feat(wire): allow NodeInterface to request peer banning

[Micah-Shallom]

Description

Closes #809.

Adds ban_peer() to NodeInterface, allowing external consumers to ban a peer by address and port. Follows the same pattern as the existing disconnect_peer() flow. Internally calls the existing disconnect_and_ban() method.

AI was used for codebase understanding; but all code was written manually.

[jaoleal]

Thanks for taking a look at this.

[jaoleal]

Suggested change

	Ok(_) => {
	Ok(()) => {

[jaoleal]

Here some suggestions:

I think that you can make port optional, you can also simplify the handling on 518.

    /// Bans a peer for `T::BAN_TIME`.
    pub fn handle_ban_peer(&mut self, addr: IpAddr, port: Option<u16>) -> Result<(), WireError> {
        let peer_id = self
            .peers
            .iter()
            .find(|(_, peer)| {
                addr == peer.address && port.unwrap_or(get_port(&self.network)) == peer.port
            })
            .map(|(&peer_id, _)| peer_id);

        match peer_id {
            Some(peer_id) => self.disconnect_and_ban(peer_id),
            None => Err(WireError::PeerNotFoundAtAddress(
                addr,
                port.unwrap_or(get_port(&self.network)),
            )),
        }
    }

Also, it appears that Bitcoin Core allows banning peers that arent known by the time. cc @Davidson-Souza

[Micah-Shallom]

hi @jaoleal ...thank you for your review.. i have addressed your suggestions.
Also regarding banning unknown peers, i will be happy to implement that if @Davidson-Souza confirms it's in scope for this PR, or i can follow up in a seperate PR

[jaoleal]

Okay, the changes LGTM.

[Davidson-Souza]

This works only for connected peers, right? I think the comment should mention that

[Davidson-Souza]

Perhaps if a port isn't provided, we should ban all peers on that ip?

Wdyt @luisschwab?

[csgui]

Just chiming in.

It seems that banning all peers is the way to go. Right now None is the default port number.

ban_peer(1.2.3.4, None) -> ban_peer(1.2.3.4, 8333)

But an attacker could reconnect on 1.2.3.4:50000

[Davidson-Souza]

And return an option here

[Davidson-Souza]

Suggested change

	info!("Banned peer {addr}:{}",port.unwrap_or(Self::get_port(self.network)));
	info!("Banned peer {addr}:{}", port.unwrap_or(Self::get_port(self.network)));

[luisschwab]

I think we should have an actual BanMan before tackling this one.

[jaoleal]

I think we should have an actual BanMan before tackling this one.

I think the proposed PR aggregates on floresta as it is. Cant we work on a BanMan after ? I say that because i thought this would enable setban rpc method, by looking at is specs it appears that such a BanMan needs its own PR.

We could open a tracking issue for that, I did some looking around of what we need to satisfy setban and the changes are trivial.

[Davidson-Souza]

@luisschwab

I think we should have an actual BanMan before tackling this one.

This interface (which is pretty much what #809 asks for) is not the same as setban. setban takes in an ip address only, and idk if it disconnects already connected peers. Maybe using just this could be useful? For bonsai this would basically be what you need IIRC.

Since you opened the issue, it's up to you whether this is useful or not.

Edit: forgot to quote

[luisschwab]

setban takes in an ip address only

No, it takes extra arguments: https://developer.bitcoin.org/reference/rpc/setban.html

I think these should also be exposed to the NodeInterface instead of just banning a peer absolutely. This approach also won't allow banning a whole subnet, as we can only pass an IP address.

[Davidson-Souza]

setban takes in an ip address only

No, it takes extra arguments: https://developer.bitcoin.org/reference/rpc/setban.html

I meant it doesn't take a port, just an ip. I like the idea of adding a bantime. Banning forever isn't a good idea.

Since the way to go seems to be adding the BanMan to ban a range, we should merge #820 and #809 and better define the approach.

[luisschwab]

we should merge #820 and #809 and better define the approach.

done

[Micah-Shallom]

thanks for your reviews @jaoleal @Davidson-Souza @luisschwab ...seeing that the conversation is pretty much drifting into the banman implementation #820 . If y'all will be okay with me looking into it, i could go through the docs and the existing banman code over the next few days and see what i can come up with.. if thats fine i'll appreciate being assigned to it @luisschwab 🙏🏾🙏🏾

[csgui]

Just chiming in.

It seems that banning all peers is the way to go. Right now None is the default port number.

ban_peer(1.2.3.4, None) -> ban_peer(1.2.3.4, 8333)

But an attacker could reconnect on 1.2.3.4:50000

[csgui]

port.unwrap_or(Self::get_port(self.network)) is being computed twice.

[csgui]

Have you considered a richer type instead a bool?

Only bool loses information. What happens with the error computed in handle_ban_peer if the bool is false?

[csgui]

This look odd to users of the API. If the default port inference is useful here, it should probably also apply to Disconnect (and also other operations like Remove) since they are "similar" operations.

Should we keep port an optional? Any take on that @Davidson-Souza, @luisschwab, @jaoleal ?