Labels Milestones

New Issue

InitStratumAllowList only works with single IP #270

Closed

opened 1 year ago by fekt · 4 comments

fekt commented 1 year ago

Collaborator

User reported stratum no longer works in 3.9.3. I did some testing and it appears to only work when specifying a single IP now. CIDR and netmask don't seem to work. There were some changes to this function in BIP155 PR:
5184b4483f/src/stratum.cpp (L114)

I usually start stratum like this:
./hushd -stratum -stratumallowip=192.168.1.0/24 -stratumaddress=taddr -debug=stratum

I get Rejected connection from disallowed subnet: 192.168.1.103 in debug.log, even though the IP connecting is within range.
https://git.hush.is/hush/hush3/src/branch/master/src/stratum.cpp#L1560

Setting -stratumallowip=192.168.1.0/255.255.255.0 has the same result. Setting to a single IP works fine. Not setting -stratumallowip allows no connections except maybe from the local machine.

User reported stratum no longer works in 3.9.3. I did some testing and it appears to only work when specifying a single IP now. CIDR and netmask don't seem to work. There were some changes to this function in BIP155 PR: https://git.hush.is/hush/hush3/src/commit/5184b4483fc57f64af9fd0d08487a37d1182f52d/src/stratum.cpp#L114 I usually start stratum like this: `./hushd -stratum -stratumallowip=192.168.1.0/24 -stratumaddress=taddr -debug=stratum` I get `Rejected connection from disallowed subnet: 192.168.1.103` in debug.log, even though the IP connecting is within range. https://git.hush.is/hush/hush3/src/branch/master/src/stratum.cpp#L1560 Setting `-stratumallowip=192.168.1.0/255.255.255.0` has the same result. Setting to a single IP works fine. Not setting -stratumallowip allows no connections except maybe from the local machine.

fekt commented 1 year ago

Poster

Collaborator

I think the problem may be with this:
LookupHost(strAllow.c_str(), netaddr, false);

LookupHost seems to expect a single IP, not a CIDR or netmask range. I am testing reverting back to how it was with CSubNet subnet(strAllow);

I think the problem may be with this: `LookupHost(strAllow.c_str(), netaddr, false);` LookupHost seems to expect a single IP, not a CIDR or netmask range. I am testing reverting back to how it was with `CSubNet subnet(strAllow);`

👍 1

fekt referenced this issue from a commit 1 year ago

Fix for #270 to allow subnets

fekt commented 1 year ago

Poster

Collaborator

Reverting old code didn't compile but found there was LookupSubNet that seems to work as expected. This worked with single IP, CIDR, and netmask when I tested, while rejecting IPs out of range. Others may want to test though.

Committed to dev branch: 883e598994

Reverting old code didn't compile but found there was `LookupSubNet` that seems to work as expected. This worked with single IP, CIDR, and netmask when I tested, while rejecting IPs out of range. Others may want to test though. Committed to dev branch: https://git.hush.is/hush/hush3/commit/883e598994d84b5649bbb6ba70a8b6622a426cde

👍 2 🚀 1

duke commented 1 year ago

Owner

@fekt thanks for fixing this

@fekt thanks for fixing this

duke commented 1 year ago

Owner

Just wanted to comment here that one possible workaround is specifying -stratumallowip multiple times instead of using a netmask.

Fixed on dev, closing

Just wanted to comment here that one possible workaround is specifying `-stratumallowip` multiple times instead of using a netmask. Fixed on dev, closing

duke closed this issue 1 year ago

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

arm

asyncnotedecryption

danger

dev

dev-aarch64

dev-mac

dev-old-randomx

divzaddrs

dragonx

duke

freebsd

getfilterednotes

hip39

insync

jahway603

master

mvstuff

onryo

p2p_privacy

ramhash

relaytx

rx-largepages

setbestchain

warmup

witness_cache

wolfssl

wolfssl_win

z_createrawtransaction

z_importwallet

z_signmessage

v0.11.2.z0

v0.11.2.z1

v0.11.2.z2

v0.11.2.z3

v0.11.2.z4

v0.11.2.z5

v0.11.2.z6

v0.11.2.z7

v0.11.2.z8

v0.11.2.z9

v1.0.0

v1.0.0-beta1

v1.0.0-beta2

v1.0.0-rc1

v1.0.0-rc2

v1.0.0-rc3

v1.0.0-rc4

v1.0.1

v1.0.10

v1.0.10-1

v1.0.11

v1.0.11-rc1

v1.0.12

v1.0.12-rc1

v1.0.13

v1.0.13-rc1

v1.0.13-rc2

v1.0.14

v1.0.14-rc1

v1.0.15

v1.0.15-rc1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7-1

v1.0.8

v1.0.8-1

v1.0.9

v1.1.0

v1.1.0-rc1

v1.1.1

v1.1.1-rc1

v1.1.1-rc2

v1.1.2

v1.1.2-rc1

v2.0.0

v2.0.0-rc1

v2.0.1

v3.0.0

v3.1.0

v3.1.1

v3.10.0

v3.10.1

v3.10.2

v3.2.0

v3.2.1

v3.2.1-alpha

v3.2.1-beta

v3.2.2

v3.2.3

v3.3.0

v3.3.1

v3.3.2

v3.4.0

v3.4.1

v3.5.0

v3.5.1

v3.5.2

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.7.0

v3.7.1

v3.8.0

v3.9.0

v3.9.1

v3.9.2

v3.9.3

v3.9.4

Labels

Apply labels

Clear labels

0-500 bounty
bounty up to 500 HUSH 2001-5000 bounty
bounty between 2001 and 5000 HUSH 501-2000 bounty
bounty between 501 and 2000 HUSH arm
something doesn't work on arm beginners
for new developers bug
may or may not be a bug build
problems building documentation
not enough information feature
new feature high priority
high priority i2p
related to i2p low priority
low priority medium priority
medium priority question
something is not clear release
release label or issue related to it testing
related to testing tor
related to tor wontfix
this won't be fixed

No Label 0-500 bounty 2001-5000 bounty 501-2000 bounty arm beginners bug build documentation feature high priority i2p low priority medium priority question release testing tor wontfix

Milestone

Set milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Assign users

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview

Loading…

Cancel

Save

There is no content yet.