Merge branch 'master' into split

This commit is contained in:
debris 2017-07-29 23:44:55 +02:00
commit 88cc4cd17a
19 changed files with 582 additions and 152 deletions

View File

@ -1,41 +1,45 @@
## Parity [v1.6.10](https://github.com/paritytech/parity/releases/tag/v1.6.10) (2017-07-23)
This is a hotfix release for the stable channel addressing the recent [multi-signature wallet vulnerability](https://blog.parity.io/security-alert-high-2/). Note, upgrading is not mandatory, and all future multi-sig wallets created by any version of Parity are secure.
All Changes:
- Backports for stable [#6116](https://github.com/paritytech/parity/pull/6116)
- Remove chunk to restore from pending set only upon successful import [#6112](https://github.com/paritytech/parity/pull/6112)
- Blacklist bad snapshot manifest hashes upon failure [#5874](https://github.com/paritytech/parity/pull/5874)
- Bump snap version and tweak importing detection logic [#6079](https://github.com/paritytech/parity/pull/6079) (modified to work)
- Fix docker build for stable [#6118](https://github.com/paritytech/parity/pull/6118)
- Backported wallet fix [#6104](https://github.com/paritytech/parity/pull/6104)
- Fix initialisation bug. ([#6102](https://github.com/paritytech/parity/pull/6102))
- Update wallet library modifiers ([#6103](https://github.com/paritytech/parity/pull/6103))
- Bump to v1.6.10
## Parity [v1.7.0](https://github.com/paritytech/parity/releases/tag/v1.7.0) (2017-07-23)
## Parity [v1.7.0](https://github.com/paritytech/parity/releases/tag/v1.7.0) (2017-07-28)
Parity 1.7.0 is a major release introducing several important features:
- **Experimental [Light client](https://github.com/paritytech/parity/wiki/The-Parity-Light-Protocol-(PIP)) support**. Start Parity with `--light` to enable light mode.
- **Experimental [Light client](https://github.com/paritytech/parity/wiki/The-Parity-Light-Protocol-(PIP)) support**. Start Parity with `--light` to enable light mode. Please, note: The wallet UI integration for the light client is not included, yet.
- **Experimental web wallet**. A hosted version of Parity that keeps the keys and signs transactions using your browser storage. Try it at https://wallet.parity.io or run your own with `--public-node`.
- **WASM contract support**. Private networks can run contracts compiled into WASM bytecode. _More information and documentation to follow_.
- **DApps and RPC server merge**. DApp and RPC are now available through a single API endpoint. DApp server related settings are deprecated.
- **Export accounts from the wallet**. Backing up your keys can now simply be managed through the wallet interface.
- **PoA/Kovan validator set contract**. The PoA network validator-set management via smart contract is now supported by warp and light sync.
- **PoA/Kovan validator set contract**. The PoA network validator-set management via smart contract is now supported by warp and, in the near future, light sync.
- **PubSub API**. https://github.com/paritytech/parity/wiki/JSONRPC-Parity-Pub-Sub-module
- **Signer apps for IOS and Android**.
Full list of included changes:
- Backports [#6163](https://github.com/paritytech/parity/pull/6163)
- Light client improvements ([#6156](https://github.com/paritytech/parity/pull/6156))
- No seal checking
- Import command and --no-seal-check for light client
- Fix eth_call
- Tweak registry dapps lookup
- Ignore failed requests to non-server peers
- Fix connecting to wildcard addresses. ([#6167](https://github.com/paritytech/parity/pull/6167))
- Don't display an overlay in case the time sync check fails. ([#6164](https://github.com/paritytech/parity/pull/6164))
- Small improvements to time estimation.
- Temporarily disable NTP time check by default.
- Light client fixes ([#6148](https://github.com/paritytech/parity/pull/6148)) [#6151](https://github.com/paritytech/parity/pull/6151)
- Light client fixes
- Fix memory-lru-cache
- Clear pending reqs on disconnect
- Filter tokens logs from current block, not genesis ([#6128](https://github.com/paritytech/parity/pull/6128)) [#6141](https://github.com/paritytech/parity/pull/6141)
- Fix QR scanner returning null on confirm [#6122](https://github.com/paritytech/parity/pull/6122)
- Check QR before lowercase ([#6119](https://github.com/paritytech/parity/pull/6119)) [#6120](https://github.com/paritytech/parity/pull/6120)
- Remove chunk to restore from pending set only upon successful import [#6117](https://github.com/paritytech/parity/pull/6117)
- Fixed node address detection on incoming connection [#6094](https://github.com/paritytech/parity/pull/6094)
- Place RETURNDATA behind block number gate [#6095](https://github.com/paritytech/parity/pull/6095)
- Update wallet library binaries [#6108](https://github.com/paritytech/parity/pull/6108)
- Backported wallet fix [#6105](https://github.com/paritytech/parity/pull/6105)
- Fix initialisation bug. ([#6102](https://github.com/paritytech/parity/pull/6102))
- Update wallet library modifiers ([#6103](https://github.com/paritytech/parity/pull/6103))
- Place RETURNDATA behind block number gate [#6095](https://github.com/paritytech/parity/pull/6095)
- Fixed node address detection on incoming connection [#6094](https://github.com/paritytech/parity/pull/6094)
- Bump snap version and tweak importing detection logic ([#6079](https://github.com/paritytech/parity/pull/6079)) [#6081](https://github.com/paritytech/parity/pull/6081)
- bump last tick just before printing info and restore sync detection
- bump kovan snapshot version
@ -439,6 +443,23 @@ Full list of included changes:
- Update the Wallet Library Registry key [#4817](https://github.com/paritytech/parity/pull/4817)
- Update Wallet to new Wallet Code [#4805](https://github.com/paritytech/parity/pull/4805)
## Parity [v1.6.10](https://github.com/paritytech/parity/releases/tag/v1.6.10) (2017-07-25)
This is a hotfix release for the stable channel addressing the recent [multi-signature wallet vulnerability](https://blog.parity.io/security-alert-high-2/). Note, upgrading is not mandatory, and all future multi-sig wallets created by any version of Parity are secure.
All Changes:
- Backports for stable [#6116](https://github.com/paritytech/parity/pull/6116)
- Remove chunk to restore from pending set only upon successful import [#6112](https://github.com/paritytech/parity/pull/6112)
- Blacklist bad snapshot manifest hashes upon failure [#5874](https://github.com/paritytech/parity/pull/5874)
- Bump snap version and tweak importing detection logic [#6079](https://github.com/paritytech/parity/pull/6079) (modified to work)
- Fix docker build for stable [#6118](https://github.com/paritytech/parity/pull/6118)
- Update wallet library binaries [#6108](https://github.com/paritytech/parity/pull/6108)
- Backported wallet fix [#6104](https://github.com/paritytech/parity/pull/6104)
- Fix initialisation bug. ([#6102](https://github.com/paritytech/parity/pull/6102))
- Update wallet library modifiers ([#6103](https://github.com/paritytech/parity/pull/6103))
- Bump to v1.6.10
## Parity [v1.6.9](https://github.com/paritytech/parity/releases/tag/v1.6.9) (2017-07-16)
This is a first stable release of 1.6 series. It contains a number of minor fixes and introduces the `--reseal-on-uncles` option for miners.

10
Cargo.lock generated
View File

@ -668,6 +668,7 @@ dependencies = [
"ethcrypto 0.1.0",
"ethkey 0.2.0",
"igd 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
"ipnetwork 0.12.6 (registry+https://github.com/rust-lang/crates.io-index)",
"libc 0.2.21 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
"mio 0.6.8 (registry+https://github.com/rust-lang/crates.io-index)",
@ -872,6 +873,7 @@ dependencies = [
"ethcore-util 1.8.0",
"ethkey 0.2.0",
"heapsize 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
"ipnetwork 0.12.6 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
"parking_lot 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
"rand 0.3.14 (registry+https://github.com/rust-lang/crates.io-index)",
@ -1159,6 +1161,11 @@ dependencies = [
"semver 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]]
name = "ipnetwork"
version = "0.12.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
[[package]]
name = "isatty"
version = "0.1.1"
@ -1773,6 +1780,7 @@ dependencies = [
"ethcore-ipc-tests 0.1.0",
"ethcore-light 1.8.0",
"ethcore-logger 1.8.0",
"ethcore-network 1.8.0",
"ethcore-secretstore 1.0.0",
"ethcore-stratum 1.8.0",
"ethcore-util 1.8.0",
@ -1781,6 +1789,7 @@ dependencies = [
"fdlimit 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)",
"futures-cpupool 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
"ipnetwork 0.12.6 (registry+https://github.com/rust-lang/crates.io-index)",
"isatty 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
"jsonrpc-core 7.0.0 (git+https://github.com/paritytech/jsonrpc.git?branch=parity-1.7)",
"log 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
@ -3236,6 +3245,7 @@ dependencies = [
"checksum igd 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "356a0dc23a4fa0f8ce4777258085d00a01ea4923b2efd93538fc44bf5e1bda76"
"checksum integer-encoding 1.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "a053c9c7dcb7db1f2aa012c37dc176c62e4cdf14898dee0eecc606de835b8acb"
"checksum iovec 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "29d062ee61fccdf25be172e70f34c9f6efc597e1fb8f6526e8437b2046ab26be"
"checksum ipnetwork 0.12.6 (registry+https://github.com/rust-lang/crates.io-index)" = "232e76922883005380e831068f731ef0305541c9f77b30df3a1635047b16f370"
"checksum isatty 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "7408a548dc0e406b7912d9f84c261cc533c1866e047644a811c133c56041ac0c"
"checksum itertools 0.5.9 (registry+https://github.com/rust-lang/crates.io-index)" = "d95557e7ba6b71377b0f2c3b3ae96c53f1b75a926a6901a500f557a370af730a"
"checksum itoa 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "91fd9dc2c587067de817fec4ad355e3818c3d893a78cab32a0a474c7a15bb8d5"

View File

@ -41,6 +41,7 @@ ethcore-ipc-hypervisor = { path = "ipc/hypervisor" }
ethcore-light = { path = "ethcore/light" }
ethcore-logger = { path = "logger" }
ethcore-stratum = { path = "stratum" }
ethcore-network = { path = "util/network" }
ethkey = { path = "ethkey" }
rlp = { path = "util/rlp" }
rpc-cli = { path = "rpc_cli" }
@ -65,6 +66,7 @@ rustc_version = "0.2"
[dev-dependencies]
ethcore-ipc-tests = { path = "ipc/tests" }
pretty_assertions = "0.1"
ipnetwork = "0.12.6"
[target.'cfg(windows)'.dependencies]
winapi = "0.2"

View File

@ -149,7 +149,7 @@ function un.onInit
SetShellVarContext all
#Verify the uninstaller - last chance to back out
MessageBox MB_OKCANCEL "Permanantly remove ${APPNAME}?" IDOK next
MessageBox MB_OKCANCEL "Permanently remove ${APPNAME}?" IDOK next
Abort
next:

View File

@ -148,11 +148,15 @@ Networking Options:
These nodes will always have a reserved slot on top
of the normal maximum peers. (default: {flag_reserved_peers:?})
--reserved-only Connect only to reserved nodes. (default: {flag_reserved_only})
--allow-ips FILTER Filter outbound connections. Must be one of:
--allow-ips FILTER Filter outbound connections. FILTER can be one of:
private - connect to private network IP addresses only;
public - connect to public network IP addresses only;
all - connect to any IP address.
(default: {flag_allow_ips})
all - connect to any IP address;
none - block all (for use with a custom filter as below);
a custom filter list in the format: "private ip_range1 -ip_range2 ...".
Where ip_range1 would be allowed and ip_range2 blocked;
Custom blocks ("-ip_range") override custom allows ("ip_range");
(default: {flag_allow_ips}).
--max-pending-peers NUM Allow up to NUM pending connections. (default: {flag_max_pending_peers})
--no-ancient-blocks Disable downloading old blocks after snapshot restoration
or warp sync. (default: {flag_no_ancient_blocks})

View File

@ -24,7 +24,7 @@ use cli::{Args, ArgsError};
use util::{Hashable, H256, U256, Bytes, version_data, Address};
use util::journaldb::Algorithm;
use util::Colour;
use ethsync::{NetworkConfiguration, is_valid_node_url, AllowIP};
use ethsync::{NetworkConfiguration, is_valid_node_url};
use ethcore::ethstore::ethkey::{Secret, Public};
use ethcore::client::{VMType};
use ethcore::miner::{MinerOptions, Banning, StratumOptions};
@ -48,6 +48,7 @@ use blockchain::{BlockchainCmd, ImportBlockchain, ExportBlockchain, KillBlockcha
use presale::ImportWallet;
use account::{AccountCmd, NewAccount, ListAccounts, ImportAccounts, ImportFromGethAccounts};
use snapshot::{self, SnapshotCommand};
use network::{IpFilter};
#[derive(Debug, PartialEq)]
pub enum Cmd {
@ -56,7 +57,7 @@ pub enum Cmd {
Account(AccountCmd),
ImportPresaleWallet(ImportWallet),
Blockchain(BlockchainCmd),
SignerToken(WsConfiguration, UiConfiguration),
SignerToken(WsConfiguration, UiConfiguration, LogConfig),
SignerSign {
id: Option<usize>,
pwfile: Option<PathBuf>,
@ -148,7 +149,7 @@ impl Configuration {
let authfile = ::signer::codes_path(&ws_conf.signer_path);
if self.args.cmd_new_token {
Cmd::SignerToken(ws_conf, ui_conf)
Cmd::SignerToken(ws_conf, ui_conf, logger_config.clone())
} else if self.args.cmd_sign {
let pwfile = self.args.flag_password.get(0).map(|pwfile| {
PathBuf::from(pwfile)
@ -461,12 +462,10 @@ impl Configuration {
max(self.min_peers(), peers)
}
fn allow_ips(&self) -> Result<AllowIP, String> {
match self.args.flag_allow_ips.as_str() {
"all" => Ok(AllowIP::All),
"public" => Ok(AllowIP::Public),
"private" => Ok(AllowIP::Private),
_ => Err("Invalid IP filter value".to_owned()),
fn ip_filter(&self) -> Result<IpFilter, String> {
match IpFilter::parse(self.args.flag_allow_ips.as_str()) {
Ok(allow_ip) => Ok(allow_ip),
Err(_) => Err("Invalid IP filter value".to_owned()),
}
}
@ -712,7 +711,7 @@ impl Configuration {
ret.max_peers = self.max_peers();
ret.min_peers = self.min_peers();
ret.snapshot_peers = self.snapshot_peers();
ret.allow_ips = self.allow_ips()?;
ret.ip_filter = self.ip_filter()?;
ret.max_pending_peers = self.max_pending_peers();
let mut net_path = PathBuf::from(self.directories().base);
net_path.push("network");
@ -968,7 +967,6 @@ impl Configuration {
}.into()
}
fn ui_interface(&self) -> String {
self.interface(&self.args.flag_ui_interface)
}
@ -1080,6 +1078,7 @@ impl Configuration {
mod tests {
use std::io::Write;
use std::fs::{File, create_dir};
use std::str::FromStr;
use devtools::{RandomTempPath};
use ethcore::client::{VMType, BlockId};
@ -1097,6 +1096,11 @@ mod tests {
use rpc::{WsConfiguration, UiConfiguration};
use run::RunCmd;
use network::{AllowIP, IpFilter};
extern crate ipnetwork;
use self::ipnetwork::IpNetwork;
use super::*;
#[derive(Debug, PartialEq)]
@ -1281,7 +1285,11 @@ mod tests {
interface: "127.0.0.1".into(),
port: 8180,
hosts: Some(vec![]),
}));
}, LogConfig {
color: true,
mode: None,
file: None,
} ));
}
#[test]
@ -1752,4 +1760,50 @@ mod tests {
assert_eq!(&conf0.ipfs_config().interface, "0.0.0.0");
assert_eq!(conf0.ipfs_config().hosts, None);
}
#[test]
fn allow_ips() {
let all = parse(&["parity", "--allow-ips", "all"]);
let private = parse(&["parity", "--allow-ips", "private"]);
let block_custom = parse(&["parity", "--allow-ips", "-10.0.0.0/8"]);
let combo = parse(&["parity", "--allow-ips", "public 10.0.0.0/8 -1.0.0.0/8"]);
let ipv6_custom_public = parse(&["parity", "--allow-ips", "public fc00::/7"]);
let ipv6_custom_private = parse(&["parity", "--allow-ips", "private -fc00::/7"]);
assert_eq!(all.ip_filter().unwrap(), IpFilter {
predefined: AllowIP::All,
custom_allow: vec![],
custom_block: vec![],
});
assert_eq!(private.ip_filter().unwrap(), IpFilter {
predefined: AllowIP::Private,
custom_allow: vec![],
custom_block: vec![],
});
assert_eq!(block_custom.ip_filter().unwrap(), IpFilter {
predefined: AllowIP::All,
custom_allow: vec![],
custom_block: vec![IpNetwork::from_str("10.0.0.0/8").unwrap()],
});
assert_eq!(combo.ip_filter().unwrap(), IpFilter {
predefined: AllowIP::Public,
custom_allow: vec![IpNetwork::from_str("10.0.0.0/8").unwrap()],
custom_block: vec![IpNetwork::from_str("1.0.0.0/8").unwrap()],
});
assert_eq!(ipv6_custom_public.ip_filter().unwrap(), IpFilter {
predefined: AllowIP::Public,
custom_allow: vec![IpNetwork::from_str("fc00::/7").unwrap()],
custom_block: vec![],
});
assert_eq!(ipv6_custom_private.ip_filter().unwrap(), IpFilter {
predefined: AllowIP::Private,
custom_allow: vec![],
custom_block: vec![IpNetwork::from_str("fc00::/7").unwrap()],
});
}
}

View File

@ -191,7 +191,8 @@ pub fn to_bootnodes(bootnodes: &Option<String>) -> Result<Vec<String>, String> {
#[cfg(test)]
pub fn default_network_config() -> ::ethsync::NetworkConfiguration {
use ethsync::{NetworkConfiguration, AllowIP};
use ethsync::{NetworkConfiguration};
use super::network::IpFilter;
NetworkConfiguration {
config_path: Some(replace_home(&::dir::default_data_path(), "$BASE/network")),
net_config_path: None,
@ -206,7 +207,7 @@ pub fn default_network_config() -> ::ethsync::NetworkConfiguration {
min_peers: 25,
snapshot_peers: 0,
max_pending_peers: 64,
allow_ips: AllowIP::All,
ip_filter: IpFilter::default(),
reserved_nodes: Vec::new(),
allow_non_reserved: true,
}

View File

@ -55,6 +55,7 @@ extern crate ethcore_ipc_nano as nanoipc;
extern crate ethcore_light as light;
extern crate ethcore_logger;
extern crate ethcore_util as util;
extern crate ethcore_network as network;
extern crate ethkey;
extern crate ethsync;
extern crate panic_hook;
@ -163,7 +164,7 @@ fn execute(command: Execute, can_restart: bool) -> Result<PostExecutionAction, S
Cmd::Account(account_cmd) => account::execute(account_cmd).map(|s| PostExecutionAction::Print(s)),
Cmd::ImportPresaleWallet(presale_cmd) => presale::execute(presale_cmd).map(|s| PostExecutionAction::Print(s)),
Cmd::Blockchain(blockchain_cmd) => blockchain::execute(blockchain_cmd).map(|_| PostExecutionAction::Quit),
Cmd::SignerToken(ws_conf, ui_conf) => signer::execute(ws_conf, ui_conf).map(|s| PostExecutionAction::Print(s)),
Cmd::SignerToken(ws_conf, ui_conf, logger_config) => signer::execute(ws_conf, ui_conf, logger_config).map(|s| PostExecutionAction::Print(s)),
Cmd::SignerSign { id, pwfile, port, authfile } => rpc_cli::signer_sign(id, pwfile, port, authfile).map(|s| PostExecutionAction::Print(s)),
Cmd::SignerList { port, authfile } => rpc_cli::signer_list(port, authfile).map(|s| PostExecutionAction::Print(s)),
Cmd::SignerReject { id, port, authfile } => rpc_cli::signer_reject(id, port, authfile).map(|s| PostExecutionAction::Print(s)),

View File

@ -118,12 +118,12 @@ pub struct RunCmd {
pub whisper: ::whisper::Config
}
pub fn open_ui(ws_conf: &rpc::WsConfiguration, ui_conf: &rpc::UiConfiguration) -> Result<(), String> {
pub fn open_ui(ws_conf: &rpc::WsConfiguration, ui_conf: &rpc::UiConfiguration, logger_config: &LogConfig) -> Result<(), String> {
if !ui_conf.enabled {
return Err("Cannot use UI command with UI turned off.".into())
}
let token = signer::generate_token_and_url(ws_conf, ui_conf)?;
let token = signer::generate_token_and_url(ws_conf, ui_conf, logger_config)?;
// Open a browser
url::open(&token.url);
// Print a message
@ -282,7 +282,7 @@ fn execute_light(cmd: RunCmd, can_restart: bool, logger: Arc<RotatingLogger>) ->
let rpc_stats = Arc::new(informant::RpcStats::default());
// the dapps server
let signer_service = Arc::new(signer::new_service(&cmd.ws_conf, &cmd.ui_conf));
let signer_service = Arc::new(signer::new_service(&cmd.ws_conf, &cmd.ui_conf, &cmd.logger_config));
let dapps_deps = {
let contract_client = Arc::new(::dapps::LightRegistrar {
client: service.client().clone(),
@ -378,7 +378,7 @@ pub fn execute(cmd: RunCmd, can_restart: bool, logger: Arc<RotatingLogger>) -> R
// Check if Parity is already running
let addr = format!("{}:{}", cmd.ui_conf.interface, cmd.ui_conf.port);
if !TcpListener::bind(&addr as &str).is_ok() {
return open_ui(&cmd.ws_conf, &cmd.ui_conf).map(|_| (false, None));
return open_ui(&cmd.ws_conf, &cmd.ui_conf, &cmd.logger_config).map(|_| (false, None));
}
}
@ -658,7 +658,7 @@ pub fn execute(cmd: RunCmd, can_restart: bool, logger: Arc<RotatingLogger>) -> R
false => Some(account_provider.clone())
};
let signer_service = Arc::new(signer::new_service(&cmd.ws_conf, &cmd.ui_conf));
let signer_service = Arc::new(signer::new_service(&cmd.ws_conf, &cmd.ui_conf, &cmd.logger_config));
// the dapps server
let dapps_deps = {
@ -791,7 +791,7 @@ pub fn execute(cmd: RunCmd, can_restart: bool, logger: Arc<RotatingLogger>) -> R
// start ui
if cmd.ui {
open_ui(&cmd.ws_conf, &cmd.ui_conf)?;
open_ui(&cmd.ws_conf, &cmd.ui_conf, &cmd.logger_config)?;
}
if let Some(dapp) = cmd.dapp {

View File

@ -17,13 +17,13 @@
use std::io;
use std::path::{Path, PathBuf};
use ansi_term::Colour;
use ansi_term::Colour::White;
use ethcore_logger::Config as LogConfig;
use rpc;
use rpc_apis;
use parity_rpc;
use path::restrict_permissions_owner;
pub const CODES_FILENAME: &'static str = "authcodes";
pub struct NewToken {
@ -32,12 +32,13 @@ pub struct NewToken {
pub message: String,
}
pub fn new_service(ws_conf: &rpc::WsConfiguration, ui_conf: &rpc::UiConfiguration) -> rpc_apis::SignerService {
pub fn new_service(ws_conf: &rpc::WsConfiguration, ui_conf: &rpc::UiConfiguration, logger_config: &LogConfig) -> rpc_apis::SignerService {
let signer_path = ws_conf.signer_path.clone();
let logger_config_color = logger_config.color;
let signer_enabled = ui_conf.enabled;
rpc_apis::SignerService::new(move || {
generate_new_token(&signer_path).map_err(|e| format!("{:?}", e))
generate_new_token(&signer_path, logger_config_color).map_err(|e| format!("{:?}", e))
}, signer_enabled)
}
@ -48,13 +49,14 @@ pub fn codes_path(path: &Path) -> PathBuf {
p
}
pub fn execute(ws_conf: rpc::WsConfiguration, ui_conf: rpc::UiConfiguration) -> Result<String, String> {
Ok(generate_token_and_url(&ws_conf, &ui_conf)?.message)
pub fn execute(ws_conf: rpc::WsConfiguration, ui_conf: rpc::UiConfiguration, logger_config: LogConfig) -> Result<String, String> {
Ok(generate_token_and_url(&ws_conf, &ui_conf, &logger_config)?.message)
}
pub fn generate_token_and_url(ws_conf: &rpc::WsConfiguration, ui_conf: &rpc::UiConfiguration) -> Result<NewToken, String> {
let code = generate_new_token(&ws_conf.signer_path).map_err(|err| format!("Error generating token: {:?}", err))?;
pub fn generate_token_and_url(ws_conf: &rpc::WsConfiguration, ui_conf: &rpc::UiConfiguration, logger_config: &LogConfig) -> Result<NewToken, String> {
let code = generate_new_token(&ws_conf.signer_path, logger_config.color).map_err(|err| format!("Error generating token: {:?}", err))?;
let auth_url = format!("http://{}:{}/#/auth?token={}", ui_conf.interface, ui_conf.port, code);
// And print in to the console
Ok(NewToken {
token: code.clone(),
@ -65,18 +67,24 @@ Open: {}
to authorize your browser.
Or use the generated token:
{}"#,
Colour::White.bold().paint(auth_url),
match logger_config.color {
true => format!("{}", White.bold().paint(auth_url)),
false => auth_url
},
code
)
})
}
fn generate_new_token(path: &Path) -> io::Result<String> {
fn generate_new_token(path: &Path, logger_config_color: bool) -> io::Result<String> {
let path = codes_path(path);
let mut codes = parity_rpc::AuthCodes::from_file(&path)?;
codes.clear_garbage();
let code = codes.generate_new()?;
codes.to_file(&path)?;
trace!("New key code created: {}", Colour::White.bold().paint(&code[..]));
trace!("New key code created: {}", match logger_config_color {
true => format!("{}", White.bold().paint(&code[..])),
false => format!("{}", &code[..])
});
Ok(code)
}

View File

@ -31,6 +31,7 @@ ethcore-ipc-nano = { path = "../ipc/nano" }
ethcore-devtools = { path = "../devtools" }
ethkey = { path = "../ethkey" }
parking_lot = "0.4"
ipnetwork = "0.12.6"
[features]
default = []

View File

@ -19,8 +19,7 @@ use std::collections::{HashMap, BTreeMap};
use std::io;
use util::Bytes;
use network::{NetworkProtocolHandler, NetworkService, NetworkContext, HostInfo, PeerId, ProtocolId,
NetworkConfiguration as BasicNetworkConfiguration, NonReservedPeerMode, NetworkError,
AllowIP as NetworkAllowIP};
NetworkConfiguration as BasicNetworkConfiguration, NonReservedPeerMode, NetworkError};
use util::{U256, H256, H512};
use io::{TimerToken};
use ethcore::ethstore::ethkey::Secret;
@ -37,6 +36,7 @@ use chain::{ETH_PACKET_COUNT, SNAPSHOT_SYNC_PACKET_COUNT};
use light::client::AsLightClient;
use light::Provider;
use light::net::{self as light_net, LightProtocol, Params as LightParams, Capabilities, Handler as LightHandler, EventContext};
use network::IpFilter;
/// Parity sync protocol
pub const WARP_SYNC_PROTOCOL_ID: ProtocolId = *b"par";
@ -539,30 +539,6 @@ impl ManageNetwork for EthSync {
}
}
/// IP fiter
#[derive(Clone, Debug, PartialEq, Eq)]
#[cfg_attr(feature = "ipc", binary)]
pub enum AllowIP {
/// Connect to any address
All,
/// Connect to private network only
Private,
/// Connect to public network only
Public,
}
impl AllowIP {
/// Attempt to parse the peer mode from a string.
pub fn parse(s: &str) -> Option<Self> {
match s {
"all" => Some(AllowIP::All),
"private" => Some(AllowIP::Private),
"public" => Some(AllowIP::Public),
_ => None,
}
}
}
#[derive(Debug, Clone, PartialEq, Eq)]
#[cfg_attr(feature = "ipc", binary)]
/// Network service configuration
@ -598,7 +574,7 @@ pub struct NetworkConfiguration {
/// The non-reserved peer mode.
pub allow_non_reserved: bool,
/// IP Filtering
pub allow_ips: AllowIP,
pub ip_filter: IpFilter,
}
impl NetworkConfiguration {
@ -629,11 +605,7 @@ impl NetworkConfiguration {
max_handshakes: self.max_pending_peers,
reserved_protocols: hash_map![WARP_SYNC_PROTOCOL_ID => self.snapshot_peers],
reserved_nodes: self.reserved_nodes,
allow_ips: match self.allow_ips {
AllowIP::All => NetworkAllowIP::All,
AllowIP::Private => NetworkAllowIP::Private,
AllowIP::Public => NetworkAllowIP::Public,
},
ip_filter: self.ip_filter,
non_reserved_mode: if self.allow_non_reserved { NonReservedPeerMode::Accept } else { NonReservedPeerMode::Deny },
})
}
@ -656,11 +628,7 @@ impl From<BasicNetworkConfiguration> for NetworkConfiguration {
max_pending_peers: other.max_handshakes,
snapshot_peers: *other.reserved_protocols.get(&WARP_SYNC_PROTOCOL_ID).unwrap_or(&0),
reserved_nodes: other.reserved_nodes,
allow_ips: match other.allow_ips {
NetworkAllowIP::All => AllowIP::All,
NetworkAllowIP::Private => AllowIP::Private,
NetworkAllowIP::Public => AllowIP::Public,
},
ip_filter: other.ip_filter,
allow_non_reserved: match other.non_reserved_mode { NonReservedPeerMode::Accept => true, _ => false } ,
}
}

View File

@ -37,6 +37,7 @@ extern crate semver;
extern crate parking_lot;
extern crate smallvec;
extern crate rlp;
extern crate ipnetwork;
extern crate ethcore_light as light;

View File

@ -30,6 +30,7 @@ ethcrypto = { path = "../../ethcrypto" }
rlp = { path = "../rlp" }
path = { path = "../path" }
ethcore-logger = { path ="../../logger" }
ipnetwork = "0.12.6"
[features]
default = []

View File

@ -30,7 +30,7 @@ use node_table::*;
use error::NetworkError;
use io::{StreamToken, IoContext};
use ethkey::{Secret, KeyPair, sign, recover};
use AllowIP;
use IpFilter;
use PROTOCOL_VERSION;
@ -99,7 +99,7 @@ pub struct Discovery {
send_queue: VecDeque<Datagramm>,
check_timestamps: bool,
adding_nodes: Vec<NodeEntry>,
allow_ips: AllowIP,
ip_filter: IpFilter,
}
pub struct TableUpdates {
@ -108,7 +108,7 @@ pub struct TableUpdates {
}
impl Discovery {
pub fn new(key: &KeyPair, listen: SocketAddr, public: NodeEndpoint, token: StreamToken, allow_ips: AllowIP) -> Discovery {
pub fn new(key: &KeyPair, listen: SocketAddr, public: NodeEndpoint, token: StreamToken, ip_filter: IpFilter) -> Discovery {
let socket = UdpSocket::bind(&listen).expect("Error binding UDP socket");
Discovery {
id: key.public().clone(),
@ -124,7 +124,7 @@ impl Discovery {
send_queue: VecDeque::new(),
check_timestamps: true,
adding_nodes: Vec::new(),
allow_ips: allow_ips,
ip_filter: ip_filter,
}
}
@ -400,7 +400,7 @@ impl Discovery {
}
fn is_allowed(&self, entry: &NodeEntry) -> bool {
entry.endpoint.is_allowed(self.allow_ips) && entry.id != self.id
entry.endpoint.is_allowed(&self.ip_filter) && entry.id != self.id
}
fn on_ping(&mut self, rlp: &UntrustedRlp, node: &NodeId, from: &SocketAddr) -> Result<Option<TableUpdates>, NetworkError> {
@ -561,7 +561,6 @@ mod tests {
use std::str::FromStr;
use rustc_hex::FromHex;
use ethkey::{Random, Generator};
use AllowIP;
#[test]
fn find_node() {
@ -586,8 +585,8 @@ mod tests {
let key2 = Random.generate().unwrap();
let ep1 = NodeEndpoint { address: SocketAddr::from_str("127.0.0.1:40444").unwrap(), udp_port: 40444 };
let ep2 = NodeEndpoint { address: SocketAddr::from_str("127.0.0.1:40445").unwrap(), udp_port: 40445 };
let mut discovery1 = Discovery::new(&key1, ep1.address.clone(), ep1.clone(), 0, AllowIP::All);
let mut discovery2 = Discovery::new(&key2, ep2.address.clone(), ep2.clone(), 0, AllowIP::All);
let mut discovery1 = Discovery::new(&key1, ep1.address.clone(), ep1.clone(), 0, IpFilter::default());
let mut discovery2 = Discovery::new(&key2, ep2.address.clone(), ep2.clone(), 0, IpFilter::default());
let node1 = Node::from_str("enode://a979fb575495b8d6db44f750317d0f4622bf4c2aa3365d6af7c284339968eef29b69ad0dce72a4d8db5ebb4968de0e3bec910127f134779fbcb0cb6d3331163c@127.0.0.1:7770").unwrap();
let node2 = Node::from_str("enode://b979fb575495b8d6db44f750317d0f4622bf4c2aa3365d6af7c284339968eef29b69ad0dce72a4d8db5ebb4968de0e3bec910127f134779fbcb0cb6d3331163c@127.0.0.1:7771").unwrap();
@ -619,7 +618,7 @@ mod tests {
fn removes_expired() {
let key = Random.generate().unwrap();
let ep = NodeEndpoint { address: SocketAddr::from_str("127.0.0.1:40446").unwrap(), udp_port: 40447 };
let mut discovery = Discovery::new(&key, ep.address.clone(), ep.clone(), 0, AllowIP::All);
let mut discovery = Discovery::new(&key, ep.address.clone(), ep.clone(), 0, IpFilter::default());
for _ in 0..1200 {
discovery.add_node(NodeEntry { id: NodeId::random(), endpoint: ep.clone() });
}
@ -648,7 +647,7 @@ mod tests {
fn packets() {
let key = Random.generate().unwrap();
let ep = NodeEndpoint { address: SocketAddr::from_str("127.0.0.1:40447").unwrap(), udp_port: 40447 };
let mut discovery = Discovery::new(&key, ep.address.clone(), ep.clone(), 0, AllowIP::All);
let mut discovery = Discovery::new(&key, ep.address.clone(), ep.clone(), 0, IpFilter::default());
discovery.check_timestamps = false;
let from = SocketAddr::from_str("99.99.99.99:40445").unwrap();

View File

@ -35,7 +35,7 @@ use rlp::*;
use session::{Session, SessionInfo, SessionData};
use error::*;
use io::*;
use {NetworkProtocolHandler, NonReservedPeerMode, AllowIP, PROTOCOL_VERSION};
use {NetworkProtocolHandler, NonReservedPeerMode, PROTOCOL_VERSION, IpFilter};
use node_table::*;
use stats::NetworkStats;
use discovery::{Discovery, TableUpdates, NodeEntry};
@ -106,7 +106,7 @@ pub struct NetworkConfiguration {
/// The non-reserved peer mode.
pub non_reserved_mode: NonReservedPeerMode,
/// IP filter
pub allow_ips: AllowIP,
pub ip_filter: IpFilter,
}
impl Default for NetworkConfiguration {
@ -132,7 +132,7 @@ impl NetworkConfiguration {
max_peers: 50,
max_handshakes: 64,
reserved_protocols: HashMap::new(),
allow_ips: AllowIP::All,
ip_filter: IpFilter::default(),
reserved_nodes: Vec::new(),
non_reserved_mode: NonReservedPeerMode::Accept,
}
@ -566,7 +566,7 @@ impl Host {
}
let local_endpoint = self.info.read().local_endpoint.clone();
let public_address = self.info.read().config.public_address.clone();
let allow_ips = self.info.read().config.allow_ips;
let allow_ips = self.info.read().config.ip_filter.clone();
let public_endpoint = match public_address {
None => {
let public_address = select_public_address(local_endpoint.address.port());
@ -660,7 +660,7 @@ impl Host {
}
let config = &info.config;
(config.min_peers, config.non_reserved_mode == NonReservedPeerMode::Deny, config.max_handshakes as usize, config.allow_ips, info.id().clone())
(config.min_peers, config.non_reserved_mode == NonReservedPeerMode::Deny, config.max_handshakes as usize, config.ip_filter.clone(), info.id().clone())
};
let session_count = self.session_count();

View File

@ -21,55 +21,193 @@ use std::io;
use igd::{PortMappingProtocol, search_gateway_from_timeout};
use std::time::Duration;
use node_table::{NodeEndpoint};
use ipnetwork::{IpNetwork};
/// Socket address extension for rustc beta. To be replaces with now unstable API
pub trait SocketAddrExt {
/// Returns true for the special 'unspecified' address 0.0.0.0.
fn is_unspecified_s(&self) -> bool;
/// Returns true if the address appears to be globally routable.
fn is_global_s(&self) -> bool;
// Ipv4 specific
fn is_shared_space(&self) -> bool { false }
fn is_special_purpose(&self) -> bool { false }
fn is_benchmarking(&self) -> bool { false }
fn is_future_use(&self) -> bool { false }
// Ipv6 specific
fn is_unique_local_s(&self) -> bool { false }
fn is_unicast_link_local_s(&self) -> bool { false }
fn is_documentation_s(&self) -> bool { false }
fn is_global_multicast(&self) -> bool { false }
fn is_other_multicast(&self) -> bool { false }
fn is_reserved(&self) -> bool;
fn is_usable_public(&self) -> bool;
fn is_usable_private(&self) -> bool;
fn is_within(&self, ipnet: &IpNetwork) -> bool;
}
impl SocketAddrExt for Ipv4Addr {
fn is_unspecified_s(&self) -> bool {
self.octets() == [0, 0, 0, 0]
fn is_global_s(&self) -> bool {
!self.is_private() &&
!self.is_loopback() &&
!self.is_link_local() &&
!self.is_broadcast() &&
!self.is_documentation()
}
fn is_global_s(&self) -> bool {
!self.is_private() && !self.is_loopback() && !self.is_link_local() &&
!self.is_broadcast() && !self.is_documentation()
// Used for communications between a service provider and its subscribers when using a carrier-grade NAT
// see: https://en.wikipedia.org/wiki/Reserved_IP_addresses
fn is_shared_space(&self) -> bool {
*self >= Ipv4Addr::new(100, 64, 0, 0) &&
*self <= Ipv4Addr::new(100, 127, 255, 255)
}
// Used for the IANA IPv4 Special Purpose Address Registry
// see: https://en.wikipedia.org/wiki/Reserved_IP_addresses
fn is_special_purpose(&self) -> bool {
*self >= Ipv4Addr::new(192, 0, 0, 0) &&
*self <= Ipv4Addr::new(192, 0, 0, 255)
}
// Used for testing of inter-network communications between two separate subnets
// see: https://en.wikipedia.org/wiki/Reserved_IP_addresses
fn is_benchmarking(&self) -> bool {
*self >= Ipv4Addr::new(198, 18, 0, 0) &&
*self <= Ipv4Addr::new(198, 19, 255, 255)
}
// Reserved for future use
// see: https://en.wikipedia.org/wiki/Reserved_IP_addresses
fn is_future_use(&self) -> bool {
*self >= Ipv4Addr::new(240, 0, 0, 0) &&
*self <= Ipv4Addr::new(255, 255, 255, 254)
}
fn is_reserved(&self) -> bool {
self.is_unspecified() ||
self.is_loopback() ||
self.is_link_local() ||
self.is_broadcast() ||
self.is_documentation() ||
self.is_multicast() ||
self.is_shared_space() ||
self.is_special_purpose() ||
self.is_benchmarking() ||
self.is_future_use()
}
fn is_usable_public(&self) -> bool {
!self.is_reserved() &&
!self.is_private()
}
fn is_usable_private(&self) -> bool {
self.is_private()
}
fn is_within(&self, ipnet: &IpNetwork) -> bool {
match ipnet {
&IpNetwork::V4(ipnet) => ipnet.contains(*self),
_ => false
}
}
}
impl SocketAddrExt for Ipv6Addr {
fn is_unspecified_s(&self) -> bool {
self.segments() == [0, 0, 0, 0, 0, 0, 0, 0]
fn is_global_s(&self) -> bool {
self.is_global_multicast() ||
(!self.is_loopback() &&
!self.is_unique_local_s() &&
!self.is_unicast_link_local_s() &&
!self.is_documentation_s() &&
!self.is_other_multicast())
}
fn is_global_s(&self) -> bool {
if self.is_multicast() {
// unique local address (fc00::/7).
fn is_unique_local_s(&self) -> bool {
(self.segments()[0] & 0xfe00) == 0xfc00
}
// unicast and link-local (fe80::/10).
fn is_unicast_link_local_s(&self) -> bool {
(self.segments()[0] & 0xffc0) == 0xfe80
}
// reserved for documentation (2001:db8::/32).
fn is_documentation_s(&self) -> bool {
(self.segments()[0] == 0x2001) && (self.segments()[1] == 0xdb8)
}
fn is_global_multicast(&self) -> bool {
self.segments()[0] & 0x000f == 14
} else {
!self.is_loopback() && !((self.segments()[0] & 0xffc0) == 0xfe80) &&
!((self.segments()[0] & 0xffc0) == 0xfec0) && !((self.segments()[0] & 0xfe00) == 0xfc00)
}
fn is_other_multicast(&self) -> bool {
self.is_multicast() && !self.is_global_multicast()
}
fn is_reserved(&self) -> bool {
self.is_unspecified() ||
self.is_loopback() ||
self.is_unicast_link_local_s() ||
self.is_documentation_s() ||
self.is_other_multicast()
}
fn is_usable_public(&self) -> bool {
!self.is_reserved() &&
!self.is_unique_local_s()
}
fn is_usable_private(&self) -> bool {
self.is_unique_local_s()
}
fn is_within(&self, ipnet: &IpNetwork) -> bool {
match ipnet {
&IpNetwork::V6(ipnet) => ipnet.contains(*self),
_ => false
}
}
}
impl SocketAddrExt for IpAddr {
fn is_unspecified_s(&self) -> bool {
match *self {
IpAddr::V4(ref ip) => ip.is_unspecified_s(),
IpAddr::V6(ref ip) => ip.is_unspecified_s(),
}
}
fn is_global_s(&self) -> bool {
match *self {
IpAddr::V4(ref ip) => ip.is_global_s(),
IpAddr::V6(ref ip) => ip.is_global_s(),
}
}
fn is_reserved(&self) -> bool {
match *self {
IpAddr::V4(ref ip) => ip.is_reserved(),
IpAddr::V6(ref ip) => ip.is_reserved(),
}
}
fn is_usable_public(&self) -> bool {
match *self {
IpAddr::V4(ref ip) => ip.is_usable_public(),
IpAddr::V6(ref ip) => ip.is_usable_public(),
}
}
fn is_usable_private(&self) -> bool {
match *self {
IpAddr::V4(ref ip) => ip.is_usable_private(),
IpAddr::V6(ref ip) => ip.is_usable_private(),
}
}
fn is_within(&self, ipnet: &IpNetwork) -> bool {
match *self {
IpAddr::V4(ref ip) => ip.is_within(ipnet),
IpAddr::V6(ref ip) => ip.is_within(ipnet)
}
}
}
#[cfg(not(windows))]
@ -79,7 +217,7 @@ mod getinterfaces {
use libc::{getifaddrs, freeifaddrs, ifaddrs, sockaddr, sockaddr_in, sockaddr_in6};
use std::net::{Ipv4Addr, Ipv6Addr, IpAddr};
fn convert_sockaddr (sa: *mut sockaddr) -> Option<IpAddr> {
fn convert_sockaddr(sa: *mut sockaddr) -> Option<IpAddr> {
if sa == ptr::null_mut() { return None; }
let (addr, _) = match unsafe { *sa }.sa_family as i32 {
@ -115,7 +253,7 @@ mod getinterfaces {
Some(addr)
}
fn convert_ifaddrs (ifa: *mut ifaddrs) -> Option<IpAddr> {
fn convert_ifaddrs(ifa: *mut ifaddrs) -> Option<IpAddr> {
let ifa = unsafe { &mut *ifa };
convert_sockaddr(ifa.ifa_addr)
}
@ -158,16 +296,16 @@ pub fn select_public_address(port: u16) -> SocketAddr {
Ok(list) => {
//prefer IPV4 bindings
for addr in &list { //TODO: use better criteria than just the first in the list
match *addr {
IpAddr::V4(a) if !a.is_unspecified_s() && !a.is_loopback() && !a.is_link_local() => {
match addr {
&IpAddr::V4(a) if !a.is_reserved() => {
return SocketAddr::V4(SocketAddrV4::new(a, port));
},
_ => {},
}
}
for addr in list {
for addr in &list {
match addr {
IpAddr::V6(a) if !a.is_unspecified_s() && !a.is_loopback() => {
&IpAddr::V6(a) if !a.is_reserved() => {
return SocketAddr::V6(SocketAddrV6::new(a, port, 0, 0));
},
_ => {},
@ -227,7 +365,6 @@ fn can_map_external_address_or_fail() {
#[test]
fn ipv4_properties() {
#![cfg_attr(feature="dev", allow(too_many_arguments))]
fn check(octets: &[u8; 4], unspec: bool, loopback: bool,
private: bool, link_local: bool, global: bool,
@ -235,7 +372,7 @@ fn ipv4_properties() {
let ip = Ipv4Addr::new(octets[0], octets[1], octets[2], octets[3]);
assert_eq!(octets, &ip.octets());
assert_eq!(ip.is_unspecified_s(), unspec);
assert_eq!(ip.is_unspecified(), unspec);
assert_eq!(ip.is_loopback(), loopback);
assert_eq!(ip.is_private(), private);
assert_eq!(ip.is_link_local(), link_local);
@ -264,13 +401,131 @@ fn ipv4_properties() {
check(&[255, 255, 255, 255], false, false, false, false, false, false, true, false);
}
#[test]
fn ipv4_shared_space() {
assert!(!Ipv4Addr::new(100, 63, 255, 255).is_shared_space());
assert!(Ipv4Addr::new(100, 64, 0, 0).is_shared_space());
assert!(Ipv4Addr::new(100, 127, 255, 255).is_shared_space());
assert!(!Ipv4Addr::new(100, 128, 0, 0).is_shared_space());
}
#[test]
fn ipv4_special_purpose() {
assert!(!Ipv4Addr::new(191, 255, 255, 255).is_special_purpose());
assert!(Ipv4Addr::new(192, 0, 0, 0).is_special_purpose());
assert!(Ipv4Addr::new(192, 0, 0, 255).is_special_purpose());
assert!(!Ipv4Addr::new(192, 0, 1, 255).is_special_purpose());
}
#[test]
fn ipv4_benchmarking() {
assert!(!Ipv4Addr::new(198, 17, 255, 255).is_benchmarking());
assert!(Ipv4Addr::new(198, 18, 0, 0).is_benchmarking());
assert!(Ipv4Addr::new(198, 19, 255, 255).is_benchmarking());
assert!(!Ipv4Addr::new(198, 20, 0, 0).is_benchmarking());
}
#[test]
fn ipv4_future_use() {
assert!(!Ipv4Addr::new(239, 255, 255, 255).is_future_use());
assert!(Ipv4Addr::new(240, 0, 0, 0).is_future_use());
assert!(Ipv4Addr::new(255, 255, 255, 254).is_future_use());
assert!(!Ipv4Addr::new(255, 255, 255, 255).is_future_use());
}
#[test]
fn ipv4_usable_public() {
assert!(!Ipv4Addr::new(0,0,0,0).is_usable_public()); // unspecified
assert!(Ipv4Addr::new(0,0,0,1).is_usable_public());
assert!(Ipv4Addr::new(9,255,255,255).is_usable_public());
assert!(!Ipv4Addr::new(10,0,0,0).is_usable_public()); // private intra-network
assert!(!Ipv4Addr::new(10,255,255,255).is_usable_public()); // private intra-network
assert!(Ipv4Addr::new(11,0,0,0).is_usable_public());
assert!(Ipv4Addr::new(100, 63, 255, 255).is_usable_public());
assert!(!Ipv4Addr::new(100, 64, 0, 0).is_usable_public()); // shared space
assert!(!Ipv4Addr::new(100, 127, 255, 255).is_usable_public()); // shared space
assert!(Ipv4Addr::new(100, 128, 0, 0).is_usable_public());
assert!(Ipv4Addr::new(126,255,255,255).is_usable_public());
assert!(!Ipv4Addr::new(127,0,0,0).is_usable_public()); // loopback
assert!(!Ipv4Addr::new(127,255,255,255).is_usable_public()); // loopback
assert!(Ipv4Addr::new(128,0,0,0).is_usable_public());
assert!(Ipv4Addr::new(169,253,255,255).is_usable_public());
assert!(!Ipv4Addr::new(169,254,0,0).is_usable_public()); // link-local
assert!(!Ipv4Addr::new(169,254,255,255).is_usable_public()); // link-local
assert!(Ipv4Addr::new(169,255,0,0).is_usable_public());
assert!(Ipv4Addr::new(172,15,255,255).is_usable_public());
assert!(!Ipv4Addr::new(172,16,0,0).is_usable_public()); // private intra-network
assert!(!Ipv4Addr::new(172,31,255,255).is_usable_public()); // private intra-network
assert!(Ipv4Addr::new(172,32,255,255).is_usable_public());
assert!(Ipv4Addr::new(191,255,255,255).is_usable_public());
assert!(!Ipv4Addr::new(192,0,0,0).is_usable_public()); // special purpose
assert!(!Ipv4Addr::new(192,0,0,255).is_usable_public()); // special purpose
assert!(Ipv4Addr::new(192,0,1,0).is_usable_public());
assert!(Ipv4Addr::new(192,0,1,255).is_usable_public());
assert!(!Ipv4Addr::new(192,0,2,0).is_usable_public()); // documentation
assert!(!Ipv4Addr::new(192,0,2,255).is_usable_public()); // documentation
assert!(Ipv4Addr::new(192,0,3,0).is_usable_public());
assert!(Ipv4Addr::new(192,167,255,255).is_usable_public());
assert!(!Ipv4Addr::new(192,168,0,0).is_usable_public()); // private intra-network
assert!(!Ipv4Addr::new(192,168,255,255).is_usable_public()); // private intra-network
assert!(Ipv4Addr::new(192,169,0,0).is_usable_public());
assert!(Ipv4Addr::new(198,17,255,255).is_usable_public());
assert!(!Ipv4Addr::new(198,18,0,0).is_usable_public()); // benchmarking
assert!(!Ipv4Addr::new(198,19,255,255).is_usable_public()); // benchmarking
assert!(Ipv4Addr::new(198,20,0,0).is_usable_public());
assert!(Ipv4Addr::new(198,51,99,255).is_usable_public());
assert!(!Ipv4Addr::new(198,51,100,0).is_usable_public()); // documentation
assert!(!Ipv4Addr::new(198,51,100,255).is_usable_public()); // documentation
assert!(Ipv4Addr::new(198,51,101,0).is_usable_public());
assert!(Ipv4Addr::new(203,0,112,255).is_usable_public());
assert!(!Ipv4Addr::new(203,0,113,0).is_usable_public()); // documentation
assert!(!Ipv4Addr::new(203,0,113,255).is_usable_public()); // documentation
assert!(Ipv4Addr::new(203,0,114,0).is_usable_public());
assert!(Ipv4Addr::new(223,255,255,255).is_usable_public());
assert!(!Ipv4Addr::new(224,0,0,0).is_usable_public()); // multicast
assert!(!Ipv4Addr::new(239, 255, 255, 255).is_usable_public()); // multicast
assert!(!Ipv4Addr::new(240, 0, 0, 0).is_usable_public()); // future use
assert!(!Ipv4Addr::new(255, 255, 255, 254).is_usable_public()); // future use
assert!(!Ipv4Addr::new(255, 255, 255, 255).is_usable_public()); // limited broadcast
}
#[test]
fn ipv4_usable_private() {
assert!(!Ipv4Addr::new(9,255,255,255).is_usable_private());
assert!(Ipv4Addr::new(10,0,0,0).is_usable_private()); // private intra-network
assert!(Ipv4Addr::new(10,255,255,255).is_usable_private()); // private intra-network
assert!(!Ipv4Addr::new(11,0,0,0).is_usable_private());
assert!(!Ipv4Addr::new(172,15,255,255).is_usable_private());
assert!(Ipv4Addr::new(172,16,0,0).is_usable_private()); // private intra-network
assert!(Ipv4Addr::new(172,31,255,255).is_usable_private()); // private intra-network
assert!(!Ipv4Addr::new(172,32,255,255).is_usable_private());
assert!(!Ipv4Addr::new(192,167,255,255).is_usable_private());
assert!(Ipv4Addr::new(192,168,0,0).is_usable_private()); // private intra-network
assert!(Ipv4Addr::new(192,168,255,255).is_usable_private()); // private intra-network
assert!(!Ipv4Addr::new(192,169,0,0).is_usable_private());
}
#[test]
fn ipv6_properties() {
fn check(str_addr: &str, unspec: bool, loopback: bool, global: bool) {
let ip: Ipv6Addr = str_addr.parse().unwrap();
assert_eq!(str_addr, ip.to_string());
assert_eq!(ip.is_unspecified_s(), unspec);
assert_eq!(ip.is_unspecified(), unspec);
assert_eq!(ip.is_loopback(), loopback);
assert_eq!(ip.is_global_s(), global);
}
@ -279,3 +534,5 @@ fn ipv6_properties() {
check("::", true, false, true);
check("::1", false, true, false);
}

View File

@ -77,6 +77,7 @@ extern crate rlp;
extern crate bytes;
extern crate path;
extern crate ethcore_logger;
extern crate ipnetwork;
#[macro_use]
extern crate log;
@ -106,6 +107,8 @@ pub use session::SessionInfo;
pub use io::TimerToken;
pub use node_table::{is_valid_node_url, NodeId};
use ipnetwork::{IpNetwork, IpNetworkError};
use std::str::FromStr;
const PROTOCOL_VERSION: u32 = 4;
@ -145,8 +148,49 @@ impl NonReservedPeerMode {
}
}
#[derive(Clone, Debug, PartialEq, Eq)]
#[cfg_attr(feature = "ipc", binary)]
pub struct IpFilter {
pub predefined: AllowIP,
pub custom_allow: Vec<IpNetwork>,
pub custom_block: Vec<IpNetwork>,
}
impl Default for IpFilter {
fn default() -> Self {
IpFilter {
predefined: AllowIP::All,
custom_allow: vec![],
custom_block: vec![],
}
}
}
impl IpFilter {
/// Attempt to parse the peer mode from a string.
pub fn parse(s: &str) -> Result<IpFilter, IpNetworkError> {
let mut filter = IpFilter::default();
for f in s.split_whitespace() {
match f {
"all" => filter.predefined = AllowIP::All,
"private" => filter.predefined = AllowIP::Private,
"public" => filter.predefined = AllowIP::Public,
"none" => filter.predefined = AllowIP::None,
custom => {
if custom.starts_with("-") {
filter.custom_block.push(IpNetwork::from_str(&custom.to_owned().split_off(1))?)
} else {
filter.custom_allow.push(IpNetwork::from_str(custom)?)
}
}
}
}
Ok(filter)
}
}
/// IP fiter
#[derive(Clone, Debug, PartialEq, Eq, Copy)]
#[derive(Clone, Debug, PartialEq, Eq)]
pub enum AllowIP {
/// Connect to any address
All,
@ -154,5 +198,7 @@ pub enum AllowIP {
Private,
/// Connect to public network only
Public,
/// Block all addresses
None,
}

View File

@ -30,7 +30,7 @@ use util::UtilError;
use rlp::*;
use time::Tm;
use error::NetworkError;
use AllowIP;
use {AllowIP, IpFilter};
use discovery::{TableUpdates, NodeEntry};
use ip_utils::*;
pub use rustc_serialize::json::Json;
@ -55,11 +55,21 @@ impl NodeEndpoint {
}
}
pub fn is_allowed(&self, filter: AllowIP) -> bool {
pub fn is_allowed(&self, filter: &IpFilter) -> bool {
(self.is_allowed_by_predefined(&filter.predefined) || filter.custom_allow.iter().any(|ipnet| {
self.address.ip().is_within(ipnet)
}))
&& !filter.custom_block.iter().any(|ipnet| {
self.address.ip().is_within(ipnet)
})
}
pub fn is_allowed_by_predefined(&self, filter: &AllowIP) -> bool {
match filter {
AllowIP::All => true,
AllowIP::Private => !self.address.ip().is_global_s(),
AllowIP::Public => self.address.ip().is_global_s(),
&AllowIP::All => true,
&AllowIP::Private => self.address.ip().is_usable_private(),
&AllowIP::Public => self.address.ip().is_usable_public(),
&AllowIP::None => false,
}
}
@ -101,8 +111,8 @@ impl NodeEndpoint {
pub fn is_valid(&self) -> bool {
self.udp_port != 0 && self.address.port() != 0 &&
match self.address {
SocketAddr::V4(a) => !a.ip().is_unspecified_s(),
SocketAddr::V6(a) => !a.ip().is_unspecified_s()
SocketAddr::V4(a) => !a.ip().is_unspecified(),
SocketAddr::V6(a) => !a.ip().is_unspecified()
}
}
}
@ -219,8 +229,8 @@ impl NodeTable {
}
/// Returns node ids sorted by number of failures
pub fn nodes(&self, filter: AllowIP) -> Vec<NodeId> {
let mut refs: Vec<&Node> = self.nodes.values().filter(|n| !self.useless_nodes.contains(&n.id) && n.endpoint.is_allowed(filter)).collect();
pub fn nodes(&self, filter: IpFilter) -> Vec<NodeId> {
let mut refs: Vec<&Node> = self.nodes.values().filter(|n| !self.useless_nodes.contains(&n.id) && n.endpoint.is_allowed(&filter)).collect();
refs.sort_by(|a, b| a.failures.cmp(&b.failures));
refs.iter().map(|n| n.id.clone()).collect()
}
@ -283,7 +293,7 @@ impl NodeTable {
let mut json = String::new();
json.push_str("{\n");
json.push_str("\"nodes\": [\n");
let node_ids = self.nodes(AllowIP::All);
let node_ids = self.nodes(IpFilter::default());
for i in 0 .. node_ids.len() {
let node = self.nodes.get(&node_ids[i]).expect("self.nodes() only returns node IDs from self.nodes");
json.push_str(&format!("\t{{ \"url\": \"{}\", \"failures\": {} }}{}\n", node, node.failures, if i == node_ids.len() - 1 {""} else {","}))
@ -366,7 +376,7 @@ mod tests {
use util::H512;
use std::str::FromStr;
use devtools::*;
use AllowIP;
use ipnetwork::IpNetwork;
#[test]
fn endpoint_parse() {
@ -412,7 +422,7 @@ mod tests {
table.note_failure(&id1);
table.note_failure(&id2);
let r = table.nodes(AllowIP::All);
let r = table.nodes(IpFilter::default());
assert_eq!(r[0][..], id3[..]);
assert_eq!(r[1][..], id2[..]);
assert_eq!(r[2][..], id1[..]);
@ -434,9 +444,55 @@ mod tests {
{
let table = NodeTable::new(Some(temp_path.as_path().to_str().unwrap().to_owned()));
let r = table.nodes(AllowIP::All);
let r = table.nodes(IpFilter::default());
assert_eq!(r[0][..], id1[..]);
assert_eq!(r[1][..], id2[..]);
}
}
#[test]
fn custom_allow() {
let filter = IpFilter {
predefined: AllowIP::None,
custom_allow: vec![IpNetwork::from_str(&"10.0.0.0/8").unwrap(), IpNetwork::from_str(&"1.0.0.0/8").unwrap()],
custom_block: vec![],
};
assert!(!NodeEndpoint::from_str("123.99.55.44:7770").unwrap().is_allowed(&filter));
assert!(NodeEndpoint::from_str("10.0.0.1:7770").unwrap().is_allowed(&filter));
assert!(NodeEndpoint::from_str("1.0.0.55:5550").unwrap().is_allowed(&filter));
}
#[test]
fn custom_block() {
let filter = IpFilter {
predefined: AllowIP::All,
custom_allow: vec![],
custom_block: vec![IpNetwork::from_str(&"10.0.0.0/8").unwrap(), IpNetwork::from_str(&"1.0.0.0/8").unwrap()],
};
assert!(NodeEndpoint::from_str("123.99.55.44:7770").unwrap().is_allowed(&filter));
assert!(!NodeEndpoint::from_str("10.0.0.1:7770").unwrap().is_allowed(&filter));
assert!(!NodeEndpoint::from_str("1.0.0.55:5550").unwrap().is_allowed(&filter));
}
#[test]
fn custom_allow_ipv6() {
let filter = IpFilter {
predefined: AllowIP::None,
custom_allow: vec![IpNetwork::from_str(&"fc00::/8").unwrap()],
custom_block: vec![],
};
assert!(NodeEndpoint::from_str("[fc00::]:5550").unwrap().is_allowed(&filter));
assert!(!NodeEndpoint::from_str("[fd00::]:5550").unwrap().is_allowed(&filter));
}
#[test]
fn custom_block_ipv6() {
let filter = IpFilter {
predefined: AllowIP::All,
custom_allow: vec![],
custom_block: vec![IpNetwork::from_str(&"fc00::/8").unwrap()],
};
assert!(!NodeEndpoint::from_str("[fc00::]:5550").unwrap().is_allowed(&filter));
assert!(NodeEndpoint::from_str("[fd00::]:5550").unwrap().is_allowed(&filter));
}
}