p2p/discover: apply enr filtering in discovery phase, fix minor logic in doRevalidate (#480)

* p2p/discover: implement ENR node filtering (#1320)

* p2p/discovery: add filter ENR counter metrics

* p2p/discover: avoid adding node to table when ENR failed request

* Limit number of goroutines for addSeenNode and addVerifiedNode for avoiding DDOS

* closeWorkerTask Chan before closing table

---------

Co-authored-by: Matus Kysel <[email protected]>

Author: huyngopt1994

cmd/bootnode/main.go

@@ -35,19 +35,21 @@ import (
 
 func main() {
 	var (
-		listenAddr  = flag.String("addr", ":30301", "listen address")
-		genKey      = flag.String("genkey", "", "generate a node key")
-		writeAddr   = flag.Bool("writeaddress", false, "write out the node's public key and quit")
-		nodeKeyFile = flag.String("nodekey", "", "private key filename")
-		nodeKeyHex  = flag.String("nodekeyhex", "", "private key as hex (for testing)")
-		natdesc     = flag.String("nat", "none", "port mapping mechanism (any|none|upnp|pmp|extip:<IP>)")
-		netrestrict = flag.String("netrestrict", "", "restrict network communication to the given IP networks (CIDR masks)")
-		runv5       = flag.Bool("v5", false, "run a v5 topic discovery bootnode")
-		verbosity   = flag.Int("verbosity", int(log.LvlInfo), "log verbosity (0-5)")
-		vmodule     = flag.String("vmodule", "", "log verbosity pattern")
-
-		nodeKey *ecdsa.PrivateKey
-		err     error
+		listenAddr    = flag.String("addr", ":30301", "listen address")
+		genKey        = flag.String("genkey", "", "generate a node key")
+		writeAddr     = flag.Bool("writeaddress", false, "write out the node's public key and quit")
+		nodeKeyFile   = flag.String("nodekey", "", "private key filename")
+		nodeKeyHex    = flag.String("nodekeyhex", "", "private key as hex (for testing)")
+		natdesc       = flag.String("nat", "none", "port mapping mechanism (any|none|upnp|pmp|extip:<IP>)")
+		netrestrict   = flag.String("netrestrict", "", "restrict network communication to the given IP networks (CIDR masks)")
+		runv5         = flag.Bool("v5", false, "run a v5 topic discovery bootnode")
+		verbosity     = flag.Int("verbosity", int(log.LvlInfo), "log verbosity (0-5)")
+		vmodule       = flag.String("vmodule", "", "log verbosity pattern")
+		networkFilter = flag.String("network", "", "<ronin-mainnet/ronin-testnet> filters nodes by eth ENR entry")
+
+		nodeKey        *ecdsa.PrivateKey
+		filterFunction discover.NodeFilterFunc
+		err            error
 	)
 	flag.Parse()
 
@@ -86,6 +88,12 @@ func main() {
 		}
 	}
 
+	if *networkFilter != "" {
+		if filterFunction, err = discover.ParseEthFilter(*networkFilter); err != nil {
+			utils.Fatalf("-network: %v", err)
+		}
+	}
+
 	if *writeAddr {
 		fmt.Printf("%x\n", crypto.FromECDSAPub(&nodeKey.PublicKey)[1:])
 		os.Exit(0)
@@ -123,8 +131,9 @@ func main() {
 	db, _ := enode.OpenDB("")
 	ln := enode.NewLocalNode(db, nodeKey)
 	cfg := discover.Config{
-		PrivateKey:  nodeKey,
-		NetRestrict: restrictList,
+		PrivateKey:     nodeKey,
+		NetRestrict:    restrictList,
+		FilterFunction: filterFunction,
 	}
 	if *runv5 {
 		if _, err := discover.ListenV5(conn, ln, cfg); err != nil {

eth/backend.go

@@ -639,6 +639,7 @@ func (s *Ethereum) Protocols() []p2p.Protocol {
 // Start implements node.Lifecycle, starting all internal goroutines needed by the
 // Ethereum protocol implementation.
 func (s *Ethereum) Start() error {
+	eth.StartENRFilter(s.blockchain, s.p2pServer)
 	eth.StartENRUpdater(s.blockchain, s.p2pServer.LocalNode())
 
 	// Start the bloom bits servicing goroutines

eth/protocols/eth/discovery.go

@@ -19,6 +19,7 @@ package eth
 import (
 	"github.com/ethereum/go-ethereum/core"
 	"github.com/ethereum/go-ethereum/core/forkid"
+	"github.com/ethereum/go-ethereum/p2p"
 	"github.com/ethereum/go-ethereum/p2p/enode"
 	"github.com/ethereum/go-ethereum/rlp"
 )
@@ -57,6 +58,11 @@ func StartENRUpdater(chain *core.BlockChain, ln *enode.LocalNode) {
 	}()
 }
 
+func StartENRFilter(chain *core.BlockChain, p2p *p2p.Server) {
+	forkFilter := forkid.NewFilter(chain)
+	p2p.SetFilter(forkFilter)
+}
+
 // currentENREntry constructs an `eth` ENR entry based on the current state of the chain.
 func currentENREntry(chain *core.BlockChain) *enrEntry {
 	return &enrEntry{

p2p/discover/common.go

@@ -18,13 +18,17 @@ package discover
 
 import (
 	"crypto/ecdsa"
+	"fmt"
 	"net"
 
 	"github.com/ethereum/go-ethereum/common/mclock"
+	"github.com/ethereum/go-ethereum/core/forkid"
 	"github.com/ethereum/go-ethereum/log"
 	"github.com/ethereum/go-ethereum/p2p/enode"
 	"github.com/ethereum/go-ethereum/p2p/enr"
 	"github.com/ethereum/go-ethereum/p2p/netutil"
+	"github.com/ethereum/go-ethereum/params"
+	"github.com/ethereum/go-ethereum/rlp"
 )
 
 // UDPConn is a network connection on which discovery can operate.
@@ -35,18 +39,45 @@ type UDPConn interface {
 	LocalAddr() net.Addr
 }
 
+type NodeFilterFunc func(*enr.Record) bool
+
+func ParseEthFilter(chain string) (NodeFilterFunc, error) {
+	var filter forkid.Filter
+	switch chain {
+	case "ronin-mainnet":
+		filter = forkid.NewStaticFilter(params.RoninMainnetChainConfig, params.RoninMainnetGenesisHash)
+	case "ronin-testnet":
+		filter = forkid.NewStaticFilter(params.RoninTestnetChainConfig, params.RoninTestnetGenesisHash)
+	default:
+		return nil, fmt.Errorf("unknown network %q", chain)
+	}
+
+	f := func(r *enr.Record) bool {
+		var eth struct {
+			ForkID forkid.ID
+			Tail   []rlp.RawValue `rlp:"tail"`
+		}
+		if r.Load(enr.WithEntry("eth", &eth)) != nil {
+			return false
+		}
+		return filter(eth.ForkID) == nil
+	}
+	return f, nil
+}
+
 // Config holds settings for the discovery listener.
 type Config struct {
 	// These settings are required and configure the UDP listener:
 	PrivateKey *ecdsa.PrivateKey
 
 	// These settings are optional:
-	NetRestrict  *netutil.Netlist   // list of allowed IP networks
-	Bootnodes    []*enode.Node      // list of bootstrap nodes
-	Unhandled    chan<- ReadPacket  // unhandled packets are sent on this channel
-	Log          log.Logger         // if set, log messages go here
-	ValidSchemes enr.IdentityScheme // allowed identity schemes
-	Clock        mclock.Clock
+	NetRestrict    *netutil.Netlist   // list of allowed IP networks
+	Bootnodes      []*enode.Node      // list of bootstrap nodes
+	Unhandled      chan<- ReadPacket  // unhandled packets are sent on this channel
+	Log            log.Logger         // if set, log messages go here
+	ValidSchemes   enr.IdentityScheme // allowed identity schemes
+	Clock          mclock.Clock
+	FilterFunction NodeFilterFunc // function for filtering ENR entries
 }
 
 func (cfg Config) withDefaults() Config {

p2p/discover/metrics.go

@@ -30,12 +30,17 @@ const (
 
 	// egressMeterName is the prefix of the per-packet outbound metrics.
 	egressMeterName = moduleName + "/egress"
+
+	// filterENRName is the prefix of the per-packet filter ENR metrics.
+	filterEnrName = moduleName + "/filter/enr"
 )
 
 var (
-	bucketsCounter      []metrics.Counter
-	ingressTrafficMeter = metrics.NewRegisteredMeter(ingressMeterName, nil)
-	egressTrafficMeter  = metrics.NewRegisteredMeter(egressMeterName, nil)
+	bucketsCounter          []metrics.Counter
+	ingressTrafficMeter     = metrics.NewRegisteredMeter(ingressMeterName, nil)
+	egressTrafficMeter      = metrics.NewRegisteredMeter(egressMeterName, nil)
+	filterEnrTotalCounter   = metrics.NewRegisteredCounter(fmt.Sprintf("%s/total", filterEnrName), nil)
+	filterEnrSuccessCounter = metrics.NewRegisteredCounter(fmt.Sprintf("%s/success", filterEnrName), nil)
 )
 
 func init() {