Skip to content

Commit

Permalink
feat(network): filter private ips
Browse files Browse the repository at this point in the history
  • Loading branch information
@b00f
b00f committed Nov 3, 2023
1 parent d87b82a commit ea3ea87
Show file tree
Hide file tree
Showing 6 changed files with 102 additions and 20 deletions.
4 changes: 4 additions & 0 deletions config/example_config.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,10 @@
# Default is false.
## enable_metrics = false

# `private_network` if enabled, connects to nodes in the private network.
# Default is false.
## private_network = false

# `bootstrapper` if enabled, it runs the node in bootstrap mode.
# Default is false.
## bootstrapper = false
Expand Down
2 changes: 2 additions & 0 deletions network/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ type Config struct {
EnableRelay bool `toml:"enable_relay"`
EnableMdns bool `toml:"enable_mdns"`
EnableMetrics bool `toml:"enable_metrics"`
PrivateNetwork bool `toml:"private_network"`
Bootstrapper bool `toml:"bootstrapper"`
}

Expand Down Expand Up @@ -54,6 +55,7 @@ func DefaultConfig() *Config {
EnableRelay: false,
EnableMdns: false,
EnableMetrics: false,
PrivateNetwork: false,
Bootstrapper: false,
}
}
Expand Down
68 changes: 49 additions & 19 deletions network/network.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
lp2phost "github.com/libp2p/go-libp2p/core/host"
lp2ppeer "github.com/libp2p/go-libp2p/core/peer"
lp2prcmgr "github.com/libp2p/go-libp2p/p2p/host/resource-manager"
lp2pconngater "github.com/libp2p/go-libp2p/p2p/net/conngater"
lp2pconnmgr "github.com/libp2p/go-libp2p/p2p/net/connmgr"
ma "github.com/multiformats/go-multiaddr"
"github.com/pactus-project/pactus/util"
Expand Down Expand Up @@ -103,25 +104,25 @@ func newNetwork(networkName string, conf *Config, opts []lp2p.Option) (*network,
maxConns := conf.MaxConns
minConns := conf.MinConns
limit := lp2prcmgr.DefaultLimits
limit.SystemBaseLimit.ConnsInbound = logScale(maxConns)
limit.SystemBaseLimit.Conns = logScale(2 * maxConns)
limit.SystemBaseLimit.StreamsInbound = logScale(maxConns)
limit.SystemBaseLimit.Streams = logScale(2 * maxConns)

limit.ServiceLimitIncrease.ConnsInbound = logScale(minConns)
limit.ServiceLimitIncrease.Conns = logScale(2 * minConns)
limit.ServiceLimitIncrease.StreamsInbound = logScale(minConns)
limit.ServiceLimitIncrease.Streams = logScale(2 * minConns)

limit.TransientBaseLimit.ConnsInbound = logScale(maxConns / 2)
limit.TransientBaseLimit.Conns = logScale(2 * maxConns / 2)
limit.TransientBaseLimit.StreamsInbound = logScale(maxConns / 2)
limit.TransientBaseLimit.Streams = logScale(2 * maxConns / 2)

limit.TransientLimitIncrease.ConnsInbound = logScale(minConns / 2)
limit.TransientLimitIncrease.Conns = logScale(2 * minConns / 2)
limit.TransientLimitIncrease.StreamsInbound = logScale(minConns / 2)
limit.TransientLimitIncrease.Streams = logScale(2 * minConns / 2)
limit.SystemBaseLimit.ConnsInbound = LogScale(maxConns)
limit.SystemBaseLimit.Conns = LogScale(2 * maxConns)
limit.SystemBaseLimit.StreamsInbound = LogScale(maxConns)
limit.SystemBaseLimit.Streams = LogScale(2 * maxConns)

limit.ServiceLimitIncrease.ConnsInbound = LogScale(minConns)
limit.ServiceLimitIncrease.Conns = LogScale(2 * minConns)
limit.ServiceLimitIncrease.StreamsInbound = LogScale(minConns)
limit.ServiceLimitIncrease.Streams = LogScale(2 * minConns)

limit.TransientBaseLimit.ConnsInbound = LogScale(maxConns / 2)
limit.TransientBaseLimit.Conns = LogScale(2 * maxConns / 2)
limit.TransientBaseLimit.StreamsInbound = LogScale(maxConns / 2)
limit.TransientBaseLimit.Streams = LogScale(2 * maxConns / 2)

limit.TransientLimitIncrease.ConnsInbound = LogScale(minConns / 2)
limit.TransientLimitIncrease.Conns = LogScale(2 * minConns / 2)
limit.TransientLimitIncrease.StreamsInbound = LogScale(minConns / 2)
limit.TransientLimitIncrease.Streams = LogScale(2 * minConns / 2)

resMgr, err := lp2prcmgr.NewResourceManager(
lp2prcmgr.NewFixedLimiter(limit.AutoScale()),
Expand Down Expand Up @@ -185,6 +186,35 @@ func newNetwork(networkName string, conf *Config, opts []lp2p.Option) (*network,
)
}

// TODO: should include relay addresses
privateSubnets := PrivateSubnets()
privateFilters := SubnetsToFilters(privateSubnets, ma.ActionDeny)
addrFactory := lp2p.AddrsFactory(func(as []ma.Multiaddr) []ma.Multiaddr {
addrs := []ma.Multiaddr{}
for _, addr := range as {
if conf.PrivateNetwork || !privateFilters.AddrBlocked(addr) {
addrs = append(addrs, addr)
}
}
return addrs
})

if !conf.PrivateNetwork {
connGater, err := lp2pconngater.NewBasicConnectionGater(nil)
if err != nil {
return nil, LibP2PError{Err: err}

Check warning on line 205 in network/network.go

View check run for this annotation

Codecov / codecov/patch

network/network.go#L203-L205 

Added lines #L203 - L205 were not covered by tests
}
for _, sn := range privateSubnets {
err := connGater.BlockSubnet(sn)
if err != nil {
return nil, LibP2PError{Err: err}

Check warning on line 210 in network/network.go

View check run for this annotation

Codecov / codecov/patch

network/network.go#L208-L210 

Added lines #L208 - L210 were not covered by tests
}
}
opts = append(opts, lp2p.ConnectionGater(connGater))

Check warning on line 213 in network/network.go

View check run for this annotation

Codecov / codecov/patch

network/network.go#L213 

Added line #L213 was not covered by tests
}

opts = append(opts, addrFactory)

host, err := lp2p.New(opts...)
if err != nil {
return nil, LibP2PError{Err: err}
Expand Down
1 change: 1 addition & 0 deletions network/network_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ func testConfig() *Config {
EnableNAT: false,
EnableRelay: false,
EnableMdns: false,
PrivateNetwork: true,
}
}

Expand Down
46 changes: 45 additions & 1 deletion network/utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package network
import (
"context"
"math/bits"
"net"
"time"

lp2phost "github.com/libp2p/go-libp2p/core/host"
Expand Down Expand Up @@ -59,7 +60,50 @@ func ConnectAsync(ctx context.Context, h lp2phost.Host, addrInfo lp2ppeer.AddrIn
}()
}

func logScale(val int) int {
func LogScale(val int) int {
bitlen := bits.Len(uint(val))
return 1 << bitlen
}

func PrivateSubnets() []*net.IPNet {
privateCIDRs := []string{
// -- Ipv4 --
// localhost
"127.0.0.0/8",
// private networks
"10.0.0.0/8",
"100.64.0.0/10",
"172.16.0.0/12",
"192.168.0.0/16",
// link local
"169.254.0.0/16",

// -- Ipv6 --
// localhost
"::1/128",
// ULA reserved
"fc00::/7",
// link local
"fe80::/10",
}

subnets := []*net.IPNet{}
for _, cidr := range privateCIDRs {
_, sn, err := net.ParseCIDR(cidr)
if err != nil {
panic(err)

Check warning on line 94 in network/utils.go

View check run for this annotation

Codecov / codecov/patch

network/utils.go#L94 

Added line #L94 was not covered by tests
}
subnets = append(subnets, sn)
}

return subnets
}

func SubnetsToFilters(subnets []*net.IPNet, action multiaddr.Action) *multiaddr.Filters {
filters := multiaddr.NewFilters()
for _, sn := range subnets {
filters.AddFilter(*sn, action)
}

return filters
}
1 change: 1 addition & 0 deletions tests/main_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ func TestMain(m *testing.M) {
tConfigs[i].Sync.NodeNetwork = false
tConfigs[i].Sync.Firewall.Enabled = false
tConfigs[i].Network.EnableMdns = true
tConfigs[i].Network.PrivateNetwork = true
tConfigs[i].Network.Bootstrapper = true
tConfigs[i].Network.NetworkKey = util.TempFilePath()
tConfigs[i].Network.Listens = []string{"/ip4/127.0.0.1/tcp/0", "/ip4/127.0.0.1/udp/0/quic-v1"}
Expand Down

0 comments on commit ea3ea87

Please sign in to comment.