Fix handling of blacklisted IPs read from storage

[mina86]

I’ve recently submitted a change which causes peers read from the database to become banned if their IP address matches entry in a blacklist. There are still two outstanding issues:

• [x] The banned peers will be unbanned after some time. We need to figure out how this should interact with blacklisted addresses (do blacklisted peers never get unbanned? Should we just remove them from the PeerStore instead of banning them?) and implement that.
• [x] IPv4 addresses can be mapped to IPv6 (as ::ffff::a.b.c.d) which means that on some systems it might be possible to trick the node to accepting connection from a blacklisted IP if it’s somehow presented as IPv6 address. We should change the blacklist implementation so that we always either canonicalize addresses or convert them to IPv6.

[mooori]

I'm interested in working on the second item. Is std::net::Ipv4Addr::to_ipv6_mapped() a valid approach for the conversion?

[mina86]

Yep.

[mooori]

Is there a preference regarding the first item (never unban or remove)?

Removing the peer from PeerStore might make things easier, since then there is no need for extra logic to handle peers which are banned and blacklisted. It should be safe since new connections from blacklisted peers are rejected: https://github.com/near/nearcore/blob/55d0e03b52d1eece08ce4ba91cc726c9134087e9/chain/network/src/peer_manager/peer_manager_actor.rs#L2081-L2085

[mina86]

Yeah, I think deleting the nodes from the database should be fine.