[rpc] Add listbanned ip command

Author: dhruv

doc/release-notes/release-notes-19825.md

@@ -1,4 +1,5 @@
 ### RPC and other APIs
 - #19825 `setban` behavior changed: Banning a subnet that is a subset of a previous ban is a no-op instead of an rpc error.
 - #19825 `setban` behavior changed: Unbanning a non-banned subnet is a no-op instead of an rpc error.
-- #19825 `setban` behavior changed: Added `setban removeall ip` to remove all bans that affect an ip address.
+- #19825 `setban` behavior changed: Added `setban removeall ip` to remove all bans that affect an ip address.
+- #19825 `listbanned ip` added: Lists ban entries that include ip.

src/banman.cpp

@@ -5,7 +5,6 @@
 
 #include <banman.h>
 
-#include <netaddress.h>
 #include <node/ui_interface.h>
 #include <util/system.h>
 #include <util/time.h>
@@ -154,12 +153,23 @@ void BanMan::UnbanAll(const CNetAddr& net_addr)
     DumpBanlist(); //store banlist to disk immediately
 }
 
-void BanMan::GetBanned(banmap_t& banmap)
+void BanMan::GetBanned(banmap_t& banmap, std::optional<const CNetAddr> filterForIp)
 {
     LOCK(m_cs_banned);
     // Sweep the banlist so expired bans are not returned
     SweepBanned();
     banmap = m_banned; //create a thread safe copy
+
+    if (filterForIp) {
+        for (auto it = banmap.begin(); it != banmap.end();) {
+            CSubNet sub_net = it->first;
+            if (!sub_net.Match(filterForIp.value())) {
+                it = banmap.erase(it);
+            } else {
+                it++;
+            }
+        }
+    }
 }
 
 void BanMan::SetBanned(const banmap_t& banmap)

src/banman.h

@@ -8,21 +8,21 @@
 #include <addrdb.h>
 #include <bloom.h>
 #include <fs.h>
+#include <netaddress.h> // For CNetAddr and CSubNet
 #include <net_types.h> // For banmap_t
 #include <sync.h>
 
 #include <chrono>
 #include <cstdint>
 #include <memory>
+#include <optional>
 
 // NOTE: When adjusting this, update rpcnet:setban's help ("24h")
 static constexpr unsigned int DEFAULT_MISBEHAVING_BANTIME = 60 * 60 * 24; // Default 24-hour ban
 // How often to dump addresses to banlist.dat
 static constexpr std::chrono::minutes DUMP_BANS_INTERVAL{15};
 
 class CClientUIInterface;
-class CNetAddr;
-class CSubNet;
 
 // Banman manages two related but distinct concepts:
 //
@@ -77,7 +77,7 @@ class BanMan
 
     // Removes all ban entries that include net_addr
     void UnbanAll(const CNetAddr& net_addr);
-    void GetBanned(banmap_t& banmap);
+    void GetBanned(banmap_t& banmap, std::optional<const CNetAddr> filterForIp = {});
     void DumpBanlist();
 
 private:

src/rpc/net.cpp

@@ -673,7 +673,9 @@ static RPCHelpMan listbanned()
 {
     return RPCHelpMan{"listbanned",
                 "\nList all manually banned IPs/Subnets.\n",
-                {},
+                {
+                    {"ip", RPCArg::Type::STR, RPCArg::Optional::OMITTED_NAMED_ARG, "If IP is provided, only bans which include the IP will be returned."},
+                },
         RPCResult{RPCResult::Type::ARR, "", "",
             {
                 {RPCResult::Type::OBJ, "", "",
@@ -695,8 +697,16 @@ static RPCHelpMan listbanned()
     }
 
     banmap_t banMap;
-    node.banman->GetBanned(banMap);
-
+    if (request.params[0].isNull()) {
+        node.banman->GetBanned(banMap);
+    } else {
+        CNetAddr netAddr;
+        LookupHost(request.params[0].get_str(), netAddr, false);
+        if (!netAddr.IsValid()) {
+            throw JSONRPCError(RPC_INVALID_PARAMETER, "Error: Invalid ip address");
+        }
+        node.banman->GetBanned(banMap, netAddr);
+    }
     UniValue bannedAddresses(UniValue::VARR);
     for (const auto& entry : banMap)
     {
@@ -880,7 +890,7 @@ static const CRPCCommand commands[] =
     { "network",            "getnettotals",           &getnettotals,           {} },
     { "network",            "getnetworkinfo",         &getnetworkinfo,         {} },
     { "network",            "setban",                 &setban,                 {"subnet", "command", "bantime", "absolute"} },
-    { "network",            "listbanned",             &listbanned,             {} },
+    { "network",            "listbanned",             &listbanned,             {"ip"} },
     { "network",            "clearbanned",            &clearbanned,            {} },
     { "network",            "setnetworkactive",       &setnetworkactive,       {"state"} },
     { "network",            "getnodeaddresses",       &getnodeaddresses,       {"count"} },

src/test/rpc_tests.cpp

@@ -365,14 +365,26 @@ BOOST_AUTO_TEST_CASE(rpc_ban)
     adr = find_value(o1, "address");
     BOOST_CHECK_EQUAL(adr.get_str(), "2001:4d48:ac57:400:cacf:e9ff:fe1d:9c63/128");
 
-    //removeall ipv4 test
+    //listbanned + removeall ipv4 test
     BOOST_CHECK_NO_THROW(CallRPC(std::string("clearbanned")));
     BOOST_CHECK_NO_THROW(r = CallRPC(std::string("setban 127.0.0.0/16 add")));
     BOOST_CHECK_NO_THROW(r = CallRPC(std::string("setban 127.0.0.0/24 add")));
     BOOST_CHECK_NO_THROW(r = CallRPC(std::string("setban 127.0.0.0/32 add")));
     BOOST_CHECK_NO_THROW(r = CallRPC(std::string("listbanned")));
     ar = r.get_array();
     BOOST_CHECK_EQUAL(ar.size(), 3U);
+    BOOST_CHECK_THROW(CallRPC(std::string("listbanned 127.0.0.3/32")), std::runtime_error); // requires single ip, not subnet representation
+    BOOST_CHECK_NO_THROW(r = CallRPC(std::string("listbanned 127.0.0.3")));
+    ar = r.get_array();
+    BOOST_CHECK_EQUAL(ar.size(), 2U);
+    for (size_t i = 0; i < ar.size(); i++) {
+        o1 = ar[i].get_obj();
+        auto address = find_value(o1, "address").get_str();
+        if (address != "127.0.0.0/16" &&
+            address != "127.0.0.0/24") {
+            BOOST_FAIL("Unexpected address in banlist");
+        }
+    }
     BOOST_CHECK_THROW(CallRPC(std::string("setban 127.0.0.3/32 removeall")), std::runtime_error); // cannot removeall subnets
     BOOST_CHECK_NO_THROW(CallRPC(std::string("setban 127.0.0.3 removeall"))); // remove all subnets with 127.0.0.3
     BOOST_CHECK_NO_THROW(r = CallRPC(std::string("listbanned")));
@@ -382,14 +394,26 @@ BOOST_AUTO_TEST_CASE(rpc_ban)
     adr = find_value(o1, "address");
     BOOST_CHECK_EQUAL(adr.get_str(), "127.0.0.0/32");
 
-    //removeall ipv6 test
+    //listbanned + removeall ipv6 test
     BOOST_CHECK_NO_THROW(CallRPC(std::string("clearbanned")));
     BOOST_CHECK_NO_THROW(r = CallRPC(std::string("setban 2001:4d48:ac57:400:cacf:e9ff:fe1d:9c63/96 add")));
     BOOST_CHECK_NO_THROW(r = CallRPC(std::string("setban 2001:4d48:ac57:400:cacf:e9ff:fe1d:9c63/112 add")));
     BOOST_CHECK_NO_THROW(r = CallRPC(std::string("setban 2001:4d48:ac57:400:cacf:e9ff:fe1d:9c63/128 add")));
     BOOST_CHECK_NO_THROW(r = CallRPC(std::string("listbanned")));
     ar = r.get_array();
     BOOST_CHECK_EQUAL(ar.size(), 3U);
+    BOOST_CHECK_THROW(CallRPC(std::string("listbanned 2001:4d48:ac57:400:cacf:e9ff:fe1d:9c64/128")), std::runtime_error); // requires single ip, not subnet representation
+    BOOST_CHECK_NO_THROW(r = CallRPC(std::string("listbanned 2001:4d48:ac57:400:cacf:e9ff:fe1d:9c64")));
+    ar = r.get_array();
+    BOOST_CHECK_EQUAL(ar.size(), 2U);
+    for (size_t i = 0; i < ar.size(); i++) {
+        o1 = ar[i].get_obj();
+        auto address = find_value(o1, "address").get_str();
+        if (address != "2001:4d48:ac57:400:cacf:e9ff::/96" &&
+            address != "2001:4d48:ac57:400:cacf:e9ff:fe1d:0/112") {
+            BOOST_FAIL("Unexpected address in banlist");
+        }
+    }
     BOOST_CHECK_THROW(CallRPC(std::string("setban 2001:4d48:ac57:400:cacf:e9ff:fe1d:9c64/128 removeall")), std::runtime_error); // cannot removeall subnets
     BOOST_CHECK_NO_THROW(CallRPC(std::string("setban 2001:4d48:ac57:400:cacf:e9ff:fe1d:9c64 removeall"))); // remove all subnets with 127.0.0.3
     BOOST_CHECK_NO_THROW(r = CallRPC(std::string("listbanned")));

test/functional/p2p_disconnect_ban.py

@@ -66,11 +66,14 @@ def run_test(self):
         self.nodes[1].clearbanned()
         assert_equal(len(self.nodes[1].listbanned()), 0)
 
-        self.log.info("setban removeall: ipv4 test")
+        self.log.info("setban listbanned and removeall: ipv4 test")
         self.nodes[1].setban("127.0.0.1/16", "add")
         self.nodes[1].setban("127.0.0.1/24", "add")
         self.nodes[1].setban("127.0.0.1/32", "add")
         assert_equal(len(self.nodes[1].listbanned()), 3)
+        assert_raises_rpc_error(-8, "Error: Invalid ip address", self.nodes[1].listbanned, "127.0.0.3/32")
+        relevant_bans = self.nodes[1].listbanned("127.0.0.3")
+        assert_equal({x["address"] for x in relevant_bans}, {"127.0.0.0/16", "127.0.0.0/24"})
         assert_raises_rpc_error(-8, "Error: setban removeall requires single ip address",
             self.nodes[1].setban, "127.0.0.3/32", "removeall")
         self.nodes[1].setban("127.0.0.3", "removeall")
@@ -79,11 +82,14 @@ def run_test(self):
         assert_equal(listbanned_response[0]["address"], "127.0.0.1/32")
         self.nodes[1].clearbanned()
 
-        self.log.info("setban removeall: ipv6 test")
+        self.log.info("setban listbanned and removeall: ipv6 test")
         self.nodes[1].setban("2001:4d48:ac57:400:cacf:e9ff:fe1d:9c63/96", "add")
         self.nodes[1].setban("2001:4d48:ac57:400:cacf:e9ff:fe1d:9c63/112", "add")
         self.nodes[1].setban("2001:4d48:ac57:400:cacf:e9ff:fe1d:9c63/128", "add")
         assert_equal(len(self.nodes[1].listbanned()), 3)
+        assert_raises_rpc_error(-8, "Error: Invalid ip address",
+            self.nodes[1].listbanned, "2001:4d48:ac57:400:cacf:e9ff:fe1d:9c64/128")
+        relevant_bans = self.nodes[1].listbanned("2001:4d48:ac57:400:cacf:e9ff:fe1d:9c64")
         assert_raises_rpc_error(-8, "Error: setban removeall requires single ip address",
             self.nodes[1].setban, "2001:4d48:ac57:400:cacf:e9ff:fe1d:9c64/128", "removeall")
         self.nodes[1].setban("2001:4d48:ac57:400:cacf:e9ff:fe1d:9c64", "removeall")