gitee.com/liu-zhao234568/cntest@v1.0.0/p2p/discover/v4_udp.go (about) 1 // Copyright 2019 The go-ethereum Authors 2 // This file is part of the go-ethereum library. 3 // 4 // The go-ethereum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The go-ethereum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package discover 18 19 import ( 20 "bytes" 21 "container/list" 22 "context" 23 "crypto/ecdsa" 24 crand "crypto/rand" 25 "errors" 26 "fmt" 27 "io" 28 "net" 29 "sync" 30 "time" 31 32 "gitee.com/liu-zhao234568/cntest/crypto" 33 "gitee.com/liu-zhao234568/cntest/log" 34 "gitee.com/liu-zhao234568/cntest/p2p/discover/v4wire" 35 "gitee.com/liu-zhao234568/cntest/p2p/enode" 36 "gitee.com/liu-zhao234568/cntest/p2p/netutil" 37 ) 38 39 // Errors 40 var ( 41 errExpired = errors.New("expired") 42 errUnsolicitedReply = errors.New("unsolicited reply") 43 errUnknownNode = errors.New("unknown node") 44 errTimeout = errors.New("RPC timeout") 45 errClockWarp = errors.New("reply deadline too far in the future") 46 errClosed = errors.New("socket closed") 47 errLowPort = errors.New("low port") 48 ) 49 50 const ( 51 respTimeout = 500 * time.Millisecond 52 expiration = 20 * time.Second 53 bondExpiration = 24 * time.Hour 54 55 maxFindnodeFailures = 5 // nodes exceeding this limit are dropped 56 ntpFailureThreshold = 32 // Continuous timeouts after which to check NTP 57 ntpWarningCooldown = 10 * time.Minute // Minimum amount of time to pass before repeating NTP warning 58 driftThreshold = 10 * time.Second // Allowed clock drift before warning user 59 60 // Discovery packets are defined to be no larger than 1280 bytes. 61 // Packets larger than this size will be cut at the end and treated 62 // as invalid because their hash won't match. 63 maxPacketSize = 1280 64 ) 65 66 // UDPv4 implements the v4 wire protocol. 67 type UDPv4 struct { 68 conn UDPConn 69 log log.Logger 70 netrestrict *netutil.Netlist 71 priv *ecdsa.PrivateKey 72 localNode *enode.LocalNode 73 db *enode.DB 74 tab *Table 75 closeOnce sync.Once 76 wg sync.WaitGroup 77 78 addReplyMatcher chan *replyMatcher 79 gotreply chan reply 80 closeCtx context.Context 81 cancelCloseCtx context.CancelFunc 82 } 83 84 // replyMatcher represents a pending reply. 85 // 86 // Some implementations of the protocol wish to send more than one 87 // reply packet to findnode. In general, any neighbors packet cannot 88 // be matched up with a specific findnode packet. 89 // 90 // Our implementation handles this by storing a callback function for 91 // each pending reply. Incoming packets from a node are dispatched 92 // to all callback functions for that node. 93 type replyMatcher struct { 94 // these fields must match in the reply. 95 from enode.ID 96 ip net.IP 97 ptype byte 98 99 // time when the request must complete 100 deadline time.Time 101 102 // callback is called when a matching reply arrives. If it returns matched == true, the 103 // reply was acceptable. The second return value indicates whether the callback should 104 // be removed from the pending reply queue. If it returns false, the reply is considered 105 // incomplete and the callback will be invoked again for the next matching reply. 106 callback replyMatchFunc 107 108 // errc receives nil when the callback indicates completion or an 109 // error if no further reply is received within the timeout. 110 errc chan error 111 112 // reply contains the most recent reply. This field is safe for reading after errc has 113 // received a value. 114 reply v4wire.Packet 115 } 116 117 type replyMatchFunc func(v4wire.Packet) (matched bool, requestDone bool) 118 119 // reply is a reply packet from a certain node. 120 type reply struct { 121 from enode.ID 122 ip net.IP 123 data v4wire.Packet 124 // loop indicates whether there was 125 // a matching request by sending on this channel. 126 matched chan<- bool 127 } 128 129 func ListenV4(c UDPConn, ln *enode.LocalNode, cfg Config) (*UDPv4, error) { 130 cfg = cfg.withDefaults() 131 closeCtx, cancel := context.WithCancel(context.Background()) 132 t := &UDPv4{ 133 conn: c, 134 priv: cfg.PrivateKey, 135 netrestrict: cfg.NetRestrict, 136 localNode: ln, 137 db: ln.Database(), 138 gotreply: make(chan reply), 139 addReplyMatcher: make(chan *replyMatcher), 140 closeCtx: closeCtx, 141 cancelCloseCtx: cancel, 142 log: cfg.Log, 143 } 144 145 tab, err := newTable(t, ln.Database(), cfg.Bootnodes, t.log) 146 if err != nil { 147 return nil, err 148 } 149 t.tab = tab 150 go tab.loop() 151 152 t.wg.Add(2) 153 go t.loop() 154 go t.readLoop(cfg.Unhandled) 155 return t, nil 156 } 157 158 // Self returns the local node. 159 func (t *UDPv4) Self() *enode.Node { 160 return t.localNode.Node() 161 } 162 163 // Close shuts down the socket and aborts any running queries. 164 func (t *UDPv4) Close() { 165 t.closeOnce.Do(func() { 166 t.cancelCloseCtx() 167 t.conn.Close() 168 t.wg.Wait() 169 t.tab.close() 170 }) 171 } 172 173 // Resolve searches for a specific node with the given ID and tries to get the most recent 174 // version of the node record for it. It returns n if the node could not be resolved. 175 func (t *UDPv4) Resolve(n *enode.Node) *enode.Node { 176 // Try asking directly. This works if the node is still responding on the endpoint we have. 177 if rn, err := t.RequestENR(n); err == nil { 178 return rn 179 } 180 // Check table for the ID, we might have a newer version there. 181 if intable := t.tab.getNode(n.ID()); intable != nil && intable.Seq() > n.Seq() { 182 n = intable 183 if rn, err := t.RequestENR(n); err == nil { 184 return rn 185 } 186 } 187 // Otherwise perform a network lookup. 188 var key enode.Secp256k1 189 if n.Load(&key) != nil { 190 return n // no secp256k1 key 191 } 192 result := t.LookupPubkey((*ecdsa.PublicKey)(&key)) 193 for _, rn := range result { 194 if rn.ID() == n.ID() { 195 if rn, err := t.RequestENR(rn); err == nil { 196 return rn 197 } 198 } 199 } 200 return n 201 } 202 203 func (t *UDPv4) ourEndpoint() v4wire.Endpoint { 204 n := t.Self() 205 a := &net.UDPAddr{IP: n.IP(), Port: n.UDP()} 206 return v4wire.NewEndpoint(a, uint16(n.TCP())) 207 } 208 209 // Ping sends a ping message to the given node. 210 func (t *UDPv4) Ping(n *enode.Node) error { 211 _, err := t.ping(n) 212 return err 213 } 214 215 // ping sends a ping message to the given node and waits for a reply. 216 func (t *UDPv4) ping(n *enode.Node) (seq uint64, err error) { 217 rm := t.sendPing(n.ID(), &net.UDPAddr{IP: n.IP(), Port: n.UDP()}, nil) 218 if err = <-rm.errc; err == nil { 219 seq = rm.reply.(*v4wire.Pong).ENRSeq 220 } 221 return seq, err 222 } 223 224 // sendPing sends a ping message to the given node and invokes the callback 225 // when the reply arrives. 226 func (t *UDPv4) sendPing(toid enode.ID, toaddr *net.UDPAddr, callback func()) *replyMatcher { 227 req := t.makePing(toaddr) 228 packet, hash, err := v4wire.Encode(t.priv, req) 229 if err != nil { 230 errc := make(chan error, 1) 231 errc <- err 232 return &replyMatcher{errc: errc} 233 } 234 // Add a matcher for the reply to the pending reply queue. Pongs are matched if they 235 // reference the ping we're about to send. 236 rm := t.pending(toid, toaddr.IP, v4wire.PongPacket, func(p v4wire.Packet) (matched bool, requestDone bool) { 237 matched = bytes.Equal(p.(*v4wire.Pong).ReplyTok, hash) 238 if matched && callback != nil { 239 callback() 240 } 241 return matched, matched 242 }) 243 // Send the packet. 244 t.localNode.UDPContact(toaddr) 245 t.write(toaddr, toid, req.Name(), packet) 246 return rm 247 } 248 249 func (t *UDPv4) makePing(toaddr *net.UDPAddr) *v4wire.Ping { 250 return &v4wire.Ping{ 251 Version: 4, 252 From: t.ourEndpoint(), 253 To: v4wire.NewEndpoint(toaddr, 0), 254 Expiration: uint64(time.Now().Add(expiration).Unix()), 255 ENRSeq: t.localNode.Node().Seq(), 256 } 257 } 258 259 // LookupPubkey finds the closest nodes to the given public key. 260 func (t *UDPv4) LookupPubkey(key *ecdsa.PublicKey) []*enode.Node { 261 if t.tab.len() == 0 { 262 // All nodes were dropped, refresh. The very first query will hit this 263 // case and run the bootstrapping logic. 264 <-t.tab.refresh() 265 } 266 return t.newLookup(t.closeCtx, encodePubkey(key)).run() 267 } 268 269 // RandomNodes is an iterator yielding nodes from a random walk of the DHT. 270 func (t *UDPv4) RandomNodes() enode.Iterator { 271 return newLookupIterator(t.closeCtx, t.newRandomLookup) 272 } 273 274 // lookupRandom implements transport. 275 func (t *UDPv4) lookupRandom() []*enode.Node { 276 return t.newRandomLookup(t.closeCtx).run() 277 } 278 279 // lookupSelf implements transport. 280 func (t *UDPv4) lookupSelf() []*enode.Node { 281 return t.newLookup(t.closeCtx, encodePubkey(&t.priv.PublicKey)).run() 282 } 283 284 func (t *UDPv4) newRandomLookup(ctx context.Context) *lookup { 285 var target encPubkey 286 crand.Read(target[:]) 287 return t.newLookup(ctx, target) 288 } 289 290 func (t *UDPv4) newLookup(ctx context.Context, targetKey encPubkey) *lookup { 291 target := enode.ID(crypto.Keccak256Hash(targetKey[:])) 292 ekey := v4wire.Pubkey(targetKey) 293 it := newLookup(ctx, t.tab, target, func(n *node) ([]*node, error) { 294 return t.findnode(n.ID(), n.addr(), ekey) 295 }) 296 return it 297 } 298 299 // findnode sends a findnode request to the given node and waits until 300 // the node has sent up to k neighbors. 301 func (t *UDPv4) findnode(toid enode.ID, toaddr *net.UDPAddr, target v4wire.Pubkey) ([]*node, error) { 302 t.ensureBond(toid, toaddr) 303 304 // Add a matcher for 'neighbours' replies to the pending reply queue. The matcher is 305 // active until enough nodes have been received. 306 nodes := make([]*node, 0, bucketSize) 307 nreceived := 0 308 rm := t.pending(toid, toaddr.IP, v4wire.NeighborsPacket, func(r v4wire.Packet) (matched bool, requestDone bool) { 309 reply := r.(*v4wire.Neighbors) 310 for _, rn := range reply.Nodes { 311 nreceived++ 312 n, err := t.nodeFromRPC(toaddr, rn) 313 if err != nil { 314 t.log.Trace("Invalid neighbor node received", "ip", rn.IP, "addr", toaddr, "err", err) 315 continue 316 } 317 nodes = append(nodes, n) 318 } 319 return true, nreceived >= bucketSize 320 }) 321 t.send(toaddr, toid, &v4wire.Findnode{ 322 Target: target, 323 Expiration: uint64(time.Now().Add(expiration).Unix()), 324 }) 325 // Ensure that callers don't see a timeout if the node actually responded. Since 326 // findnode can receive more than one neighbors response, the reply matcher will be 327 // active until the remote node sends enough nodes. If the remote end doesn't have 328 // enough nodes the reply matcher will time out waiting for the second reply, but 329 // there's no need for an error in that case. 330 err := <-rm.errc 331 if err == errTimeout && rm.reply != nil { 332 err = nil 333 } 334 return nodes, err 335 } 336 337 // RequestENR sends enrRequest to the given node and waits for a response. 338 func (t *UDPv4) RequestENR(n *enode.Node) (*enode.Node, error) { 339 addr := &net.UDPAddr{IP: n.IP(), Port: n.UDP()} 340 t.ensureBond(n.ID(), addr) 341 342 req := &v4wire.ENRRequest{ 343 Expiration: uint64(time.Now().Add(expiration).Unix()), 344 } 345 packet, hash, err := v4wire.Encode(t.priv, req) 346 if err != nil { 347 return nil, err 348 } 349 350 // Add a matcher for the reply to the pending reply queue. Responses are matched if 351 // they reference the request we're about to send. 352 rm := t.pending(n.ID(), addr.IP, v4wire.ENRResponsePacket, func(r v4wire.Packet) (matched bool, requestDone bool) { 353 matched = bytes.Equal(r.(*v4wire.ENRResponse).ReplyTok, hash) 354 return matched, matched 355 }) 356 // Send the packet and wait for the reply. 357 t.write(addr, n.ID(), req.Name(), packet) 358 if err := <-rm.errc; err != nil { 359 return nil, err 360 } 361 // Verify the response record. 362 respN, err := enode.New(enode.ValidSchemes, &rm.reply.(*v4wire.ENRResponse).Record) 363 if err != nil { 364 return nil, err 365 } 366 if respN.ID() != n.ID() { 367 return nil, fmt.Errorf("invalid ID in response record") 368 } 369 if respN.Seq() < n.Seq() { 370 return n, nil // response record is older 371 } 372 if err := netutil.CheckRelayIP(addr.IP, respN.IP()); err != nil { 373 return nil, fmt.Errorf("invalid IP in response record: %v", err) 374 } 375 return respN, nil 376 } 377 378 // pending adds a reply matcher to the pending reply queue. 379 // see the documentation of type replyMatcher for a detailed explanation. 380 func (t *UDPv4) pending(id enode.ID, ip net.IP, ptype byte, callback replyMatchFunc) *replyMatcher { 381 ch := make(chan error, 1) 382 p := &replyMatcher{from: id, ip: ip, ptype: ptype, callback: callback, errc: ch} 383 select { 384 case t.addReplyMatcher <- p: 385 // loop will handle it 386 case <-t.closeCtx.Done(): 387 ch <- errClosed 388 } 389 return p 390 } 391 392 // handleReply dispatches a reply packet, invoking reply matchers. It returns 393 // whether any matcher considered the packet acceptable. 394 func (t *UDPv4) handleReply(from enode.ID, fromIP net.IP, req v4wire.Packet) bool { 395 matched := make(chan bool, 1) 396 select { 397 case t.gotreply <- reply{from, fromIP, req, matched}: 398 // loop will handle it 399 return <-matched 400 case <-t.closeCtx.Done(): 401 return false 402 } 403 } 404 405 // loop runs in its own goroutine. it keeps track of 406 // the refresh timer and the pending reply queue. 407 func (t *UDPv4) loop() { 408 defer t.wg.Done() 409 410 var ( 411 plist = list.New() 412 timeout = time.NewTimer(0) 413 nextTimeout *replyMatcher // head of plist when timeout was last reset 414 contTimeouts = 0 // number of continuous timeouts to do NTP checks 415 ntpWarnTime = time.Unix(0, 0) 416 ) 417 <-timeout.C // ignore first timeout 418 defer timeout.Stop() 419 420 resetTimeout := func() { 421 if plist.Front() == nil || nextTimeout == plist.Front().Value { 422 return 423 } 424 // Start the timer so it fires when the next pending reply has expired. 425 now := time.Now() 426 for el := plist.Front(); el != nil; el = el.Next() { 427 nextTimeout = el.Value.(*replyMatcher) 428 if dist := nextTimeout.deadline.Sub(now); dist < 2*respTimeout { 429 timeout.Reset(dist) 430 return 431 } 432 // Remove pending replies whose deadline is too far in the 433 // future. These can occur if the system clock jumped 434 // backwards after the deadline was assigned. 435 nextTimeout.errc <- errClockWarp 436 plist.Remove(el) 437 } 438 nextTimeout = nil 439 timeout.Stop() 440 } 441 442 for { 443 resetTimeout() 444 445 select { 446 case <-t.closeCtx.Done(): 447 for el := plist.Front(); el != nil; el = el.Next() { 448 el.Value.(*replyMatcher).errc <- errClosed 449 } 450 return 451 452 case p := <-t.addReplyMatcher: 453 p.deadline = time.Now().Add(respTimeout) 454 plist.PushBack(p) 455 456 case r := <-t.gotreply: 457 var matched bool // whether any replyMatcher considered the reply acceptable. 458 for el := plist.Front(); el != nil; el = el.Next() { 459 p := el.Value.(*replyMatcher) 460 if p.from == r.from && p.ptype == r.data.Kind() && p.ip.Equal(r.ip) { 461 ok, requestDone := p.callback(r.data) 462 matched = matched || ok 463 p.reply = r.data 464 // Remove the matcher if callback indicates that all replies have been received. 465 if requestDone { 466 p.errc <- nil 467 plist.Remove(el) 468 } 469 // Reset the continuous timeout counter (time drift detection) 470 contTimeouts = 0 471 } 472 } 473 r.matched <- matched 474 475 case now := <-timeout.C: 476 nextTimeout = nil 477 478 // Notify and remove callbacks whose deadline is in the past. 479 for el := plist.Front(); el != nil; el = el.Next() { 480 p := el.Value.(*replyMatcher) 481 if now.After(p.deadline) || now.Equal(p.deadline) { 482 p.errc <- errTimeout 483 plist.Remove(el) 484 contTimeouts++ 485 } 486 } 487 // If we've accumulated too many timeouts, do an NTP time sync check 488 if contTimeouts > ntpFailureThreshold { 489 if time.Since(ntpWarnTime) >= ntpWarningCooldown { 490 ntpWarnTime = time.Now() 491 go checkClockDrift() 492 } 493 contTimeouts = 0 494 } 495 } 496 } 497 } 498 499 func (t *UDPv4) send(toaddr *net.UDPAddr, toid enode.ID, req v4wire.Packet) ([]byte, error) { 500 packet, hash, err := v4wire.Encode(t.priv, req) 501 if err != nil { 502 return hash, err 503 } 504 return hash, t.write(toaddr, toid, req.Name(), packet) 505 } 506 507 func (t *UDPv4) write(toaddr *net.UDPAddr, toid enode.ID, what string, packet []byte) error { 508 _, err := t.conn.WriteToUDP(packet, toaddr) 509 t.log.Trace(">> "+what, "id", toid, "addr", toaddr, "err", err) 510 return err 511 } 512 513 // readLoop runs in its own goroutine. it handles incoming UDP packets. 514 func (t *UDPv4) readLoop(unhandled chan<- ReadPacket) { 515 defer t.wg.Done() 516 if unhandled != nil { 517 defer close(unhandled) 518 } 519 520 buf := make([]byte, maxPacketSize) 521 for { 522 nbytes, from, err := t.conn.ReadFromUDP(buf) 523 if netutil.IsTemporaryError(err) { 524 // Ignore temporary read errors. 525 t.log.Debug("Temporary UDP read error", "err", err) 526 continue 527 } else if err != nil { 528 // Shut down the loop for permament errors. 529 if err != io.EOF { 530 t.log.Debug("UDP read error", "err", err) 531 } 532 return 533 } 534 if t.handlePacket(from, buf[:nbytes]) != nil && unhandled != nil { 535 select { 536 case unhandled <- ReadPacket{buf[:nbytes], from}: 537 default: 538 } 539 } 540 } 541 } 542 543 func (t *UDPv4) handlePacket(from *net.UDPAddr, buf []byte) error { 544 rawpacket, fromKey, hash, err := v4wire.Decode(buf) 545 if err != nil { 546 t.log.Debug("Bad discv4 packet", "addr", from, "err", err) 547 return err 548 } 549 packet := t.wrapPacket(rawpacket) 550 fromID := fromKey.ID() 551 if err == nil && packet.preverify != nil { 552 err = packet.preverify(packet, from, fromID, fromKey) 553 } 554 t.log.Trace("<< "+packet.Name(), "id", fromID, "addr", from, "err", err) 555 if err == nil && packet.handle != nil { 556 packet.handle(packet, from, fromID, hash) 557 } 558 return err 559 } 560 561 // checkBond checks if the given node has a recent enough endpoint proof. 562 func (t *UDPv4) checkBond(id enode.ID, ip net.IP) bool { 563 return time.Since(t.db.LastPongReceived(id, ip)) < bondExpiration 564 } 565 566 // ensureBond solicits a ping from a node if we haven't seen a ping from it for a while. 567 // This ensures there is a valid endpoint proof on the remote end. 568 func (t *UDPv4) ensureBond(toid enode.ID, toaddr *net.UDPAddr) { 569 tooOld := time.Since(t.db.LastPingReceived(toid, toaddr.IP)) > bondExpiration 570 if tooOld || t.db.FindFails(toid, toaddr.IP) > maxFindnodeFailures { 571 rm := t.sendPing(toid, toaddr, nil) 572 <-rm.errc 573 // Wait for them to ping back and process our pong. 574 time.Sleep(respTimeout) 575 } 576 } 577 578 func (t *UDPv4) nodeFromRPC(sender *net.UDPAddr, rn v4wire.Node) (*node, error) { 579 if rn.UDP <= 1024 { 580 return nil, errLowPort 581 } 582 if err := netutil.CheckRelayIP(sender.IP, rn.IP); err != nil { 583 return nil, err 584 } 585 if t.netrestrict != nil && !t.netrestrict.Contains(rn.IP) { 586 return nil, errors.New("not contained in netrestrict whitelist") 587 } 588 key, err := v4wire.DecodePubkey(crypto.S256(), rn.ID) 589 if err != nil { 590 return nil, err 591 } 592 n := wrapNode(enode.NewV4(key, rn.IP, int(rn.TCP), int(rn.UDP))) 593 err = n.ValidateComplete() 594 return n, err 595 } 596 597 func nodeToRPC(n *node) v4wire.Node { 598 var key ecdsa.PublicKey 599 var ekey v4wire.Pubkey 600 if err := n.Load((*enode.Secp256k1)(&key)); err == nil { 601 ekey = v4wire.EncodePubkey(&key) 602 } 603 return v4wire.Node{ID: ekey, IP: n.IP(), UDP: uint16(n.UDP()), TCP: uint16(n.TCP())} 604 } 605 606 // wrapPacket returns the handler functions applicable to a packet. 607 func (t *UDPv4) wrapPacket(p v4wire.Packet) *packetHandlerV4 { 608 var h packetHandlerV4 609 h.Packet = p 610 switch p.(type) { 611 case *v4wire.Ping: 612 h.preverify = t.verifyPing 613 h.handle = t.handlePing 614 case *v4wire.Pong: 615 h.preverify = t.verifyPong 616 case *v4wire.Findnode: 617 h.preverify = t.verifyFindnode 618 h.handle = t.handleFindnode 619 case *v4wire.Neighbors: 620 h.preverify = t.verifyNeighbors 621 case *v4wire.ENRRequest: 622 h.preverify = t.verifyENRRequest 623 h.handle = t.handleENRRequest 624 case *v4wire.ENRResponse: 625 h.preverify = t.verifyENRResponse 626 } 627 return &h 628 } 629 630 // packetHandlerV4 wraps a packet with handler functions. 631 type packetHandlerV4 struct { 632 v4wire.Packet 633 senderKey *ecdsa.PublicKey // used for ping 634 635 // preverify checks whether the packet is valid and should be handled at all. 636 preverify func(p *packetHandlerV4, from *net.UDPAddr, fromID enode.ID, fromKey v4wire.Pubkey) error 637 // handle handles the packet. 638 handle func(req *packetHandlerV4, from *net.UDPAddr, fromID enode.ID, mac []byte) 639 } 640 641 // PING/v4 642 643 func (t *UDPv4) verifyPing(h *packetHandlerV4, from *net.UDPAddr, fromID enode.ID, fromKey v4wire.Pubkey) error { 644 req := h.Packet.(*v4wire.Ping) 645 646 senderKey, err := v4wire.DecodePubkey(crypto.S256(), fromKey) 647 if err != nil { 648 return err 649 } 650 if v4wire.Expired(req.Expiration) { 651 return errExpired 652 } 653 h.senderKey = senderKey 654 return nil 655 } 656 657 func (t *UDPv4) handlePing(h *packetHandlerV4, from *net.UDPAddr, fromID enode.ID, mac []byte) { 658 req := h.Packet.(*v4wire.Ping) 659 660 // Reply. 661 t.send(from, fromID, &v4wire.Pong{ 662 To: v4wire.NewEndpoint(from, req.From.TCP), 663 ReplyTok: mac, 664 Expiration: uint64(time.Now().Add(expiration).Unix()), 665 ENRSeq: t.localNode.Node().Seq(), 666 }) 667 668 // Ping back if our last pong on file is too far in the past. 669 n := wrapNode(enode.NewV4(h.senderKey, from.IP, int(req.From.TCP), from.Port)) 670 if time.Since(t.db.LastPongReceived(n.ID(), from.IP)) > bondExpiration { 671 t.sendPing(fromID, from, func() { 672 t.tab.addVerifiedNode(n) 673 }) 674 } else { 675 t.tab.addVerifiedNode(n) 676 } 677 678 // Update node database and endpoint predictor. 679 t.db.UpdateLastPingReceived(n.ID(), from.IP, time.Now()) 680 t.localNode.UDPEndpointStatement(from, &net.UDPAddr{IP: req.To.IP, Port: int(req.To.UDP)}) 681 } 682 683 // PONG/v4 684 685 func (t *UDPv4) verifyPong(h *packetHandlerV4, from *net.UDPAddr, fromID enode.ID, fromKey v4wire.Pubkey) error { 686 req := h.Packet.(*v4wire.Pong) 687 688 if v4wire.Expired(req.Expiration) { 689 return errExpired 690 } 691 if !t.handleReply(fromID, from.IP, req) { 692 return errUnsolicitedReply 693 } 694 t.localNode.UDPEndpointStatement(from, &net.UDPAddr{IP: req.To.IP, Port: int(req.To.UDP)}) 695 t.db.UpdateLastPongReceived(fromID, from.IP, time.Now()) 696 return nil 697 } 698 699 // FINDNODE/v4 700 701 func (t *UDPv4) verifyFindnode(h *packetHandlerV4, from *net.UDPAddr, fromID enode.ID, fromKey v4wire.Pubkey) error { 702 req := h.Packet.(*v4wire.Findnode) 703 704 if v4wire.Expired(req.Expiration) { 705 return errExpired 706 } 707 if !t.checkBond(fromID, from.IP) { 708 // No endpoint proof pong exists, we don't process the packet. This prevents an 709 // attack vector where the discovery protocol could be used to amplify traffic in a 710 // DDOS attack. A malicious actor would send a findnode request with the IP address 711 // and UDP port of the target as the source address. The recipient of the findnode 712 // packet would then send a neighbors packet (which is a much bigger packet than 713 // findnode) to the victim. 714 return errUnknownNode 715 } 716 return nil 717 } 718 719 func (t *UDPv4) handleFindnode(h *packetHandlerV4, from *net.UDPAddr, fromID enode.ID, mac []byte) { 720 req := h.Packet.(*v4wire.Findnode) 721 722 // Determine closest nodes. 723 target := enode.ID(crypto.Keccak256Hash(req.Target[:])) 724 closest := t.tab.findnodeByID(target, bucketSize, true).entries 725 726 // Send neighbors in chunks with at most maxNeighbors per packet 727 // to stay below the packet size limit. 728 p := v4wire.Neighbors{Expiration: uint64(time.Now().Add(expiration).Unix())} 729 var sent bool 730 for _, n := range closest { 731 if netutil.CheckRelayIP(from.IP, n.IP()) == nil { 732 p.Nodes = append(p.Nodes, nodeToRPC(n)) 733 } 734 if len(p.Nodes) == v4wire.MaxNeighbors { 735 t.send(from, fromID, &p) 736 p.Nodes = p.Nodes[:0] 737 sent = true 738 } 739 } 740 if len(p.Nodes) > 0 || !sent { 741 t.send(from, fromID, &p) 742 } 743 } 744 745 // NEIGHBORS/v4 746 747 func (t *UDPv4) verifyNeighbors(h *packetHandlerV4, from *net.UDPAddr, fromID enode.ID, fromKey v4wire.Pubkey) error { 748 req := h.Packet.(*v4wire.Neighbors) 749 750 if v4wire.Expired(req.Expiration) { 751 return errExpired 752 } 753 if !t.handleReply(fromID, from.IP, h.Packet) { 754 return errUnsolicitedReply 755 } 756 return nil 757 } 758 759 // ENRREQUEST/v4 760 761 func (t *UDPv4) verifyENRRequest(h *packetHandlerV4, from *net.UDPAddr, fromID enode.ID, fromKey v4wire.Pubkey) error { 762 req := h.Packet.(*v4wire.ENRRequest) 763 764 if v4wire.Expired(req.Expiration) { 765 return errExpired 766 } 767 if !t.checkBond(fromID, from.IP) { 768 return errUnknownNode 769 } 770 return nil 771 } 772 773 func (t *UDPv4) handleENRRequest(h *packetHandlerV4, from *net.UDPAddr, fromID enode.ID, mac []byte) { 774 t.send(from, fromID, &v4wire.ENRResponse{ 775 ReplyTok: mac, 776 Record: *t.localNode.Node().Record(), 777 }) 778 } 779 780 // ENRRESPONSE/v4 781 782 func (t *UDPv4) verifyENRResponse(h *packetHandlerV4, from *net.UDPAddr, fromID enode.ID, fromKey v4wire.Pubkey) error { 783 if !t.handleReply(fromID, from.IP, h.Packet) { 784 return errUnsolicitedReply 785 } 786 return nil 787 }