protector

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 13, 2019 License: AGPL-3.0 Imports: 19 Imported by: 0

Documentation

Overview

Package protector contains implementations of the github.com/libp2p/go-libp2p-interface-pnet/ipnet.Protector interface.

Use these implementations in the swarm service to protect a private network.

Index

Constants

View Source 
const (
	// DefaultConfigPath is the location of the config file.
	DefaultConfigPath = "data/network/config.json"
)
View Source 
const (
	// PrivateWithCoordinatorMode uses a coordinator node
	// for network participants updates.
	PrivateWithCoordinatorMode = "private-with-coordinator"
)

Supported network protection modes.

Variables

View Source 
var (
	ErrInvalidCoordinatorID   = errors.New("invalid coordinator ID")
	ErrMissingCoordinatorAddr = errors.New("missing coordinator address")
	ErrInvalidCoordinatorAddr = errors.New("invalid coordinator address")
)

Errors encountered when creating a NetworkMode.

View Source 
var (
	// ErrConnectionRefused is returned when a connection is refused.
	ErrConnectionRefused = errors.New("connection refused")
)
View Source 
var (
	ErrMissingNonLocalAddr = errors.New("need a non-local peer address")
)

Errors used by the network configuration.

Functions

This section is empty.

Types

type ConfigSaver 

type ConfigSaver struct {
	NetworkConfig
	// contains filtered or unexported fields
}

ConfigSaver wraps a NetworkConfig implementation and saves it to disk whenever it changes.

func (*ConfigSaver) AddPeer 

func (c *ConfigSaver) AddPeer(ctx context.Context, peerID peer.ID, addrs []multiaddr.Multiaddr) error

AddPeer adds a peer to the network configuration and saves it to disk.

func (*ConfigSaver) RemovePeer 

func (c *ConfigSaver) RemovePeer(ctx context.Context, peerID peer.ID) error

RemovePeer removes a peer from the network configuration and saves it to disk.

func (*ConfigSaver) Reset 

func (c *ConfigSaver) Reset(ctx context.Context, networkConfig *pb.NetworkConfig) error

Reset clears the current configuration and applies the given one. It assumes that the incoming configuration signature has been validated. It saves it to disk.

func (*ConfigSaver) Save 

func (c *ConfigSaver) Save(ctx context.Context) error

Save saves the network configuration to disk.

func (*ConfigSaver) SetNetworkState 

func (c *ConfigSaver) SetNetworkState(ctx context.Context, networkState pb.NetworkState) error

SetNetworkState sets the current state of the network protection and saves it to disk.

type ConfigSigner 

type ConfigSigner struct {
	NetworkConfig
	// contains filtered or unexported fields
}

ConfigSigner wraps a NetworkConfig implementation and signs it whenever it changes.

func (*ConfigSigner) AddPeer 

func (c *ConfigSigner) AddPeer(ctx context.Context, peerID peer.ID, addrs []multiaddr.Multiaddr) error

AddPeer adds a peer to the network configuration and updates the signature.

func (*ConfigSigner) RemovePeer 

func (c *ConfigSigner) RemovePeer(ctx context.Context, peerID peer.ID) error

RemovePeer removes a peer from the network configuration and updates the signature.

func (*ConfigSigner) Reset 

func (c *ConfigSigner) Reset(ctx context.Context, networkConfig *pb.NetworkConfig) error

Reset clears the current configuration and applies the given one. It assumes that the incoming configuration signature has been validated. It updates the local signature.

func (*ConfigSigner) SetNetworkState 

func (c *ConfigSigner) SetNetworkState(ctx context.Context, networkState pb.NetworkState) error

SetNetworkState sets the current state of the network protection and updates the signature.

type InMemoryConfig 

type InMemoryConfig struct {
	// contains filtered or unexported fields
}

InMemoryConfig implements the NetworkConfig interface. It only keeps the configuration in RAM. It should be wrapped to add more features (e.g. signing the config when changes happen, configuring the underlying protector, saving the configuration to a file or database, etc).

func (*InMemoryConfig) AddPeer 

func (c *InMemoryConfig) AddPeer(ctx context.Context, peerID peer.ID, addrs []multiaddr.Multiaddr) error

AddPeer adds a peer to the network configuration.

func (*InMemoryConfig) AllowedAddrs 

func (c *InMemoryConfig) AllowedAddrs(ctx context.Context, peerID peer.ID) []multiaddr.Multiaddr

AllowedAddrs returns the whitelisted addresses of the given peer.

func (*InMemoryConfig) AllowedPeers 

func (c *InMemoryConfig) AllowedPeers(ctx context.Context) []peer.ID

AllowedPeers returns the IDs of the peers in the network.

func (*InMemoryConfig) Copy 

func (c *InMemoryConfig) Copy(ctx context.Context) pb.NetworkConfig

Copy returns a copy of the underlying configuration.

func (*InMemoryConfig) IsAllowed 

func (c *InMemoryConfig) IsAllowed(ctx context.Context, peerID peer.ID) bool

IsAllowed returns true if the given peer is allowed in the network.

func (*InMemoryConfig) NetworkState 

func (c *InMemoryConfig) NetworkState(ctx context.Context) pb.NetworkState

NetworkState returns the current state of the network protection.

func (*InMemoryConfig) RemovePeer 

func (c *InMemoryConfig) RemovePeer(ctx context.Context, peerID peer.ID) error

RemovePeer removes a peer from the network configuration.

func (*InMemoryConfig) Reset 

func (c *InMemoryConfig) Reset(ctx context.Context, networkConfig *pb.NetworkConfig) error

Reset clears the current configuration and applies the given one. It assumes that the incoming configuration signature has been validated.

func (*InMemoryConfig) SetNetworkState 

func (c *InMemoryConfig) SetNetworkState(ctx context.Context, networkState pb.NetworkState) error

SetNetworkState sets the current state of the network protection.

func (*InMemoryConfig) Sign 

func (c *InMemoryConfig) Sign(ctx context.Context, privKey crypto.PrivKey) error

Sign signs the underlying configuration.

type NetworkConfig 

type NetworkConfig interface {
	NetworkPeersReader
	NetworkPeersWriter

	NetworkStateReader
	NetworkStateWriter

	// Sign signs the underlying configuration.
	Sign(context.Context, crypto.PrivKey) error

	// Copy returns a copy of the underlying configuration.
	Copy(context.Context) pb.NetworkConfig

	// Reset clears the current configuration and applies the given one.
	// It assumes that the incoming configuration signature has been validated.
	Reset(context.Context, *pb.NetworkConfig) error
}

NetworkConfig manages the private network's configuration.

func LoadOrInitNetworkConfig 

func LoadOrInitNetworkConfig(
	ctx context.Context,
	configPath string,
	privKey crypto.PrivKey,
	protect Protector,
	peerStore peerstore.Peerstore,
) (NetworkConfig, error)

LoadOrInitNetworkConfig loads a NetworkConfig from the given file or creates it if missing.

func NewInMemoryConfig 

func NewInMemoryConfig(ctx context.Context, networkConfig *pb.NetworkConfig) (NetworkConfig, error)

NewInMemoryConfig creates a thread-safe NetworkConfig. It's the source of truth for the network configuration and should be the only object mutating the underlying data.

func WrapWithProtectUpdater 

func WrapWithProtectUpdater(
	networkConfig NetworkConfig,
	protect Protector,
	peerStore peerstore.Peerstore,
) NetworkConfig

WrapWithProtectUpdater wraps a NetworkConfig implementation and updates the given protector when the configuration changes.

func WrapWithSaver 

func WrapWithSaver(networkConfig NetworkConfig, configPath string) NetworkConfig

WrapWithSaver wraps a NetworkConfig implementation and saves it to disk whenever it changes.

func WrapWithSignature 

func WrapWithSignature(networkConfig NetworkConfig, privKey crypto.PrivKey) NetworkConfig

WrapWithSignature wraps a NetworkConfig implementation and signs it whenever it changes.

type NetworkConfigReader 

type NetworkConfigReader interface {
	NetworkStateReader
	NetworkPeersReader
}

NetworkConfigReader provides read access to the network configuration.

type NetworkConfigWriter 

type NetworkConfigWriter interface {
	NetworkStateWriter
	NetworkPeersWriter
}

NetworkConfigWriter provides write access to the network configuration.

type NetworkMode 

type NetworkMode struct {
	ProtectionMode   string
	IsCoordinator    bool
	CoordinatorID    peer.ID
	CoordinatorAddrs []multiaddr.Multiaddr
}

NetworkMode describes the mode of operation of the network. It contains all the configured values necessary for operating the network correctly. It is used to configure the network protocols used by nodes.

func NewCoordinatedNetworkMode 

func NewCoordinatedNetworkMode(coordinatorID string, coordinatorAddrs []string) (*NetworkMode, error)

NewCoordinatedNetworkMode returns the NetworkMode for a network that uses a coordinator.

func NewCoordinatorNetworkMode 

func NewCoordinatorNetworkMode() *NetworkMode

NewCoordinatorNetworkMode returns the NetworkMode for a network coordinator.

type NetworkPeersReader 

type NetworkPeersReader interface {
	IsAllowed(context.Context, peer.ID) bool
	AllowedPeers(context.Context) []peer.ID
	AllowedAddrs(context.Context, peer.ID) []multiaddr.Multiaddr
}

NetworkPeersReader provides read access to the network peers list.

type NetworkPeersWriter 

type NetworkPeersWriter interface {
	AddPeer(context.Context, peer.ID, []multiaddr.Multiaddr) error
	RemovePeer(context.Context, peer.ID) error
}

NetworkPeersWriter provides write access to the network peers list.

type NetworkStateReader 

type NetworkStateReader interface {
	NetworkState(context.Context) pb.NetworkState
}

NetworkStateReader provides read access to the network state.

type NetworkStateWriter 

type NetworkStateWriter interface {
	SetNetworkState(context.Context, pb.NetworkState) error
}

NetworkStateWriter provides write access to the network state.

type NetworkUpdate 

type NetworkUpdate struct {
	Type   NetworkUpdateType
	PeerID peer.ID
}

NetworkUpdate describes a change in a private network.

func CreateAddNetworkUpdate 

func CreateAddNetworkUpdate(peerID peer.ID) NetworkUpdate

CreateAddNetworkUpdate creates an update to add a peer to the network.

func CreateRemoveNetworkUpdate 

func CreateRemoveNetworkUpdate(peerID peer.ID) NetworkUpdate

CreateRemoveNetworkUpdate creates an update to remove a peer from the network.

type NetworkUpdateType 

type NetworkUpdateType byte

NetworkUpdateType defines the operations supported by a private network. 

const (
	// Add a peer.
	Add NetworkUpdateType = 1
	// Remove a peer.
	Remove NetworkUpdateType = 2
)

Operations supported by a private network.

type PrivateNetwork 

type PrivateNetwork struct {
	// contains filtered or unexported fields
}

PrivateNetwork implements the github.com/libp2p/go-libp2p-interface-pnet/ipnet.Protector interface. It protects a network by only allowing whitelisted peers to connect.

func (*PrivateNetwork) AllowedAddrs 

func (p *PrivateNetwork) AllowedAddrs(ctx context.Context) []multiaddr.Multiaddr

AllowedAddrs returns all addresses we allow connections to and from.

func (*PrivateNetwork) AllowedPeers 

func (p *PrivateNetwork) AllowedPeers(ctx context.Context) []peer.ID

AllowedPeers returns the list of whitelisted peers.

func (*PrivateNetwork) Fingerprint 

func (p *PrivateNetwork) Fingerprint() []byte

Fingerprint returns a hash of the participants list.

func (*PrivateNetwork) ListenForUpdates 

func (p *PrivateNetwork) ListenForUpdates(updateChan <-chan NetworkUpdate)

ListenForUpdates listens for network updates. This is a blocking call that should be made in a dedicated go routine. Closing the channel will stop the listener.

func (*PrivateNetwork) Protect 

func (p *PrivateNetwork) Protect(conn net.Conn) (net.Conn, error)

Protect drops any connection attempt from or to a nonwhitelisted peer.

type PrivateNetworkWithBootstrap 

type PrivateNetworkWithBootstrap struct {
	// contains filtered or unexported fields
}

PrivateNetworkWithBootstrap implements the github.com/libp2p/go-libp2p-interface-pnet/ipnet.Protector interface. It protects a network by only allowing whitelisted peers to connect once the bootstrap phase is complete. During the bootstrap phase, it accepts all requests.

func (*PrivateNetworkWithBootstrap) AllowedAddrs 

func (p *PrivateNetworkWithBootstrap) AllowedAddrs(ctx context.Context) []multiaddr.Multiaddr

AllowedAddrs returns the list of whitelisted addresses.

func (*PrivateNetworkWithBootstrap) AllowedPeers 

func (p *PrivateNetworkWithBootstrap) AllowedPeers(ctx context.Context) []peer.ID

AllowedPeers returns the list of whitelisted peers.

func (*PrivateNetworkWithBootstrap) Fingerprint 

func (p *PrivateNetworkWithBootstrap) Fingerprint() []byte

Fingerprint returns a hash of the participants list.

func (*PrivateNetworkWithBootstrap) ListenForUpdates 

func (p *PrivateNetworkWithBootstrap) ListenForUpdates(updateChan <-chan NetworkUpdate)

ListenForUpdates listens for network updates. This is a blocking call that should be made in a dedicated go routine. Closing the channel will stop the listener.

func (*PrivateNetworkWithBootstrap) Protect 

func (p *PrivateNetworkWithBootstrap) Protect(conn net.Conn) (net.Conn, error)

Protect accepts all connections until the bootstrap channel is notified. Then it switches to private network mode.

func (*PrivateNetworkWithBootstrap) SetNetworkState 

func (p *PrivateNetworkWithBootstrap) SetNetworkState(_ context.Context, networkState pb.NetworkState) error

SetNetworkState sets the network state. The protector adapts to the network state, so this method should be called when it changes.

type ProtectUpdater 

type ProtectUpdater struct {
	NetworkConfig
	// contains filtered or unexported fields
}

ProtectUpdater wraps a NetworkConfig implementation and updates a protector when the configuration changes.

func (*ProtectUpdater) AddPeer 

func (c *ProtectUpdater) AddPeer(ctx context.Context, peerID peer.ID, addrs []multiaddr.Multiaddr) error

AddPeer adds a peer to the network configuration and updates the protector and peer store.

func (*ProtectUpdater) RemovePeer 

func (c *ProtectUpdater) RemovePeer(ctx context.Context, peerID peer.ID) error

RemovePeer removes a peer from the network configuration and updates the protector.

func (*ProtectUpdater) Reset 

func (c *ProtectUpdater) Reset(ctx context.Context, networkConfig *pb.NetworkConfig) error

Reset clears the current configuration and applies the given one. It assumes that the incoming configuration signature has been validated. It updates the protector accordingly.

func (*ProtectUpdater) SetNetworkState 

func (c *ProtectUpdater) SetNetworkState(ctx context.Context, networkState pb.NetworkState) error

SetNetworkState sets the current state of the network protection and updates the protector if it's interested in state changes.

type Protector 

type Protector interface {
	ipnet.Protector

	// ListenForUpdates listens for network updates.
	// This is a blocking call that should be made in a dedicated go routine.
	// Closing the channel will stop the listener.
	ListenForUpdates(<-chan NetworkUpdate)

	// AllowedAddrs returns the list of whitelisted addresses.
	AllowedAddrs(context.Context) []multiaddr.Multiaddr

	// AllowedPeers returns the list of whitelisted peers.
	AllowedPeers(context.Context) []peer.ID
}

Protector protects a network against non-whitelisted peers.

func NewPrivateNetwork 

func NewPrivateNetwork(peerStore peerstore.Peerstore) Protector

NewPrivateNetwork creates a protector for private networks. It needs the PeerStore used by all network connections. It is not the responsibility of this protector to add whitelisted peers to the PeerStore, that needs to be done by another component for the end-to-end flow to work properly.

func NewPrivateNetworkWithBootstrap 

func NewPrivateNetworkWithBootstrap(peerStore peerstore.Peerstore) Protector

NewPrivateNetworkWithBootstrap creates a protector for private networks supporting an open bootstrapping phase. The protector accepts all connections during the bootstrap phase. Once the network state changes and ends the bootstrap phase, the protector starts rejecting every non-white-listed request.

type StateAwareProtector 

type StateAwareProtector interface {
	Protector
	NetworkStateWriter
}

StateAwareProtector protects a network depending on its state.

Source Files

View all Source files

Directories

Path Synopsis
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.