Skip to content

Commit

Permalink
test: disable NAT port mapping, outbound dials, inbound connections
Browse files Browse the repository at this point in the history
My poor network. It deserves to be treated with respect and dignity and
doesn't deserve to be spammed.

1. Disable NAT port mapping. Because no, we don't want our integration
tests nodes to be reachable.
2. Disable all but a single localhost/quic transport. No need to do more
work than necessary.
3. Set the connection manager limits to be really high. This probably
doesn't matter, but there's no need to be killing connections in our
integration tests.
4. Reject all outbound dials to non-localhost addresses.
  • Loading branch information
Stebalien committed Oct 11, 2024
1 parent 4d4d473 commit 3ccfb2b
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 0 deletions.
11 changes: 11 additions & 0 deletions itests/kit/ensemble.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
"github.com/google/uuid"
"github.com/ipfs/go-datastore"
"github.com/ipfs/go-datastore/namespace"
"github.com/libp2p/go-libp2p"
libp2pcrypto "github.com/libp2p/go-libp2p/core/crypto"
"github.com/libp2p/go-libp2p/core/peer"
mocknet "github.com/libp2p/go-libp2p/p2p/net/mock"
Expand Down Expand Up @@ -57,6 +58,7 @@ import (
"github.com/filecoin-project/lotus/node/config"
"github.com/filecoin-project/lotus/node/modules"
"github.com/filecoin-project/lotus/node/modules/dtypes"
"github.com/filecoin-project/lotus/node/modules/lp2p"
testing2 "github.com/filecoin-project/lotus/node/modules/testing"
"github.com/filecoin-project/lotus/node/repo"
"github.com/filecoin-project/lotus/storage/paths"
Expand Down Expand Up @@ -438,6 +440,13 @@ func (n *Ensemble) Start() *Ensemble {
node.If(full.options.disableLibp2p, node.MockHost(n.mn)),
node.Test(),

// If we're using real libp2p, disable outbound connections to all but localhost.
node.If(!full.options.disableLibp2p,
node.Override(node.ConnGaterKey, func() (opts lp2p.Libp2pOpts, err error) {
opts.Opts = append(opts.Opts, libp2p.ConnectionGater(new(loopbackConnGater)))
return
})),

// so that we subscribe to pubsub topics immediately
node.Override(new(dtypes.Bootstrapper), dtypes.Bootstrapper(true)),

Expand Down Expand Up @@ -707,6 +716,8 @@ func (n *Ensemble) Start() *Ensemble {
node.Repo(r),
node.Test(),

node.Override(node.DefaultTransportsKey, lp2p.QUIC),
node.Override(node.DefaultTransportsKey, lp2p.QUIC),
node.If(m.options.disableLibp2p, node.MockHost(n.mn)),
node.Override(new(v1api.RawFullNodeAPI), m.FullNode),
node.Override(new(*lotusminer.Miner), lotusminer.NewTestMiner(mineBlock, m.ActorAddr)),
Expand Down
53 changes: 53 additions & 0 deletions itests/kit/node_opts.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@ package kit

import (
"math"
"time"

"github.com/libp2p/go-libp2p/core/connmgr"
"github.com/libp2p/go-libp2p/core/control"
"github.com/libp2p/go-libp2p/core/network"
"github.com/libp2p/go-libp2p/core/peer"
multiaddr "github.com/multiformats/go-multiaddr"
manet "github.com/multiformats/go-multiaddr/net"

"github.com/filecoin-project/go-f3/manifest"
"github.com/filecoin-project/go-state-types/abi"
Expand Down Expand Up @@ -56,6 +64,40 @@ type nodeOpts struct {
workerName string
}

// Libp2p connection gater that only allows outbound connections to loopback addresses.
type loopbackConnGater struct{}

// InterceptAccept implements connmgr.ConnectionGater.
func (l *loopbackConnGater) InterceptAccept(network.ConnMultiaddrs) (allow bool) {
return true
}

// InterceptAddrDial implements connmgr.ConnectionGater.
func (l *loopbackConnGater) InterceptAddrDial(p peer.ID, a multiaddr.Multiaddr) (allow bool) {
ip, err := manet.ToIP(a)
if err != nil {
return false
}
return ip.IsLoopback()
}

// InterceptPeerDial implements connmgr.ConnectionGater.
func (l *loopbackConnGater) InterceptPeerDial(p peer.ID) (allow bool) {
return true
}

// InterceptSecured implements connmgr.ConnectionGater.
func (l *loopbackConnGater) InterceptSecured(network.Direction, peer.ID, network.ConnMultiaddrs) (allow bool) {
return true
}

// InterceptUpgraded implements connmgr.ConnectionGater.
func (l *loopbackConnGater) InterceptUpgraded(network.Conn) (allow bool, reason control.DisconnectReason) {
return true, 0
}

var _ connmgr.ConnectionGater = (*loopbackConnGater)(nil)

// DefaultNodeOpts are the default options that will be applied to test nodes.
var DefaultNodeOpts = nodeOpts{
balance: big.Mul(big.NewInt(100000000), types.NewInt(buildconstants.FilecoinPrecision)),
Expand All @@ -69,6 +111,17 @@ var DefaultNodeOpts = nodeOpts{
cfg.Fevm.EnableEthRPC = true
cfg.Events.MaxFilterHeightRange = math.MaxInt64
cfg.Events.EnableActorEventsAPI = true

// Disable external networking ffs.
cfg.Libp2p.ListenAddresses = []string{
"/ip4/127.0.0.1/udp/0/quic-v1",
}
cfg.Libp2p.DisableNatPortMap = true

// Nerf the connection manager.
cfg.Libp2p.ConnMgrLow = 1024
cfg.Libp2p.ConnMgrHigh = 2048
cfg.Libp2p.ConnMgrGrace = config.Duration(time.Hour)
return nil
},
},
Expand Down

0 comments on commit 3ccfb2b

Please sign in to comment.