Compare commits

...

7 Commits

Author SHA1 Message Date
Bogdan-Ștefan Neacşu 10270a0f6a Put a list of allowed wg keys in /root/keys_pub.json 2023-12-20 11:36:30 +02:00
Jon Häggblad 406a384393 Apply exit policy check on portless packets 2023-12-19 10:34:34 +01:00
durch 4508c1db68 Use all gateways for custom topology provider 2023-12-15 16:09:17 +01:00
durch 2d3c36f851 Add three measurements grace period 2023-12-14 15:57:17 +01:00
durch 2b998c1363 Only use good nodes for test route construction 2023-12-14 15:57:02 +01:00
Bogdan-Ștefan Neacşu 13308cf80b Enable wireguard for testing purposes 2023-12-13 16:54:27 +02:00
mx 951f8e7a74 Max/hide nymvisor intros cleanup (#4246)
* * removed shipyard info for moment
* removed nymvisor page until next release

* removed 'new' from operator and tssdk docs

* removed nymvisor for moment
2023-12-13 12:07:37 +00:00
29 changed files with 243 additions and 97 deletions
+1 -1
View File
@@ -43,7 +43,7 @@ jobs:
uses: actions-rs/cargo@v1
with:
command: build
args: --workspace --release
args: --workspace --release --features wireguard
- name: Upload Artifact
uses: actions/upload-artifact@v3
@@ -51,7 +51,7 @@ jobs:
uses: actions-rs/cargo@v1
with:
command: build
args: --workspace --release
args: --workspace --release --features wireguard
- name: Prepare build output
shell: bash
Generated
+1
View File
@@ -7572,6 +7572,7 @@ dependencies = [
"nym-network-defaults",
"nym-task",
"nym-wireguard-types",
"serde",
"tokio",
"x25519-dalek 2.0.0",
]
@@ -275,6 +275,10 @@ impl NymApiClient {
Ok(self.nym_api.get_gateways().await?)
}
pub async fn get_all_gateways(&self) -> Result<Vec<GatewayBond>, ValidatorClientError> {
Ok(self.nym_api.get_all_gateways().await?)
}
pub async fn get_cached_described_gateways(
&self,
) -> Result<Vec<DescribedGateway>, ValidatorClientError> {
@@ -79,6 +79,11 @@ pub trait NymApiClientExt: ApiClient {
.await
}
async fn get_all_gateways(&self) -> Result<Vec<GatewayBond>, NymAPIError> {
self.get_json(&[routes::API_VERSION, routes::GATEWAYS_ALL], NO_PARAMS)
.await
}
async fn get_gateways_described(&self) -> Result<Vec<DescribedGateway>, NymAPIError> {
self.get_json(
&[routes::API_VERSION, routes::GATEWAYS, routes::DESCRIBED],
@@ -6,6 +6,7 @@ use nym_network_defaults::NYM_API_VERSION;
pub const API_VERSION: &str = NYM_API_VERSION;
pub const MIXNODES: &str = "mixnodes";
pub const GATEWAYS: &str = "gateways";
pub const GATEWAYS_ALL: &str = "gateways/all";
pub const DESCRIBED: &str = "described";
pub const DETAILED: &str = "detailed";
+63
View File
@@ -81,6 +81,15 @@ ExitPolicy accept6 *6:119
ExitPolicy accept *4:120
ExitPolicy reject6 [FC00::]/7:*
# Portless
ExitPolicy accept *:0
ExitPolicy accept *4:0
ExitPolicy accept *6:0
ExitPolicy reject *:0
ExitPolicy reject *4:0
ExitPolicy reject *6:0
#ExitPolicy accept *:8080 #and another comment here
ExitPolicy reject FE80:0000:0000:0000:0202:B3FF:FE1E:8329:*
@@ -184,6 +193,60 @@ ExitPolicy reject *:*
},
);
// ExitPolicy accept *:0
expected.push(
Accept,
AddressPortPattern {
ip_pattern: IpPattern::Star,
ports: PortRange::new_zero(),
},
);
// ExitPolicy accept *4:0
expected.push(
Accept,
AddressPortPattern {
ip_pattern: IpPattern::V4Star,
ports: PortRange::new_zero(),
},
);
// ExitPolicy accept *6:0
expected.push(
Accept,
AddressPortPattern {
ip_pattern: IpPattern::V6Star,
ports: PortRange::new_zero(),
},
);
// ExitPolicy reject *:0
expected.push(
Reject,
AddressPortPattern {
ip_pattern: IpPattern::Star,
ports: PortRange::new_zero(),
},
);
// ExitPolicy reject *4:0
expected.push(
Reject,
AddressPortPattern {
ip_pattern: IpPattern::V4Star,
ports: PortRange::new_zero(),
},
);
// ExitPolicy reject *6:0
expected.push(
Reject,
AddressPortPattern {
ip_pattern: IpPattern::V6Star,
ports: PortRange::new_zero(),
},
);
// ExitPolicy FE80:0000:0000:0000:0202:B3FF:FE1E:8329:*
expected.push(
Reject,
+37 -14
View File
@@ -264,7 +264,13 @@ mod stringified_ip_pattern {
impl AddressPortPattern {
/// Return true iff this pattern matches a given address and port.
pub fn matches(&self, addr: &IpAddr, port: u16) -> bool {
self.ip_pattern.matches(addr) && self.ports.contains(port)
// For backward compatibility, we treat port 0 as a wildcard until all gateways have
// upgraded, at which point we can add *:0 to the policy list.
if port == 0 {
self.ip_pattern.matches(addr)
} else {
self.ip_pattern.matches(addr) && self.ports.contains(port)
}
}
/// As matches, but accept a SocketAddr.
@@ -395,19 +401,9 @@ fn parse_addr(s: &str) -> Result<IpAddr, PolicyError> {
})
}
/// Helper: try to parse a port making sure it's non-zero
fn parse_port(s: &str) -> Result<u16, PolicyError> {
let port = s
.parse::<u16>()
.map_err(|_| PolicyError::InvalidPort { raw: s.to_string() })?;
if port == 0 {
Err(PolicyError::InvalidPort {
raw: port.to_string(),
})
} else {
Ok(port)
}
s.parse::<u16>()
.map_err(|_| PolicyError::InvalidPort { raw: s.to_string() })
}
impl FromStr for IpPattern {
@@ -494,6 +490,10 @@ impl PortRange {
PortRange::new_unchecked(1, 65535)
}
pub fn new_zero() -> Self {
PortRange { start: 0, end: 0 }
}
/// Create a new PortRange.
///
/// The Portrange contains all ports between `start` and `end` inclusive.
@@ -574,6 +574,7 @@ mod test {
check("marzipan:80");
check("1.2.3.4:90-80");
check("1.2.3.4:0-80");
check("1.2.3.4/100:8888");
check("[1.2.3.4]/16:80");
check("[::1]/130:8888");
@@ -612,6 +613,22 @@ mod test {
check("0.0.0.0/0:*", &["127.0.0.1:80"], &["[f00b::]:80"]);
check("[::]/0:*", &["[f00b::]:80"], &["127.0.0.1:80"]);
check(
"*:0",
&["1.2.3.4:0", "[::1]:0", "9.0.0.0:0"],
&["1.2.3.4:443", "[::1]:500", "9.0.0.0:80", "[::1]:80"],
);
check(
"*4:0",
&["1.2.3.4:0", "9.0.0.0:0"],
&["1.2.3.4:443", "9.0.0.0:80", "[::1]:0", "[::1]:80"],
);
check(
"*6:0",
&["[::1]:0"],
&["[::1]:80", "1.2.3.4:0", "1.2.3.4:443"],
);
}
#[test]
@@ -620,6 +637,7 @@ mod test {
policy.push(AddressPolicyAction::Accept, "*:443".parse()?);
policy.push(AddressPolicyAction::Accept, "[::1]:80".parse()?);
policy.push(AddressPolicyAction::Reject, "*:80".parse()?);
policy.push(AddressPolicyAction::Accept, "*:0".parse()?);
let policy = policy; // drop mut
assert!(policy
@@ -640,6 +658,9 @@ mod test {
assert!(policy
.allows_sockaddr(&"127.0.0.1:66".parse().unwrap())
.is_none());
assert!(policy
.allows_sockaddr(&"127.0.0.1:0".parse().unwrap())
.unwrap());
Ok(())
}
@@ -672,7 +693,6 @@ mod test {
assert_eq!("*".parse::<PortRange>().unwrap(), PortRange::new_all());
assert!("hello".parse::<PortRange>().is_err());
assert!("0".parse::<PortRange>().is_err());
assert!("65536".parse::<PortRange>().is_err());
assert!("65537".parse::<PortRange>().is_err());
assert!("1-2-3".parse::<PortRange>().is_err());
@@ -680,6 +700,9 @@ mod test {
assert!("1-".parse::<PortRange>().is_err());
assert!("-2".parse::<PortRange>().is_err());
assert!("-".parse::<PortRange>().is_err());
assert_eq!("0".parse::<PortRange>().unwrap(), PortRange::new_zero(),);
assert!("0-1".parse::<PortRange>().is_err());
}
#[test]
+1
View File
@@ -22,4 +22,5 @@ log.workspace = true
nym-network-defaults = { path = "../network-defaults" }
nym-task = { path = "../task" }
nym-wireguard-types = { path = "../wireguard-types" }
serde = { workspace = true, features = ["derive"] }
tokio = { workspace = true, features = ["rt-multi-thread", "net", "io-util"] }
+10 -11
View File
@@ -9,13 +9,12 @@ use nym_wireguard_types::registration::GatewayClientRegistry;
use std::sync::Arc;
// Currently the module related to setting up the virtual network device is platform specific.
use crate::setup::PeerPair;
#[cfg(target_os = "linux")]
use crate::setup::{peer_allowed_ips, peer_static_public_key, PRIVATE_KEY};
use crate::setup::{peer_static_pairs, PRIVATE_KEY};
use defguard_wireguard_rs::WGApi;
#[cfg(target_os = "linux")]
use defguard_wireguard_rs::{
host::Peer, key::Key, net::IpAddrMask, InterfaceConfiguration, WireguardInterfaceApi,
};
use defguard_wireguard_rs::{InterfaceConfiguration, WireguardInterfaceApi};
#[cfg(target_os = "linux")]
use nym_network_defaults::{WG_PORT, WG_TUN_DEVICE_ADDRESS};
@@ -24,6 +23,7 @@ use nym_network_defaults::{WG_PORT, WG_TUN_DEVICE_ADDRESS};
pub async fn start_wireguard(
mut task_client: nym_task::TaskClient,
_gateway_client_registry: Arc<GatewayClientRegistry>,
peer_pairs: Vec<PeerPair>,
) -> Result<WGApi, Box<dyn std::error::Error + Send + Sync + 'static>> {
let ifname = String::from("wg0");
let wgapi = WGApi::new(ifname.clone(), false)?;
@@ -36,13 +36,11 @@ pub async fn start_wireguard(
peers: vec![],
};
wgapi.configure_interface(&interface_config)?;
let peer = peer_static_public_key();
let mut peer = Peer::new(Key::new(peer.to_bytes()));
let peer_ip = peer_allowed_ips();
let peer_ip_mask = IpAddrMask::new(peer_ip.network_address(), peer_ip.netmask());
peer.set_allowed_ips(vec![peer_ip_mask]);
wgapi.configure_peer(&peer)?;
wgapi.configure_peer_routing(&[peer.clone()])?;
let peers = peer_static_pairs(peer_pairs);
for peer in peers.iter() {
wgapi.configure_peer(peer)?;
}
wgapi.configure_peer_routing(&peers)?;
tokio::spawn(async move { task_client.recv().await });
@@ -52,6 +50,7 @@ pub async fn start_wireguard(
pub async fn start_wireguard(
_task_client: nym_task::TaskClient,
_gateway_client_registry: Arc<GatewayClientRegistry>,
_peer_pairs: Vec<PeerPair>,
) -> Result<WGApi, Box<dyn std::error::Error + Send + Sync + 'static>> {
todo!("WireGuard is currently only supported on Linux")
}
+38 -26
View File
@@ -1,7 +1,11 @@
use std::net::IpAddr;
use base64::{engine::general_purpose, Engine as _};
use log::info;
use defguard_wireguard_rs::host::Peer;
use defguard_wireguard_rs::key::Key;
use defguard_wireguard_rs::net::IpAddrMask;
use log::{info, warn};
use serde::Deserialize;
// The wireguard UDP listener
pub const WG_ADDRESS: &str = "0.0.0.0";
@@ -10,21 +14,23 @@ pub const WG_ADDRESS: &str = "0.0.0.0";
// Corresponding public key: "WM8s8bYegwMa0TJ+xIwhk+dImk2IpDUKslDBCZPizlE="
pub(crate) const PRIVATE_KEY: &str = "AEqXrLFT4qjYq3wmX0456iv94uM6nDj5ugp6Jedcflg=";
// The AllowedIPs for the connected peer, which is one a single IP and the same as the IP that the
// peer has configured on their side.
const ALLOWED_IPS: &str = "10.1.0.2";
#[derive(Deserialize, Debug)]
pub struct PeerPair {
pub addr: String,
pub public_key: String,
}
fn decode_base64_key(base64_key: &str) -> [u8; 32] {
fn decode_base64_key(base64_key: &str) -> Result<[u8; 32], String> {
general_purpose::STANDARD
.decode(base64_key)
.unwrap()
.map_err(|_| String::from("Could not decode"))?
.try_into()
.unwrap()
.map_err(|_| String::from("Not enough bytes"))
}
pub fn server_static_private_key() -> x25519_dalek::StaticSecret {
// TODO: this is a temporary solution for development
let static_private_bytes: [u8; 32] = decode_base64_key(PRIVATE_KEY);
let static_private_bytes: [u8; 32] = decode_base64_key(PRIVATE_KEY).unwrap();
let static_private = x25519_dalek::StaticSecret::from(static_private_bytes);
let static_public = x25519_dalek::PublicKey::from(&static_private);
info!(
@@ -34,23 +40,29 @@ pub fn server_static_private_key() -> x25519_dalek::StaticSecret {
static_private
}
pub fn peer_static_public_key() -> x25519_dalek::PublicKey {
// A single static public key is used during development
pub fn peer_static_pairs(raw_pairs: Vec<PeerPair>) -> Vec<Peer> {
raw_pairs
.into_iter()
.filter_map(|pair| {
if let Ok(peer_static_public_bytes) = decode_base64_key(&pair.public_key) {
let peer_static_public = x25519_dalek::PublicKey::from(peer_static_public_bytes);
let mut peer = Peer::new(Key::new(peer_static_public.to_bytes()));
// Read from NYM_PEER_PUBLIC_KEY env variable
let peer = std::env::var("NYM_PEER_PUBLIC_KEY").expect("NYM_PEER_PUBLIC_KEY must be set");
let peer_static_public_bytes: [u8; 32] = decode_base64_key(&peer);
let peer_static_public = x25519_dalek::PublicKey::from(peer_static_public_bytes);
info!(
"Adding wg peer public key: {}",
general_purpose::STANDARD.encode(peer_static_public)
);
peer_static_public
}
pub fn peer_allowed_ips() -> ip_network::IpNetwork {
let key: IpAddr = ALLOWED_IPS.parse().unwrap();
let cidr = 32u8;
ip_network::IpNetwork::new_truncate(key, cidr).unwrap()
if let Ok(key) = pair.addr.parse::<IpAddr>() {
let peer_ip = ip_network::IpNetwork::new_truncate(key, 32u8)
.expect("Netmask should be correct");
let peer_ip_mask =
IpAddrMask::new(peer_ip.network_address(), peer_ip.netmask());
peer.set_allowed_ips(vec![peer_ip_mask]);
Some(peer)
} else {
warn!("Not adding {:?} as IP doesn't parse", pair);
None
}
} else {
warn!("Not adding {:?} as public key doesn't decode", pair);
None
}
})
.collect()
}
+7 -6
View File
@@ -51,7 +51,7 @@
- [Querying the Chain](tutorials/cosmos-service/querying.md)
- [Typescript](tutorials/typescript.md)
- [[DEPRECATED] Simple Service Provider](tutorials/simple-service-provider/simple-service-provider.md)
- [Simple Service Provider](tutorials/simple-service-provider/simple-service-provider.md)
- [Tutorial Overview](tutorials/simple-service-provider/overview.md)
- [Preparing Your User Client Environment](tutorials/simple-service-provider/preparating-env.md)
- [Building Your User Client](tutorials/simple-service-provider/user-client.md)
@@ -59,11 +59,12 @@
- [Building Your Service Provider](tutorials/simple-service-provider/service-provider.md)
- [Sending a Message Through the Mixnet](tutorials/simple-service-provider/sending-message.md)
# Shipyard Builders Hackathon 2023
- [General Info & Resources](shipyard/general.md)
- [Hackathon Challenges](shipyard/challenges-overview.md)
- [A Note on Infrastructure](shipyard/infra.md)
- [Submission Guidelines](shipyard/guidelines.md)
[//]: # (TODO make generic )
[//]: # (# Shipyard Builders Hackathon 2023 )
[//]: # (- [General Info & Resources]&#40;shipyard/general.md&#41;)
[//]: # (- [Hackathon Challenges]&#40;shipyard/challenges-overview.md&#41;)
[//]: # (- [A Note on Infrastructure]&#40;shipyard/infra.md&#41;)
[//]: # (- [Submission Guidelines]&#40;shipyard/guidelines.md&#41;)
# Events
@@ -61,7 +61,8 @@ Quite a bit of stuff gets built. The key working parts are:
* [network requester](../nodes/network-requester.md): `nym-network-requester`
* [nym-cli tool](../tools/nym-cli.md): `nym-cli`
* [nym-api](https://nymtech.net/operators/nodes/nym-api.html): `nym-api`
* [nymvisor](https://nymtech.net/operators/nodes/nymvisor-upgrade.html): `nymvisor`
[//]: # (* [nymvisor]&#40;https://nymtech.net/operators/nodes/nymvisor-upgrade.html&#41;: `nymvisor`)
The repository also contains Typescript applications which aren't built in this process. These can be built by following the instructions on their respective docs pages.
* [Nym Wallet](../wallet/desktop-wallet.md)
+2 -2
View File
@@ -4,9 +4,9 @@ This is Nym's technical documentation, containing information and setup guides a
If you are new to Nym and want to learn about the Mixnet, explore kickstart options and demos, learn how to integrate with the network, and follow developer tutorials check out the [Developer Portal](https://nymtech.net/developers/) where you can find also our [FAQ section](https://nymtech.net/developers/faq/general-faq.html).
If you are looking for information and setup guides for the various pieces of Nym Mixnet infrastructure (Mix Nodes, Gateways and Network Requesters) and Nyx blockchain validators see the **new [Operators Guides](https://nymtech.net/operators)** book.
If you are looking for information and setup guides for the various pieces of Nym Mixnet infrastructure (Mix Nodes, Gateways and Network Requesters) and Nyx blockchain validators see the [Operators Guides](https://nymtech.net/operators) book.
If you're specifically looking for TypeScript/JavaScript related information such as SDKs to build your own tools, step-by-step tutorials, live playgrounds and more - make sure to check out the **new [TS SDK Handbook](https://sdk.nymtech.net/)** !
If you're specifically looking for TypeScript/JavaScript related information such as SDKs to build your own tools, step-by-step tutorials, live playgrounds and more - check out the [TS SDK Handbook](https://sdk.nymtech.net/).
## Popular pages
**Network Architecture:**
+2 -1
View File
@@ -20,7 +20,8 @@
- [Nym API Setup](nodes/nym-api.md)
- [Maintenance](nodes/maintenance.md)
- [Manual Node Upgrade](nodes/manual-upgrade.md)
- [Automatic Node Upgrade: Nymvisor Setup and Usage](nodes/nymvisor-upgrade.md)
[//]: # ( - [Automatic Node Upgrade: Nymvisor Setup and Usage]&#40;nodes/nymvisor-upgrade.md&#41;)
- [Troubleshooting](nodes/troubleshooting.md)
# FAQ
@@ -62,7 +62,8 @@ Quite a bit of stuff gets built. The key working parts are:
* [network requester](../nodes/network-requester-setup.md): `nym-network-requester`
* [nym-cli tool](https://nymtech.net/docs/tools/nym-cli.html): `nym-cli`
* [nym-api](../nodes/nym-api.md): `nym-api`
* [nymvisor](../nodes/nymvisor-upgrade.md): `nymvisor`
[//]: # (* [nymvisor]&#40;../nodes/nymvisor-upgrade.md&#41;: `nymvisor`)
The repository also contains Typescript applications which aren't built in this process. These can be built by following the instructions on their respective docs pages.
* [Nym Wallet](https://nymtech.net/docs/wallet/desktop-wallet.html)
+5
View File
@@ -242,6 +242,11 @@ impl Config {
self
}
pub fn with_client_keys_path(mut self, client_keys: PathBuf) -> Self {
self.wireguard.storage_paths.client_keys = client_keys;
self
}
pub fn with_listening_address(mut self, listening_address: IpAddr) -> Self {
self.gateway.listening_address = listening_address;
+1 -1
View File
@@ -130,7 +130,7 @@ impl From<ConfigV1_1_31> for Config {
announced_port: value.wireguard.announced_port,
private_network_prefix: Default::default(),
storage_paths: nym_node::config::persistence::WireguardPaths {
// no fields (yet)
client_keys: Default::default(),
},
},
storage_paths: GatewayPaths {
+4 -1
View File
@@ -207,7 +207,10 @@ impl<St> Gateway<St> {
&self,
shutdown: TaskClient,
) -> Result<WGApi, Box<dyn Error + Send + Sync>> {
nym_wireguard::start_wireguard(shutdown, Arc::clone(&self.client_registry)).await
let file = std::fs::File::open(&self.config.wireguard.storage_paths.client_keys)?;
let reader = std::io::BufReader::new(file);
let peers = serde_json::from_reader(reader)?;
nym_wireguard::start_wireguard(shutdown, Arc::clone(&self.client_registry), peers).await
}
fn start_client_websocket_listener(
@@ -146,7 +146,7 @@ impl PacketPreparer {
let initialisation_backoff = Duration::from_secs(30);
loop {
let gateways = self.validator_cache.gateways_all().await;
let mixnodes = self.validator_cache.mixnodes_basic().await;
let mixnodes = self.validator_cache.mixnodes_all_basic().await;
if gateways.len() < minimum_full_routes {
self.topology_wait_backoff(initialisation_backoff).await;
@@ -179,12 +179,21 @@ impl PacketPreparer {
async fn all_mixnodes_and_gateways(&self) -> (Vec<MixNodeBond>, Vec<GatewayBond>) {
info!("Obtaining network topology...");
let mixnodes = self.validator_cache.mixnodes_basic().await;
let mixnodes = self.validator_cache.mixnodes_all_basic().await;
let gateways = self.validator_cache.gateways_all().await;
(mixnodes, gateways)
}
async fn filtered_mixnodes_and_gateways(&self) -> (Vec<MixNodeBond>, Vec<GatewayBond>) {
info!("Obtaining network topology...");
let mixnodes = self.validator_cache.mixnodes_filtered_basic().await;
let gateways = self.validator_cache.gateways_filtered().await;
(mixnodes, gateways)
}
pub(crate) fn try_parse_mix_bond(&self, mix: &MixNodeBond) -> Result<mix::Node, String> {
let identity = mix.mix_node.identity_key.clone();
mix.try_into().map_err(|_| identity)
@@ -208,7 +217,7 @@ impl PacketPreparer {
n: usize,
blacklist: &mut HashSet<String>,
) -> Option<Vec<TestRoute>> {
let (mixnodes, gateways) = self.all_mixnodes_and_gateways().await;
let (mixnodes, gateways) = self.filtered_mixnodes_and_gateways().await;
// separate mixes into layers for easier selection
let mut layered_mixes = HashMap::new();
for mix in mixnodes {
+14 -13
View File
@@ -182,19 +182,20 @@ impl NymContractCache {
}
}
pub async fn mixnodes_basic(&self) -> Vec<MixNodeBond> {
match time::timeout(Duration::from_millis(100), self.inner.read()).await {
Ok(cache) => cache
.mixnodes
.clone()
.into_iter()
.map(|bond| bond.bond_information)
.collect(),
Err(err) => {
error!("{err}");
Vec::new()
}
}
pub async fn mixnodes_filtered_basic(&self) -> Vec<MixNodeBond> {
self.mixnodes_filtered()
.await
.into_iter()
.map(|bond| bond.bond_information)
.collect()
}
pub async fn mixnodes_all_basic(&self) -> Vec<MixNodeBond> {
self.mixnodes_all()
.await
.into_iter()
.map(|bond| bond.bond_information)
.collect()
}
pub async fn gateways_filtered(&self) -> Vec<GatewayBond> {
+1
View File
@@ -19,6 +19,7 @@ pub(crate) fn nym_contract_cache_routes(settings: &OpenApiSettings) -> (Vec<Rout
settings: routes::get_mixnodes,
routes::get_mixnodes_detailed,
routes::get_gateways,
routes::get_all_gateways,
routes::get_active_set,
routes::get_active_set_detailed,
routes::get_rewarded_set,
+6
View File
@@ -114,6 +114,12 @@ pub async fn get_blacklisted_gateways(
}
}
#[openapi(tag = "contract-cache")]
#[get("/gateways/all")]
pub async fn get_all_gateways(cache: &State<NymContractCache>) -> Json<Vec<GatewayBond>> {
Json(cache.gateways_all().await.clone())
}
#[openapi(tag = "contract-cache")]
#[get("/epoch/reward_params")]
pub async fn get_interval_reward_params(
+1 -1
View File
@@ -119,7 +119,7 @@ impl StorageManager {
r#"
SELECT
d.identity as "identity: String",
AVG(reliability) as "value: f32"
CASE WHEN count(*) > 3 THEN AVG(reliability) ELSE 100 END as "value: f32"
FROM
gateway_details d
JOIN
+3 -1
View File
@@ -93,7 +93,9 @@ impl Default for Wireguard {
),
announced_port: DEFAULT_WIREGUARD_PORT,
private_network_prefix: DEFAULT_WIREGUARD_PREFIX,
storage_paths: persistence::WireguardPaths {},
storage_paths: persistence::WireguardPaths {
client_keys: PathBuf::from("/root/keys_pub.json"),
},
}
}
}
+2 -1
View File
@@ -2,9 +2,10 @@
// SPDX-License-Identifier: GPL-3.0-only
use serde::{Deserialize, Serialize};
use std::path::PathBuf;
#[derive(Debug, Clone, Deserialize, PartialEq, Eq, Serialize)]
#[serde(deny_unknown_fields)]
pub struct WireguardPaths {
// pub keys:
pub client_keys: PathBuf,
}
@@ -35,7 +35,7 @@ impl MyTopologyProvider {
})
.collect::<Vec<_>>();
let gateways = self.validator_client.get_cached_gateways().await.unwrap();
let gateways = self.validator_client.get_all_gateways().await.unwrap();
nym_topology_from_detailed(filtered_mixnodes, gateways)
}
@@ -1,4 +1,4 @@
use std::net::SocketAddr;
use std::net::{IpAddr, SocketAddr};
pub use nym_client_core::error::ClientCoreError;
use nym_exit_policy::PolicyError;
@@ -57,9 +57,15 @@ pub enum IpPacketRouterError {
#[error("the provided socket address, '{addr}' is not covered by the exit policy!")]
AddressNotCoveredByExitPolicy { addr: SocketAddr },
#[error("the provided ip address, '{ip}' is not covered by the exit policy!")]
IpNotCoveredByExitPolicy { ip: IpAddr },
#[error("failed filter check: '{addr}'")]
AddressFailedFilterCheck { addr: SocketAddr },
#[error("failed filter check: '{ip}'")]
IpFailedFilterCheck { ip: IpAddr },
#[error("failed to apply the exit policy: {source}")]
ExitPolicyFailure {
#[from]
@@ -1,4 +1,7 @@
use std::{collections::HashMap, net::IpAddr};
use std::{
collections::HashMap,
net::{IpAddr, SocketAddr},
};
use futures::StreamExt;
use nym_ip_packet_requests::{
@@ -320,15 +323,11 @@ impl MixnetListener {
}
// Filter check
if let Some(dst) = dst {
if !self.request_filter.check_address(&dst).await {
log::warn!("Failed filter check: {dst}");
// TODO: we could consider sending back a response here
return Err(IpPacketRouterError::AddressFailedFilterCheck { addr: dst });
}
} else {
// TODO: we should also filter packets without port number
log::warn!("Ignoring filter check for packet without port number! TODO!");
let dst = dst.unwrap_or_else(|| SocketAddr::new(dst_addr, 0));
if !self.request_filter.check_address(&dst).await {
log::info!("Denied filter check: {dst}");
// TODO: we could consider sending back a response here
return Err(IpPacketRouterError::AddressFailedFilterCheck { addr: dst });
}
// TODO: consider changing from Vec<u8> to bytes::Bytes?