mirror of
https://gitlab.com/pulsechaincom/prysm-pulse.git
synced 2024-12-25 04:47:18 +00:00
aeb6dc13ac
* blacklist cidr * add test * Merge refs/heads/master into p2pBlacklist
150 lines
4.4 KiB
Go
150 lines
4.4 KiB
Go
package p2p
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"fmt"
|
|
"net"
|
|
"time"
|
|
|
|
"github.com/libp2p/go-libp2p"
|
|
noise "github.com/libp2p/go-libp2p-noise"
|
|
filter "github.com/libp2p/go-maddr-filter"
|
|
ma "github.com/multiformats/go-multiaddr"
|
|
"github.com/pkg/errors"
|
|
"github.com/prysmaticlabs/prysm/beacon-chain/p2p/connmgr"
|
|
"github.com/prysmaticlabs/prysm/shared/featureconfig"
|
|
)
|
|
|
|
// buildOptions for the libp2p host.
|
|
func buildOptions(cfg *Config, ip net.IP, priKey *ecdsa.PrivateKey) []libp2p.Option {
|
|
listen, err := multiAddressBuilder(ip.String(), cfg.TCPPort)
|
|
if err != nil {
|
|
log.Fatalf("Failed to p2p listen: %v", err)
|
|
}
|
|
options := []libp2p.Option{
|
|
privKeyOption(priKey),
|
|
libp2p.EnableRelay(),
|
|
libp2p.ListenAddrs(listen),
|
|
whitelistSubnet(cfg.WhitelistCIDR),
|
|
blacklistSubnets(cfg.BlacklistCIDR),
|
|
// Add one for the boot node and another for the relay, otherwise when we are close to maxPeers we will be above the high
|
|
// water mark and continually trigger pruning.
|
|
libp2p.ConnectionManager(connmgr.NewConnManager(int(cfg.MaxPeers+2), int(cfg.MaxPeers+2), 1*time.Second)),
|
|
}
|
|
if featureconfig.Get().EnableNoise {
|
|
// Enable NOISE for the beacon node
|
|
options = append(options, libp2p.Security(noise.ID, noise.New))
|
|
}
|
|
if cfg.EnableUPnP {
|
|
options = append(options, libp2p.NATPortMap()) //Allow to use UPnP
|
|
}
|
|
if cfg.RelayNodeAddr != "" {
|
|
options = append(options, libp2p.AddrsFactory(withRelayAddrs(cfg.RelayNodeAddr)))
|
|
}
|
|
if cfg.HostAddress != "" {
|
|
options = append(options, libp2p.AddrsFactory(func(addrs []ma.Multiaddr) []ma.Multiaddr {
|
|
external, err := multiAddressBuilder(cfg.HostAddress, cfg.TCPPort)
|
|
if err != nil {
|
|
log.WithError(err).Error("Unable to create external multiaddress")
|
|
} else {
|
|
addrs = append(addrs, external)
|
|
}
|
|
return addrs
|
|
}))
|
|
}
|
|
if cfg.HostDNS != "" {
|
|
options = append(options, libp2p.AddrsFactory(func(addrs []ma.Multiaddr) []ma.Multiaddr {
|
|
external, err := ma.NewMultiaddr(fmt.Sprintf("/dns4/%s/tcp/%d", cfg.HostDNS, cfg.TCPPort))
|
|
if err != nil {
|
|
log.WithError(err).Error("Unable to create external multiaddress")
|
|
} else {
|
|
addrs = append(addrs, external)
|
|
}
|
|
return addrs
|
|
}))
|
|
}
|
|
if cfg.LocalIP != "" {
|
|
if net.ParseIP(cfg.LocalIP) == nil {
|
|
log.Errorf("Invalid local ip provided: %s", cfg.LocalIP)
|
|
return options
|
|
}
|
|
listen, err = multiAddressBuilder(cfg.LocalIP, cfg.TCPPort)
|
|
if err != nil {
|
|
log.Fatalf("Failed to p2p listen: %v", err)
|
|
}
|
|
options = append(options, libp2p.ListenAddrs(listen))
|
|
}
|
|
return options
|
|
}
|
|
|
|
func multiAddressBuilder(ipAddr string, port uint) (ma.Multiaddr, error) {
|
|
parsedIP := net.ParseIP(ipAddr)
|
|
if parsedIP.To4() == nil && parsedIP.To16() == nil {
|
|
return nil, errors.Errorf("invalid ip address provided: %s", ipAddr)
|
|
}
|
|
if parsedIP.To4() != nil {
|
|
return ma.NewMultiaddr(fmt.Sprintf("/ip4/%s/tcp/%d", ipAddr, port))
|
|
}
|
|
return ma.NewMultiaddr(fmt.Sprintf("/ip6/%s/tcp/%d", ipAddr, port))
|
|
}
|
|
|
|
// Adds a private key to the libp2p option if the option was provided.
|
|
// If the private key file is missing or cannot be read, or if the
|
|
// private key contents cannot be marshaled, an exception is thrown.
|
|
func privKeyOption(privkey *ecdsa.PrivateKey) libp2p.Option {
|
|
return func(cfg *libp2p.Config) error {
|
|
log.Debug("ECDSA private key generated")
|
|
return cfg.Apply(libp2p.Identity(convertToInterfacePrivkey(privkey)))
|
|
}
|
|
}
|
|
|
|
// whitelistSubnet adds a whitelist multiaddress filter for a given CIDR subnet.
|
|
// Example: 192.168.0.0/16 may be used to accept only connections on your local
|
|
// network.
|
|
func whitelistSubnet(cidr string) libp2p.Option {
|
|
if cidr == "" {
|
|
return func(_ *libp2p.Config) error {
|
|
return nil
|
|
}
|
|
}
|
|
|
|
return func(cfg *libp2p.Config) error {
|
|
_, ipnet, err := net.ParseCIDR(cidr)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if cfg.Filters == nil {
|
|
cfg.Filters = filter.NewFilters()
|
|
}
|
|
cfg.Filters.AddFilter(*ipnet, filter.ActionAccept)
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// blacklistSubnet adds a blacklist multiaddress filter for multiple given CIDR subnets.
|
|
// Example: 192.168.0.0/16 may be used to deny connections from your local
|
|
// network.
|
|
func blacklistSubnets(mulCidrs []string) libp2p.Option {
|
|
if len(mulCidrs) == 0 {
|
|
return func(_ *libp2p.Config) error {
|
|
return nil
|
|
}
|
|
}
|
|
return func(cfg *libp2p.Config) error {
|
|
if cfg.Filters == nil {
|
|
cfg.Filters = filter.NewFilters()
|
|
}
|
|
|
|
for _, cidr := range mulCidrs {
|
|
_, ipnet, err := net.ParseCIDR(cidr)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
cfg.Filters.AddFilter(*ipnet, filter.ActionDeny)
|
|
}
|
|
return nil
|
|
}
|
|
}
|