gitlab.com/yannislg/go-pulse@v0.0.0-20210722055913-a3e24e95638d/p2p/discover/v4_udp.go (about)

     1  // Copyright 2019 The go-ethereum Authors
     2  // This file is part of the go-ethereum library.
     3  //
     4  // The go-ethereum library is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU Lesser General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // The go-ethereum library is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU Lesser General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU Lesser General Public License
    15  // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  package discover
    18  
    19  import (
    20  	"bytes"
    21  	"container/list"
    22  	"context"
    23  	"crypto/ecdsa"
    24  	crand "crypto/rand"
    25  	"errors"
    26  	"fmt"
    27  	"io"
    28  	"net"
    29  	"sync"
    30  	"time"
    31  
    32  	"github.com/ethereum/go-ethereum/crypto"
    33  	"github.com/ethereum/go-ethereum/log"
    34  	"github.com/ethereum/go-ethereum/p2p/enode"
    35  	"github.com/ethereum/go-ethereum/p2p/enr"
    36  	"github.com/ethereum/go-ethereum/p2p/netutil"
    37  	"github.com/ethereum/go-ethereum/rlp"
    38  )
    39  
    40  // Errors
    41  var (
    42  	errPacketTooSmall   = errors.New("too small")
    43  	errBadHash          = errors.New("bad hash")
    44  	errExpired          = errors.New("expired")
    45  	errUnsolicitedReply = errors.New("unsolicited reply")
    46  	errUnknownNode      = errors.New("unknown node")
    47  	errTimeout          = errors.New("RPC timeout")
    48  	errClockWarp        = errors.New("reply deadline too far in the future")
    49  	errClosed           = errors.New("socket closed")
    50  	errLowPort          = errors.New("low port")
    51  )
    52  
    53  const (
    54  	respTimeout    = 500 * time.Millisecond
    55  	expiration     = 20 * time.Second
    56  	bondExpiration = 24 * time.Hour
    57  
    58  	maxFindnodeFailures = 5                // nodes exceeding this limit are dropped
    59  	ntpFailureThreshold = 32               // Continuous timeouts after which to check NTP
    60  	ntpWarningCooldown  = 10 * time.Minute // Minimum amount of time to pass before repeating NTP warning
    61  	driftThreshold      = 10 * time.Second // Allowed clock drift before warning user
    62  
    63  	// Discovery packets are defined to be no larger than 1280 bytes.
    64  	// Packets larger than this size will be cut at the end and treated
    65  	// as invalid because their hash won't match.
    66  	maxPacketSize = 1280
    67  )
    68  
    69  // RPC packet types
    70  const (
    71  	p_pingV4 = iota + 1 // zero is 'reserved'
    72  	p_pongV4
    73  	p_findnodeV4
    74  	p_neighborsV4
    75  	p_enrRequestV4
    76  	p_enrResponseV4
    77  )
    78  
    79  // RPC request structures
    80  type (
    81  	pingV4 struct {
    82  		senderKey *ecdsa.PublicKey // filled in by preverify
    83  
    84  		Version    uint
    85  		From, To   rpcEndpoint
    86  		Expiration uint64
    87  		// Ignore additional fields (for forward compatibility).
    88  		Rest []rlp.RawValue `rlp:"tail"`
    89  	}
    90  
    91  	// pongV4 is the reply to pingV4.
    92  	pongV4 struct {
    93  		// This field should mirror the UDP envelope address
    94  		// of the ping packet, which provides a way to discover the
    95  		// the external address (after NAT).
    96  		To rpcEndpoint
    97  
    98  		ReplyTok   []byte // This contains the hash of the ping packet.
    99  		Expiration uint64 // Absolute timestamp at which the packet becomes invalid.
   100  		// Ignore additional fields (for forward compatibility).
   101  		Rest []rlp.RawValue `rlp:"tail"`
   102  	}
   103  
   104  	// findnodeV4 is a query for nodes close to the given target.
   105  	findnodeV4 struct {
   106  		Target     encPubkey
   107  		Expiration uint64
   108  		// Ignore additional fields (for forward compatibility).
   109  		Rest []rlp.RawValue `rlp:"tail"`
   110  	}
   111  
   112  	// neighborsV4 is the reply to findnodeV4.
   113  	neighborsV4 struct {
   114  		Nodes      []rpcNode
   115  		Expiration uint64
   116  		// Ignore additional fields (for forward compatibility).
   117  		Rest []rlp.RawValue `rlp:"tail"`
   118  	}
   119  
   120  	// enrRequestV4 queries for the remote node's record.
   121  	enrRequestV4 struct {
   122  		Expiration uint64
   123  		// Ignore additional fields (for forward compatibility).
   124  		Rest []rlp.RawValue `rlp:"tail"`
   125  	}
   126  
   127  	// enrResponseV4 is the reply to enrRequestV4.
   128  	enrResponseV4 struct {
   129  		ReplyTok []byte // Hash of the enrRequest packet.
   130  		Record   enr.Record
   131  		// Ignore additional fields (for forward compatibility).
   132  		Rest []rlp.RawValue `rlp:"tail"`
   133  	}
   134  
   135  	rpcNode struct {
   136  		IP  net.IP // len 4 for IPv4 or 16 for IPv6
   137  		UDP uint16 // for discovery protocol
   138  		TCP uint16 // for RLPx protocol
   139  		ID  encPubkey
   140  	}
   141  
   142  	rpcEndpoint struct {
   143  		IP  net.IP // len 4 for IPv4 or 16 for IPv6
   144  		UDP uint16 // for discovery protocol
   145  		TCP uint16 // for RLPx protocol
   146  	}
   147  )
   148  
   149  // packetV4 is implemented by all v4 protocol messages.
   150  type packetV4 interface {
   151  	// preverify checks whether the packet is valid and should be handled at all.
   152  	preverify(t *UDPv4, from *net.UDPAddr, fromID enode.ID, fromKey encPubkey) error
   153  	// handle handles the packet.
   154  	handle(t *UDPv4, from *net.UDPAddr, fromID enode.ID, mac []byte)
   155  	// packet name and type for logging purposes.
   156  	name() string
   157  	kind() byte
   158  }
   159  
   160  func makeEndpoint(addr *net.UDPAddr, tcpPort uint16) rpcEndpoint {
   161  	ip := net.IP{}
   162  	if ip4 := addr.IP.To4(); ip4 != nil {
   163  		ip = ip4
   164  	} else if ip6 := addr.IP.To16(); ip6 != nil {
   165  		ip = ip6
   166  	}
   167  	return rpcEndpoint{IP: ip, UDP: uint16(addr.Port), TCP: tcpPort}
   168  }
   169  
   170  func (t *UDPv4) nodeFromRPC(sender *net.UDPAddr, rn rpcNode) (*node, error) {
   171  	if rn.UDP <= 1024 {
   172  		return nil, errors.New("low port")
   173  	}
   174  	if err := netutil.CheckRelayIP(sender.IP, rn.IP); err != nil {
   175  		return nil, err
   176  	}
   177  	if t.netrestrict != nil && !t.netrestrict.Contains(rn.IP) {
   178  		return nil, errors.New("not contained in netrestrict whitelist")
   179  	}
   180  	key, err := decodePubkey(crypto.S256(), rn.ID)
   181  	if err != nil {
   182  		return nil, err
   183  	}
   184  	n := wrapNode(enode.NewV4(key, rn.IP, int(rn.TCP), int(rn.UDP)))
   185  	err = n.ValidateComplete()
   186  	return n, err
   187  }
   188  
   189  func nodeToRPC(n *node) rpcNode {
   190  	var key ecdsa.PublicKey
   191  	var ekey encPubkey
   192  	if err := n.Load((*enode.Secp256k1)(&key)); err == nil {
   193  		ekey = encodePubkey(&key)
   194  	}
   195  	return rpcNode{ID: ekey, IP: n.IP(), UDP: uint16(n.UDP()), TCP: uint16(n.TCP())}
   196  }
   197  
   198  // UDPv4 implements the v4 wire protocol.
   199  type UDPv4 struct {
   200  	conn        UDPConn
   201  	log         log.Logger
   202  	netrestrict *netutil.Netlist
   203  	priv        *ecdsa.PrivateKey
   204  	localNode   *enode.LocalNode
   205  	db          *enode.DB
   206  	tab         *Table
   207  	closeOnce   sync.Once
   208  	wg          sync.WaitGroup
   209  
   210  	addReplyMatcher chan *replyMatcher
   211  	gotreply        chan reply
   212  	closeCtx        context.Context
   213  	cancelCloseCtx  context.CancelFunc
   214  }
   215  
   216  // replyMatcher represents a pending reply.
   217  //
   218  // Some implementations of the protocol wish to send more than one
   219  // reply packet to findnode. In general, any neighbors packet cannot
   220  // be matched up with a specific findnode packet.
   221  //
   222  // Our implementation handles this by storing a callback function for
   223  // each pending reply. Incoming packets from a node are dispatched
   224  // to all callback functions for that node.
   225  type replyMatcher struct {
   226  	// these fields must match in the reply.
   227  	from  enode.ID
   228  	ip    net.IP
   229  	ptype byte
   230  
   231  	// time when the request must complete
   232  	deadline time.Time
   233  
   234  	// callback is called when a matching reply arrives. If it returns matched == true, the
   235  	// reply was acceptable. The second return value indicates whether the callback should
   236  	// be removed from the pending reply queue. If it returns false, the reply is considered
   237  	// incomplete and the callback will be invoked again for the next matching reply.
   238  	callback replyMatchFunc
   239  
   240  	// errc receives nil when the callback indicates completion or an
   241  	// error if no further reply is received within the timeout.
   242  	errc chan error
   243  
   244  	// reply contains the most recent reply. This field is safe for reading after errc has
   245  	// received a value.
   246  	reply packetV4
   247  }
   248  
   249  type replyMatchFunc func(interface{}) (matched bool, requestDone bool)
   250  
   251  // reply is a reply packet from a certain node.
   252  type reply struct {
   253  	from enode.ID
   254  	ip   net.IP
   255  	data packetV4
   256  	// loop indicates whether there was
   257  	// a matching request by sending on this channel.
   258  	matched chan<- bool
   259  }
   260  
   261  func ListenV4(c UDPConn, ln *enode.LocalNode, cfg Config) (*UDPv4, error) {
   262  	cfg = cfg.withDefaults()
   263  	closeCtx, cancel := context.WithCancel(context.Background())
   264  	t := &UDPv4{
   265  		conn:            c,
   266  		priv:            cfg.PrivateKey,
   267  		netrestrict:     cfg.NetRestrict,
   268  		localNode:       ln,
   269  		db:              ln.Database(),
   270  		gotreply:        make(chan reply),
   271  		addReplyMatcher: make(chan *replyMatcher),
   272  		closeCtx:        closeCtx,
   273  		cancelCloseCtx:  cancel,
   274  		log:             cfg.Log,
   275  	}
   276  
   277  	tab, err := newTable(t, ln.Database(), cfg.Bootnodes, t.log)
   278  	if err != nil {
   279  		return nil, err
   280  	}
   281  	t.tab = tab
   282  	go tab.loop()
   283  
   284  	t.wg.Add(2)
   285  	go t.loop()
   286  	go t.readLoop(cfg.Unhandled)
   287  	return t, nil
   288  }
   289  
   290  // Self returns the local node.
   291  func (t *UDPv4) Self() *enode.Node {
   292  	return t.localNode.Node()
   293  }
   294  
   295  // Close shuts down the socket and aborts any running queries.
   296  func (t *UDPv4) Close() {
   297  	t.closeOnce.Do(func() {
   298  		t.cancelCloseCtx()
   299  		t.conn.Close()
   300  		t.wg.Wait()
   301  		t.tab.close()
   302  	})
   303  }
   304  
   305  // Resolve searches for a specific node with the given ID and tries to get the most recent
   306  // version of the node record for it. It returns n if the node could not be resolved.
   307  func (t *UDPv4) Resolve(n *enode.Node) *enode.Node {
   308  	// Try asking directly. This works if the node is still responding on the endpoint we have.
   309  	if rn, err := t.RequestENR(n); err == nil {
   310  		return rn
   311  	}
   312  	// Check table for the ID, we might have a newer version there.
   313  	if intable := t.tab.getNode(n.ID()); intable != nil && intable.Seq() > n.Seq() {
   314  		n = intable
   315  		if rn, err := t.RequestENR(n); err == nil {
   316  			return rn
   317  		}
   318  	}
   319  	// Otherwise perform a network lookup.
   320  	var key enode.Secp256k1
   321  	if n.Load(&key) != nil {
   322  		return n // no secp256k1 key
   323  	}
   324  	result := t.LookupPubkey((*ecdsa.PublicKey)(&key))
   325  	for _, rn := range result {
   326  		if rn.ID() == n.ID() {
   327  			if rn, err := t.RequestENR(rn); err == nil {
   328  				return rn
   329  			}
   330  		}
   331  	}
   332  	return n
   333  }
   334  
   335  func (t *UDPv4) ourEndpoint() rpcEndpoint {
   336  	n := t.Self()
   337  	a := &net.UDPAddr{IP: n.IP(), Port: n.UDP()}
   338  	return makeEndpoint(a, uint16(n.TCP()))
   339  }
   340  
   341  // Ping sends a ping message to the given node.
   342  func (t *UDPv4) Ping(n *enode.Node) error {
   343  	_, err := t.ping(n)
   344  	return err
   345  }
   346  
   347  // ping sends a ping message to the given node and waits for a reply.
   348  func (t *UDPv4) ping(n *enode.Node) (seq uint64, err error) {
   349  	rm := t.sendPing(n.ID(), &net.UDPAddr{IP: n.IP(), Port: n.UDP()}, nil)
   350  	if err = <-rm.errc; err == nil {
   351  		seq = seqFromTail(rm.reply.(*pongV4).Rest)
   352  	}
   353  	return seq, err
   354  }
   355  
   356  // sendPing sends a ping message to the given node and invokes the callback
   357  // when the reply arrives.
   358  func (t *UDPv4) sendPing(toid enode.ID, toaddr *net.UDPAddr, callback func()) *replyMatcher {
   359  	req := t.makePing(toaddr)
   360  	packet, hash, err := t.encode(t.priv, req)
   361  	if err != nil {
   362  		errc := make(chan error, 1)
   363  		errc <- err
   364  		return &replyMatcher{errc: errc}
   365  	}
   366  	// Add a matcher for the reply to the pending reply queue. Pongs are matched if they
   367  	// reference the ping we're about to send.
   368  	rm := t.pending(toid, toaddr.IP, p_pongV4, func(p interface{}) (matched bool, requestDone bool) {
   369  		matched = bytes.Equal(p.(*pongV4).ReplyTok, hash)
   370  		if matched && callback != nil {
   371  			callback()
   372  		}
   373  		return matched, matched
   374  	})
   375  	// Send the packet.
   376  	t.localNode.UDPContact(toaddr)
   377  	t.write(toaddr, toid, req.name(), packet)
   378  	return rm
   379  }
   380  
   381  func (t *UDPv4) makePing(toaddr *net.UDPAddr) *pingV4 {
   382  	seq, _ := rlp.EncodeToBytes(t.localNode.Node().Seq())
   383  	return &pingV4{
   384  		Version:    4,
   385  		From:       t.ourEndpoint(),
   386  		To:         makeEndpoint(toaddr, 0),
   387  		Expiration: uint64(time.Now().Add(expiration).Unix()),
   388  		Rest:       []rlp.RawValue{seq},
   389  	}
   390  }
   391  
   392  // LookupPubkey finds the closest nodes to the given public key.
   393  func (t *UDPv4) LookupPubkey(key *ecdsa.PublicKey) []*enode.Node {
   394  	if t.tab.len() == 0 {
   395  		// All nodes were dropped, refresh. The very first query will hit this
   396  		// case and run the bootstrapping logic.
   397  		<-t.tab.refresh()
   398  	}
   399  	return t.newLookup(t.closeCtx, encodePubkey(key)).run()
   400  }
   401  
   402  // RandomNodes is an iterator yielding nodes from a random walk of the DHT.
   403  func (t *UDPv4) RandomNodes() enode.Iterator {
   404  	return newLookupIterator(t.closeCtx, t.newRandomLookup)
   405  }
   406  
   407  // lookupRandom implements transport.
   408  func (t *UDPv4) lookupRandom() []*enode.Node {
   409  	return t.newRandomLookup(t.closeCtx).run()
   410  }
   411  
   412  // lookupSelf implements transport.
   413  func (t *UDPv4) lookupSelf() []*enode.Node {
   414  	return t.newLookup(t.closeCtx, encodePubkey(&t.priv.PublicKey)).run()
   415  }
   416  
   417  func (t *UDPv4) newRandomLookup(ctx context.Context) *lookup {
   418  	var target encPubkey
   419  	crand.Read(target[:])
   420  	return t.newLookup(ctx, target)
   421  }
   422  
   423  func (t *UDPv4) newLookup(ctx context.Context, targetKey encPubkey) *lookup {
   424  	target := enode.ID(crypto.Keccak256Hash(targetKey[:]))
   425  	it := newLookup(ctx, t.tab, target, func(n *node) ([]*node, error) {
   426  		return t.findnode(n.ID(), n.addr(), targetKey)
   427  	})
   428  	return it
   429  }
   430  
   431  // findnode sends a findnode request to the given node and waits until
   432  // the node has sent up to k neighbors.
   433  func (t *UDPv4) findnode(toid enode.ID, toaddr *net.UDPAddr, target encPubkey) ([]*node, error) {
   434  	t.ensureBond(toid, toaddr)
   435  
   436  	// Add a matcher for 'neighbours' replies to the pending reply queue. The matcher is
   437  	// active until enough nodes have been received.
   438  	nodes := make([]*node, 0, bucketSize)
   439  	nreceived := 0
   440  	rm := t.pending(toid, toaddr.IP, p_neighborsV4, func(r interface{}) (matched bool, requestDone bool) {
   441  		reply := r.(*neighborsV4)
   442  		for _, rn := range reply.Nodes {
   443  			nreceived++
   444  			n, err := t.nodeFromRPC(toaddr, rn)
   445  			if err != nil {
   446  				t.log.Trace("Invalid neighbor node received", "ip", rn.IP, "addr", toaddr, "err", err)
   447  				continue
   448  			}
   449  			nodes = append(nodes, n)
   450  		}
   451  		return true, nreceived >= bucketSize
   452  	})
   453  	t.send(toaddr, toid, &findnodeV4{
   454  		Target:     target,
   455  		Expiration: uint64(time.Now().Add(expiration).Unix()),
   456  	})
   457  	return nodes, <-rm.errc
   458  }
   459  
   460  // RequestENR sends enrRequest to the given node and waits for a response.
   461  func (t *UDPv4) RequestENR(n *enode.Node) (*enode.Node, error) {
   462  	addr := &net.UDPAddr{IP: n.IP(), Port: n.UDP()}
   463  	t.ensureBond(n.ID(), addr)
   464  
   465  	req := &enrRequestV4{
   466  		Expiration: uint64(time.Now().Add(expiration).Unix()),
   467  	}
   468  	packet, hash, err := t.encode(t.priv, req)
   469  	if err != nil {
   470  		return nil, err
   471  	}
   472  	// Add a matcher for the reply to the pending reply queue. Responses are matched if
   473  	// they reference the request we're about to send.
   474  	rm := t.pending(n.ID(), addr.IP, p_enrResponseV4, func(r interface{}) (matched bool, requestDone bool) {
   475  		matched = bytes.Equal(r.(*enrResponseV4).ReplyTok, hash)
   476  		return matched, matched
   477  	})
   478  	// Send the packet and wait for the reply.
   479  	t.write(addr, n.ID(), req.name(), packet)
   480  	if err := <-rm.errc; err != nil {
   481  		return nil, err
   482  	}
   483  	// Verify the response record.
   484  	respN, err := enode.New(enode.ValidSchemes, &rm.reply.(*enrResponseV4).Record)
   485  	if err != nil {
   486  		return nil, err
   487  	}
   488  	if respN.ID() != n.ID() {
   489  		return nil, fmt.Errorf("invalid ID in response record")
   490  	}
   491  	if respN.Seq() < n.Seq() {
   492  		return n, nil // response record is older
   493  	}
   494  	if err := netutil.CheckRelayIP(addr.IP, respN.IP()); err != nil {
   495  		return nil, fmt.Errorf("invalid IP in response record: %v", err)
   496  	}
   497  	return respN, nil
   498  }
   499  
   500  // pending adds a reply matcher to the pending reply queue.
   501  // see the documentation of type replyMatcher for a detailed explanation.
   502  func (t *UDPv4) pending(id enode.ID, ip net.IP, ptype byte, callback replyMatchFunc) *replyMatcher {
   503  	ch := make(chan error, 1)
   504  	p := &replyMatcher{from: id, ip: ip, ptype: ptype, callback: callback, errc: ch}
   505  	select {
   506  	case t.addReplyMatcher <- p:
   507  		// loop will handle it
   508  	case <-t.closeCtx.Done():
   509  		ch <- errClosed
   510  	}
   511  	return p
   512  }
   513  
   514  // handleReply dispatches a reply packet, invoking reply matchers. It returns
   515  // whether any matcher considered the packet acceptable.
   516  func (t *UDPv4) handleReply(from enode.ID, fromIP net.IP, req packetV4) bool {
   517  	matched := make(chan bool, 1)
   518  	select {
   519  	case t.gotreply <- reply{from, fromIP, req, matched}:
   520  		// loop will handle it
   521  		return <-matched
   522  	case <-t.closeCtx.Done():
   523  		return false
   524  	}
   525  }
   526  
   527  // loop runs in its own goroutine. it keeps track of
   528  // the refresh timer and the pending reply queue.
   529  func (t *UDPv4) loop() {
   530  	defer t.wg.Done()
   531  
   532  	var (
   533  		plist        = list.New()
   534  		timeout      = time.NewTimer(0)
   535  		nextTimeout  *replyMatcher // head of plist when timeout was last reset
   536  		contTimeouts = 0           // number of continuous timeouts to do NTP checks
   537  		ntpWarnTime  = time.Unix(0, 0)
   538  	)
   539  	<-timeout.C // ignore first timeout
   540  	defer timeout.Stop()
   541  
   542  	resetTimeout := func() {
   543  		if plist.Front() == nil || nextTimeout == plist.Front().Value {
   544  			return
   545  		}
   546  		// Start the timer so it fires when the next pending reply has expired.
   547  		now := time.Now()
   548  		for el := plist.Front(); el != nil; el = el.Next() {
   549  			nextTimeout = el.Value.(*replyMatcher)
   550  			if dist := nextTimeout.deadline.Sub(now); dist < 2*respTimeout {
   551  				timeout.Reset(dist)
   552  				return
   553  			}
   554  			// Remove pending replies whose deadline is too far in the
   555  			// future. These can occur if the system clock jumped
   556  			// backwards after the deadline was assigned.
   557  			nextTimeout.errc <- errClockWarp
   558  			plist.Remove(el)
   559  		}
   560  		nextTimeout = nil
   561  		timeout.Stop()
   562  	}
   563  
   564  	for {
   565  		resetTimeout()
   566  
   567  		select {
   568  		case <-t.closeCtx.Done():
   569  			for el := plist.Front(); el != nil; el = el.Next() {
   570  				el.Value.(*replyMatcher).errc <- errClosed
   571  			}
   572  			return
   573  
   574  		case p := <-t.addReplyMatcher:
   575  			p.deadline = time.Now().Add(respTimeout)
   576  			plist.PushBack(p)
   577  
   578  		case r := <-t.gotreply:
   579  			var matched bool // whether any replyMatcher considered the reply acceptable.
   580  			for el := plist.Front(); el != nil; el = el.Next() {
   581  				p := el.Value.(*replyMatcher)
   582  				if p.from == r.from && p.ptype == r.data.kind() && p.ip.Equal(r.ip) {
   583  					ok, requestDone := p.callback(r.data)
   584  					matched = matched || ok
   585  					// Remove the matcher if callback indicates that all replies have been received.
   586  					if requestDone {
   587  						p.reply = r.data
   588  						p.errc <- nil
   589  						plist.Remove(el)
   590  					}
   591  					// Reset the continuous timeout counter (time drift detection)
   592  					contTimeouts = 0
   593  				}
   594  			}
   595  			r.matched <- matched
   596  
   597  		case now := <-timeout.C:
   598  			nextTimeout = nil
   599  
   600  			// Notify and remove callbacks whose deadline is in the past.
   601  			for el := plist.Front(); el != nil; el = el.Next() {
   602  				p := el.Value.(*replyMatcher)
   603  				if now.After(p.deadline) || now.Equal(p.deadline) {
   604  					p.errc <- errTimeout
   605  					plist.Remove(el)
   606  					contTimeouts++
   607  				}
   608  			}
   609  			// If we've accumulated too many timeouts, do an NTP time sync check
   610  			if contTimeouts > ntpFailureThreshold {
   611  				if time.Since(ntpWarnTime) >= ntpWarningCooldown {
   612  					ntpWarnTime = time.Now()
   613  					go checkClockDrift()
   614  				}
   615  				contTimeouts = 0
   616  			}
   617  		}
   618  	}
   619  }
   620  
   621  const (
   622  	macSize  = 256 / 8
   623  	sigSize  = 520 / 8
   624  	headSize = macSize + sigSize // space of packet frame data
   625  )
   626  
   627  var (
   628  	headSpace = make([]byte, headSize)
   629  
   630  	// Neighbors replies are sent across multiple packets to
   631  	// stay below the packet size limit. We compute the maximum number
   632  	// of entries by stuffing a packet until it grows too large.
   633  	maxNeighbors int
   634  )
   635  
   636  func init() {
   637  	p := neighborsV4{Expiration: ^uint64(0)}
   638  	maxSizeNode := rpcNode{IP: make(net.IP, 16), UDP: ^uint16(0), TCP: ^uint16(0)}
   639  	for n := 0; ; n++ {
   640  		p.Nodes = append(p.Nodes, maxSizeNode)
   641  		size, _, err := rlp.EncodeToReader(p)
   642  		if err != nil {
   643  			// If this ever happens, it will be caught by the unit tests.
   644  			panic("cannot encode: " + err.Error())
   645  		}
   646  		if headSize+size+1 >= maxPacketSize {
   647  			maxNeighbors = n
   648  			break
   649  		}
   650  	}
   651  }
   652  
   653  func (t *UDPv4) send(toaddr *net.UDPAddr, toid enode.ID, req packetV4) ([]byte, error) {
   654  	packet, hash, err := t.encode(t.priv, req)
   655  	if err != nil {
   656  		return hash, err
   657  	}
   658  	return hash, t.write(toaddr, toid, req.name(), packet)
   659  }
   660  
   661  func (t *UDPv4) write(toaddr *net.UDPAddr, toid enode.ID, what string, packet []byte) error {
   662  	_, err := t.conn.WriteToUDP(packet, toaddr)
   663  	t.log.Trace(">> "+what, "id", toid, "addr", toaddr, "err", err)
   664  	return err
   665  }
   666  
   667  func (t *UDPv4) encode(priv *ecdsa.PrivateKey, req packetV4) (packet, hash []byte, err error) {
   668  	name := req.name()
   669  	b := new(bytes.Buffer)
   670  	b.Write(headSpace)
   671  	b.WriteByte(req.kind())
   672  	if err := rlp.Encode(b, req); err != nil {
   673  		t.log.Error(fmt.Sprintf("Can't encode %s packet", name), "err", err)
   674  		return nil, nil, err
   675  	}
   676  	packet = b.Bytes()
   677  	sig, err := crypto.Sign(crypto.Keccak256(packet[headSize:]), priv)
   678  	if err != nil {
   679  		t.log.Error(fmt.Sprintf("Can't sign %s packet", name), "err", err)
   680  		return nil, nil, err
   681  	}
   682  	copy(packet[macSize:], sig)
   683  	// add the hash to the front. Note: this doesn't protect the
   684  	// packet in any way. Our public key will be part of this hash in
   685  	// The future.
   686  	hash = crypto.Keccak256(packet[macSize:])
   687  	copy(packet, hash)
   688  	return packet, hash, nil
   689  }
   690  
   691  // readLoop runs in its own goroutine. it handles incoming UDP packets.
   692  func (t *UDPv4) readLoop(unhandled chan<- ReadPacket) {
   693  	defer t.wg.Done()
   694  	if unhandled != nil {
   695  		defer close(unhandled)
   696  	}
   697  
   698  	buf := make([]byte, maxPacketSize)
   699  	for {
   700  		nbytes, from, err := t.conn.ReadFromUDP(buf)
   701  		if netutil.IsTemporaryError(err) {
   702  			// Ignore temporary read errors.
   703  			t.log.Debug("Temporary UDP read error", "err", err)
   704  			continue
   705  		} else if err != nil {
   706  			// Shut down the loop for permament errors.
   707  			if err != io.EOF {
   708  				t.log.Debug("UDP read error", "err", err)
   709  			}
   710  			return
   711  		}
   712  		if t.handlePacket(from, buf[:nbytes]) != nil && unhandled != nil {
   713  			select {
   714  			case unhandled <- ReadPacket{buf[:nbytes], from}:
   715  			default:
   716  			}
   717  		}
   718  	}
   719  }
   720  
   721  func (t *UDPv4) handlePacket(from *net.UDPAddr, buf []byte) error {
   722  	packet, fromKey, hash, err := decodeV4(buf)
   723  	if err != nil {
   724  		t.log.Debug("Bad discv4 packet", "addr", from, "err", err)
   725  		return err
   726  	}
   727  	fromID := fromKey.id()
   728  	if err == nil {
   729  		err = packet.preverify(t, from, fromID, fromKey)
   730  	}
   731  	t.log.Trace("<< "+packet.name(), "id", fromID, "addr", from, "err", err)
   732  	if err == nil {
   733  		packet.handle(t, from, fromID, hash)
   734  	}
   735  	return err
   736  }
   737  
   738  func decodeV4(buf []byte) (packetV4, encPubkey, []byte, error) {
   739  	if len(buf) < headSize+1 {
   740  		return nil, encPubkey{}, nil, errPacketTooSmall
   741  	}
   742  	hash, sig, sigdata := buf[:macSize], buf[macSize:headSize], buf[headSize:]
   743  	shouldhash := crypto.Keccak256(buf[macSize:])
   744  	if !bytes.Equal(hash, shouldhash) {
   745  		return nil, encPubkey{}, nil, errBadHash
   746  	}
   747  	fromKey, err := recoverNodeKey(crypto.Keccak256(buf[headSize:]), sig)
   748  	if err != nil {
   749  		return nil, fromKey, hash, err
   750  	}
   751  
   752  	var req packetV4
   753  	switch ptype := sigdata[0]; ptype {
   754  	case p_pingV4:
   755  		req = new(pingV4)
   756  	case p_pongV4:
   757  		req = new(pongV4)
   758  	case p_findnodeV4:
   759  		req = new(findnodeV4)
   760  	case p_neighborsV4:
   761  		req = new(neighborsV4)
   762  	case p_enrRequestV4:
   763  		req = new(enrRequestV4)
   764  	case p_enrResponseV4:
   765  		req = new(enrResponseV4)
   766  	default:
   767  		return nil, fromKey, hash, fmt.Errorf("unknown type: %d", ptype)
   768  	}
   769  	s := rlp.NewStream(bytes.NewReader(sigdata[1:]), 0)
   770  	err = s.Decode(req)
   771  	return req, fromKey, hash, err
   772  }
   773  
   774  // checkBond checks if the given node has a recent enough endpoint proof.
   775  func (t *UDPv4) checkBond(id enode.ID, ip net.IP) bool {
   776  	return time.Since(t.db.LastPongReceived(id, ip)) < bondExpiration
   777  }
   778  
   779  // ensureBond solicits a ping from a node if we haven't seen a ping from it for a while.
   780  // This ensures there is a valid endpoint proof on the remote end.
   781  func (t *UDPv4) ensureBond(toid enode.ID, toaddr *net.UDPAddr) {
   782  	tooOld := time.Since(t.db.LastPingReceived(toid, toaddr.IP)) > bondExpiration
   783  	if tooOld || t.db.FindFails(toid, toaddr.IP) > maxFindnodeFailures {
   784  		rm := t.sendPing(toid, toaddr, nil)
   785  		<-rm.errc
   786  		// Wait for them to ping back and process our pong.
   787  		time.Sleep(respTimeout)
   788  	}
   789  }
   790  
   791  // expired checks whether the given UNIX time stamp is in the past.
   792  func expired(ts uint64) bool {
   793  	return time.Unix(int64(ts), 0).Before(time.Now())
   794  }
   795  
   796  func seqFromTail(tail []rlp.RawValue) uint64 {
   797  	if len(tail) == 0 {
   798  		return 0
   799  	}
   800  	var seq uint64
   801  	rlp.DecodeBytes(tail[0], &seq)
   802  	return seq
   803  }
   804  
   805  // PING/v4
   806  
   807  func (req *pingV4) name() string { return "PING/v4" }
   808  func (req *pingV4) kind() byte   { return p_pingV4 }
   809  
   810  func (req *pingV4) preverify(t *UDPv4, from *net.UDPAddr, fromID enode.ID, fromKey encPubkey) error {
   811  	if expired(req.Expiration) {
   812  		return errExpired
   813  	}
   814  	key, err := decodePubkey(crypto.S256(), fromKey)
   815  	if err != nil {
   816  		return errors.New("invalid public key")
   817  	}
   818  	req.senderKey = key
   819  	return nil
   820  }
   821  
   822  func (req *pingV4) handle(t *UDPv4, from *net.UDPAddr, fromID enode.ID, mac []byte) {
   823  	// Reply.
   824  	seq, _ := rlp.EncodeToBytes(t.localNode.Node().Seq())
   825  	t.send(from, fromID, &pongV4{
   826  		To:         makeEndpoint(from, req.From.TCP),
   827  		ReplyTok:   mac,
   828  		Expiration: uint64(time.Now().Add(expiration).Unix()),
   829  		Rest:       []rlp.RawValue{seq},
   830  	})
   831  
   832  	// Ping back if our last pong on file is too far in the past.
   833  	n := wrapNode(enode.NewV4(req.senderKey, from.IP, int(req.From.TCP), from.Port))
   834  	if time.Since(t.db.LastPongReceived(n.ID(), from.IP)) > bondExpiration {
   835  		t.sendPing(fromID, from, func() {
   836  			t.tab.addVerifiedNode(n)
   837  		})
   838  	} else {
   839  		t.tab.addVerifiedNode(n)
   840  	}
   841  
   842  	// Update node database and endpoint predictor.
   843  	t.db.UpdateLastPingReceived(n.ID(), from.IP, time.Now())
   844  	t.localNode.UDPEndpointStatement(from, &net.UDPAddr{IP: req.To.IP, Port: int(req.To.UDP)})
   845  }
   846  
   847  // PONG/v4
   848  
   849  func (req *pongV4) name() string { return "PONG/v4" }
   850  func (req *pongV4) kind() byte   { return p_pongV4 }
   851  
   852  func (req *pongV4) preverify(t *UDPv4, from *net.UDPAddr, fromID enode.ID, fromKey encPubkey) error {
   853  	if expired(req.Expiration) {
   854  		return errExpired
   855  	}
   856  	if !t.handleReply(fromID, from.IP, req) {
   857  		return errUnsolicitedReply
   858  	}
   859  	return nil
   860  }
   861  
   862  func (req *pongV4) handle(t *UDPv4, from *net.UDPAddr, fromID enode.ID, mac []byte) {
   863  	t.localNode.UDPEndpointStatement(from, &net.UDPAddr{IP: req.To.IP, Port: int(req.To.UDP)})
   864  	t.db.UpdateLastPongReceived(fromID, from.IP, time.Now())
   865  }
   866  
   867  // FINDNODE/v4
   868  
   869  func (req *findnodeV4) name() string { return "FINDNODE/v4" }
   870  func (req *findnodeV4) kind() byte   { return p_findnodeV4 }
   871  
   872  func (req *findnodeV4) preverify(t *UDPv4, from *net.UDPAddr, fromID enode.ID, fromKey encPubkey) error {
   873  	if expired(req.Expiration) {
   874  		return errExpired
   875  	}
   876  	if !t.checkBond(fromID, from.IP) {
   877  		// No endpoint proof pong exists, we don't process the packet. This prevents an
   878  		// attack vector where the discovery protocol could be used to amplify traffic in a
   879  		// DDOS attack. A malicious actor would send a findnode request with the IP address
   880  		// and UDP port of the target as the source address. The recipient of the findnode
   881  		// packet would then send a neighbors packet (which is a much bigger packet than
   882  		// findnode) to the victim.
   883  		return errUnknownNode
   884  	}
   885  	return nil
   886  }
   887  
   888  func (req *findnodeV4) handle(t *UDPv4, from *net.UDPAddr, fromID enode.ID, mac []byte) {
   889  	// Determine closest nodes.
   890  	target := enode.ID(crypto.Keccak256Hash(req.Target[:]))
   891  	t.tab.mutex.Lock()
   892  	closest := t.tab.closest(target, bucketSize, true).entries
   893  	t.tab.mutex.Unlock()
   894  
   895  	// Send neighbors in chunks with at most maxNeighbors per packet
   896  	// to stay below the packet size limit.
   897  	p := neighborsV4{Expiration: uint64(time.Now().Add(expiration).Unix())}
   898  	var sent bool
   899  	for _, n := range closest {
   900  		if netutil.CheckRelayIP(from.IP, n.IP()) == nil {
   901  			p.Nodes = append(p.Nodes, nodeToRPC(n))
   902  		}
   903  		if len(p.Nodes) == maxNeighbors {
   904  			t.send(from, fromID, &p)
   905  			p.Nodes = p.Nodes[:0]
   906  			sent = true
   907  		}
   908  	}
   909  	if len(p.Nodes) > 0 || !sent {
   910  		t.send(from, fromID, &p)
   911  	}
   912  }
   913  
   914  // NEIGHBORS/v4
   915  
   916  func (req *neighborsV4) name() string { return "NEIGHBORS/v4" }
   917  func (req *neighborsV4) kind() byte   { return p_neighborsV4 }
   918  
   919  func (req *neighborsV4) preverify(t *UDPv4, from *net.UDPAddr, fromID enode.ID, fromKey encPubkey) error {
   920  	if expired(req.Expiration) {
   921  		return errExpired
   922  	}
   923  	if !t.handleReply(fromID, from.IP, req) {
   924  		return errUnsolicitedReply
   925  	}
   926  	return nil
   927  }
   928  
   929  func (req *neighborsV4) handle(t *UDPv4, from *net.UDPAddr, fromID enode.ID, mac []byte) {
   930  }
   931  
   932  // ENRREQUEST/v4
   933  
   934  func (req *enrRequestV4) name() string { return "ENRREQUEST/v4" }
   935  func (req *enrRequestV4) kind() byte   { return p_enrRequestV4 }
   936  
   937  func (req *enrRequestV4) preverify(t *UDPv4, from *net.UDPAddr, fromID enode.ID, fromKey encPubkey) error {
   938  	if expired(req.Expiration) {
   939  		return errExpired
   940  	}
   941  	if !t.checkBond(fromID, from.IP) {
   942  		return errUnknownNode
   943  	}
   944  	return nil
   945  }
   946  
   947  func (req *enrRequestV4) handle(t *UDPv4, from *net.UDPAddr, fromID enode.ID, mac []byte) {
   948  	t.send(from, fromID, &enrResponseV4{
   949  		ReplyTok: mac,
   950  		Record:   *t.localNode.Node().Record(),
   951  	})
   952  }
   953  
   954  // ENRRESPONSE/v4
   955  
   956  func (req *enrResponseV4) name() string { return "ENRRESPONSE/v4" }
   957  func (req *enrResponseV4) kind() byte   { return p_enrResponseV4 }
   958  
   959  func (req *enrResponseV4) preverify(t *UDPv4, from *net.UDPAddr, fromID enode.ID, fromKey encPubkey) error {
   960  	if !t.handleReply(fromID, from.IP, req) {
   961  		return errUnsolicitedReply
   962  	}
   963  	return nil
   964  }
   965  
   966  func (req *enrResponseV4) handle(t *UDPv4, from *net.UDPAddr, fromID enode.ID, mac []byte) {
   967  }