| 1172 | } |
| 1173 | |
| 1174 | void CConnman::CreateNodeFromAcceptedSocket(std::unique_ptr<Sock>&& sock, |
| 1175 | NetPermissionFlags permissionFlags, |
| 1176 | const CAddress& addr_bind, |
| 1177 | const CAddress& addr) |
| 1178 | { |
| 1179 | int nInbound = 0; |
| 1180 | int nMaxInbound = nMaxConnections - m_max_outbound; |
| 1181 | |
| 1182 | const bool inbound_onion = std::find(m_onion_binds.begin(), m_onion_binds.end(), addr_bind) != m_onion_binds.end(); |
| 1183 | // Tor inbound connections do not reveal the peer's actual network address. |
| 1184 | // Therefore do not apply address-based whitelist permissions to them. |
| 1185 | AddWhitelistPermissionFlags(permissionFlags, inbound_onion ? std::optional<CNetAddr>{} : addr); |
| 1186 | if (NetPermissions::HasFlag(permissionFlags, NetPermissionFlags::Implicit)) { |
| 1187 | NetPermissions::ClearFlag(permissionFlags, NetPermissionFlags::Implicit); |
| 1188 | if (gArgs.GetBoolArg("-whitelistforcerelay", DEFAULT_WHITELISTFORCERELAY)) NetPermissions::AddFlag(permissionFlags, NetPermissionFlags::ForceRelay); |
| 1189 | if (gArgs.GetBoolArg("-whitelistrelay", DEFAULT_WHITELISTRELAY)) NetPermissions::AddFlag(permissionFlags, NetPermissionFlags::Relay); |
| 1190 | NetPermissions::AddFlag(permissionFlags, NetPermissionFlags::Mempool); |
| 1191 | NetPermissions::AddFlag(permissionFlags, NetPermissionFlags::NoBan); |
| 1192 | } |
| 1193 | |
| 1194 | { |
| 1195 | LOCK(m_nodes_mutex); |
| 1196 | for (const CNode* pnode : m_nodes) { |
| 1197 | if (pnode->IsInboundConn()) nInbound++; |
| 1198 | } |
| 1199 | } |
| 1200 | |
| 1201 | if (!fNetworkActive) { |
| 1202 | LogPrint(BCLog::NET, "connection from %s dropped: not accepting new connections\n", addr.ToString()); |
| 1203 | return; |
| 1204 | } |
| 1205 | |
| 1206 | if (!IsSelectableSocket(sock->Get())) |
| 1207 | { |
| 1208 | LogPrintf("connection from %s dropped: non-selectable socket\n", addr.ToString()); |
| 1209 | return; |
| 1210 | } |
| 1211 | |
| 1212 | // According to the internet TCP_NODELAY is not carried into accepted sockets |
| 1213 | // on all platforms. Set it again here just to be sure. |
| 1214 | SetSocketNoDelay(sock->Get()); |
| 1215 | |
| 1216 | // Don't accept connections from banned peers. |
| 1217 | bool banned = m_banman && m_banman->IsBanned(addr); |
| 1218 | if (!NetPermissions::HasFlag(permissionFlags, NetPermissionFlags::NoBan) && banned) |
| 1219 | { |
| 1220 | LogPrint(BCLog::NET, "connection from %s dropped (banned)\n", addr.ToString()); |
| 1221 | return; |
| 1222 | } |
| 1223 | |
| 1224 | // Only accept connections from discouraged peers if our inbound slots aren't (almost) full. |
| 1225 | bool discouraged = m_banman && m_banman->IsDiscouraged(addr); |
| 1226 | if (!NetPermissions::HasFlag(permissionFlags, NetPermissionFlags::NoBan) && nInbound + 1 >= nMaxInbound && discouraged) |
| 1227 | { |
| 1228 | LogPrint(BCLog::NET, "connection from %s dropped (discouraged)\n", addr.ToString()); |
| 1229 | return; |
| 1230 | } |
| 1231 |
nothing calls this directly
no test coverage detected