forked from cerc-io/plugeth
cmd/geth, cmd/mist, cmd/utils, eth, p2p: support trusted peers
This commit is contained in:
parent
3fef601903
commit
de0549fabb
@ -25,7 +25,7 @@ func (js *jsre) adminBindings() {
|
|||||||
js.re.Set("admin", struct{}{})
|
js.re.Set("admin", struct{}{})
|
||||||
t, _ := js.re.Get("admin")
|
t, _ := js.re.Get("admin")
|
||||||
admin := t.Object()
|
admin := t.Object()
|
||||||
admin.Set("suggestPeer", js.suggestPeer)
|
admin.Set("trustPeer", js.trustPeer)
|
||||||
admin.Set("startRPC", js.startRPC)
|
admin.Set("startRPC", js.startRPC)
|
||||||
admin.Set("stopRPC", js.stopRPC)
|
admin.Set("stopRPC", js.stopRPC)
|
||||||
admin.Set("nodeInfo", js.nodeInfo)
|
admin.Set("nodeInfo", js.nodeInfo)
|
||||||
@ -243,13 +243,13 @@ func (js *jsre) stopRPC(call otto.FunctionCall) otto.Value {
|
|||||||
return otto.FalseValue()
|
return otto.FalseValue()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (js *jsre) suggestPeer(call otto.FunctionCall) otto.Value {
|
func (js *jsre) trustPeer(call otto.FunctionCall) otto.Value {
|
||||||
nodeURL, err := call.Argument(0).ToString()
|
nodeURL, err := call.Argument(0).ToString()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
return otto.FalseValue()
|
return otto.FalseValue()
|
||||||
}
|
}
|
||||||
err = js.ethereum.SuggestPeer(nodeURL)
|
err = js.ethereum.TrustPeer(nodeURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
return otto.FalseValue()
|
return otto.FalseValue()
|
||||||
|
@ -232,7 +232,8 @@ JavaScript API. See https://github.com/ethereum/go-ethereum/wiki/Javascipt-Conso
|
|||||||
utils.IdentityFlag,
|
utils.IdentityFlag,
|
||||||
utils.UnlockedAccountFlag,
|
utils.UnlockedAccountFlag,
|
||||||
utils.PasswordFileFlag,
|
utils.PasswordFileFlag,
|
||||||
utils.BootnodesFlag,
|
utils.BootNodesFlag,
|
||||||
|
utils.TrustedNodesFlag,
|
||||||
utils.DataDirFlag,
|
utils.DataDirFlag,
|
||||||
utils.BlockchainVersionFlag,
|
utils.BlockchainVersionFlag,
|
||||||
utils.JSpathFlag,
|
utils.JSpathFlag,
|
||||||
|
@ -69,7 +69,7 @@ func init() {
|
|||||||
assetPathFlag,
|
assetPathFlag,
|
||||||
rpcCorsFlag,
|
rpcCorsFlag,
|
||||||
|
|
||||||
utils.BootnodesFlag,
|
utils.BootNodesFlag,
|
||||||
utils.DataDirFlag,
|
utils.DataDirFlag,
|
||||||
utils.ListenPortFlag,
|
utils.ListenPortFlag,
|
||||||
utils.LogFileFlag,
|
utils.LogFileFlag,
|
||||||
|
@ -104,8 +104,8 @@ func (ui *UiLib) Connect(button qml.Object) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (ui *UiLib) ConnectToPeer(nodeURL string) {
|
func (ui *UiLib) ConnectToPeer(nodeURL string) {
|
||||||
if err := ui.eth.SuggestPeer(nodeURL); err != nil {
|
if err := ui.eth.TrustPeer(nodeURL); err != nil {
|
||||||
guilogger.Infoln("SuggestPeer error: " + err.Error())
|
guilogger.Infoln("TrustPeer error: " + err.Error())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -202,11 +202,16 @@ var (
|
|||||||
Usage: "Network listening port",
|
Usage: "Network listening port",
|
||||||
Value: 30303,
|
Value: 30303,
|
||||||
}
|
}
|
||||||
BootnodesFlag = cli.StringFlag{
|
BootNodesFlag = cli.StringFlag{
|
||||||
Name: "bootnodes",
|
Name: "bootnodes",
|
||||||
Usage: "Space-separated enode URLs for p2p discovery bootstrap",
|
Usage: "Space-separated enode URLs for p2p discovery bootstrap",
|
||||||
Value: "",
|
Value: "",
|
||||||
}
|
}
|
||||||
|
TrustedNodesFlag = cli.StringFlag{
|
||||||
|
Name: "trustednodes",
|
||||||
|
Usage: "List of trusted nodes (either an enode list or path to a json file of enodes)",
|
||||||
|
Value: "",
|
||||||
|
}
|
||||||
NodeKeyFileFlag = cli.StringFlag{
|
NodeKeyFileFlag = cli.StringFlag{
|
||||||
Name: "nodekey",
|
Name: "nodekey",
|
||||||
Usage: "P2P node key file",
|
Usage: "P2P node key file",
|
||||||
@ -292,7 +297,8 @@ func MakeEthConfig(clientID, version string, ctx *cli.Context) *eth.Config {
|
|||||||
NodeKey: GetNodeKey(ctx),
|
NodeKey: GetNodeKey(ctx),
|
||||||
Shh: ctx.GlobalBool(WhisperEnabledFlag.Name),
|
Shh: ctx.GlobalBool(WhisperEnabledFlag.Name),
|
||||||
Dial: true,
|
Dial: true,
|
||||||
BootNodes: ctx.GlobalString(BootnodesFlag.Name),
|
BootNodes: ctx.GlobalString(BootNodesFlag.Name),
|
||||||
|
TrustedNodes: ctx.GlobalString(TrustedNodesFlag.Name),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,7 +2,10 @@ package eth
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
"path"
|
"path"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
@ -56,10 +59,13 @@ type Config struct {
|
|||||||
MaxPeers int
|
MaxPeers int
|
||||||
Port string
|
Port string
|
||||||
|
|
||||||
// This should be a space-separated list of
|
// Space-separated list of discovery node URLs
|
||||||
// discovery node URLs.
|
|
||||||
BootNodes string
|
BootNodes string
|
||||||
|
|
||||||
|
// Either a space-separated list of discovery node URLs, or a path to a json
|
||||||
|
// file containing such a list.
|
||||||
|
TrustedNodes string
|
||||||
|
|
||||||
// This key is used to identify the node on the network.
|
// This key is used to identify the node on the network.
|
||||||
// If nil, an ephemeral key is used.
|
// If nil, an ephemeral key is used.
|
||||||
NodeKey *ecdsa.PrivateKey
|
NodeKey *ecdsa.PrivateKey
|
||||||
@ -96,6 +102,46 @@ func (cfg *Config) parseBootNodes() []*discover.Node {
|
|||||||
return ns
|
return ns
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// parseTrustedNodes parses a list of discovery node URLs either given literally,
|
||||||
|
// or loaded from a .json file.
|
||||||
|
func (cfg *Config) parseTrustedNodes() []*discover.Node {
|
||||||
|
// Short circuit if no trusted nodes were given
|
||||||
|
if cfg.TrustedNodes == "" {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
// Try to interpret the trusted node config as a .json file
|
||||||
|
if _, err := os.Stat(cfg.TrustedNodes); err == nil {
|
||||||
|
// Load the file from disk
|
||||||
|
blob, err := ioutil.ReadFile(cfg.TrustedNodes)
|
||||||
|
if err != nil {
|
||||||
|
glog.V(logger.Error).Infof("Failed to access trusted nodes: %v", err)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
// Interpret the json contents
|
||||||
|
list := []string{}
|
||||||
|
if err := json.Unmarshal(blob, &list); err != nil {
|
||||||
|
glog.V(logger.Error).Infof("Failed to load trusted nodes: %v", err)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
// Swap out the configuration for the actual nodes
|
||||||
|
cfg.TrustedNodes = strings.Join(list, " ")
|
||||||
|
}
|
||||||
|
// Interpret the list as a discovery node array
|
||||||
|
var nodes []*discover.Node
|
||||||
|
for _, url := range strings.Split(cfg.TrustedNodes, " ") {
|
||||||
|
if url == "" {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
node, err := discover.ParseNode(url)
|
||||||
|
if err != nil {
|
||||||
|
glog.V(logger.Error).Infof("Trusted node URL %s: %v\n", url, err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
nodes = append(nodes, node)
|
||||||
|
}
|
||||||
|
return nodes
|
||||||
|
}
|
||||||
|
|
||||||
func (cfg *Config) nodeKey() (*ecdsa.PrivateKey, error) {
|
func (cfg *Config) nodeKey() (*ecdsa.PrivateKey, error) {
|
||||||
// use explicit key from command line args if set
|
// use explicit key from command line args if set
|
||||||
if cfg.NodeKey != nil {
|
if cfg.NodeKey != nil {
|
||||||
@ -247,6 +293,7 @@ func New(config *Config) (*Ethereum, error) {
|
|||||||
NAT: config.NAT,
|
NAT: config.NAT,
|
||||||
NoDial: !config.Dial,
|
NoDial: !config.Dial,
|
||||||
BootstrapNodes: config.parseBootNodes(),
|
BootstrapNodes: config.parseBootNodes(),
|
||||||
|
TrustedNodes: config.parseTrustedNodes(),
|
||||||
NodeDatabase: nodeDb,
|
NodeDatabase: nodeDb,
|
||||||
}
|
}
|
||||||
if len(config.Port) > 0 {
|
if len(config.Port) > 0 {
|
||||||
@ -442,12 +489,13 @@ func (s *Ethereum) StartForTest() {
|
|||||||
s.txPool.Start()
|
s.txPool.Start()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (self *Ethereum) SuggestPeer(nodeURL string) error {
|
// TrustPeer injects a new node into the list of privileged nodes.
|
||||||
|
func (self *Ethereum) TrustPeer(nodeURL string) error {
|
||||||
n, err := discover.ParseNode(nodeURL)
|
n, err := discover.ParseNode(nodeURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("invalid node URL: %v", err)
|
return fmt.Errorf("invalid node URL: %v", err)
|
||||||
}
|
}
|
||||||
self.net.SuggestPeer(n)
|
self.net.TrustPeer(n)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,6 +20,7 @@ import (
|
|||||||
const (
|
const (
|
||||||
defaultDialTimeout = 10 * time.Second
|
defaultDialTimeout = 10 * time.Second
|
||||||
refreshPeersInterval = 30 * time.Second
|
refreshPeersInterval = 30 * time.Second
|
||||||
|
trustedPeerCheckInterval = 15 * time.Second
|
||||||
|
|
||||||
// This is the maximum number of inbound connection
|
// This is the maximum number of inbound connection
|
||||||
// that are allowed to linger between 'accepted' and
|
// that are allowed to linger between 'accepted' and
|
||||||
@ -59,6 +60,10 @@ type Server struct {
|
|||||||
// with the rest of the network.
|
// with the rest of the network.
|
||||||
BootstrapNodes []*discover.Node
|
BootstrapNodes []*discover.Node
|
||||||
|
|
||||||
|
// Trusted nodes are used as privileged connections which are always accepted
|
||||||
|
// and also always maintained.
|
||||||
|
TrustedNodes []*discover.Node
|
||||||
|
|
||||||
// NodeDatabase is the path to the database containing the previously seen
|
// NodeDatabase is the path to the database containing the previously seen
|
||||||
// live nodes in the network.
|
// live nodes in the network.
|
||||||
NodeDatabase string
|
NodeDatabase string
|
||||||
@ -99,13 +104,15 @@ type Server struct {
|
|||||||
running bool
|
running bool
|
||||||
peers map[discover.NodeID]*Peer
|
peers map[discover.NodeID]*Peer
|
||||||
|
|
||||||
|
trusts map[discover.NodeID]*discover.Node // Map of currently trusted remote nodes
|
||||||
|
trustDial chan *discover.Node // Dial request channel reserved for the trusted nodes
|
||||||
|
|
||||||
ntab *discover.Table
|
ntab *discover.Table
|
||||||
listener net.Listener
|
listener net.Listener
|
||||||
|
|
||||||
quit chan struct{}
|
quit chan struct{}
|
||||||
loopWG sync.WaitGroup // {dial,listen,nat}Loop
|
loopWG sync.WaitGroup // {dial,listen,nat}Loop
|
||||||
peerWG sync.WaitGroup // active peer goroutines
|
peerWG sync.WaitGroup // active peer goroutines
|
||||||
peerConnect chan *discover.Node
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type setupFunc func(net.Conn, *ecdsa.PrivateKey, *protoHandshake, *discover.Node, bool) (*conn, error)
|
type setupFunc func(net.Conn, *ecdsa.PrivateKey, *protoHandshake, *discover.Node, bool) (*conn, error)
|
||||||
@ -131,10 +138,9 @@ func (srv *Server) PeerCount() int {
|
|||||||
return n
|
return n
|
||||||
}
|
}
|
||||||
|
|
||||||
// SuggestPeer creates a connection to the given Node if it
|
// TrustPeer inserts a node into the list of privileged nodes.
|
||||||
// is not already connected.
|
func (srv *Server) TrustPeer(node *discover.Node) {
|
||||||
func (srv *Server) SuggestPeer(n *discover.Node) {
|
srv.trustDial <- node
|
||||||
srv.peerConnect <- n
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Broadcast sends an RLP-encoded message to all connected peers.
|
// Broadcast sends an RLP-encoded message to all connected peers.
|
||||||
@ -195,7 +201,14 @@ func (srv *Server) Start() (err error) {
|
|||||||
}
|
}
|
||||||
srv.quit = make(chan struct{})
|
srv.quit = make(chan struct{})
|
||||||
srv.peers = make(map[discover.NodeID]*Peer)
|
srv.peers = make(map[discover.NodeID]*Peer)
|
||||||
srv.peerConnect = make(chan *discover.Node)
|
|
||||||
|
// Create the current trust map, and the associated dialing channel
|
||||||
|
srv.trusts = make(map[discover.NodeID]*discover.Node)
|
||||||
|
for _, node := range srv.TrustedNodes {
|
||||||
|
srv.trusts[node.ID] = node
|
||||||
|
}
|
||||||
|
srv.trustDial = make(chan *discover.Node)
|
||||||
|
|
||||||
if srv.setupFunc == nil {
|
if srv.setupFunc == nil {
|
||||||
srv.setupFunc = setupConn
|
srv.setupFunc = setupConn
|
||||||
}
|
}
|
||||||
@ -229,6 +242,8 @@ func (srv *Server) Start() (err error) {
|
|||||||
if srv.NoDial && srv.ListenAddr == "" {
|
if srv.NoDial && srv.ListenAddr == "" {
|
||||||
glog.V(logger.Warn).Infoln("I will be kind-of useless, neither dialing nor listening.")
|
glog.V(logger.Warn).Infoln("I will be kind-of useless, neither dialing nor listening.")
|
||||||
}
|
}
|
||||||
|
// maintain the trusted peers
|
||||||
|
go srv.trustLoop()
|
||||||
|
|
||||||
srv.running = true
|
srv.running = true
|
||||||
return nil
|
return nil
|
||||||
@ -323,6 +338,45 @@ func (srv *Server) listenLoop() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// trustLoop is responsible for periodically checking that trusted connections
|
||||||
|
// are actually live, and requests dialing if not.
|
||||||
|
func (srv *Server) trustLoop() {
|
||||||
|
// Create a ticker for verifying trusted connections
|
||||||
|
tick := time.Tick(trustedPeerCheckInterval)
|
||||||
|
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-srv.quit:
|
||||||
|
// Termination requested, simple return
|
||||||
|
return
|
||||||
|
|
||||||
|
case <-tick:
|
||||||
|
// Collect all the non-connected trusted nodes
|
||||||
|
needed := []*discover.Node{}
|
||||||
|
srv.lock.RLock()
|
||||||
|
for id, node := range srv.trusts {
|
||||||
|
if _, ok := srv.peers[id]; !ok {
|
||||||
|
needed = append(needed, node)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
srv.lock.RUnlock()
|
||||||
|
|
||||||
|
// Try to dial each of them (don't hang if server terminates)
|
||||||
|
for _, node := range needed {
|
||||||
|
glog.V(logger.Error).Infof("Dialing trusted peer %v", node)
|
||||||
|
select {
|
||||||
|
case srv.trustDial <- node:
|
||||||
|
// Ok, dialing
|
||||||
|
|
||||||
|
case <-srv.quit:
|
||||||
|
// Terminating, return
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func (srv *Server) dialLoop() {
|
func (srv *Server) dialLoop() {
|
||||||
var (
|
var (
|
||||||
dialed = make(chan *discover.Node)
|
dialed = make(chan *discover.Node)
|
||||||
@ -373,7 +427,7 @@ func (srv *Server) dialLoop() {
|
|||||||
// below MaxPeers.
|
// below MaxPeers.
|
||||||
refresh.Reset(refreshPeersInterval)
|
refresh.Reset(refreshPeersInterval)
|
||||||
}
|
}
|
||||||
case dest := <-srv.peerConnect:
|
case dest := <-srv.trustDial:
|
||||||
dial(dest)
|
dial(dest)
|
||||||
case dests := <-findresults:
|
case dests := <-findresults:
|
||||||
for _, dest := range dests {
|
for _, dest := range dests {
|
||||||
@ -472,16 +526,26 @@ func (srv *Server) addPeer(id discover.NodeID, p *Peer) (bool, DiscReason) {
|
|||||||
return true, 0
|
return true, 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// checkPeer verifies whether a peer looks promising and should be allowed/kept
|
||||||
|
// in the pool, or if it's of no use.
|
||||||
func (srv *Server) checkPeer(id discover.NodeID) (bool, DiscReason) {
|
func (srv *Server) checkPeer(id discover.NodeID) (bool, DiscReason) {
|
||||||
|
// First up, figure out if the peer is trusted
|
||||||
|
_, trusted := srv.trusts[id]
|
||||||
|
|
||||||
|
// Make sure the peer passes all required checks
|
||||||
switch {
|
switch {
|
||||||
case !srv.running:
|
case !srv.running:
|
||||||
return false, DiscQuitting
|
return false, DiscQuitting
|
||||||
case len(srv.peers) >= srv.MaxPeers:
|
|
||||||
|
case !trusted && len(srv.peers) >= srv.MaxPeers:
|
||||||
return false, DiscTooManyPeers
|
return false, DiscTooManyPeers
|
||||||
|
|
||||||
case srv.peers[id] != nil:
|
case srv.peers[id] != nil:
|
||||||
return false, DiscAlreadyConnected
|
return false, DiscAlreadyConnected
|
||||||
|
|
||||||
case id == srv.ntab.Self().ID:
|
case id == srv.ntab.Self().ID:
|
||||||
return false, DiscSelf
|
return false, DiscSelf
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return true, 0
|
return true, 0
|
||||||
}
|
}
|
||||||
|
@ -102,7 +102,7 @@ func TestServerDial(t *testing.T) {
|
|||||||
|
|
||||||
// tell the server to connect
|
// tell the server to connect
|
||||||
tcpAddr := listener.Addr().(*net.TCPAddr)
|
tcpAddr := listener.Addr().(*net.TCPAddr)
|
||||||
srv.SuggestPeer(&discover.Node{IP: tcpAddr.IP, TCPPort: tcpAddr.Port})
|
srv.trustDial <-&discover.Node{IP: tcpAddr.IP, TCPPort: tcpAddr.Port}
|
||||||
|
|
||||||
select {
|
select {
|
||||||
case conn := <-accepted:
|
case conn := <-accepted:
|
||||||
|
Loading…
Reference in New Issue
Block a user