diff options
author | Felix Lange <fjl@twurst.com> | 2016-11-25 20:59:18 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-11-25 20:59:18 +0800 |
commit | d1a95c643eadd506f6ae85784d22c7823e411ee9 (patch) | |
tree | 7872593b296835e07a96d5bb40ddcd1f04849ea3 /cmd | |
parent | 9c3ea0d32d26957fd73ddf07e37d93091de596fd (diff) | |
parent | e5edd3b983189790391dca5b2ae4a0e460cb7f42 (diff) | |
download | go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.gz go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.bz2 go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.lz go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.xz go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.tar.zst go-tangerine-d1a95c643eadd506f6ae85784d22c7823e411ee9.zip |
Merge pull request #3325 from fjl/p2p-netrestrict
Prevent relay of invalid IPs, add --netrestrict
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/bootnode/main.go | 14 | ||||
-rw-r--r-- | cmd/bzzd/main.go | 1 | ||||
-rw-r--r-- | cmd/geth/main.go | 1 | ||||
-rw-r--r-- | cmd/utils/flags.go | 15 |
4 files changed, 29 insertions, 2 deletions
diff --git a/cmd/bootnode/main.go b/cmd/bootnode/main.go index abecac3d8..9b5ba1936 100644 --- a/cmd/bootnode/main.go +++ b/cmd/bootnode/main.go @@ -29,6 +29,7 @@ import ( "github.com/ethereum/go-ethereum/p2p/discover" "github.com/ethereum/go-ethereum/p2p/discv5" "github.com/ethereum/go-ethereum/p2p/nat" + "github.com/ethereum/go-ethereum/p2p/netutil" ) func main() { @@ -39,6 +40,7 @@ func main() { nodeKeyFile = flag.String("nodekey", "", "private key filename") nodeKeyHex = flag.String("nodekeyhex", "", "private key as hex (for testing)") natdesc = flag.String("nat", "none", "port mapping mechanism (any|none|upnp|pmp|extip:<IP>)") + netrestrict = flag.String("netrestrict", "", "restrict network communication to the given IP networks (CIDR masks)") runv5 = flag.Bool("v5", false, "run a v5 topic discovery bootnode") nodeKey *ecdsa.PrivateKey @@ -81,12 +83,20 @@ func main() { os.Exit(0) } + var restrictList *netutil.Netlist + if *netrestrict != "" { + restrictList, err = netutil.ParseNetlist(*netrestrict) + if err != nil { + utils.Fatalf("-netrestrict: %v", err) + } + } + if *runv5 { - if _, err := discv5.ListenUDP(nodeKey, *listenAddr, natm, ""); err != nil { + if _, err := discv5.ListenUDP(nodeKey, *listenAddr, natm, "", restrictList); err != nil { utils.Fatalf("%v", err) } } else { - if _, err := discover.ListenUDP(nodeKey, *listenAddr, natm, ""); err != nil { + if _, err := discover.ListenUDP(nodeKey, *listenAddr, natm, "", restrictList); err != nil { utils.Fatalf("%v", err) } } diff --git a/cmd/bzzd/main.go b/cmd/bzzd/main.go index b2f14a4a9..a3e87dc8a 100644 --- a/cmd/bzzd/main.go +++ b/cmd/bzzd/main.go @@ -96,6 +96,7 @@ func init() { utils.BootnodesFlag, utils.KeyStoreDirFlag, utils.ListenPortFlag, + utils.NetrestrictFlag, utils.MaxPeersFlag, utils.NATFlag, utils.NodeKeyFileFlag, diff --git a/cmd/geth/main.go b/cmd/geth/main.go index 13d771790..a275d8aa5 100644 --- a/cmd/geth/main.go +++ b/cmd/geth/main.go @@ -148,6 +148,7 @@ participating. utils.NatspecEnabledFlag, utils.NoDiscoverFlag, utils.DiscoveryV5Flag, + utils.NetrestrictFlag, utils.NodeKeyFileFlag, utils.NodeKeyHexFlag, utils.RPCEnabledFlag, diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go index 3bb625387..5c09e44ec 100644 --- a/cmd/utils/flags.go +++ b/cmd/utils/flags.go @@ -45,6 +45,7 @@ import ( "github.com/ethereum/go-ethereum/p2p/discover" "github.com/ethereum/go-ethereum/p2p/discv5" "github.com/ethereum/go-ethereum/p2p/nat" + "github.com/ethereum/go-ethereum/p2p/netutil" "github.com/ethereum/go-ethereum/params" "github.com/ethereum/go-ethereum/pow" "github.com/ethereum/go-ethereum/rpc" @@ -366,10 +367,16 @@ var ( Name: "v5disc", Usage: "Enables the experimental RLPx V5 (Topic Discovery) mechanism", } + NetrestrictFlag = cli.StringFlag{ + Name: "netrestrict", + Usage: "Restricts network communication to the given IP networks (CIDR masks)", + } + WhisperEnabledFlag = cli.BoolFlag{ Name: "shh", Usage: "Enable Whisper", } + // ATM the url is left to the user and deployment to JSpathFlag = cli.StringFlag{ Name: "jspath", @@ -693,6 +700,14 @@ func MakeNode(ctx *cli.Context, name, gitCommit string) *node.Node { config.MaxPeers = 0 config.ListenAddr = ":0" } + if netrestrict := ctx.GlobalString(NetrestrictFlag.Name); netrestrict != "" { + list, err := netutil.ParseNetlist(netrestrict) + if err != nil { + Fatalf("Option %q: %v", NetrestrictFlag.Name, err) + } + config.NetRestrict = list + } + stack, err := node.New(config) if err != nil { Fatalf("Failed to create the protocol stack: %v", err) |