mirror of https://github.com/status-im/op-geth.git
cmd/geth, cmd/mist, cmd/utils, eth, p2p: support trusted peers
This commit is contained in:
parent
3fef601903
commit
de0549fabb
|
@ -25,7 +25,7 @@ func (js *jsre) adminBindings() {
|
|||
js.re.Set("admin", struct{}{})
|
||||
t, _ := js.re.Get("admin")
|
||||
admin := t.Object()
|
||||
admin.Set("suggestPeer", js.suggestPeer)
|
||||
admin.Set("trustPeer", js.trustPeer)
|
||||
admin.Set("startRPC", js.startRPC)
|
||||
admin.Set("stopRPC", js.stopRPC)
|
||||
admin.Set("nodeInfo", js.nodeInfo)
|
||||
|
@ -243,13 +243,13 @@ func (js *jsre) stopRPC(call otto.FunctionCall) otto.Value {
|
|||
return otto.FalseValue()
|
||||
}
|
||||
|
||||
func (js *jsre) suggestPeer(call otto.FunctionCall) otto.Value {
|
||||
func (js *jsre) trustPeer(call otto.FunctionCall) otto.Value {
|
||||
nodeURL, err := call.Argument(0).ToString()
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
return otto.FalseValue()
|
||||
}
|
||||
err = js.ethereum.SuggestPeer(nodeURL)
|
||||
err = js.ethereum.TrustPeer(nodeURL)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
return otto.FalseValue()
|
||||
|
|
|
@ -232,7 +232,8 @@ JavaScript API. See https://github.com/ethereum/go-ethereum/wiki/Javascipt-Conso
|
|||
utils.IdentityFlag,
|
||||
utils.UnlockedAccountFlag,
|
||||
utils.PasswordFileFlag,
|
||||
utils.BootnodesFlag,
|
||||
utils.BootNodesFlag,
|
||||
utils.TrustedNodesFlag,
|
||||
utils.DataDirFlag,
|
||||
utils.BlockchainVersionFlag,
|
||||
utils.JSpathFlag,
|
||||
|
|
|
@ -69,7 +69,7 @@ func init() {
|
|||
assetPathFlag,
|
||||
rpcCorsFlag,
|
||||
|
||||
utils.BootnodesFlag,
|
||||
utils.BootNodesFlag,
|
||||
utils.DataDirFlag,
|
||||
utils.ListenPortFlag,
|
||||
utils.LogFileFlag,
|
||||
|
|
|
@ -104,8 +104,8 @@ func (ui *UiLib) Connect(button qml.Object) {
|
|||
}
|
||||
|
||||
func (ui *UiLib) ConnectToPeer(nodeURL string) {
|
||||
if err := ui.eth.SuggestPeer(nodeURL); err != nil {
|
||||
guilogger.Infoln("SuggestPeer error: " + err.Error())
|
||||
if err := ui.eth.TrustPeer(nodeURL); err != nil {
|
||||
guilogger.Infoln("TrustPeer error: " + err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -202,11 +202,16 @@ var (
|
|||
Usage: "Network listening port",
|
||||
Value: 30303,
|
||||
}
|
||||
BootnodesFlag = cli.StringFlag{
|
||||
BootNodesFlag = cli.StringFlag{
|
||||
Name: "bootnodes",
|
||||
Usage: "Space-separated enode URLs for p2p discovery bootstrap",
|
||||
Value: "",
|
||||
}
|
||||
TrustedNodesFlag = cli.StringFlag{
|
||||
Name: "trustednodes",
|
||||
Usage: "List of trusted nodes (either an enode list or path to a json file of enodes)",
|
||||
Value: "",
|
||||
}
|
||||
NodeKeyFileFlag = cli.StringFlag{
|
||||
Name: "nodekey",
|
||||
Usage: "P2P node key file",
|
||||
|
@ -292,7 +297,8 @@ func MakeEthConfig(clientID, version string, ctx *cli.Context) *eth.Config {
|
|||
NodeKey: GetNodeKey(ctx),
|
||||
Shh: ctx.GlobalBool(WhisperEnabledFlag.Name),
|
||||
Dial: true,
|
||||
BootNodes: ctx.GlobalString(BootnodesFlag.Name),
|
||||
BootNodes: ctx.GlobalString(BootNodesFlag.Name),
|
||||
TrustedNodes: ctx.GlobalString(TrustedNodesFlag.Name),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -2,7 +2,10 @@ package eth
|
|||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path"
|
||||
"strings"
|
||||
"time"
|
||||
|
@ -56,10 +59,13 @@ type Config struct {
|
|||
MaxPeers int
|
||||
Port string
|
||||
|
||||
// This should be a space-separated list of
|
||||
// discovery node URLs.
|
||||
// Space-separated list of discovery node URLs
|
||||
BootNodes string
|
||||
|
||||
// Either a space-separated list of discovery node URLs, or a path to a json
|
||||
// file containing such a list.
|
||||
TrustedNodes string
|
||||
|
||||
// This key is used to identify the node on the network.
|
||||
// If nil, an ephemeral key is used.
|
||||
NodeKey *ecdsa.PrivateKey
|
||||
|
@ -96,6 +102,46 @@ func (cfg *Config) parseBootNodes() []*discover.Node {
|
|||
return ns
|
||||
}
|
||||
|
||||
// parseTrustedNodes parses a list of discovery node URLs either given literally,
|
||||
// or loaded from a .json file.
|
||||
func (cfg *Config) parseTrustedNodes() []*discover.Node {
|
||||
// Short circuit if no trusted nodes were given
|
||||
if cfg.TrustedNodes == "" {
|
||||
return nil
|
||||
}
|
||||
// Try to interpret the trusted node config as a .json file
|
||||
if _, err := os.Stat(cfg.TrustedNodes); err == nil {
|
||||
// Load the file from disk
|
||||
blob, err := ioutil.ReadFile(cfg.TrustedNodes)
|
||||
if err != nil {
|
||||
glog.V(logger.Error).Infof("Failed to access trusted nodes: %v", err)
|
||||
return nil
|
||||
}
|
||||
// Interpret the json contents
|
||||
list := []string{}
|
||||
if err := json.Unmarshal(blob, &list); err != nil {
|
||||
glog.V(logger.Error).Infof("Failed to load trusted nodes: %v", err)
|
||||
return nil
|
||||
}
|
||||
// Swap out the configuration for the actual nodes
|
||||
cfg.TrustedNodes = strings.Join(list, " ")
|
||||
}
|
||||
// Interpret the list as a discovery node array
|
||||
var nodes []*discover.Node
|
||||
for _, url := range strings.Split(cfg.TrustedNodes, " ") {
|
||||
if url == "" {
|
||||
continue
|
||||
}
|
||||
node, err := discover.ParseNode(url)
|
||||
if err != nil {
|
||||
glog.V(logger.Error).Infof("Trusted node URL %s: %v\n", url, err)
|
||||
continue
|
||||
}
|
||||
nodes = append(nodes, node)
|
||||
}
|
||||
return nodes
|
||||
}
|
||||
|
||||
func (cfg *Config) nodeKey() (*ecdsa.PrivateKey, error) {
|
||||
// use explicit key from command line args if set
|
||||
if cfg.NodeKey != nil {
|
||||
|
@ -247,6 +293,7 @@ func New(config *Config) (*Ethereum, error) {
|
|||
NAT: config.NAT,
|
||||
NoDial: !config.Dial,
|
||||
BootstrapNodes: config.parseBootNodes(),
|
||||
TrustedNodes: config.parseTrustedNodes(),
|
||||
NodeDatabase: nodeDb,
|
||||
}
|
||||
if len(config.Port) > 0 {
|
||||
|
@ -442,12 +489,13 @@ func (s *Ethereum) StartForTest() {
|
|||
s.txPool.Start()
|
||||
}
|
||||
|
||||
func (self *Ethereum) SuggestPeer(nodeURL string) error {
|
||||
// TrustPeer injects a new node into the list of privileged nodes.
|
||||
func (self *Ethereum) TrustPeer(nodeURL string) error {
|
||||
n, err := discover.ParseNode(nodeURL)
|
||||
if err != nil {
|
||||
return fmt.Errorf("invalid node URL: %v", err)
|
||||
}
|
||||
self.net.SuggestPeer(n)
|
||||
self.net.TrustPeer(n)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ import (
|
|||
const (
|
||||
defaultDialTimeout = 10 * time.Second
|
||||
refreshPeersInterval = 30 * time.Second
|
||||
trustedPeerCheckInterval = 15 * time.Second
|
||||
|
||||
// This is the maximum number of inbound connection
|
||||
// that are allowed to linger between 'accepted' and
|
||||
|
@ -59,6 +60,10 @@ type Server struct {
|
|||
// with the rest of the network.
|
||||
BootstrapNodes []*discover.Node
|
||||
|
||||
// Trusted nodes are used as privileged connections which are always accepted
|
||||
// and also always maintained.
|
||||
TrustedNodes []*discover.Node
|
||||
|
||||
// NodeDatabase is the path to the database containing the previously seen
|
||||
// live nodes in the network.
|
||||
NodeDatabase string
|
||||
|
@ -99,13 +104,15 @@ type Server struct {
|
|||
running bool
|
||||
peers map[discover.NodeID]*Peer
|
||||
|
||||
trusts map[discover.NodeID]*discover.Node // Map of currently trusted remote nodes
|
||||
trustDial chan *discover.Node // Dial request channel reserved for the trusted nodes
|
||||
|
||||
ntab *discover.Table
|
||||
listener net.Listener
|
||||
|
||||
quit chan struct{}
|
||||
loopWG sync.WaitGroup // {dial,listen,nat}Loop
|
||||
peerWG sync.WaitGroup // active peer goroutines
|
||||
peerConnect chan *discover.Node
|
||||
}
|
||||
|
||||
type setupFunc func(net.Conn, *ecdsa.PrivateKey, *protoHandshake, *discover.Node, bool) (*conn, error)
|
||||
|
@ -131,10 +138,9 @@ func (srv *Server) PeerCount() int {
|
|||
return n
|
||||
}
|
||||
|
||||
// SuggestPeer creates a connection to the given Node if it
|
||||
// is not already connected.
|
||||
func (srv *Server) SuggestPeer(n *discover.Node) {
|
||||
srv.peerConnect <- n
|
||||
// TrustPeer inserts a node into the list of privileged nodes.
|
||||
func (srv *Server) TrustPeer(node *discover.Node) {
|
||||
srv.trustDial <- node
|
||||
}
|
||||
|
||||
// Broadcast sends an RLP-encoded message to all connected peers.
|
||||
|
@ -195,7 +201,14 @@ func (srv *Server) Start() (err error) {
|
|||
}
|
||||
srv.quit = make(chan struct{})
|
||||
srv.peers = make(map[discover.NodeID]*Peer)
|
||||
srv.peerConnect = make(chan *discover.Node)
|
||||
|
||||
// Create the current trust map, and the associated dialing channel
|
||||
srv.trusts = make(map[discover.NodeID]*discover.Node)
|
||||
for _, node := range srv.TrustedNodes {
|
||||
srv.trusts[node.ID] = node
|
||||
}
|
||||
srv.trustDial = make(chan *discover.Node)
|
||||
|
||||
if srv.setupFunc == nil {
|
||||
srv.setupFunc = setupConn
|
||||
}
|
||||
|
@ -229,6 +242,8 @@ func (srv *Server) Start() (err error) {
|
|||
if srv.NoDial && srv.ListenAddr == "" {
|
||||
glog.V(logger.Warn).Infoln("I will be kind-of useless, neither dialing nor listening.")
|
||||
}
|
||||
// maintain the trusted peers
|
||||
go srv.trustLoop()
|
||||
|
||||
srv.running = true
|
||||
return nil
|
||||
|
@ -323,6 +338,45 @@ func (srv *Server) listenLoop() {
|
|||
}
|
||||
}
|
||||
|
||||
// trustLoop is responsible for periodically checking that trusted connections
|
||||
// are actually live, and requests dialing if not.
|
||||
func (srv *Server) trustLoop() {
|
||||
// Create a ticker for verifying trusted connections
|
||||
tick := time.Tick(trustedPeerCheckInterval)
|
||||
|
||||
for {
|
||||
select {
|
||||
case <-srv.quit:
|
||||
// Termination requested, simple return
|
||||
return
|
||||
|
||||
case <-tick:
|
||||
// Collect all the non-connected trusted nodes
|
||||
needed := []*discover.Node{}
|
||||
srv.lock.RLock()
|
||||
for id, node := range srv.trusts {
|
||||
if _, ok := srv.peers[id]; !ok {
|
||||
needed = append(needed, node)
|
||||
}
|
||||
}
|
||||
srv.lock.RUnlock()
|
||||
|
||||
// Try to dial each of them (don't hang if server terminates)
|
||||
for _, node := range needed {
|
||||
glog.V(logger.Error).Infof("Dialing trusted peer %v", node)
|
||||
select {
|
||||
case srv.trustDial <- node:
|
||||
// Ok, dialing
|
||||
|
||||
case <-srv.quit:
|
||||
// Terminating, return
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (srv *Server) dialLoop() {
|
||||
var (
|
||||
dialed = make(chan *discover.Node)
|
||||
|
@ -373,7 +427,7 @@ func (srv *Server) dialLoop() {
|
|||
// below MaxPeers.
|
||||
refresh.Reset(refreshPeersInterval)
|
||||
}
|
||||
case dest := <-srv.peerConnect:
|
||||
case dest := <-srv.trustDial:
|
||||
dial(dest)
|
||||
case dests := <-findresults:
|
||||
for _, dest := range dests {
|
||||
|
@ -472,16 +526,26 @@ func (srv *Server) addPeer(id discover.NodeID, p *Peer) (bool, DiscReason) {
|
|||
return true, 0
|
||||
}
|
||||
|
||||
// checkPeer verifies whether a peer looks promising and should be allowed/kept
|
||||
// in the pool, or if it's of no use.
|
||||
func (srv *Server) checkPeer(id discover.NodeID) (bool, DiscReason) {
|
||||
// First up, figure out if the peer is trusted
|
||||
_, trusted := srv.trusts[id]
|
||||
|
||||
// Make sure the peer passes all required checks
|
||||
switch {
|
||||
case !srv.running:
|
||||
return false, DiscQuitting
|
||||
case len(srv.peers) >= srv.MaxPeers:
|
||||
|
||||
case !trusted && len(srv.peers) >= srv.MaxPeers:
|
||||
return false, DiscTooManyPeers
|
||||
|
||||
case srv.peers[id] != nil:
|
||||
return false, DiscAlreadyConnected
|
||||
|
||||
case id == srv.ntab.Self().ID:
|
||||
return false, DiscSelf
|
||||
|
||||
default:
|
||||
return true, 0
|
||||
}
|
||||
|
|
|
@ -102,7 +102,7 @@ func TestServerDial(t *testing.T) {
|
|||
|
||||
// tell the server to connect
|
||||
tcpAddr := listener.Addr().(*net.TCPAddr)
|
||||
srv.SuggestPeer(&discover.Node{IP: tcpAddr.IP, TCPPort: tcpAddr.Port})
|
||||
srv.trustDial <-&discover.Node{IP: tcpAddr.IP, TCPPort: tcpAddr.Port}
|
||||
|
||||
select {
|
||||
case conn := <-accepted:
|
||||
|
|
Loading…
Reference in New Issue