cmd, eth: Add support for `--whitelist <blocknum>=<hash>,...` flag
* Rejects peers that respond with a different hash for any of the passed in block numbers. * Meant for emergency situations when the network forks unexpectedly.
This commit is contained in:
parent
c1e3fe6b14
commit
48b70ecff1
|
@ -87,6 +87,7 @@ var (
|
|||
utils.LightServFlag,
|
||||
utils.LightPeersFlag,
|
||||
utils.LightKDFFlag,
|
||||
utils.WhitelistFlag,
|
||||
utils.CacheFlag,
|
||||
utils.CacheDatabaseFlag,
|
||||
utils.CacheTrieFlag,
|
||||
|
|
|
@ -81,6 +81,7 @@ var AppHelpFlagGroups = []flagGroup{
|
|||
utils.LightServFlag,
|
||||
utils.LightPeersFlag,
|
||||
utils.LightKDFFlag,
|
||||
utils.WhitelistFlag,
|
||||
},
|
||||
},
|
||||
{
|
||||
|
|
|
@ -182,6 +182,10 @@ var (
|
|||
Name: "lightkdf",
|
||||
Usage: "Reduce key-derivation RAM & CPU usage at some expense of KDF strength",
|
||||
}
|
||||
WhitelistFlag = cli.StringFlag{
|
||||
Name: "whitelist",
|
||||
Usage: "Comma separated block number-to-hash mappings to enforce (<number>=<hash>)",
|
||||
}
|
||||
// Dashboard settings
|
||||
DashboardEnabledFlag = cli.BoolFlag{
|
||||
Name: metrics.DashboardEnabledFlag,
|
||||
|
@ -1072,6 +1076,34 @@ func setEthash(ctx *cli.Context, cfg *eth.Config) {
|
|||
}
|
||||
}
|
||||
|
||||
func setWhitelist(ctx *cli.Context, cfg *eth.Config) {
|
||||
if ctx.GlobalIsSet(WhitelistFlag.Name) {
|
||||
entries := strings.Split(ctx.String(WhitelistFlag.Name), ",")
|
||||
whitelist := make(map[uint64]common.Hash)
|
||||
for _, entry := range entries {
|
||||
split := strings.SplitN(entry, "=", 2)
|
||||
if len(split) != 2 {
|
||||
Fatalf("invalid whitelist entry: %s", entry)
|
||||
}
|
||||
|
||||
bn, err := strconv.ParseUint(split[0], 0, 64)
|
||||
if err != nil {
|
||||
Fatalf("Invalid whitelist block number %s: %v", split[0], err)
|
||||
}
|
||||
|
||||
hash := common.Hash{}
|
||||
err = hash.UnmarshalText([]byte(split[1]))
|
||||
if err != nil {
|
||||
Fatalf("Invalid whitelist hash %s: %v", split[1], err)
|
||||
}
|
||||
|
||||
whitelist[bn] = hash
|
||||
}
|
||||
|
||||
cfg.Whitelist = whitelist
|
||||
}
|
||||
}
|
||||
|
||||
// checkExclusive verifies that only a single instance of the provided flags was
|
||||
// set by the user. Each flag might optionally be followed by a string type to
|
||||
// specialize it further.
|
||||
|
@ -1137,6 +1169,7 @@ func SetEthConfig(ctx *cli.Context, stack *node.Node, cfg *eth.Config) {
|
|||
setGPO(ctx, &cfg.GPO)
|
||||
setTxPool(ctx, &cfg.TxPool)
|
||||
setEthash(ctx, cfg)
|
||||
setWhitelist(ctx, cfg)
|
||||
|
||||
if ctx.GlobalIsSet(SyncModeFlag.Name) {
|
||||
cfg.SyncMode = *GlobalTextMarshaler(ctx, SyncModeFlag.Name).(*downloader.SyncMode)
|
||||
|
|
|
@ -173,7 +173,7 @@ func New(ctx *node.ServiceContext, config *Config) (*Ethereum, error) {
|
|||
}
|
||||
eth.txPool = core.NewTxPool(config.TxPool, eth.chainConfig, eth.blockchain)
|
||||
|
||||
if eth.protocolManager, err = NewProtocolManager(eth.chainConfig, config.SyncMode, config.NetworkId, eth.eventMux, eth.txPool, eth.engine, eth.blockchain, chainDb); err != nil {
|
||||
if eth.protocolManager, err = NewProtocolManager(eth.chainConfig, config.SyncMode, config.NetworkId, eth.eventMux, eth.txPool, eth.engine, eth.blockchain, chainDb, config.Whitelist); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
|
@ -87,6 +87,9 @@ type Config struct {
|
|||
SyncMode downloader.SyncMode
|
||||
NoPruning bool
|
||||
|
||||
// Whitelist of required block number -> hash values to accept
|
||||
Whitelist map[uint64]common.Hash `toml:"-"`
|
||||
|
||||
// Light client options
|
||||
LightServ int `toml:",omitempty"` // Maximum percentage of time allowed for serving LES requests
|
||||
LightPeers int `toml:",omitempty"` // Maximum number of LES client peers
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
package eth
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
@ -88,6 +89,8 @@ type ProtocolManager struct {
|
|||
txsSub event.Subscription
|
||||
minedBlockSub *event.TypeMuxSubscription
|
||||
|
||||
whitelist map[uint64]common.Hash
|
||||
|
||||
// channels for fetcher, syncer, txsyncLoop
|
||||
newPeerCh chan *peer
|
||||
txsyncCh chan *txsync
|
||||
|
@ -101,7 +104,7 @@ type ProtocolManager struct {
|
|||
|
||||
// NewProtocolManager returns a new Ethereum sub protocol manager. The Ethereum sub protocol manages peers capable
|
||||
// with the Ethereum network.
|
||||
func NewProtocolManager(config *params.ChainConfig, mode downloader.SyncMode, networkID uint64, mux *event.TypeMux, txpool txPool, engine consensus.Engine, blockchain *core.BlockChain, chaindb ethdb.Database) (*ProtocolManager, error) {
|
||||
func NewProtocolManager(config *params.ChainConfig, mode downloader.SyncMode, networkID uint64, mux *event.TypeMux, txpool txPool, engine consensus.Engine, blockchain *core.BlockChain, chaindb ethdb.Database, whitelist map[uint64]common.Hash) (*ProtocolManager, error) {
|
||||
// Create the protocol manager with the base fields
|
||||
manager := &ProtocolManager{
|
||||
networkID: networkID,
|
||||
|
@ -110,6 +113,7 @@ func NewProtocolManager(config *params.ChainConfig, mode downloader.SyncMode, ne
|
|||
blockchain: blockchain,
|
||||
chainconfig: config,
|
||||
peers: newPeerSet(),
|
||||
whitelist: whitelist,
|
||||
newPeerCh: make(chan *peer),
|
||||
noMorePeers: make(chan struct{}),
|
||||
txsyncCh: make(chan *txsync),
|
||||
|
@ -307,6 +311,16 @@ func (pm *ProtocolManager) handle(p *peer) error {
|
|||
}
|
||||
}()
|
||||
}
|
||||
|
||||
// If we have any explicit whitelist block hashes, request them
|
||||
for bn := range pm.whitelist {
|
||||
p.Log().Debug("Requesting whitelist block", "number", bn)
|
||||
if err := p.RequestHeadersByNumber(bn, 1, 0, false); err != nil {
|
||||
p.Log().Error("whitelist request failed", "err", err, "number", bn, "peer", p.id)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
// main loop. handle incoming messages.
|
||||
for {
|
||||
if err := pm.handleMsg(p); err != nil {
|
||||
|
@ -452,6 +466,16 @@ func (pm *ProtocolManager) handleMsg(p *peer) error {
|
|||
// Filter out any explicitly requested headers, deliver the rest to the downloader
|
||||
filter := len(headers) == 1
|
||||
if filter {
|
||||
// Check for any responses not matching our whitelist
|
||||
if expected, ok := pm.whitelist[headers[0].Number.Uint64()]; ok {
|
||||
actual := headers[0].Hash()
|
||||
if !bytes.Equal(expected.Bytes(), actual.Bytes()) {
|
||||
p.Log().Info("Dropping peer with non-matching whitelist block", "number", headers[0].Number.Uint64(), "hash", actual, "expected", expected)
|
||||
return errors.New("whitelist block mismatch")
|
||||
}
|
||||
p.Log().Debug("Whitelist block verified", "number", headers[0].Number.Uint64(), "hash", expected)
|
||||
}
|
||||
|
||||
// If it's a potential DAO fork check, validate against the rules
|
||||
if p.forkDrop != nil && pm.chainconfig.DAOForkBlock.Cmp(headers[0].Number) == 0 {
|
||||
// Disable the fork drop timer
|
||||
|
|
|
@ -478,7 +478,7 @@ func testDAOChallenge(t *testing.T, localForked, remoteForked bool, timeout bool
|
|||
if err != nil {
|
||||
t.Fatalf("failed to create new blockchain: %v", err)
|
||||
}
|
||||
pm, err := NewProtocolManager(config, downloader.FullSync, DefaultConfig.NetworkId, evmux, new(testTxPool), pow, blockchain, db)
|
||||
pm, err := NewProtocolManager(config, downloader.FullSync, DefaultConfig.NetworkId, evmux, new(testTxPool), pow, blockchain, db, nil)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to start test protocol manager: %v", err)
|
||||
}
|
||||
|
@ -559,7 +559,7 @@ func testBroadcastBlock(t *testing.T, totalPeers, broadcastExpected int) {
|
|||
if err != nil {
|
||||
t.Fatalf("failed to create new blockchain: %v", err)
|
||||
}
|
||||
pm, err := NewProtocolManager(config, downloader.FullSync, DefaultConfig.NetworkId, evmux, new(testTxPool), pow, blockchain, db)
|
||||
pm, err := NewProtocolManager(config, downloader.FullSync, DefaultConfig.NetworkId, evmux, new(testTxPool), pow, blockchain, db, nil)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to start test protocol manager: %v", err)
|
||||
}
|
||||
|
|
|
@ -66,7 +66,7 @@ func newTestProtocolManager(mode downloader.SyncMode, blocks int, generator func
|
|||
panic(err)
|
||||
}
|
||||
|
||||
pm, err := NewProtocolManager(gspec.Config, mode, DefaultConfig.NetworkId, evmux, &testTxPool{added: newtx}, engine, blockchain, db)
|
||||
pm, err := NewProtocolManager(gspec.Config, mode, DefaultConfig.NetworkId, evmux, &testTxPool{added: newtx}, engine, blockchain, db, nil)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue