🌱 Adapt to update

mudler · Feb 12, 2023 · 40c0ea0 · 40c0ea0
1 parent 809687b
commit 40c0ea0
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 36 deletions.
diff --git a/cmd/util.go b/cmd/util.go
@@ -26,12 +26,13 @@ import (
 	"time"
 
 	"github.com/ipfs/go-log"
-	"github.com/libp2p/go-libp2p/core/peer"
 	"github.com/libp2p/go-libp2p/core/crypto"
+	"github.com/libp2p/go-libp2p/core/peer"
 	rcmgr "github.com/libp2p/go-libp2p/p2p/host/resource-manager"
 	"github.com/mudler/edgevpn/internal"
 	"github.com/mudler/edgevpn/pkg/config"
 	nodeConfig "github.com/mudler/edgevpn/pkg/config"
+	"github.com/multiformats/go-multiaddr"
 
 	"github.com/mudler/edgevpn/pkg/logger"
 	node "github.com/mudler/edgevpn/pkg/node"
@@ -239,7 +240,7 @@ var CommonFlags []cli.Flag = []cli.Flag{
 	},
 	&cli.StringFlag{
 		Name:   "limit-file",
-		Usage:  "Specify an limit config (json)",
+		Usage:  "Specify a resource limit config (json)",
 		EnvVar: "LIMITFILE",
 	},
 	&cli.StringFlag{
@@ -249,12 +250,7 @@ var CommonFlags []cli.Flag = []cli.Flag{
 		Value:  "system",
 	},
 	&cli.BoolFlag{
-		Name:   "limit-config",
-		Usage:  "Enable inline resource limit configuration",
-		EnvVar: "LIMITCONFIG",
-	},
-	&cli.BoolFlag{
-		Name:   "limit-enable",
+		Name:   "resource-limit",
 		Usage:  "Enable resource manager. (Experimental) All options prefixed with limit requires resource manager to be enabled",
 		EnvVar: "LIMITENABLE",
 	},
@@ -321,6 +317,11 @@ var CommonFlags []cli.Flag = []cli.Flag{
 		Usage:  "List of static peers to use (in `ip:peerid` format)",
 		EnvVar: "EDGEVPNSTATICPEERTABLE",
 	},
+	&cli.StringSliceFlag{
+		Name:   "whitelist",
+		Usage:  "List of peers in the whitelist",
+		EnvVar: "EDGEVPNWHITELIST",
+	},
 	&cli.BoolFlag{
 		Name:   "peergate",
 		Usage:  "Enable peergating. (Experimental)",
@@ -367,31 +368,27 @@ func displayStart(ll *logger.Logger) {
 	ll.Infof("Version: %s commit: %s", internal.Version, internal.Commit)
 }
 
+func stringsToMultiAddr(peers []string) []multiaddr.Multiaddr {
+	res := []multiaddr.Multiaddr{}
+	for _, p := range peers {
+		addr, err := multiaddr.NewMultiaddr(p)
+		if err != nil {
+			continue
+		}
+		res = append(res, addr)
+	}
+	return res
+}
+
 func cliToOpts(c *cli.Context) ([]node.Option, []vpn.Option, *logger.Logger) {
 
-	var limitConfig *rcmgr.LimitConfig
+	var limitConfig *rcmgr.PartialLimitConfig
 
 	autorelayInterval, err := time.ParseDuration(c.String("autorelay-discovery-interval"))
 	if err != nil {
 		autorelayInterval = 0
 	}
 
-	if c.Bool("limit-config") {
-		limitConfig = &rcmgr.LimitConfig{
-
-			System: rcmgr.BaseLimit{
-				Streams:         c.Int("limit-config-streams"),
-				StreamsInbound:  c.Int("limit-config-streams-inbound"),
-				StreamsOutbound: c.Int("limit-config-streams-outbound"),
-				Conns:           c.Int("limit-config-conn"),
-				ConnsInbound:    c.Int("limit-config-conn-inbound"),
-				ConnsOutbound:   c.Int("limit-config-conn-outbound"),
-				FD:              c.Int("limit-config-fd"),
-				Memory:          c.Int64("limit-config-memory"),
-			},
-		}
-	}
-
 	// Authproviders are supposed to be passed as a json object
 	pa := c.String("peergate-auth")
 	d := map[string]map[string]interface{}{}
@@ -413,6 +410,7 @@ func cliToOpts(c *cli.Context) ([]node.Option, []vpn.Option, *logger.Logger) {
 		InterfaceMTU:      c.Int("mtu"),
 		PacketMTU:         c.Int("packet-mtu"),
 		BootstrapIface:    c.Bool("bootstrap-iface"),
+		Whitelist:         stringsToMultiAddr(c.StringSlice("whitelist")),
 		Ledger: config.Ledger{
 			StateDir:         c.String("ledger-state"),
 			AnnounceInterval: time.Duration(c.Int("ledger-announce-interval")) * time.Second,

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -40,6 +40,7 @@ import (
 	"github.com/mudler/edgevpn/pkg/trustzone/authprovider/ecdsa"
 	"github.com/mudler/edgevpn/pkg/vpn"
 	"github.com/mudler/water"
+	"github.com/multiformats/go-multiaddr"
 	"github.com/peterbourgon/diskv"
 )
 
@@ -65,6 +66,8 @@ type Config struct {
 	// PeerGuard (experimental)
 	// enable peerguardian and add specific auth options
 	PeerGuard PeerGuard
+
+	Whitelist []multiaddr.Multiaddr
 }
 
 type PeerGuard struct {
@@ -81,7 +84,7 @@ type PeerGuard struct {
 
 type ResourceLimit struct {
 	FileLimit   string
-	LimitConfig *rcmgr.LimitConfig
+	LimitConfig *rcmgr.PartialLimitConfig
 	Scope       string
 	MaxConns    int
 	StaticMin   int64
@@ -147,6 +150,7 @@ func peers2List(peers []string) discovery.AddrList {
 	}
 	return addrsList
 }
+
 func peers2AddrInfo(peers []string) []peer.AddrInfo {
 	addrsList := []peer.AddrInfo{}
 	for _, p := range peers {
@@ -255,7 +259,7 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) {
 		}
 		// If no relays are specified and no discovery interval, then just use default static relays (to be deprecated)
 
-		relayOpts = append(relayOpts, autorelay.WithPeerSource(d.FindClosePeers(llger, c.Connection.OnlyStaticRelays, staticRelays...), c.Connection.AutoRelayDiscoveryInterval))
+		relayOpts = append(relayOpts, autorelay.WithPeerSource(d.FindClosePeers(llger, c.Connection.OnlyStaticRelays, staticRelays...)))
 
 		libp2pOpts = append(libp2pOpts,
 			libp2p.EnableAutoRelay(relayOpts...))
@@ -291,7 +295,7 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) {
 	}
 
 	if !c.Limit.Enable || runtime.GOOS == "darwin" {
-		libp2pOpts = append(libp2pOpts, libp2p.ResourceManager(network.NullResourceManager))
+		libp2pOpts = append(libp2pOpts, libp2p.ResourceManager(&network.NullResourceManager{}))
 	} else {
 		var limiter rcmgr.Limiter
 
@@ -322,7 +326,6 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) {
 			defaultLimits := rcmgr.DefaultLimits.Scale(min+max/2, logScale(2*maxconns))
 
 			limiter = rcmgr.NewFixedLimiter(defaultLimits)
-
 		} else {
 			defaults := rcmgr.DefaultLimits
 			def := &defaults
@@ -331,17 +334,11 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) {
 			limiter = rcmgr.NewFixedLimiter(def.AutoScale())
 		}
 
-		rc, err := rcmgr.NewResourceManager(limiter)
+		rc, err := rcmgr.NewResourceManager(limiter, rcmgr.WithAllowlistedMultiaddrs(c.Whitelist))
 		if err != nil {
 			llger.Fatal("could not create resource manager")
 		}
 
-		if c.Limit.LimitConfig != nil {
-			if err := node.NetSetLimit(rc, c.Limit.Scope, &c.Limit.LimitConfig.System); err != nil {
-				return opts, vpnOpts, err
-			}
-		}
-
 		libp2pOpts = append(libp2pOpts, libp2p.ResourceManager(rc))
 	}