Skip to content

Commit

Permalink
test: disable NAT port mapping, outbound dials, inbound connections (#…
Browse files Browse the repository at this point in the history
…12591)

My poor network. It deserves to be treated with respect and dignity and
doesn't deserve to be spammed.

1. Disable NAT port mapping. Because no, we don't want our integration
tests nodes to be reachable.
2. Disable all but a single localhost/quic transport. No need to do more
work than necessary.
3. Set the connection manager limits to be really high. This probably
doesn't matter, but there's no need to be killing connections in our
integration tests.
4. Reject all outbound dials to non-localhost addresses.
  • Loading branch information
Stebalien authored Oct 15, 2024
1 parent d4b8af9 commit a89cf6d
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 0 deletions.
11 changes: 11 additions & 0 deletions itests/kit/ensemble.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,10 @@ import (
"github.com/google/uuid"
"github.com/ipfs/go-datastore"
"github.com/ipfs/go-datastore/namespace"
"github.com/libp2p/go-libp2p"
libp2pcrypto "github.com/libp2p/go-libp2p/core/crypto"
"github.com/libp2p/go-libp2p/core/peer"
"github.com/libp2p/go-libp2p/p2p/net/conngater"
mocknet "github.com/libp2p/go-libp2p/p2p/net/mock"
"github.com/stretchr/testify/require"

Expand Down Expand Up @@ -57,6 +59,7 @@ import (
"github.com/filecoin-project/lotus/node/config"
"github.com/filecoin-project/lotus/node/modules"
"github.com/filecoin-project/lotus/node/modules/dtypes"
"github.com/filecoin-project/lotus/node/modules/lp2p"
testing2 "github.com/filecoin-project/lotus/node/modules/testing"
"github.com/filecoin-project/lotus/node/repo"
"github.com/filecoin-project/lotus/storage/paths"
Expand Down Expand Up @@ -438,6 +441,13 @@ func (n *Ensemble) Start() *Ensemble {
node.If(full.options.disableLibp2p, node.MockHost(n.mn)),
node.Test(),

// If we're using real libp2p, disable outbound connections to all but localhost.
node.If(!full.options.disableLibp2p,
node.Override(node.ConnGaterKey, func(gater *conngater.BasicConnectionGater) (opts lp2p.Libp2pOpts, err error) {
opts.Opts = append(opts.Opts, libp2p.ConnectionGater(&loopbackConnGater{gater}))
return
})),

// so that we subscribe to pubsub topics immediately
node.Override(new(dtypes.Bootstrapper), dtypes.Bootstrapper(true)),

Expand Down Expand Up @@ -707,6 +717,7 @@ func (n *Ensemble) Start() *Ensemble {
node.Repo(r),
node.Test(),

node.Override(node.DefaultTransportsKey, lp2p.QUIC),
node.If(m.options.disableLibp2p, node.MockHost(n.mn)),
node.Override(new(v1api.RawFullNodeAPI), m.FullNode),
node.Override(new(*lotusminer.Miner), lotusminer.NewTestMiner(mineBlock, m.ActorAddr)),
Expand Down
34 changes: 34 additions & 0 deletions itests/kit/node_opts.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,12 @@ package kit

import (
"math"
"time"

"github.com/libp2p/go-libp2p/core/connmgr"
"github.com/libp2p/go-libp2p/core/peer"
multiaddr "github.com/multiformats/go-multiaddr"
manet "github.com/multiformats/go-multiaddr/net"

"github.com/filecoin-project/go-f3/manifest"
"github.com/filecoin-project/go-state-types/abi"
Expand Down Expand Up @@ -56,6 +62,23 @@ type nodeOpts struct {
workerName string
}

// Libp2p connection gater that only allows outbound connections to loopback addresses.
type loopbackConnGater struct{ connmgr.ConnectionGater }

// InterceptAddrDial implements connmgr.ConnectionGater.
func (l *loopbackConnGater) InterceptAddrDial(p peer.ID, a multiaddr.Multiaddr) (allow bool) {
if !l.ConnectionGater.InterceptAddrDial(p, a) {
return false
}
ip, err := manet.ToIP(a)
if err != nil {
return false
}
return ip.IsLoopback()
}

var _ connmgr.ConnectionGater = (*loopbackConnGater)(nil)

// DefaultNodeOpts are the default options that will be applied to test nodes.
var DefaultNodeOpts = nodeOpts{
balance: big.Mul(big.NewInt(100000000), types.NewInt(buildconstants.FilecoinPrecision)),
Expand All @@ -69,6 +92,17 @@ var DefaultNodeOpts = nodeOpts{
cfg.Fevm.EnableEthRPC = true
cfg.Events.MaxFilterHeightRange = math.MaxInt64
cfg.Events.EnableActorEventsAPI = true

// Disable external networking ffs.
cfg.Libp2p.ListenAddresses = []string{
"/ip4/127.0.0.1/udp/0/quic-v1",
}
cfg.Libp2p.DisableNatPortMap = true

// Nerf the connection manager.
cfg.Libp2p.ConnMgrLow = 1024
cfg.Libp2p.ConnMgrHigh = 2048
cfg.Libp2p.ConnMgrGrace = config.Duration(time.Hour)
return nil
},
},
Expand Down

0 comments on commit a89cf6d

Please sign in to comment.