Refactor --allow-ips to handle custom ip-ranges (#6144)

* Add checks for additional reserved ip addresses 100.64.0.0/10 and 240.0.0.0/4 are both reserved but not currently filtered. * Add check for special purpose addresses 192.0.0.0/24 - Used for the IANA IPv4 Special Purpose Address Registry * Refactor ip_utils (#5872) * Add checks for all ipv4 special use addresses * Add comprehensive ipv4 test cases * Refactor Ipv6 address checks (#5872) * Refactor AllowIP (#5872) * Add IpFilter struct to wrap predefined filter (AllowIP) with custom allow/block filters. * Refactor parsing of --allow-ips to handle custom filters. * Move AllowIP/IpFilter from ethsync to ethcore-network where they are used. * Revert Cargo.lock * Tests for custom ip filters (#5872) * Add "none" as a valid argument for --allow-ips to allow narrow custom ranges, eg.: --allow-ips="none 10.0.0.0/8" * Add tests for parsing filter arguments and node endpoints. * Add ipnetwork crate to dev dependencies for testing. * Add ipv6 filter tests (#5872) * Revert parity-ui-precompiled to master * Fix minor detail in usage.txt (#5872) * Spaces to tabs * Rename IpFilter::new() to ::default() * Small readability improvements * Test (#5872) * Revert "Test (#5872)" This reverts commit 7a8906430a6dad633fe29df3dca57f1630851fa9.
2017-07-29 00:06:39 +07:00
parent ad30a6899b
commit b5f1524e78
15 changed files with 508 additions and 111 deletions
--- a/parity/cli/usage.txt
+++ b/parity/cli/usage.txt
@@ -148,11 +148,15 @@ Networking Options:
                                   These nodes will always have a reserved slot on top
                                   of the normal maximum peers. (default: {flag_reserved_peers:?})
  --reserved-only                  Connect only to reserved nodes. (default: {flag_reserved_only})
-  --allow-ips FILTER               Filter outbound connections. Must be one of:
+  --allow-ips FILTER               Filter outbound connections. FILTER can be one of:
                                   private - connect to private network IP addresses only;
                                   public - connect to public network IP addresses only;
-                                   all - connect to any IP address.
-                                   (default: {flag_allow_ips})
+                                   all - connect to any IP address;
+                                   none - block all (for use with a custom filter as below);
+                                   a custom filter list in the format: "private ip_range1 -ip_range2 ...".
+                                   Where ip_range1 would be allowed and ip_range2 blocked;
+                                   Custom blocks ("-ip_range") override custom allows ("ip_range");
+                                   (default: {flag_allow_ips}).
  --max-pending-peers NUM          Allow up to NUM pending connections. (default: {flag_max_pending_peers})
  --no-ancient-blocks              Disable downloading old blocks after snapshot restoration
                                   or warp sync. (default: {flag_no_ancient_blocks})