diff --git a/docs/introduction/howto.rst b/docs/introduction/howto.rst index f6f386f40..1bbae3fa2 100644 --- a/docs/introduction/howto.rst +++ b/docs/introduction/howto.rst @@ -338,10 +338,14 @@ writing your own configuration file if needed. "bootstrap-peers": ["::1:10732", "::ffff:192.168.1.3:9733", "mynode.tezos.com"], - /* Specify if the network is closed or not. A closed network - allows only peers listed in "bootstrap-peers". */ + /* Specify if the node is in private mode or not. A node in + private mode only opens outgoing connections to peers whose + addresses are in [trusted_peers] and only accepts incoming + connections from trusted peers. In addition, it informs these + peers that the identity of the node should not be revealed to + the rest of the network. */ - "closed": false, + "private-mode": false, /* Network limits */ diff --git a/src/bin_node/node_config_file.ml b/src/bin_node/node_config_file.ml index a8aedc750..2f6914e5c 100644 --- a/src/bin_node/node_config_file.ml +++ b/src/bin_node/node_config_file.ml @@ -29,7 +29,7 @@ and p2p = { expected_pow : float ; bootstrap_peers : string list ; listen_addr : string option ; - closed : bool ; + private_mode : bool ; limits : P2p.limits ; disable_mempool : bool ; } @@ -89,7 +89,7 @@ let default_p2p = { expected_pow = 24. ; bootstrap_peers = ["bootstrap.tezos.com"] ; listen_addr = Some ("[::]:" ^ string_of_int default_p2p_port) ; - closed = false ; + private_mode = false ; limits = default_p2p_limits ; disable_mempool = false ; } @@ -276,13 +276,13 @@ let p2p = let open Data_encoding in conv (fun { expected_pow ; bootstrap_peers ; - listen_addr ; closed ; limits ; disable_mempool } -> + listen_addr ; private_mode ; limits ; disable_mempool } -> ( expected_pow, bootstrap_peers, - listen_addr, closed, limits, disable_mempool )) + listen_addr, private_mode, limits, disable_mempool )) (fun ( expected_pow, bootstrap_peers, - listen_addr, closed, limits, disable_mempool ) -> + listen_addr, private_mode, limits, disable_mempool ) -> { expected_pow ; bootstrap_peers ; - listen_addr ; closed ; limits ; disable_mempool }) + listen_addr ; private_mode ; limits ; disable_mempool }) (obj6 (dft "expected-proof-of-work" ~description: "Floating point number between 0 and 256 that represents a \ @@ -298,9 +298,15 @@ let p2p = specified, the default port 8732 will be \ assumed." string) - (dft "closed" - ~description: "Specify if the network is closed or not. A closed network allows \ - only peers listed in 'bootstrap-peers'." + (dft "private-mode" + ~description: "Specify if the node is in private mode or \ + not. A node in private mode rejects incoming \ + connections from untrusted peers and only \ + opens outgoing connections to peers listed in \ + 'bootstrap-peers' or provided with '--peer' \ + option. Moreover, these peers will keep the \ + identity and the address of the private node \ + secret." bool false) (dft "limits" ~description: "Network limits" @@ -574,7 +580,7 @@ let update ?bootstrap_peers ?listen_addr ?rpc_listen_addr - ?(closed = false) + ?(private_mode = false) ?(disable_mempool = false) ?(cors_origins = []) ?(cors_headers = []) @@ -624,7 +630,7 @@ let update Option.unopt ~default:cfg.p2p.bootstrap_peers bootstrap_peers ; listen_addr = Option.first_some listen_addr cfg.p2p.listen_addr ; - closed = cfg.p2p.closed || closed ; + private_mode = cfg.p2p.private_mode || private_mode ; limits ; disable_mempool = cfg.p2p.disable_mempool || disable_mempool ; } diff --git a/src/bin_node/node_config_file.mli b/src/bin_node/node_config_file.mli index 3553b5a55..8f4e3e902 100644 --- a/src/bin_node/node_config_file.mli +++ b/src/bin_node/node_config_file.mli @@ -19,7 +19,7 @@ and p2p = { expected_pow : float ; bootstrap_peers : string list ; listen_addr : string option ; - closed : bool ; + private_mode : bool ; limits : P2p.limits ; disable_mempool : bool ; } @@ -69,7 +69,7 @@ val update: ?bootstrap_peers:string list -> ?listen_addr:string -> ?rpc_listen_addr:string -> - ?closed:bool -> + ?private_mode:bool -> ?disable_mempool:bool -> ?cors_origins:string list -> ?cors_headers:string list -> diff --git a/src/bin_node/node_run_command.ml b/src/bin_node/node_run_command.ml index cea7924c7..349555804 100644 --- a/src/bin_node/node_run_command.ml +++ b/src/bin_node/node_run_command.ml @@ -165,7 +165,7 @@ let init_node ?sandbox (config : Node_config_file.t) = trusted_points ; peers_file = (config.data_dir // "peers.json") ; - closed_network = config.p2p.closed ; + private_mode = config.p2p.private_mode ; identity ; proof_of_work_target = Crypto_box.make_target config.p2p.expected_pow ; diff --git a/src/bin_node/node_shared_arg.ml b/src/bin_node/node_shared_arg.ml index 5e0a095ba..aa98ddda3 100644 --- a/src/bin_node/node_shared_arg.ml +++ b/src/bin_node/node_shared_arg.ml @@ -27,7 +27,7 @@ type t = { no_bootstrap_peers: bool ; listen_addr: string option ; rpc_listen_addr: string option ; - closed: bool ; + private_mode: bool ; disable_mempool: bool ; cors_origins: string list ; cors_headers: string list ; @@ -40,7 +40,7 @@ let wrap data_dir config_file connections max_download_speed max_upload_speed binary_chunks_size peer_table_size - listen_addr peers no_bootstrap_peers bootstrap_threshold closed disable_mempool + listen_addr peers no_bootstrap_peers bootstrap_threshold private_mode disable_mempool expected_pow rpc_listen_addr rpc_tls cors_origins cors_headers log_output = @@ -80,7 +80,7 @@ let wrap no_bootstrap_peers ; listen_addr ; rpc_listen_addr ; - closed ; + private_mode ; disable_mempool ; cors_origins ; cors_headers ; @@ -209,10 +209,11 @@ module Term = struct Arg.(value & opt (some float) None & info ~docs ~doc ~docv:"FLOAT" ["expected-pow"]) - let closed = + let private_mode = let doc = - "Only accept connections from the configured bootstrap peers." in - Arg.(value & flag & info ~docs ~doc ["closed"]) + "Only open outgoing/accept incoming connections to/from peers \ + listed in 'bootstrap-peers' or provided with '--peer' option." in + Arg.(value & flag & info ~docs ~doc ["private-mode"]) let disable_mempool = let doc = @@ -260,7 +261,8 @@ module Term = struct $ connections $ max_download_speed $ max_upload_speed $ binary_chunks_size $ peer_table_size - $ listen_addr $ peers $ no_bootstrap_peers $ bootstrap_threshold $ closed $ disable_mempool + $ listen_addr $ peers $ no_bootstrap_peers $ bootstrap_threshold + $ private_mode $ disable_mempool $ expected_pow $ rpc_listen_addr $ rpc_tls $ cors_origins $ cors_headers $ log_output @@ -280,7 +282,7 @@ let read_and_patch_config_file ?(ignore_bootstrap_peers=false) args = peer_table_size ; expected_pow ; peers ; no_bootstrap_peers ; - listen_addr ; closed ; + listen_addr ; private_mode ; disable_mempool ; rpc_listen_addr ; rpc_tls ; cors_origins ; cors_headers ; @@ -298,6 +300,6 @@ let read_and_patch_config_file ?(ignore_bootstrap_peers=false) args = ?data_dir ?min_connections ?expected_connections ?max_connections ?max_download_speed ?max_upload_speed ?binary_chunks_size ?peer_table_size ?expected_pow - ~bootstrap_peers ?listen_addr ?rpc_listen_addr - ~closed ~disable_mempool ~cors_origins ~cors_headers ?rpc_tls ?log_output + ~bootstrap_peers ?listen_addr ?rpc_listen_addr ~private_mode + ~disable_mempool ~cors_origins ~cors_headers ?rpc_tls ?log_output ?bootstrap_threshold cfg diff --git a/src/bin_node/node_shared_arg.mli b/src/bin_node/node_shared_arg.mli index c40af19ab..e8b275887 100644 --- a/src/bin_node/node_shared_arg.mli +++ b/src/bin_node/node_shared_arg.mli @@ -22,7 +22,7 @@ type t = { no_bootstrap_peers: bool ; listen_addr: string option ; rpc_listen_addr: string option ; - closed: bool ; + private_mode: bool ; disable_mempool: bool ; cors_origins: string list ; cors_headers: string list ; diff --git a/src/bin_node/tezos-sandboxed-node.sh b/src/bin_node/tezos-sandboxed-node.sh index dc47082f9..0f1304778 100755 --- a/src/bin_node/tezos-sandboxed-node.sh +++ b/src/bin_node/tezos-sandboxed-node.sh @@ -21,7 +21,7 @@ start_sandboxed_node() { peers+=("--peer") peers+=("127.0.0.1:$peer_port") done - peers+=("--closed") + peers+=("--private-mode") node="${local_node}" sandbox_param="--sandbox=$sandbox_file" diff --git a/src/lib_p2p/p2p.ml b/src/lib_p2p/p2p.ml index f5f43c525..8b8808082 100644 --- a/src/lib_p2p/p2p.ml +++ b/src/lib_p2p/p2p.ml @@ -39,7 +39,7 @@ type config = { listening_addr : P2p_addr.t option; trusted_points : P2p_point.Id.t list ; peers_file : string ; - closed_network : bool ; + private_mode : bool ; identity : P2p_identity.t ; proof_of_work_target : Crypto_box.target ; disable_mempool : bool ; @@ -98,7 +98,7 @@ let create_connection_pool config limits meta_cfg conn_meta_cfg msg_cfg io_sched listening_port = config.listening_port ; trusted_points = config.trusted_points ; peers_file = config.peers_file ; - closed_network = config.closed_network ; + private_mode = config.private_mode ; min_connections = limits.min_connections ; max_connections = limits.max_connections ; max_incoming_connections = limits.max_incoming_connections ; diff --git a/src/lib_p2p/p2p.mli b/src/lib_p2p/p2p.mli index 5b9f4b8ea..27864cbe3 100644 --- a/src/lib_p2p/p2p.mli +++ b/src/lib_p2p/p2p.mli @@ -57,9 +57,11 @@ type config = { (** The path to the JSON file where the metadata associated to peer_ids are loaded / stored. *) - closed_network : bool ; - (** If [true], the only accepted connections are from peers whose - addresses are in [trusted_points]. *) + private_mode : bool ; + (** If [true], only open outgoing/accept incoming connections + to/from peers whose addresses are in [trusted_peers], and inform + these peers that the identity of this node should be revealed to + the rest of the network. *) identity : P2p_identity.t ; (** Cryptographic identity of the peer. *) diff --git a/src/lib_p2p/p2p_maintenance.ml b/src/lib_p2p/p2p_maintenance.ml index 88f030f41..9162b46dc 100644 --- a/src/lib_p2p/p2p_maintenance.ml +++ b/src/lib_p2p/p2p_maintenance.ml @@ -31,7 +31,7 @@ type 'meta t = { It ignores points which are greylisted, or for which a connection failed after [start_time] and the pointes that are banned. It first selects points with the oldest last tentative. - Non-trusted points are also ignored if option --closed is set. *) + Non-trusted points are also ignored if option --private-mode is set. *) let connectable st start_time expected seen_points = let Pool pool = st.pool in let now = Time.now () in @@ -46,7 +46,7 @@ let connectable st start_time expected seen_points = | Some t1, Some t2 -> Time.compare t2 t1 end) in let acc = Bounded_point_info.create expected in - let closed = (P2p_pool.config pool).P2p_pool.closed_network in + let private_mode = (P2p_pool.config pool).P2p_pool.private_mode in let seen_points = P2p_pool.Points.fold_known pool ~init:seen_points ~f:begin fun point pi seen_points -> @@ -57,7 +57,7 @@ let connectable st start_time expected seen_points = *) if P2p_point.Set.mem point seen_points || P2p_pool.Points.banned pool point || - (closed && not (P2p_point_state.Info.trusted pi)) + (private_mode && not (P2p_point_state.Info.trusted pi)) then seen_points else diff --git a/src/lib_p2p/p2p_pool.ml b/src/lib_p2p/p2p_pool.ml index 747adda0a..4a4bd2fc8 100644 --- a/src/lib_p2p/p2p_pool.ml +++ b/src/lib_p2p/p2p_pool.ml @@ -168,7 +168,7 @@ type config = { trusted_points : P2p_point.Id.t list ; peers_file : string ; - closed_network : bool ; + private_mode : bool ; listening_port : P2p_addr.port option ; min_connections : int ; @@ -673,8 +673,8 @@ let rec connect ?timeout pool point = register_point pool pool.config.identity.peer_id point in let addr, port as point = P2p_point_state.Info.point point_info in fail_unless - (not pool.config.closed_network || P2p_point_state.Info.trusted point_info) - P2p_errors.Closed_network >>=? fun () -> + (not pool.config.private_mode || P2p_point_state.Info.trusted point_info) + P2p_errors.Private_mode >>=? fun () -> fail_unless_disconnected_point point_info >>=? fun () -> P2p_point_state.set_requested point_info canceler ; let fd = Lwt_unix.socket PF_INET6 SOCK_STREAM 0 in @@ -766,12 +766,12 @@ and authenticate pool ?point_info canceler fd point = in let acceptable_point = Option.unopt_map connection_point_info - ~default:(not pool.config.closed_network) + ~default:(not pool.config.private_mode) ~f:begin fun connection_point_info -> match P2p_point_state.get connection_point_info with | Requested _ -> not incoming | Disconnected -> - not pool.config.closed_network + not pool.config.private_mode || P2p_point_state.Info.trusted connection_point_info | Accepted _ | Running _ -> false end diff --git a/src/lib_p2p/p2p_pool.mli b/src/lib_p2p/p2p_pool.mli index dc47952a8..15e160668 100644 --- a/src/lib_p2p/p2p_pool.mli +++ b/src/lib_p2p/p2p_pool.mli @@ -55,9 +55,11 @@ type config = { (** The path to the JSON file where the metadata associated to peer_ids are loaded / stored. *) - closed_network : bool ; - (** If [true], the only accepted connections are from peers whose - addresses are in [trusted_peers]. *) + private_mode : bool ; + (** If [true], only open outgoing/accept incoming connections + to/from peers whose addresses are in [trusted_peers], and inform + these peers that the identity of this node should be revealed to + the rest of the network. *) listening_port : P2p_addr.port option ; (** If provided, it will be passed to [P2p_connection.authenticate] diff --git a/src/lib_p2p/test/test_p2p_pool.ml b/src/lib_p2p/test/test_p2p_pool.ml index 030b7fa31..a900e48bc 100644 --- a/src/lib_p2p/test/test_p2p_pool.ml +++ b/src/lib_p2p/test/test_p2p_pool.ml @@ -69,7 +69,7 @@ let detach_node f points n = proof_of_work_target ; trusted_points = points ; peers_file = "/dev/null" ; - closed_network = true ; + private_mode = true ; listening_port = Some port ; min_connections = nb_points ; max_connections = nb_points ; diff --git a/src/lib_shell_services/p2p_errors.ml b/src/lib_shell_services/p2p_errors.ml index 2f2413e98..a9e301ab0 100644 --- a/src/lib_shell_services/p2p_errors.ml +++ b/src/lib_shell_services/p2p_errors.ml @@ -144,7 +144,7 @@ type error += Connected type error += Connection_refused type error += Rejected of P2p_peer.Id.t type error += Too_many_connections -type error += Closed_network +type error += Private_mode type error += Point_banned of P2p_point.Id.t type error += Peer_banned of P2p_peer.Id.t @@ -200,16 +200,16 @@ let () = Data_encoding.empty (function Too_many_connections -> Some () | _ -> None) (fun () -> Too_many_connections) ; - (* Closed network *) + (* Private mode *) register_error_kind `Permanent - ~id:"node.p2p_pool.closed_network" - ~title:"Closed network" - ~description:"Network is closed." - ~pp:(fun ppf () -> Format.fprintf ppf "Network is closed.") + ~id:"node.p2p_pool.private_mode" + ~title:"Private mode" + ~description:"Node is in private mode." + ~pp:(fun ppf () -> Format.fprintf ppf "Node is in private mode.") Data_encoding.empty - (function Closed_network -> Some () | _ -> None) - (fun () -> Closed_network) ; + (function Private_mode -> Some () | _ -> None) + (fun () -> Private_mode) ; (* Point Banned *) register_error_kind `Permanent