bind_public_ipv6_to_private_interface

Niko PLP 2 years ago
parent 76cd0b3bd8
commit 44da6e133c
  1. 17
      ngd/src/main.rs
  2. 8
      p2p-broker/src/server_ws.rs
  3. 38
      p2p-net/src/types.rs

@ -402,7 +402,7 @@ async fn main_inner() -> Result<(), ()> {
} else {
// on purpose we don't log the key, just print it out to stdout, as it should not be saved in logger's files
println!("YOUR GENERATED KEY IS: {}", master_key);
log_err!("At your request, the key wasn't saved.");
log_err!("At your request, the key wasn't saved. If you want to save it to disk, use ---save-key");
log_err!("provide it again to the next start of ngd with --key option or NG_SERVER_KEY env variable");
}
res
@ -447,7 +447,7 @@ async fn main_inner() -> Result<(), ()> {
if config.is_some() && !args.print_config {
log_err!(
"A config file is present. You can use the Quick config options on the command-line. In order to use them, delete your config file first. cannot start"
"A config file is present. You cannot use the Quick config options on the command-line. In order to use them, delete your config file first. cannot start"
);
return Err(());
}
@ -524,6 +524,12 @@ async fn main_inner() -> Result<(), ()> {
&& listeners.last().unwrap().interface_name == loopback.name
&& listeners.last().unwrap().port == args.local.unwrap()
{
if args.domain_peer.is_some() {
log_err!(
"--local is not allowed if --domain-peer is selected, and they both use the same port. change the port of one of them. cannot start"
);
return Err(());
}
let r = listeners.last_mut().unwrap();
r.accept_direct = true;
r.ipv6 = !args.no_ipv6;
@ -639,6 +645,7 @@ async fn main_inner() -> Result<(), ()> {
refuse_clients: args.public_without_clients,
serve_app: false,
accept_direct: false,
bind_public_ipv6_to_private_interface: false,
accept_forward_for: AcceptForwardForV0::PublicStatic((
BindAddress {
port: public_part.1 .1,
@ -820,6 +827,12 @@ async fn main_inner() -> Result<(), ()> {
&& listeners.last().unwrap().interface_name == inter.name
&& listeners.last().unwrap().port == arg_value.1
{
if args.domain_peer.is_some() {
log_err!(
"--private is not allowed if --domain-peer is selected, and they both use the same port. change the port of one of them. cannot start"
);
return Err(());
}
let r = listeners.last_mut().unwrap();
r.accept_direct = true;
r.serve_app = true;

@ -678,7 +678,9 @@ pub async fn run_server_v0(
.ipv6
.iter()
.filter_map(|ip| {
if interface.if_type.is_ipv6_valid_for_type(&ip.addr) {
if interface.if_type.is_ipv6_valid_for_type(&ip.addr)
|| listener.should_bind_public_ipv6_to_private_interface(ip.addr)
{
Some(SocketAddr::new(IpAddr::V6(ip.addr), listener.port))
} else {
None
@ -705,9 +707,10 @@ pub async fn run_server_v0(
addrs.iter().map(|addr| addr.into()).collect();
let server_types = listener.get_bootstraps(bind_addresses.clone());
let common_peer_id = listener.accept_forward_for.domain_with_common_peer_id();
for server_type in server_types {
servers.push(BrokerServerV0 {
peer_id,
peer_id: common_peer_id.unwrap_or(peer_id),
server_type,
})
}
@ -784,6 +787,7 @@ pub async fn run_server_v0(
// TODO : select on the shutdown stream too
while let Some(tcp) = incoming.next().await {
// TODO select peer_priv_ket according to config. if --domain-peer present and the connection is for that listener (PublicDomainPeer) then use the peer configured there
accept(
tcp.unwrap(),
Sensitive::<[u8; 32]>::from_slice(peer_priv_key.deref()),

@ -63,7 +63,7 @@ impl InterfaceType {
InterfaceType::Loopback => ip.is_loopback(),
InterfaceType::Public => is_public_ipv6(ip),
// we do NOT allow to bind to link-local for IPv6
InterfaceType::Private => is_ipv6_private(ip) || is_public_ipv6(ip),
InterfaceType::Private => is_ipv6_private(ip),
_ => false,
}
}
@ -189,6 +189,23 @@ impl AcceptForwardForV0 {
}
}
pub fn get_public_bind_ipv6_address(&self) -> Option<IP> {
match self {
AcceptForwardForV0::PublicStatic((ipv4, ipv6, _)) => {
let mut res = vec![ipv4.clone()];
if ipv6.is_some() {
return Some(ipv6.unwrap().ip.clone());
} else {
return None;
}
}
AcceptForwardForV0::PublicDyn(_) => {
todo!();
}
_ => None,
}
}
pub fn is_public_domain(&self) -> bool {
match self {
AcceptForwardForV0::PublicDomainPeer(_) => true,
@ -256,6 +273,9 @@ pub struct ListenerV0 {
/// should the server serve the app files in HTTP mode (not WS). this setting will be discarded and app will not be served anyway if remote IP is public or listener is public
pub serve_app: bool,
/// when the box is behind a DMZ, and ipv6 is enabled, the private interface will get the external public IpV6. with this option we allow binding to it
pub bind_public_ipv6_to_private_interface: bool,
/// default to false. Set to true by --core (use --core-and-clients to override to false). only useful for a public IP listener, if the clients should use another listener like --domain or --domain-private.
/// do not set it on a --domain or --domain-private, as this will enable the relay_websocket feature, which should not be used except by app.nextgraph.one
pub refuse_clients: bool,
@ -278,6 +298,21 @@ pub struct ListenerV0 {
#[cfg(not(target_arch = "wasm32"))]
impl ListenerV0 {
pub fn should_bind_public_ipv6_to_private_interface(&self, ip: Ipv6Addr) -> bool {
let public_ip = self.accept_forward_for.get_public_bind_ipv6_address();
if public_ip.is_none() {
return false;
}
let public_ipv6addr: IpAddr = public_ip.as_ref().unwrap().into();
return if let IpAddr::V6(v6) = public_ipv6addr {
self.bind_public_ipv6_to_private_interface
&& self.if_type == InterfaceType::Private
&& ip == v6
} else {
false
};
}
pub fn new_direct(interface: Interface, ipv6: bool, port: u16) -> Self {
Self {
interface_name: interface.name,
@ -289,6 +324,7 @@ impl ListenerV0 {
accept_direct: true,
refuse_clients: false,
serve_app: true,
bind_public_ipv6_to_private_interface: false,
accept_forward_for: AcceptForwardForV0::No,
}
}

Loading…
Cancel
Save