Fix docker-compose isolated network

5 years ago · 70937ab503
parent d4279bd9fb
commit 70937ab503
15 changed files with 183 additions and 72 deletions
--- a/docker/compose/bootstrap.Dockerfile
+++ b/docker/compose/bootstrap.Dockerfile
@ -1,5 +1,7 @@
 FROM compose-base:latest

+ENV LOKINET_NETID=docker
+
 COPY ./docker/compose/bootstrap.ini /root/.lokinet/lokinet.ini

 CMD ["/lokinet"]
--- a/docker/compose/bootstrap.ini
+++ b/docker/compose/bootstrap.ini
@ -1,7 +1,3 @@
-# this configuration was auto generated with 'sane' defaults
-# change these values as desired
-
-
 [router]
 # number of crypto worker threads
 threads=4
@ -13,18 +9,13 @@ transport-privkey=/root/.lokinet/transport.private
 ident-privkey=/root/.lokinet/identity.private
 # encryption key for onion routing
 encryption-privkey=/root/.lokinet/encryption.private
+block-bogons=false

 # uncomment following line to set router nickname to 'lokinet'
-#nickname=lokinet
-
+nickname=bootstrap

 [logging]
 level=info
-# uncomment for logging to file
-#type=file
-#file=/path/to/logfile
-# uncomment for syslog logging
-#type=syslog

 [metrics]
 json-metrics-path=/root/.lokinet/metrics.json
@ -32,9 +23,6 @@ json-metrics-path=/root/.lokinet/metrics.json
 # admin api (disabled by default)
 [api]
 enabled=true
-#authkey=insertpubkey1here
-#authkey=insertpubkey2here
-#authkey=insertpubkey3here
 bind=127.0.0.1:1190

 # system settings for privileges and such
@ -58,17 +46,12 @@ dir=/netdb
 [lokid]
 enabled=false
 jsonrpc=127.0.0.1:22023
-#service-node-seed=/path/to/servicenode/seed

 # network settings
 [network]
 profiles=/root/.lokinet/profiles.dat
 enabled=true
 exit=false
-#exit-blacklist=tcp:25
-#exit-whitelist=tcp:*
-#exit-whitelist=udp:*
-ifaddr=10.200.0.1/8
 ifname=loki-docker0

 # ROUTERS ONLY: publish network interfaces for handling inbound traffic
--- a/docker/compose/client.Dockerfile
+++ b/docker/compose/client.Dockerfile
@ -0,0 +1,6 @@
+FROM compose-base:latest
+
+COPY ./docker/compose/client.ini /root/.lokinet/lokinet.ini
+
+CMD ["/lokinet"]
+EXPOSE 1090/udp 1190/tcp
--- a/docker/compose/client.ini
+++ b/docker/compose/client.ini
@ -0,0 +1,52 @@
+[router]
+# number of crypto worker threads
+threads=4
+# path to store signed RC
+contact-file=/root/.lokinet/self.signed
+# path to store transport private key
+transport-privkey=/root/.lokinet/transport.private
+# path to store identity signing key
+ident-privkey=/root/.lokinet/identity.private
+# encryption key for onion routing
+encryption-privkey=/root/.lokinet/encryption.private
+block-bogons=false
+
+[logging]
+level=info
+
+[metrics]
+json-metrics-path=/root/.lokinet/metrics.json
+
+# admin api (disabled by default)
+[api]
+enabled=true
+bind=127.0.0.1:1190
+
+# system settings for privileges and such
+[system]
+user=lokinet
+group=lokinet
+pidfile=/root/.lokinet/lokinet.pid
+
+# dns provider configuration section
+[dns]
+# resolver
+upstream=1.1.1.1
+bind=127.0.0.1:53
+
+# network database settings block
+[netdb]
+# directory for network database skiplist storage
+dir=/netdb
+
+# lokid settings (disabled by default)
+[lokid]
+enabled=false
+jsonrpc=127.0.0.1:22023
+
+# network settings
+[network]
+profiles=/root/.lokinet/profiles.dat
+enabled=true
+exit=false
+ifname=loki-docker0
--- a/docker/compose/docker-compose.yml
+++ b/docker/compose/docker-compose.yml
@ -12,10 +12,8 @@ services:
    ports:
      - target: 1090
        protocol: udp
-        mode: host
      - target: 1190
        protocol: tcp
-        mode: host
    volumes:
      - bootstrap-dir:/root/.lokinet/
    environment:
@ -48,6 +46,34 @@ services:
    networks:
      testing_net:

+  client:
+    depends_on:
+      - bootstrap-router
+    build:
+      context: .
+      dockerfile: docker/compose/router.Dockerfile
+    image: router
+    devices:
+      - "/dev/net/tun:/dev/net/tun"
+    ports:
+      - target: 1090
+        protocol: udp
+        mode: host
+      - target: 1190
+        protocol: tcp
+        mode: host
+      - target: 53
+        protocol: tcp
+        mode: host
+    cap_add:
+      - NET_ADMIN
+    volumes:
+      - bootstrap-dir:/bootstrap/
+    environment:
+      - LOKINET_NETID=docker
+    networks:
+      testing_net:
+
 volumes:
  bootstrap-dir:

--- a/docker/compose/router.ini
+++ b/docker/compose/router.ini
@ -1,7 +1,3 @@
-# this configuration was auto generated with 'sane' defaults
-# change these values as desired
-
-
 [router]
 # number of crypto worker threads
 threads=4
@ -13,6 +9,7 @@ transport-privkey=/root/.lokinet/transport.private
 ident-privkey=/root/.lokinet/identity.private
 # encryption key for onion routing
 encryption-privkey=/root/.lokinet/encryption.private
+block-bogons=false

 # uncomment following line to set router nickname to 'lokinet'
 #nickname=lokinet
@ -32,9 +29,6 @@ json-metrics-path=/root/.lokinet/metrics.json
 # admin api (disabled by default)
 [api]
 enabled=true
-#authkey=insertpubkey1here
-#authkey=insertpubkey2here
-#authkey=insertpubkey3here
 bind=127.0.0.1:1190

 # system settings for privileges and such
@ -64,16 +58,12 @@ add-node=/bootstrap/self.signed
 [lokid]
 enabled=false
 jsonrpc=127.0.0.1:22023
-#service-node-seed=/path/to/servicenode/seed

 # network settings
 [network]
 profiles=/root/.lokinet/profiles.dat
 enabled=true
 exit=false
-#exit-blacklist=tcp:25
-#exit-whitelist=tcp:*
-#exit-whitelist=udp:*
 ifaddr=10.200.0.1/8
 ifname=loki-docker0

--- a/llarp/config/config.cpp
+++ b/llarp/config/config.cpp
@ -4,9 +4,10 @@
 #include <constants/defaults.hpp>
 #include <constants/limits.hpp>
 #include <net/net.hpp>
+#include <router_contact.hpp>
 #include <util/fs.hpp>
-#include <util/logger.hpp>
 #include <util/logger_syslog.hpp>
+#include <util/logger.hpp>
 #include <util/mem.hpp>
 #include <util/memfn.hpp>
 #include <util/str.hpp>
@ -31,6 +32,20 @@ namespace llarp
    return std::atoi(str.c_str());
  }

+  absl::optional< bool >
+  setOptBool(string_view val)
+  {
+    if(IsTrueValue(val))
+    {
+      return true;
+    }
+    else if(IsFalseValue(val))
+    {
+      return false;
+    }
+    return {};
+  }
+
  void
  RouterConfig::fromSection(string_view key, string_view val)
  {
@ -139,6 +154,10 @@ namespace llarp
        LogDebug("set to use ", m_numNetThreads, " net threads");
      }
    }
+    if(key == "block-bogons")
+    {
+      m_blockBogons = setOptBool(val);
+    }
  }

  void
@ -146,14 +165,7 @@ namespace llarp
  {
    if(key == "profiling")
    {
-      if(IsTrueValue(val))
-      {
-        m_enableProfiling.emplace(true);
-      }
-      else if(IsFalseValue(val))
-      {
-        m_enableProfiling.emplace(false);
-      }
+      m_enableProfiling = setOptBool(val);
    }
    else if(key == "profiles")
    {
@ -398,7 +410,9 @@ namespace llarp
    };

    if(c.VisitSection(name.c_str(), visitor))
+    {
      return ret;
+    }

    return {};
  }
@ -465,7 +479,7 @@ llarp_ensure_config(const char *fname, const char *basedir, bool overwrite,
    return false;
  }

-  std::string basepath = "";
+  std::string basepath;
  if(basedir)
  {
    basepath = basedir;
@ -641,10 +655,14 @@ llarp_ensure_router_config(std::ofstream &f, std::string basepath)
  // get ifname
  std::string ifname;
  if(llarp::GetBestNetIF(ifname, AF_INET))
+  {
    f << ifname << "=1090\n";
+  }
  else
+  {
    f << "# could not autodetect network interface\n"
      << "#eth0=1090\n";
+  }

  f << std::endl;
 }
@ -658,7 +676,9 @@ llarp_ensure_client_config(std::ofstream &f, std::string basepath)
    auto stream = llarp::util::OpenFileStream< std::ofstream >(
        snappExample_fpath, std::ios::binary);
    if(!stream)
+    {
      return false;
+    }
    auto &example_f = stream.value();
    if(example_f.is_open())
    {
--- a/llarp/config/config.hpp
+++ b/llarp/config/config.hpp
@ -111,6 +111,8 @@ namespace llarp
    // long term identity key
    std::string m_identKeyfile = "identity.key";

+    absl::optional< bool > m_blockBogons;
+
    bool m_publicOverride = false;
    struct sockaddr_in m_ip4addr;
    AddressInfo m_addrInfo;
@ -120,19 +122,20 @@ namespace llarp

   public:
    // clang-format off
-    size_t minConnectedRouters() const        { return fromEnv(m_minConnectedRouters, "MIN_CONNECTED_ROUTERS"); }
-    size_t maxConnectedRouters() const        { return fromEnv(m_maxConnectedRouters, "MAX_CONNECTED_ROUTERS"); }
-    std::string encryptionKeyfile() const        { return fromEnv(m_encryptionKeyfile, "ENCRYPTION_KEYFILE"); }
-    std::string ourRcFile() const                { return fromEnv(m_ourRcFile, "OUR_RC_FILE"); }
-    std::string transportKeyfile() const         { return fromEnv(m_transportKeyfile, "TRANSPORT_KEYFILE"); }
-    std::string identKeyfile() const             { return fromEnv(m_identKeyfile, "IDENT_KEYFILE"); }
-    std::string netId() const                 { return fromEnv(m_netId, "NETID"); }
-    std::string nickname() const              { return fromEnv(m_nickname, "NICKNAME"); }
-    bool publicOverride() const               { return fromEnv(m_publicOverride, "PUBLIC_OVERRIDE"); }
-    const struct sockaddr_in& ip4addr() const { return m_ip4addr; }
-    const AddressInfo& addrInfo() const       { return m_addrInfo; }
-    int workerThreads() const                 { return fromEnv(m_workerThreads, "WORKER_THREADS"); }
-    int numNetThreads() const                 { return fromEnv(m_numNetThreads, "NUM_NET_THREADS"); }
+    size_t minConnectedRouters() const         { return fromEnv(m_minConnectedRouters, "MIN_CONNECTED_ROUTERS"); }
+    size_t maxConnectedRouters() const         { return fromEnv(m_maxConnectedRouters, "MAX_CONNECTED_ROUTERS"); }
+    std::string encryptionKeyfile() const      { return fromEnv(m_encryptionKeyfile, "ENCRYPTION_KEYFILE"); }
+    std::string ourRcFile() const              { return fromEnv(m_ourRcFile, "OUR_RC_FILE"); }
+    std::string transportKeyfile() const       { return fromEnv(m_transportKeyfile, "TRANSPORT_KEYFILE"); }
+    std::string identKeyfile() const           { return fromEnv(m_identKeyfile, "IDENT_KEYFILE"); }
+    std::string netId() const                  { return fromEnv(m_netId, "NETID"); }
+    std::string nickname() const               { return fromEnv(m_nickname, "NICKNAME"); }
+    bool publicOverride() const                { return fromEnv(m_publicOverride, "PUBLIC_OVERRIDE"); }
+    const struct sockaddr_in& ip4addr() const  { return m_ip4addr; }
+    const AddressInfo& addrInfo() const        { return m_addrInfo; }
+    int workerThreads() const                  { return fromEnv(m_workerThreads, "WORKER_THREADS"); }
+    int numNetThreads() const                  { return fromEnv(m_numNetThreads, "NUM_NET_THREADS"); }
+    absl::optional< bool > blockBogons() const { return fromEnv(m_blockBogons, "BLOCK_BOGONS"); }
    // clang-format on

    void
--- a/llarp/metrics/metrictank_publisher.cpp
+++ b/llarp/metrics/metrictank_publisher.cpp
@ -205,7 +205,8 @@ namespace llarp
      publishData(const std::vector< std::string > &toSend,
                  const std::string &host, short port)
      {
-        struct addrinfo hints, *addrs;
+        struct addrinfo hints;
+        struct addrinfo *addrs;
        bzero(&hints, sizeof(hints));
        hints.ai_family   = AF_UNSPEC;
        hints.ai_socktype = SOCK_STREAM;
--- a/llarp/router/router.cpp
+++ b/llarp/router/router.cpp
@ -384,6 +384,11 @@ namespace llarp
    publicOverride     = conf->router.publicOverride();
    ip4addr            = conf->router.ip4addr();

+    if(!conf->router.blockBogons().value_or(true))
+    {
+      RouterContact::BlockBogons = false;
+    }
+
    // Lokid Config
    usingSNSeed      = conf->lokid.usingSNSeed;
    ident_keyfile    = conf->lokid.ident_keyfile;
@ -851,7 +856,7 @@ namespace llarp
          ai.ip   = *publicAddr.addr6();
          ai.port = publicAddr.port();
        }
-        if(IsBogon(ai.ip))
+        if(RouterContact::BlockBogons && IsBogon(ai.ip))
          return;
        _rc.addrs.push_back(ai);
        if(ExitEnabled())
--- a/llarp/router_contact.cpp
+++ b/llarp/router_contact.cpp
@ -23,7 +23,7 @@ namespace llarp
    return defaultID;
  }

-  bool RouterContact::IgnoreBogons = false;
+  bool RouterContact::BlockBogons = true;

 #ifdef TESTNET
  // 1 minute for testnet
@ -37,7 +37,7 @@ namespace llarp
  /// an RC inserted long enough ago (30 min) is considered stale and is removed
  llarp_time_t RouterContact::StaleInsertionAge = 30 * 60 * 1000;

-  NetID::NetID(const byte_t *val) : AlignedBuffer< 8 >()
+  NetID::NetID(const byte_t *val)
  {
    size_t len = strnlen(reinterpret_cast< const char * >(val), size());
    std::copy(val, val + len, begin());
@ -67,6 +67,7 @@ namespace llarp
    llarp_buffer_t strbuf;
    if(!bencode_read_string(buf, &strbuf))
      return false;
+
    if(strbuf.sz > size())
      return false;

@ -106,13 +107,17 @@ namespace llarp
      return false;

    std::string nick = Nick();
-    if(nick.size())
+    if(!nick.empty())
    {
      /* write nickname */
      if(!bencode_write_bytestring(buf, "n", 1))
+      {
        return false;
+      }
      if(!bencode_write_bytestring(buf, nick.c_str(), nick.size()))
+      {
        return false;
+      }
    }

    /* write encryption pubkey */
@ -167,7 +172,9 @@ namespace llarp
                           {"addresses", addrs}};

    if(HasNick())
+    {
      obj["nickname"] = Nick();
+    }

    return obj;
  }
@ -189,9 +196,13 @@ namespace llarp
    {
      llarp_buffer_t strbuf;
      if(!bencode_read_string(buf, &strbuf))
+      {
        return false;
-      if(strbuf.sz > nickname.size())
+      }
+      if(strbuf.sz > llarp::AlignedBuffer< (32) >::size())
+      {
        return false;
+      }
      nickname.Zero();
      std::copy(strbuf.base, strbuf.base + strbuf.sz, nickname.begin());
      return true;
@ -218,7 +229,7 @@ namespace llarp
  bool
  RouterContact::IsPublicRouter() const
  {
-    return addrs.size() > 0;
+    return !addrs.empty();
  }

  bool
@ -277,7 +288,9 @@ namespace llarp
    signature.Zero();
    last_updated = time_now_ms();
    if(!BEncode(&buf))
+    {
      return false;
+    }
    buf.sz  = buf.cur - buf.base;
    buf.cur = buf.base;
    return CryptoManager::instance()->sign(signature, secretkey, buf);
@ -303,7 +316,7 @@ namespace llarp
    }
    for(const auto &a : addrs)
    {
-      if(IsBogon(a.ip) && !IgnoreBogons)
+      if(IsBogon(a.ip) && BlockBogons)
      {
        llarp::LogError("invalid address info: ", a);
        return false;
@ -349,17 +362,23 @@ namespace llarp
    std::array< byte_t, MAX_RC_SIZE > tmp;
    llarp_buffer_t buf(tmp);
    if(!BEncode(&buf))
+    {
      return false;
+    }
    buf.sz               = buf.cur - buf.base;
    buf.cur              = buf.base;
    const fs::path fpath = std::string(fname); /*  */
    auto optional_f =
        llarp::util::OpenFileStream< std::ofstream >(fpath, std::ios::binary);
    if(!optional_f)
+    {
      return false;
+    }
    auto &f = optional_f.value();
    if(!f.is_open())
+    {
      return false;
+    }
    f.write((char *)buf.base, buf.sz);
    return true;
  }
@ -379,7 +398,9 @@ namespace llarp
    f.seekg(0, std::ios::end);
    auto l = f.tellg();
    if(l > static_cast< std::streamoff >(sizeof tmp))
+    {
      return false;
+    }
    f.seekg(0, std::ios::beg);
    f.read((char *)tmp.data(), l);
    return BDecode(&buf);
--- a/llarp/router_contact.hpp
+++ b/llarp/router_contact.hpp
@ -67,7 +67,7 @@ namespace llarp
  struct RouterContact
  {
    /// for unit tests
-    static bool IgnoreBogons;
+    static bool BlockBogons;

    static llarp_time_t Lifetime;
    static llarp_time_t UpdateInterval;
@ -144,7 +144,7 @@ namespace llarp
    bool
    IsExit() const
    {
-      return exits.size() > 0;
+      return !exits.empty();
    }

    bool
--- a/llarp/router_id.cpp
+++ b/llarp/router_id.cpp
@ -21,7 +21,9 @@ namespace llarp
  {
    auto pos = str.find(".snode");
    if(pos == std::string::npos || pos == 0)
+    {
      return false;
+    }
    return Base32Decode(str.substr(0, pos), *this);
  }
 }  // namespace llarp
--- a/llarp/router_id.hpp
+++ b/llarp/router_id.hpp
@ -12,7 +12,7 @@ namespace llarp

    using Data = std::array< byte_t, SIZE >;

-    RouterID() : AlignedBuffer< SIZE >()
+    RouterID()
    {
    }

--- a/test/link/test_llarp_link.cpp
+++ b/test/link/test_llarp_link.cpp
@ -118,10 +118,10 @@ struct LinkLayerTest : public test::LlarpTest< NoOpCrypto >
  void
  SetUp()
  {
-    oldRCLifetime               = RouterContact::Lifetime;
-    RouterContact::IgnoreBogons = true;
-    RouterContact::Lifetime     = 500;
-    netLoop                     = llarp_make_ev_loop();
+    oldRCLifetime              = RouterContact::Lifetime;
+    RouterContact::BlockBogons = false;
+    RouterContact::Lifetime    = 500;
+    netLoop                    = llarp_make_ev_loop();
    m_logic.reset(new Logic());
  }

@ -132,8 +132,8 @@ struct LinkLayerTest : public test::LlarpTest< NoOpCrypto >
    Bob.TearDown();
    m_logic.reset();
    netLoop.reset();
-    RouterContact::IgnoreBogons = false;
-    RouterContact::Lifetime     = oldRCLifetime;
+    RouterContact::BlockBogons = true;
+    RouterContact::Lifetime    = oldRCLifetime;
  }

  static void