ported
/
egaz-pool
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

stratum_blacklist wallet

master
yuriy0803 3 years ago
parent
1012df6c56
commit
15c0898b51
5 changed files with 91 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      api.json
  2. 42
      policy/policy.go
  3. 21
      proxy/handlers.go
  4. 9
      proxy/miner.go
  5. 1
      stratum_blacklist.json

1
api.json
Unescape View File

@ -35,6 +35,7 @@
"workers": 8, "workers": 8,
"resetInterval": "60m", "resetInterval": "60m",
"refreshInterval": "1m", "refreshInterval": "1m",
"blacklist_file" : "/home/pool/open-etc-pool-friends/stratum_blacklist.json",
"banning": { "banning": {
"enabled": false, "enabled": false,

42
policy/policy.go
Unescape View File

@ -1,9 +1,12 @@
package policy package policy
import ( import (
"encoding/json"
"fmt" "fmt"
"log" "log"
"os"
"os/exec" "os/exec"
"path/filepath"
"strings" "strings"
"sync" "sync"
"sync/atomic" "sync/atomic"
@ -19,6 +22,7 @@ type Config struct {
Limits Limits `json:"limits"` Limits Limits `json:"limits"`
ResetInterval string `json:"resetInterval"` ResetInterval string `json:"resetInterval"`
RefreshInterval string `json:"refreshInterval"` RefreshInterval string `json:"refreshInterval"`
Walletblacklist string `json:"blacklist_file"`
} }
type Limits struct { type Limits struct {
@ -62,6 +66,7 @@ type PolicyServer struct {
blacklist []string blacklist []string
whitelist []string whitelist []string
storage *storage.RedisClient storage *storage.RedisClient
walletblacklist []string
} }
func Start(cfg *Config, storage *storage.RedisClient) *PolicyServer { func Start(cfg *Config, storage *storage.RedisClient) *PolicyServer {
@ -142,6 +147,26 @@ func (s *PolicyServer) resetStats() {
log.Printf("Flushed stats for %v IP addresses", total) log.Printf("Flushed stats for %v IP addresses", total)
} }
// loads up blacklist of wallets if file is present
func (s *PolicyServer) GetWalletBlacklist() ([]string, error) {
blacklistFileName := s.config.Walletblacklist
blacklistFileName, _ = filepath.Abs(blacklistFileName)
log.Printf("Loading wallet blacklist: %v", blacklistFileName)
blacklistFile, err := os.Open(blacklistFileName)
if err != nil {
log.Printf("File error: %v", err.Error())
return nil, err
}
defer blacklistFile.Close()
var data []string
jsonParser := json.NewDecoder(blacklistFile)
if err := jsonParser.Decode(&data); err != nil {
log.Printf("Blacklist parsing error: %v", err.Error())
return nil, err
}
return data, nil
}
func (s *PolicyServer) refreshState() { func (s *PolicyServer) refreshState() {
s.Lock() s.Lock()
defer s.Unlock() defer s.Unlock()
@ -155,6 +180,10 @@ func (s *PolicyServer) refreshState() {
if err != nil { if err != nil {
log.Printf("Failed to get whitelist from backend: %v", err) log.Printf("Failed to get whitelist from backend: %v", err)
} }
s.walletblacklist, err = s.GetWalletBlacklist()
if err != nil {
log.Printf("Failed to get wallet/login blacklist from json file backend: %v", err)
}
log.Println("Policy state refresh complete") log.Println("Policy state refresh complete")
} }
@ -201,6 +230,13 @@ func (s *PolicyServer) ApplyLimitPolicy(ip string) bool {
return true return true
} }
func (s *PolicyServer) ApplyLoginWalletPolicy(login string) bool {
if s.InWalletBlackList(login) {
return false
}
return true
}
func (s *PolicyServer) ApplyLoginPolicy(addy, ip string) bool { func (s *PolicyServer) ApplyLoginPolicy(addy, ip string) bool {
if s.InBlackList(addy) { if s.InBlackList(addy) {
x := s.Get(ip) x := s.Get(ip)
@ -210,6 +246,12 @@ func (s *PolicyServer) ApplyLoginPolicy(addy, ip string) bool {
return true return true
} }
func (s *PolicyServer) InWalletBlackList(addy string) bool {
s.RLock()
defer s.RUnlock()
return util.StringInSlice(addy, s.walletblacklist)
}
func (s *PolicyServer) ApplyMalformedPolicy(ip string) bool { func (s *PolicyServer) ApplyMalformedPolicy(ip string) bool {
x := s.Get(ip) x := s.Get(ip)
n := x.incrMalformed() n := x.incrMalformed()

21
proxy/handlers.go
Unescape View File

@ -30,6 +30,11 @@ func (s *ProxyServer) handleLoginRPC(cs *Session, params []string, id string) (b
if !s.policy.ApplyLoginPolicy(login, cs.ip) { if !s.policy.ApplyLoginPolicy(login, cs.ip) {
return false, &ErrorReply{Code: -1, Message: "You are blacklisted"} return false, &ErrorReply{Code: -1, Message: "You are blacklisted"}
} }
//save for later, too broad right now, bans the ip the wallet comes from, (bad if more then one miner proxies there)
// if !s.policy.ApplyLoginWalletPolicy(login) {
// // check to see if this wallet login is blocked in json file
// return false, &ErrorReply{Code: -1, Message: "You are blacklisted"}
// }
cs.login = login cs.login = login
s.registerSession(cs) s.registerSession(cs)
log.Printf("Stratum miner connected %v@%v", login, cs.ip) log.Printf("Stratum miner connected %v@%v", login, cs.ip)
@ -71,24 +76,38 @@ func (s *ProxyServer) handleSubmitRPC(cs *Session, login, id string, params []st
log.Printf("Malformed PoW result from %s@%s %v", login, cs.ip, params) log.Printf("Malformed PoW result from %s@%s %v", login, cs.ip, params)
return false, &ErrorReply{Code: -1, Message: "Malformed PoW result"} return false, &ErrorReply{Code: -1, Message: "Malformed PoW result"}
} }
go func(s *ProxyServer, cs *Session, login, id string, params []string) { go func(s *ProxyServer, cs *Session, login, id string, params []string) {
t := s.currentBlockTemplate() t := s.currentBlockTemplate()
//MFO: This function (s.processShare) will process a share as per hasher.Verify function of github.com/ethereum/ethash
// output of this function is either:
// true,true (Exists) which means share already exists and it is validShare
// true,false (Exists & invalid)which means share already exists and it is invalidShare or it is a block <-- should not ever happen
// false,false (stale/invalid)which means share is new, and it is not a block, might be a stale share or invalidShare
// false,true (valid)which means share is new, and it is a block or accepted share
// false,false,false (blacklisted wallet attached to share) see json file
// When this function finishes, the results is already recorded in the db for valid shares or blocks.
exist, validShare := s.processShare(login, id, cs.ip, t, params) exist, validShare := s.processShare(login, id, cs.ip, t, params)
ok := s.policy.ApplySharePolicy(cs.ip, !exist && validShare) ok := s.policy.ApplySharePolicy(cs.ip, !exist && validShare)
// if true,true or true,false
if exist { if exist {
log.Printf("Duplicate share from %s@%s %v", login, cs.ip, params) log.Printf("Duplicate share from %s@%s %v", login, cs.ip, params)
cs.lastErr = errors.New("Duplicate share") cs.lastErr = errors.New("Duplicate share")
} }
// if false, false
if !validShare { if !validShare {
//MFO: Here we have an invalid share
log.Printf("Invalid share from %s@%s", login, cs.ip) log.Printf("Invalid share from %s@%s", login, cs.ip)
// Bad shares limit reached, return error and close // Bad shares limit reached, return error and close
if !ok { if !ok {
cs.lastErr = errors.New("Invalid share") cs.lastErr = errors.New("Invalid share")
} }
} }
//MFO: Here we have a valid share and it is already recorded in DB by miner.go
// if false, true
if s.config.Proxy.Debug { if s.config.Proxy.Debug {
log.Printf("Valid share from %s@%s", login, cs.ip) log.Printf("Valid share from %s@%s", login, cs.ip)
} }

9
proxy/miner.go
Unescape View File

@ -65,6 +65,15 @@ func (s *ProxyServer) processShare(login, id, ip string, t *BlockTemplate, param
mixDigest: common.HexToHash(mixDigest), mixDigest: common.HexToHash(mixDigest),
} }
//this is to stop people in wallet blacklist, from getting shares into the db.
//rare instances of hacks require letting the hacks waste thier money on occassion
if !s.policy.ApplyLoginWalletPolicy(login) {
// check to see if this wallet login is blocked
log.Printf("Blacklisted wallet share, skipped from %v", login)
return false, false
//return codes need work here, a lot of it.
}
if !hasher.Verify(share) { if !hasher.Verify(share) {
s.backend.WriteWorkerShareStatus(login, id, false, false, true) s.backend.WriteWorkerShareStatus(login, id, false, false, true)
return false, false return false, false

1
stratum_blacklist.json
Unescape View File

@ -0,0 +1 @@
[ "0x0835290fe660379faefe63a533c6cb96e10770cd", "0x4bc7b9d69d6454c5666ecad87e5699c1ec02d533" ]
Write Preview
Loading…
Cancel
Save