diff options
| author | Your Name <you@example.com> | 2026-05-19 14:25:18 +0530 |
|---|---|---|
| committer | Your Name <you@example.com> | 2026-05-19 14:25:18 +0530 |
| commit | e366ceb336550a72c76efea4c98a2a08cca27bce (patch) | |
| tree | 4b45ac6f6e97b6763f81aa6d4a9b968d23e41235 /main/firewall.c | |
| parent | 163b8badec9359373a8fc016c2b1fe9ee38e6406 (diff) | |
feat(mining): Bitcoin mining-for-bandwidth payment system
New modules:
- mining_payment.c/h: hashprice calc (nbits->difficulty->sat/GH/s/day),
share validation, client stats, allotment conversion (ms + bytes)
- stratum_client.c/h: SV1 upstream pool connection (subscribe/authorize/submit)
- stratum_proxy.c/h: Local SV1 TCP server for downstream miners, job broadcast
- sw_miner.c/h: Software SHA256d miner (ESP32 CPU fallback)
- asic_miner.c/h: ASIC detection stub (BM1366/BM1368 SPI)
Config:
- config.h/c: mining_payout_mode_t enum (auto/pool/upstream/proxy_only),
stratum pool settings, mining port, hashprice override, sandbox mint access
- Defaults fill nostr_seed_relays (8/8) and nostr_relays (4/4) with fast relays
Integration into existing modules:
- session.h/c: payment_method_t enum (CASHU/MINING/BYTES)
- firewall.h/c: firewall_set_mining_port(), firewall_set_sandbox_mint_access()
- tollgate_api.c: GET /mining/job, POST /mining/share, GET /mining/stats
- tollgate_client.h/c: TG_CLIENT_MINING state, mining discovery tag parsing
- tollgate_main.c: mining init in start_services(), stratum_client_tick() in loop
- captive_portal.c: tabbed Cashu/Mine UI with live hashrate polling
Unit tests (69 new assertions across 4 suites):
- test_mining_payment (23 tests): nbits->difficulty, hashprice, client stats, allotment
- test_stratum_proxy (21 tests): job set/get, stats, type validation
- test_session_payment_method (12 tests): PAYMENT_METHOD enum, bytes/cashu methods
- test_tollgate_client_mining (20 tests): mining tag parsing, discovery struct
- test_firewall_sandbox (16 tests): client grant/revoke, max clients, setters
Enhanced test stubs:
- BaseType_t/pdPASS in freertos/task.h
- lwip: sockets.h, etharp.h, prot/ip.h, prot/ip4.h, prot/tcp.h, netif.h
- dns_server.h, esp_wifi_ap_get_sta_list.h
Build fixes:
- cvm_server.c: replace esp_timer_get_time() with xTaskGetTickCount(),
fix process_relay_message() 3-arg call to 2-arg, add WS keepalive ping
- stratum_proxy.c: widen task_name buffer 16->20
- sw_miner.c: add missing #include esp_random.h
- nucula_src: save_proofs() moved to public in wallet.hpp
Nostr relay updates:
- nostr_seed_relays: +relay.anzenkodo.workers.dev, +nostr.koning-degraaf.nl,
+knostr.neutrine.com, +nostr.einundzwanzig.space (8/8 slots)
- nostr_relays: +relay.anzenkodo.workers.dev, +nostr.koning-degraaf.nl (4/4 slots)
Squash-merge of feature/mining-payment (5 commits: c75230e..9d98ba1)
Diffstat (limited to 'main/firewall.c')
| -rw-r--r-- | main/firewall.c | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/main/firewall.c b/main/firewall.c index 8d535b4..ae0eda7 100644 --- a/main/firewall.c +++ b/main/firewall.c | |||
| @@ -7,12 +7,16 @@ | |||
| 7 | #include "lwip/etharp.h" | 7 | #include "lwip/etharp.h" |
| 8 | #include "lwip/netif.h" | 8 | #include "lwip/netif.h" |
| 9 | #include "lwip/prot/ip4.h" | 9 | #include "lwip/prot/ip4.h" |
| 10 | #include "lwip/prot/tcp.h" | ||
| 11 | #include "lwip/prot/ip.h" | ||
| 10 | #include <string.h> | 12 | #include <string.h> |
| 11 | 13 | ||
| 12 | #define MAX_CLIENTS 10 | 14 | #define MAX_CLIENTS 10 |
| 13 | 15 | ||
| 14 | static const char *TAG = "firewall"; | 16 | static const char *TAG = "firewall"; |
| 15 | static esp_ip4_addr_t s_ap_ip; | 17 | static esp_ip4_addr_t s_ap_ip; |
| 18 | static uint16_t s_mining_port = 3333; | ||
| 19 | static bool s_sandbox_mint_access = false; | ||
| 16 | 20 | ||
| 17 | typedef struct { | 21 | typedef struct { |
| 18 | uint32_t ip; | 22 | uint32_t ip; |
| @@ -66,6 +70,46 @@ esp_err_t firewall_init(esp_ip4_addr_t ap_ip) | |||
| 66 | return ESP_OK; | 70 | return ESP_OK; |
| 67 | } | 71 | } |
| 68 | 72 | ||
| 73 | void firewall_set_mining_port(uint16_t port) | ||
| 74 | { | ||
| 75 | s_mining_port = port; | ||
| 76 | } | ||
| 77 | |||
| 78 | void firewall_set_sandbox_mint_access(bool enabled) | ||
| 79 | { | ||
| 80 | s_sandbox_mint_access = enabled; | ||
| 81 | } | ||
| 82 | |||
| 83 | static bool is_sandbox_allowed(struct pbuf *p) | ||
| 84 | { | ||
| 85 | if (p->len < IP_HLEN) return false; | ||
| 86 | struct ip_hdr *iphdr = (struct ip_hdr *)p->payload; | ||
| 87 | uint32_t dest_ip_h = lwip_ntohl(iphdr->dest.addr); | ||
| 88 | uint32_t ap_ip_h = lwip_ntohl(s_ap_ip.addr); | ||
| 89 | |||
| 90 | if (dest_ip_h == ap_ip_h) { | ||
| 91 | if (iphdr->_proto == IP_PROTO_TCP) { | ||
| 92 | uint16_t dst_port = 0; | ||
| 93 | if (p->len >= IP_HLEN + TCP_HLEN) { | ||
| 94 | struct tcp_hdr *tcphdr = (struct tcp_hdr *)((uint8_t *)p->payload + IP_HLEN); | ||
| 95 | dst_port = lwip_ntohs(tcphdr->dest); | ||
| 96 | } | ||
| 97 | if (dst_port == 80 || dst_port == 2121 || dst_port == s_mining_port) { | ||
| 98 | return true; | ||
| 99 | } | ||
| 100 | } | ||
| 101 | if (iphdr->_proto == IP_PROTO_UDP) { | ||
| 102 | return true; | ||
| 103 | } | ||
| 104 | } | ||
| 105 | |||
| 106 | if (s_sandbox_mint_access && iphdr->_proto == IP_PROTO_TCP) { | ||
| 107 | return true; | ||
| 108 | } | ||
| 109 | |||
| 110 | return false; | ||
| 111 | } | ||
| 112 | |||
| 69 | int tollgate_ip4_canforward_filter(struct pbuf *p, u32_t dest_addr_hostorder) | 113 | int tollgate_ip4_canforward_filter(struct pbuf *p, u32_t dest_addr_hostorder) |
| 70 | { | 114 | { |
| 71 | (void)dest_addr_hostorder; | 115 | (void)dest_addr_hostorder; |
| @@ -79,6 +123,9 @@ int tollgate_ip4_canforward_filter(struct pbuf *p, u32_t dest_addr_hostorder) | |||
| 79 | if (firewall_is_client_allowed(iphdr->src.addr)) { | 123 | if (firewall_is_client_allowed(iphdr->src.addr)) { |
| 80 | return 1; | 124 | return 1; |
| 81 | } | 125 | } |
| 126 | if (is_sandbox_allowed(p)) { | ||
| 127 | return 1; | ||
| 128 | } | ||
| 82 | return 0; | 129 | return 0; |
| 83 | } | 130 | } |
| 84 | 131 | ||