From d2ad611c3da55955b3965abe0e1377b8d10a523f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire=20Henry?= Date: Mon, 28 Aug 2017 20:02:40 +0200 Subject: [PATCH] Node/Sandbox: allow 'private' address Allows any kind of 'private' listening address (as defined by IANA) rather than only allowing `[::1]`. Also document the error. --- src/node/main/node_run_command.ml | 23 +++++++++++++++++--- src/node/net/p2p_connection_pool_types.ml | 5 ++--- src/node/net/p2p_types.ml | 26 +++++++++++++++++------ src/node/net/p2p_types.mli | 1 + 4 files changed, 43 insertions(+), 12 deletions(-) diff --git a/src/node/main/node_run_command.ml b/src/node/main/node_run_command.ml index e18300986..4600c1678 100644 --- a/src/node/main/node_run_command.ml +++ b/src/node/main/node_run_command.ml @@ -20,7 +20,24 @@ let genesis : State.Net.genesis = { "ProtoGenesisGenesisGenesisGenesisGenesisGenesk612im" ; } -type error += Nonlocalhost_sandbox of P2p_types.addr +type error += Non_private_sandbox of P2p_types.addr + +let () = + register_error_kind + `Permanent + ~id:"main.run.non_private_sandbox" + ~title:"Fordidden public sandbox" + ~description:"A sandboxed node should not listen on public address." + ~pp:begin fun ppf addr -> + Format.fprintf ppf + "The node is configured to listen a public addres (%a), \ + while only 'private' network are authorised with `--sandbox`. + See `%s run --help` on how to change the listening address." + Ipaddr.V6.pp_hum addr Sys.argv.(0) + end + Data_encoding.(obj1 (req "addr" P2p_types.addr_encoding)) + (function Non_private_sandbox addr -> Some addr | _ -> None) + (fun addr -> Non_private_sandbox addr) let (//) = Filename.concat @@ -93,8 +110,8 @@ let init_node ?sandbox (config : Node_config_file.t) = | Some addr, Some _ when Ipaddr.V6.(compare addr unspecified) = 0 -> return None - | Some addr, Some _ when Ipaddr.V6.(compare addr localhost) != 0 -> - fail (Nonlocalhost_sandbox addr) + | Some addr, Some _ when not (Ipaddr.V6.is_private addr) -> + fail (Non_private_sandbox addr) | None, Some _ -> return None | _ -> (Node_config_file.resolve_bootstrap_addrs diff --git a/src/node/net/p2p_connection_pool_types.ml b/src/node/net/p2p_connection_pool_types.ml index b42b27566..8374e3c39 100644 --- a/src/node/net/p2p_connection_pool_types.ml +++ b/src/node/net/p2p_connection_pool_types.ml @@ -320,14 +320,13 @@ module Peer_info = struct let open Data_encoding in conv (fun { kind ; timestamp ; point = (addr, port) } -> - (kind, timestamp, Ipaddr.V6.to_string addr, port)) + (kind, timestamp, addr, port)) (fun (kind, timestamp, addr, port) -> - let addr = Ipaddr.V6.of_string_exn addr in { kind ; timestamp ; point = (addr, port) }) (obj4 (req "kind" kind_encoding) (req "timestamp" Time.encoding) - (req "addr" string) + (req "addr" P2p_types.addr_encoding) (opt "port" int16)) end diff --git a/src/node/net/p2p_types.ml b/src/node/net/p2p_types.ml index 5bb1528be..6b938db4f 100644 --- a/src/node/net/p2p_types.ml +++ b/src/node/net/p2p_types.ml @@ -108,6 +108,23 @@ module Peer_id = Crypto_box.Public_key_hash (* public types *) type addr = Ipaddr.V6.t + +let addr_encoding = + let open Data_encoding in + splitted + ~json:begin + conv + Ipaddr.V6.to_string + Ipaddr.V6.of_string_exn + string + end + ~binary:begin + conv + Ipaddr.V6.to_bytes + Ipaddr.V6.of_bytes_exn + string + end + type port = int module Point = struct @@ -202,12 +219,9 @@ module Id_point = struct let encoding = let open Data_encoding in - conv - (fun (addr, port) -> Ipaddr.V6.to_string addr, port) - (fun (addr, port) -> Ipaddr.V6.of_string_exn addr, port) - (obj2 - (req "addr" string) - (opt "port" uint16)) + (obj2 + (req "addr" addr_encoding) + (opt "port" uint16)) end diff --git a/src/node/net/p2p_types.mli b/src/node/net/p2p_types.mli index e148b67b9..2a7a88ce3 100644 --- a/src/node/net/p2p_types.mli +++ b/src/node/net/p2p_types.mli @@ -45,6 +45,7 @@ end type addr = Ipaddr.V6.t type port = int +val addr_encoding : addr Data_encoding.t (** Point, i.e. socket address *)