Allows nodes in a network to not strictly prefer older peers. This
helps break up impenetrable cliques in small, stable networks (private
networks often fit this description). We generate a random mask for the
lifetime of the process and use that to xor against the nodeId of a
potential peer. The desired behavior of the network is that some of the
nodes will allow the new peer to make an inbound connection but that
peer can't try to farm a nodeId that would make prioritize it over all
other peers in a guaranteed fashion.
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
This PR add the support to DNS. By default Besu refuses the use of a DNS but it is possible to use it by adding the following flag --Xdns-enabled=true. Adding this flag will resolve the hostname when starting besu and then it won't change
If there is a need for a more dynamic update (eg for permissioning) add also this flag --Xdns-update-enabled = true ( this will query the DNS every time. So you must trust the DNS on which you are looking for the IP)
Signed-off-by: Karim TAAM <karim.t2am@gmail.com>
handle peerAdded on admin_addPeer to add the peer to the PeerTable
handle peerRemoved on admin_removePeer to remove the peer from the PeerTable
Signed-off-by: Alexandre PARIS-VERGNE <alexpv14@gmail.com>
* add hive test
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* garbage endpoint in peerdisccontrollertest
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* rlp deserialization test
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* make things work with optional
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* PeerDiscoveryPacketPcapSedesTest changes from Optional getFrom
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* rlp deserialization test
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* allow empty from field in ping
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* comment
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* logging
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* cleanup rebase
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* scaffolding
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* pass hive
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* remove some stuff
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* comment
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* leave list properly
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* spotless
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* rename port -> udpPort
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* move comment
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* fix documentation bug
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* remove redundant supression
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* more accurate tests
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* empty commit to trigger build
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
* #1066 Switched to use unprefixed hex strings for memory and stack values
Signed-off-by: David Mechler <david.mechler@consensys.net>
* Disable flaky tests per Ben Burns(Yeti) request
Signed-off-by: David Mechler <david.mechler@consensys.net>
* Revert last commit and enable ignored tests.
Signed-off-by: David Mechler <david.mechler@consensys.net>
* #1157 - updated to create 2 agents so that proper bonding can occur
Signed-off-by: David Mechler <david.mechler@consensys.net>
* #1162 - Updated test to mock the local peer PING packet creation so that the hash can be managed.
Signed-off-by: David Mechler <david.mechler@consensys.net>
* Add check for spoofed IP in ping message
* Add logging message when ping request is rejected.
Signed-off-by: David Mechler <david.mechler@consensys.net>
Upgrade to ErrorProne 2.4.0
* public constructors on abstract classes are removed
* Javadoc must have meaningfull documentation
* lambdas should not be variables
* Added to the list of confusing inner class names (Entry and Type)
* no assert keyword in tests
* Obsolete JDK classes produce errors now
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
* replace whitelist/blacklist with allowlist/denylist and support both versions in CLI options
Signed-off-by: Sally MacFarlane <sally.macfarlane@consensys.net>
DevP2P packets expiration fields should be in seconds past the epoch,
not milliseconds past the epoch.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Don't respond to neighbors and ping packets that have an expiration
prior to the system's current time.
Addresses two tests in #975
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Increase Netty threadpool size for handshake handling
It was found that all ECIES handhshaking is taking place in
an NioEventLoop of being serviced by one worker.
This in turn meant that, during periods of high demand,
many potential peers were timing out (as the latter peers
had to wait for earlier peers to complete prior to
being serviced).
This change grows the threadpool to 10 (arbitrarily selected),
which minimises the number of peers waiting for connectivity.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
Co-authored-by: Jason Frame <jasonwframe@gmail.com>
IbftRound has been updated to accept Signing errors (eg no signature supplier available) and
continue operating if possible.
This also catches failures in signing and ECDH Key agreement
creation during discovery and handshaking.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
Some of our loggers were not private, static, and final. In a few
cases these were non-static fields in classes that were repeatedly
instantiated in core transaction logic.
This is enforced via a new ErrorProne check, so the PR includes fixes
for all of the places this was a problem, not just the performance
impacting code.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
This change allows the newly defined "SecurityModule" to work against a generic API, while the NodeKey interface adapts these generic types to the types already used throughout Besu (i.e. those defined in Secp256k1).
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
Update BesuController to use the NodeKey, rather than working with KeyPair - which in turn allows the crypto operations to be injected.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
It was identified that during the creation of injectable crypto, that the NodeKey effectively offered duplicated functionality between ECDH and ECIES key agreements. The ECIES was superfluous and has been removed.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
Update the Handhshaking classes to use an injected NodeKey object for ECIES encryption.
This has necessitated an update of NodeKey to support the creation of Key and ECIES agreement creation.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
The NodeKey class is now used through the Discovery protocol (as well as the IBFT2).
However RLPx continues to access the node's keyPair (and underlying private key).
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
This PR introduces functionality to conform with ECIP-1061
https://ecips.ethereumclassic.org/ECIPs/ecip-1061
Signed-off-by: edwardmack <ed@edwardmack.com>
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Co-authored-by: Danno Ferrin <danno.ferrin@shemnon.com>
Removes as many Gradle 7.0 compatibility issues as possible
* `baseName` -> `archiveBaseName`
* `extension` -> `archiveExtension`
* `destinationDir` -> `destinationDirectory`
* `runtime` -> `runtimeOnly`
* Change some log4j-api and log4j-core dependencies
* Remove an unneeded and outdated plugin (`net.ltgt.apt`)
* tweak the plugin-api change detector's property annotations.
Warnings still exist with one external plugin used for license file
checking that we do not control the source code for.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
This was turned off a number of months ago because of long build times.
However it appears either because of code structure changes or fixed
errorprone that this finishes in a reasonable time now.
Code that violated this check is also fixed.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Update dependencies to most current version
- except picocli which is a major version update
Alphabetize dependencies
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
There are a whole class of errors in the deframer that come from
IllegalArgumentExceptions. Those are thrown when Besu validates incoming
data. Because Besu is not the source of these errors we should not log
them any higher than DEBUG.
The most common one is `Caused by: java.lang.IllegalArgumentException:
Invalid node id. Expected id of length: 64 bytes.` and this is coming
from a non-conforming client connecting to Besu.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
(a) Setting classic block to zero requires all blocks at zero to have the mainnet 1920000 hash. That will never happen. No clients will sync as long as this is in place
(b) a full sync fails
```
2019-11-18 10:46:51.301-07:00 | EthScheduler-Services-5 (importBlock) | WARN | MainnetBlockBodyValidator | Invalid block: state root mismatch (expected=0xb8df31366db4c4dd0076bc0ddaffdeceba6c882681108cc000db9bc5f85c300c, actual=0xf4344e62f031897ff61f9e02a465b3d13f983220f52f1e452690448dc366a2ee)
```
Probably a bug in besu code, but until that bug is sussed out we can't support mordor.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
This includes code to address reading config for classic network and
kotti test network.
ClassicForkPeerValidator checks peers at classicForkBlock (same as Dao
Fork Block) and connects with peers that did not do the Dao Fork and
continued on the classic network.
Signed-off-by: edwardmack <ed@edwardmack.com>
When setting the p2p port to zero and turning on UPNP nat an attempt is
made to map port zero. This should actually map the opened port
instead.
The core logic is also now set up to throw an exception if a zero local
port is requested.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>