From 3221e522b5ea0f65323c61c45c42bd2ae2fa64a7 Mon Sep 17 00:00:00 2001 From: Jos Dehaes Date: Wed, 6 Mar 2024 10:59:10 +0100 Subject: [PATCH 1/9] feat: allow-outside-peers --- cli/src/commands/start.rs | 6 +++++- node/router/src/handshake.rs | 6 ++++++ node/router/src/heartbeat.rs | 15 ++++++++++++--- node/router/src/inbound.rs | 3 +++ node/router/src/lib.rs | 14 ++++++++++++++ node/router/tests/common/mod.rs | 3 +++ node/src/client/mod.rs | 1 + node/src/node.rs | 2 ++ node/src/prover/mod.rs | 1 + node/src/validator/mod.rs | 3 +++ node/tests/common/node.rs | 1 + 11 files changed, 51 insertions(+), 4 deletions(-) diff --git a/cli/src/commands/start.rs b/cli/src/commands/start.rs index 8205d35c05..b655be403a 100644 --- a/cli/src/commands/start.rs +++ b/cli/src/commands/start.rs @@ -144,6 +144,10 @@ pub struct Start { #[clap(long)] /// If development mode is enabled, specify the custom bonded balances as a json object. (default: None) dev_bonded_balances: Option, + + #[clap(long = "allow-outside-peers")] + /// If the flag is set, the validator will allow untrusted peers to connect + allow_outside_peers: bool, } impl Start { @@ -527,7 +531,7 @@ impl Start { // Initialize the node. let bft_ip = if self.dev.is_some() { self.bft } else { None }; match node_type { - NodeType::Validator => Node::new_validator(self.node, bft_ip, rest_ip, self.rest_rps, account, &trusted_peers, &trusted_validators, genesis, cdn, storage_mode).await, + NodeType::Validator => Node::new_validator(self.node, bft_ip, rest_ip, self.rest_rps, account, &trusted_peers, &trusted_validators, genesis, cdn, storage_mode, self.allow_outside_peers).await, NodeType::Prover => Node::new_prover(self.node, account, &trusted_peers, genesis, storage_mode).await, NodeType::Client => Node::new_client(self.node, rest_ip, self.rest_rps, account, &trusted_peers, genesis, cdn, storage_mode).await, } diff --git a/node/router/src/handshake.rs b/node/router/src/handshake.rs index 195298eaea..8a45cee439 100644 --- a/node/router/src/handshake.rs +++ b/node/router/src/handshake.rs @@ -264,6 +264,12 @@ impl Router { if self.is_connected(&peer_ip) { bail!("Dropping connection request from '{peer_ip}' (already connected)") } + // Only allow trusted peers to connect if we are a validator + // (unless allow_outside_peers is set) + let is_validator = self.node_type().is_validator(); + if is_validator && !self.allow_outside_peers() && !self.is_trusted(&peer_ip) { + bail!("Dropping connection request from '{peer_ip}' (untrusted)") + } // Ensure the peer is not restricted. if self.is_restricted(&peer_ip) { bail!("Dropping connection request from '{peer_ip}' (restricted)") diff --git a/node/router/src/heartbeat.rs b/node/router/src/heartbeat.rs index 9eb1247ea0..599da2c6ea 100644 --- a/node/router/src/heartbeat.rs +++ b/node/router/src/heartbeat.rs @@ -107,6 +107,12 @@ pub trait Heartbeat: Outbound { return; } + let is_validator = self.router().node_type().is_validator(); + // Skip if the node is not requesting peers. + if is_validator && !self.router().allow_outside_peers() { + return; + } + // Retrieve the trusted peers. let trusted = self.router().trusted_peers(); // Retrieve the bootstrap peers. @@ -216,9 +222,12 @@ pub trait Heartbeat: Outbound { for peer_ip in self.router().candidate_peers().into_iter().choose_multiple(rng, num_deficient) { self.router().connect(peer_ip); } - // Request more peers from the connected peers. - for peer_ip in self.router().connected_peers().into_iter().choose_multiple(rng, 3) { - self.send(peer_ip, Message::PeerRequest(PeerRequest)); + let is_validator = self.router().node_type().is_validator(); + if !is_validator || self.router().allow_outside_peers() { + // Request more peers from the connected peers. + for peer_ip in self.router().connected_peers().into_iter().choose_multiple(rng, 3) { + self.send(peer_ip, Message::PeerRequest(PeerRequest)); + } } } } diff --git a/node/router/src/inbound.rs b/node/router/src/inbound.rs index 3f29d28257..a44098042d 100644 --- a/node/router/src/inbound.rs +++ b/node/router/src/inbound.rs @@ -125,6 +125,9 @@ pub trait Inbound: Reading + Outbound { if !self.router().cache.contains_outbound_peer_request(peer_ip) { bail!("Peer '{peer_ip}' is not following the protocol (unexpected peer response)") } + if self.router().node_type().is_validator() && !self.router().allow_outside_peers() { + bail!("Not accepting peer response from '{peer_ip}' (validator gossip is disabled)"); + } match self.peer_response(peer_ip, &message.peers) { true => Ok(()), diff --git a/node/router/src/lib.rs b/node/router/src/lib.rs index 84b00a5031..5bba3cac41 100644 --- a/node/router/src/lib.rs +++ b/node/router/src/lib.rs @@ -95,6 +95,8 @@ pub struct InnerRouter { handles: Mutex>>, /// The boolean flag for the development mode. is_dev: bool, + /// If the flag is set, the node will not engage in P2P gossip to request more peers. + allow_outside_peers: bool, } impl Router { @@ -116,6 +118,7 @@ impl Router { trusted_peers: &[SocketAddr], max_peers: u16, is_dev: bool, + allow_outside_peers: bool, ) -> Result { // Initialize the TCP stack. let tcp = Tcp::new(Config::new(node_ip, max_peers)); @@ -133,6 +136,7 @@ impl Router { restricted_peers: Default::default(), handles: Default::default(), is_dev, + allow_outside_peers, }))) } } @@ -251,6 +255,11 @@ impl Router { self.is_dev } + /// Returns `true` if the node is not engaging in P2P gossip to request more peers. + pub fn allow_outside_peers(&self) -> bool { + self.allow_outside_peers + } + /// Returns the listener IP address from the (ambiguous) peer address. pub fn resolve_to_listener(&self, peer_addr: &SocketAddr) -> Option { self.resolver.get_listener(peer_addr) @@ -295,6 +304,11 @@ impl Router { .unwrap_or(false) } + /// Returns `true` if the given IP is trusted. + pub fn is_trusted(&self, ip: &SocketAddr) -> bool { + self.trusted_peers.contains(ip) + } + /// Returns the maximum number of connected peers. pub fn max_connected_peers(&self) -> usize { self.tcp.config().max_connections as usize diff --git a/node/router/tests/common/mod.rs b/node/router/tests/common/mod.rs index c173d43772..780bcbacac 100644 --- a/node/router/tests/common/mod.rs +++ b/node/router/tests/common/mod.rs @@ -78,6 +78,7 @@ pub async fn client(listening_port: u16, max_peers: u16) -> TestRouter TestRouter TestRouter> Client { trusted_peers, Self::MAXIMUM_NUMBER_OF_PEERS as u16, matches!(storage_mode, StorageMode::Development(_)), + false, ) .await?; // Load the coinbase puzzle. diff --git a/node/src/node.rs b/node/src/node.rs index e6435d6ef6..563f81f152 100644 --- a/node/src/node.rs +++ b/node/src/node.rs @@ -50,6 +50,7 @@ impl Node { genesis: Block, cdn: Option, storage_mode: StorageMode, + allow_outside_peers: bool, ) -> Result { Ok(Self::Validator(Arc::new( Validator::new( @@ -63,6 +64,7 @@ impl Node { genesis, cdn, storage_mode, + allow_outside_peers, ) .await?, ))) diff --git a/node/src/prover/mod.rs b/node/src/prover/mod.rs index 0872a35fd7..de71ead0a3 100644 --- a/node/src/prover/mod.rs +++ b/node/src/prover/mod.rs @@ -110,6 +110,7 @@ impl> Prover { trusted_peers, Self::MAXIMUM_NUMBER_OF_PEERS as u16, matches!(storage_mode, StorageMode::Development(_)), + false, ) .await?; // Load the coinbase puzzle. diff --git a/node/src/validator/mod.rs b/node/src/validator/mod.rs index efb8003f6e..8add855f6f 100644 --- a/node/src/validator/mod.rs +++ b/node/src/validator/mod.rs @@ -83,6 +83,7 @@ impl> Validator { genesis: Block, cdn: Option, storage_mode: StorageMode, + allow_outside_peers: bool, ) -> Result { // Prepare the shutdown flag. let shutdown: Arc = Default::default(); @@ -125,6 +126,7 @@ impl> Validator { trusted_peers, Self::MAXIMUM_NUMBER_OF_PEERS as u16, matches!(storage_mode, StorageMode::Development(_)), + allow_outside_peers, ) .await?; @@ -496,6 +498,7 @@ mod tests { genesis, None, storage_mode, + false, ) .await .unwrap(); diff --git a/node/tests/common/node.rs b/node/tests/common/node.rs index 80c0262903..5ac01167a9 100644 --- a/node/tests/common/node.rs +++ b/node/tests/common/node.rs @@ -59,6 +59,7 @@ pub async fn validator() -> Validator Date: Fri, 8 Mar 2024 15:57:40 +0100 Subject: [PATCH 2/9] feat: adjust devnet scripts --- .devnet/start.sh | 2 +- devnet.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.devnet/start.sh b/.devnet/start.sh index f4c635892b..bc90ebfbe3 100755 --- a/.devnet/start.sh +++ b/.devnet/start.sh @@ -37,7 +37,7 @@ start_snarkos_in_tmux() { tmux new-session -d -s snarkos-session # Send the snarkOS start command to the tmux session with the NODE_ID - tmux send-keys -t "snarkos-session" "snarkos start --nodisplay --bft 0.0.0.0:5000 --rest 0.0.0.0:3030 --peers $NODE_IP:4130 --validators $NODE_IP:5000 --rest-rps 1000 --verbosity $VERBOSITY --dev $NODE_ID --dev-num-validators $NUM_INSTANCES --validator --metrics" C-m + tmux send-keys -t "snarkos-session" "snarkos start --nodisplay --bft 0.0.0.0:5000 --rest 0.0.0.0:3030 --allow-outside-peers --peers $NODE_IP:4130 --validators $NODE_IP:5000 --rest-rps 1000 --verbosity $VERBOSITY --dev $NODE_ID --dev-num-validators $NUM_INSTANCES --validator --metrics" C-m exit # Exit root user EOF diff --git a/devnet.sh b/devnet.sh index e91627335a..de69a84081 100755 --- a/devnet.sh +++ b/devnet.sh @@ -64,12 +64,12 @@ for validator_index in "${validator_indices[@]}"; do # Send the command to start the validator to the new window and capture output to the log file if [ "$validator_index" -eq 0 ]; then - tmux send-keys -t "devnet:window$validator_index" "snarkos start --nodisplay --dev $validator_index --dev-num-validators $total_validators --validator --logfile $log_file --metrics" C-m + tmux send-keys -t "devnet:window$validator_index" "snarkos start --nodisplay --dev $validator_index --allow-outside-peers --dev-num-validators $total_validators --validator --logfile $log_file --metrics" C-m else # Create a new window with a unique name window_index=$((validator_index + index_offset)) tmux new-window -t "devnet:$window_index" -n "window$validator_index" - tmux send-keys -t "devnet:window$validator_index" "snarkos start --nodisplay --dev $validator_index --dev-num-validators $total_validators --validator --logfile $log_file" C-m + tmux send-keys -t "devnet:window$validator_index" "snarkos start --nodisplay --dev $validator_index --allow-outside-peers --dev-num-validators $total_validators --validator --logfile $log_file" C-m fi done From ce1ca027e7802a70dcf2ea1c8a1ca9c8842b437d Mon Sep 17 00:00:00 2001 From: Jos Dehaes Date: Fri, 8 Mar 2024 16:13:22 +0100 Subject: [PATCH 3/9] fix: test --- node/tests/common/node.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node/tests/common/node.rs b/node/tests/common/node.rs index 5ac01167a9..555ae52b86 100644 --- a/node/tests/common/node.rs +++ b/node/tests/common/node.rs @@ -59,7 +59,7 @@ pub async fn validator() -> Validator Date: Sun, 10 Mar 2024 23:33:04 +0100 Subject: [PATCH 4/9] fix: rename parameter --- cli/src/commands/start.rs | 6 +++--- node/router/src/handshake.rs | 4 ++-- node/router/src/heartbeat.rs | 4 ++-- node/router/src/inbound.rs | 2 +- node/router/src/lib.rs | 10 +++++----- node/src/node.rs | 4 ++-- node/src/validator/mod.rs | 4 ++-- 7 files changed, 17 insertions(+), 17 deletions(-) diff --git a/cli/src/commands/start.rs b/cli/src/commands/start.rs index b655be403a..796061cd9f 100644 --- a/cli/src/commands/start.rs +++ b/cli/src/commands/start.rs @@ -145,9 +145,9 @@ pub struct Start { /// If development mode is enabled, specify the custom bonded balances as a json object. (default: None) dev_bonded_balances: Option, - #[clap(long = "allow-outside-peers")] + #[clap(long = "allow-external-peers")] /// If the flag is set, the validator will allow untrusted peers to connect - allow_outside_peers: bool, + allow_external_peers: bool, } impl Start { @@ -531,7 +531,7 @@ impl Start { // Initialize the node. let bft_ip = if self.dev.is_some() { self.bft } else { None }; match node_type { - NodeType::Validator => Node::new_validator(self.node, bft_ip, rest_ip, self.rest_rps, account, &trusted_peers, &trusted_validators, genesis, cdn, storage_mode, self.allow_outside_peers).await, + NodeType::Validator => Node::new_validator(self.node, bft_ip, rest_ip, self.rest_rps, account, &trusted_peers, &trusted_validators, genesis, cdn, storage_mode, self.allow_external_peers).await, NodeType::Prover => Node::new_prover(self.node, account, &trusted_peers, genesis, storage_mode).await, NodeType::Client => Node::new_client(self.node, rest_ip, self.rest_rps, account, &trusted_peers, genesis, cdn, storage_mode).await, } diff --git a/node/router/src/handshake.rs b/node/router/src/handshake.rs index 8a45cee439..d5ef8cf87a 100644 --- a/node/router/src/handshake.rs +++ b/node/router/src/handshake.rs @@ -265,9 +265,9 @@ impl Router { bail!("Dropping connection request from '{peer_ip}' (already connected)") } // Only allow trusted peers to connect if we are a validator - // (unless allow_outside_peers is set) + // (unless allow_external_peers is set) let is_validator = self.node_type().is_validator(); - if is_validator && !self.allow_outside_peers() && !self.is_trusted(&peer_ip) { + if is_validator && !self.allow_external_peers() && !self.is_trusted(&peer_ip) { bail!("Dropping connection request from '{peer_ip}' (untrusted)") } // Ensure the peer is not restricted. diff --git a/node/router/src/heartbeat.rs b/node/router/src/heartbeat.rs index 599da2c6ea..7498b7d033 100644 --- a/node/router/src/heartbeat.rs +++ b/node/router/src/heartbeat.rs @@ -109,7 +109,7 @@ pub trait Heartbeat: Outbound { let is_validator = self.router().node_type().is_validator(); // Skip if the node is not requesting peers. - if is_validator && !self.router().allow_outside_peers() { + if is_validator && !self.router().allow_external_peers() { return; } @@ -223,7 +223,7 @@ pub trait Heartbeat: Outbound { self.router().connect(peer_ip); } let is_validator = self.router().node_type().is_validator(); - if !is_validator || self.router().allow_outside_peers() { + if !is_validator || self.router().allow_external_peers() { // Request more peers from the connected peers. for peer_ip in self.router().connected_peers().into_iter().choose_multiple(rng, 3) { self.send(peer_ip, Message::PeerRequest(PeerRequest)); diff --git a/node/router/src/inbound.rs b/node/router/src/inbound.rs index a44098042d..10c032936c 100644 --- a/node/router/src/inbound.rs +++ b/node/router/src/inbound.rs @@ -125,7 +125,7 @@ pub trait Inbound: Reading + Outbound { if !self.router().cache.contains_outbound_peer_request(peer_ip) { bail!("Peer '{peer_ip}' is not following the protocol (unexpected peer response)") } - if self.router().node_type().is_validator() && !self.router().allow_outside_peers() { + if self.router().node_type().is_validator() && !self.router().allow_external_peers() { bail!("Not accepting peer response from '{peer_ip}' (validator gossip is disabled)"); } diff --git a/node/router/src/lib.rs b/node/router/src/lib.rs index 5bba3cac41..239202b7d4 100644 --- a/node/router/src/lib.rs +++ b/node/router/src/lib.rs @@ -96,7 +96,7 @@ pub struct InnerRouter { /// The boolean flag for the development mode. is_dev: bool, /// If the flag is set, the node will not engage in P2P gossip to request more peers. - allow_outside_peers: bool, + allow_external_peers: bool, } impl Router { @@ -118,7 +118,7 @@ impl Router { trusted_peers: &[SocketAddr], max_peers: u16, is_dev: bool, - allow_outside_peers: bool, + allow_external_peers: bool, ) -> Result { // Initialize the TCP stack. let tcp = Tcp::new(Config::new(node_ip, max_peers)); @@ -136,7 +136,7 @@ impl Router { restricted_peers: Default::default(), handles: Default::default(), is_dev, - allow_outside_peers, + allow_external_peers, }))) } } @@ -256,8 +256,8 @@ impl Router { } /// Returns `true` if the node is not engaging in P2P gossip to request more peers. - pub fn allow_outside_peers(&self) -> bool { - self.allow_outside_peers + pub fn allow_external_peers(&self) -> bool { + self.allow_external_peers } /// Returns the listener IP address from the (ambiguous) peer address. diff --git a/node/src/node.rs b/node/src/node.rs index 563f81f152..5fcdd5ea5d 100644 --- a/node/src/node.rs +++ b/node/src/node.rs @@ -50,7 +50,7 @@ impl Node { genesis: Block, cdn: Option, storage_mode: StorageMode, - allow_outside_peers: bool, + allow_external_peers: bool, ) -> Result { Ok(Self::Validator(Arc::new( Validator::new( @@ -64,7 +64,7 @@ impl Node { genesis, cdn, storage_mode, - allow_outside_peers, + allow_external_peers, ) .await?, ))) diff --git a/node/src/validator/mod.rs b/node/src/validator/mod.rs index 8add855f6f..cf8bbf13b8 100644 --- a/node/src/validator/mod.rs +++ b/node/src/validator/mod.rs @@ -83,7 +83,7 @@ impl> Validator { genesis: Block, cdn: Option, storage_mode: StorageMode, - allow_outside_peers: bool, + allow_external_peers: bool, ) -> Result { // Prepare the shutdown flag. let shutdown: Arc = Default::default(); @@ -126,7 +126,7 @@ impl> Validator { trusted_peers, Self::MAXIMUM_NUMBER_OF_PEERS as u16, matches!(storage_mode, StorageMode::Development(_)), - allow_outside_peers, + allow_external_peers, ) .await?; From a682e2a35d0e8c316a040a9c2ac98a2066daf62b Mon Sep 17 00:00:00 2001 From: Jos Dehaes Date: Wed, 13 Mar 2024 08:36:06 +0100 Subject: [PATCH 5/9] fix: rename parameter in script --- .devnet/start.sh | 2 +- devnet.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.devnet/start.sh b/.devnet/start.sh index bc90ebfbe3..77294f080c 100755 --- a/.devnet/start.sh +++ b/.devnet/start.sh @@ -37,7 +37,7 @@ start_snarkos_in_tmux() { tmux new-session -d -s snarkos-session # Send the snarkOS start command to the tmux session with the NODE_ID - tmux send-keys -t "snarkos-session" "snarkos start --nodisplay --bft 0.0.0.0:5000 --rest 0.0.0.0:3030 --allow-outside-peers --peers $NODE_IP:4130 --validators $NODE_IP:5000 --rest-rps 1000 --verbosity $VERBOSITY --dev $NODE_ID --dev-num-validators $NUM_INSTANCES --validator --metrics" C-m + tmux send-keys -t "snarkos-session" "snarkos start --nodisplay --bft 0.0.0.0:5000 --rest 0.0.0.0:3030 --allow-external-peers --peers $NODE_IP:4130 --validators $NODE_IP:5000 --rest-rps 1000 --verbosity $VERBOSITY --dev $NODE_ID --dev-num-validators $NUM_INSTANCES --validator --metrics" C-m exit # Exit root user EOF diff --git a/devnet.sh b/devnet.sh index de69a84081..ce2ac870a4 100755 --- a/devnet.sh +++ b/devnet.sh @@ -64,12 +64,12 @@ for validator_index in "${validator_indices[@]}"; do # Send the command to start the validator to the new window and capture output to the log file if [ "$validator_index" -eq 0 ]; then - tmux send-keys -t "devnet:window$validator_index" "snarkos start --nodisplay --dev $validator_index --allow-outside-peers --dev-num-validators $total_validators --validator --logfile $log_file --metrics" C-m + tmux send-keys -t "devnet:window$validator_index" "snarkos start --nodisplay --dev $validator_index --allow-external-peers --dev-num-validators $total_validators --validator --logfile $log_file --metrics" C-m else # Create a new window with a unique name window_index=$((validator_index + index_offset)) tmux new-window -t "devnet:$window_index" -n "window$validator_index" - tmux send-keys -t "devnet:window$validator_index" "snarkos start --nodisplay --dev $validator_index --allow-outside-peers --dev-num-validators $total_validators --validator --logfile $log_file" C-m + tmux send-keys -t "devnet:window$validator_index" "snarkos start --nodisplay --dev $validator_index --allow-external-peers --dev-num-validators $total_validators --validator --logfile $log_file" C-m fi done From 6e14920d74f1aae67634b79f19733d86c1fe52f4 Mon Sep 17 00:00:00 2001 From: Jos Dehaes Date: Fri, 15 Mar 2024 10:12:41 +0100 Subject: [PATCH 6/9] fix: allow external peers for non-validators --- node/router/tests/common/mod.rs | 4 ++-- node/src/client/mod.rs | 2 +- node/src/prover/mod.rs | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/node/router/tests/common/mod.rs b/node/router/tests/common/mod.rs index 780bcbacac..9a0844a3f9 100644 --- a/node/router/tests/common/mod.rs +++ b/node/router/tests/common/mod.rs @@ -78,7 +78,7 @@ pub async fn client(listening_port: u16, max_peers: u16) -> TestRouter TestRouter> Client { trusted_peers, Self::MAXIMUM_NUMBER_OF_PEERS as u16, matches!(storage_mode, StorageMode::Development(_)), - false, + true, ) .await?; // Load the coinbase puzzle. diff --git a/node/src/prover/mod.rs b/node/src/prover/mod.rs index de71ead0a3..5383b16d88 100644 --- a/node/src/prover/mod.rs +++ b/node/src/prover/mod.rs @@ -110,7 +110,7 @@ impl> Prover { trusted_peers, Self::MAXIMUM_NUMBER_OF_PEERS as u16, matches!(storage_mode, StorageMode::Development(_)), - false, + true, ) .await?; // Load the coinbase puzzle. From 8ecd4e1ca28f77b31976d74250fa7b5d05e28e9d Mon Sep 17 00:00:00 2001 From: Victor Sint Nicolaas Date: Fri, 15 Mar 2024 19:07:20 +0100 Subject: [PATCH 7/9] Use allow_external_peers without checking is_validator --- node/router/src/handshake.rs | 6 ++---- node/router/src/heartbeat.rs | 6 ++---- node/router/src/inbound.rs | 2 +- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/node/router/src/handshake.rs b/node/router/src/handshake.rs index d5ef8cf87a..57198692d4 100644 --- a/node/router/src/handshake.rs +++ b/node/router/src/handshake.rs @@ -264,10 +264,8 @@ impl Router { if self.is_connected(&peer_ip) { bail!("Dropping connection request from '{peer_ip}' (already connected)") } - // Only allow trusted peers to connect if we are a validator - // (unless allow_external_peers is set) - let is_validator = self.node_type().is_validator(); - if is_validator && !self.allow_external_peers() && !self.is_trusted(&peer_ip) { + // Only allow trusted peers to connect if allow_external_peers is set + if !self.allow_external_peers() && !self.is_trusted(&peer_ip) { bail!("Dropping connection request from '{peer_ip}' (untrusted)") } // Ensure the peer is not restricted. diff --git a/node/router/src/heartbeat.rs b/node/router/src/heartbeat.rs index 7498b7d033..ae84ba21aa 100644 --- a/node/router/src/heartbeat.rs +++ b/node/router/src/heartbeat.rs @@ -107,9 +107,8 @@ pub trait Heartbeat: Outbound { return; } - let is_validator = self.router().node_type().is_validator(); // Skip if the node is not requesting peers. - if is_validator && !self.router().allow_external_peers() { + if !self.router().allow_external_peers() { return; } @@ -222,8 +221,7 @@ pub trait Heartbeat: Outbound { for peer_ip in self.router().candidate_peers().into_iter().choose_multiple(rng, num_deficient) { self.router().connect(peer_ip); } - let is_validator = self.router().node_type().is_validator(); - if !is_validator || self.router().allow_external_peers() { + if self.router().allow_external_peers() { // Request more peers from the connected peers. for peer_ip in self.router().connected_peers().into_iter().choose_multiple(rng, 3) { self.send(peer_ip, Message::PeerRequest(PeerRequest)); diff --git a/node/router/src/inbound.rs b/node/router/src/inbound.rs index 8e26427fdb..e99072dfc2 100644 --- a/node/router/src/inbound.rs +++ b/node/router/src/inbound.rs @@ -125,7 +125,7 @@ pub trait Inbound: Reading + Outbound { if !self.router().cache.contains_outbound_peer_request(peer_ip) { bail!("Peer '{peer_ip}' is not following the protocol (unexpected peer response)") } - if self.router().node_type().is_validator() && !self.router().allow_external_peers() { + if !self.router().allow_external_peers() { bail!("Not accepting peer response from '{peer_ip}' (validator gossip is disabled)"); } From a74d62684ba5c11c07ac8d79472cfa13bfc5ff96 Mon Sep 17 00:00:00 2001 From: Victor Sint Nicolaas Date: Fri, 15 Mar 2024 19:13:08 +0100 Subject: [PATCH 8/9] Nit: Reverse order of arguments --- cli/src/commands/start.rs | 6 +++--- node/router/src/lib.rs | 8 ++++---- node/router/tests/common/mod.rs | 2 +- node/src/client/mod.rs | 4 +++- node/src/node.rs | 4 ++-- node/src/prover/mod.rs | 4 +++- node/src/validator/mod.rs | 6 +++--- node/tests/common/node.rs | 2 +- 8 files changed, 20 insertions(+), 16 deletions(-) diff --git a/cli/src/commands/start.rs b/cli/src/commands/start.rs index 3f8da6a5f6..f618c66e04 100644 --- a/cli/src/commands/start.rs +++ b/cli/src/commands/start.rs @@ -144,12 +144,12 @@ pub struct Start { #[clap(long = "storage_path")] pub storage_path: Option, - #[clap(long)] /// If development mode is enabled, specify the custom bonded balances as a json object. (default: None) + #[clap(long)] dev_bonded_balances: Option, - #[clap(long = "allow-external-peers")] /// If the flag is set, the validator will allow untrusted peers to connect + #[clap(long = "allow-external-peers")] allow_external_peers: bool, } @@ -546,7 +546,7 @@ impl Start { // Initialize the node. let bft_ip = if self.dev.is_some() { self.bft } else { None }; match node_type { - NodeType::Validator => Node::new_validator(self.node, bft_ip, rest_ip, self.rest_rps, account, &trusted_peers, &trusted_validators, genesis, cdn, storage_mode, dev_txs, self.allow_external_peers).await, + NodeType::Validator => Node::new_validator(self.node, bft_ip, rest_ip, self.rest_rps, account, &trusted_peers, &trusted_validators, genesis, cdn, storage_mode, self.allow_external_peers, dev_txs).await, NodeType::Prover => Node::new_prover(self.node, account, &trusted_peers, genesis, storage_mode).await, NodeType::Client => Node::new_client(self.node, rest_ip, self.rest_rps, account, &trusted_peers, genesis, cdn, storage_mode).await, } diff --git a/node/router/src/lib.rs b/node/router/src/lib.rs index 239202b7d4..c171e72f6d 100644 --- a/node/router/src/lib.rs +++ b/node/router/src/lib.rs @@ -93,10 +93,10 @@ pub struct InnerRouter { restricted_peers: RwLock>, /// The spawned handles. handles: Mutex>>, - /// The boolean flag for the development mode. - is_dev: bool, /// If the flag is set, the node will not engage in P2P gossip to request more peers. allow_external_peers: bool, + /// The boolean flag for the development mode. + is_dev: bool, } impl Router { @@ -117,8 +117,8 @@ impl Router { account: Account, trusted_peers: &[SocketAddr], max_peers: u16, - is_dev: bool, allow_external_peers: bool, + is_dev: bool, ) -> Result { // Initialize the TCP stack. let tcp = Tcp::new(Config::new(node_ip, max_peers)); @@ -135,8 +135,8 @@ impl Router { candidate_peers: Default::default(), restricted_peers: Default::default(), handles: Default::default(), - is_dev, allow_external_peers, + is_dev, }))) } } diff --git a/node/router/tests/common/mod.rs b/node/router/tests/common/mod.rs index 9a0844a3f9..7aa86c0546 100644 --- a/node/router/tests/common/mod.rs +++ b/node/router/tests/common/mod.rs @@ -111,8 +111,8 @@ pub async fn validator(listening_port: u16, max_peers: u16) -> TestRouter> Client { let ledger_service = Arc::new(CoreLedgerService::::new(ledger.clone(), shutdown.clone())); // Initialize the sync module. let sync = BlockSync::new(BlockSyncMode::Router, ledger_service.clone()); + // Determine if the client should allow external peers. + let allow_external_peers = true; // Initialize the node router. let router = Router::new( @@ -116,8 +118,8 @@ impl> Client { account, trusted_peers, Self::MAXIMUM_NUMBER_OF_PEERS as u16, + allow_external_peers, matches!(storage_mode, StorageMode::Development(_)), - true, ) .await?; // Load the coinbase puzzle. diff --git a/node/src/node.rs b/node/src/node.rs index 259f654a0e..9c4ce40299 100644 --- a/node/src/node.rs +++ b/node/src/node.rs @@ -50,8 +50,8 @@ impl Node { genesis: Block, cdn: Option, storage_mode: StorageMode, - dev_txs: bool, allow_external_peers: bool, + dev_txs: bool, ) -> Result { Ok(Self::Validator(Arc::new( Validator::new( @@ -65,8 +65,8 @@ impl Node { genesis, cdn, storage_mode, - dev_txs, allow_external_peers, + dev_txs, ) .await?, ))) diff --git a/node/src/prover/mod.rs b/node/src/prover/mod.rs index 5383b16d88..30b5c04a6d 100644 --- a/node/src/prover/mod.rs +++ b/node/src/prover/mod.rs @@ -101,6 +101,8 @@ impl> Prover { let ledger_service = Arc::new(ProverLedgerService::new()); // Initialize the sync module. let sync = BlockSync::new(BlockSyncMode::Router, ledger_service.clone()); + // Determine if the prover should allow external peers. + let allow_external_peers = true; // Initialize the node router. let router = Router::new( @@ -109,8 +111,8 @@ impl> Prover { account, trusted_peers, Self::MAXIMUM_NUMBER_OF_PEERS as u16, + allow_external_peers, matches!(storage_mode, StorageMode::Development(_)), - true, ) .await?; // Load the coinbase puzzle. diff --git a/node/src/validator/mod.rs b/node/src/validator/mod.rs index d23dc4dab4..643254f2f9 100644 --- a/node/src/validator/mod.rs +++ b/node/src/validator/mod.rs @@ -83,8 +83,8 @@ impl> Validator { genesis: Block, cdn: Option, storage_mode: StorageMode, - dev_txs: bool, allow_external_peers: bool, + dev_txs: bool, ) -> Result { // Prepare the shutdown flag. let shutdown: Arc = Default::default(); @@ -126,8 +126,8 @@ impl> Validator { account, trusted_peers, Self::MAXIMUM_NUMBER_OF_PEERS as u16, - matches!(storage_mode, StorageMode::Development(_)), allow_external_peers, + matches!(storage_mode, StorageMode::Development(_)), ) .await?; @@ -500,8 +500,8 @@ mod tests { genesis, None, storage_mode, - dev_txs, false, + dev_txs, ) .await .unwrap(); diff --git a/node/tests/common/node.rs b/node/tests/common/node.rs index 1c390d71cc..503a6f867e 100644 --- a/node/tests/common/node.rs +++ b/node/tests/common/node.rs @@ -59,8 +59,8 @@ pub async fn validator() -> Validator Date: Fri, 15 Mar 2024 19:23:53 +0100 Subject: [PATCH 9/9] Correct comments --- node/router/src/lib.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/node/router/src/lib.rs b/node/router/src/lib.rs index c171e72f6d..748870deda 100644 --- a/node/router/src/lib.rs +++ b/node/router/src/lib.rs @@ -93,7 +93,7 @@ pub struct InnerRouter { restricted_peers: RwLock>, /// The spawned handles. handles: Mutex>>, - /// If the flag is set, the node will not engage in P2P gossip to request more peers. + /// If the flag is set, the node will engage in P2P gossip to request more peers. allow_external_peers: bool, /// The boolean flag for the development mode. is_dev: bool, @@ -255,7 +255,7 @@ impl Router { self.is_dev } - /// Returns `true` if the node is not engaging in P2P gossip to request more peers. + /// Returns `true` if the node is engaging in P2P gossip to request more peers. pub fn allow_external_peers(&self) -> bool { self.allow_external_peers }