Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(network): filter private ips #793

Merged
merged 2 commits into from
Nov 3, 2023
Merged

feat(network): filter private ips #793

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ea3ea87
feat(network): filter private ips
b00f Nov 3, 2023
06718b6
chore: adding a log message
b00f Nov 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions config/example_config.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,10 @@
# Default is false.
## enable_metrics = false

# `private_network` if enabled, connects to nodes in the private network.
# Default is false.
## private_network = false

# `bootstrapper` if enabled, it runs the node in bootstrap mode.
# Default is false.
## bootstrapper = false
Expand Down
2 changes: 2 additions & 0 deletions network/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ type Config struct {
EnableRelay bool `toml:"enable_relay"`
EnableMdns bool `toml:"enable_mdns"`
EnableMetrics bool `toml:"enable_metrics"`
PrivateNetwork bool `toml:"private_network"`
Bootstrapper bool `toml:"bootstrapper"`
}

Expand Down Expand Up @@ -54,6 +55,7 @@ func DefaultConfig() *Config {
EnableRelay: false,
EnableMdns: false,
EnableMetrics: false,
PrivateNetwork: false,
Bootstrapper: false,
}
}
Expand Down
71 changes: 52 additions & 19 deletions network/network.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
lp2phost "github.com/libp2p/go-libp2p/core/host"
lp2ppeer "github.com/libp2p/go-libp2p/core/peer"
lp2prcmgr "github.com/libp2p/go-libp2p/p2p/host/resource-manager"
lp2pconngater "github.com/libp2p/go-libp2p/p2p/net/conngater"
lp2pconnmgr "github.com/libp2p/go-libp2p/p2p/net/connmgr"
ma "github.com/multiformats/go-multiaddr"
"github.com/pactus-project/pactus/util"
Expand Down Expand Up @@ -103,25 +104,25 @@
maxConns := conf.MaxConns
minConns := conf.MinConns
limit := lp2prcmgr.DefaultLimits
limit.SystemBaseLimit.ConnsInbound = logScale(maxConns)
limit.SystemBaseLimit.Conns = logScale(2 * maxConns)
limit.SystemBaseLimit.StreamsInbound = logScale(maxConns)
limit.SystemBaseLimit.Streams = logScale(2 * maxConns)

limit.ServiceLimitIncrease.ConnsInbound = logScale(minConns)
limit.ServiceLimitIncrease.Conns = logScale(2 * minConns)
limit.ServiceLimitIncrease.StreamsInbound = logScale(minConns)
limit.ServiceLimitIncrease.Streams = logScale(2 * minConns)

limit.TransientBaseLimit.ConnsInbound = logScale(maxConns / 2)
limit.TransientBaseLimit.Conns = logScale(2 * maxConns / 2)
limit.TransientBaseLimit.StreamsInbound = logScale(maxConns / 2)
limit.TransientBaseLimit.Streams = logScale(2 * maxConns / 2)

limit.TransientLimitIncrease.ConnsInbound = logScale(minConns / 2)
limit.TransientLimitIncrease.Conns = logScale(2 * minConns / 2)
limit.TransientLimitIncrease.StreamsInbound = logScale(minConns / 2)
limit.TransientLimitIncrease.Streams = logScale(2 * minConns / 2)
limit.SystemBaseLimit.ConnsInbound = LogScale(maxConns)
limit.SystemBaseLimit.Conns = LogScale(2 * maxConns)
limit.SystemBaseLimit.StreamsInbound = LogScale(maxConns)
limit.SystemBaseLimit.Streams = LogScale(2 * maxConns)

limit.ServiceLimitIncrease.ConnsInbound = LogScale(minConns)
limit.ServiceLimitIncrease.Conns = LogScale(2 * minConns)
limit.ServiceLimitIncrease.StreamsInbound = LogScale(minConns)
limit.ServiceLimitIncrease.Streams = LogScale(2 * minConns)

limit.TransientBaseLimit.ConnsInbound = LogScale(maxConns / 2)
limit.TransientBaseLimit.Conns = LogScale(2 * maxConns / 2)
limit.TransientBaseLimit.StreamsInbound = LogScale(maxConns / 2)
limit.TransientBaseLimit.Streams = LogScale(2 * maxConns / 2)

limit.TransientLimitIncrease.ConnsInbound = LogScale(minConns / 2)
limit.TransientLimitIncrease.Conns = LogScale(2 * minConns / 2)
limit.TransientLimitIncrease.StreamsInbound = LogScale(minConns / 2)
limit.TransientLimitIncrease.Streams = LogScale(2 * minConns / 2)

resMgr, err := lp2prcmgr.NewResourceManager(
lp2prcmgr.NewFixedLimiter(limit.AutoScale()),
Expand Down Expand Up @@ -185,6 +186,38 @@
)
}

// TODO: should include relay addresses
privateSubnets := PrivateSubnets()
privateFilters := SubnetsToFilters(privateSubnets, ma.ActionDeny)
addrFactory := lp2p.AddrsFactory(func(as []ma.Multiaddr) []ma.Multiaddr {
addrs := []ma.Multiaddr{}
for _, addr := range as {
if conf.PrivateNetwork || !privateFilters.AddrBlocked(addr) {
addrs = append(addrs, addr)
} else {
// TODO: remove me later
logger.Debug("private ip filtered", "ip", conf.PrivateNetwork)

Check warning on line 199 in network/network.go

View check run for this annotation

Codecov / codecov/patch

network/network.go#L199 

Added line #L199 was not covered by tests
}
}
return addrs
})

if !conf.PrivateNetwork {
connGater, err := lp2pconngater.NewBasicConnectionGater(nil)
if err != nil {
return nil, LibP2PError{Err: err}

Check warning on line 208 in network/network.go

View check run for this annotation

Codecov / codecov/patch

network/network.go#L206-L208 

Added lines #L206 - L208 were not covered by tests
}
for _, sn := range privateSubnets {
err := connGater.BlockSubnet(sn)
if err != nil {
return nil, LibP2PError{Err: err}

Check warning on line 213 in network/network.go

View check run for this annotation

Codecov / codecov/patch

network/network.go#L211-L213 

Added lines #L211 - L213 were not covered by tests
}
}
opts = append(opts, lp2p.ConnectionGater(connGater))

Check warning on line 216 in network/network.go

View check run for this annotation

Codecov / codecov/patch

network/network.go#L216 

Added line #L216 was not covered by tests
}

opts = append(opts, addrFactory)

host, err := lp2p.New(opts...)
if err != nil {
return nil, LibP2PError{Err: err}
Expand Down
1 change: 1 addition & 0 deletions network/network_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ func testConfig() *Config {
EnableNAT: false,
EnableRelay: false,
EnableMdns: false,
PrivateNetwork: true,
}
}

Expand Down
46 changes: 45 additions & 1 deletion network/utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import (
"context"
"math/bits"
"net"
"time"

lp2phost "github.com/libp2p/go-libp2p/core/host"
Expand Down Expand Up @@ -59,7 +60,50 @@
}()
}

func logScale(val int) int {
func LogScale(val int) int {
bitlen := bits.Len(uint(val))
return 1 << bitlen
}

func PrivateSubnets() []*net.IPNet {
privateCIDRs := []string{
// -- Ipv4 --
// localhost
"127.0.0.0/8",
// private networks
"10.0.0.0/8",
"100.64.0.0/10",
"172.16.0.0/12",
"192.168.0.0/16",
// link local
"169.254.0.0/16",

// -- Ipv6 --
// localhost
"::1/128",
// ULA reserved
"fc00::/7",
// link local
"fe80::/10",
}

subnets := []*net.IPNet{}
for _, cidr := range privateCIDRs {
_, sn, err := net.ParseCIDR(cidr)
if err != nil {
panic(err)

Check warning on line 94 in network/utils.go

View check run for this annotation

Codecov / codecov/patch

network/utils.go#L94 

Added line #L94 was not covered by tests
}
subnets = append(subnets, sn)
}

return subnets
}

func SubnetsToFilters(subnets []*net.IPNet, action multiaddr.Action) *multiaddr.Filters {
filters := multiaddr.NewFilters()
for _, sn := range subnets {
filters.AddFilter(*sn, action)
}

return filters
}
1 change: 1 addition & 0 deletions tests/main_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ func TestMain(m *testing.M) {
tConfigs[i].Sync.NodeNetwork = false
tConfigs[i].Sync.Firewall.Enabled = false
tConfigs[i].Network.EnableMdns = true
tConfigs[i].Network.PrivateNetwork = true
tConfigs[i].Network.Bootstrapper = true
tConfigs[i].Network.NetworkKey = util.TempFilePath()
tConfigs[i].Network.Listens = []string{"/ip4/127.0.0.1/tcp/0", "/ip4/127.0.0.1/udp/0/quic-v1"}
Expand Down
Loading