github/prysm
1
1
Fork 0
mirror of https://github.com/OffchainLabs/prysm.git synced 2026-01-08 23:18:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Feature: --p2p-colocation-whitelist flag to allow certain IPs to bypass colocation restrictions (#15685)

Browse Source 
* Add flag for colocation whitelisting. --p2p-ip-colocation-whitelist

This change updates the peer IP colocation checking to respect the
configured CIDR whitelist (--p2p-ip-colocation-whitelist flag).

Changes:
- Added IPColocationWhitelist field to peers.StatusConfig
- Added ipColocationWhitelist field to Status struct to store parsed IPNets
- Parse CIDR strings into net.IPNet in NewStatus constructor
- Updated isfromBadIP method to skip colocation limits for whitelisted IPs
- Pass IPColocationWhitelist from Service config when creating Status

The IP colocation whitelist allows operators to exempt specific IP ranges
from the colocation limit, useful for deployments with known trusted
address ranges or legitimate node clustering.

Only check if an IP is in the whitelist when the colocation limit
is actually exceeded, rather than checking for every IP. This is
more efficient and matches the intended behavior.

* Changelog fragment

* Apply suggestion from @nalepae

Co-authored-by: Manu NALEPA <enalepa@offchainlabs.com>

* Apply suggestion from @nalepae

Co-authored-by: Manu NALEPA <enalepa@offchainlabs.com>

* @kasey feedback: Move IP colocation parsing to the node construction

---------

Co-authored-by: Manu NALEPA <enalepa@offchainlabs.com>
This commit is contained in:
Preston Van Loon
2025-09-12 11:03:54 -05:00
committed by GitHub
parent d681232fe6
commit 1dab5a9f8a
11 changed files with 152 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/flags.go
View File

@@ -180,6 +180,13 @@ var (
"192.168.0.0/16 would deny connections from peers on your local network only. The " +
"default is to accept all connections.",
}
// P2PColocationWhitelist defines a list of CIDR addresses to exempt from IP colocation restrictions.
P2PColocationWhitelist = &cli.StringSliceFlag{
Name: "p2p-colocation-whitelist",
Usage: "CIDR addresses to exempt from gossip sub IP colocation restrictions. " +
"Can be specified multiple times. Example: " +
"192.168.1.1/32 would exempt that specific IP from colocation restrictions.",
}
PubsubQueueSize = &cli.IntFlag{
Name: "pubsub-queue-size",
Usage: "The size of the pubsub validation and outbound queue for the node.",