Merge pull request #8021 from filecoin-project/willscott/net-protect-api

add net protect api methods
2022-02-03 17:54:33 -05:00 · 2022-02-03 17:54:33 -05:00 · f4af6b670c
commit f4af6b670c
parent 6ef0c382c3 7247f8e41f
12 changed files with 322 additions and 21 deletions
--- a/api/api_net.go
+++ b/api/api_net.go
@ -51,6 +51,10 @@ type Net interface {
 	NetBlockRemove(ctx context.Context, acl NetBlockList) error //perm:admin
 	NetBlockList(ctx context.Context) (NetBlockList, error)     //perm:read

+	NetProtectAdd(ctx context.Context, acl []peer.ID) error    //perm:admin
+	NetProtectRemove(ctx context.Context, acl []peer.ID) error //perm:admin
+	NetProtectList(ctx context.Context) ([]peer.ID, error)     //perm:read
+
 	// ResourceManager API
 	NetStat(ctx context.Context, scope string) (NetStat, error)          //perm:read
 	NetLimit(ctx context.Context, scope string) (NetLimit, error)        //perm:read
--- a/api/mocks/mock_full.go
+++ b/api/mocks/mock_full.go
@ -1856,6 +1856,49 @@ func (mr *MockFullNodeMockRecorder) NetPeers(arg0 interface{}) *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NetPeers", reflect.TypeOf((*MockFullNode)(nil).NetPeers), arg0)
 }

+// NetProtectAdd mocks base method.
+func (m *MockFullNode) NetProtectAdd(arg0 context.Context, arg1 []peer.ID) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "NetProtectAdd", arg0, arg1)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// NetProtectAdd indicates an expected call of NetProtectAdd.
+func (mr *MockFullNodeMockRecorder) NetProtectAdd(arg0, arg1 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NetProtectAdd", reflect.TypeOf((*MockFullNode)(nil).NetProtectAdd), arg0, arg1)
+}
+
+// NetProtectList mocks base method.
+func (m *MockFullNode) NetProtectList(arg0 context.Context) ([]peer.ID, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "NetProtectList", arg0)
+	ret0, _ := ret[0].([]peer.ID)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// NetProtectList indicates an expected call of NetProtectList.
+func (mr *MockFullNodeMockRecorder) NetProtectList(arg0 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NetProtectList", reflect.TypeOf((*MockFullNode)(nil).NetProtectList), arg0)
+}
+
+// NetProtectRemove mocks base method.
+func (m *MockFullNode) NetProtectRemove(arg0 context.Context, arg1 []peer.ID) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "NetProtectRemove", arg0, arg1)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// NetProtectRemove indicates an expected call of NetProtectRemove.
+func (mr *MockFullNodeMockRecorder) NetProtectRemove(arg0, arg1 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NetProtectRemove", reflect.TypeOf((*MockFullNode)(nil).NetProtectRemove), arg0, arg1)
+}
+
 // NetPubsubScores mocks base method.
 func (m *MockFullNode) NetPubsubScores(arg0 context.Context) ([]api.PubsubScore, error) {
 	m.ctrl.T.Helper()
--- a/api/proxy_gen.go
+++ b/api/proxy_gen.go
@ -593,6 +593,12 @@ type NetStruct struct {

 		NetPeers func(p0 context.Context) ([]peer.AddrInfo, error) `perm:"read"`

+		NetProtectAdd func(p0 context.Context, p1 []peer.ID) error `perm:"admin"`
+
+		NetProtectList func(p0 context.Context) ([]peer.ID, error) `perm:"read"`
+
+		NetProtectRemove func(p0 context.Context, p1 []peer.ID) error `perm:"admin"`
+
 		NetPubsubScores func(p0 context.Context) ([]PubsubScore, error) `perm:"read"`

 		NetSetLimit func(p0 context.Context, p1 string, p2 NetLimit) error `perm:"admin"`
@ -3672,6 +3678,39 @@ func (s *NetStub) NetPeers(p0 context.Context) ([]peer.AddrInfo, error) {
 	return *new([]peer.AddrInfo), ErrNotSupported
 }

+func (s *NetStruct) NetProtectAdd(p0 context.Context, p1 []peer.ID) error {
+	if s.Internal.NetProtectAdd == nil {
+		return ErrNotSupported
+	}
+	return s.Internal.NetProtectAdd(p0, p1)
+}
+
+func (s *NetStub) NetProtectAdd(p0 context.Context, p1 []peer.ID) error {
+	return ErrNotSupported
+}
+
+func (s *NetStruct) NetProtectList(p0 context.Context) ([]peer.ID, error) {
+	if s.Internal.NetProtectList == nil {
+		return *new([]peer.ID), ErrNotSupported
+	}
+	return s.Internal.NetProtectList(p0)
+}
+
+func (s *NetStub) NetProtectList(p0 context.Context) ([]peer.ID, error) {
+	return *new([]peer.ID), ErrNotSupported
+}
+
+func (s *NetStruct) NetProtectRemove(p0 context.Context, p1 []peer.ID) error {
+	if s.Internal.NetProtectRemove == nil {
+		return ErrNotSupported
+	}
+	return s.Internal.NetProtectRemove(p0, p1)
+}
+
+func (s *NetStub) NetProtectRemove(p0 context.Context, p1 []peer.ID) error {
+	return ErrNotSupported
+}
+
 func (s *NetStruct) NetPubsubScores(p0 context.Context) ([]PubsubScore, error) {
 	if s.Internal.NetPubsubScores == nil {
 		return *new([]PubsubScore), ErrNotSupported
--- a/api/v0api/v0mocks/mock_full.go
+++ b/api/v0api/v0mocks/mock_full.go
@ -1769,6 +1769,49 @@ func (mr *MockFullNodeMockRecorder) NetPeers(arg0 interface{}) *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NetPeers", reflect.TypeOf((*MockFullNode)(nil).NetPeers), arg0)
 }

+// NetProtectAdd mocks base method.
+func (m *MockFullNode) NetProtectAdd(arg0 context.Context, arg1 []peer.ID) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "NetProtectAdd", arg0, arg1)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// NetProtectAdd indicates an expected call of NetProtectAdd.
+func (mr *MockFullNodeMockRecorder) NetProtectAdd(arg0, arg1 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NetProtectAdd", reflect.TypeOf((*MockFullNode)(nil).NetProtectAdd), arg0, arg1)
+}
+
+// NetProtectList mocks base method.
+func (m *MockFullNode) NetProtectList(arg0 context.Context) ([]peer.ID, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "NetProtectList", arg0)
+	ret0, _ := ret[0].([]peer.ID)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// NetProtectList indicates an expected call of NetProtectList.
+func (mr *MockFullNodeMockRecorder) NetProtectList(arg0 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NetProtectList", reflect.TypeOf((*MockFullNode)(nil).NetProtectList), arg0)
+}
+
+// NetProtectRemove mocks base method.
+func (m *MockFullNode) NetProtectRemove(arg0 context.Context, arg1 []peer.ID) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "NetProtectRemove", arg0, arg1)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// NetProtectRemove indicates an expected call of NetProtectRemove.
+func (mr *MockFullNodeMockRecorder) NetProtectRemove(arg0, arg1 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NetProtectRemove", reflect.TypeOf((*MockFullNode)(nil).NetProtectRemove), arg0, arg1)
+}
+
 // NetPubsubScores mocks base method.
 func (m *MockFullNode) NetPubsubScores(arg0 context.Context) ([]api.PubsubScore, error) {
 	m.ctrl.T.Helper()
--- a/build/openrpc/full.json.gz
+++ b/build/openrpc/full.json.gz
--- a/build/openrpc/miner.json.gz
+++ b/build/openrpc/miner.json.gz
--- a/build/openrpc/worker.json.gz
+++ b/build/openrpc/worker.json.gz
--- a/documentation/en/api-v0-methods-miner.md
+++ b/documentation/en/api-v0-methods-miner.md
@ -89,6 +89,9 @@
  * [NetLimit](#NetLimit)
  * [NetPeerInfo](#NetPeerInfo)
  * [NetPeers](#NetPeers)
+  * [NetProtectAdd](#NetProtectAdd)
+  * [NetProtectList](#NetProtectList)
+  * [NetProtectRemove](#NetProtectRemove)
  * [NetPubsubScores](#NetPubsubScores)
  * [NetSetLimit](#NetSetLimit)
  * [NetStat](#NetStat)
@ -1854,6 +1857,52 @@ Response:
 ]
 ```

+### NetProtectAdd
+
+
+Perms: admin
+
+Inputs:
+```json
+[
+  [
+    "12D3KooWGzxzKZYveHXtpG6AsrUJBcWxHBFS2HsEoGTxrMLvKXtf"
+  ]
+]
+```
+
+Response: `{}`
+
+### NetProtectList
+
+
+Perms: read
+
+Inputs: `null`
+
+Response:
+```json
+[
+  "12D3KooWGzxzKZYveHXtpG6AsrUJBcWxHBFS2HsEoGTxrMLvKXtf"
+]
+```
+
+### NetProtectRemove
+
+
+Perms: admin
+
+Inputs:
+```json
+[
+  [
+    "12D3KooWGzxzKZYveHXtpG6AsrUJBcWxHBFS2HsEoGTxrMLvKXtf"
+  ]
+]
+```
+
+Response: `{}`
+
 ### NetPubsubScores


--- a/documentation/en/api-v0-methods.md
+++ b/documentation/en/api-v0-methods.md
@ -131,6 +131,9 @@
  * [NetLimit](#NetLimit)
  * [NetPeerInfo](#NetPeerInfo)
  * [NetPeers](#NetPeers)
+  * [NetProtectAdd](#NetProtectAdd)
+  * [NetProtectList](#NetProtectList)
+  * [NetProtectRemove](#NetProtectRemove)
  * [NetPubsubScores](#NetPubsubScores)
  * [NetSetLimit](#NetSetLimit)
  * [NetStat](#NetStat)
@ -3905,6 +3908,52 @@ Response:
 ]
 ```

+### NetProtectAdd
+
+
+Perms: admin
+
+Inputs:
+```json
+[
+  [
+    "12D3KooWGzxzKZYveHXtpG6AsrUJBcWxHBFS2HsEoGTxrMLvKXtf"
+  ]
+]
+```
+
+Response: `{}`
+
+### NetProtectList
+
+
+Perms: read
+
+Inputs: `null`
+
+Response:
+```json
+[
+  "12D3KooWGzxzKZYveHXtpG6AsrUJBcWxHBFS2HsEoGTxrMLvKXtf"
+]
+```
+
+### NetProtectRemove
+
+
+Perms: admin
+
+Inputs:
+```json
+[
+  [
+    "12D3KooWGzxzKZYveHXtpG6AsrUJBcWxHBFS2HsEoGTxrMLvKXtf"
+  ]
+]
+```
+
+Response: `{}`
+
 ### NetPubsubScores


--- a/documentation/en/api-v1-unstable-methods.md
+++ b/documentation/en/api-v1-unstable-methods.md
@ -137,6 +137,9 @@
  * [NetLimit](#NetLimit)
  * [NetPeerInfo](#NetPeerInfo)
  * [NetPeers](#NetPeers)
+  * [NetProtectAdd](#NetProtectAdd)
+  * [NetProtectList](#NetProtectList)
+  * [NetProtectRemove](#NetProtectRemove)
  * [NetPubsubScores](#NetPubsubScores)
  * [NetSetLimit](#NetSetLimit)
  * [NetStat](#NetStat)
@ -4266,6 +4269,52 @@ Response:
 ]
 ```

+### NetProtectAdd
+
+
+Perms: admin
+
+Inputs:
+```json
+[
+  [
+    "12D3KooWGzxzKZYveHXtpG6AsrUJBcWxHBFS2HsEoGTxrMLvKXtf"
+  ]
+]
+```
+
+Response: `{}`
+
+### NetProtectList
+
+
+Perms: read
+
+Inputs: `null`
+
+Response:
+```json
+[
+  "12D3KooWGzxzKZYveHXtpG6AsrUJBcWxHBFS2HsEoGTxrMLvKXtf"
+]
+```
+
+### NetProtectRemove
+
+
+Perms: admin
+
+Inputs:
+```json
+[
+  [
+    "12D3KooWGzxzKZYveHXtpG6AsrUJBcWxHBFS2HsEoGTxrMLvKXtf"
+  ]
+]
+```
+
+Response: `{}`
+
 ### NetPubsubScores


--- a/documentation/en/default-lotus-miner-config.toml
+++ b/documentation/en/default-lotus-miner-config.toml
@ -258,38 +258,24 @@


 [IndexProvider]
-  # The maximum number of multihash chunk links that index provider cache can store before
-  # LRU eviction. If chunks belonging to a single advertisement are larger than the cache can
-  # hold, the cache is resized to be able to hold all links. The actual disk usage depends on
-  # LinkedChunkSize and the length of multihashes. For example, for 128-bit long multihashes
-  # with the default LinkedChunkSize, and LinkCacheSize the cache size can grow to 256MiB. 
-  #
-  # type int
  # env var: LOTUS_INDEXPROVIDER_LINKCACHESIZE
  #LinkCacheSize = 1024

-  # The number of multihashes in each chunk of the
-  # advertised multihash entries linked list.  If multihashes are 128-bit, then
-  # setting LinkedChunkSize = 16384 will result in blocks of 0.25MiB when
-  # full.
-  #
-  # type int
  # env var: LOTUS_INDEXPROVIDER_LINKEDCHUNKSIZE
  #LinkedChunkSize = 16384

-  # The gossipsub topic name used to publish change to the advertised content.
-  #
  # env var: LOTUS_INDEXPROVIDER_PUBSUBTOPIC
  #PubSubTopic = "/indexer/ingest/mainnet"

-  # Whether to purge all cached entries on start-up.
-  #
  # env var: LOTUS_INDEXPROVIDER_PURGELINKCACHE
  #PurgeLinkCache = false

-  # Binding address for the libp2p host contacted by indexer nodes to sync the list of advertised 
-  # multihashes. Note that when port is set to 0 a random port is generated at runtime and may be 
-  # different on every restart. The format of the strings specified must conform to multiaddress; 
+  # env var: LOTUS_INDEXPROVIDER_PUBLISHERKIND
+  #PublisherKind = "dtsync"
+
+  # Binding address for the libp2p host contacted by indexer nodes to sync the list of advertised
+  # multihashes. Note that when port is set to 0 a random port is generated at runtime and may be
+  # different on every restart. The format of the strings specified must conform to multiaddress;
  # see https://multiformats.io/multiaddr/
  #
  # type: []string
@ -304,13 +290,17 @@
  # env var: LOTUS_INDEXPROVIDER_ANNOUNCEADDRESSES
  #AnnounceAddresses = []

-  # The maximum number of simultaneous requests syncing the list of advertised multihashes between 
+  # The maximum number of simultaneous requests syncing the list of advertised multihashes between
  # the indexers and the index provider.
  #
  # type: uint64
  # env var: LOTUS_INDEXPROVIDER_MAXSIMULTANEOUSTRANSFERS
  #MaxSimultaneousTransfers = 20

+  [IndexProvider.HttpPublisher]
+    # env var: LOTUS_INDEXPROVIDER_HTTPPUBLISHER_LISTENMULTIADDR
+    #ListenMultiaddr = "/ip4/0.0.0.0/tcp/3104/http"
+

 [Sealing]
  # Upper bound on how many sectors can be waiting for more deals to be packed in it before it begins sealing at any given time.
--- a/node/impl/net/protect.go
+++ b/node/impl/net/protect.go
@ -0,0 +1,35 @@
+package net
+
+import (
+	"context"
+
+	"github.com/libp2p/go-libp2p-core/peer"
+)
+
+const apiProtectTag = "api"
+
+func (a *NetAPI) NetProtectAdd(ctx context.Context, peers []peer.ID) error {
+	for _, p := range peers {
+		a.Host.ConnManager().Protect(p, apiProtectTag)
+	}
+
+	return nil
+}
+
+func (a *NetAPI) NetProtectRemove(ctx context.Context, peers []peer.ID) error {
+	for _, p := range peers {
+		a.Host.ConnManager().Unprotect(p, apiProtectTag)
+	}
+
+	return nil
+}
+
+func (a *NetAPI) NetProtectList(ctx context.Context) (result []peer.ID, err error) {
+	for _, conn := range a.Host.Network().Conns() {
+		if a.Host.ConnManager().IsProtected(conn.RemotePeer(), apiProtectTag) {
+			result = append(result, conn.RemotePeer())
+		}
+	}
+
+	return
+}