p2p, p2p/discover, p2p/discv5: add IP network restriction feature

The p2p packages can now be configured to restrict all communication to a certain subset of IP networks. This feature is meant to be used for private networks.
2016-11-22 20:51:59 +01:00
parent e46bda5093
commit a47341cf96
9 changed files with 124 additions and 34 deletions
--- a/p2p/discv5/net.go
+++ b/p2p/discv5/net.go
@ -31,6 +31,7 @@ import (
 	"github.com/ethereum/go-ethereum/logger"
 	"github.com/ethereum/go-ethereum/logger/glog"
 	"github.com/ethereum/go-ethereum/p2p/nat"
+	"github.com/ethereum/go-ethereum/p2p/netutil"
 	"github.com/ethereum/go-ethereum/rlp"
 )

@ -63,8 +64,9 @@ func debugLog(s string) {

 // Network manages the table and all protocol interaction.
 type Network struct {
-	db   *nodeDB // database of known nodes
-	conn transport
+	db          *nodeDB // database of known nodes
+	conn        transport
+	netrestrict *netutil.Netlist

 	closed           chan struct{}          // closed when loop is done
 	closeReq         chan struct{}          // 'request to close'
@ -133,7 +135,7 @@ type timeoutEvent struct {
 	node *Node
 }

-func newNetwork(conn transport, ourPubkey ecdsa.PublicKey, natm nat.Interface, dbPath string) (*Network, error) {
+func newNetwork(conn transport, ourPubkey ecdsa.PublicKey, natm nat.Interface, dbPath string, netrestrict *netutil.Netlist) (*Network, error) {
 	ourID := PubkeyID(&ourPubkey)

 	var db *nodeDB
@ -148,6 +150,7 @@ func newNetwork(conn transport, ourPubkey ecdsa.PublicKey, natm nat.Interface, d
 	net := &Network{
 		db:               db,
 		conn:             conn,
+		netrestrict:      netrestrict,
 		tab:              tab,
 		topictab:         newTopicTable(db, tab.self),
 		ticketStore:      newTicketStore(),
@ -696,6 +699,9 @@ func (net *Network) internNodeFromNeighbours(sender *net.UDPAddr, rn rpcNode) (n
 	if n == nil {
 		// We haven't seen this node before.
 		n, err = nodeFromRPC(sender, rn)
+		if net.netrestrict != nil && !net.netrestrict.Contains(n.IP) {
+			return n, errors.New("not contained in netrestrict whitelist")
+		}
 		if err == nil {
 			n.state = unknown
 			net.nodes[n.ID] = n
--- a/p2p/discv5/net_test.go
+++ b/p2p/discv5/net_test.go
@ -28,7 +28,7 @@ import (

 func TestNetwork_Lookup(t *testing.T) {
 	key, _ := crypto.GenerateKey()
-	network, err := newNetwork(lookupTestnet, key.PublicKey, nil, "")
+	network, err := newNetwork(lookupTestnet, key.PublicKey, nil, "", nil)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/p2p/discv5/sim_test.go
+++ b/p2p/discv5/sim_test.go
@ -290,7 +290,7 @@ func (s *simulation) launchNode(log bool) *Network {
 	addr := &net.UDPAddr{IP: ip, Port: 30303}

 	transport := &simTransport{joinTime: time.Now(), sender: id, senderAddr: addr, sim: s, priv: key}
-	net, err := newNetwork(transport, key.PublicKey, nil, "<no database>")
+	net, err := newNetwork(transport, key.PublicKey, nil, "<no database>", nil)
 	if err != nil {
 		panic("cannot launch new node: " + err.Error())
 	}
--- a/p2p/discv5/udp.go
+++ b/p2p/discv5/udp.go
@ -238,12 +238,12 @@ type udp struct {
 }

 // ListenUDP returns a new table that listens for UDP packets on laddr.
-func ListenUDP(priv *ecdsa.PrivateKey, laddr string, natm nat.Interface, nodeDBPath string) (*Network, error) {
+func ListenUDP(priv *ecdsa.PrivateKey, laddr string, natm nat.Interface, nodeDBPath string, netrestrict *netutil.Netlist) (*Network, error) {
 	transport, err := listenUDP(priv, laddr)
 	if err != nil {
 		return nil, err
 	}
-	net, err := newNetwork(transport, priv.PublicKey, natm, nodeDBPath)
+	net, err := newNetwork(transport, priv.PublicKey, natm, nodeDBPath, netrestrict)
 	if err != nil {
 		return nil, err
 	}