Connection filter

Cargo.toml

@@ -42,6 +42,7 @@ ethcore-light = { path = "ethcore/light" }
 ethcore-logger = { path = "logger" }
 ethcore-stratum = { path = "stratum" }
 ethcore-network = { path = "util/network" }
+node-filter = { path = "ethcore/node_filter" }
 ethkey = { path = "ethkey" }
 rlp = { path = "util/rlp" }
 rpc-cli = { path = "rpc_cli" }

ethcore/native_contracts/build.rs

@@ -28,6 +28,7 @@ const SERVICE_TRANSACTION_ABI: &'static str = include_str!("res/service_transact
 const SECRETSTORE_ACL_STORAGE_ABI: &'static str = include_str!("res/secretstore_acl_storage.json");
 const VALIDATOR_SET_ABI: &'static str = include_str!("res/validator_set.json");
 const VALIDATOR_REPORT_ABI: &'static str = include_str!("res/validator_report.json");
+const PEER_SET_ABI: &'static str = include_str!("res/peer_set.json");
 
 const TEST_VALIDATOR_SET_ABI: &'static str = include_str!("res/test_validator_set.json");
 
@@ -53,6 +54,7 @@ fn main() {
 	build_file("SecretStoreAclStorage", SECRETSTORE_ACL_STORAGE_ABI, "secretstore_acl_storage.rs");
 	build_file("ValidatorSet", VALIDATOR_SET_ABI, "validator_set.rs");
 	build_file("ValidatorReport", VALIDATOR_REPORT_ABI, "validator_report.rs");
+	build_file("PeerSet", PEER_SET_ABI, "peer_set.rs");
 
 	build_test_contracts();
 }

ethcore/native_contracts/res/peer_set.json

@@ -0,0 +1 @@
+[{"constant":true,"inputs":[{"name":"sl","type":"bytes32"},{"name":"sh","type":"bytes32"},{"name":"pl","type":"bytes32"},{"name":"ph","type":"bytes32"}],"name":"connectionAllowed","outputs":[{"name":"res","type":"bool"}],"payable":false,"type":"function"},{"inputs":[],"payable":false,"type":"constructor"}]

ethcore/native_contracts/src/lib.rs

@@ -30,6 +30,7 @@ mod service_transaction;
 mod secretstore_acl_storage;
 mod validator_set;
 mod validator_report;
+mod peer_set;
 
 pub mod test_contracts;
 
@@ -40,3 +41,4 @@ pub use self::service_transaction::ServiceTransactionChecker;
 pub use self::secretstore_acl_storage::SecretStoreAclStorage;
 pub use self::validator_set::ValidatorSet;
 pub use self::validator_report::ValidatorReport;
+pub use self::peer_set::PeerSet;

ethcore/native_contracts/src/peer_set.rs

@@ -0,0 +1,21 @@
+// Copyright 2015-2017 Parity Technologies (UK) Ltd.
+// This file is part of Parity.
+
+// Parity is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity.  If not, see <http://www.gnu.org/licenses/>.
+
+#![allow(unused_mut, unused_variables, unused_imports)]
+
+//! Peer set contract.
+
+include!(concat!(env!("OUT_DIR"), "/peer_set.rs"));

ethcore/node_filter/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+description = "Parity smart network connections"
+homepage = "http://parity.io"
+license = "GPL-3.0"
+name = "node-filter"
+version = "1.8.0"
+authors = ["Parity Technologies <admin@parity.io>"]
+
+[dependencies]
+ethcore = { path = ".."}
+ethcore-util = { path = "../../util" }
+ethcore-io = { path = "../../util/io" }
+ethcore-network = { path = "../../util/network" }
+native-contracts = { path = "../native_contracts" }
+futures = "0.1"
+log = "0.3"

ethcore/node_filter/res/node_filter.json

@@ -0,0 +1,44 @@
+{
+	"name": "TestNodeFilterContract",
+	"engine": {
+		"authorityRound": {
+			"params": {
+				"stepDuration": 1,
+				"startStep": 2,
+				"validators": {
+					"contract": "0x0000000000000000000000000000000000000005"
+				}
+			}
+		}
+	},
+	"params": {
+		"accountStartNonce": "0x0",
+		"maximumExtraDataSize": "0x20",
+		"minGasLimit": "0x1388",
+		"networkID" : "0x69",
+		"gasLimitBoundDivisor": "0x0400"
+	},
+	"genesis": {
+		"seal": {
+			"generic": "0xc180"
+		},
+		"difficulty": "0x20000",
+		"author": "0x0000000000000000000000000000000000000000",
+		"timestamp": "0x00",
+		"parentHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
+		"extraData": "0x",
+		"gasLimit": "0x222222"
+	},
+	"accounts": {
+		"0000000000000000000000000000000000000001": { "balance": "1", "builtin": { "name": "ecrecover", "pricing": { "linear": { "base": 3000, "word": 0 } } } },
+		"0000000000000000000000000000000000000002": { "balance": "1", "builtin": { "name": "sha256", "pricing": { "linear": { "base": 60, "word": 12 } } } },
+		"0000000000000000000000000000000000000003": { "balance": "1", "builtin": { "name": "ripemd160", "pricing": { "linear": { "base": 600, "word": 120 } } } },
+		"0000000000000000000000000000000000000004": { "balance": "1", "builtin": { "name": "identity", "pricing": { "linear": { "base": 15, "word": 3 } } } },
+		"0000000000000000000000000000000000000005": {
+			"balance": "1",
+			"constructor": "6060604052341561000f57600080fd5b5b6012600102600080601160010260001916815260200190815260200160002081600019169055506022600102600080602160010260001916815260200190815260200160002081600019169055506032600102600080603160010260001916815260200190815260200160002081600019169055506042600102600080604160010260001916815260200190815260200160002081600019169055505b5b610155806100bd6000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063994d790a1461003e575b600080fd5b341561004957600080fd5b61008a6004808035600019169060200190919080356000191690602001909190803560001916906020019091908035600019169060200190919050506100a4565b604051808215151515815260200191505060405180910390f35b60006001800285600019161480156100c3575060026001028460001916145b156100d15760019050610121565b60006001028360001916141580156100f157506000600102826000191614155b801561011e5750816000191660008085600019166000191681526020019081526020016000205460001916145b90505b9493505050505600a165627a7a723058202082b8d8667fd397925f39785d8e804540beda0524d28af15921375145dfcc250029"
+		},
+		"0x7d577a597b2742b498cb5cf0c26cdcd726d39e6e": { "balance": "1606938044258990275541962092341162602522202993782792835301376" },
+		"0x82a978b3f5962a5b0957d9ee9eef472ee55b42f1": { "balance": "1606938044258990275541962092341162602522202993782792835301376" }
+	}
+}

ethcore/node_filter/src/lib.rs

@@ -0,0 +1,154 @@
+// Copyright 2015-2017 Parity Technologies (UK) Ltd.
+// This file is part of Parity.
+
+// Parity is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Smart contract based node filter.
+
+extern crate ethcore;
+extern crate ethcore_util as util;
+extern crate ethcore_network as network;
+extern crate native_contracts;
+extern crate futures;
+#[cfg(test)] extern crate ethcore_io as io;
+#[macro_use] extern crate log;
+
+use std::sync::Weak;
+use std::collections::HashMap;
+use native_contracts::PeerSet as Contract;
+use network::{NodeId, ConnectionFilter, ConnectionDirection};
+use ethcore::client::{BlockChainClient, BlockId, ChainNotify};
+use util::{Mutex, Address, H256, Bytes};
+use futures::Future;
+
+const MAX_CACHE_SIZE: usize = 4096;
+
+/// Connection filter that uses a contract to manage permissions.
+pub struct NodeFilter {
+	contract: Mutex<Option<Contract>>,
+	client: Weak<BlockChainClient>,
+	contract_address: Address,
+	permission_cache: Mutex<HashMap<NodeId, bool>>,
+}
+
+impl NodeFilter {
+	/// Create a new instance. Accepts a contract address.
+	pub fn new(client: Weak<BlockChainClient>, contract_address: Address) -> NodeFilter {
+		NodeFilter {
+			contract: Mutex::new(None),
+			client: client,
+			contract_address: contract_address,
+			permission_cache: Mutex::new(HashMap::new()),
+		}
+	}
+
+	/// Clear cached permissions.
+	pub fn clear_cache(&self) {
+		self.permission_cache.lock().clear();
+	}
+}
+
+impl ConnectionFilter for NodeFilter {
+	fn connection_allowed(&self, own_id: &NodeId, connecting_id: &NodeId, _direction: ConnectionDirection) -> bool {
+
+		let mut cache = self.permission_cache.lock();
+		if let Some(res) = cache.get(connecting_id) {
+			return *res;
+		}
+
+		let mut contract = self.contract.lock();
+		if contract.is_none() {
+			*contract = Some(Contract::new(self.contract_address));
+		}
+
+		let allowed = match (self.client.upgrade(), &*contract) {
+			(Some(ref client), &Some(ref contract)) => {
+				let own_low = H256::from_slice(&own_id[0..32]);
+				let own_high = H256::from_slice(&own_id[32..64]);
+				let id_low = H256::from_slice(&connecting_id[0..32]);
+				let id_high = H256::from_slice(&connecting_id[32..64]);
+				let allowed = contract.connection_allowed(
+					|addr, data| futures::done(client.call_contract(BlockId::Latest, addr, data)),
+					own_low,
+					own_high,
+					id_low,
+					id_high,
+				).wait().unwrap_or_else(|e| {
+					debug!("Error callling peer set contract: {:?}", e);
+					false
+				});
+
+				allowed
+			}
+			_ => false,
+		};
+
+		if cache.len() < MAX_CACHE_SIZE {
+			cache.insert(*connecting_id, allowed);
+		}
+		allowed
+	}
+}
+
+impl ChainNotify for NodeFilter {
+	fn new_blocks(&self, imported: Vec<H256>, _invalid: Vec<H256>, _enacted: Vec<H256>, _retracted: Vec<H256>, _sealed: Vec<H256>, _proposed: Vec<Bytes>, _duration: u64) {
+		if !imported.is_empty() {
+			self.clear_cache();
+		}
+	}
+}
+
+
+#[cfg(test)]
+mod test {
+	use std::sync::{Arc, Weak};
+	use std::str::FromStr;
+	use ethcore::spec::Spec;
+	use ethcore::client::{BlockChainClient, Client, ClientConfig};
+	use ethcore::miner::Miner;
+	use util::{Address};
+	use network::{ConnectionDirection, ConnectionFilter, NodeId};
+	use io::IoChannel;
+	use super::NodeFilter;
+
+	/// Contract code: https://gist.github.com/arkpar/467dbcc73cbb85b0997a7a10ffa0695f
+	#[test]
+	fn node_filter() {
+		let contract_addr = Address::from_str("0000000000000000000000000000000000000005").unwrap();
+		let data = include_bytes!("../res/node_filter.json");
+		let spec = Spec::load(::std::env::temp_dir(), &data[..]).unwrap();
+		let client_db = Arc::new(::util::kvdb::in_memory(::ethcore::db::NUM_COLUMNS.unwrap_or(0)));
+
+		let client = Client::new(
+			ClientConfig::default(),
+			&spec,
+			client_db,
+			Arc::new(Miner::with_spec(&spec)),
+			IoChannel::disconnected(),
+		).unwrap();
+		let filter = NodeFilter::new(Arc::downgrade(&client) as Weak<BlockChainClient>, contract_addr);
+		let self1 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002").unwrap();
+		let self2 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000003").unwrap();
+		let node1 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000012").unwrap();
+		let node2 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000022").unwrap();
+		let nodex = NodeId::from_str("77000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap();
+
+		assert!(filter.connection_allowed(&self1, &node1, ConnectionDirection::Inbound));
+		assert!(filter.connection_allowed(&self1, &nodex, ConnectionDirection::Inbound));
+		filter.clear_cache();
+		assert!(filter.connection_allowed(&self2, &node1, ConnectionDirection::Inbound));
+		assert!(filter.connection_allowed(&self2, &node2, ConnectionDirection::Inbound));
+		assert!(!filter.connection_allowed(&self2, &nodex, ConnectionDirection::Inbound));
+	}
+}

ethcore/src/spec/spec.rs

@@ -100,6 +100,8 @@ pub struct CommonParams {
 	pub block_reward: U256,
 	/// Registrar contract address.
 	pub registrar: Address,
+	/// Node permission managing contract address.
+	pub node_permission_contract: Option<Address>,
 }
 
 impl CommonParams {
@@ -171,6 +173,7 @@ impl From<ethjson::spec::Params> for CommonParams {
 			gas_limit_bound_divisor: p.gas_limit_bound_divisor.into(),
 			block_reward: p.block_reward.map_or_else(U256::zero, Into::into),
 			registrar: p.registrar.map_or_else(Address::new, Into::into),
+			node_permission_contract: p.node_permission_contract.map(Into::into),
 		}
 	}
 }

json/src/spec/params.rs

@@ -102,6 +102,9 @@ pub struct Params {
 	pub block_reward: Option<Uint>,
 	/// See `CommonParams` docs.
 	pub registrar: Option<Address>,
+	/// Node permission contract address.
+	#[serde(rename="nodePermissionContract")]
+	pub node_permission_contract: Option<Address>,
 }
 
 #[cfg(test)]

parity/main.rs

@@ -68,6 +68,7 @@ extern crate parity_updater as updater;
 extern crate parity_whisper;
 extern crate path;
 extern crate rpc_cli;
+extern crate node_filter;
 
 #[macro_use]
 extern crate log as rlog;

parity/modules.rs

@@ -19,7 +19,7 @@ use std::path::Path;
 
 use ethcore::client::BlockChainClient;
 use hypervisor::Hypervisor;
-use ethsync::{AttachedProtocol, SyncConfig, NetworkConfiguration, NetworkError, Params};
+use ethsync::{AttachedProtocol, SyncConfig, NetworkConfiguration, NetworkError, Params, ConnectionFilter};
 use ethcore::snapshot::SnapshotService;
 use light::Provider;
 
@@ -183,6 +183,7 @@ pub fn sync(
 	provider: Arc<Provider>,
 	_log_settings: &LogConfig,
 	attached_protos: Vec<AttachedProtocol>,
+	connection_filter: Option<Arc<ConnectionFilter>>,
 ) -> Result<SyncModules, NetworkError> {
 	let eth_sync = EthSync::new(Params {
 		config: sync_cfg,
@@ -191,7 +192,8 @@ pub fn sync(
 		snapshot_service: snapshot_service,
 		network_config: net_cfg,
 		attached_protos: attached_protos,
-	})?;
+	},
+	connection_filter)?;
 
 	Ok((eth_sync.clone() as Arc<SyncProvider>, eth_sync.clone() as Arc<ManageNetwork>, eth_sync.clone() as Arc<ChainNotify>))
 }