標籤:because trie 異常 oid handle default 數字 refresh 簡單
ping方法與pending的處理,之前談到了pending是等待一個reply。 這裡通過代碼來分析是如何?等待reply的。
pending方法把pending結構體發送給addpending. 然後等待訊息的處理和接收。
// ping sends a ping message to the given node and waits for a reply.func (t *udp) ping(toid NodeID, toaddr *net.UDPAddr) error { // TODO: maybe check for ReplyTo field in callback to measure RTT errc := t.pending(toid, pongPacket, func(interface{}) bool { return true }) t.send(toaddr, pingPacket, &ping{ Version: Version, From: t.ourEndpoint, To: makeEndpoint(toaddr, 0), // TODO: maybe use known TCP port from DB Expiration: uint64(time.Now().Add(expiration).Unix()), }) return <-errc}// pending adds a reply callback to the pending reply queue.// see the documentation of type pending for a detailed explanation.func (t *udp) pending(id NodeID, ptype byte, callback func(interface{}) bool) <-chan error { ch := make(chan error, 1) p := &pending{from: id, ptype: ptype, callback: callback, errc: ch} select { case t.addpending <- p: // loop will handle it case <-t.closing: ch <- errClosed } return ch}
addpending訊息的處理。 之前建立udp的時候調用了newUDP方法。裡面啟動了兩個goroutine。 其中的loop()就是用來處理pending訊息的。
// loop runs in its own goroutine. it keeps track of// the refresh timer and the pending reply queue.func (t *udp) loop() { var ( plist = list.New() timeout = time.NewTimer(0) nextTimeout *pending // head of plist when timeout was last reset contTimeouts = 0 // number of continuous timeouts to do NTP checks ntpWarnTime = time.Unix(0, 0) ) <-timeout.C // ignore first timeout defer timeout.Stop() resetTimeout := func() { //這個方法的主要功能是查看隊列裡面是否有需要逾時的pending訊息。 如果有。那麼 //根據最先逾時的時間設定逾時醒來。 if plist.Front() == nil || nextTimeout == plist.Front().Value { return } // Start the timer so it fires when the next pending reply has expired. now := time.Now() for el := plist.Front(); el != nil; el = el.Next() { nextTimeout = el.Value.(*pending) if dist := nextTimeout.deadline.Sub(now); dist < 2*respTimeout { timeout.Reset(dist) return } // Remove pending replies whose deadline is too far in the // future. These can occur if the system clock jumped // backwards after the deadline was assigned. //如果有訊息的deadline在很遠的未來,那麼直接設定逾時,然後移除。 //這種情況在修改系統時間的時候有可能發生,如果不處理可能導致堵塞太長時間。 nextTimeout.errc <- errClockWarp plist.Remove(el) } nextTimeout = nil timeout.Stop() } for { resetTimeout() //首先處理逾時。 select { case <-t.closing: //收到關閉資訊。 逾時所有的堵塞的隊列 for el := plist.Front(); el != nil; el = el.Next() { el.Value.(*pending).errc <- errClosed } return case p := <-t.addpending: //增加一個pending 設定deadline p.deadline = time.Now().Add(respTimeout) plist.PushBack(p) case r := <-t.gotreply: //收到一個reply 尋找匹配的pending var matched bool for el := plist.Front(); el != nil; el = el.Next() { p := el.Value.(*pending) if p.from == r.from && p.ptype == r.ptype { //如果來自同一個人。 而且類型相同 matched = true // Remove the matcher if its callback indicates // that all replies have been received. This is // required for packet types that expect multiple // reply packets. if p.callback(r.data) { //如果callback傳回值是true 。說明pending已經完成。 給p.errc寫入nil。 pending完成。 p.errc <- nil plist.Remove(el) } // Reset the continuous timeout counter (time drift detection) contTimeouts = 0 } } r.matched <- matched //寫入reply的matched case now := <-timeout.C: //處理逾時資訊 nextTimeout = nil // Notify and remove callbacks whose deadline is in the past. for el := plist.Front(); el != nil; el = el.Next() { p := el.Value.(*pending) if now.After(p.deadline) || now.Equal(p.deadline) { //如果逾時寫入逾時資訊並移除 p.errc <- errTimeout plist.Remove(el) contTimeouts++ } } // If we‘ve accumulated too many timeouts, do an NTP time sync check if contTimeouts > ntpFailureThreshold { //如果連續逾時很多次。 那麼查看是否是時間不同步。 和NTP伺服器進行同步。 if time.Since(ntpWarnTime) >= ntpWarningCooldown { ntpWarnTime = time.Now() go checkClockDrift() } contTimeouts = 0 } } }}
上面看到了pending的處理。 不過loop()方法種還有一個gotreply的處理。 這個實在readLoop()這個goroutine中產生的。
// readLoop runs in its own goroutine. it handles incoming UDP packets.func (t *udp) readLoop() { defer t.conn.Close() // Discovery packets are defined to be no larger than 1280 bytes. // Packets larger than this size will be cut at the end and treated // as invalid because their hash won‘t match. buf := make([]byte, 1280) for { nbytes, from, err := t.conn.ReadFromUDP(buf) if netutil.IsTemporaryError(err) { // Ignore temporary read errors. log.Debug("Temporary UDP read error", "err", err) continue } else if err != nil { // Shut down the loop for permament errors. log.Debug("UDP read error", "err", err) return } t.handlePacket(from, buf[:nbytes]) }}func (t *udp) handlePacket(from *net.UDPAddr, buf []byte) error { packet, fromID, hash, err := decodePacket(buf) if err != nil { log.Debug("Bad discv4 packet", "addr", from, "err", err) return err } err = packet.handle(t, from, fromID, hash) log.Trace("<< "+packet.name(), "addr", from, "err", err) return err}func (req *ping) handle(t *udp, from *net.UDPAddr, fromID NodeID, mac []byte) error { if expired(req.Expiration) { return errExpired } t.send(from, pongPacket, &pong{ To: makeEndpoint(from, req.From.TCP), ReplyTok: mac, Expiration: uint64(time.Now().Add(expiration).Unix()), }) if !t.handleReply(fromID, pingPacket, req) { // Note: we‘re ignoring the provided IP address right now go t.bond(true, fromID, from, req.From.TCP) } return nil}func (t *udp) handleReply(from NodeID, ptype byte, req packet) bool { matched := make(chan bool, 1) select { case t.gotreply <- reply{from, ptype, req, matched}: // loop will handle it return <-matched case <-t.closing: return false }}
上面介紹了udp的大致處理的流程。 下面介紹下udp的主要處理的業務。 udp主要發送兩種請求,對應的也會接收別人發送的這兩種請求, 對應這兩種請求又會產生兩種回應。
ping請求,可以看到ping請求希望得到一個pong回答。 然後返回。
// ping sends a ping message to the given node and waits for a reply.func (t *udp) ping(toid NodeID, toaddr *net.UDPAddr) error { // TODO: maybe check for ReplyTo field in callback to measure RTT errc := t.pending(toid, pongPacket, func(interface{}) bool { return true }) t.send(toaddr, pingPacket, &ping{ Version: Version, From: t.ourEndpoint, To: makeEndpoint(toaddr, 0), // TODO: maybe use known TCP port from DB Expiration: uint64(time.Now().Add(expiration).Unix()), }) return <-errc}
pong回答,如果pong回答沒有匹配到一個對應的ping請求。那麼返回errUnsolicitedReply異常。
func (req *pong) handle(t *udp, from *net.UDPAddr, fromID NodeID, mac []byte) error { if expired(req.Expiration) { return errExpired } if !t.handleReply(fromID, pongPacket, req) { return errUnsolicitedReply } return nil}
findnode請求, 發送findnode請求,然後等待node回應 k個鄰居。
// findnode sends a findnode request to the given node and waits until// the node has sent up to k neighbors.func (t *udp) findnode(toid NodeID, toaddr *net.UDPAddr, target NodeID) ([]*Node, error) { nodes := make([]*Node, 0, bucketSize) nreceived := 0 errc := t.pending(toid, neighborsPacket, func(r interface{}) bool { reply := r.(*neighbors) for _, rn := range reply.Nodes { nreceived++ n, err := t.nodeFromRPC(toaddr, rn) if err != nil { log.Trace("Invalid neighbor node received", "ip", rn.IP, "addr", toaddr, "err", err) continue } nodes = append(nodes, n) } return nreceived >= bucketSize }) t.send(toaddr, findnodePacket, &findnode{ Target: target, Expiration: uint64(time.Now().Add(expiration).Unix()), }) err := <-errc return nodes, err}
neighbors回應, 很簡單。 把回應發送給gotreply隊列。 如果沒有找到匹配的findnode請求。返回errUnsolicitedReply錯誤
func (req *neighbors) handle(t *udp, from *net.UDPAddr, fromID NodeID, mac []byte) error { if expired(req.Expiration) { return errExpired } if !t.handleReply(fromID, neighborsPacket, req) { return errUnsolicitedReply } return nil}
收到別的節點發送的ping請求,發送pong回答。 如果沒有匹配上一個pending(說明不是自己方請求的結果)。 就調用bond方法把這個節點加入自己的bucket緩衝。(這部分原理在table.go裡面會詳細介紹)
func (req *ping) handle(t *udp, from *net.UDPAddr, fromID NodeID, mac []byte) error { if expired(req.Expiration) { return errExpired } t.send(from, pongPacket, &pong{ To: makeEndpoint(from, req.From.TCP), ReplyTok: mac, Expiration: uint64(time.Now().Add(expiration).Unix()), }) if !t.handleReply(fromID, pingPacket, req) { // Note: we‘re ignoring the provided IP address right now go t.bond(true, fromID, from, req.From.TCP) } return nil}
收到別人發送的findnode請求。這個請求希望把和target距離相近的k個節點發送回去。 演算法的詳細請參考references目錄下面的pdf文檔。
func (req *findnode) handle(t *udp, from *net.UDPAddr, fromID NodeID, mac []byte) error { if expired(req.Expiration) { return errExpired } if t.db.node(fromID) == nil { // No bond exists, we don‘t process the packet. This prevents // an attack vector where the discovery protocol could be used // to amplify traffic in a DDOS attack. A malicious actor // would send a findnode request with the IP address and UDP // port of the target as the source address. The recipient of // the findnode packet would then send a neighbors packet // (which is a much bigger packet than findnode) to the victim. return errUnknownNode } target := crypto.Keccak256Hash(req.Target[:]) t.mutex.Lock() //擷取bucketSize個和target距離相近的節點。 這個方法在table.go內部實現。後續會詳細介紹 closest := t.closest(target, bucketSize).entries t.mutex.Unlock() p := neighbors{Expiration: uint64(time.Now().Add(expiration).Unix())} // Send neighbors in chunks with at most maxNeighbors per packet // to stay below the 1280 byte limit. for i, n := range closest { if netutil.CheckRelayIP(from.IP, n.IP) != nil { continue } p.Nodes = append(p.Nodes, nodeToRPC(n)) if len(p.Nodes) == maxNeighbors || i == len(closest)-1 { t.send(from, neighborsPacket, &p) p.Nodes = p.Nodes[:0] } } return nil}
udp資訊加密和安全問題
discover協議因為沒有承載什麼敏感性資料,所以資料是以明文傳輸,但是為了確保資料的完整性和不被篡改,所以在資料包的包頭加上了數位簽章。
func encodePacket(priv *ecdsa.PrivateKey, ptype byte, req interface{}) ([]byte, error) { b := new(bytes.Buffer) b.Write(headSpace) b.WriteByte(ptype) if err := rlp.Encode(b, req); err != nil { log.Error("Can‘t encode discv4 packet", "err", err) return nil, err } packet := b.Bytes() sig, err := crypto.Sign(crypto.Keccak256(packet[headSize:]), priv) if err != nil { log.Error("Can‘t sign discv4 packet", "err", err) return nil, err } copy(packet[macSize:], sig) // add the hash to the front. Note: this doesn‘t protect the // packet in any way. Our public key will be part of this hash in // The future. copy(packet, crypto.Keccak256(packet[macSize:])) return packet, nil}func decodePacket(buf []byte) (packet, NodeID, []byte, error) { if len(buf) < headSize+1 { return nil, NodeID{}, nil, errPacketTooSmall } hash, sig, sigdata := buf[:macSize], buf[macSize:headSize], buf[headSize:] shouldhash := crypto.Keccak256(buf[macSize:]) if !bytes.Equal(hash, shouldhash) { return nil, NodeID{}, nil, errBadHash } fromID, err := recoverNodeID(crypto.Keccak256(buf[headSize:]), sig) if err != nil { return nil, NodeID{}, hash, err } var req packet switch ptype := sigdata[0]; ptype { case pingPacket: req = new(ping) case pongPacket: req = new(pong) case findnodePacket: req = new(findnode) case neighborsPacket: req = new(neighbors) default: return nil, fromID, hash, fmt.Errorf("unknown type: %d", ptype) } s := rlp.NewStream(bytes.NewReader(sigdata[1:]), 0) err = s.Decode(req) return req, fromID, hash, err}
兄弟連區塊鏈入門教程eth源碼分析p2p-udp.go源碼分析(二)