From 9c6864e21a96508a11effd611c0bbe5371b95073 Mon Sep 17 00:00:00 2001 From: chengzhinei Date: Fri, 5 Jul 2024 15:15:28 +0800 Subject: [PATCH 01/12] add consensus ip whitelist --- app/config/config.go | 17 +++++++++++++++++ .../tendermint/config/dynamic_config_okchain.go | 5 +++++ libs/tendermint/consensus/reactor.go | 17 ++++++++++++++--- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/app/config/config.go b/app/config/config.go index 67f069b012..00ef45eefb 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -137,6 +137,8 @@ type OecConfig struct { maxSubscriptionClients int maxTxLimitPerPeer uint64 + + consensusIPWhitelist []string } const ( @@ -175,6 +177,7 @@ const ( FlagCsTimeoutPrecommit = "consensus.timeout_precommit" FlagCsTimeoutPrecommitDelta = "consensus.timeout_precommit_delta" FlagCsTimeoutCommit = "consensus.timeout_commit" + FlagConsensusIPWhitelist = "consensus.ip_whitelist" FlagEnableHasBlockPartMsg = "enable-blockpart-ack" FlagDebugGcInterval = "debug.gc-interval" FlagCommitGapOffset = "commit-gap-offset" @@ -331,6 +334,7 @@ func (c *OecConfig) loadFromConfig() { c.SetCommitGapHeight(viper.GetInt64(server.FlagCommitGapHeight)) c.SetSentryAddrs(viper.GetString(FlagSentryAddrs)) c.SetNodeKeyWhitelist(viper.GetString(FlagNodeKeyWhitelist)) + c.SetConsensusIPWhitelist(viper.GetString(FlagConsensusIPWhitelist)) c.SetEnableWtx(viper.GetBool(FlagEnableWrappedTx)) c.SetEnableAnalyzer(viper.GetBool(trace.FlagEnableAnalyzer)) c.SetDeliverTxsExecuteMode(viper.GetInt(state.FlagDeliverTxsExecMode)) @@ -511,6 +515,8 @@ func (c *OecConfig) updateFromKVStr(k, v string) { c.SetPendingPoolBlacklist(v) case FlagNodeKeyWhitelist: c.SetNodeKeyWhitelist(v) + case FlagConsensusIPWhitelist: + c.SetConsensusIPWhitelist(v) case FlagMempoolCheckTxCost: r, err := strconv.ParseBool(v) if err != nil { @@ -810,6 +816,10 @@ func (c *OecConfig) GetNodeKeyWhitelist() []string { return c.nodeKeyWhitelist } +func (c *OecConfig) GetConsensusIPWhitelist() []string { + return c.consensusIPWhitelist +} + func (c *OecConfig) GetMempoolCheckTxCost() bool { return c.mempoolCheckTxCost } @@ -831,6 +841,13 @@ func (c *OecConfig) SetNodeKeyWhitelist(value string) { } } +func (c *OecConfig) SetConsensusIPWhitelist(value string) { + ipList := resolveNodeKeyWhitelist(value) + for _, ip := range ipList { + c.consensusIPWhitelist = append(c.consensusIPWhitelist, strings.TrimSpace(ip)) + } +} + func (c *OecConfig) GetSentryAddrs() []string { return c.sentryAddrs } diff --git a/libs/tendermint/config/dynamic_config_okchain.go b/libs/tendermint/config/dynamic_config_okchain.go index d990f8b012..38e441bc0b 100644 --- a/libs/tendermint/config/dynamic_config_okchain.go +++ b/libs/tendermint/config/dynamic_config_okchain.go @@ -41,6 +41,7 @@ type IDynamicConfig interface { GetMaxSubscriptionClients() int GetPendingPoolBlacklist() string GetMaxTxLimitPerPeer() uint64 + GetConsensusIPWhitelist() []string } var DynamicConfig IDynamicConfig = MockDynamicConfig{} @@ -233,3 +234,7 @@ func (d MockDynamicConfig) GetPendingPoolBlacklist() string { func (c MockDynamicConfig) GetMaxTxLimitPerPeer() uint64 { return DefaultMempoolConfig().MaxTxLimitPerPeer } + +func (c MockDynamicConfig) GetConsensusIPWhitelist() []string { + return []string{} +} diff --git a/libs/tendermint/consensus/reactor.go b/libs/tendermint/consensus/reactor.go index 7cac3075f4..095010cdfe 100644 --- a/libs/tendermint/consensus/reactor.go +++ b/libs/tendermint/consensus/reactor.go @@ -3,17 +3,17 @@ package consensus import ( "bytes" "fmt" - "github.com/okex/exchain/libs/tendermint/crypto" - "github.com/okex/exchain/libs/tendermint/libs/automation" + cfg "github.com/okex/exchain/libs/tendermint/config" "reflect" "sync" "time" "github.com/pkg/errors" - amino "github.com/tendermint/go-amino" cstypes "github.com/okex/exchain/libs/tendermint/consensus/types" + "github.com/okex/exchain/libs/tendermint/crypto" + "github.com/okex/exchain/libs/tendermint/libs/automation" "github.com/okex/exchain/libs/tendermint/libs/bits" tmevents "github.com/okex/exchain/libs/tendermint/libs/events" "github.com/okex/exchain/libs/tendermint/libs/log" @@ -343,6 +343,17 @@ func (conR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { return } + okIP := false + for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { + if src.RemoteIP().String() == ip { + okIP = true + break + } + } + if !okIP { + conR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + } + msg, err := decodeMsg(msgBytes) if err != nil { conR.Logger.Error("Error decoding message", "src", src, "chId", chID, "msg", msg, "err", err, "bytes", msgBytes) From 445abd65e1f679ded5dd5514c0675ca22306fe29 Mon Sep 17 00:00:00 2001 From: chengzhinei Date: Fri, 5 Jul 2024 15:16:51 +0800 Subject: [PATCH 02/12] fmt code --- libs/tendermint/consensus/reactor.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/tendermint/consensus/reactor.go b/libs/tendermint/consensus/reactor.go index 095010cdfe..0244a26c4b 100644 --- a/libs/tendermint/consensus/reactor.go +++ b/libs/tendermint/consensus/reactor.go @@ -3,7 +3,6 @@ package consensus import ( "bytes" "fmt" - cfg "github.com/okex/exchain/libs/tendermint/config" "reflect" "sync" "time" @@ -11,6 +10,7 @@ import ( "github.com/pkg/errors" amino "github.com/tendermint/go-amino" + cfg "github.com/okex/exchain/libs/tendermint/config" cstypes "github.com/okex/exchain/libs/tendermint/consensus/types" "github.com/okex/exchain/libs/tendermint/crypto" "github.com/okex/exchain/libs/tendermint/libs/automation" From aefc3f38bef29f2ce774011cc45189002f5457a0 Mon Sep 17 00:00:00 2001 From: oker Date: Mon, 8 Jul 2024 15:58:37 +0800 Subject: [PATCH 03/12] hanle fastsync and evidence --- libs/tendermint/blockchain/v0/reactor.go | 13 +++++++++++++ libs/tendermint/consensus/reactor.go | 1 + libs/tendermint/evidence/reactor.go | 13 +++++++++++++ 3 files changed, 27 insertions(+) diff --git a/libs/tendermint/blockchain/v0/reactor.go b/libs/tendermint/blockchain/v0/reactor.go index 7c4c438451..cdcdb878c8 100644 --- a/libs/tendermint/blockchain/v0/reactor.go +++ b/libs/tendermint/blockchain/v0/reactor.go @@ -9,6 +9,7 @@ import ( amino "github.com/tendermint/go-amino" + cfg "github.com/okex/exchain/libs/tendermint/config" "github.com/okex/exchain/libs/tendermint/libs/log" "github.com/okex/exchain/libs/tendermint/p2p" sm "github.com/okex/exchain/libs/tendermint/state" @@ -202,6 +203,18 @@ func (bcR *BlockchainReactor) respondToPeer(msg *bcBlockRequestMessage, // Receive implements Reactor by handling 4 types of messages (look below). func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { + okIP := false + for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { + if src.RemoteIP().String() == ip { + okIP = true + break + } + } + if !okIP { + bcR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + return + } + msg, err := decodeMsg(msgBytes) if err != nil { bcR.Logger.Error("Error decoding message", "src", src, "chId", chID, "msg", msg, "err", err, "bytes", msgBytes) diff --git a/libs/tendermint/consensus/reactor.go b/libs/tendermint/consensus/reactor.go index 0244a26c4b..fa229e973d 100644 --- a/libs/tendermint/consensus/reactor.go +++ b/libs/tendermint/consensus/reactor.go @@ -352,6 +352,7 @@ func (conR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { } if !okIP { conR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + return } msg, err := decodeMsg(msgBytes) diff --git a/libs/tendermint/evidence/reactor.go b/libs/tendermint/evidence/reactor.go index a0e7f34b1c..64bd3061da 100644 --- a/libs/tendermint/evidence/reactor.go +++ b/libs/tendermint/evidence/reactor.go @@ -7,6 +7,7 @@ import ( amino "github.com/tendermint/go-amino" + cfg "github.com/okex/exchain/libs/tendermint/config" clist "github.com/okex/exchain/libs/tendermint/libs/clist" "github.com/okex/exchain/libs/tendermint/libs/log" "github.com/okex/exchain/libs/tendermint/p2p" @@ -63,6 +64,18 @@ func (evR *Reactor) AddPeer(peer p2p.Peer) { // Receive implements Reactor. // It adds any received evidence to the evpool. func (evR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { + okIP := false + for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { + if src.RemoteIP().String() == ip { + okIP = true + break + } + } + if !okIP { + evR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + return + } + msg, err := decodeMsg(msgBytes) if err != nil { evR.Logger.Error("Error decoding message", "src", src, "chId", chID, "msg", msg, "err", err, "bytes", msgBytes) From 88670162bccc2026b5e1f20071b50dc4c4efe49c Mon Sep 17 00:00:00 2001 From: oker Date: Mon, 8 Jul 2024 17:53:00 +0800 Subject: [PATCH 04/12] add enableConsensusIPWhitelist --- app/config/config.go | 19 +++++++++++++++++- libs/tendermint/blockchain/v0/reactor.go | 20 ++++++++++--------- .../config/dynamic_config_okchain.go | 3 +++ libs/tendermint/consensus/reactor.go | 20 ++++++++++--------- libs/tendermint/evidence/reactor.go | 20 ++++++++++--------- 5 files changed, 54 insertions(+), 28 deletions(-) diff --git a/app/config/config.go b/app/config/config.go index 00ef45eefb..b05ec80705 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -138,7 +138,8 @@ type OecConfig struct { maxTxLimitPerPeer uint64 - consensusIPWhitelist []string + enableConsensusIPWhitelist bool + consensusIPWhitelist []string } const ( @@ -177,6 +178,7 @@ const ( FlagCsTimeoutPrecommit = "consensus.timeout_precommit" FlagCsTimeoutPrecommitDelta = "consensus.timeout_precommit_delta" FlagCsTimeoutCommit = "consensus.timeout_commit" + FlagEnableConsensusIPWhitelist = "consensus.enable_ip_whitelist" FlagConsensusIPWhitelist = "consensus.ip_whitelist" FlagEnableHasBlockPartMsg = "enable-blockpart-ack" FlagDebugGcInterval = "debug.gc-interval" @@ -334,6 +336,7 @@ func (c *OecConfig) loadFromConfig() { c.SetCommitGapHeight(viper.GetInt64(server.FlagCommitGapHeight)) c.SetSentryAddrs(viper.GetString(FlagSentryAddrs)) c.SetNodeKeyWhitelist(viper.GetString(FlagNodeKeyWhitelist)) + c.SetEnableConsensusIPWhitelist(viper.GetBool(FlagEnableConsensusIPWhitelist)) c.SetConsensusIPWhitelist(viper.GetString(FlagConsensusIPWhitelist)) c.SetEnableWtx(viper.GetBool(FlagEnableWrappedTx)) c.SetEnableAnalyzer(viper.GetBool(trace.FlagEnableAnalyzer)) @@ -515,6 +518,12 @@ func (c *OecConfig) updateFromKVStr(k, v string) { c.SetPendingPoolBlacklist(v) case FlagNodeKeyWhitelist: c.SetNodeKeyWhitelist(v) + case FlagEnableConsensusIPWhitelist: + r, err := strconv.ParseBool(v) + if err != nil { + return + } + c.SetEnableConsensusIPWhitelist(r) case FlagConsensusIPWhitelist: c.SetConsensusIPWhitelist(v) case FlagMempoolCheckTxCost: @@ -816,6 +825,10 @@ func (c *OecConfig) GetNodeKeyWhitelist() []string { return c.nodeKeyWhitelist } +func (c *OecConfig) GetEnableConsensusIPWhitelist() bool { + return c.enableConsensusIPWhitelist +} + func (c *OecConfig) GetConsensusIPWhitelist() []string { return c.consensusIPWhitelist } @@ -841,6 +854,10 @@ func (c *OecConfig) SetNodeKeyWhitelist(value string) { } } +func (c *OecConfig) SetEnableConsensusIPWhitelist(value bool) { + c.enableConsensusIPWhitelist = value +} + func (c *OecConfig) SetConsensusIPWhitelist(value string) { ipList := resolveNodeKeyWhitelist(value) for _, ip := range ipList { diff --git a/libs/tendermint/blockchain/v0/reactor.go b/libs/tendermint/blockchain/v0/reactor.go index cdcdb878c8..952d828b39 100644 --- a/libs/tendermint/blockchain/v0/reactor.go +++ b/libs/tendermint/blockchain/v0/reactor.go @@ -203,16 +203,18 @@ func (bcR *BlockchainReactor) respondToPeer(msg *bcBlockRequestMessage, // Receive implements Reactor by handling 4 types of messages (look below). func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { - okIP := false - for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { - if src.RemoteIP().String() == ip { - okIP = true - break + if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() { + okIP := false + for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { + if src.RemoteIP().String() == ip { + okIP = true + break + } + } + if !okIP { + bcR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + return } - } - if !okIP { - bcR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) - return } msg, err := decodeMsg(msgBytes) diff --git a/libs/tendermint/config/dynamic_config_okchain.go b/libs/tendermint/config/dynamic_config_okchain.go index 38e441bc0b..7b35c95a84 100644 --- a/libs/tendermint/config/dynamic_config_okchain.go +++ b/libs/tendermint/config/dynamic_config_okchain.go @@ -41,6 +41,7 @@ type IDynamicConfig interface { GetMaxSubscriptionClients() int GetPendingPoolBlacklist() string GetMaxTxLimitPerPeer() uint64 + GetEnableConsensusIPWhitelist() bool GetConsensusIPWhitelist() []string } @@ -235,6 +236,8 @@ func (c MockDynamicConfig) GetMaxTxLimitPerPeer() uint64 { return DefaultMempoolConfig().MaxTxLimitPerPeer } +func (c MockDynamicConfig) GetEnableConsensusIPWhitelist() bool { return false } + func (c MockDynamicConfig) GetConsensusIPWhitelist() []string { return []string{} } diff --git a/libs/tendermint/consensus/reactor.go b/libs/tendermint/consensus/reactor.go index fa229e973d..179e976f1a 100644 --- a/libs/tendermint/consensus/reactor.go +++ b/libs/tendermint/consensus/reactor.go @@ -343,16 +343,18 @@ func (conR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { return } - okIP := false - for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { - if src.RemoteIP().String() == ip { - okIP = true - break + if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() { + okIP := false + for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { + if src.RemoteIP().String() == ip { + okIP = true + break + } + } + if !okIP { + conR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + return } - } - if !okIP { - conR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) - return } msg, err := decodeMsg(msgBytes) diff --git a/libs/tendermint/evidence/reactor.go b/libs/tendermint/evidence/reactor.go index 64bd3061da..c44cda9b7c 100644 --- a/libs/tendermint/evidence/reactor.go +++ b/libs/tendermint/evidence/reactor.go @@ -64,16 +64,18 @@ func (evR *Reactor) AddPeer(peer p2p.Peer) { // Receive implements Reactor. // It adds any received evidence to the evpool. func (evR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { - okIP := false - for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { - if src.RemoteIP().String() == ip { - okIP = true - break + if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() { + okIP := false + for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { + if src.RemoteIP().String() == ip { + okIP = true + break + } + } + if !okIP { + evR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + return } - } - if !okIP { - evR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) - return } msg, err := decodeMsg(msgBytes) From c73afcb45667d6a3d934a76577775d8c8605ff02 Mon Sep 17 00:00:00 2001 From: oker Date: Tue, 9 Jul 2024 11:09:59 +0800 Subject: [PATCH 05/12] use map --- app/config/config.go | 6 ++--- libs/tendermint/blockchain/v0/reactor.go | 23 +++++++------------ .../config/dynamic_config_okchain.go | 6 ++--- libs/tendermint/consensus/reactor.go | 8 +------ libs/tendermint/evidence/reactor.go | 8 +------ 5 files changed, 16 insertions(+), 35 deletions(-) diff --git a/app/config/config.go b/app/config/config.go index b05ec80705..bb7506be94 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -139,7 +139,7 @@ type OecConfig struct { maxTxLimitPerPeer uint64 enableConsensusIPWhitelist bool - consensusIPWhitelist []string + consensusIPWhitelist map[string]bool } const ( @@ -829,7 +829,7 @@ func (c *OecConfig) GetEnableConsensusIPWhitelist() bool { return c.enableConsensusIPWhitelist } -func (c *OecConfig) GetConsensusIPWhitelist() []string { +func (c *OecConfig) GetConsensusIPWhitelist() map[string]bool { return c.consensusIPWhitelist } @@ -861,7 +861,7 @@ func (c *OecConfig) SetEnableConsensusIPWhitelist(value bool) { func (c *OecConfig) SetConsensusIPWhitelist(value string) { ipList := resolveNodeKeyWhitelist(value) for _, ip := range ipList { - c.consensusIPWhitelist = append(c.consensusIPWhitelist, strings.TrimSpace(ip)) + c.consensusIPWhitelist[strings.TrimSpace(ip)] = true } } diff --git a/libs/tendermint/blockchain/v0/reactor.go b/libs/tendermint/blockchain/v0/reactor.go index 952d828b39..113b2ec6c1 100644 --- a/libs/tendermint/blockchain/v0/reactor.go +++ b/libs/tendermint/blockchain/v0/reactor.go @@ -3,13 +3,13 @@ package v0 import ( "errors" "fmt" + cfg "github.com/okex/exchain/libs/tendermint/config" "reflect" "sync" "time" amino "github.com/tendermint/go-amino" - cfg "github.com/okex/exchain/libs/tendermint/config" "github.com/okex/exchain/libs/tendermint/libs/log" "github.com/okex/exchain/libs/tendermint/p2p" sm "github.com/okex/exchain/libs/tendermint/state" @@ -203,20 +203,6 @@ func (bcR *BlockchainReactor) respondToPeer(msg *bcBlockRequestMessage, // Receive implements Reactor by handling 4 types of messages (look below). func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { - if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() { - okIP := false - for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { - if src.RemoteIP().String() == ip { - okIP = true - break - } - } - if !okIP { - bcR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) - return - } - } - msg, err := decodeMsg(msgBytes) if err != nil { bcR.Logger.Error("Error decoding message", "src", src, "chId", chID, "msg", msg, "err", err, "bytes", msgBytes) @@ -236,6 +222,13 @@ func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) case *bcBlockRequestMessage: bcR.respondToPeer(msg, src) case *bcBlockResponseMessage: + if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() { + okIP := cfg.DynamicConfig.GetConsensusIPWhitelist()[src.RemoteIP().String()] + if !okIP { + bcR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + return + } + } bcR.Logger.Info("AddBlock.", "Height", msg.Block.Height, "Peer", src.ID()) bcR.pool.AddBlock(src.ID(), msg, len(msgBytes)) case *bcStatusRequestMessage: diff --git a/libs/tendermint/config/dynamic_config_okchain.go b/libs/tendermint/config/dynamic_config_okchain.go index 7b35c95a84..cc16b53fad 100644 --- a/libs/tendermint/config/dynamic_config_okchain.go +++ b/libs/tendermint/config/dynamic_config_okchain.go @@ -42,7 +42,7 @@ type IDynamicConfig interface { GetPendingPoolBlacklist() string GetMaxTxLimitPerPeer() uint64 GetEnableConsensusIPWhitelist() bool - GetConsensusIPWhitelist() []string + GetConsensusIPWhitelist() map[string]bool } var DynamicConfig IDynamicConfig = MockDynamicConfig{} @@ -238,6 +238,6 @@ func (c MockDynamicConfig) GetMaxTxLimitPerPeer() uint64 { func (c MockDynamicConfig) GetEnableConsensusIPWhitelist() bool { return false } -func (c MockDynamicConfig) GetConsensusIPWhitelist() []string { - return []string{} +func (c MockDynamicConfig) GetConsensusIPWhitelist() map[string]bool { + return map[string]bool{} } diff --git a/libs/tendermint/consensus/reactor.go b/libs/tendermint/consensus/reactor.go index 179e976f1a..f3ca00ee37 100644 --- a/libs/tendermint/consensus/reactor.go +++ b/libs/tendermint/consensus/reactor.go @@ -344,13 +344,7 @@ func (conR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { } if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() { - okIP := false - for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { - if src.RemoteIP().String() == ip { - okIP = true - break - } - } + okIP := cfg.DynamicConfig.GetConsensusIPWhitelist()[src.RemoteIP().String()] if !okIP { conR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) return diff --git a/libs/tendermint/evidence/reactor.go b/libs/tendermint/evidence/reactor.go index c44cda9b7c..7aa14b12b2 100644 --- a/libs/tendermint/evidence/reactor.go +++ b/libs/tendermint/evidence/reactor.go @@ -65,13 +65,7 @@ func (evR *Reactor) AddPeer(peer p2p.Peer) { // It adds any received evidence to the evpool. func (evR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() { - okIP := false - for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { - if src.RemoteIP().String() == ip { - okIP = true - break - } - } + okIP := cfg.DynamicConfig.GetConsensusIPWhitelist()[src.RemoteIP().String()] if !okIP { evR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) return From ba15cbfd73299f8cba24caad00d7d6e1fa06f9a8 Mon Sep 17 00:00:00 2001 From: oker Date: Tue, 9 Jul 2024 11:12:09 +0800 Subject: [PATCH 06/12] fmt code --- libs/tendermint/blockchain/v0/reactor.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/tendermint/blockchain/v0/reactor.go b/libs/tendermint/blockchain/v0/reactor.go index 113b2ec6c1..c00b7cd69b 100644 --- a/libs/tendermint/blockchain/v0/reactor.go +++ b/libs/tendermint/blockchain/v0/reactor.go @@ -3,13 +3,13 @@ package v0 import ( "errors" "fmt" - cfg "github.com/okex/exchain/libs/tendermint/config" "reflect" "sync" "time" amino "github.com/tendermint/go-amino" + cfg "github.com/okex/exchain/libs/tendermint/config" "github.com/okex/exchain/libs/tendermint/libs/log" "github.com/okex/exchain/libs/tendermint/p2p" sm "github.com/okex/exchain/libs/tendermint/state" From 78a98644a44068fdb84d18dc35f5797bfc3c38e9 Mon Sep 17 00:00:00 2001 From: oker Date: Tue, 9 Jul 2024 11:36:15 +0800 Subject: [PATCH 07/12] consensus to p2p --- app/config/config.go | 20 +++++++++---------- libs/tendermint/blockchain/v0/reactor.go | 2 +- .../config/dynamic_config_okchain.go | 4 ++-- libs/tendermint/consensus/reactor.go | 2 +- libs/tendermint/evidence/reactor.go | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/app/config/config.go b/app/config/config.go index bb7506be94..15f5a6c9c2 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -138,8 +138,8 @@ type OecConfig struct { maxTxLimitPerPeer uint64 - enableConsensusIPWhitelist bool - consensusIPWhitelist map[string]bool + enableP2PIPWhitelist bool + consensusIPWhitelist map[string]bool } const ( @@ -171,6 +171,7 @@ const ( FlagDynamicGpMaxTxNum = "dynamic-gp-max-tx-num" FlagEnableWrappedTx = "enable-wtx" FlagSentryAddrs = "p2p.sentry_addrs" + FlagEnableP2PIPWhitelist = "p2p.enable_ip_whitelist" FlagCsTimeoutPropose = "consensus.timeout_propose" FlagCsTimeoutProposeDelta = "consensus.timeout_propose_delta" FlagCsTimeoutPrevote = "consensus.timeout_prevote" @@ -178,7 +179,6 @@ const ( FlagCsTimeoutPrecommit = "consensus.timeout_precommit" FlagCsTimeoutPrecommitDelta = "consensus.timeout_precommit_delta" FlagCsTimeoutCommit = "consensus.timeout_commit" - FlagEnableConsensusIPWhitelist = "consensus.enable_ip_whitelist" FlagConsensusIPWhitelist = "consensus.ip_whitelist" FlagEnableHasBlockPartMsg = "enable-blockpart-ack" FlagDebugGcInterval = "debug.gc-interval" @@ -336,7 +336,7 @@ func (c *OecConfig) loadFromConfig() { c.SetCommitGapHeight(viper.GetInt64(server.FlagCommitGapHeight)) c.SetSentryAddrs(viper.GetString(FlagSentryAddrs)) c.SetNodeKeyWhitelist(viper.GetString(FlagNodeKeyWhitelist)) - c.SetEnableConsensusIPWhitelist(viper.GetBool(FlagEnableConsensusIPWhitelist)) + c.SetEnableP2PIPWhitelist(viper.GetBool(FlagEnableP2PIPWhitelist)) c.SetConsensusIPWhitelist(viper.GetString(FlagConsensusIPWhitelist)) c.SetEnableWtx(viper.GetBool(FlagEnableWrappedTx)) c.SetEnableAnalyzer(viper.GetBool(trace.FlagEnableAnalyzer)) @@ -518,12 +518,12 @@ func (c *OecConfig) updateFromKVStr(k, v string) { c.SetPendingPoolBlacklist(v) case FlagNodeKeyWhitelist: c.SetNodeKeyWhitelist(v) - case FlagEnableConsensusIPWhitelist: + case FlagEnableP2PIPWhitelist: r, err := strconv.ParseBool(v) if err != nil { return } - c.SetEnableConsensusIPWhitelist(r) + c.SetEnableP2PIPWhitelist(r) case FlagConsensusIPWhitelist: c.SetConsensusIPWhitelist(v) case FlagMempoolCheckTxCost: @@ -825,8 +825,8 @@ func (c *OecConfig) GetNodeKeyWhitelist() []string { return c.nodeKeyWhitelist } -func (c *OecConfig) GetEnableConsensusIPWhitelist() bool { - return c.enableConsensusIPWhitelist +func (c *OecConfig) GetEnableP2PIPWhitelist() bool { + return c.enableP2PIPWhitelist } func (c *OecConfig) GetConsensusIPWhitelist() map[string]bool { @@ -854,8 +854,8 @@ func (c *OecConfig) SetNodeKeyWhitelist(value string) { } } -func (c *OecConfig) SetEnableConsensusIPWhitelist(value bool) { - c.enableConsensusIPWhitelist = value +func (c *OecConfig) SetEnableP2PIPWhitelist(value bool) { + c.enableP2PIPWhitelist = value } func (c *OecConfig) SetConsensusIPWhitelist(value string) { diff --git a/libs/tendermint/blockchain/v0/reactor.go b/libs/tendermint/blockchain/v0/reactor.go index c00b7cd69b..2731b54973 100644 --- a/libs/tendermint/blockchain/v0/reactor.go +++ b/libs/tendermint/blockchain/v0/reactor.go @@ -222,7 +222,7 @@ func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) case *bcBlockRequestMessage: bcR.respondToPeer(msg, src) case *bcBlockResponseMessage: - if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() { + if cfg.DynamicConfig.GetEnableP2PIPWhitelist() { okIP := cfg.DynamicConfig.GetConsensusIPWhitelist()[src.RemoteIP().String()] if !okIP { bcR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) diff --git a/libs/tendermint/config/dynamic_config_okchain.go b/libs/tendermint/config/dynamic_config_okchain.go index cc16b53fad..c52081d778 100644 --- a/libs/tendermint/config/dynamic_config_okchain.go +++ b/libs/tendermint/config/dynamic_config_okchain.go @@ -41,7 +41,7 @@ type IDynamicConfig interface { GetMaxSubscriptionClients() int GetPendingPoolBlacklist() string GetMaxTxLimitPerPeer() uint64 - GetEnableConsensusIPWhitelist() bool + GetEnableP2PIPWhitelist() bool GetConsensusIPWhitelist() map[string]bool } @@ -236,7 +236,7 @@ func (c MockDynamicConfig) GetMaxTxLimitPerPeer() uint64 { return DefaultMempoolConfig().MaxTxLimitPerPeer } -func (c MockDynamicConfig) GetEnableConsensusIPWhitelist() bool { return false } +func (c MockDynamicConfig) GetEnableP2PIPWhitelist() bool { return false } func (c MockDynamicConfig) GetConsensusIPWhitelist() map[string]bool { return map[string]bool{} diff --git a/libs/tendermint/consensus/reactor.go b/libs/tendermint/consensus/reactor.go index f3ca00ee37..4b11d97b8a 100644 --- a/libs/tendermint/consensus/reactor.go +++ b/libs/tendermint/consensus/reactor.go @@ -343,7 +343,7 @@ func (conR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { return } - if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() { + if cfg.DynamicConfig.GetEnableP2PIPWhitelist() { okIP := cfg.DynamicConfig.GetConsensusIPWhitelist()[src.RemoteIP().String()] if !okIP { conR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) diff --git a/libs/tendermint/evidence/reactor.go b/libs/tendermint/evidence/reactor.go index 7aa14b12b2..a48fd6f8c6 100644 --- a/libs/tendermint/evidence/reactor.go +++ b/libs/tendermint/evidence/reactor.go @@ -64,7 +64,7 @@ func (evR *Reactor) AddPeer(peer p2p.Peer) { // Receive implements Reactor. // It adds any received evidence to the evpool. func (evR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { - if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() { + if cfg.DynamicConfig.GetEnableP2PIPWhitelist() { okIP := cfg.DynamicConfig.GetConsensusIPWhitelist()[src.RemoteIP().String()] if !okIP { evR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) From 002a8b757b00ed310529c1b72d69ba6022bcfeba Mon Sep 17 00:00:00 2001 From: oker Date: Tue, 9 Jul 2024 14:51:42 +0800 Subject: [PATCH 08/12] consensus to p2p --- app/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/config/config.go b/app/config/config.go index 15f5a6c9c2..7df6f17869 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -172,6 +172,7 @@ const ( FlagEnableWrappedTx = "enable-wtx" FlagSentryAddrs = "p2p.sentry_addrs" FlagEnableP2PIPWhitelist = "p2p.enable_ip_whitelist" + FlagConsensusIPWhitelist = "p2p.consensus_ip_whitelist" FlagCsTimeoutPropose = "consensus.timeout_propose" FlagCsTimeoutProposeDelta = "consensus.timeout_propose_delta" FlagCsTimeoutPrevote = "consensus.timeout_prevote" @@ -179,7 +180,6 @@ const ( FlagCsTimeoutPrecommit = "consensus.timeout_precommit" FlagCsTimeoutPrecommitDelta = "consensus.timeout_precommit_delta" FlagCsTimeoutCommit = "consensus.timeout_commit" - FlagConsensusIPWhitelist = "consensus.ip_whitelist" FlagEnableHasBlockPartMsg = "enable-blockpart-ack" FlagDebugGcInterval = "debug.gc-interval" FlagCommitGapOffset = "commit-gap-offset" From e81192fd4806f207ab9941e99aec7375ae34aa52 Mon Sep 17 00:00:00 2001 From: oker Date: Tue, 9 Jul 2024 17:38:17 +0800 Subject: [PATCH 09/12] let status rsp addr empty --- libs/tendermint/rpc/core/status.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libs/tendermint/rpc/core/status.go b/libs/tendermint/rpc/core/status.go index 9a22e31dd5..80f0f305c1 100644 --- a/libs/tendermint/rpc/core/status.go +++ b/libs/tendermint/rpc/core/status.go @@ -72,6 +72,8 @@ func Status(ctx *rpctypes.Context) (*ctypes.ResultStatus, error) { VotingPower: votingPower, }, } + result.NodeInfo.ListenAddr = "" + result.NodeInfo.Other.RPCAddress = "" // update Network to the ChainID in state result.NodeInfo.Network = env.ConsensusState.GetState().ChainID From 71dd5cffa8eb16e95e04a73644e036a1c8ddef92 Mon Sep 17 00:00:00 2001 From: chengzhinei Date: Wed, 10 Jul 2024 16:42:12 +0800 Subject: [PATCH 10/12] fix map nil --- app/config/config.go | 1 + 1 file changed, 1 insertion(+) diff --git a/app/config/config.go b/app/config/config.go index 7df6f17869..4ce4e1f685 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -249,6 +249,7 @@ func GetChainMaxGasUsedPerBlock() int64 { func GetOecConfig() *OecConfig { once.Do(func() { oecConfig = NewOecConfig() + oecConfig.consensusIPWhitelist = map[string]bool{} }) return oecConfig } From d78755abddecb3ce34b80c1a4e4c6a53529eee42 Mon Sep 17 00:00:00 2001 From: chengzhinei Date: Wed, 10 Jul 2024 16:42:25 +0800 Subject: [PATCH 11/12] fix map nil --- app/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/config/config.go b/app/config/config.go index 4ce4e1f685..ce13b4c422 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -249,7 +249,6 @@ func GetChainMaxGasUsedPerBlock() int64 { func GetOecConfig() *OecConfig { once.Do(func() { oecConfig = NewOecConfig() - oecConfig.consensusIPWhitelist = map[string]bool{} }) return oecConfig } @@ -286,6 +285,7 @@ func defaultOecConfig() *OecConfig { mempoolForceRecheckGap: 2000, commitGapHeight: iavlconfig.DefaultCommitGapHeight, iavlFSCacheSize: tmiavl.DefaultIavlFastStorageCacheSize, + consensusIPWhitelist: map[string]bool{}, } } From 06268fcd1f53685b7fcf051cb8b97c0848f778fd Mon Sep 17 00:00:00 2001 From: chengzhinei Date: Wed, 10 Jul 2024 17:34:50 +0800 Subject: [PATCH 12/12] fix map del --- app/config/config.go | 1 + 1 file changed, 1 insertion(+) diff --git a/app/config/config.go b/app/config/config.go index ce13b4c422..cfe6832c31 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -860,6 +860,7 @@ func (c *OecConfig) SetEnableP2PIPWhitelist(value bool) { } func (c *OecConfig) SetConsensusIPWhitelist(value string) { + c.consensusIPWhitelist = map[string]bool{} ipList := resolveNodeKeyWhitelist(value) for _, ip := range ipList { c.consensusIPWhitelist[strings.TrimSpace(ip)] = true