diff --git a/itests/kit/ensemble.go b/itests/kit/ensemble.go index 1f0df3da75..b42f9b38f5 100644 --- a/itests/kit/ensemble.go +++ b/itests/kit/ensemble.go @@ -16,8 +16,10 @@ import ( "github.com/google/uuid" "github.com/ipfs/go-datastore" "github.com/ipfs/go-datastore/namespace" + "github.com/libp2p/go-libp2p" libp2pcrypto "github.com/libp2p/go-libp2p/core/crypto" "github.com/libp2p/go-libp2p/core/peer" + "github.com/libp2p/go-libp2p/p2p/net/conngater" mocknet "github.com/libp2p/go-libp2p/p2p/net/mock" "github.com/stretchr/testify/require" @@ -57,6 +59,7 @@ import ( "github.com/filecoin-project/lotus/node/config" "github.com/filecoin-project/lotus/node/modules" "github.com/filecoin-project/lotus/node/modules/dtypes" + "github.com/filecoin-project/lotus/node/modules/lp2p" testing2 "github.com/filecoin-project/lotus/node/modules/testing" "github.com/filecoin-project/lotus/node/repo" "github.com/filecoin-project/lotus/storage/paths" @@ -438,6 +441,13 @@ func (n *Ensemble) Start() *Ensemble { node.If(full.options.disableLibp2p, node.MockHost(n.mn)), node.Test(), + // If we're using real libp2p, disable outbound connections to all but localhost. + node.If(!full.options.disableLibp2p, + node.Override(node.ConnGaterKey, func(gater *conngater.BasicConnectionGater) (opts lp2p.Libp2pOpts, err error) { + opts.Opts = append(opts.Opts, libp2p.ConnectionGater(&loopbackConnGater{gater})) + return + })), + // so that we subscribe to pubsub topics immediately node.Override(new(dtypes.Bootstrapper), dtypes.Bootstrapper(true)), @@ -707,6 +717,7 @@ func (n *Ensemble) Start() *Ensemble { node.Repo(r), node.Test(), + node.Override(node.DefaultTransportsKey, lp2p.QUIC), node.If(m.options.disableLibp2p, node.MockHost(n.mn)), node.Override(new(v1api.RawFullNodeAPI), m.FullNode), node.Override(new(*lotusminer.Miner), lotusminer.NewTestMiner(mineBlock, m.ActorAddr)), diff --git a/itests/kit/node_opts.go b/itests/kit/node_opts.go index 6a50e60ff7..ad1f7e3edb 100644 --- a/itests/kit/node_opts.go +++ b/itests/kit/node_opts.go @@ -2,6 +2,12 @@ package kit import ( "math" + "time" + + "github.com/libp2p/go-libp2p/core/connmgr" + "github.com/libp2p/go-libp2p/core/peer" + multiaddr "github.com/multiformats/go-multiaddr" + manet "github.com/multiformats/go-multiaddr/net" "github.com/filecoin-project/go-f3/manifest" "github.com/filecoin-project/go-state-types/abi" @@ -56,6 +62,23 @@ type nodeOpts struct { workerName string } +// Libp2p connection gater that only allows outbound connections to loopback addresses. +type loopbackConnGater struct{ connmgr.ConnectionGater } + +// InterceptAddrDial implements connmgr.ConnectionGater. +func (l *loopbackConnGater) InterceptAddrDial(p peer.ID, a multiaddr.Multiaddr) (allow bool) { + if !l.ConnectionGater.InterceptAddrDial(p, a) { + return false + } + ip, err := manet.ToIP(a) + if err != nil { + return false + } + return ip.IsLoopback() +} + +var _ connmgr.ConnectionGater = (*loopbackConnGater)(nil) + // DefaultNodeOpts are the default options that will be applied to test nodes. var DefaultNodeOpts = nodeOpts{ balance: big.Mul(big.NewInt(100000000), types.NewInt(buildconstants.FilecoinPrecision)), @@ -69,6 +92,17 @@ var DefaultNodeOpts = nodeOpts{ cfg.Fevm.EnableEthRPC = true cfg.Events.MaxFilterHeightRange = math.MaxInt64 cfg.Events.EnableActorEventsAPI = true + + // Disable external networking ffs. + cfg.Libp2p.ListenAddresses = []string{ + "/ip4/127.0.0.1/udp/0/quic-v1", + } + cfg.Libp2p.DisableNatPortMap = true + + // Nerf the connection manager. + cfg.Libp2p.ConnMgrLow = 1024 + cfg.Libp2p.ConnMgrHigh = 2048 + cfg.Libp2p.ConnMgrGrace = config.Duration(time.Hour) return nil }, },