mirror of
https://github.com/oxen-io/lokinet
synced 2023-12-14 06:53:00 +01:00
Merge pull request #785 from michael-loki/docker_compose_swarm
Fix docker-compose isolated network
This commit is contained in:
commit
908ac2722f
|
@ -1,5 +1,7 @@
|
|||
FROM compose-base:latest
|
||||
|
||||
ENV LOKINET_NETID=docker
|
||||
|
||||
COPY ./docker/compose/bootstrap.ini /root/.lokinet/lokinet.ini
|
||||
|
||||
CMD ["/lokinet"]
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
# this configuration was auto generated with 'sane' defaults
|
||||
# change these values as desired
|
||||
|
||||
|
||||
[router]
|
||||
# number of crypto worker threads
|
||||
threads=4
|
||||
|
@ -13,18 +9,13 @@ transport-privkey=/root/.lokinet/transport.private
|
|||
ident-privkey=/root/.lokinet/identity.private
|
||||
# encryption key for onion routing
|
||||
encryption-privkey=/root/.lokinet/encryption.private
|
||||
block-bogons=false
|
||||
|
||||
# uncomment following line to set router nickname to 'lokinet'
|
||||
#nickname=lokinet
|
||||
|
||||
nickname=bootstrap
|
||||
|
||||
[logging]
|
||||
level=info
|
||||
# uncomment for logging to file
|
||||
#type=file
|
||||
#file=/path/to/logfile
|
||||
# uncomment for syslog logging
|
||||
#type=syslog
|
||||
|
||||
[metrics]
|
||||
json-metrics-path=/root/.lokinet/metrics.json
|
||||
|
@ -32,9 +23,6 @@ json-metrics-path=/root/.lokinet/metrics.json
|
|||
# admin api (disabled by default)
|
||||
[api]
|
||||
enabled=true
|
||||
#authkey=insertpubkey1here
|
||||
#authkey=insertpubkey2here
|
||||
#authkey=insertpubkey3here
|
||||
bind=127.0.0.1:1190
|
||||
|
||||
# system settings for privileges and such
|
||||
|
@ -58,17 +46,12 @@ dir=/netdb
|
|||
[lokid]
|
||||
enabled=false
|
||||
jsonrpc=127.0.0.1:22023
|
||||
#service-node-seed=/path/to/servicenode/seed
|
||||
|
||||
# network settings
|
||||
[network]
|
||||
profiles=/root/.lokinet/profiles.dat
|
||||
enabled=true
|
||||
exit=false
|
||||
#exit-blacklist=tcp:25
|
||||
#exit-whitelist=tcp:*
|
||||
#exit-whitelist=udp:*
|
||||
ifaddr=10.200.0.1/8
|
||||
ifname=loki-docker0
|
||||
|
||||
# ROUTERS ONLY: publish network interfaces for handling inbound traffic
|
||||
|
|
6
docker/compose/client.Dockerfile
Normal file
6
docker/compose/client.Dockerfile
Normal file
|
@ -0,0 +1,6 @@
|
|||
FROM compose-base:latest
|
||||
|
||||
COPY ./docker/compose/client.ini /root/.lokinet/lokinet.ini
|
||||
|
||||
CMD ["/lokinet"]
|
||||
EXPOSE 1090/udp 1190/tcp
|
52
docker/compose/client.ini
Normal file
52
docker/compose/client.ini
Normal file
|
@ -0,0 +1,52 @@
|
|||
[router]
|
||||
# number of crypto worker threads
|
||||
threads=4
|
||||
# path to store signed RC
|
||||
contact-file=/root/.lokinet/self.signed
|
||||
# path to store transport private key
|
||||
transport-privkey=/root/.lokinet/transport.private
|
||||
# path to store identity signing key
|
||||
ident-privkey=/root/.lokinet/identity.private
|
||||
# encryption key for onion routing
|
||||
encryption-privkey=/root/.lokinet/encryption.private
|
||||
block-bogons=false
|
||||
|
||||
[logging]
|
||||
level=info
|
||||
|
||||
[metrics]
|
||||
json-metrics-path=/root/.lokinet/metrics.json
|
||||
|
||||
# admin api (disabled by default)
|
||||
[api]
|
||||
enabled=true
|
||||
bind=127.0.0.1:1190
|
||||
|
||||
# system settings for privileges and such
|
||||
[system]
|
||||
user=lokinet
|
||||
group=lokinet
|
||||
pidfile=/root/.lokinet/lokinet.pid
|
||||
|
||||
# dns provider configuration section
|
||||
[dns]
|
||||
# resolver
|
||||
upstream=1.1.1.1
|
||||
bind=127.0.0.1:53
|
||||
|
||||
# network database settings block
|
||||
[netdb]
|
||||
# directory for network database skiplist storage
|
||||
dir=/netdb
|
||||
|
||||
# lokid settings (disabled by default)
|
||||
[lokid]
|
||||
enabled=false
|
||||
jsonrpc=127.0.0.1:22023
|
||||
|
||||
# network settings
|
||||
[network]
|
||||
profiles=/root/.lokinet/profiles.dat
|
||||
enabled=true
|
||||
exit=false
|
||||
ifname=loki-docker0
|
|
@ -12,10 +12,8 @@ services:
|
|||
ports:
|
||||
- target: 1090
|
||||
protocol: udp
|
||||
mode: host
|
||||
- target: 1190
|
||||
protocol: tcp
|
||||
mode: host
|
||||
volumes:
|
||||
- bootstrap-dir:/root/.lokinet/
|
||||
environment:
|
||||
|
@ -48,6 +46,34 @@ services:
|
|||
networks:
|
||||
testing_net:
|
||||
|
||||
client:
|
||||
depends_on:
|
||||
- bootstrap-router
|
||||
build:
|
||||
context: .
|
||||
dockerfile: docker/compose/router.Dockerfile
|
||||
image: router
|
||||
devices:
|
||||
- "/dev/net/tun:/dev/net/tun"
|
||||
ports:
|
||||
- target: 1090
|
||||
protocol: udp
|
||||
mode: host
|
||||
- target: 1190
|
||||
protocol: tcp
|
||||
mode: host
|
||||
- target: 53
|
||||
protocol: tcp
|
||||
mode: host
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
volumes:
|
||||
- bootstrap-dir:/bootstrap/
|
||||
environment:
|
||||
- LOKINET_NETID=docker
|
||||
networks:
|
||||
testing_net:
|
||||
|
||||
volumes:
|
||||
bootstrap-dir:
|
||||
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
# this configuration was auto generated with 'sane' defaults
|
||||
# change these values as desired
|
||||
|
||||
|
||||
[router]
|
||||
# number of crypto worker threads
|
||||
threads=4
|
||||
|
@ -13,6 +9,7 @@ transport-privkey=/root/.lokinet/transport.private
|
|||
ident-privkey=/root/.lokinet/identity.private
|
||||
# encryption key for onion routing
|
||||
encryption-privkey=/root/.lokinet/encryption.private
|
||||
block-bogons=false
|
||||
|
||||
# uncomment following line to set router nickname to 'lokinet'
|
||||
#nickname=lokinet
|
||||
|
@ -32,9 +29,6 @@ json-metrics-path=/root/.lokinet/metrics.json
|
|||
# admin api (disabled by default)
|
||||
[api]
|
||||
enabled=true
|
||||
#authkey=insertpubkey1here
|
||||
#authkey=insertpubkey2here
|
||||
#authkey=insertpubkey3here
|
||||
bind=127.0.0.1:1190
|
||||
|
||||
# system settings for privileges and such
|
||||
|
@ -64,16 +58,12 @@ add-node=/bootstrap/self.signed
|
|||
[lokid]
|
||||
enabled=false
|
||||
jsonrpc=127.0.0.1:22023
|
||||
#service-node-seed=/path/to/servicenode/seed
|
||||
|
||||
# network settings
|
||||
[network]
|
||||
profiles=/root/.lokinet/profiles.dat
|
||||
enabled=true
|
||||
exit=false
|
||||
#exit-blacklist=tcp:25
|
||||
#exit-whitelist=tcp:*
|
||||
#exit-whitelist=udp:*
|
||||
ifaddr=10.200.0.1/8
|
||||
ifname=loki-docker0
|
||||
|
||||
|
|
|
@ -4,9 +4,10 @@
|
|||
#include <constants/defaults.hpp>
|
||||
#include <constants/limits.hpp>
|
||||
#include <net/net.hpp>
|
||||
#include <router_contact.hpp>
|
||||
#include <util/fs.hpp>
|
||||
#include <util/logger.hpp>
|
||||
#include <util/logger_syslog.hpp>
|
||||
#include <util/logger.hpp>
|
||||
#include <util/mem.hpp>
|
||||
#include <util/memfn.hpp>
|
||||
#include <util/str.hpp>
|
||||
|
@ -31,6 +32,20 @@ namespace llarp
|
|||
return std::atoi(str.c_str());
|
||||
}
|
||||
|
||||
absl::optional< bool >
|
||||
setOptBool(string_view val)
|
||||
{
|
||||
if(IsTrueValue(val))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
else if(IsFalseValue(val))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return {};
|
||||
}
|
||||
|
||||
void
|
||||
RouterConfig::fromSection(string_view key, string_view val)
|
||||
{
|
||||
|
@ -139,6 +154,10 @@ namespace llarp
|
|||
LogDebug("set to use ", m_numNetThreads, " net threads");
|
||||
}
|
||||
}
|
||||
if(key == "block-bogons")
|
||||
{
|
||||
m_blockBogons = setOptBool(val);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -146,14 +165,7 @@ namespace llarp
|
|||
{
|
||||
if(key == "profiling")
|
||||
{
|
||||
if(IsTrueValue(val))
|
||||
{
|
||||
m_enableProfiling.emplace(true);
|
||||
}
|
||||
else if(IsFalseValue(val))
|
||||
{
|
||||
m_enableProfiling.emplace(false);
|
||||
}
|
||||
m_enableProfiling = setOptBool(val);
|
||||
}
|
||||
else if(key == "profiles")
|
||||
{
|
||||
|
@ -398,7 +410,9 @@ namespace llarp
|
|||
};
|
||||
|
||||
if(c.VisitSection(name.c_str(), visitor))
|
||||
{
|
||||
return ret;
|
||||
}
|
||||
|
||||
return {};
|
||||
}
|
||||
|
@ -465,7 +479,7 @@ llarp_ensure_config(const char *fname, const char *basedir, bool overwrite,
|
|||
return false;
|
||||
}
|
||||
|
||||
std::string basepath = "";
|
||||
std::string basepath;
|
||||
if(basedir)
|
||||
{
|
||||
basepath = basedir;
|
||||
|
@ -641,10 +655,14 @@ llarp_ensure_router_config(std::ofstream &f, std::string basepath)
|
|||
// get ifname
|
||||
std::string ifname;
|
||||
if(llarp::GetBestNetIF(ifname, AF_INET))
|
||||
{
|
||||
f << ifname << "=1090\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
f << "# could not autodetect network interface\n"
|
||||
<< "#eth0=1090\n";
|
||||
}
|
||||
|
||||
f << std::endl;
|
||||
}
|
||||
|
@ -658,7 +676,9 @@ llarp_ensure_client_config(std::ofstream &f, std::string basepath)
|
|||
auto stream = llarp::util::OpenFileStream< std::ofstream >(
|
||||
snappExample_fpath, std::ios::binary);
|
||||
if(!stream)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
auto &example_f = stream.value();
|
||||
if(example_f.is_open())
|
||||
{
|
||||
|
|
|
@ -111,6 +111,8 @@ namespace llarp
|
|||
// long term identity key
|
||||
std::string m_identKeyfile = "identity.key";
|
||||
|
||||
absl::optional< bool > m_blockBogons;
|
||||
|
||||
bool m_publicOverride = false;
|
||||
struct sockaddr_in m_ip4addr;
|
||||
AddressInfo m_addrInfo;
|
||||
|
@ -120,19 +122,20 @@ namespace llarp
|
|||
|
||||
public:
|
||||
// clang-format off
|
||||
size_t minConnectedRouters() const { return fromEnv(m_minConnectedRouters, "MIN_CONNECTED_ROUTERS"); }
|
||||
size_t maxConnectedRouters() const { return fromEnv(m_maxConnectedRouters, "MAX_CONNECTED_ROUTERS"); }
|
||||
std::string encryptionKeyfile() const { return fromEnv(m_encryptionKeyfile, "ENCRYPTION_KEYFILE"); }
|
||||
std::string ourRcFile() const { return fromEnv(m_ourRcFile, "OUR_RC_FILE"); }
|
||||
std::string transportKeyfile() const { return fromEnv(m_transportKeyfile, "TRANSPORT_KEYFILE"); }
|
||||
std::string identKeyfile() const { return fromEnv(m_identKeyfile, "IDENT_KEYFILE"); }
|
||||
std::string netId() const { return fromEnv(m_netId, "NETID"); }
|
||||
std::string nickname() const { return fromEnv(m_nickname, "NICKNAME"); }
|
||||
bool publicOverride() const { return fromEnv(m_publicOverride, "PUBLIC_OVERRIDE"); }
|
||||
const struct sockaddr_in& ip4addr() const { return m_ip4addr; }
|
||||
const AddressInfo& addrInfo() const { return m_addrInfo; }
|
||||
int workerThreads() const { return fromEnv(m_workerThreads, "WORKER_THREADS"); }
|
||||
int numNetThreads() const { return fromEnv(m_numNetThreads, "NUM_NET_THREADS"); }
|
||||
size_t minConnectedRouters() const { return fromEnv(m_minConnectedRouters, "MIN_CONNECTED_ROUTERS"); }
|
||||
size_t maxConnectedRouters() const { return fromEnv(m_maxConnectedRouters, "MAX_CONNECTED_ROUTERS"); }
|
||||
std::string encryptionKeyfile() const { return fromEnv(m_encryptionKeyfile, "ENCRYPTION_KEYFILE"); }
|
||||
std::string ourRcFile() const { return fromEnv(m_ourRcFile, "OUR_RC_FILE"); }
|
||||
std::string transportKeyfile() const { return fromEnv(m_transportKeyfile, "TRANSPORT_KEYFILE"); }
|
||||
std::string identKeyfile() const { return fromEnv(m_identKeyfile, "IDENT_KEYFILE"); }
|
||||
std::string netId() const { return fromEnv(m_netId, "NETID"); }
|
||||
std::string nickname() const { return fromEnv(m_nickname, "NICKNAME"); }
|
||||
bool publicOverride() const { return fromEnv(m_publicOverride, "PUBLIC_OVERRIDE"); }
|
||||
const struct sockaddr_in& ip4addr() const { return m_ip4addr; }
|
||||
const AddressInfo& addrInfo() const { return m_addrInfo; }
|
||||
int workerThreads() const { return fromEnv(m_workerThreads, "WORKER_THREADS"); }
|
||||
int numNetThreads() const { return fromEnv(m_numNetThreads, "NUM_NET_THREADS"); }
|
||||
absl::optional< bool > blockBogons() const { return fromEnv(m_blockBogons, "BLOCK_BOGONS"); }
|
||||
// clang-format on
|
||||
|
||||
void
|
||||
|
|
|
@ -205,7 +205,8 @@ namespace llarp
|
|||
publishData(const std::vector< std::string > &toSend,
|
||||
const std::string &host, short port)
|
||||
{
|
||||
struct addrinfo hints, *addrs;
|
||||
struct addrinfo hints;
|
||||
struct addrinfo *addrs;
|
||||
bzero(&hints, sizeof(hints));
|
||||
hints.ai_family = AF_UNSPEC;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
|
|
|
@ -384,6 +384,11 @@ namespace llarp
|
|||
publicOverride = conf->router.publicOverride();
|
||||
ip4addr = conf->router.ip4addr();
|
||||
|
||||
if(!conf->router.blockBogons().value_or(true))
|
||||
{
|
||||
RouterContact::BlockBogons = false;
|
||||
}
|
||||
|
||||
// Lokid Config
|
||||
usingSNSeed = conf->lokid.usingSNSeed;
|
||||
ident_keyfile = conf->lokid.ident_keyfile;
|
||||
|
@ -851,7 +856,7 @@ namespace llarp
|
|||
ai.ip = *publicAddr.addr6();
|
||||
ai.port = publicAddr.port();
|
||||
}
|
||||
if(IsBogon(ai.ip))
|
||||
if(RouterContact::BlockBogons && IsBogon(ai.ip))
|
||||
return;
|
||||
_rc.addrs.push_back(ai);
|
||||
if(ExitEnabled())
|
||||
|
|
|
@ -23,7 +23,7 @@ namespace llarp
|
|||
return defaultID;
|
||||
}
|
||||
|
||||
bool RouterContact::IgnoreBogons = false;
|
||||
bool RouterContact::BlockBogons = true;
|
||||
|
||||
#ifdef TESTNET
|
||||
// 1 minute for testnet
|
||||
|
@ -37,7 +37,7 @@ namespace llarp
|
|||
/// an RC inserted long enough ago (30 min) is considered stale and is removed
|
||||
llarp_time_t RouterContact::StaleInsertionAge = 30 * 60 * 1000;
|
||||
|
||||
NetID::NetID(const byte_t *val) : AlignedBuffer< 8 >()
|
||||
NetID::NetID(const byte_t *val)
|
||||
{
|
||||
size_t len = strnlen(reinterpret_cast< const char * >(val), size());
|
||||
std::copy(val, val + len, begin());
|
||||
|
@ -67,6 +67,7 @@ namespace llarp
|
|||
llarp_buffer_t strbuf;
|
||||
if(!bencode_read_string(buf, &strbuf))
|
||||
return false;
|
||||
|
||||
if(strbuf.sz > size())
|
||||
return false;
|
||||
|
||||
|
@ -106,13 +107,17 @@ namespace llarp
|
|||
return false;
|
||||
|
||||
std::string nick = Nick();
|
||||
if(nick.size())
|
||||
if(!nick.empty())
|
||||
{
|
||||
/* write nickname */
|
||||
if(!bencode_write_bytestring(buf, "n", 1))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
if(!bencode_write_bytestring(buf, nick.c_str(), nick.size()))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/* write encryption pubkey */
|
||||
|
@ -167,7 +172,9 @@ namespace llarp
|
|||
{"addresses", addrs}};
|
||||
|
||||
if(HasNick())
|
||||
{
|
||||
obj["nickname"] = Nick();
|
||||
}
|
||||
|
||||
return obj;
|
||||
}
|
||||
|
@ -189,9 +196,13 @@ namespace llarp
|
|||
{
|
||||
llarp_buffer_t strbuf;
|
||||
if(!bencode_read_string(buf, &strbuf))
|
||||
{
|
||||
return false;
|
||||
if(strbuf.sz > nickname.size())
|
||||
}
|
||||
if(strbuf.sz > llarp::AlignedBuffer< (32) >::size())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
nickname.Zero();
|
||||
std::copy(strbuf.base, strbuf.base + strbuf.sz, nickname.begin());
|
||||
return true;
|
||||
|
@ -218,7 +229,7 @@ namespace llarp
|
|||
bool
|
||||
RouterContact::IsPublicRouter() const
|
||||
{
|
||||
return addrs.size() > 0;
|
||||
return !addrs.empty();
|
||||
}
|
||||
|
||||
bool
|
||||
|
@ -277,7 +288,9 @@ namespace llarp
|
|||
signature.Zero();
|
||||
last_updated = time_now_ms();
|
||||
if(!BEncode(&buf))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
buf.sz = buf.cur - buf.base;
|
||||
buf.cur = buf.base;
|
||||
return CryptoManager::instance()->sign(signature, secretkey, buf);
|
||||
|
@ -303,7 +316,7 @@ namespace llarp
|
|||
}
|
||||
for(const auto &a : addrs)
|
||||
{
|
||||
if(IsBogon(a.ip) && !IgnoreBogons)
|
||||
if(IsBogon(a.ip) && BlockBogons)
|
||||
{
|
||||
llarp::LogError("invalid address info: ", a);
|
||||
return false;
|
||||
|
@ -349,17 +362,23 @@ namespace llarp
|
|||
std::array< byte_t, MAX_RC_SIZE > tmp;
|
||||
llarp_buffer_t buf(tmp);
|
||||
if(!BEncode(&buf))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
buf.sz = buf.cur - buf.base;
|
||||
buf.cur = buf.base;
|
||||
const fs::path fpath = std::string(fname); /* */
|
||||
auto optional_f =
|
||||
llarp::util::OpenFileStream< std::ofstream >(fpath, std::ios::binary);
|
||||
if(!optional_f)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
auto &f = optional_f.value();
|
||||
if(!f.is_open())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
f.write((char *)buf.base, buf.sz);
|
||||
return true;
|
||||
}
|
||||
|
@ -379,7 +398,9 @@ namespace llarp
|
|||
f.seekg(0, std::ios::end);
|
||||
auto l = f.tellg();
|
||||
if(l > static_cast< std::streamoff >(sizeof tmp))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
f.seekg(0, std::ios::beg);
|
||||
f.read((char *)tmp.data(), l);
|
||||
return BDecode(&buf);
|
||||
|
|
|
@ -67,7 +67,7 @@ namespace llarp
|
|||
struct RouterContact
|
||||
{
|
||||
/// for unit tests
|
||||
static bool IgnoreBogons;
|
||||
static bool BlockBogons;
|
||||
|
||||
static llarp_time_t Lifetime;
|
||||
static llarp_time_t UpdateInterval;
|
||||
|
@ -144,7 +144,7 @@ namespace llarp
|
|||
bool
|
||||
IsExit() const
|
||||
{
|
||||
return exits.size() > 0;
|
||||
return !exits.empty();
|
||||
}
|
||||
|
||||
bool
|
||||
|
|
|
@ -21,7 +21,9 @@ namespace llarp
|
|||
{
|
||||
auto pos = str.find(".snode");
|
||||
if(pos == std::string::npos || pos == 0)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return Base32Decode(str.substr(0, pos), *this);
|
||||
}
|
||||
} // namespace llarp
|
||||
|
|
|
@ -12,7 +12,7 @@ namespace llarp
|
|||
|
||||
using Data = std::array< byte_t, SIZE >;
|
||||
|
||||
RouterID() : AlignedBuffer< SIZE >()
|
||||
RouterID()
|
||||
{
|
||||
}
|
||||
|
||||
|
|
|
@ -118,10 +118,10 @@ struct LinkLayerTest : public test::LlarpTest< NoOpCrypto >
|
|||
void
|
||||
SetUp()
|
||||
{
|
||||
oldRCLifetime = RouterContact::Lifetime;
|
||||
RouterContact::IgnoreBogons = true;
|
||||
RouterContact::Lifetime = 500;
|
||||
netLoop = llarp_make_ev_loop();
|
||||
oldRCLifetime = RouterContact::Lifetime;
|
||||
RouterContact::BlockBogons = false;
|
||||
RouterContact::Lifetime = 500;
|
||||
netLoop = llarp_make_ev_loop();
|
||||
m_logic.reset(new Logic());
|
||||
}
|
||||
|
||||
|
@ -132,8 +132,8 @@ struct LinkLayerTest : public test::LlarpTest< NoOpCrypto >
|
|||
Bob.TearDown();
|
||||
m_logic.reset();
|
||||
netLoop.reset();
|
||||
RouterContact::IgnoreBogons = false;
|
||||
RouterContact::Lifetime = oldRCLifetime;
|
||||
RouterContact::BlockBogons = true;
|
||||
RouterContact::Lifetime = oldRCLifetime;
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
Loading…
Reference in a new issue