Skip to content

Commit 1893fc1

Browse files
tomakaarkpar
authored andcommitted
Add a --no-private-ipv4 CLI option (paritytech#4042)
* Add a --no-private-ipv4 CLI option * Fix tests * Fix tests
1 parent 7882745 commit 1893fc1

File tree

8 files changed

+56
-8
lines changed

8 files changed

+56
-8
lines changed

core/cli/src/lib.rs

+2-1
Original file line numberDiff line numberDiff line change
@@ -343,7 +343,7 @@ impl<'a> ParseAndPrepareBuildSpec<'a> {
343343
];
344344
spec.add_boot_node(addr)
345345
}
346-
346+
347347
let json = service::chain_ops::build_spec(spec, raw_output)?;
348348

349349
print!("{}", json);
@@ -625,6 +625,7 @@ fn fill_network_configuration(
625625

626626
config.transport = TransportConfig::Normal {
627627
enable_mdns: !is_dev && !cli.no_mdns,
628+
allow_private_ipv4: !cli.no_private_ipv4,
628629
wasm_external_transport: None,
629630
};
630631

core/cli/src/params.rs

+6
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,12 @@ pub struct NetworkConfigurationParams {
145145
#[structopt(long = "port", value_name = "PORT")]
146146
pub port: Option<u16>,
147147

148+
/// Allow connecting to private IPv4 addresses (as specified in
149+
/// [RFC1918](https://tools.ietf.org/html/rfc1918)), unless the address was passed with
150+
/// `--reserved-nodes` or `--bootnodes`.
151+
#[structopt(long = "no-private-ipv4")]
152+
pub no_private_ipv4: bool,
153+
148154
/// Specify the number of outgoing connections we're trying to maintain.
149155
#[structopt(long = "out-peers", value_name = "COUNT", default_value = "25")]
150156
pub out_peers: u32,

core/network/src/behaviour.rs

+7-1
Original file line numberDiff line numberDiff line change
@@ -62,11 +62,17 @@ impl<B: BlockT, S: NetworkSpecialization<B>, H: ExHashT> Behaviour<B, S, H> {
6262
local_public_key: PublicKey,
6363
known_addresses: Vec<(PeerId, Multiaddr)>,
6464
enable_mdns: bool,
65+
allow_private_ipv4: bool,
6566
) -> Self {
6667
Behaviour {
6768
substrate,
6869
debug_info: debug_info::DebugInfoBehaviour::new(user_agent, local_public_key.clone()),
69-
discovery: DiscoveryBehaviour::new(local_public_key, known_addresses, enable_mdns),
70+
discovery: DiscoveryBehaviour::new(
71+
local_public_key,
72+
known_addresses,
73+
enable_mdns,
74+
allow_private_ipv4
75+
),
7076
events: Vec::new(),
7177
}
7278
}

core/network/src/config.rs

+6
Original file line numberDiff line numberDiff line change
@@ -282,6 +282,7 @@ impl Default for NetworkConfiguration {
282282
node_name: "unknown".into(),
283283
transport: TransportConfig::Normal {
284284
enable_mdns: false,
285+
allow_private_ipv4: true,
285286
wasm_external_transport: None,
286287
},
287288
max_parallel_downloads: 5,
@@ -327,6 +328,11 @@ pub enum TransportConfig {
327328
/// and connect to them if they support the same chain.
328329
enable_mdns: bool,
329330

331+
/// If true, allow connecting to private IPv4 addresses (as defined in
332+
/// [RFC1918](https://tools.ietf.org/html/rfc1918)), unless the address has been passed in
333+
/// [`NetworkConfiguration::reserved_nodes`] or [`NetworkConfiguration::boot_nodes`].
334+
allow_private_ipv4: bool,
335+
330336
/// Optional external implementation of a libp2p transport. Used in WASM contexts where we
331337
/// need some binding between the networking provided by the operating system or environment
332338
/// and libp2p.

core/network/src/discovery.rs

+28-5
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,9 @@ pub struct DiscoveryBehaviour<TSubstream> {
8585
local_peer_id: PeerId,
8686
/// Number of nodes we're currently connected to.
8787
num_connections: u64,
88+
/// If false, `addresses_of_peer` won't return any private IPv4 address, except for the ones
89+
/// stored in `user_defined`.
90+
allow_private_ipv4: bool,
8891
}
8992

9093
impl<TSubstream> DiscoveryBehaviour<TSubstream> {
@@ -94,7 +97,8 @@ impl<TSubstream> DiscoveryBehaviour<TSubstream> {
9497
pub fn new(
9598
local_public_key: PublicKey,
9699
user_defined: Vec<(PeerId, Multiaddr)>,
97-
enable_mdns: bool
100+
enable_mdns: bool,
101+
allow_private_ipv4: bool,
98102
) -> Self {
99103
if enable_mdns {
100104
#[cfg(target_os = "unknown")]
@@ -116,6 +120,7 @@ impl<TSubstream> DiscoveryBehaviour<TSubstream> {
116120
discoveries: VecDeque::new(),
117121
local_peer_id: local_public_key.into_peer_id(),
118122
num_connections: 0,
123+
allow_private_ipv4,
119124
#[cfg(not(target_os = "unknown"))]
120125
mdns: if enable_mdns {
121126
match Mdns::new() {
@@ -214,9 +219,27 @@ where
214219
let mut list = self.user_defined.iter()
215220
.filter_map(|(p, a)| if p == peer_id { Some(a.clone()) } else { None })
216221
.collect::<Vec<_>>();
217-
list.extend(self.kademlia.addresses_of_peer(peer_id));
218-
#[cfg(not(target_os = "unknown"))]
219-
list.extend(self.mdns.addresses_of_peer(peer_id));
222+
223+
{
224+
let mut list_to_filter = self.kademlia.addresses_of_peer(peer_id);
225+
#[cfg(not(target_os = "unknown"))]
226+
list_to_filter.extend(self.mdns.addresses_of_peer(peer_id));
227+
228+
if !self.allow_private_ipv4 {
229+
list_to_filter.retain(|addr| {
230+
if let Some(Protocol::Ip4(addr)) = addr.iter().next() {
231+
if addr.is_private() {
232+
return false;
233+
}
234+
}
235+
236+
true
237+
});
238+
}
239+
240+
list.extend(list_to_filter);
241+
}
242+
220243
trace!(target: "sub-libp2p", "Addresses of {:?} are {:?}", peer_id, list);
221244
if list.is_empty() {
222245
if self.kademlia.kbuckets_entries().any(|p| p == peer_id) {
@@ -457,7 +480,7 @@ mod tests {
457480
upgrade::apply(stream, upgrade, endpoint, libp2p::core::upgrade::Version::V1)
458481
});
459482

460-
let behaviour = DiscoveryBehaviour::new(keypair.public(), user_defined.clone(), false);
483+
let behaviour = DiscoveryBehaviour::new(keypair.public(), user_defined.clone(), false, true);
461484
let mut swarm = Swarm::new(transport, behaviour, keypair.public().into_peer_id());
462485
let listen_addr: Multiaddr = format!("/memory/{}", rand::random::<u64>()).parse().unwrap();
463486

core/network/src/service.rs

+5-1
Original file line numberDiff line numberDiff line change
@@ -225,7 +225,11 @@ impl<B: BlockT + 'static, S: NetworkSpecialization<B>, H: ExHashT> NetworkWorker
225225
match params.network_config.transport {
226226
TransportConfig::MemoryOnly => false,
227227
TransportConfig::Normal { enable_mdns, .. } => enable_mdns,
228-
}
228+
},
229+
match params.network_config.transport {
230+
TransportConfig::MemoryOnly => false,
231+
TransportConfig::Normal { allow_private_ipv4, .. } => allow_private_ipv4,
232+
},
229233
);
230234
let (transport, bandwidth) = {
231235
let (config_mem, config_wasm) = match params.network_config.transport {

core/service/test/src/lib.rs

+1
Original file line numberDiff line numberDiff line change
@@ -158,6 +158,7 @@ fn node_config<G, E: Clone> (
158158
node_name: "unknown".to_owned(),
159159
transport: TransportConfig::Normal {
160160
enable_mdns: false,
161+
allow_private_ipv4: true,
161162
wasm_external_transport: None,
162163
},
163164
max_parallel_downloads: NetworkConfiguration::default().max_parallel_downloads,

node/cli/src/browser.rs

+1
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ fn start_inner(wasm_ext: wasm_ext::ffi::Transport) -> Result<Client, Box<dyn std
4242
let mut config = Configuration::<(), _, _>::default_with_spec_and_base_path(chain_spec, None);
4343
config.network.transport = network::config::TransportConfig::Normal {
4444
wasm_external_transport: Some(wasm_ext.clone()),
45+
allow_private_ipv4: true,
4546
enable_mdns: false,
4647
};
4748
config.telemetry_external_transport = Some(wasm_ext);

0 commit comments

Comments
 (0)