aboutsummaryrefslogtreecommitdiffstats
path: root/p2p/discv5
diff options
context:
space:
mode:
authorFelix Lange <fjl@twurst.com>2016-11-23 03:51:59 +0800
committerFelix Lange <fjl@twurst.com>2016-11-23 05:21:18 +0800
commita47341cf96498332e2f0f67c1a6456c67831a5d0 (patch)
tree92e3c89aa1060e210cc288a68dddaa24be161181 /p2p/discv5
parente46bda50935cfad5bfc51130e4ea802f518917e7 (diff)
downloadgo-tangerine-a47341cf96498332e2f0f67c1a6456c67831a5d0.tar.gz
go-tangerine-a47341cf96498332e2f0f67c1a6456c67831a5d0.tar.zst
go-tangerine-a47341cf96498332e2f0f67c1a6456c67831a5d0.zip
p2p, p2p/discover, p2p/discv5: add IP network restriction feature
The p2p packages can now be configured to restrict all communication to a certain subset of IP networks. This feature is meant to be used for private networks.
Diffstat (limited to 'p2p/discv5')
-rw-r--r--p2p/discv5/net.go12
-rw-r--r--p2p/discv5/net_test.go2
-rw-r--r--p2p/discv5/sim_test.go2
-rw-r--r--p2p/discv5/udp.go4
4 files changed, 13 insertions, 7 deletions
diff --git a/p2p/discv5/net.go b/p2p/discv5/net.go
index b7e4a0bee..d1c48904e 100644
--- a/p2p/discv5/net.go
+++ b/p2p/discv5/net.go
@@ -31,6 +31,7 @@ import (
"github.com/ethereum/go-ethereum/logger"
"github.com/ethereum/go-ethereum/logger/glog"
"github.com/ethereum/go-ethereum/p2p/nat"
+ "github.com/ethereum/go-ethereum/p2p/netutil"
"github.com/ethereum/go-ethereum/rlp"
)
@@ -63,8 +64,9 @@ func debugLog(s string) {
// Network manages the table and all protocol interaction.
type Network struct {
- db *nodeDB // database of known nodes
- conn transport
+ db *nodeDB // database of known nodes
+ conn transport
+ netrestrict *netutil.Netlist
closed chan struct{} // closed when loop is done
closeReq chan struct{} // 'request to close'
@@ -133,7 +135,7 @@ type timeoutEvent struct {
node *Node
}
-func newNetwork(conn transport, ourPubkey ecdsa.PublicKey, natm nat.Interface, dbPath string) (*Network, error) {
+func newNetwork(conn transport, ourPubkey ecdsa.PublicKey, natm nat.Interface, dbPath string, netrestrict *netutil.Netlist) (*Network, error) {
ourID := PubkeyID(&ourPubkey)
var db *nodeDB
@@ -148,6 +150,7 @@ func newNetwork(conn transport, ourPubkey ecdsa.PublicKey, natm nat.Interface, d
net := &Network{
db: db,
conn: conn,
+ netrestrict: netrestrict,
tab: tab,
topictab: newTopicTable(db, tab.self),
ticketStore: newTicketStore(),
@@ -696,6 +699,9 @@ func (net *Network) internNodeFromNeighbours(sender *net.UDPAddr, rn rpcNode) (n
if n == nil {
// We haven't seen this node before.
n, err = nodeFromRPC(sender, rn)
+ if net.netrestrict != nil && !net.netrestrict.Contains(n.IP) {
+ return n, errors.New("not contained in netrestrict whitelist")
+ }
if err == nil {
n.state = unknown
net.nodes[n.ID] = n
diff --git a/p2p/discv5/net_test.go b/p2p/discv5/net_test.go
index c8d2558f1..327457c7c 100644
--- a/p2p/discv5/net_test.go
+++ b/p2p/discv5/net_test.go
@@ -28,7 +28,7 @@ import (
func TestNetwork_Lookup(t *testing.T) {
key, _ := crypto.GenerateKey()
- network, err := newNetwork(lookupTestnet, key.PublicKey, nil, "")
+ network, err := newNetwork(lookupTestnet, key.PublicKey, nil, "", nil)
if err != nil {
t.Fatal(err)
}
diff --git a/p2p/discv5/sim_test.go b/p2p/discv5/sim_test.go
index 2e232fbaa..cb64d7fa0 100644
--- a/p2p/discv5/sim_test.go
+++ b/p2p/discv5/sim_test.go
@@ -290,7 +290,7 @@ func (s *simulation) launchNode(log bool) *Network {
addr := &net.UDPAddr{IP: ip, Port: 30303}
transport := &simTransport{joinTime: time.Now(), sender: id, senderAddr: addr, sim: s, priv: key}
- net, err := newNetwork(transport, key.PublicKey, nil, "<no database>")
+ net, err := newNetwork(transport, key.PublicKey, nil, "<no database>", nil)
if err != nil {
panic("cannot launch new node: " + err.Error())
}
diff --git a/p2p/discv5/udp.go b/p2p/discv5/udp.go
index 396f438a2..a6114e032 100644
--- a/p2p/discv5/udp.go
+++ b/p2p/discv5/udp.go
@@ -238,12 +238,12 @@ type udp struct {
}
// ListenUDP returns a new table that listens for UDP packets on laddr.
-func ListenUDP(priv *ecdsa.PrivateKey, laddr string, natm nat.Interface, nodeDBPath string) (*Network, error) {
+func ListenUDP(priv *ecdsa.PrivateKey, laddr string, natm nat.Interface, nodeDBPath string, netrestrict *netutil.Netlist) (*Network, error) {
transport, err := listenUDP(priv, laddr)
if err != nil {
return nil, err
}
- net, err := newNetwork(transport, priv.PublicKey, natm, nodeDBPath)
+ net, err := newNetwork(transport, priv.PublicKey, natm, nodeDBPath, netrestrict)
if err != nil {
return nil, err
}