diff --git a/libs/tendermint/blockchain/v0/reactor.go b/libs/tendermint/blockchain/v0/reactor.go index 7c4c438451..cdcdb878c8 100644 --- a/libs/tendermint/blockchain/v0/reactor.go +++ b/libs/tendermint/blockchain/v0/reactor.go @@ -9,6 +9,7 @@ import ( amino "github.com/tendermint/go-amino" + cfg "github.com/okex/exchain/libs/tendermint/config" "github.com/okex/exchain/libs/tendermint/libs/log" "github.com/okex/exchain/libs/tendermint/p2p" sm "github.com/okex/exchain/libs/tendermint/state" @@ -202,6 +203,18 @@ func (bcR *BlockchainReactor) respondToPeer(msg *bcBlockRequestMessage, // Receive implements Reactor by handling 4 types of messages (look below). func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { + okIP := false + for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { + if src.RemoteIP().String() == ip { + okIP = true + break + } + } + if !okIP { + bcR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + return + } + msg, err := decodeMsg(msgBytes) if err != nil { bcR.Logger.Error("Error decoding message", "src", src, "chId", chID, "msg", msg, "err", err, "bytes", msgBytes) diff --git a/libs/tendermint/consensus/reactor.go b/libs/tendermint/consensus/reactor.go index 0244a26c4b..fa229e973d 100644 --- a/libs/tendermint/consensus/reactor.go +++ b/libs/tendermint/consensus/reactor.go @@ -352,6 +352,7 @@ func (conR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { } if !okIP { conR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + return } msg, err := decodeMsg(msgBytes) diff --git a/libs/tendermint/evidence/reactor.go b/libs/tendermint/evidence/reactor.go index a0e7f34b1c..64bd3061da 100644 --- a/libs/tendermint/evidence/reactor.go +++ b/libs/tendermint/evidence/reactor.go @@ -7,6 +7,7 @@ import ( amino "github.com/tendermint/go-amino" + cfg "github.com/okex/exchain/libs/tendermint/config" clist "github.com/okex/exchain/libs/tendermint/libs/clist" "github.com/okex/exchain/libs/tendermint/libs/log" "github.com/okex/exchain/libs/tendermint/p2p" @@ -63,6 +64,18 @@ func (evR *Reactor) AddPeer(peer p2p.Peer) { // Receive implements Reactor. // It adds any received evidence to the evpool. func (evR *Reactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) { + okIP := false + for _, ip := range cfg.DynamicConfig.GetConsensusIPWhitelist() { + if src.RemoteIP().String() == ip { + okIP = true + break + } + } + if !okIP { + evR.Logger.Error("consensus msg:IP not in whitelist", "IP", src.RemoteIP().String()) + return + } + msg, err := decodeMsg(msgBytes) if err != nil { evR.Logger.Error("Error decoding message", "src", src, "chId", chID, "msg", msg, "err", err, "bytes", msgBytes)