func (req *findnode) handle(t *udp, from *net.UDPAddr, fromID NodeID, mac []byte) error {
if expired(req.Expiration) {
return errExpired
}
if t.db.node(fromID) == nil {
// No bond exists, we don't process the packet. This prevents
// an attack vector where the discovery protocol could be used
// to amplify traffic in a DDOS attack. A malicious actor
// would send a findnode request with the IP address and UDP
// port of the target as the source address. The recipient of
// the findnode packet would then send a neighbors packet
// (which is a much bigger packet than findnode) to the victim.
return errUnknownNode
}
target := crypto.Keccak256Hash(req.Target[:])
t.mutex.Lock()
closest := t.closest(target, bucketSize).entries
t.mutex.Unlock()
p := neighbors{Expiration: uint64(time.Now().Add(expiration).Unix())}
// Send neighbors in chunks with at most maxNeighbors per packet
// to stay below the 1280 byte
修改bootnode的功能
最新推荐文章于 2021-05-14 10:54:50 发布
该博客内容描述了如何修改bootnode的处理逻辑,以防止DDoS攻击,并在响应findnode请求时添加本地节点信息。当接收到过期请求或未知源节点时,bootnode将不作响应。同时,它通过分块发送邻居节点信息来遵守1280字节的限制,并从配置文件中解析并添加持久化节点到响应中。
摘要由CSDN通过智能技术生成