diff options
| author | Felix Lange <fjl@twurst.com> | 2016-11-25 20:59:18 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-11-25 20:59:18 +0800 |
| commit | d1a95c643eadd506f6ae85784d22c7823e411ee9 (patch) | |
| tree | 7872593b296835e07a96d5bb40ddcd1f04849ea3 /p2p/discv5/udp.go | |
| parent | 9c3ea0d32d26957fd73ddf07e37d93091de596fd (diff) | |
| parent | e5edd3b983189790391dca5b2ae4a0e460cb7f42 (diff) | |
| download | dexon-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar dexon-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.gz dexon-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.bz2 dexon-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.lz dexon-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.xz dexon-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.zst dexon-d1a95c643eadd506f6ae85784d22c7823e411ee9.zip | |
Merge pull request #3325 from fjl/p2p-netrestrict
Prevent relay of invalid IPs, add --netrestrict
Diffstat (limited to 'p2p/discv5/udp.go')
| -rw-r--r-- | p2p/discv5/udp.go | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/p2p/discv5/udp.go b/p2p/discv5/udp.go index 46d3200bf..a6114e032 100644 --- a/p2p/discv5/udp.go +++ b/p2p/discv5/udp.go @@ -29,6 +29,7 @@ import ( "github.com/ethereum/go-ethereum/logger" "github.com/ethereum/go-ethereum/logger/glog" "github.com/ethereum/go-ethereum/p2p/nat" + "github.com/ethereum/go-ethereum/p2p/netutil" "github.com/ethereum/go-ethereum/rlp" ) @@ -198,8 +199,10 @@ func (e1 rpcEndpoint) equal(e2 rpcEndpoint) bool { return e1.UDP == e2.UDP && e1.TCP == e2.TCP && bytes.Equal(e1.IP, e2.IP) } -func nodeFromRPC(rn rpcNode) (*Node, error) { - // TODO: don't accept localhost, LAN addresses from internet hosts +func nodeFromRPC(sender *net.UDPAddr, rn rpcNode) (*Node, error) { + if err := netutil.CheckRelayIP(sender.IP, rn.IP); err != nil { + return nil, err + } n := NewNode(rn.ID, rn.IP, rn.UDP, rn.TCP) err := n.validateComplete() return n, err @@ -235,12 +238,12 @@ type udp struct { } // ListenUDP returns a new table that listens for UDP packets on laddr. -func ListenUDP(priv *ecdsa.PrivateKey, laddr string, natm nat.Interface, nodeDBPath string) (*Network, error) { +func ListenUDP(priv *ecdsa.PrivateKey, laddr string, natm nat.Interface, nodeDBPath string, netrestrict *netutil.Netlist) (*Network, error) { transport, err := listenUDP(priv, laddr) if err != nil { return nil, err } - net, err := newNetwork(transport, priv.PublicKey, natm, nodeDBPath) + net, err := newNetwork(transport, priv.PublicKey, natm, nodeDBPath, netrestrict) if err != nil { return nil, err } @@ -327,6 +330,9 @@ func (t *udp) sendTopicNodes(remote *Node, queryHash common.Hash, nodes []*Node) return } for i, result := range nodes { + if netutil.CheckRelayIP(remote.IP, result.IP) != nil { + continue + } p.Nodes = append(p.Nodes, nodeToRPC(result)) if len(p.Nodes) == maxTopicNodes || i == len(nodes)-1 { t.sendPacket(remote.ID, remote.addr(), byte(topicNodesPacket), p) @@ -385,7 +391,7 @@ func (t *udp) readLoop() { buf := make([]byte, 1280) for { nbytes, from, err := t.conn.ReadFromUDP(buf) - if isTemporaryError(err) { + if netutil.IsTemporaryError(err) { // Ignore temporary read errors. glog.V(logger.Debug).Infof("Temporary read error: %v", err) continue @@ -398,13 +404,6 @@ func (t *udp) readLoop() { } } -func isTemporaryError(err error) bool { - tempErr, ok := err.(interface { - Temporary() bool - }) - return ok && tempErr.Temporary() || isPacketTooBig(err) -} - func (t *udp) handlePacket(from *net.UDPAddr, buf []byte) error { pkt := ingressPacket{remoteAddr: from} if err := decodePacket(buf, &pkt); err != nil { |