From 39517641a356bd7bc52c78eedbf9099babb2264e Mon Sep 17 00:00:00 2001 From: Steven Allen Date: Fri, 11 Oct 2024 14:01:29 -0700 Subject: [PATCH] test: disable NAT port mapping, outbound dials, inbound connections My poor network. It deserves to be treated with respect and dignity and doesn't deserve to be spammed. 1. Disable NAT port mapping. Because no, we don't want our integration tests nodes to be reachable. 2. Disable all but a single localhost/quic transport. No need to do more work than necessary. 3. Set the connection manager limits to be really high. This probably doesn't matter, but there's no need to be killing connections in our integration tests. 4. Reject all outbound dials to non-localhost addresses. --- itests/kit/ensemble.go | 11 +++++++++++ itests/kit/node_opts.go | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/itests/kit/ensemble.go b/itests/kit/ensemble.go index 1f0df3da75d..b42f9b38f5e 100644 --- a/itests/kit/ensemble.go +++ b/itests/kit/ensemble.go @@ -16,8 +16,10 @@ import ( "github.com/google/uuid" "github.com/ipfs/go-datastore" "github.com/ipfs/go-datastore/namespace" + "github.com/libp2p/go-libp2p" libp2pcrypto "github.com/libp2p/go-libp2p/core/crypto" "github.com/libp2p/go-libp2p/core/peer" + "github.com/libp2p/go-libp2p/p2p/net/conngater" mocknet "github.com/libp2p/go-libp2p/p2p/net/mock" "github.com/stretchr/testify/require" @@ -57,6 +59,7 @@ import ( "github.com/filecoin-project/lotus/node/config" "github.com/filecoin-project/lotus/node/modules" "github.com/filecoin-project/lotus/node/modules/dtypes" + "github.com/filecoin-project/lotus/node/modules/lp2p" testing2 "github.com/filecoin-project/lotus/node/modules/testing" "github.com/filecoin-project/lotus/node/repo" "github.com/filecoin-project/lotus/storage/paths" @@ -438,6 +441,13 @@ func (n *Ensemble) Start() *Ensemble { node.If(full.options.disableLibp2p, node.MockHost(n.mn)), node.Test(), + // If we're using real libp2p, disable outbound connections to all but localhost. + node.If(!full.options.disableLibp2p, + node.Override(node.ConnGaterKey, func(gater *conngater.BasicConnectionGater) (opts lp2p.Libp2pOpts, err error) { + opts.Opts = append(opts.Opts, libp2p.ConnectionGater(&loopbackConnGater{gater})) + return + })), + // so that we subscribe to pubsub topics immediately node.Override(new(dtypes.Bootstrapper), dtypes.Bootstrapper(true)), @@ -707,6 +717,7 @@ func (n *Ensemble) Start() *Ensemble { node.Repo(r), node.Test(), + node.Override(node.DefaultTransportsKey, lp2p.QUIC), node.If(m.options.disableLibp2p, node.MockHost(n.mn)), node.Override(new(v1api.RawFullNodeAPI), m.FullNode), node.Override(new(*lotusminer.Miner), lotusminer.NewTestMiner(mineBlock, m.ActorAddr)), diff --git a/itests/kit/node_opts.go b/itests/kit/node_opts.go index 6a50e60ff79..ad1f7e3edb4 100644 --- a/itests/kit/node_opts.go +++ b/itests/kit/node_opts.go @@ -2,6 +2,12 @@ package kit import ( "math" + "time" + + "github.com/libp2p/go-libp2p/core/connmgr" + "github.com/libp2p/go-libp2p/core/peer" + multiaddr "github.com/multiformats/go-multiaddr" + manet "github.com/multiformats/go-multiaddr/net" "github.com/filecoin-project/go-f3/manifest" "github.com/filecoin-project/go-state-types/abi" @@ -56,6 +62,23 @@ type nodeOpts struct { workerName string } +// Libp2p connection gater that only allows outbound connections to loopback addresses. +type loopbackConnGater struct{ connmgr.ConnectionGater } + +// InterceptAddrDial implements connmgr.ConnectionGater. +func (l *loopbackConnGater) InterceptAddrDial(p peer.ID, a multiaddr.Multiaddr) (allow bool) { + if !l.ConnectionGater.InterceptAddrDial(p, a) { + return false + } + ip, err := manet.ToIP(a) + if err != nil { + return false + } + return ip.IsLoopback() +} + +var _ connmgr.ConnectionGater = (*loopbackConnGater)(nil) + // DefaultNodeOpts are the default options that will be applied to test nodes. var DefaultNodeOpts = nodeOpts{ balance: big.Mul(big.NewInt(100000000), types.NewInt(buildconstants.FilecoinPrecision)), @@ -69,6 +92,17 @@ var DefaultNodeOpts = nodeOpts{ cfg.Fevm.EnableEthRPC = true cfg.Events.MaxFilterHeightRange = math.MaxInt64 cfg.Events.EnableActorEventsAPI = true + + // Disable external networking ffs. + cfg.Libp2p.ListenAddresses = []string{ + "/ip4/127.0.0.1/udp/0/quic-v1", + } + cfg.Libp2p.DisableNatPortMap = true + + // Nerf the connection manager. + cfg.Libp2p.ConnMgrLow = 1024 + cfg.Libp2p.ConnMgrHigh = 2048 + cfg.Libp2p.ConnMgrGrace = config.Duration(time.Hour) return nil }, },