refactor settings for local dial info filter
This commit is contained in:
parent
a12c8eabb3
commit
27bca1a538
@ -3,4 +3,4 @@ core:
|
|||||||
network:
|
network:
|
||||||
dht:
|
dht:
|
||||||
min_peer_count: 1
|
min_peer_count: 1
|
||||||
address_filter: false
|
enable_local_peer_scope: true
|
||||||
|
@ -966,8 +966,8 @@ impl RPCProcessor {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// filter out attempts to pass non-public addresses in for peers
|
// filter out attempts to pass non-public addresses in for peers
|
||||||
let address_filter = self.config.get().network.address_filter;
|
let enable_local_peer_scope = self.config.get().network.enable_local_peer_scope;
|
||||||
if address_filter {
|
if !enable_local_peer_scope {
|
||||||
for di in &peer_info.dial_infos {
|
for di in &peer_info.dial_infos {
|
||||||
if !di.is_global() {
|
if !di.is_global() {
|
||||||
// non-public address causes rejection
|
// non-public address causes rejection
|
||||||
@ -983,7 +983,7 @@ impl RPCProcessor {
|
|||||||
.map_err(map_error_string!())?;
|
.map_err(map_error_string!())?;
|
||||||
|
|
||||||
// find N nodes closest to the target node in our routing table
|
// find N nodes closest to the target node in our routing table
|
||||||
let peer_scope = if address_filter {
|
let peer_scope = if !enable_local_peer_scope {
|
||||||
PeerScope::Global
|
PeerScope::Global
|
||||||
} else {
|
} else {
|
||||||
PeerScope::All
|
PeerScope::All
|
||||||
@ -1454,7 +1454,7 @@ impl RPCProcessor {
|
|||||||
safety_route: Option<&SafetyRouteSpec>,
|
safety_route: Option<&SafetyRouteSpec>,
|
||||||
respond_to: RespondTo,
|
respond_to: RespondTo,
|
||||||
) -> Result<FindNodeAnswer, RPCError> {
|
) -> Result<FindNodeAnswer, RPCError> {
|
||||||
let address_filter = self.config.get().network.address_filter;
|
let enable_local_peer_scope = self.config.get().network.enable_local_peer_scope;
|
||||||
let find_node_q_msg = {
|
let find_node_q_msg = {
|
||||||
let mut find_node_q_msg = ::capnp::message::Builder::new_default();
|
let mut find_node_q_msg = ::capnp::message::Builder::new_default();
|
||||||
let mut question = find_node_q_msg.init_root::<veilid_capnp::operation::Builder>();
|
let mut question = find_node_q_msg.init_root::<veilid_capnp::operation::Builder>();
|
||||||
@ -1467,11 +1467,13 @@ impl RPCProcessor {
|
|||||||
encode_public_key(&key, &mut node_id_builder)?;
|
encode_public_key(&key, &mut node_id_builder)?;
|
||||||
let mut peer_info_builder = fnq.reborrow().init_peer_info();
|
let mut peer_info_builder = fnq.reborrow().init_peer_info();
|
||||||
|
|
||||||
let own_peer_info = self.routing_table().get_own_peer_info(if address_filter {
|
let own_peer_info =
|
||||||
PeerScope::Global
|
self.routing_table()
|
||||||
} else {
|
.get_own_peer_info(if !enable_local_peer_scope {
|
||||||
PeerScope::All
|
PeerScope::Global
|
||||||
});
|
} else {
|
||||||
|
PeerScope::All
|
||||||
|
});
|
||||||
if own_peer_info.dial_infos.is_empty() {
|
if own_peer_info.dial_infos.is_empty() {
|
||||||
return Err(rpc_error_internal("No valid public dial info for own node"));
|
return Err(rpc_error_internal("No valid public dial info for own node"));
|
||||||
}
|
}
|
||||||
@ -1520,7 +1522,7 @@ impl RPCProcessor {
|
|||||||
let peer_info = decode_peer_info(&p)?;
|
let peer_info = decode_peer_info(&p)?;
|
||||||
|
|
||||||
// reject attempts to include non-public addresses in results
|
// reject attempts to include non-public addresses in results
|
||||||
if address_filter {
|
if !enable_local_peer_scope {
|
||||||
for di in &peer_info.dial_infos {
|
for di in &peer_info.dial_infos {
|
||||||
if !di.is_global() {
|
if !di.is_global() {
|
||||||
// non-public address causes rejection
|
// non-public address causes rejection
|
||||||
|
@ -184,7 +184,7 @@ pub fn config_callback(key: String) -> Result<Box<dyn core::any::Any>, String> {
|
|||||||
"network.dht.validate_dial_info_receipt_time" => Ok(Box::new(5000000u64)),
|
"network.dht.validate_dial_info_receipt_time" => Ok(Box::new(5000000u64)),
|
||||||
"network.upnp" => Ok(Box::new(false)),
|
"network.upnp" => Ok(Box::new(false)),
|
||||||
"network.natpmp" => Ok(Box::new(false)),
|
"network.natpmp" => Ok(Box::new(false)),
|
||||||
"network.address_filter" => Ok(Box::new(true)),
|
"network.enable_local_peer_scope" => Ok(Box::new(false)),
|
||||||
"network.restricted_nat_retries" => Ok(Box::new(3u32)),
|
"network.restricted_nat_retries" => Ok(Box::new(3u32)),
|
||||||
"network.tls.certificate_path" => Ok(Box::new(get_certfile_path())),
|
"network.tls.certificate_path" => Ok(Box::new(get_certfile_path())),
|
||||||
"network.tls.private_key_path" => Ok(Box::new(get_keyfile_path())),
|
"network.tls.private_key_path" => Ok(Box::new(get_keyfile_path())),
|
||||||
@ -279,7 +279,7 @@ pub async fn test_config() {
|
|||||||
|
|
||||||
assert_eq!(inner.network.upnp, false);
|
assert_eq!(inner.network.upnp, false);
|
||||||
assert_eq!(inner.network.natpmp, false);
|
assert_eq!(inner.network.natpmp, false);
|
||||||
assert_eq!(inner.network.address_filter, true);
|
assert_eq!(inner.network.enable_local_peer_scope, false);
|
||||||
assert_eq!(inner.network.restricted_nat_retries, 3u32);
|
assert_eq!(inner.network.restricted_nat_retries, 3u32);
|
||||||
assert_eq!(inner.network.tls.certificate_path, get_certfile_path());
|
assert_eq!(inner.network.tls.certificate_path, get_certfile_path());
|
||||||
assert_eq!(inner.network.tls.private_key_path, get_keyfile_path());
|
assert_eq!(inner.network.tls.private_key_path, get_keyfile_path());
|
||||||
|
@ -130,7 +130,7 @@ pub struct VeilidConfigNetwork {
|
|||||||
pub dht: VeilidConfigDHT,
|
pub dht: VeilidConfigDHT,
|
||||||
pub upnp: bool,
|
pub upnp: bool,
|
||||||
pub natpmp: bool,
|
pub natpmp: bool,
|
||||||
pub address_filter: bool,
|
pub enable_local_peer_scope: bool,
|
||||||
pub restricted_nat_retries: u32,
|
pub restricted_nat_retries: u32,
|
||||||
pub tls: VeilidConfigTLS,
|
pub tls: VeilidConfigTLS,
|
||||||
pub application: VeilidConfigApplication,
|
pub application: VeilidConfigApplication,
|
||||||
@ -232,7 +232,7 @@ impl VeilidConfig {
|
|||||||
get_config!(inner.network.rpc.max_route_hop_count);
|
get_config!(inner.network.rpc.max_route_hop_count);
|
||||||
get_config!(inner.network.upnp);
|
get_config!(inner.network.upnp);
|
||||||
get_config!(inner.network.natpmp);
|
get_config!(inner.network.natpmp);
|
||||||
get_config!(inner.network.address_filter);
|
get_config!(inner.network.enable_local_peer_scope);
|
||||||
get_config!(inner.network.restricted_nat_retries);
|
get_config!(inner.network.restricted_nat_retries);
|
||||||
get_config!(inner.network.tls.certificate_path);
|
get_config!(inner.network.tls.certificate_path);
|
||||||
get_config!(inner.network.tls.private_key_path);
|
get_config!(inner.network.tls.private_key_path);
|
||||||
|
@ -66,7 +66,7 @@ core:
|
|||||||
validate_dial_info_receipt_time: 5000000
|
validate_dial_info_receipt_time: 5000000
|
||||||
upnp: false
|
upnp: false
|
||||||
natpmp: false
|
natpmp: false
|
||||||
address_filter: true
|
enable_local_peer_scope: false
|
||||||
restricted_nat_retries: 3
|
restricted_nat_retries: 3
|
||||||
tls:
|
tls:
|
||||||
certificate_path: "/etc/veilid/server.crt"
|
certificate_path: "/etc/veilid/server.crt"
|
||||||
@ -425,7 +425,7 @@ pub struct Network {
|
|||||||
pub dht: Dht,
|
pub dht: Dht,
|
||||||
pub upnp: bool,
|
pub upnp: bool,
|
||||||
pub natpmp: bool,
|
pub natpmp: bool,
|
||||||
pub address_filter: bool,
|
pub enable_local_peer_scope: bool,
|
||||||
pub restricted_nat_retries: u32,
|
pub restricted_nat_retries: u32,
|
||||||
pub tls: Tls,
|
pub tls: Tls,
|
||||||
pub application: Application,
|
pub application: Application,
|
||||||
@ -688,7 +688,9 @@ impl Settings {
|
|||||||
)),
|
)),
|
||||||
"network.upnp" => Ok(Box::new(inner.core.network.upnp)),
|
"network.upnp" => Ok(Box::new(inner.core.network.upnp)),
|
||||||
"network.natpmp" => Ok(Box::new(inner.core.network.natpmp)),
|
"network.natpmp" => Ok(Box::new(inner.core.network.natpmp)),
|
||||||
"network.address_filter" => Ok(Box::new(inner.core.network.address_filter)),
|
"network.enable_local_peer_scope" => {
|
||||||
|
Ok(Box::new(inner.core.network.enable_local_peer_scope))
|
||||||
|
}
|
||||||
"network.restricted_nat_retries" => {
|
"network.restricted_nat_retries" => {
|
||||||
Ok(Box::new(inner.core.network.restricted_nat_retries))
|
Ok(Box::new(inner.core.network.restricted_nat_retries))
|
||||||
}
|
}
|
||||||
@ -981,7 +983,7 @@ mod tests {
|
|||||||
//
|
//
|
||||||
assert_eq!(s.core.network.upnp, false);
|
assert_eq!(s.core.network.upnp, false);
|
||||||
assert_eq!(s.core.network.natpmp, false);
|
assert_eq!(s.core.network.natpmp, false);
|
||||||
assert_eq!(s.core.network.address_filter, true);
|
assert_eq!(s.core.network.enable_local_peer_scope, false);
|
||||||
assert_eq!(s.core.network.restricted_nat_retries, 3u32);
|
assert_eq!(s.core.network.restricted_nat_retries, 3u32);
|
||||||
//
|
//
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
|
@ -119,7 +119,7 @@ impl JsVeilidCore {
|
|||||||
"network.dht.validate_dial_info_receipt_time" => Self::value_to_u64(val),
|
"network.dht.validate_dial_info_receipt_time" => Self::value_to_u64(val),
|
||||||
"network.upnp" => Self::value_to_bool(val),
|
"network.upnp" => Self::value_to_bool(val),
|
||||||
"network.natpmp" => Self::value_to_bool(val),
|
"network.natpmp" => Self::value_to_bool(val),
|
||||||
"network.address_filter" => Self::value_to_bool(val),
|
"network.enable_local_peer_scope" => Self::value_to_bool(val),
|
||||||
"network.restricted_nat_retries" => Self::value_to_u32(val),
|
"network.restricted_nat_retries" => Self::value_to_u32(val),
|
||||||
"network.tls.certificate_path" => Self::value_to_string(val),
|
"network.tls.certificate_path" => Self::value_to_string(val),
|
||||||
"network.tls.private_key_path" => Self::value_to_string(val),
|
"network.tls.private_key_path" => Self::value_to_string(val),
|
||||||
|
@ -62,7 +62,7 @@ fn init_callbacks() {
|
|||||||
case "network.dht.validate_dial_info_receipt_time": return 5000000;
|
case "network.dht.validate_dial_info_receipt_time": return 5000000;
|
||||||
case "network.upnp": return false;
|
case "network.upnp": return false;
|
||||||
case "network.natpmp": return false;
|
case "network.natpmp": return false;
|
||||||
case "network.address_filter": return true;
|
case "network.enable_local_peer_scope": return false;
|
||||||
case "network.restricted_nat_retries": return 3;
|
case "network.restricted_nat_retries": return 3;
|
||||||
case "network.tls.certificate_path": return "";
|
case "network.tls.certificate_path": return "";
|
||||||
case "network.tls.private_key_path": return "";
|
case "network.tls.private_key_path": return "";
|
||||||
|
Loading…
Reference in New Issue
Block a user