diff --git a/cmd/util.go b/cmd/util.go index 34098814..01351541 100644 --- a/cmd/util.go +++ b/cmd/util.go @@ -26,12 +26,13 @@ import ( "time" "github.com/ipfs/go-log" - "github.com/libp2p/go-libp2p/core/peer" "github.com/libp2p/go-libp2p/core/crypto" + "github.com/libp2p/go-libp2p/core/peer" rcmgr "github.com/libp2p/go-libp2p/p2p/host/resource-manager" "github.com/mudler/edgevpn/internal" "github.com/mudler/edgevpn/pkg/config" nodeConfig "github.com/mudler/edgevpn/pkg/config" + "github.com/multiformats/go-multiaddr" "github.com/mudler/edgevpn/pkg/logger" node "github.com/mudler/edgevpn/pkg/node" @@ -239,7 +240,7 @@ var CommonFlags []cli.Flag = []cli.Flag{ }, &cli.StringFlag{ Name: "limit-file", - Usage: "Specify an limit config (json)", + Usage: "Specify a resource limit config (json)", EnvVar: "LIMITFILE", }, &cli.StringFlag{ @@ -249,12 +250,7 @@ var CommonFlags []cli.Flag = []cli.Flag{ Value: "system", }, &cli.BoolFlag{ - Name: "limit-config", - Usage: "Enable inline resource limit configuration", - EnvVar: "LIMITCONFIG", - }, - &cli.BoolFlag{ - Name: "limit-enable", + Name: "resource-limit", Usage: "Enable resource manager. (Experimental) All options prefixed with limit requires resource manager to be enabled", EnvVar: "LIMITENABLE", }, @@ -321,6 +317,11 @@ var CommonFlags []cli.Flag = []cli.Flag{ Usage: "List of static peers to use (in `ip:peerid` format)", EnvVar: "EDGEVPNSTATICPEERTABLE", }, + &cli.StringSliceFlag{ + Name: "whitelist", + Usage: "List of peers in the whitelist", + EnvVar: "EDGEVPNWHITELIST", + }, &cli.BoolFlag{ Name: "peergate", Usage: "Enable peergating. (Experimental)", @@ -367,31 +368,27 @@ func displayStart(ll *logger.Logger) { ll.Infof("Version: %s commit: %s", internal.Version, internal.Commit) } +func stringsToMultiAddr(peers []string) []multiaddr.Multiaddr { + res := []multiaddr.Multiaddr{} + for _, p := range peers { + addr, err := multiaddr.NewMultiaddr(p) + if err != nil { + continue + } + res = append(res, addr) + } + return res +} + func cliToOpts(c *cli.Context) ([]node.Option, []vpn.Option, *logger.Logger) { - var limitConfig *rcmgr.LimitConfig + var limitConfig *rcmgr.PartialLimitConfig autorelayInterval, err := time.ParseDuration(c.String("autorelay-discovery-interval")) if err != nil { autorelayInterval = 0 } - if c.Bool("limit-config") { - limitConfig = &rcmgr.LimitConfig{ - - System: rcmgr.BaseLimit{ - Streams: c.Int("limit-config-streams"), - StreamsInbound: c.Int("limit-config-streams-inbound"), - StreamsOutbound: c.Int("limit-config-streams-outbound"), - Conns: c.Int("limit-config-conn"), - ConnsInbound: c.Int("limit-config-conn-inbound"), - ConnsOutbound: c.Int("limit-config-conn-outbound"), - FD: c.Int("limit-config-fd"), - Memory: c.Int64("limit-config-memory"), - }, - } - } - // Authproviders are supposed to be passed as a json object pa := c.String("peergate-auth") d := map[string]map[string]interface{}{} @@ -413,6 +410,7 @@ func cliToOpts(c *cli.Context) ([]node.Option, []vpn.Option, *logger.Logger) { InterfaceMTU: c.Int("mtu"), PacketMTU: c.Int("packet-mtu"), BootstrapIface: c.Bool("bootstrap-iface"), + Whitelist: stringsToMultiAddr(c.StringSlice("whitelist")), Ledger: config.Ledger{ StateDir: c.String("ledger-state"), AnnounceInterval: time.Duration(c.Int("ledger-announce-interval")) * time.Second, diff --git a/pkg/config/config.go b/pkg/config/config.go index 92f0dfc5..b03b4e8b 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -40,6 +40,7 @@ import ( "github.com/mudler/edgevpn/pkg/trustzone/authprovider/ecdsa" "github.com/mudler/edgevpn/pkg/vpn" "github.com/mudler/water" + "github.com/multiformats/go-multiaddr" "github.com/peterbourgon/diskv" ) @@ -65,6 +66,8 @@ type Config struct { // PeerGuard (experimental) // enable peerguardian and add specific auth options PeerGuard PeerGuard + + Whitelist []multiaddr.Multiaddr } type PeerGuard struct { @@ -81,7 +84,7 @@ type PeerGuard struct { type ResourceLimit struct { FileLimit string - LimitConfig *rcmgr.LimitConfig + LimitConfig *rcmgr.PartialLimitConfig Scope string MaxConns int StaticMin int64 @@ -147,6 +150,7 @@ func peers2List(peers []string) discovery.AddrList { } return addrsList } + func peers2AddrInfo(peers []string) []peer.AddrInfo { addrsList := []peer.AddrInfo{} for _, p := range peers { @@ -255,7 +259,7 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) { } // If no relays are specified and no discovery interval, then just use default static relays (to be deprecated) - relayOpts = append(relayOpts, autorelay.WithPeerSource(d.FindClosePeers(llger, c.Connection.OnlyStaticRelays, staticRelays...), c.Connection.AutoRelayDiscoveryInterval)) + relayOpts = append(relayOpts, autorelay.WithPeerSource(d.FindClosePeers(llger, c.Connection.OnlyStaticRelays, staticRelays...))) libp2pOpts = append(libp2pOpts, libp2p.EnableAutoRelay(relayOpts...)) @@ -291,7 +295,7 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) { } if !c.Limit.Enable || runtime.GOOS == "darwin" { - libp2pOpts = append(libp2pOpts, libp2p.ResourceManager(network.NullResourceManager)) + libp2pOpts = append(libp2pOpts, libp2p.ResourceManager(&network.NullResourceManager{})) } else { var limiter rcmgr.Limiter @@ -322,7 +326,6 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) { defaultLimits := rcmgr.DefaultLimits.Scale(min+max/2, logScale(2*maxconns)) limiter = rcmgr.NewFixedLimiter(defaultLimits) - } else { defaults := rcmgr.DefaultLimits def := &defaults @@ -331,17 +334,11 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) { limiter = rcmgr.NewFixedLimiter(def.AutoScale()) } - rc, err := rcmgr.NewResourceManager(limiter) + rc, err := rcmgr.NewResourceManager(limiter, rcmgr.WithAllowlistedMultiaddrs(c.Whitelist)) if err != nil { llger.Fatal("could not create resource manager") } - if c.Limit.LimitConfig != nil { - if err := node.NetSetLimit(rc, c.Limit.Scope, &c.Limit.LimitConfig.System); err != nil { - return opts, vpnOpts, err - } - } - libp2pOpts = append(libp2pOpts, libp2p.ResourceManager(rc)) }