add enableConsensusIPWhitelist

okx · Jul 8, 2024 · 8867016 · 8867016
1 parent aefc3f3
commit 8867016
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 28 deletions.
diff --git a/app/config/config.go b/app/config/config.go
@@ -138,7 +138,8 @@ type OecConfig struct {
 
 	maxTxLimitPerPeer uint64
 
-	consensusIPWhitelist []string
+	enableConsensusIPWhitelist bool
+	consensusIPWhitelist       []string
 }
 
 const (
@@ -177,6 +178,7 @@ const (
 	FlagCsTimeoutPrecommit         = "consensus.timeout_precommit"
 	FlagCsTimeoutPrecommitDelta    = "consensus.timeout_precommit_delta"
 	FlagCsTimeoutCommit            = "consensus.timeout_commit"
+	FlagEnableConsensusIPWhitelist = "consensus.enable_ip_whitelist"
 	FlagConsensusIPWhitelist       = "consensus.ip_whitelist"
 	FlagEnableHasBlockPartMsg      = "enable-blockpart-ack"
 	FlagDebugGcInterval            = "debug.gc-interval"
@@ -334,6 +336,7 @@ func (c *OecConfig) loadFromConfig() {
 	c.SetCommitGapHeight(viper.GetInt64(server.FlagCommitGapHeight))
 	c.SetSentryAddrs(viper.GetString(FlagSentryAddrs))
 	c.SetNodeKeyWhitelist(viper.GetString(FlagNodeKeyWhitelist))
+	c.SetEnableConsensusIPWhitelist(viper.GetBool(FlagEnableConsensusIPWhitelist))
 	c.SetConsensusIPWhitelist(viper.GetString(FlagConsensusIPWhitelist))
 	c.SetEnableWtx(viper.GetBool(FlagEnableWrappedTx))
 	c.SetEnableAnalyzer(viper.GetBool(trace.FlagEnableAnalyzer))
@@ -515,6 +518,12 @@ func (c *OecConfig) updateFromKVStr(k, v string) {
 		c.SetPendingPoolBlacklist(v)
 	case FlagNodeKeyWhitelist:
 		c.SetNodeKeyWhitelist(v)
+	case FlagEnableConsensusIPWhitelist:
+		r, err := strconv.ParseBool(v)
+		if err != nil {
+			return
+		}
+		c.SetEnableConsensusIPWhitelist(r)
 	case FlagConsensusIPWhitelist:
 		c.SetConsensusIPWhitelist(v)
 	case FlagMempoolCheckTxCost:
@@ -816,6 +825,10 @@ func (c *OecConfig) GetNodeKeyWhitelist() []string {
 	return c.nodeKeyWhitelist
 }
 
+func (c *OecConfig) GetEnableConsensusIPWhitelist() bool {
+	return c.enableConsensusIPWhitelist
+}
+
 func (c *OecConfig) GetConsensusIPWhitelist() []string {
 	return c.consensusIPWhitelist
 }
@@ -841,6 +854,10 @@ func (c *OecConfig) SetNodeKeyWhitelist(value string) {
 	}
 }
 
+func (c *OecConfig) SetEnableConsensusIPWhitelist(value bool) {
+	c.enableConsensusIPWhitelist = value
+}
+
 func (c *OecConfig) SetConsensusIPWhitelist(value string) {
 	ipList := resolveNodeKeyWhitelist(value)
 	for _, ip := range ipList {

diff --git a/libs/tendermint/blockchain/v0/reactor.go b/libs/tendermint/blockchain/v0/reactor.go
@@ -203,16 +203,18 @@ func (bcR *BlockchainReactor) respondToPeer(msg *bcBlockRequestMessage,
 
 // Receive implements Reactor by handling 4 types of messages (look below).
 func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) {
-	okIP := false
-	for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() {
-		if src.RemoteIP().String() == ip {
-			okIP = true
-			break
+	if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() {
+		okIP := false
+		for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() {
+			if src.RemoteIP().String() == ip {
+				okIP = true
+				break
+			}
+		}
+		if !okIP {
+			bcR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String())
+			return
 		}
-	}
-	if !okIP {
-		bcR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String())
-		return
 	}
 
 	msg, err := decodeMsg(msgBytes)

diff --git a/libs/tendermint/config/dynamic_config_okchain.go b/libs/tendermint/config/dynamic_config_okchain.go
@@ -41,6 +41,7 @@ type IDynamicConfig interface {
 	GetMaxSubscriptionClients() int
 	GetPendingPoolBlacklist() string
 	GetMaxTxLimitPerPeer() uint64
+	GetEnableConsensusIPWhitelist() bool
 	GetConsensusIPWhitelist() []string
 }
 
@@ -235,6 +236,8 @@ func (c MockDynamicConfig) GetMaxTxLimitPerPeer() uint64 {
 	return DefaultMempoolConfig().MaxTxLimitPerPeer
 }
 
+func (c MockDynamicConfig) GetEnableConsensusIPWhitelist() bool { return false }
+
 func (c MockDynamicConfig) GetConsensusIPWhitelist() []string {
 	return []string{}
 }
diff --git a/libs/tendermint/consensus/reactor.go b/libs/tendermint/consensus/reactor.go
@@ -343,16 +343,18 @@ func (conR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) {
 		return
 	}
 
-	okIP := false
-	for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() {
-		if src.RemoteIP().String() == ip {
-			okIP = true
-			break
+	if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() {
+		okIP := false
+		for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() {
+			if src.RemoteIP().String() == ip {
+				okIP = true
+				break
+			}
+		}
+		if !okIP {
+			conR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String())
+			return
 		}
-	}
-	if !okIP {
-		conR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String())
-		return
 	}
 
 	msg, err := decodeMsg(msgBytes)

diff --git a/libs/tendermint/evidence/reactor.go b/libs/tendermint/evidence/reactor.go
@@ -64,16 +64,18 @@ func (evR *Reactor) AddPeer(peer p2p.Peer) {
 // Receive implements Reactor.
 // It adds any received evidence to the evpool.
 func (evR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) {
-	okIP := false
-	for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() {
-		if src.RemoteIP().String() == ip {
-			okIP = true
-			break
+	if cfg.DynamicConfig.GetEnableConsensusIPWhitelist() {
+		okIP := false
+		for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() {
+			if src.RemoteIP().String() == ip {
+				okIP = true
+				break
+			}
+		}
+		if !okIP {
+			evR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String())
+			return
 		}
-	}
-	if !okIP {
-		evR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String())
-		return
 	}
 
 	msg, err := decodeMsg(msgBytes)