diff options
author | Péter Szilágyi <peterke@gmail.com> | 2015-05-04 18:59:51 +0800 |
---|---|---|
committer | Péter Szilágyi <peterke@gmail.com> | 2015-05-04 18:59:51 +0800 |
commit | 4accc187d5cf6a100d6c10c0e0f35780f52871a0 (patch) | |
tree | a106654ceccede0c8bcd1fb9402c4eec16bbb6e8 | |
parent | 2382da4179fa290582523f598e1be78469cdf274 (diff) | |
download | dexon-4accc187d5cf6a100d6c10c0e0f35780f52871a0.tar dexon-4accc187d5cf6a100d6c10c0e0f35780f52871a0.tar.gz dexon-4accc187d5cf6a100d6c10c0e0f35780f52871a0.tar.bz2 dexon-4accc187d5cf6a100d6c10c0e0f35780f52871a0.tar.lz dexon-4accc187d5cf6a100d6c10c0e0f35780f52871a0.tar.xz dexon-4accc187d5cf6a100d6c10c0e0f35780f52871a0.tar.zst dexon-4accc187d5cf6a100d6c10c0e0f35780f52871a0.zip |
eth, p2p: add trusted node list beside static list
-rw-r--r-- | eth/backend.go | 24 | ||||
-rw-r--r-- | p2p/handshake.go | 14 | ||||
-rw-r--r-- | p2p/handshake_test.go | 4 | ||||
-rw-r--r-- | p2p/server.go | 32 | ||||
-rw-r--r-- | p2p/server_test.go | 36 |
5 files changed, 59 insertions, 51 deletions
diff --git a/eth/backend.go b/eth/backend.go index 8aecfba5b..983dd8e4f 100644 --- a/eth/backend.go +++ b/eth/backend.go @@ -41,8 +41,8 @@ var ( discover.MustParseNode("enode://487611428e6c99a11a9795a6abe7b529e81315ca6aad66e2a2fc76e3adf263faba0d35466c2f8f68d561dbefa8878d4df5f1f2ddb1fbeab7f42ffb8cd328bd4a@5.1.83.226:30303"), } - // Path within <datadir> to search for the static node list - staticNodes = "static-nodes.json" + staticNodes = "static-nodes.json" // Path within <datadir> to search for the static node list + trustedNodes = "trusted-nodes.json" // Path within <datadir> to search for the trusted node list ) type Config struct { @@ -102,23 +102,22 @@ func (cfg *Config) parseBootNodes() []*discover.Node { return ns } -// parseStaticNodes parses a list of discovery node URLs either given literally, -// or loaded from a .json file. -func (cfg *Config) parseStaticNodes() []*discover.Node { - // Short circuit if no static node config is present - path := filepath.Join(cfg.DataDir, staticNodes) +// parseNodes parses a list of discovery node URLs loaded from a .json file. +func (cfg *Config) parseNodes(file string) []*discover.Node { + // Short circuit if no node config is present + path := filepath.Join(cfg.DataDir, file) if _, err := os.Stat(path); err != nil { return nil } - // Load the static nodes from the config file + // Load the nodes from the config file blob, err := ioutil.ReadFile(path) if err != nil { - glog.V(logger.Error).Infof("Failed to access static nodes: %v", err) + glog.V(logger.Error).Infof("Failed to access nodes: %v", err) return nil } nodelist := []string{} if err := json.Unmarshal(blob, &nodelist); err != nil { - glog.V(logger.Error).Infof("Failed to load static nodes: %v", err) + glog.V(logger.Error).Infof("Failed to load nodes: %v", err) return nil } // Interpret the list as a discovery node array @@ -129,7 +128,7 @@ func (cfg *Config) parseStaticNodes() []*discover.Node { } node, err := discover.ParseNode(url) if err != nil { - glog.V(logger.Error).Infof("Static node URL %s: %v\n", url, err) + glog.V(logger.Error).Infof("Node URL %s: %v\n", url, err) continue } nodes = append(nodes, node) @@ -288,7 +287,8 @@ func New(config *Config) (*Ethereum, error) { NAT: config.NAT, NoDial: !config.Dial, BootstrapNodes: config.parseBootNodes(), - StaticNodes: config.parseStaticNodes(), + StaticNodes: config.parseNodes(staticNodes), + TrustedNodes: config.parseNodes(trustedNodes), NodeDatabase: nodeDb, } if len(config.Port) > 0 { diff --git a/p2p/handshake.go b/p2p/handshake.go index 79395f23f..8e611cfd5 100644 --- a/p2p/handshake.go +++ b/p2p/handshake.go @@ -70,21 +70,21 @@ type protoHandshake struct { // If dial is non-nil, the connection the local node is the initiator. // If atcap is true, the connection will be disconnected with DiscTooManyPeers // after the key exchange. -func setupConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, dial *discover.Node, atcap bool) (*conn, error) { +func setupConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, dial *discover.Node, atcap bool, trusted map[discover.NodeID]bool) (*conn, error) { if dial == nil { - return setupInboundConn(fd, prv, our, atcap) + return setupInboundConn(fd, prv, our, atcap, trusted) } else { - return setupOutboundConn(fd, prv, our, dial, atcap) + return setupOutboundConn(fd, prv, our, dial, atcap, trusted) } } -func setupInboundConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, atcap bool) (*conn, error) { +func setupInboundConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, atcap bool, trusted map[discover.NodeID]bool) (*conn, error) { secrets, err := receiverEncHandshake(fd, prv, nil) if err != nil { return nil, fmt.Errorf("encryption handshake failed: %v", err) } rw := newRlpxFrameRW(fd, secrets) - if atcap { + if atcap && !trusted[secrets.RemoteID] { SendItems(rw, discMsg, DiscTooManyPeers) return nil, errors.New("we have too many peers") } @@ -99,13 +99,13 @@ func setupInboundConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, a return &conn{rw, rhs}, nil } -func setupOutboundConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, dial *discover.Node, atcap bool) (*conn, error) { +func setupOutboundConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, dial *discover.Node, atcap bool, trusted map[discover.NodeID]bool) (*conn, error) { secrets, err := initiatorEncHandshake(fd, prv, dial.ID, nil) if err != nil { return nil, fmt.Errorf("encryption handshake failed: %v", err) } rw := newRlpxFrameRW(fd, secrets) - if atcap { + if atcap && !trusted[secrets.RemoteID] { SendItems(rw, discMsg, DiscTooManyPeers) return nil, errors.New("we have too many peers") } diff --git a/p2p/handshake_test.go b/p2p/handshake_test.go index c22af7a9c..5e63e5c39 100644 --- a/p2p/handshake_test.go +++ b/p2p/handshake_test.go @@ -143,7 +143,7 @@ func TestSetupConn(t *testing.T) { done := make(chan struct{}) go func() { defer close(done) - conn0, err := setupConn(fd0, prv0, hs0, node1, false) + conn0, err := setupConn(fd0, prv0, hs0, node1, false, nil) if err != nil { t.Errorf("outbound side error: %v", err) return @@ -156,7 +156,7 @@ func TestSetupConn(t *testing.T) { } }() - conn1, err := setupConn(fd1, prv1, hs1, nil, false) + conn1, err := setupConn(fd1, prv1, hs1, nil, false, nil) if err != nil { t.Fatalf("inbound side error: %v", err) } diff --git a/p2p/server.go b/p2p/server.go index 3099190b6..959d61284 100644 --- a/p2p/server.go +++ b/p2p/server.go @@ -64,6 +64,10 @@ type Server struct { // maintained and re-connected on disconnects. StaticNodes []*discover.Node + // Trusted nodes are used as pre-configured connections which are always + // allowed to connect, even above the peer limit. + TrustedNodes []*discover.Node + // NodeDatabase is the path to the database containing the previously seen // live nodes in the network. NodeDatabase string @@ -100,12 +104,13 @@ type Server struct { ourHandshake *protoHandshake - lock sync.RWMutex // protects running, peers and the trust fields - running bool - peers map[discover.NodeID]*Peer - staticNodes map[discover.NodeID]*discover.Node // Map of currently maintained static remote nodes - staticDial chan *discover.Node // Dial request channel reserved for the static nodes - staticCycle time.Duration // Overrides staticPeerCheckInterval, used for testing + lock sync.RWMutex // protects running, peers and the trust fields + running bool + peers map[discover.NodeID]*Peer + staticNodes map[discover.NodeID]*discover.Node // Map of currently maintained static remote nodes + staticDial chan *discover.Node // Dial request channel reserved for the static nodes + staticCycle time.Duration // Overrides staticPeerCheckInterval, used for testing + trustedNodes map[discover.NodeID]bool // Set of currently trusted remote nodes ntab *discover.Table listener net.Listener @@ -115,7 +120,7 @@ type Server struct { peerWG sync.WaitGroup // active peer goroutines } -type setupFunc func(net.Conn, *ecdsa.PrivateKey, *protoHandshake, *discover.Node, bool) (*conn, error) +type setupFunc func(net.Conn, *ecdsa.PrivateKey, *protoHandshake, *discover.Node, bool, map[discover.NodeID]bool) (*conn, error) type newPeerHook func(*Peer) // Peers returns all connected peers. @@ -207,7 +212,11 @@ func (srv *Server) Start() (err error) { srv.quit = make(chan struct{}) srv.peers = make(map[discover.NodeID]*Peer) - // Create the current trust map, and the associated dialing channel + // Create the current trust maps, and the associated dialing channel + srv.trustedNodes = make(map[discover.NodeID]bool) + for _, node := range srv.TrustedNodes { + srv.trustedNodes[node.ID] = true + } srv.staticNodes = make(map[discover.NodeID]*discover.Node) for _, node := range srv.StaticNodes { srv.staticNodes[node.ID] = node @@ -486,7 +495,7 @@ func (srv *Server) startPeer(fd net.Conn, dest *discover.Node) { } srv.lock.RUnlock() - conn, err := srv.setupFunc(fd, srv.PrivateKey, srv.ourHandshake, dest, atcap) + conn, err := srv.setupFunc(fd, srv.PrivateKey, srv.ourHandshake, dest, atcap, srv.trustedNodes) if err != nil { fd.Close() glog.V(logger.Debug).Infof("Handshake with %v failed: %v", fd.RemoteAddr(), err) @@ -542,14 +551,15 @@ func (srv *Server) addPeer(id discover.NodeID, p *Peer) (bool, DiscReason) { // checkPeer verifies whether a peer looks promising and should be allowed/kept // in the pool, or if it's of no use. func (srv *Server) checkPeer(id discover.NodeID) (bool, DiscReason) { - // First up, figure out if the peer is static + // First up, figure out if the peer is static or trusted _, static := srv.staticNodes[id] + trusted := srv.trustedNodes[id] // Make sure the peer passes all required checks switch { case !srv.running: return false, DiscQuitting - case !static && len(srv.peers) >= srv.MaxPeers: + case !static && !trusted && len(srv.peers) >= srv.MaxPeers: return false, DiscTooManyPeers case srv.peers[id] != nil: return false, DiscAlreadyConnected diff --git a/p2p/server_test.go b/p2p/server_test.go index 606fa9386..5ee9c5ceb 100644 --- a/p2p/server_test.go +++ b/p2p/server_test.go @@ -22,7 +22,7 @@ func startTestServer(t *testing.T, pf newPeerHook) *Server { ListenAddr: "127.0.0.1:0", PrivateKey: newkey(), newPeerHook: pf, - setupFunc: func(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, dial *discover.Node, atcap bool) (*conn, error) { + setupFunc: func(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, dial *discover.Node, atcap bool, trusted map[discover.NodeID]bool) (*conn, error) { id := randomID() rw := newRlpxFrameRW(fd, secrets{ MAC: zero16, @@ -200,7 +200,7 @@ func TestServerDisconnectAtCap(t *testing.T) { // Run the handshakes just like a real peer would. key := newkey() hs := &protoHandshake{Version: baseProtocolVersion, ID: discover.PubkeyID(&key.PublicKey)} - _, err = setupConn(conn, key, hs, srv.Self(), false) + _, err = setupConn(conn, key, hs, srv.Self(), false, srv.trustedNodes) if i == nconns-1 { // When handling the last connection, the server should // disconnect immediately instead of running the protocol @@ -250,7 +250,7 @@ func TestServerStaticPeers(t *testing.T) { // Run the handshakes just like a real peer would, and wait for completion key := newkey() shake := &protoHandshake{Version: baseProtocolVersion, ID: discover.PubkeyID(&key.PublicKey)} - if _, err = setupConn(conn, key, shake, server.Self(), false); err != nil { + if _, err = setupConn(conn, key, shake, server.Self(), false, server.trustedNodes); err != nil { t.Fatalf("conn %d: unexpected error: %v", i, err) } <-started @@ -307,19 +307,24 @@ func TestServerStaticPeers(t *testing.T) { } } -/* // Tests that trusted peers and can connect above max peer caps. func TestServerTrustedPeers(t *testing.T) { defer testlog(t).detach() + // Create a trusted peer to accept connections from + key := newkey() + trusted := &discover.Node{ + ID: discover.PubkeyID(&key.PublicKey), + } // Create a test server with limited connection slots started := make(chan *Peer) server := &Server{ - ListenAddr: "127.0.0.1:0", - PrivateKey: newkey(), - MaxPeers: 3, - NoDial: true, - newPeerHook: func(p *Peer) { started <- p }, + ListenAddr: "127.0.0.1:0", + PrivateKey: newkey(), + MaxPeers: 3, + NoDial: true, + TrustedNodes: []*discover.Node{trusted}, + newPeerHook: func(p *Peer) { started <- p }, } if err := server.Start(); err != nil { t.Fatal(err) @@ -339,18 +344,12 @@ func TestServerTrustedPeers(t *testing.T) { // Run the handshakes just like a real peer would, and wait for completion key := newkey() shake := &protoHandshake{Version: baseProtocolVersion, ID: discover.PubkeyID(&key.PublicKey)} - if _, err = setupConn(conn, key, shake, server.Self(), false); err != nil { + if _, err = setupConn(conn, key, shake, server.Self(), false, server.trustedNodes); err != nil { t.Fatalf("conn %d: unexpected error: %v", i, err) } <-started } - // Inject a trusted node and dial that (we'll connect from this end, don't need IP setup) - key := newkey() - trusted := &discover.Node{ - ID: discover.PubkeyID(&key.PublicKey), - } - server.AddPeer(trusted) - + // Dial from the trusted peer, ensure connection is accepted conn, err := dialer.Dial("tcp", server.ListenAddr) if err != nil { t.Fatalf("trusted node: dial error: %v", err) @@ -358,7 +357,7 @@ func TestServerTrustedPeers(t *testing.T) { defer conn.Close() shake := &protoHandshake{Version: baseProtocolVersion, ID: trusted.ID} - if _, err = setupConn(conn, key, shake, server.Self(), false); err != nil { + if _, err = setupConn(conn, key, shake, server.Self(), false, server.trustedNodes); err != nil { t.Fatalf("trusted node: unexpected error: %v", err) } select { @@ -369,7 +368,6 @@ func TestServerTrustedPeers(t *testing.T) { t.Fatalf("trusted node timeout") } } -*/ func newkey() *ecdsa.PrivateKey { key, err := crypto.GenerateKey() |