cmd/bootnode, cmd/geth, cmd/bzzd: add --netrestrict
This commit is contained in:
parent
a47341cf96
commit
e5edd3b983
@ -29,6 +29,7 @@ import (
|
|||||||
"github.com/ethereum/go-ethereum/p2p/discover"
|
"github.com/ethereum/go-ethereum/p2p/discover"
|
||||||
"github.com/ethereum/go-ethereum/p2p/discv5"
|
"github.com/ethereum/go-ethereum/p2p/discv5"
|
||||||
"github.com/ethereum/go-ethereum/p2p/nat"
|
"github.com/ethereum/go-ethereum/p2p/nat"
|
||||||
|
"github.com/ethereum/go-ethereum/p2p/netutil"
|
||||||
)
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
@ -39,6 +40,7 @@ func main() {
|
|||||||
nodeKeyFile = flag.String("nodekey", "", "private key filename")
|
nodeKeyFile = flag.String("nodekey", "", "private key filename")
|
||||||
nodeKeyHex = flag.String("nodekeyhex", "", "private key as hex (for testing)")
|
nodeKeyHex = flag.String("nodekeyhex", "", "private key as hex (for testing)")
|
||||||
natdesc = flag.String("nat", "none", "port mapping mechanism (any|none|upnp|pmp|extip:<IP>)")
|
natdesc = flag.String("nat", "none", "port mapping mechanism (any|none|upnp|pmp|extip:<IP>)")
|
||||||
|
netrestrict = flag.String("netrestrict", "", "restrict network communication to the given IP networks (CIDR masks)")
|
||||||
runv5 = flag.Bool("v5", false, "run a v5 topic discovery bootnode")
|
runv5 = flag.Bool("v5", false, "run a v5 topic discovery bootnode")
|
||||||
|
|
||||||
nodeKey *ecdsa.PrivateKey
|
nodeKey *ecdsa.PrivateKey
|
||||||
@ -81,12 +83,20 @@ func main() {
|
|||||||
os.Exit(0)
|
os.Exit(0)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var restrictList *netutil.Netlist
|
||||||
|
if *netrestrict != "" {
|
||||||
|
restrictList, err = netutil.ParseNetlist(*netrestrict)
|
||||||
|
if err != nil {
|
||||||
|
utils.Fatalf("-netrestrict: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if *runv5 {
|
if *runv5 {
|
||||||
if _, err := discv5.ListenUDP(nodeKey, *listenAddr, natm, ""); err != nil {
|
if _, err := discv5.ListenUDP(nodeKey, *listenAddr, natm, "", restrictList); err != nil {
|
||||||
utils.Fatalf("%v", err)
|
utils.Fatalf("%v", err)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if _, err := discover.ListenUDP(nodeKey, *listenAddr, natm, ""); err != nil {
|
if _, err := discover.ListenUDP(nodeKey, *listenAddr, natm, "", restrictList); err != nil {
|
||||||
utils.Fatalf("%v", err)
|
utils.Fatalf("%v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -96,6 +96,7 @@ func init() {
|
|||||||
utils.BootnodesFlag,
|
utils.BootnodesFlag,
|
||||||
utils.KeyStoreDirFlag,
|
utils.KeyStoreDirFlag,
|
||||||
utils.ListenPortFlag,
|
utils.ListenPortFlag,
|
||||||
|
utils.NetrestrictFlag,
|
||||||
utils.MaxPeersFlag,
|
utils.MaxPeersFlag,
|
||||||
utils.NATFlag,
|
utils.NATFlag,
|
||||||
utils.NodeKeyFileFlag,
|
utils.NodeKeyFileFlag,
|
||||||
|
@ -149,6 +149,7 @@ participating.
|
|||||||
utils.NatspecEnabledFlag,
|
utils.NatspecEnabledFlag,
|
||||||
utils.NoDiscoverFlag,
|
utils.NoDiscoverFlag,
|
||||||
utils.DiscoveryV5Flag,
|
utils.DiscoveryV5Flag,
|
||||||
|
utils.NetrestrictFlag,
|
||||||
utils.NodeKeyFileFlag,
|
utils.NodeKeyFileFlag,
|
||||||
utils.NodeKeyHexFlag,
|
utils.NodeKeyHexFlag,
|
||||||
utils.RPCEnabledFlag,
|
utils.RPCEnabledFlag,
|
||||||
|
@ -46,6 +46,7 @@ import (
|
|||||||
"github.com/ethereum/go-ethereum/p2p/discover"
|
"github.com/ethereum/go-ethereum/p2p/discover"
|
||||||
"github.com/ethereum/go-ethereum/p2p/discv5"
|
"github.com/ethereum/go-ethereum/p2p/discv5"
|
||||||
"github.com/ethereum/go-ethereum/p2p/nat"
|
"github.com/ethereum/go-ethereum/p2p/nat"
|
||||||
|
"github.com/ethereum/go-ethereum/p2p/netutil"
|
||||||
"github.com/ethereum/go-ethereum/params"
|
"github.com/ethereum/go-ethereum/params"
|
||||||
"github.com/ethereum/go-ethereum/pow"
|
"github.com/ethereum/go-ethereum/pow"
|
||||||
"github.com/ethereum/go-ethereum/rpc"
|
"github.com/ethereum/go-ethereum/rpc"
|
||||||
@ -367,10 +368,16 @@ var (
|
|||||||
Name: "v5disc",
|
Name: "v5disc",
|
||||||
Usage: "Enables the experimental RLPx V5 (Topic Discovery) mechanism",
|
Usage: "Enables the experimental RLPx V5 (Topic Discovery) mechanism",
|
||||||
}
|
}
|
||||||
|
NetrestrictFlag = cli.StringFlag{
|
||||||
|
Name: "netrestrict",
|
||||||
|
Usage: "Restricts network communication to the given IP networks (CIDR masks)",
|
||||||
|
}
|
||||||
|
|
||||||
WhisperEnabledFlag = cli.BoolFlag{
|
WhisperEnabledFlag = cli.BoolFlag{
|
||||||
Name: "shh",
|
Name: "shh",
|
||||||
Usage: "Enable Whisper",
|
Usage: "Enable Whisper",
|
||||||
}
|
}
|
||||||
|
|
||||||
// ATM the url is left to the user and deployment to
|
// ATM the url is left to the user and deployment to
|
||||||
JSpathFlag = cli.StringFlag{
|
JSpathFlag = cli.StringFlag{
|
||||||
Name: "jspath",
|
Name: "jspath",
|
||||||
@ -694,6 +701,14 @@ func MakeNode(ctx *cli.Context, name, gitCommit string) *node.Node {
|
|||||||
config.MaxPeers = 0
|
config.MaxPeers = 0
|
||||||
config.ListenAddr = ":0"
|
config.ListenAddr = ":0"
|
||||||
}
|
}
|
||||||
|
if netrestrict := ctx.GlobalString(NetrestrictFlag.Name); netrestrict != "" {
|
||||||
|
list, err := netutil.ParseNetlist(netrestrict)
|
||||||
|
if err != nil {
|
||||||
|
Fatalf("Option %q: %v", NetrestrictFlag.Name, err)
|
||||||
|
}
|
||||||
|
config.NetRestrict = list
|
||||||
|
}
|
||||||
|
|
||||||
stack, err := node.New(config)
|
stack, err := node.New(config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
Fatalf("Failed to create the protocol stack: %v", err)
|
Fatalf("Failed to create the protocol stack: %v", err)
|
||||||
|
@ -34,6 +34,7 @@ import (
|
|||||||
"github.com/ethereum/go-ethereum/p2p/discover"
|
"github.com/ethereum/go-ethereum/p2p/discover"
|
||||||
"github.com/ethereum/go-ethereum/p2p/discv5"
|
"github.com/ethereum/go-ethereum/p2p/discv5"
|
||||||
"github.com/ethereum/go-ethereum/p2p/nat"
|
"github.com/ethereum/go-ethereum/p2p/nat"
|
||||||
|
"github.com/ethereum/go-ethereum/p2p/netutil"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -103,6 +104,10 @@ type Config struct {
|
|||||||
// Listener address for the V5 discovery protocol UDP traffic.
|
// Listener address for the V5 discovery protocol UDP traffic.
|
||||||
DiscoveryV5Addr string
|
DiscoveryV5Addr string
|
||||||
|
|
||||||
|
// Restrict communication to white listed IP networks.
|
||||||
|
// The whitelist only applies when non-nil.
|
||||||
|
NetRestrict *netutil.Netlist
|
||||||
|
|
||||||
// BootstrapNodes used to establish connectivity with the rest of the network.
|
// BootstrapNodes used to establish connectivity with the rest of the network.
|
||||||
BootstrapNodes []*discover.Node
|
BootstrapNodes []*discover.Node
|
||||||
|
|
||||||
|
@ -165,6 +165,7 @@ func (n *Node) Start() error {
|
|||||||
TrustedNodes: n.config.TrusterNodes(),
|
TrustedNodes: n.config.TrusterNodes(),
|
||||||
NodeDatabase: n.config.NodeDB(),
|
NodeDatabase: n.config.NodeDB(),
|
||||||
ListenAddr: n.config.ListenAddr,
|
ListenAddr: n.config.ListenAddr,
|
||||||
|
NetRestrict: n.config.NetRestrict,
|
||||||
NAT: n.config.NAT,
|
NAT: n.config.NAT,
|
||||||
Dialer: n.config.Dialer,
|
Dialer: n.config.Dialer,
|
||||||
NoDial: n.config.NoDial,
|
NoDial: n.config.NoDial,
|
||||||
|
Loading…
Reference in New Issue
Block a user