-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Permissioned p2p connections #6359
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
[{"constant":true,"inputs":[{"name":"sl","type":"bytes32"},{"name":"sh","type":"bytes32"},{"name":"pl","type":"bytes32"},{"name":"ph","type":"bytes32"}],"name":"connectionAllowed","outputs":[{"name":"res","type":"bool"}],"payable":false,"type":"function"},{"inputs":[],"payable":false,"type":"constructor"}] |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
// Copyright 2015-2017 Parity Technologies (UK) Ltd. | ||
// This file is part of Parity. | ||
|
||
// Parity is free software: you can redistribute it and/or modify | ||
// it under the terms of the GNU General Public License as published by | ||
// the Free Software Foundation, either version 3 of the License, or | ||
// (at your option) any later version. | ||
|
||
// Parity is distributed in the hope that it will be useful, | ||
// but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
// GNU General Public License for more details. | ||
|
||
// You should have received a copy of the GNU General Public License | ||
// along with Parity. If not, see <http://www.gnu.org/licenses/>. | ||
|
||
#![allow(unused_mut, unused_variables, unused_imports)] | ||
|
||
//! Peer set contract. | ||
include!(concat!(env!("OUT_DIR"), "/peer_set.rs")); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
[package] | ||
description = "Parity smart network connections" | ||
homepage = "http://parity.io" | ||
license = "GPL-3.0" | ||
name = "node-filter" | ||
version = "1.8.0" | ||
authors = ["Parity Technologies <[email protected]>"] | ||
|
||
[dependencies] | ||
ethcore = { path = ".."} | ||
ethcore-util = { path = "../../util" } | ||
ethcore-io = { path = "../../util/io" } | ||
ethcore-network = { path = "../../util/network" } | ||
native-contracts = { path = "../native_contracts" } | ||
futures = "0.1" | ||
log = "0.3" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
{ | ||
"name": "TestNodeFilterContract", | ||
"engine": { | ||
"authorityRound": { | ||
"params": { | ||
"stepDuration": 1, | ||
"startStep": 2, | ||
"validators": { | ||
"contract": "0x0000000000000000000000000000000000000005" | ||
} | ||
} | ||
} | ||
}, | ||
"params": { | ||
"accountStartNonce": "0x0", | ||
"maximumExtraDataSize": "0x20", | ||
"minGasLimit": "0x1388", | ||
"networkID" : "0x69", | ||
"gasLimitBoundDivisor": "0x0400" | ||
}, | ||
"genesis": { | ||
"seal": { | ||
"generic": "0xc180" | ||
}, | ||
"difficulty": "0x20000", | ||
"author": "0x0000000000000000000000000000000000000000", | ||
"timestamp": "0x00", | ||
"parentHash": "0x0000000000000000000000000000000000000000000000000000000000000000", | ||
"extraData": "0x", | ||
"gasLimit": "0x222222" | ||
}, | ||
"accounts": { | ||
"0000000000000000000000000000000000000001": { "balance": "1", "builtin": { "name": "ecrecover", "pricing": { "linear": { "base": 3000, "word": 0 } } } }, | ||
"0000000000000000000000000000000000000002": { "balance": "1", "builtin": { "name": "sha256", "pricing": { "linear": { "base": 60, "word": 12 } } } }, | ||
"0000000000000000000000000000000000000003": { "balance": "1", "builtin": { "name": "ripemd160", "pricing": { "linear": { "base": 600, "word": 120 } } } }, | ||
"0000000000000000000000000000000000000004": { "balance": "1", "builtin": { "name": "identity", "pricing": { "linear": { "base": 15, "word": 3 } } } }, | ||
"0000000000000000000000000000000000000005": { | ||
"balance": "1", | ||
"constructor": "6060604052341561000f57600080fd5b5b6012600102600080601160010260001916815260200190815260200160002081600019169055506022600102600080602160010260001916815260200190815260200160002081600019169055506032600102600080603160010260001916815260200190815260200160002081600019169055506042600102600080604160010260001916815260200190815260200160002081600019169055505b5b610155806100bd6000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063994d790a1461003e575b600080fd5b341561004957600080fd5b61008a6004808035600019169060200190919080356000191690602001909190803560001916906020019091908035600019169060200190919050506100a4565b604051808215151515815260200191505060405180910390f35b60006001800285600019161480156100c3575060026001028460001916145b156100d15760019050610121565b60006001028360001916141580156100f157506000600102826000191614155b801561011e5750816000191660008085600019166000191681526020019081526020016000205460001916145b90505b9493505050505600a165627a7a723058202082b8d8667fd397925f39785d8e804540beda0524d28af15921375145dfcc250029" | ||
}, | ||
"0x7d577a597b2742b498cb5cf0c26cdcd726d39e6e": { "balance": "1606938044258990275541962092341162602522202993782792835301376" }, | ||
"0x82a978b3f5962a5b0957d9ee9eef472ee55b42f1": { "balance": "1606938044258990275541962092341162602522202993782792835301376" } | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,154 @@ | ||
// Copyright 2015-2017 Parity Technologies (UK) Ltd. | ||
// This file is part of Parity. | ||
|
||
// Parity is free software: you can redistribute it and/or modify | ||
// it under the terms of the GNU General Public License as published by | ||
// the Free Software Foundation, either version 3 of the License, or | ||
// (at your option) any later version. | ||
|
||
// Parity is distributed in the hope that it will be useful, | ||
// but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
// GNU General Public License for more details. | ||
|
||
// You should have received a copy of the GNU General Public License | ||
// along with Parity. If not, see <http://www.gnu.org/licenses/>. | ||
|
||
//! Smart contract based node filter. | ||
|
||
extern crate ethcore; | ||
extern crate ethcore_util as util; | ||
extern crate ethcore_network as network; | ||
extern crate native_contracts; | ||
extern crate futures; | ||
#[cfg(test)] extern crate ethcore_io as io; | ||
#[macro_use] extern crate log; | ||
|
||
use std::sync::Weak; | ||
use std::collections::HashMap; | ||
use native_contracts::PeerSet as Contract; | ||
use network::{NodeId, ConnectionFilter, ConnectionDirection}; | ||
use ethcore::client::{BlockChainClient, BlockId, ChainNotify}; | ||
use util::{Mutex, Address, H256, Bytes}; | ||
use futures::Future; | ||
|
||
const MAX_CACHE_SIZE: usize = 4096; | ||
|
||
/// Connection filter that uses a contract to manage permissions. | ||
pub struct NodeFilter { | ||
contract: Mutex<Option<Contract>>, | ||
client: Weak<BlockChainClient>, | ||
contract_address: Address, | ||
permission_cache: Mutex<HashMap<NodeId, bool>>, | ||
} | ||
|
||
impl NodeFilter { | ||
/// Create a new instance. Accepts a contract address. | ||
pub fn new(client: Weak<BlockChainClient>, contract_address: Address) -> NodeFilter { | ||
NodeFilter { | ||
contract: Mutex::new(None), | ||
client: client, | ||
contract_address: contract_address, | ||
permission_cache: Mutex::new(HashMap::new()), | ||
} | ||
} | ||
|
||
/// Clear cached permissions. | ||
pub fn clear_cache(&self) { | ||
self.permission_cache.lock().clear(); | ||
} | ||
} | ||
|
||
impl ConnectionFilter for NodeFilter { | ||
fn connection_allowed(&self, own_id: &NodeId, connecting_id: &NodeId, _direction: ConnectionDirection) -> bool { | ||
|
||
let mut cache = self.permission_cache.lock(); | ||
if let Some(res) = cache.get(connecting_id) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. should it be memory bounded somehow? |
||
return *res; | ||
} | ||
|
||
let mut contract = self.contract.lock(); | ||
if contract.is_none() { | ||
*contract = Some(Contract::new(self.contract_address)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i don't see the purpose of this. we have the address at initialization, so why not just create the contract structure there? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i guess it just defers ABI-decoding a bit? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. right, just deferred initialization that could save some time in offline mode. |
||
} | ||
|
||
let allowed = match (self.client.upgrade(), &*contract) { | ||
(Some(ref client), &Some(ref contract)) => { | ||
let own_low = H256::from_slice(&own_id[0..32]); | ||
let own_high = H256::from_slice(&own_id[32..64]); | ||
let id_low = H256::from_slice(&connecting_id[0..32]); | ||
let id_high = H256::from_slice(&connecting_id[32..64]); | ||
let allowed = contract.connection_allowed( | ||
|addr, data| futures::done(client.call_contract(BlockId::Latest, addr, data)), | ||
own_low, | ||
own_high, | ||
id_low, | ||
id_high, | ||
).wait().unwrap_or_else(|e| { | ||
debug!("Error callling peer set contract: {:?}", e); | ||
false | ||
}); | ||
|
||
allowed | ||
} | ||
_ => false, | ||
}; | ||
|
||
if cache.len() < MAX_CACHE_SIZE { | ||
cache.insert(*connecting_id, allowed); | ||
} | ||
allowed | ||
} | ||
} | ||
|
||
impl ChainNotify for NodeFilter { | ||
fn new_blocks(&self, imported: Vec<H256>, _invalid: Vec<H256>, _enacted: Vec<H256>, _retracted: Vec<H256>, _sealed: Vec<H256>, _proposed: Vec<Bytes>, _duration: u64) { | ||
if !imported.is_empty() { | ||
self.clear_cache(); | ||
} | ||
} | ||
} | ||
|
||
|
||
#[cfg(test)] | ||
mod test { | ||
use std::sync::{Arc, Weak}; | ||
use std::str::FromStr; | ||
use ethcore::spec::Spec; | ||
use ethcore::client::{BlockChainClient, Client, ClientConfig}; | ||
use ethcore::miner::Miner; | ||
use util::{Address}; | ||
use network::{ConnectionDirection, ConnectionFilter, NodeId}; | ||
use io::IoChannel; | ||
use super::NodeFilter; | ||
|
||
/// Contract code: https://gist.github.com/arkpar/467dbcc73cbb85b0997a7a10ffa0695f | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ah, ok, it's here |
||
#[test] | ||
fn node_filter() { | ||
let contract_addr = Address::from_str("0000000000000000000000000000000000000005").unwrap(); | ||
let data = include_bytes!("../res/node_filter.json"); | ||
let spec = Spec::load(::std::env::temp_dir(), &data[..]).unwrap(); | ||
let client_db = Arc::new(::util::kvdb::in_memory(::ethcore::db::NUM_COLUMNS.unwrap_or(0))); | ||
|
||
let client = Client::new( | ||
ClientConfig::default(), | ||
&spec, | ||
client_db, | ||
Arc::new(Miner::with_spec(&spec)), | ||
IoChannel::disconnected(), | ||
).unwrap(); | ||
let filter = NodeFilter::new(Arc::downgrade(&client) as Weak<BlockChainClient>, contract_addr); | ||
let self1 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002").unwrap(); | ||
let self2 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000003").unwrap(); | ||
let node1 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000012").unwrap(); | ||
let node2 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000022").unwrap(); | ||
let nodex = NodeId::from_str("77000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap(); | ||
|
||
assert!(filter.connection_allowed(&self1, &node1, ConnectionDirection::Inbound)); | ||
assert!(filter.connection_allowed(&self1, &nodex, ConnectionDirection::Inbound)); | ||
filter.clear_cache(); | ||
assert!(filter.connection_allowed(&self2, &node1, ConnectionDirection::Inbound)); | ||
assert!(filter.connection_allowed(&self2, &node2, ConnectionDirection::Inbound)); | ||
assert!(!filter.connection_allowed(&self2, &nodex, ConnectionDirection::Inbound)); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
contract source?