7 +18,7 @@ public class RouterVersion {
    /** deprecated */
    public final static String ID = "Monotone";
    public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 2;
+    public final static long BUILD = 3;

    /** for example "-test" */
    public final static String EXTRA = "";