From 9c6864e21a96508a11effd611c0bbe5371b95073 Mon Sep 17 00:00:00 2001 From: chengzhinei Date: Fri, 5 Jul 2024 15:15:28 +0800 Subject: [PATCH] add consensus ip whitelist --- app/config/config.go | 17 +++++++++++++++++ .../tendermint/config/dynamic_config_okchain.go | 5 +++++ libs/tendermint/consensus/reactor.go | 17 ++++++++++++++--- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/app/config/config.go b/app/config/config.go index 67f069b012..00ef45eefb 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -137,6 +137,8 @@ type OecConfig struct { maxSubscriptionClients int maxTxLimitPerPeer uint64 + + consensusIPWhitelist []string } const ( @@ -175,6 +177,7 @@ const ( FlagCsTimeoutPrecommit = "consensus.timeout_precommit" FlagCsTimeoutPrecommitDelta = "consensus.timeout_precommit_delta" FlagCsTimeoutCommit = "consensus.timeout_commit" + FlagConsensusIPWhitelist = "consensus.ip_whitelist" FlagEnableHasBlockPartMsg = "enable-blockpart-ack" FlagDebugGcInterval = "debug.gc-interval" FlagCommitGapOffset = "commit-gap-offset" @@ -331,6 +334,7 @@ func (c *OecConfig) loadFromConfig() { c.SetCommitGapHeight(viper.GetInt64(server.FlagCommitGapHeight)) c.SetSentryAddrs(viper.GetString(FlagSentryAddrs)) c.SetNodeKeyWhitelist(viper.GetString(FlagNodeKeyWhitelist)) + c.SetConsensusIPWhitelist(viper.GetString(FlagConsensusIPWhitelist)) c.SetEnableWtx(viper.GetBool(FlagEnableWrappedTx)) c.SetEnableAnalyzer(viper.GetBool(trace.FlagEnableAnalyzer)) c.SetDeliverTxsExecuteMode(viper.GetInt(state.FlagDeliverTxsExecMode)) @@ -511,6 +515,8 @@ func (c *OecConfig) updateFromKVStr(k, v string) { c.SetPendingPoolBlacklist(v) case FlagNodeKeyWhitelist: c.SetNodeKeyWhitelist(v) + case FlagConsensusIPWhitelist: + c.SetConsensusIPWhitelist(v) case FlagMempoolCheckTxCost: r, err := strconv.ParseBool(v) if err != nil { @@ -810,6 +816,10 @@ func (c *OecConfig) GetNodeKeyWhitelist() []string { return c.nodeKeyWhitelist } +func (c *OecConfig) GetConsensusIPWhitelist() []string { + return c.consensusIPWhitelist +} + func (c *OecConfig) GetMempoolCheckTxCost() bool { return c.mempoolCheckTxCost } @@ -831,6 +841,13 @@ func (c *OecConfig) SetNodeKeyWhitelist(value string) { } } +func (c *OecConfig) SetConsensusIPWhitelist(value string) { + ipList := resolveNodeKeyWhitelist(value) + for _, ip := range ipList { + c.consensusIPWhitelist = append(c.consensusIPWhitelist, strings.TrimSpace(ip)) + } +} + func (c *OecConfig) GetSentryAddrs() []string { return c.sentryAddrs } diff --git a/libs/tendermint/config/dynamic_config_okchain.go b/libs/tendermint/config/dynamic_config_okchain.go index d990f8b012..38e441bc0b 100644 --- a/libs/tendermint/config/dynamic_config_okchain.go +++ b/libs/tendermint/config/dynamic_config_okchain.go @@ -41,6 +41,7 @@ type IDynamicConfig interface { GetMaxSubscriptionClients() int GetPendingPoolBlacklist() string GetMaxTxLimitPerPeer() uint64 + GetConsensusIPWhitelist() []string } var DynamicConfig IDynamicConfig = MockDynamicConfig{} @@ -233,3 +234,7 @@ func (d MockDynamicConfig) GetPendingPoolBlacklist() string { func (c MockDynamicConfig) GetMaxTxLimitPerPeer() uint64 { return DefaultMempoolConfig().MaxTxLimitPerPeer } + +func (c MockDynamicConfig) GetConsensusIPWhitelist() []string { + return []string{} +} diff --git a/libs/tendermint/consensus/reactor.go b/libs/tendermint/consensus/reactor.go index 7cac3075f4..095010cdfe 100644 --- a/libs/tendermint/consensus/reactor.go +++ b/libs/tendermint/consensus/reactor.go @@ -3,17 +3,17 @@ package consensus import ( "bytes" "fmt" - "github.com/okex/exchain/libs/tendermint/crypto" - "github.com/okex/exchain/libs/tendermint/libs/automation" + cfg "github.com/okex/exchain/libs/tendermint/config" "reflect" "sync" "time" "github.com/pkg/errors" - amino "github.com/tendermint/go-amino" cstypes "github.com/okex/exchain/libs/tendermint/consensus/types" + "github.com/okex/exchain/libs/tendermint/crypto" + "github.com/okex/exchain/libs/tendermint/libs/automation" "github.com/okex/exchain/libs/tendermint/libs/bits" tmevents "github.com/okex/exchain/libs/tendermint/libs/events" "github.com/okex/exchain/libs/tendermint/libs/log" @@ -343,6 +343,17 @@ func (conR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { return } + okIP := false + for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { + if src.RemoteIP().String() == ip { + okIP = true + break + } + } + if !okIP { + conR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + } + msg, err := decodeMsg(msgBytes) if err != nil { conR.Logger.Error("Error decoding message", "src", src, "chId", chID, "msg", msg, "err", err, "bytes", msgBytes)