mirror of
https://github.com/ethereum/go-ethereum.git
synced 2026-07-18 02:40:45 +00:00
refactor(all): remove term whitelist and blacklist (#1994)
This commit is contained in:
parent
85f2bebfd1
commit
50210d90e3
27 changed files with 172 additions and 171 deletions
|
|
@ -61,8 +61,8 @@ var (
|
||||||
utils.IdentityFlag,
|
utils.IdentityFlag,
|
||||||
utils.UnlockedAccountFlag,
|
utils.UnlockedAccountFlag,
|
||||||
utils.PasswordFileFlag,
|
utils.PasswordFileFlag,
|
||||||
utils.PeersWhitelistFlag,
|
utils.PeersAllowlistFlag,
|
||||||
utils.PeersBlacklistFlag,
|
utils.PeersDenylistFlag,
|
||||||
utils.BootnodesFlag,
|
utils.BootnodesFlag,
|
||||||
utils.BootnodesV4Flag,
|
utils.BootnodesV4Flag,
|
||||||
utils.BootnodesV5Flag,
|
utils.BootnodesV5Flag,
|
||||||
|
|
|
||||||
|
|
@ -157,7 +157,7 @@ func checkEthstats(client *sshClient, network string) (*ethstatsInfos, error) {
|
||||||
if port != 80 && port != 443 {
|
if port != 80 && port != 443 {
|
||||||
config += fmt.Sprintf(":%d", port)
|
config += fmt.Sprintf(":%d", port)
|
||||||
}
|
}
|
||||||
// Retrieve the IP blacklist
|
// Retrieve the IP denylist
|
||||||
banned := strings.Split(infos.envvars["BANNED"], ",")
|
banned := strings.Split(infos.envvars["BANNED"], ",")
|
||||||
|
|
||||||
// Run a sanity check to see if the port is reachable
|
// Run a sanity check to see if the port is reachable
|
||||||
|
|
|
||||||
|
|
@ -63,20 +63,20 @@ func (w *wizard) deployEthstats() {
|
||||||
fmt.Printf("What should be the secret password for the API? (default = %s)\n", infos.secret)
|
fmt.Printf("What should be the secret password for the API? (default = %s)\n", infos.secret)
|
||||||
infos.secret = w.readDefaultString(infos.secret)
|
infos.secret = w.readDefaultString(infos.secret)
|
||||||
}
|
}
|
||||||
// Gather any blacklists to ban from reporting
|
// Gather any denylist to ban from reporting
|
||||||
if existed {
|
if existed {
|
||||||
fmt.Println()
|
fmt.Println()
|
||||||
fmt.Printf("Keep existing IP %v blacklist (y/n)? (default = yes)\n", infos.banned)
|
fmt.Printf("Keep existing IP %v denylist (y/n)? (default = yes)\n", infos.banned)
|
||||||
if w.readDefaultString("y") != "y" {
|
if w.readDefaultString("y") != "y" {
|
||||||
// The user might want to clear the entire list, although generally probably not
|
// The user might want to clear the entire list, although generally probably not
|
||||||
fmt.Println()
|
fmt.Println()
|
||||||
fmt.Printf("Clear out blacklist and start over (y/n)? (default = no)\n")
|
fmt.Printf("Clear out denylist and start over (y/n)? (default = no)\n")
|
||||||
if w.readDefaultString("n") != "n" {
|
if w.readDefaultString("n") != "n" {
|
||||||
infos.banned = nil
|
infos.banned = nil
|
||||||
}
|
}
|
||||||
// Offer the user to explicitly add/remove certain IP addresses
|
// Offer the user to explicitly add/remove certain IP addresses
|
||||||
fmt.Println()
|
fmt.Println()
|
||||||
fmt.Println("Which additional IP addresses should be blacklisted?")
|
fmt.Println("Which additional IP addresses should be denylisted?")
|
||||||
for {
|
for {
|
||||||
if ip := w.readIPAddress(); ip != "" {
|
if ip := w.readIPAddress(); ip != "" {
|
||||||
infos.banned = append(infos.banned, ip)
|
infos.banned = append(infos.banned, ip)
|
||||||
|
|
@ -85,7 +85,7 @@ func (w *wizard) deployEthstats() {
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
fmt.Println()
|
fmt.Println()
|
||||||
fmt.Println("Which IP addresses should not be blacklisted?")
|
fmt.Println("Which IP addresses should not be denylisted?")
|
||||||
for {
|
for {
|
||||||
if ip := w.readIPAddress(); ip != "" {
|
if ip := w.readIPAddress(); ip != "" {
|
||||||
for i, addr := range infos.banned {
|
for i, addr := range infos.banned {
|
||||||
|
|
|
||||||
|
|
@ -629,15 +629,15 @@ var (
|
||||||
Value: 30303,
|
Value: 30303,
|
||||||
Category: flags.NetworkingCategory,
|
Category: flags.NetworkingCategory,
|
||||||
}
|
}
|
||||||
PeersWhitelistFlag = &cli.StringFlag{
|
PeersAllowlistFlag = &cli.StringFlag{
|
||||||
Name: "peers-whitelist",
|
Name: "peers-allowlist",
|
||||||
Usage: "Comma separated NodeID or enode URLs for peer whitelist (only connect to them)",
|
Usage: "Comma separated NodeID or enode URLs for peer allowlist (only connect to them)",
|
||||||
Value: "",
|
Value: "",
|
||||||
Category: flags.NetworkingCategory,
|
Category: flags.NetworkingCategory,
|
||||||
}
|
}
|
||||||
PeersBlacklistFlag = &cli.StringFlag{
|
PeersDenylistFlag = &cli.StringFlag{
|
||||||
Name: "peers-blacklist",
|
Name: "peers-denylist",
|
||||||
Usage: "Comma separated NodeID or enode URLs for peer blacklist (will not connect to them)",
|
Usage: "Comma separated NodeID or enode URLs for peer denylist (will not connect to them)",
|
||||||
Value: "",
|
Value: "",
|
||||||
Category: flags.NetworkingCategory,
|
Category: flags.NetworkingCategory,
|
||||||
}
|
}
|
||||||
|
|
@ -918,66 +918,66 @@ func setNodeUserIdent(ctx *cli.Context, cfg *node.Config) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func setWhiteBlackListPeers(ctx *cli.Context, cfg *p2p.Config) {
|
func setAllowlistAndDenylistForPeers(ctx *cli.Context, cfg *p2p.Config) {
|
||||||
flags.CheckExclusive(ctx, PeersWhitelistFlag, PeersBlacklistFlag)
|
flags.CheckExclusive(ctx, PeersAllowlistFlag, PeersDenylistFlag)
|
||||||
|
|
||||||
// setup whitelist for peers
|
// setup allowlist for peers
|
||||||
if ctx.IsSet(PeersWhitelistFlag.Name) {
|
if ctx.IsSet(PeersAllowlistFlag.Name) {
|
||||||
urls := SplitAndTrim(ctx.String(PeersWhitelistFlag.Name))
|
urls := SplitAndTrim(ctx.String(PeersAllowlistFlag.Name))
|
||||||
cfg.WhitePeers = make(map[discover.NodeID]struct{}, len(urls))
|
cfg.AllowPeers = make(map[discover.NodeID]struct{}, len(urls))
|
||||||
for _, url := range urls {
|
for _, url := range urls {
|
||||||
if url != "" {
|
if url != "" {
|
||||||
node1, err1 := discover.HexID(url)
|
node1, err1 := discover.HexID(url)
|
||||||
if err1 == nil {
|
if err1 == nil {
|
||||||
cfg.WhitePeers[node1] = struct{}{}
|
cfg.AllowPeers[node1] = struct{}{}
|
||||||
log.Info("Add peer to whitelist", "id", node1)
|
log.Info("Add peer to allowlist", "id", node1)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
node2, err2 := discover.ParseNode(url)
|
node2, err2 := discover.ParseNode(url)
|
||||||
if err2 == nil {
|
if err2 == nil {
|
||||||
cfg.WhitePeers[node2.ID] = struct{}{}
|
cfg.AllowPeers[node2.ID] = struct{}{}
|
||||||
log.Info("Add peer to whitelist", "enode", url, "id", node2.ID)
|
log.Info("Add peer to allowlist", "enode", url, "id", node2.ID)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
log.Crit("Invalid peer id for whitelist", "url", url, "err1", err1, "err2", err2)
|
log.Crit("Invalid peer id for allowlist", "url", url, "err1", err1, "err2", err2)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// setup blacklist for peers
|
// setup denylist for peers
|
||||||
if ctx.IsSet(PeersBlacklistFlag.Name) {
|
if ctx.IsSet(PeersDenylistFlag.Name) {
|
||||||
urls := SplitAndTrim(ctx.String(PeersBlacklistFlag.Name))
|
urls := SplitAndTrim(ctx.String(PeersDenylistFlag.Name))
|
||||||
cfg.BlackPeers = make(map[discover.NodeID]struct{}, len(urls))
|
cfg.DenyPeers = make(map[discover.NodeID]struct{}, len(urls))
|
||||||
for _, url := range urls {
|
for _, url := range urls {
|
||||||
if url != "" {
|
if url != "" {
|
||||||
node1, err1 := discover.HexID(url)
|
node1, err1 := discover.HexID(url)
|
||||||
if err1 == nil {
|
if err1 == nil {
|
||||||
cfg.BlackPeers[node1] = struct{}{}
|
cfg.DenyPeers[node1] = struct{}{}
|
||||||
log.Info("Add peer to blacklist", "id", node1)
|
log.Info("Add peer to denylist", "id", node1)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
node2, err2 := discover.ParseNode(url)
|
node2, err2 := discover.ParseNode(url)
|
||||||
if err2 == nil {
|
if err2 == nil {
|
||||||
cfg.BlackPeers[node2.ID] = struct{}{}
|
cfg.DenyPeers[node2.ID] = struct{}{}
|
||||||
log.Info("Add peer to blacklist", "enode", url, "id", node2.ID)
|
log.Info("Add peer to denylist", "enode", url, "id", node2.ID)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
log.Crit("Invalid peer id for blacklist", "url", url, "err1", err1, "err2", err2)
|
log.Crit("Invalid peer id for denylist", "url", url, "err1", err1, "err2", err2)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// removeBlackPeers removes bootstrap nodes which is in peers blacklist
|
// removeDenylistedPeers removes bootstrap nodes which is in peers denylist
|
||||||
func removeBlackPeers(cfg *p2p.Config) {
|
func removeDenylistedPeers(cfg *p2p.Config) {
|
||||||
if len(cfg.BlackPeers) == 0 {
|
if len(cfg.DenyPeers) == 0 {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
filteredNodes := make([]*discover.Node, 0, len(cfg.BootstrapNodes))
|
filteredNodes := make([]*discover.Node, 0, len(cfg.BootstrapNodes))
|
||||||
for _, node := range cfg.BootstrapNodes {
|
for _, node := range cfg.BootstrapNodes {
|
||||||
if _, ok := cfg.BlackPeers[node.ID]; ok {
|
if _, ok := cfg.DenyPeers[node.ID]; ok {
|
||||||
log.Info("Remove black peer", "enode", node, "id", node.ID)
|
log.Info("Remove denylisted peer", "enode", node, "id", node.ID)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
filteredNodes = append(filteredNodes, node)
|
filteredNodes = append(filteredNodes, node)
|
||||||
|
|
@ -1280,8 +1280,8 @@ func SetP2PConfig(ctx *cli.Context, cfg *p2p.Config) {
|
||||||
setNAT(ctx, cfg)
|
setNAT(ctx, cfg)
|
||||||
setListenAddress(ctx, cfg)
|
setListenAddress(ctx, cfg)
|
||||||
setBootstrapNodes(ctx, cfg)
|
setBootstrapNodes(ctx, cfg)
|
||||||
setWhiteBlackListPeers(ctx, cfg)
|
setAllowlistAndDenylistForPeers(ctx, cfg)
|
||||||
removeBlackPeers(cfg)
|
removeDenylistedPeers(cfg)
|
||||||
// setBootstrapNodesV5(ctx, cfg)
|
// setBootstrapNodesV5(ctx, cfg)
|
||||||
|
|
||||||
if ctx.IsSet(MaxPeersFlag.Name) {
|
if ctx.IsSet(MaxPeersFlag.Name) {
|
||||||
|
|
|
||||||
|
|
@ -38,9 +38,9 @@ var (
|
||||||
)
|
)
|
||||||
|
|
||||||
type constant struct {
|
type constant struct {
|
||||||
chainID uint64
|
chainID uint64
|
||||||
blackListHFNumber uint64
|
denylistHFNumber uint64
|
||||||
maxMasternodesV2 int // Last v1 masternodes
|
maxMasternodesV2 int // Last v1 masternodes
|
||||||
|
|
||||||
tip2019Block *big.Int
|
tip2019Block *big.Int
|
||||||
tipSigning *big.Int
|
tipSigning *big.Int
|
||||||
|
|
@ -75,13 +75,13 @@ type constant struct {
|
||||||
|
|
||||||
ignoreSignerCheckBlockArray map[uint64]struct{}
|
ignoreSignerCheckBlockArray map[uint64]struct{}
|
||||||
|
|
||||||
blacklist map[Address]struct{}
|
denylist map[Address]struct{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// variables for specific networks, copy values from mainnet constant to pass tests
|
// variables for specific networks, copy values from mainnet constant to pass tests
|
||||||
var (
|
var (
|
||||||
BlackListHFNumber = MainnetConstant.blackListHFNumber
|
DenylistHFNumber = MainnetConstant.denylistHFNumber
|
||||||
MaxMasternodesV2 = MainnetConstant.maxMasternodesV2 // Last v1 masternodes
|
MaxMasternodesV2 = MainnetConstant.maxMasternodesV2 // Last v1 masternodes
|
||||||
|
|
||||||
TIP2019Block = MainnetConstant.tip2019Block
|
TIP2019Block = MainnetConstant.tip2019Block
|
||||||
TIPSigning = MainnetConstant.tipSigning
|
TIPSigning = MainnetConstant.tipSigning
|
||||||
|
|
@ -114,7 +114,7 @@ var (
|
||||||
LendingRegistrationSMC = MainnetConstant.lendingRegistrationSMC
|
LendingRegistrationSMC = MainnetConstant.lendingRegistrationSMC
|
||||||
|
|
||||||
ignoreSignerCheckBlockArray = MainnetConstant.ignoreSignerCheckBlockArray
|
ignoreSignerCheckBlockArray = MainnetConstant.ignoreSignerCheckBlockArray
|
||||||
blacklist = MainnetConstant.blacklist
|
denylist = MainnetConstant.denylist
|
||||||
)
|
)
|
||||||
|
|
||||||
func IsIgnoreSignerCheckBlock(blockNumber uint64) bool {
|
func IsIgnoreSignerCheckBlock(blockNumber uint64) bool {
|
||||||
|
|
@ -122,11 +122,11 @@ func IsIgnoreSignerCheckBlock(blockNumber uint64) bool {
|
||||||
return ok
|
return ok
|
||||||
}
|
}
|
||||||
|
|
||||||
func IsInBlacklist(address *Address) bool {
|
func IsInDenylist(address *Address) bool {
|
||||||
if address == nil {
|
if address == nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
_, ok := blacklist[*address]
|
_, ok := denylist[*address]
|
||||||
return ok
|
return ok
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -147,7 +147,7 @@ func CopyConstants(chainID uint64) {
|
||||||
}
|
}
|
||||||
|
|
||||||
MaxMasternodesV2 = c.maxMasternodesV2
|
MaxMasternodesV2 = c.maxMasternodesV2
|
||||||
BlackListHFNumber = c.blackListHFNumber
|
DenylistHFNumber = c.denylistHFNumber
|
||||||
TIP2019Block = c.tip2019Block
|
TIP2019Block = c.tip2019Block
|
||||||
TIPSigning = c.tipSigning
|
TIPSigning = c.tipSigning
|
||||||
TIPRandomize = c.tipRandomize
|
TIPRandomize = c.tipRandomize
|
||||||
|
|
@ -181,6 +181,6 @@ func CopyConstants(chainID uint64) {
|
||||||
clear(ignoreSignerCheckBlockArray)
|
clear(ignoreSignerCheckBlockArray)
|
||||||
maps.Copy(ignoreSignerCheckBlockArray, c.ignoreSignerCheckBlockArray)
|
maps.Copy(ignoreSignerCheckBlockArray, c.ignoreSignerCheckBlockArray)
|
||||||
|
|
||||||
clear(blacklist)
|
clear(denylist)
|
||||||
maps.Copy(blacklist, c.blacklist)
|
maps.Copy(denylist, c.denylist)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,9 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
var DevnetConstant = constant{
|
var DevnetConstant = constant{
|
||||||
chainID: 551,
|
chainID: 551,
|
||||||
blackListHFNumber: 0,
|
denylistHFNumber: 0,
|
||||||
maxMasternodesV2: 108,
|
maxMasternodesV2: 108,
|
||||||
|
|
||||||
tip2019Block: big.NewInt(0),
|
tip2019Block: big.NewInt(0),
|
||||||
tipSigning: big.NewInt(0),
|
tipSigning: big.NewInt(0),
|
||||||
|
|
@ -48,7 +48,7 @@ var DevnetConstant = constant{
|
||||||
28270800: {},
|
28270800: {},
|
||||||
},
|
},
|
||||||
|
|
||||||
blacklist: map[Address]struct{}{
|
denylist: map[Address]struct{}{
|
||||||
HexToAddress("0x5248bfb72fd4f234e062d3e9bb76f08643004fcd"): {},
|
HexToAddress("0x5248bfb72fd4f234e062d3e9bb76f08643004fcd"): {},
|
||||||
HexToAddress("0x5ac26105b35ea8935be382863a70281ec7a985e9"): {},
|
HexToAddress("0x5ac26105b35ea8935be382863a70281ec7a985e9"): {},
|
||||||
HexToAddress("0x09c4f991a41e7ca0645d7dfbfee160b55e562ea4"): {},
|
HexToAddress("0x09c4f991a41e7ca0645d7dfbfee160b55e562ea4"): {},
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,9 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
var localConstant = constant{
|
var localConstant = constant{
|
||||||
chainID: 5151,
|
chainID: 5151,
|
||||||
maxMasternodesV2: 108,
|
maxMasternodesV2: 108,
|
||||||
blackListHFNumber: 0,
|
denylistHFNumber: 0,
|
||||||
|
|
||||||
tip2019Block: big.NewInt(0),
|
tip2019Block: big.NewInt(0),
|
||||||
tipSigning: big.NewInt(0),
|
tipSigning: big.NewInt(0),
|
||||||
|
|
@ -43,5 +43,5 @@ var localConstant = constant{
|
||||||
|
|
||||||
ignoreSignerCheckBlockArray: map[uint64]struct{}{},
|
ignoreSignerCheckBlockArray: map[uint64]struct{}{},
|
||||||
|
|
||||||
blacklist: map[Address]struct{}{},
|
denylist: map[Address]struct{}{},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,9 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
var MainnetConstant = constant{
|
var MainnetConstant = constant{
|
||||||
chainID: 50,
|
chainID: 50,
|
||||||
blackListHFNumber: 38383838,
|
denylistHFNumber: 38383838,
|
||||||
maxMasternodesV2: 108,
|
maxMasternodesV2: 108,
|
||||||
|
|
||||||
tip2019Block: big.NewInt(1),
|
tip2019Block: big.NewInt(1),
|
||||||
tipSigning: big.NewInt(3000000),
|
tipSigning: big.NewInt(3000000),
|
||||||
|
|
@ -48,7 +48,7 @@ var MainnetConstant = constant{
|
||||||
28270800: {},
|
28270800: {},
|
||||||
},
|
},
|
||||||
|
|
||||||
blacklist: map[Address]struct{}{
|
denylist: map[Address]struct{}{
|
||||||
HexToAddress("0x5248bfb72fd4f234e062d3e9bb76f08643004fcd"): {},
|
HexToAddress("0x5248bfb72fd4f234e062d3e9bb76f08643004fcd"): {},
|
||||||
HexToAddress("0x5ac26105b35ea8935be382863a70281ec7a985e9"): {},
|
HexToAddress("0x5ac26105b35ea8935be382863a70281ec7a985e9"): {},
|
||||||
HexToAddress("0x09c4f991a41e7ca0645d7dfbfee160b55e562ea4"): {},
|
HexToAddress("0x09c4f991a41e7ca0645d7dfbfee160b55e562ea4"): {},
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,9 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
var TestnetConstant = constant{
|
var TestnetConstant = constant{
|
||||||
chainID: 51,
|
chainID: 51,
|
||||||
blackListHFNumber: 23779191,
|
denylistHFNumber: 23779191,
|
||||||
maxMasternodesV2: 15,
|
maxMasternodesV2: 15,
|
||||||
|
|
||||||
tip2019Block: big.NewInt(1),
|
tip2019Block: big.NewInt(1),
|
||||||
tipSigning: big.NewInt(3000000),
|
tipSigning: big.NewInt(3000000),
|
||||||
|
|
@ -48,7 +48,7 @@ var TestnetConstant = constant{
|
||||||
28270800: {},
|
28270800: {},
|
||||||
},
|
},
|
||||||
|
|
||||||
blacklist: map[Address]struct{}{
|
denylist: map[Address]struct{}{
|
||||||
HexToAddress("0x5248bfb72fd4f234e062d3e9bb76f08643004fcd"): {},
|
HexToAddress("0x5248bfb72fd4f234e062d3e9bb76f08643004fcd"): {},
|
||||||
HexToAddress("0x5ac26105b35ea8935be382863a70281ec7a985e9"): {},
|
HexToAddress("0x5ac26105b35ea8935be382863a70281ec7a985e9"): {},
|
||||||
HexToAddress("0x09c4f991a41e7ca0645d7dfbfee160b55e562ea4"): {},
|
HexToAddress("0x09c4f991a41e7ca0645d7dfbfee160b55e562ea4"): {},
|
||||||
|
|
|
||||||
|
|
@ -1581,8 +1581,8 @@ func (bc *BlockChain) insertChain(chain types.Blocks, verifySeals bool) (int, []
|
||||||
}
|
}
|
||||||
// If the header is a banned one, straight out abort
|
// If the header is a banned one, straight out abort
|
||||||
if BadHashes[block.Hash()] {
|
if BadHashes[block.Hash()] {
|
||||||
bc.reportBlock(block, nil, ErrBlacklistedHash)
|
bc.reportBlock(block, nil, ErrDenylistedHash)
|
||||||
return it.index, events, coalescedLogs, ErrBlacklistedHash
|
return it.index, events, coalescedLogs, ErrDenylistedHash
|
||||||
}
|
}
|
||||||
// Retrieve the parent block and it's state to execute on top
|
// Retrieve the parent block and it's state to execute on top
|
||||||
start := time.Now()
|
start := time.Now()
|
||||||
|
|
@ -1942,12 +1942,12 @@ func (bc *BlockChain) getResultBlock(block *types.Block, verifiedM2 bool) (*Resu
|
||||||
// If the chain is terminating, stop processing blocks
|
// If the chain is terminating, stop processing blocks
|
||||||
if bc.insertStopped() {
|
if bc.insertStopped() {
|
||||||
log.Debug("Premature abort during blocks processing")
|
log.Debug("Premature abort during blocks processing")
|
||||||
return nil, ErrBlacklistedHash
|
return nil, errInsertionInterrupted
|
||||||
}
|
}
|
||||||
// If the header is a banned one, straight out abort
|
// If the header is a banned one, straight out abort
|
||||||
if BadHashes[block.Hash()] {
|
if BadHashes[block.Hash()] {
|
||||||
bc.reportBlock(block, nil, ErrBlacklistedHash)
|
bc.reportBlock(block, nil, ErrDenylistedHash)
|
||||||
return nil, ErrBlacklistedHash
|
return nil, ErrDenylistedHash
|
||||||
}
|
}
|
||||||
// Wait for the block's verification to complete
|
// Wait for the block's verification to complete
|
||||||
bstart := time.Now()
|
bstart := time.Now()
|
||||||
|
|
|
||||||
|
|
@ -475,8 +475,8 @@ func testBadHashes(t *testing.T, full bool) {
|
||||||
|
|
||||||
_, err = blockchain.InsertHeaderChain(headers, 1)
|
_, err = blockchain.InsertHeaderChain(headers, 1)
|
||||||
}
|
}
|
||||||
if !errors.Is(err, ErrBlacklistedHash) {
|
if !errors.Is(err, ErrDenylistedHash) {
|
||||||
t.Errorf("error mismatch: have: %v, want: %v", err, ErrBlacklistedHash)
|
t.Errorf("error mismatch: have: %v, want: %v", err, ErrDenylistedHash)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -26,8 +26,8 @@ var (
|
||||||
// ErrKnownBlock is returned when a block to import is already known locally.
|
// ErrKnownBlock is returned when a block to import is already known locally.
|
||||||
ErrKnownBlock = errors.New("block already known")
|
ErrKnownBlock = errors.New("block already known")
|
||||||
|
|
||||||
// ErrBlacklistedHash is returned if a block to import is on the blacklist.
|
// ErrDenylistedHash is returned if a block to import is on the denylist.
|
||||||
ErrBlacklistedHash = errors.New("blacklisted hash")
|
ErrDenylistedHash = errors.New("denylisted hash")
|
||||||
|
|
||||||
// ErrNoGenesis is returned when there is no Genesis Block.
|
// ErrNoGenesis is returned when there is no Genesis Block.
|
||||||
ErrNoGenesis = errors.New("genesis not found in chain")
|
ErrNoGenesis = errors.New("genesis not found in chain")
|
||||||
|
|
@ -38,7 +38,7 @@ var (
|
||||||
// error should be returned which is defined here.
|
// error should be returned which is defined here.
|
||||||
//
|
//
|
||||||
// - If the pre-checking happens in the miner, then the transaction won't be packed.
|
// - If the pre-checking happens in the miner, then the transaction won't be packed.
|
||||||
// - If the pre-checking happens in the block processing procedure, then a "BAD BLOCk"
|
// - If the pre-checking happens in the block processing procedure, then a "BAD BLOCK"
|
||||||
// error should be emitted.
|
// error should be emitted.
|
||||||
var (
|
var (
|
||||||
// ErrNonceTooLow is returned if the nonce of a transaction is lower than the
|
// ErrNonceTooLow is returned if the nonce of a transaction is lower than the
|
||||||
|
|
|
||||||
|
|
@ -258,7 +258,7 @@ func (hc *HeaderChain) ValidateHeaderChain(chain []*types.Header, checkFreq int)
|
||||||
}
|
}
|
||||||
// If the header is a banned one, straight out abort
|
// If the header is a banned one, straight out abort
|
||||||
if BadHashes[header.Hash()] {
|
if BadHashes[header.Hash()] {
|
||||||
return i, ErrBlacklistedHash
|
return i, ErrDenylistedHash
|
||||||
}
|
}
|
||||||
// Otherwise wait for headers checks and ensure they pass
|
// Otherwise wait for headers checks and ensure they pass
|
||||||
if err := <-results; err != nil {
|
if err := <-results; err != nil {
|
||||||
|
|
|
||||||
|
|
@ -102,15 +102,15 @@ func (p *StateProcessor) Process(block *types.Block, statedb *state.StateDB, tra
|
||||||
|
|
||||||
// Iterate over and process the individual transactions
|
// Iterate over and process the individual transactions
|
||||||
for i, tx := range block.Transactions() {
|
for i, tx := range block.Transactions() {
|
||||||
// check black-list txs after hf
|
// check denylist txs after hf
|
||||||
if block.Number().Uint64() >= common.BlackListHFNumber {
|
if block.Number().Uint64() >= common.DenylistHFNumber {
|
||||||
// check if sender is in black list
|
// check if sender is in denylist
|
||||||
if common.IsInBlacklist(tx.From()) {
|
if common.IsInDenylist(tx.From()) {
|
||||||
return nil, nil, 0, fmt.Errorf("block contains transaction with sender in black-list: %v", tx.From().Hex())
|
return nil, nil, 0, fmt.Errorf("block contains transaction with sender in denylist: %v", tx.From().Hex())
|
||||||
}
|
}
|
||||||
// check if receiver is in black list
|
// check if receiver is in denylist
|
||||||
if common.IsInBlacklist(tx.To()) {
|
if common.IsInDenylist(tx.To()) {
|
||||||
return nil, nil, 0, fmt.Errorf("block contains transaction with receiver in black-list: %v", tx.To().Hex())
|
return nil, nil, 0, fmt.Errorf("block contains transaction with receiver in denylist: %v", tx.To().Hex())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// validate minFee slot for XDCZ
|
// validate minFee slot for XDCZ
|
||||||
|
|
@ -206,15 +206,15 @@ func (p *StateProcessor) ProcessBlockNoValidator(cBlock *CalculatedBlock, stated
|
||||||
// Iterate over and process the individual transactions
|
// Iterate over and process the individual transactions
|
||||||
receipts = make([]*types.Receipt, block.Transactions().Len())
|
receipts = make([]*types.Receipt, block.Transactions().Len())
|
||||||
for i, tx := range block.Transactions() {
|
for i, tx := range block.Transactions() {
|
||||||
// check black-list txs after hf
|
// check denylist txs after hf
|
||||||
if block.Number().Uint64() >= common.BlackListHFNumber {
|
if block.Number().Uint64() >= common.DenylistHFNumber {
|
||||||
// check if sender is in black list
|
// check if sender is in denylist
|
||||||
if common.IsInBlacklist(tx.From()) {
|
if common.IsInDenylist(tx.From()) {
|
||||||
return nil, nil, 0, fmt.Errorf("block contains transaction with sender in black-list: %v", tx.From().Hex())
|
return nil, nil, 0, fmt.Errorf("block contains transaction with sender in denylist: %v", tx.From().Hex())
|
||||||
}
|
}
|
||||||
// check if receiver is in black list
|
// check if receiver is in denylist
|
||||||
if common.IsInBlacklist(tx.To()) {
|
if common.IsInDenylist(tx.To()) {
|
||||||
return nil, nil, 0, fmt.Errorf("block contains transaction with receiver in black-list: %v", tx.To().Hex())
|
return nil, nil, 0, fmt.Errorf("block contains transaction with receiver in denylist: %v", tx.To().Hex())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// validate minFee slot for XDCZ
|
// validate minFee slot for XDCZ
|
||||||
|
|
@ -306,7 +306,7 @@ func ApplyTransactionWithEVM(msg *Message, config *params.ChainConfig, gp *GasPo
|
||||||
txContext := NewEVMTxContext(msg)
|
txContext := NewEVMTxContext(msg)
|
||||||
evm.Reset(txContext, tracingStateDB)
|
evm.Reset(txContext, tracingStateDB)
|
||||||
|
|
||||||
// Bypass blacklist address
|
// Bypass denylist address
|
||||||
maxBlockNumber := new(big.Int).SetInt64(9147459)
|
maxBlockNumber := new(big.Int).SetInt64(9147459)
|
||||||
if blockNumber.Cmp(maxBlockNumber) <= 0 {
|
if blockNumber.Cmp(maxBlockNumber) <= 0 {
|
||||||
addrMap := make(map[string]string)
|
addrMap := make(map[string]string)
|
||||||
|
|
@ -448,7 +448,7 @@ func ApplyTransactionWithEVM(msg *Message, config *params.ChainConfig, gp *GasPo
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// End Bypass blacklist address
|
// End Bypass denylist address
|
||||||
|
|
||||||
// Apply the transaction to the current state (included in the env)
|
// Apply the transaction to the current state (included in the env)
|
||||||
result, err := ApplyMessage(evm, msg, gp, coinbaseOwner)
|
result, err := ApplyMessage(evm, msg, gp, coinbaseOwner)
|
||||||
|
|
|
||||||
|
|
@ -622,9 +622,9 @@ func (pool *LendingPool) validateLending(tx *types.LendingTransaction) error {
|
||||||
// validateTx checks whether a transaction is valid according to the consensus
|
// validateTx checks whether a transaction is valid according to the consensus
|
||||||
// rules and adheres to some heuristic limits of the local node (price and size).
|
// rules and adheres to some heuristic limits of the local node (price and size).
|
||||||
func (pool *LendingPool) validateTx(tx *types.LendingTransaction, local bool) error {
|
func (pool *LendingPool) validateTx(tx *types.LendingTransaction, local bool) error {
|
||||||
// check if sender is in black list
|
// check if sender is in denylist
|
||||||
if common.IsInBlacklist(tx.From()) {
|
if common.IsInDenylist(tx.From()) {
|
||||||
return fmt.Errorf("reject transaction with sender in black-list: %v", tx.From().Hex())
|
return fmt.Errorf("reject transaction with sender in denylist: %v", tx.From().Hex())
|
||||||
}
|
}
|
||||||
// Heuristic limit, reject transactions over 32KB to prevent DOS attacks
|
// Heuristic limit, reject transactions over 32KB to prevent DOS attacks
|
||||||
if tx.Size() > 32*1024 {
|
if tx.Size() > 32*1024 {
|
||||||
|
|
@ -657,7 +657,7 @@ func (pool *LendingPool) validateTx(tx *types.LendingTransaction, local bool) er
|
||||||
// so outer code doesn't uselessly call promote.
|
// so outer code doesn't uselessly call promote.
|
||||||
//
|
//
|
||||||
// If a newly added transaction is marked as local, its sending account will be
|
// If a newly added transaction is marked as local, its sending account will be
|
||||||
// whitelisted, preventing any associated transaction from being dropped out of
|
// allowlisted, preventing any associated transaction from being dropped out of
|
||||||
// the pool due to pricing constraints.
|
// the pool due to pricing constraints.
|
||||||
func (pool *LendingPool) add(tx *types.LendingTransaction, local bool) (bool, error) {
|
func (pool *LendingPool) add(tx *types.LendingTransaction, local bool) (bool, error) {
|
||||||
// If the transaction is already known, discard it
|
// If the transaction is already known, discard it
|
||||||
|
|
|
||||||
|
|
@ -524,9 +524,9 @@ func (pool *OrderPool) validateOrder(tx *types.OrderTransaction) error {
|
||||||
// validateTx checks whether a transaction is valid according to the consensus
|
// validateTx checks whether a transaction is valid according to the consensus
|
||||||
// rules and adheres to some heuristic limits of the local node (price and size).
|
// rules and adheres to some heuristic limits of the local node (price and size).
|
||||||
func (pool *OrderPool) validateTx(tx *types.OrderTransaction, local bool) error {
|
func (pool *OrderPool) validateTx(tx *types.OrderTransaction, local bool) error {
|
||||||
// check if sender is in black list
|
// check if sender is in denylist
|
||||||
if common.IsInBlacklist(tx.From()) {
|
if common.IsInDenylist(tx.From()) {
|
||||||
return fmt.Errorf("reject transaction with sender in black-list: %v", tx.From().Hex())
|
return fmt.Errorf("reject transaction with sender in denylist: %v", tx.From().Hex())
|
||||||
}
|
}
|
||||||
// Heuristic limit, reject transactions over 32KB to prevent DOS attacks
|
// Heuristic limit, reject transactions over 32KB to prevent DOS attacks
|
||||||
if tx.Size() > 32*1024 {
|
if tx.Size() > 32*1024 {
|
||||||
|
|
@ -559,7 +559,7 @@ func (pool *OrderPool) validateTx(tx *types.OrderTransaction, local bool) error
|
||||||
// so outer code doesn't uselessly call promote.
|
// so outer code doesn't uselessly call promote.
|
||||||
//
|
//
|
||||||
// If a newly added transaction is marked as local, its sending account will be
|
// If a newly added transaction is marked as local, its sending account will be
|
||||||
// whitelisted, preventing any associated transaction from being dropped out of
|
// allowlisted, preventing any associated transaction from being dropped out of
|
||||||
// the pool due to pricing constraints.
|
// the pool due to pricing constraints.
|
||||||
func (pool *OrderPool) add(tx *types.OrderTransaction, local bool) (bool, error) {
|
func (pool *OrderPool) add(tx *types.OrderTransaction, local bool) (bool, error) {
|
||||||
// If the transaction is already known, discard it
|
// If the transaction is already known, discard it
|
||||||
|
|
|
||||||
|
|
@ -243,15 +243,15 @@ func ValidateTransactionWithState(tx *types.Transaction, signer types.Signer, op
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ensure sender and receiver are not in black list
|
// Ensure sender and receiver are not in denylist
|
||||||
if number == nil || number.Cmp(new(big.Int).SetUint64(common.BlackListHFNumber)) >= 0 {
|
if number == nil || number.Cmp(new(big.Int).SetUint64(common.DenylistHFNumber)) >= 0 {
|
||||||
// check if sender is in black list
|
// check if sender is in denylist
|
||||||
if common.IsInBlacklist(tx.From()) {
|
if common.IsInDenylist(tx.From()) {
|
||||||
return fmt.Errorf("reject transaction with sender in black-list: %v", tx.From().Hex())
|
return fmt.Errorf("reject transaction with sender in denylist: %v", tx.From().Hex())
|
||||||
}
|
}
|
||||||
// check if receiver is in black list
|
// check if receiver is in denylist
|
||||||
if common.IsInBlacklist(to) {
|
if common.IsInDenylist(to) {
|
||||||
return fmt.Errorf("reject transaction with receiver in black-list: %v", to.Hex())
|
return fmt.Errorf("reject transaction with receiver in denylist: %v", to.Hex())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -978,16 +978,16 @@ func (w *Work) commitTransactions(mux *event.TypeMux, balanceFee map[common.Addr
|
||||||
// first priority for special Txs
|
// first priority for special Txs
|
||||||
for _, tx := range specialTxs {
|
for _, tx := range specialTxs {
|
||||||
to := tx.To()
|
to := tx.To()
|
||||||
if w.header.Number.Uint64() >= common.BlackListHFNumber {
|
if w.header.Number.Uint64() >= common.DenylistHFNumber {
|
||||||
from := tx.From()
|
from := tx.From()
|
||||||
// check if sender is in black list
|
// check if sender is in denylist
|
||||||
if common.IsInBlacklist(from) {
|
if common.IsInDenylist(from) {
|
||||||
log.Debug("Skipping transaction with sender in black-list", "sender", from.Hex())
|
log.Debug("Skipping transaction with sender in denylist", "sender", from.Hex())
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
// check if receiver is in black list
|
// check if receiver is in denylist
|
||||||
if common.IsInBlacklist(to) {
|
if common.IsInDenylist(to) {
|
||||||
log.Debug("Skipping transaction with receiver in black-list", "receiver", to.Hex())
|
log.Debug("Skipping transaction with receiver in denylist", "receiver", to.Hex())
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1091,17 +1091,17 @@ func (w *Work) commitTransactions(mux *event.TypeMux, balanceFee map[common.Addr
|
||||||
}
|
}
|
||||||
tx := warped.Tx
|
tx := warped.Tx
|
||||||
to := tx.To()
|
to := tx.To()
|
||||||
if w.header.Number.Uint64() >= common.BlackListHFNumber {
|
if w.header.Number.Uint64() >= common.DenylistHFNumber {
|
||||||
from := tx.From()
|
from := tx.From()
|
||||||
// check if sender is in black list
|
// check if sender is in denylist
|
||||||
if common.IsInBlacklist(from) {
|
if common.IsInDenylist(from) {
|
||||||
log.Debug("Skipping transaction with sender in black-list", "sender", from.Hex())
|
log.Debug("Skipping transaction with sender in denylist", "sender", from.Hex())
|
||||||
txs.Pop()
|
txs.Pop()
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
// check if receiver is in black list
|
// check if receiver is in denylist
|
||||||
if common.IsInBlacklist(to) {
|
if common.IsInDenylist(to) {
|
||||||
log.Debug("Skipping transaction with receiver in black-list", "receiver", to.Hex())
|
log.Debug("Skipping transaction with receiver in denylist", "receiver", to.Hex())
|
||||||
txs.Shift()
|
txs.Shift()
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
|
||||||
20
node/api.go
20
node/api.go
|
|
@ -65,14 +65,14 @@ func (api *adminAPI) AddPeer(url string) (bool, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, fmt.Errorf("invalid enode: %v", err)
|
return false, fmt.Errorf("invalid enode: %v", err)
|
||||||
}
|
}
|
||||||
// only accept the node which is in peer whitelist if the list is not empty
|
// only accept the node which is in peer allowlist if the list is not empty
|
||||||
if len(server.WhitePeers) > 0 {
|
if len(server.AllowPeers) > 0 {
|
||||||
if _, ok := server.WhitePeers[node.ID]; !ok {
|
if _, ok := server.AllowPeers[node.ID]; !ok {
|
||||||
return false, fmt.Errorf("peer is not in whitelist: %v, ID: %s", url, node.ID)
|
return false, fmt.Errorf("peer is not in allowlist: %v, ID: %s", url, node.ID)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// reject the node which is in peer blacklist
|
// reject the node which is in peer blacklist
|
||||||
if _, ok := server.BlackPeers[node.ID]; ok {
|
if _, ok := server.DenyPeers[node.ID]; ok {
|
||||||
return false, fmt.Errorf("peer is in blacklist: %v, ID: %s", url, node.ID)
|
return false, fmt.Errorf("peer is in blacklist: %v, ID: %s", url, node.ID)
|
||||||
}
|
}
|
||||||
server.AddPeer(node)
|
server.AddPeer(node)
|
||||||
|
|
@ -106,14 +106,14 @@ func (api *adminAPI) AddTrustedPeer(url string) (bool, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, fmt.Errorf("invalid enode: %v", err)
|
return false, fmt.Errorf("invalid enode: %v", err)
|
||||||
}
|
}
|
||||||
// only accept the node which is in peer whitelist if the list is not empty
|
// only accept the node which is in peer allowlist if the list is not empty
|
||||||
if len(server.WhitePeers) > 0 {
|
if len(server.AllowPeers) > 0 {
|
||||||
if _, ok := server.WhitePeers[node.ID]; !ok {
|
if _, ok := server.AllowPeers[node.ID]; !ok {
|
||||||
return false, fmt.Errorf("trusted peer is not in whitelist: %v, ID: %s", url, node.ID)
|
return false, fmt.Errorf("trusted peer is not in allowlist: %v, ID: %s", url, node.ID)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// reject the node which is in peer blacklist
|
// reject the node which is in peer blacklist
|
||||||
if _, ok := server.BlackPeers[node.ID]; ok {
|
if _, ok := server.DenyPeers[node.ID]; ok {
|
||||||
return false, fmt.Errorf("trusted peer is in blacklist: %v, ID: %s", url, node.ID)
|
return false, fmt.Errorf("trusted peer is in blacklist: %v, ID: %s", url, node.ID)
|
||||||
}
|
}
|
||||||
server.AddTrustedPeer(node)
|
server.AddTrustedPeer(node)
|
||||||
|
|
|
||||||
|
|
@ -307,7 +307,7 @@ func (h *httpServer) enableRPC(apis []rpc.API, config httpConfig) error {
|
||||||
if config.httpBodyLimit > 0 {
|
if config.httpBodyLimit > 0 {
|
||||||
srv.SetHTTPBodyLimit(config.httpBodyLimit)
|
srv.SetHTTPBodyLimit(config.httpBodyLimit)
|
||||||
}
|
}
|
||||||
if err := RegisterApisFromWhitelist(apis, config.Modules, srv); err != nil {
|
if err := RegisterApis(apis, config.Modules, srv); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
h.httpConfig = config
|
h.httpConfig = config
|
||||||
|
|
@ -344,7 +344,7 @@ func (h *httpServer) enableWS(apis []rpc.API, config wsConfig) error {
|
||||||
if config.httpBodyLimit > 0 {
|
if config.httpBodyLimit > 0 {
|
||||||
srv.SetHTTPBodyLimit(config.httpBodyLimit)
|
srv.SetHTTPBodyLimit(config.httpBodyLimit)
|
||||||
}
|
}
|
||||||
if err := RegisterApisFromWhitelist(apis, config.Modules, srv); err != nil {
|
if err := RegisterApis(apis, config.Modules, srv); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
h.wsConfig = config
|
h.wsConfig = config
|
||||||
|
|
@ -630,20 +630,20 @@ func (is *ipcServer) stop() error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// RegisterApisFromWhitelist checks the given modules' availability, generates a whitelist based on the allowed modules,
|
// RegisterApis checks the given modules' availability, generates an allowlist based on the allowed modules,
|
||||||
// and then registers all of the APIs exposed by the services.
|
// and then registers all of the APIs exposed by the services.
|
||||||
func RegisterApisFromWhitelist(apis []rpc.API, modules []string, srv *rpc.Server) error {
|
func RegisterApis(apis []rpc.API, modules []string, srv *rpc.Server) error {
|
||||||
if bad, available := checkModuleAvailability(modules, apis); len(bad) > 0 {
|
if bad, available := checkModuleAvailability(modules, apis); len(bad) > 0 {
|
||||||
log.Error("Unavailable modules in HTTP API list", "unavailable", bad, "available", available)
|
log.Error("Unavailable modules in HTTP API list", "unavailable", bad, "available", available)
|
||||||
}
|
}
|
||||||
// Generate the whitelist based on the allowed modules
|
// Generate the allowlist based on the allowed modules
|
||||||
whitelist := make(map[string]bool)
|
allowlist := make(map[string]bool)
|
||||||
for _, module := range modules {
|
for _, module := range modules {
|
||||||
whitelist[module] = true
|
allowlist[module] = true
|
||||||
}
|
}
|
||||||
// Register all the APIs exposed by the services
|
// Register all the APIs exposed by the services
|
||||||
for _, api := range apis {
|
for _, api := range apis {
|
||||||
if whitelist[api.Namespace] || len(whitelist) == 0 {
|
if allowlist[api.Namespace] || len(allowlist) == 0 {
|
||||||
if err := srv.RegisterName(api.Namespace, api.Service); err != nil {
|
if err := srv.RegisterName(api.Namespace, api.Service); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -195,7 +195,7 @@ func (s *dialstate) newTasks(nRunning int, peers map[discover.NodeID]*Peer, now
|
||||||
for id, t := range s.static {
|
for id, t := range s.static {
|
||||||
err := s.checkDial(t.dest, peers)
|
err := s.checkDial(t.dest, peers)
|
||||||
switch err {
|
switch err {
|
||||||
case errNotWhitelisted, errSelf:
|
case errNotAllowlisted, errSelf:
|
||||||
log.Warn("Removing static dial candidate", "id", t.dest.ID, "addr", &net.TCPAddr{IP: t.dest.IP, Port: int(t.dest.TCP)}, "err", err)
|
log.Warn("Removing static dial candidate", "id", t.dest.ID, "addr", &net.TCPAddr{IP: t.dest.IP, Port: int(t.dest.TCP)}, "err", err)
|
||||||
delete(s.static, t.dest.ID)
|
delete(s.static, t.dest.ID)
|
||||||
case nil:
|
case nil:
|
||||||
|
|
@ -257,7 +257,7 @@ var (
|
||||||
errAlreadyDialing = errors.New("already dialing")
|
errAlreadyDialing = errors.New("already dialing")
|
||||||
errAlreadyConnected = errors.New("already connected")
|
errAlreadyConnected = errors.New("already connected")
|
||||||
errRecentlyDialed = errors.New("recently dialed")
|
errRecentlyDialed = errors.New("recently dialed")
|
||||||
errNotWhitelisted = errors.New("not contained in netrestrict whitelist")
|
errNotAllowlisted = errors.New("not contained in netrestrict allowlist")
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *dialstate) checkDial(n *discover.Node, peers map[discover.NodeID]*Peer) error {
|
func (s *dialstate) checkDial(n *discover.Node, peers map[discover.NodeID]*Peer) error {
|
||||||
|
|
@ -273,7 +273,7 @@ func (s *dialstate) checkDial(n *discover.Node, peers map[discover.NodeID]*Peer)
|
||||||
case s.ntab != nil && n.ID == s.ntab.Self().ID:
|
case s.ntab != nil && n.ID == s.ntab.Self().ID:
|
||||||
return errSelf
|
return errSelf
|
||||||
case s.netrestrict != nil && !s.netrestrict.Contains(n.IP):
|
case s.netrestrict != nil && !s.netrestrict.Contains(n.IP):
|
||||||
return errNotWhitelisted
|
return errNotAllowlisted
|
||||||
case s.hist.contains(n.ID):
|
case s.hist.contains(n.ID):
|
||||||
return errRecentlyDialed
|
return errRecentlyDialed
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -134,7 +134,7 @@ func (t *udp) nodeFromRPC(sender *net.UDPAddr, rn rpcNode) (*Node, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if t.netrestrict != nil && !t.netrestrict.Contains(rn.IP) {
|
if t.netrestrict != nil && !t.netrestrict.Contains(rn.IP) {
|
||||||
return nil, errors.New("not contained in netrestrict whitelist")
|
return nil, errors.New("not contained in netrestrict allowlist")
|
||||||
}
|
}
|
||||||
n := NewNode(rn.ID, rn.IP, rn.UDP, rn.TCP)
|
n := NewNode(rn.ID, rn.IP, rn.UDP, rn.TCP)
|
||||||
err := n.validateComplete()
|
err := n.validateComplete()
|
||||||
|
|
@ -224,7 +224,7 @@ type Config struct {
|
||||||
// These settings are optional:
|
// These settings are optional:
|
||||||
AnnounceAddr *net.UDPAddr // local address announced in the DHT
|
AnnounceAddr *net.UDPAddr // local address announced in the DHT
|
||||||
NodeDBPath string // if set, the node database is stored at this filesystem location
|
NodeDBPath string // if set, the node database is stored at this filesystem location
|
||||||
NetRestrict *netutil.Netlist // network whitelist
|
NetRestrict *netutil.Netlist // network allowlist
|
||||||
Bootnodes []*Node // list of bootstrap nodes
|
Bootnodes []*Node // list of bootstrap nodes
|
||||||
Unhandled chan<- ReadPacket // unhandled packets are sent on this channel
|
Unhandled chan<- ReadPacket // unhandled packets are sent on this channel
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -734,7 +734,7 @@ func (net *Network) internNodeFromNeighbours(sender *net.UDPAddr, rn rpcNode) (n
|
||||||
// We haven't seen this node before.
|
// We haven't seen this node before.
|
||||||
n, err = nodeFromRPC(sender, rn)
|
n, err = nodeFromRPC(sender, rn)
|
||||||
if net.netrestrict != nil && !net.netrestrict.Contains(n.IP) {
|
if net.netrestrict != nil && !net.netrestrict.Contains(n.IP) {
|
||||||
return n, errors.New("not contained in netrestrict whitelist")
|
return n, errors.New("not contained in netrestrict allowlist")
|
||||||
}
|
}
|
||||||
if err == nil {
|
if err == nil {
|
||||||
n.state = unknown
|
n.state = unknown
|
||||||
|
|
|
||||||
|
|
@ -72,8 +72,8 @@ const (
|
||||||
DiscSelf
|
DiscSelf
|
||||||
DiscReadTimeout
|
DiscReadTimeout
|
||||||
DiscPairPeerStop
|
DiscPairPeerStop
|
||||||
DiscNonWhitelistedPeer
|
DiscNonAllowlistedPeer
|
||||||
DiscBlacklistedPeer
|
DiscDenylistedPeer
|
||||||
DiscSubprotocolError = DiscReason(0x10)
|
DiscSubprotocolError = DiscReason(0x10)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -91,8 +91,8 @@ var discReasonToString = [...]string{
|
||||||
DiscSelf: "connected to self",
|
DiscSelf: "connected to self",
|
||||||
DiscReadTimeout: "read timeout",
|
DiscReadTimeout: "read timeout",
|
||||||
DiscPairPeerStop: "pair peer connection stop",
|
DiscPairPeerStop: "pair peer connection stop",
|
||||||
DiscNonWhitelistedPeer: "disconnect non-whitelisted peer",
|
DiscNonAllowlistedPeer: "disconnect non-allowlisted peer",
|
||||||
DiscBlacklistedPeer: "disconnect blacklisted peer",
|
DiscDenylistedPeer: "disconnect denylisted peer",
|
||||||
DiscSubprotocolError: "subprotocol error",
|
DiscSubprotocolError: "subprotocol error",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -89,10 +89,11 @@ type Config struct {
|
||||||
// Name sets the node name of this server.
|
// Name sets the node name of this server.
|
||||||
Name string `toml:"-"`
|
Name string `toml:"-"`
|
||||||
|
|
||||||
// Whitelist for peers
|
// Allowlist for peers
|
||||||
WhitePeers map[discover.NodeID]struct{}
|
AllowPeers map[discover.NodeID]struct{}
|
||||||
// Blacklist for peers.
|
|
||||||
BlackPeers map[discover.NodeID]struct{}
|
// Denylist for peers.
|
||||||
|
DenyPeers map[discover.NodeID]struct{}
|
||||||
|
|
||||||
// BootstrapNodes are used to establish connectivity
|
// BootstrapNodes are used to establish connectivity
|
||||||
// with the rest of the network.
|
// with the rest of the network.
|
||||||
|
|
@ -323,8 +324,8 @@ func (srv *Server) RemovePeer(node *discover.Node) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddTrustedPeer adds the given node to a reserved whitelist which allows the
|
// AddTrustedPeer adds the given node to a reserved allowlist which allows the
|
||||||
// node to always connect, even if the slot are full.
|
// node to always connect, even if the slots are full.
|
||||||
func (srv *Server) AddTrustedPeer(node *discover.Node) {
|
func (srv *Server) AddTrustedPeer(node *discover.Node) {
|
||||||
select {
|
select {
|
||||||
case srv.addtrusted <- node:
|
case srv.addtrusted <- node:
|
||||||
|
|
@ -847,7 +848,7 @@ func (srv *Server) listenLoop() {
|
||||||
// Reject connections that do not match NetRestrict.
|
// Reject connections that do not match NetRestrict.
|
||||||
if srv.NetRestrict != nil {
|
if srv.NetRestrict != nil {
|
||||||
if tcp, ok := fd.RemoteAddr().(*net.TCPAddr); ok && !srv.NetRestrict.Contains(tcp.IP) {
|
if tcp, ok := fd.RemoteAddr().(*net.TCPAddr); ok && !srv.NetRestrict.Contains(tcp.IP) {
|
||||||
srv.log.Debug("Rejected conn (not whitelisted in NetRestrict)", "addr", fd.RemoteAddr())
|
srv.log.Debug("Rejected conn (not allowlisted in NetRestrict)", "addr", fd.RemoteAddr())
|
||||||
fd.Close()
|
fd.Close()
|
||||||
slots <- struct{}{}
|
slots <- struct{}{}
|
||||||
continue
|
continue
|
||||||
|
|
@ -899,15 +900,15 @@ func (srv *Server) setupConn(c *conn, flags connFlag, dialDest *discover.Node) e
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
clog := srv.log.New("id", c.id.String(), "addr", c.fd.RemoteAddr(), "conn", c.flags)
|
clog := srv.log.New("id", c.id.String(), "addr", c.fd.RemoteAddr(), "conn", c.flags)
|
||||||
if len(srv.WhitePeers) > 0 {
|
if len(srv.AllowPeers) > 0 {
|
||||||
if _, ok := srv.WhitePeers[c.id]; !ok {
|
if _, ok := srv.AllowPeers[c.id]; !ok {
|
||||||
clog.Debug("Reject non-whitelisted peer")
|
clog.Debug("Reject non-allowlisted peer")
|
||||||
return DiscNonWhitelistedPeer
|
return DiscNonAllowlistedPeer
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if _, ok := srv.BlackPeers[c.id]; ok {
|
if _, ok := srv.DenyPeers[c.id]; ok {
|
||||||
clog.Debug("Reject blacklisted peer")
|
clog.Debug("Reject blacklisted peer")
|
||||||
return DiscBlacklistedPeer
|
return DiscDenylistedPeer
|
||||||
}
|
}
|
||||||
// For dialed connections, check that the remote public key matches.
|
// For dialed connections, check that the remote public key matches.
|
||||||
if dialDest != nil && c.id != dialDest.ID {
|
if dialDest != nil && c.id != dialDest.ID {
|
||||||
|
|
|
||||||
|
|
@ -950,7 +950,7 @@ func (c *ChainConfig) Description() string {
|
||||||
banner += fmt.Sprintf(" - TIPSigning: %-8v\n", common.TIPSigning)
|
banner += fmt.Sprintf(" - TIPSigning: %-8v\n", common.TIPSigning)
|
||||||
banner += fmt.Sprintf(" - TIPRandomize: %-8v\n", common.TIPRandomize)
|
banner += fmt.Sprintf(" - TIPRandomize: %-8v\n", common.TIPRandomize)
|
||||||
banner += fmt.Sprintf(" - TIPIncreaseMasternodes: %-8v\n", common.TIPIncreaseMasternodes)
|
banner += fmt.Sprintf(" - TIPIncreaseMasternodes: %-8v\n", common.TIPIncreaseMasternodes)
|
||||||
banner += fmt.Sprintf(" - BlackListHFNumber: %-8v\n", common.BlackListHFNumber)
|
banner += fmt.Sprintf(" - DenylistHFNumber: %-8v\n", common.DenylistHFNumber)
|
||||||
banner += fmt.Sprintf(" - TIPNoHalvingMNReward: %-8v\n", common.TIPNoHalvingMNReward)
|
banner += fmt.Sprintf(" - TIPNoHalvingMNReward: %-8v\n", common.TIPNoHalvingMNReward)
|
||||||
banner += fmt.Sprintf(" - TIPXDCX: %-8v\n", common.TIPXDCX)
|
banner += fmt.Sprintf(" - TIPXDCX: %-8v\n", common.TIPXDCX)
|
||||||
banner += fmt.Sprintf(" - TIPXDCXLending: %-8v\n", common.TIPXDCXLending)
|
banner += fmt.Sprintf(" - TIPXDCXLending: %-8v\n", common.TIPXDCXLending)
|
||||||
|
|
|
||||||
|
|
@ -97,7 +97,7 @@ func wsHandshakeValidator(allowedOrigins []string) func(*http.Request) bool {
|
||||||
if _, ok := req.Header["Origin"]; !ok {
|
if _, ok := req.Header["Origin"]; !ok {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
// Verify origin against allow list.
|
// Verify origin against allowlist.
|
||||||
origin := strings.ToLower(req.Header.Get("Origin"))
|
origin := strings.ToLower(req.Header.Get("Origin"))
|
||||||
if allowAllOrigins || originIsAllowed(origins, origin) {
|
if allowAllOrigins || originIsAllowed(origins, origin) {
|
||||||
return true
|
return true
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue