Connection Gater support

api/api_common.go

@@ -13,6 +13,7 @@ import (
 	protocol "github.com/libp2p/go-libp2p-core/protocol"
 
 	"github.com/filecoin-project/lotus/build"
+	"github.com/filecoin-project/lotus/node/modules/dtypes"
 )
 
 type Common interface {
@@ -46,6 +47,11 @@ type Common interface {
 	// usage and current rate per protocol
 	NetBandwidthStatsByProtocol(ctx context.Context) (map[protocol.ID]metrics.Stats, error)
 
+	// ConnectionGater API
+	NetBlockAdd(ctx context.Context, acl dtypes.NetBlockList) error
+	NetBlockRemove(ctx context.Context, acl dtypes.NetBlockList) error
+	NetBlockList(ctx context.Context) (dtypes.NetBlockList, error)
+
 	// MethodGroup: Common
 
 	// ID returns peerID of libp2p node backing this API

api/apistruct/struct.go

@@ -60,6 +60,9 @@ type CommonStruct struct {
 		NetBandwidthStatsByPeer     func(ctx context.Context) (map[string]metrics.Stats, error)      `perm:"read"`
 		NetBandwidthStatsByProtocol func(ctx context.Context) (map[protocol.ID]metrics.Stats, error) `perm:"read"`
 		NetAgentVersion             func(ctx context.Context, p peer.ID) (string, error)             `perm:"read"`
+		NetBlockAdd                 func(ctx context.Context, acl dtypes.NetBlockList) error         `perm:"admin"`
+		NetBlockRemove              func(ctx context.Context, acl dtypes.NetBlockList) error         `perm:"admin"`
+		NetBlockList                func(ctx context.Context) (dtypes.NetBlockList, error)           `perm:"read"`
 
 		ID      func(context.Context) (peer.ID, error)     `perm:"read"`
 		Version func(context.Context) (api.Version, error) `perm:"read"`
@@ -495,6 +498,18 @@ func (c *CommonStruct) NetBandwidthStatsByProtocol(ctx context.Context) (map[pro
 	return c.Internal.NetBandwidthStatsByProtocol(ctx)
 }
 
+func (c *CommonStruct) NetBlockAdd(ctx context.Context, acl dtypes.NetBlockList) error {
+	return c.Internal.NetBlockAdd(ctx, acl)
+}
+
+func (c *CommonStruct) NetBlockRemove(ctx context.Context, acl dtypes.NetBlockList) error {
+	return c.Internal.NetBlockRemove(ctx, acl)
+}
+
+func (c *CommonStruct) NetBlockList(ctx context.Context) (dtypes.NetBlockList, error) {
+	return c.Internal.NetBlockList(ctx)
+}
+
 func (c *CommonStruct) NetAgentVersion(ctx context.Context, p peer.ID) (string, error) {
 	return c.Internal.NetAgentVersion(ctx, p)
 }

cli/net.go

@@ -20,6 +20,7 @@ import (
 
 	"github.com/filecoin-project/lotus/chain/types"
 	"github.com/filecoin-project/lotus/lib/addrutil"
+	"github.com/filecoin-project/lotus/node/modules/dtypes"
 )
 
 var netCmd = &cli.Command{
@@ -34,6 +35,7 @@ var netCmd = &cli.Command{
 		netScores,
 		NetReachability,
 		NetBandwidthCmd,
+		NetBlockCmd,
 	},
 }
 
@@ -375,3 +377,202 @@ var NetBandwidthCmd = &cli.Command{
 
 	},
 }
+
+var NetBlockCmd = &cli.Command{
+	Name:  "block",
+	Usage: "Manage network connection gating rules",
+	Subcommands: []*cli.Command{
+		NetBlockAddCmd,
+		NetBlockRemoveCmd,
+		NetBlockListCmd,
+	},
+}
+
+var NetBlockAddCmd = &cli.Command{
+	Name:  "add",
+	Usage: "Add connection gating rules",
+	Subcommands: []*cli.Command{
+		NetBlockAddPeer,
+		NetBlockAddIP,
+		NetBlockAddSubnet,
+	},
+}
+
+var NetBlockAddPeer = &cli.Command{
+	Name:      "peer",
+	Usage:     "Block a peer",
+	ArgsUsage: "<Peer> ...",
+	Action: func(cctx *cli.Context) error {
+		api, closer, err := GetAPI(cctx)
+		if err != nil {
+			return err
+		}
+		defer closer()
+		ctx := ReqContext(cctx)
+
+		var peers []peer.ID
+		for _, s := range cctx.Args().Slice() {
+			p, err := peer.Decode(s)
+			if err != nil {
+				return err
+			}
+
+			peers = append(peers, p)
+		}
+
+		return api.NetBlockAdd(ctx, dtypes.NetBlockList{Peers: peers})
+	},
+}
+
+var NetBlockAddIP = &cli.Command{
+	Name:      "ip",
+	Usage:     "Block an IP address",
+	ArgsUsage: "<IP> ...",
+	Action: func(cctx *cli.Context) error {
+		api, closer, err := GetAPI(cctx)
+		if err != nil {
+			return err
+		}
+		defer closer()
+		ctx := ReqContext(cctx)
+
+		return api.NetBlockAdd(ctx, dtypes.NetBlockList{IPAddrs: cctx.Args().Slice()})
+	},
+}
+
+var NetBlockAddSubnet = &cli.Command{
+	Name:      "subnet",
+	Usage:     "Block an IP subnet",
+	ArgsUsage: "<CIDR> ...",
+	Action: func(cctx *cli.Context) error {
+		api, closer, err := GetAPI(cctx)
+		if err != nil {
+			return err
+		}
+		defer closer()
+		ctx := ReqContext(cctx)
+
+		return api.NetBlockAdd(ctx, dtypes.NetBlockList{IPSubnets: cctx.Args().Slice()})
+	},
+}
+
+var NetBlockRemoveCmd = &cli.Command{
+	Name:  "remove",
+	Usage: "Remove connection gating rules",
+	Subcommands: []*cli.Command{
+		NetBlockRemovePeer,
+		NetBlockRemoveIP,
+		NetBlockRemoveSubnet,
+	},
+}
+
+var NetBlockRemovePeer = &cli.Command{
+	Name:      "peer",
+	Usage:     "Unblock a peer",
+	ArgsUsage: "<Peer> ...",
+	Action: func(cctx *cli.Context) error {
+		api, closer, err := GetAPI(cctx)
+		if err != nil {
+			return err
+		}
+		defer closer()
+		ctx := ReqContext(cctx)
+
+		var peers []peer.ID
+		for _, s := range cctx.Args().Slice() {
+			p, err := peer.Decode(s)
+			if err != nil {
+				return err
+			}
+
+			peers = append(peers, p)
+		}
+
+		return api.NetBlockRemove(ctx, dtypes.NetBlockList{Peers: peers})
+	},
+}
+
+var NetBlockRemoveIP = &cli.Command{
+	Name:      "ip",
+	Usage:     "Unblock an IP address",
+	ArgsUsage: "<IP> ...",
+	Action: func(cctx *cli.Context) error {
+		api, closer, err := GetAPI(cctx)
+		if err != nil {
+			return err
+		}
+		defer closer()
+		ctx := ReqContext(cctx)
+
+		return api.NetBlockRemove(ctx, dtypes.NetBlockList{IPAddrs: cctx.Args().Slice()})
+	},
+}
+
+var NetBlockRemoveSubnet = &cli.Command{
+	Name:      "subnet",
+	Usage:     "Unblock an IP subnet",
+	ArgsUsage: "<CIDR> ...",
+	Action: func(cctx *cli.Context) error {
+		api, closer, err := GetAPI(cctx)
+		if err != nil {
+			return err
+		}
+		defer closer()
+		ctx := ReqContext(cctx)
+
+		return api.NetBlockRemove(ctx, dtypes.NetBlockList{IPSubnets: cctx.Args().Slice()})
+	},
+}
+
+var NetBlockListCmd = &cli.Command{
+	Name:  "list",
+	Usage: "list connection gating rules",
+	Action: func(cctx *cli.Context) error {
+		api, closer, err := GetAPI(cctx)
+		if err != nil {
+			return err
+		}
+		defer closer()
+		ctx := ReqContext(cctx)
+
+		acl, err := api.NetBlockList(ctx)
+		if err != nil {
+			return err
+		}
+
+		if len(acl.Peers) != 0 {
+			sort.Slice(acl.Peers, func(i, j int) bool {
+				return strings.Compare(string(acl.Peers[i]), string(acl.Peers[j])) > 0
+			})
+
+			fmt.Println("Blocked Peers:")
+			for _, p := range acl.Peers {
+				fmt.Printf("\t%s\n", p)
+			}
+		}
+
+		if len(acl.IPAddrs) != 0 {
+			sort.Slice(acl.IPAddrs, func(i, j int) bool {
+				return strings.Compare(acl.IPAddrs[i], acl.IPAddrs[j]) < 0
+			})
+
+			fmt.Println("Blocked IPs:")
+			for _, a := range acl.IPAddrs {
+				fmt.Printf("\t%s\n", a)
+			}
+		}
+
+		if len(acl.IPSubnets) != 0 {
+			sort.Slice(acl.IPSubnets, func(i, j int) bool {
+				return strings.Compare(acl.IPSubnets[i], acl.IPSubnets[j]) < 0
+			})
+
+			fmt.Println("Blocked Subnets:")
+			for _, n := range acl.IPSubnets {
+				fmt.Printf("\t%s\n", n)
+			}
+		}
+
+		return nil
+	},
+}

node/builder.go

@@ -25,6 +25,7 @@ import (
 	"github.com/libp2p/go-libp2p-peerstore/pstoremem"
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
 	record "github.com/libp2p/go-libp2p-record"
+	"github.com/libp2p/go-libp2p/p2p/net/conngater"
 	"github.com/multiformats/go-multiaddr"
 	"go.uber.org/fx"
 	"golang.org/x/xerrors"
@@ -98,6 +99,7 @@ var (
 	ConnectionManagerKey = special{9}  // Libp2p option
 	AutoNATSvcKey        = special{10} // Libp2p option
 	BandwidthReporterKey = special{11} // Libp2p option
+	ConnGaterKey         = special{12} // libp2p option
 )
 
 type invoke int
@@ -220,6 +222,9 @@ func libp2p() Option {
 
 		Override(PstoreAddSelfKeysKey, lp2p.PstoreAddSelfKeys),
 		Override(StartListeningKey, lp2p.StartListening(config.DefaultFullNode().Libp2p.ListenAddresses)),
+
+		Override(new(*conngater.BasicConnectionGater), lp2p.ConnGater),
+		Override(ConnGaterKey, lp2p.ConnGaterOption),
 	)
 }
 

node/impl/common/common.go

@@ -15,6 +15,7 @@ import (
 	protocol "github.com/libp2p/go-libp2p-core/protocol"
 	swarm "github.com/libp2p/go-libp2p-swarm"
 	basichost "github.com/libp2p/go-libp2p/p2p/host/basic"
+	"github.com/libp2p/go-libp2p/p2p/net/conngater"
 	ma "github.com/multiformats/go-multiaddr"
 	"go.uber.org/fx"
 	"golang.org/x/xerrors"
@@ -36,6 +37,7 @@ type CommonAPI struct {
 	RawHost      lp2p.RawHost
 	Host         host.Host
 	Router       lp2p.BaseIpfsRouting
+	ConnGater    *conngater.BasicConnectionGater
 	Reporter     metrics.Reporter
 	Sk           *dtypes.ScoreKeeper
 	ShutdownChan dtypes.ShutdownChan