Refactor --allow-ips to handle custom ip-ranges (#6144)
* Add checks for additional reserved ip addresses 100.64.0.0/10 and 240.0.0.0/4 are both reserved but not currently filtered. * Add check for special purpose addresses 192.0.0.0/24 - Used for the IANA IPv4 Special Purpose Address Registry * Refactor ip_utils (#5872) * Add checks for all ipv4 special use addresses * Add comprehensive ipv4 test cases * Refactor Ipv6 address checks (#5872) * Refactor AllowIP (#5872) * Add IpFilter struct to wrap predefined filter (AllowIP) with custom allow/block filters. * Refactor parsing of --allow-ips to handle custom filters. * Move AllowIP/IpFilter from ethsync to ethcore-network where they are used. * Revert Cargo.lock * Tests for custom ip filters (#5872) * Add "none" as a valid argument for --allow-ips to allow narrow custom ranges, eg.: --allow-ips="none 10.0.0.0/8" * Add tests for parsing filter arguments and node endpoints. * Add ipnetwork crate to dev dependencies for testing. * Add ipv6 filter tests (#5872) * Revert parity-ui-precompiled to master * Fix minor detail in usage.txt (#5872) * Spaces to tabs * Rename IpFilter::new() to ::default() * Small readability improvements * Test (#5872) * Revert "Test (#5872)" This reverts commit 7a8906430a6dad633fe29df3dca57f1630851fa9.
This commit is contained in:
Joseph Mark
Gav Wood
@@ -19,8 +19,7 @@ use std::collections::{HashMap, BTreeMap};
|
||||
use std::io;
|
||||
use util::Bytes;
|
||||
use network::{NetworkProtocolHandler, NetworkService, NetworkContext, HostInfo, PeerId, ProtocolId,
|
||||
NetworkConfiguration as BasicNetworkConfiguration, NonReservedPeerMode, NetworkError,
|
||||
AllowIP as NetworkAllowIP};
|
||||
NetworkConfiguration as BasicNetworkConfiguration, NonReservedPeerMode, NetworkError};
|
||||
use util::{U256, H256, H512};
|
||||
use io::{TimerToken};
|
||||
use ethcore::ethstore::ethkey::Secret;
|
||||
@@ -37,6 +36,7 @@ use chain::{ETH_PACKET_COUNT, SNAPSHOT_SYNC_PACKET_COUNT};
|
||||
use light::client::AsLightClient;
|
||||
use light::Provider;
|
||||
use light::net::{self as light_net, LightProtocol, Params as LightParams, Capabilities, Handler as LightHandler, EventContext};
|
||||
use network::IpFilter;
|
||||
|
||||
/// Parity sync protocol
|
||||
pub const WARP_SYNC_PROTOCOL_ID: ProtocolId = *b"par";
|
||||
@@ -539,30 +539,6 @@ impl ManageNetwork for EthSync {
|
||||
}
|
||||
}
|
||||
|
||||
/// IP fiter
|
||||
#[derive(Clone, Debug, PartialEq, Eq)]
|
||||
#[cfg_attr(feature = "ipc", binary)]
|
||||
pub enum AllowIP {
|
||||
/// Connect to any address
|
||||
All,
|
||||
/// Connect to private network only
|
||||
Private,
|
||||
/// Connect to public network only
|
||||
Public,
|
||||
}
|
||||
|
||||
impl AllowIP {
|
||||
/// Attempt to parse the peer mode from a string.
|
||||
pub fn parse(s: &str) -> Option<Self> {
|
||||
match s {
|
||||
"all" => Some(AllowIP::All),
|
||||
"private" => Some(AllowIP::Private),
|
||||
"public" => Some(AllowIP::Public),
|
||||
_ => None,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
#[cfg_attr(feature = "ipc", binary)]
|
||||
/// Network service configuration
|
||||
@@ -598,7 +574,7 @@ pub struct NetworkConfiguration {
|
||||
/// The non-reserved peer mode.
|
||||
pub allow_non_reserved: bool,
|
||||
/// IP Filtering
|
||||
pub allow_ips: AllowIP,
|
||||
pub ip_filter: IpFilter,
|
||||
}
|
||||
|
||||
impl NetworkConfiguration {
|
||||
@@ -629,11 +605,7 @@ impl NetworkConfiguration {
|
||||
max_handshakes: self.max_pending_peers,
|
||||
reserved_protocols: hash_map![WARP_SYNC_PROTOCOL_ID => self.snapshot_peers],
|
||||
reserved_nodes: self.reserved_nodes,
|
||||
allow_ips: match self.allow_ips {
|
||||
AllowIP::All => NetworkAllowIP::All,
|
||||
AllowIP::Private => NetworkAllowIP::Private,
|
||||
AllowIP::Public => NetworkAllowIP::Public,
|
||||
},
|
||||
ip_filter: self.ip_filter,
|
||||
non_reserved_mode: if self.allow_non_reserved { NonReservedPeerMode::Accept } else { NonReservedPeerMode::Deny },
|
||||
})
|
||||
}
|
||||
@@ -656,11 +628,7 @@ impl From<BasicNetworkConfiguration> for NetworkConfiguration {
|
||||
max_pending_peers: other.max_handshakes,
|
||||
snapshot_peers: *other.reserved_protocols.get(&WARP_SYNC_PROTOCOL_ID).unwrap_or(&0),
|
||||
reserved_nodes: other.reserved_nodes,
|
||||
allow_ips: match other.allow_ips {
|
||||
NetworkAllowIP::All => AllowIP::All,
|
||||
NetworkAllowIP::Private => AllowIP::Private,
|
||||
NetworkAllowIP::Public => AllowIP::Public,
|
||||
},
|
||||
ip_filter: other.ip_filter,
|
||||
allow_non_reserved: match other.non_reserved_mode { NonReservedPeerMode::Accept => true, _ => false } ,
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user