aboutsummaryrefslogtreecommitdiffstats
path: root/cmd
diff options
context:
space:
mode:
authorFelix Lange <fjl@twurst.com>2016-11-25 20:59:18 +0800
committerGitHub <noreply@github.com>2016-11-25 20:59:18 +0800
commitd1a95c643eadd506f6ae85784d22c7823e411ee9 (patch)
tree7872593b296835e07a96d5bb40ddcd1f04849ea3 /cmd
parent9c3ea0d32d26957fd73ddf07e37d93091de596fd (diff)
parente5edd3b983189790391dca5b2ae4a0e460cb7f42 (diff)
downloadgo-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar
go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.gz
go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.bz2
go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.lz
go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.xz
go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.zst
go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.zip
Merge pull request #3325 from fjl/p2p-netrestrict
Prevent relay of invalid IPs, add --netrestrict
Diffstat (limited to 'cmd')
-rw-r--r--cmd/bootnode/main.go14
-rw-r--r--cmd/bzzd/main.go1
-rw-r--r--cmd/geth/main.go1
-rw-r--r--cmd/utils/flags.go15
4 files changed, 29 insertions, 2 deletions
diff --git a/cmd/bootnode/main.go b/cmd/bootnode/main.go
index abecac3d8..9b5ba1936 100644
--- a/cmd/bootnode/main.go
+++ b/cmd/bootnode/main.go
@@ -29,6 +29,7 @@ import (
"github.com/ethereum/go-ethereum/p2p/discover"
"github.com/ethereum/go-ethereum/p2p/discv5"
"github.com/ethereum/go-ethereum/p2p/nat"
+ "github.com/ethereum/go-ethereum/p2p/netutil"
)
func main() {
@@ -39,6 +40,7 @@ func main() {
nodeKeyFile = flag.String("nodekey", "", "private key filename")
nodeKeyHex = flag.String("nodekeyhex", "", "private key as hex (for testing)")
natdesc = flag.String("nat", "none", "port mapping mechanism (any|none|upnp|pmp|extip:<IP>)")
+ netrestrict = flag.String("netrestrict", "", "restrict network communication to the given IP networks (CIDR masks)")
runv5 = flag.Bool("v5", false, "run a v5 topic discovery bootnode")
nodeKey *ecdsa.PrivateKey
@@ -81,12 +83,20 @@ func main() {
os.Exit(0)
}
+ var restrictList *netutil.Netlist
+ if *netrestrict != "" {
+ restrictList, err = netutil.ParseNetlist(*netrestrict)
+ if err != nil {
+ utils.Fatalf("-netrestrict: %v", err)
+ }
+ }
+
if *runv5 {
- if _, err := discv5.ListenUDP(nodeKey, *listenAddr, natm, ""); err != nil {
+ if _, err := discv5.ListenUDP(nodeKey, *listenAddr, natm, "", restrictList); err != nil {
utils.Fatalf("%v", err)
}
} else {
- if _, err := discover.ListenUDP(nodeKey, *listenAddr, natm, ""); err != nil {
+ if _, err := discover.ListenUDP(nodeKey, *listenAddr, natm, "", restrictList); err != nil {
utils.Fatalf("%v", err)
}
}
diff --git a/cmd/bzzd/main.go b/cmd/bzzd/main.go
index b2f14a4a9..a3e87dc8a 100644
--- a/cmd/bzzd/main.go
+++ b/cmd/bzzd/main.go
@@ -96,6 +96,7 @@ func init() {
utils.BootnodesFlag,
utils.KeyStoreDirFlag,
utils.ListenPortFlag,
+ utils.NetrestrictFlag,
utils.MaxPeersFlag,
utils.NATFlag,
utils.NodeKeyFileFlag,
diff --git a/cmd/geth/main.go b/cmd/geth/main.go
index 13d771790..a275d8aa5 100644
--- a/cmd/geth/main.go
+++ b/cmd/geth/main.go
@@ -148,6 +148,7 @@ participating.
utils.NatspecEnabledFlag,
utils.NoDiscoverFlag,
utils.DiscoveryV5Flag,
+ utils.NetrestrictFlag,
utils.NodeKeyFileFlag,
utils.NodeKeyHexFlag,
utils.RPCEnabledFlag,
diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go
index 3bb625387..5c09e44ec 100644
--- a/cmd/utils/flags.go
+++ b/cmd/utils/flags.go
@@ -45,6 +45,7 @@ import (
"github.com/ethereum/go-ethereum/p2p/discover"
"github.com/ethereum/go-ethereum/p2p/discv5"
"github.com/ethereum/go-ethereum/p2p/nat"
+ "github.com/ethereum/go-ethereum/p2p/netutil"
"github.com/ethereum/go-ethereum/params"
"github.com/ethereum/go-ethereum/pow"
"github.com/ethereum/go-ethereum/rpc"
@@ -366,10 +367,16 @@ var (
Name: "v5disc",
Usage: "Enables the experimental RLPx V5 (Topic Discovery) mechanism",
}
+ NetrestrictFlag = cli.StringFlag{
+ Name: "netrestrict",
+ Usage: "Restricts network communication to the given IP networks (CIDR masks)",
+ }
+
WhisperEnabledFlag = cli.BoolFlag{
Name: "shh",
Usage: "Enable Whisper",
}
+
// ATM the url is left to the user and deployment to
JSpathFlag = cli.StringFlag{
Name: "jspath",
@@ -693,6 +700,14 @@ func MakeNode(ctx *cli.Context, name, gitCommit string) *node.Node {
config.MaxPeers = 0
config.ListenAddr = ":0"
}
+ if netrestrict := ctx.GlobalString(NetrestrictFlag.Name); netrestrict != "" {
+ list, err := netutil.ParseNetlist(netrestrict)
+ if err != nil {
+ Fatalf("Option %q: %v", NetrestrictFlag.Name, err)
+ }
+ config.NetRestrict = list
+ }
+
stack, err := node.New(config)
if err != nil {
Fatalf("Failed to create the protocol stack: %v", err)