From d84a0d7430c1c559ec870de14e15151b94ec3c38 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Wed, 1 Mar 2023 16:56:17 +0000
Subject: [PATCH 1/2] p2p: avoid spam blocking ipv4 addresses in a blocked
 subnet

---
 src/p2p/net_node.inl | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl
index df67734d5..70b8b176e 100644
--- a/src/p2p/net_node.inl
+++ b/src/p2p/net_node.inl
@@ -247,7 +247,23 @@ namespace nodetool
     if (it == m_blocked_hosts.end())
     {
       m_blocked_hosts[host_str] = limit;
-      added = true;
+
+      // if the host was already blocked due to being in a blocked subnet, let it be silent
+      bool matches_blocked_subnet = false;
+      if (addr.get_type_id() == epee::net_utils::address_type::ipv4)
+      {
+        auto ipv4_address = addr.template as<epee::net_utils::ipv4_network_address>();
+        for (auto jt = m_blocked_subnets.begin(); jt != m_blocked_subnets.end(); ++jt)
+        {
+          if (jt->first.matches(ipv4_address))
+          {
+            matches_blocked_subnet = true;
+            break;
+          }
+        }
+      }
+      if (!matches_blocked_subnet)
+        added = true;
     }
     else if (it->second < limit || !add_only)
       it->second = limit;

From d7a81ccba198e6ded296971c2ba4abcbb3ff7190 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Thu, 9 Mar 2023 17:17:59 +0000
Subject: [PATCH 2/2] p2p: do not log to global when re-blocking a subnet

---
 src/p2p/net_node.inl | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl
index 70b8b176e..70396d369 100644
--- a/src/p2p/net_node.inl
+++ b/src/p2p/net_node.inl
@@ -333,6 +333,7 @@ namespace nodetool
       limit = std::numeric_limits<time_t>::max();
     else
       limit = now + seconds;
+    const bool added = m_blocked_subnets.find(subnet) == m_blocked_subnets.end();
     m_blocked_subnets[subnet] = limit;
 
     // drop any connection to that subnet. This should only have to look into
@@ -365,7 +366,10 @@ namespace nodetool
       conns.clear();
     }
 
-    MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " blocked.");
+    if (added)
+      MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " blocked.");
+    else
+      MINFO("Subnet " << subnet.host_str() << " blocked.");
     return true;
   }
   //-----------------------------------------------------------------------------------