quic: use net.BlockList for limiting access to a QuicSocket

PR-URL: https://github.com/nodejs/node/pull/34741 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Rich Trott <rtrott@gmail.com>
author: James M Snell <jasnell@gmail.com> 2020-08-12 01:46:25 +0300
committer: James M Snell <jasnell@gmail.com> 2020-08-17 21:31:28 +0300
commit: c855c3e8ca5142e7b7f4a4e6adbf43e0ab18439b (patch)
tree: 3d39e98cea119b63c3a804df26db6ed2fc1adf9b /src
parent: 1c14810edc68cc460d32da80fc52284c079d20ff (diff)
3 files changed, 15 insertions, 1 deletions
diff --git a/src/quic/node_quic_session.h b/src/quic/node_quic_session.h
index 05c7606e8b5..4bd14310e15 100644
--- a/src/quic/node_quic_session.h
+++ b/src/quic/node_quic_session.h
@@ -207,7 +207,7 @@ enum QuicSessionStateFields {
   V(SMOOTHED_RTT, smoothed_rtt, "Smoothed RTT")                                \
   V(CWND, cwnd, "Cwnd")                                                        \
   V(RECEIVE_RATE, receive_rate, "Receive Rate / Sec")                          \
-  V(SEND_RATE, send_rate, "Send Rate  Sec")
+  V(SEND_RATE, send_rate, "Send Rate  Sec")                                    \
 
 #define V(name, _, __) IDX_QUIC_SESSION_STATS_##name,
 enum QuicSessionStatsIdx : int {
diff --git a/src/quic/node_quic_socket.cc b/src/quic/node_quic_socket.cc
index cf7b128bb00..abbdd50e470 100644
--- a/src/quic/node_quic_socket.cc
+++ b/src/quic/node_quic_socket.cc
@@ -252,6 +252,7 @@ QuicSocket::QuicSocket(
     : AsyncWrap(quic_state->env(), wrap, AsyncWrap::PROVIDER_QUICSOCKET),
       StatsBase(quic_state->env(), wrap),
       alloc_info_(MakeAllocator()),
+      block_list_(SocketAddressBlockListWrap::New(quic_state->env())),
       options_(options),
       state_(quic_state->env()->isolate()),
       max_connections_(max_connections),
@@ -271,6 +272,12 @@ QuicSocket::QuicSocket(
 
   wrap->DefineOwnProperty(
       env()->context(),
+      env()->block_list_string(),
+      block_list_->object(),
+      PropertyAttribute::ReadOnly).Check();
+
+  wrap->DefineOwnProperty(
+      env()->context(),
       env()->state_string(),
       state_.GetArrayBuffer(),
       PropertyAttribute::ReadOnly).Check();
@@ -432,6 +439,12 @@ void QuicSocket::OnReceive(
     return;
   }
 
+  if (UNLIKELY(block_list_->Apply(remote_addr))) {
+    Debug(this, "Ignoring blocked remote address: %s", remote_addr);
+    IncrementStat(&QuicSocketStats::packets_ignored);
+    return;
+  }
+
   IncrementStat(&QuicSocketStats::bytes_received, nread);
 
   const uint8_t* data = reinterpret_cast<const uint8_t*>(buf.data());
diff --git a/src/quic/node_quic_socket.h b/src/quic/node_quic_socket.h
index 15ce987f582..63bb49091b1 100644
--- a/src/quic/node_quic_socket.h
+++ b/src/quic/node_quic_socket.h
@@ -516,6 +516,7 @@ class QuicSocket : public AsyncWrap,
   std::vector<BaseObjectPtr<QuicEndpoint>> endpoints_;
   SocketAddress::Map<BaseObjectWeakPtr<QuicEndpoint>> bound_endpoints_;
   BaseObjectWeakPtr<QuicEndpoint> preferred_endpoint_;
+  BaseObjectPtr<SocketAddressBlockListWrap> block_list_;
 
   uint32_t flags_ = 0;
   uint32_t options_ = 0;
author	James M Snell <jasnell@gmail.com>	2020-08-12 01:46:25 +0300
committer	James M Snell <jasnell@gmail.com>	2020-08-17 21:31:28 +0300
commit	c855c3e8ca5142e7b7f4a4e6adbf43e0ab18439b (patch)
tree	3d39e98cea119b63c3a804df26db6ed2fc1adf9b /src
parent	1c14810edc68cc460d32da80fc52284c079d20ff (diff)