Add behind firewall conf to prevent node from initiating connection to behind-firewall remote peers.

Author: the-headless-ghost

cardano-diffusion/cardano-diffusion.cabal

@@ -449,7 +449,7 @@ library cardano-diffusion-tests-lib
     monoidal-synchronisation,
     network,
     network-mux,
-    ouroboros-network:{ouroboros-network, api, api-tests-lib, framework, framework-tests-lib, orphan-instances, ouroboros-network-tests-lib, protocols, protocols-tests-lib, tests-lib},
+    ouroboros-network:{ouroboros-network, api, api-tests-lib, framework, framework-tests-lib, ouroboros-network-tests-lib, protocols, protocols-tests-lib, tests-lib},
     pipes,
     pretty-simple,
     psqueues,

cardano-diffusion/changelog.d/20251108_103013_edgr_behind_firewall.md

@@ -0,0 +1,11 @@
+<!--
+A new scriv changelog fragment.
+
+Uncomment the section that is right (remove the HTML comment wrapper).
+For top level release notes, leave all the headers commented out.
+-->
+
+### Non-Breaking
+
+- Added a property test to verify that the node never connects to peers behind a firewall.
+- Added a round-trip property test to verify that topology file decoding and encoding are correct.

cardano-diffusion/lib/Cardano/Network/Diffusion/Topology.hs

@@ -30,5 +30,6 @@ isValidTrustedPeerConfiguration
               IsTrustable    -> not
                               . null
                               . rootAccessPoints
+                              . rootConfig
                               $ localRoots
           ) lprgs

cardano-diffusion/tests/lib/Test/Cardano/Network/Diffusion/Testnet.hs

@@ -137,8 +137,7 @@ import Test.Ouroboros.Network.Diffusion.Node.Kernel (NtCAddr, NtCVersion,
            NtNVersionData, ppNtNAddr)
 import Test.Ouroboros.Network.LedgerPeers (LedgerPools (..), cardanoSRVPrefix,
            genLedgerPoolsFrom)
-import Test.Ouroboros.Network.PeerSelection.Instances (PeerAddr (..))
-import Test.Ouroboros.Network.PeerSelection.Instances qualified as PeerSelection
+import Test.Ouroboros.Network.OrphanInstances (genIPv4, genIPv6)
 import Test.Ouroboros.Network.PeerSelection.LocalRootPeers ()
 import Test.Ouroboros.Network.PeerSelection.RootPeersDNS (DNSLookupDelay (..),
            DNSTimeout (..), DomainAccessPoint (..), MockDNSMap, genDomainName)
@@ -546,9 +545,9 @@ genDomainMapScript relays = do
           case v of
             Left _ipsttls -> case relays of
               TestnetRelays4 {} ->
-                (k,) . Left . singleton . (, ttl) <$> PeerSelection.genIPv4
+                (k,) . Left . singleton . (, ttl) <$> genIPv4
               TestnetRelays6 {} ->
-                (k,) . Left . singleton . (, ttl) <$> PeerSelection.genIPv6
+                (k,) . Left . singleton . (, ttl) <$> genIPv6
             Right doms -> do
               (k,) . Right . singleton <$> do
                 case listToMaybe doms of
@@ -746,8 +745,8 @@ data TestnetRelayInfos = TestnetRelays4 { unTestnetRelays :: [TestnetRelayInfo]
                        | TestnetRelays6 { unTestnetRelays :: [TestnetRelayInfo] }
 
 instance Arbitrary TestnetRelayInfos where
-  arbitrary = oneof [ TestnetRelays4 <$> gen PeerSelection.genIPv4
-                    , TestnetRelays6 <$> gen PeerSelection.genIPv6
+  arbitrary = oneof [ TestnetRelays4 <$> gen genIPv4
+                    , TestnetRelays6 <$> gen genIPv6
                     ]
     where
       uniqueIps xs =

cardano-diffusion/tests/lib/Test/Cardano/Network/Diffusion/Testnet/Simulation.hs

@@ -1,24 +1,32 @@
 module Test.Cardano.Network.OrphanInstances.Tests (tests) where
 
 import Data.Aeson
+import Data.Aeson.Types (parse)
 
-import Ouroboros.Network.OrphanInstances ()
+import Ouroboros.Network.Diffusion.Topology
 
 import Cardano.Network.OrphanInstances ()
+import Cardano.Network.PeerSelection.Bootstrap
+import Cardano.Network.PeerSelection.PeerTrustable
 import Cardano.Network.Protocol.Handshake.Test hiding (tests)
 
-import Test.QuickCheck
+import Test.Cardano.Network.PeerSelection.Instances ()
 import Test.Tasty
 import Test.Tasty.QuickCheck
 
-
 tests :: TestTree
 tests = testGroup "Cardano.Network.OrphanInstances"
         [ testProperty "NodeToNodeVersion" prop_json_NodeToNodeVersion
         , testProperty "NodeToClientVersion" prop_json_NodeToClientVersion
+        , testProperty "NetworkTopology" prop_json_NetworkTopology
         ]
 
 
+prop_json_NetworkTopology :: NetworkTopology UseBootstrapPeers PeerTrustable -> Property
+prop_json_NetworkTopology topo =
+  parse (parseJSON . toJSON) topo === Data.Aeson.Success topo
+
+
 prop_json_NodeToNodeVersion
   :: ArbitraryNodeToNodeVersion
   -> Property

cardano-diffusion/tests/lib/Test/Cardano/Network/OrphanInstances/Tests.hs

@@ -54,6 +54,7 @@ import Cardano.Network.PeerSelection
 -- import Cardano.Network.PeerSelection.PublicRootPeers (PublicRootPeers (..))
 import Cardano.Network.PeerSelection.PublicRootPeers qualified as Cardano.PublicRootPeers
 
+import Ouroboros.Network.ConnectionManager.Types (Provenance(Outbound))
 import Ouroboros.Network.DiffusionMode
 import Ouroboros.Network.ExitPolicy (RepromoteDelay (..))
 import Ouroboros.Network.PeerSelection
@@ -3201,7 +3202,6 @@ prop_governor_target_established_above (MaxTime maxTime) env =
                      <*> govInProgressIneligibleSig
                      <*> demotionOpportunitiesIgnoredTooLong)
 
-
 -- | Like 'prop_governor_target_established_above' but for big ledger peers.
 --
 prop_governor_target_established_big_ledger_peers_above
@@ -4423,8 +4423,8 @@ prop_issue_3550 = prop_governor_target_established_below defaultMaxTime $
           (PeerAddr 29,[],GovernorScripts {peerShareScript = Script (Nothing :| []), peerSharingScript = Script (PeerSharingDisabled :| []), connectionScript = Script ((ToWarm,NoDelay) :| [(ToCold,NoDelay),(Noop,NoDelay)])})
         ],
       localRootPeers = LocalRootPeers.fromGroups
-        [ (1, 1, Map.fromList [(PeerAddr 16, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])
-        , (1, 1, Map.fromList [(PeerAddr 4, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])
+        [ (1, 1, Map.fromList [(PeerAddr 16, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode Outbound IsNotTrustable)])
+        , (1, 1, Map.fromList [(PeerAddr 4, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode Outbound IsNotTrustable)])
         ],
       publicRootPeers = Cardano.PublicRootPeers.fromPublicRootPeers
         (Map.fromList [ (PeerAddr 14, DoNotAdvertisePeer)
@@ -4471,7 +4471,7 @@ prop_issue_3515 = prop_governor_nolivelock $
                            peerSharingScript = Script (PeerSharingDisabled :| []),
                            connectionScript = Script ((ToCold,NoDelay) :| [(Noop,NoDelay)])
                          })],
-      localRootPeers = LocalRootPeers.fromGroups [(1,1,Map.fromList [(PeerAddr 10, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])],
+      localRootPeers = LocalRootPeers.fromGroups [(1,1,Map.fromList [(PeerAddr 10, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode Outbound IsNotTrustable)])],
       publicRootPeers = PublicRootPeers.empty Cardano.ExtraPeers.empty,
       targets = Script . NonEmpty.fromList $ targets'',
       pickKnownPeersForPeerShare = Script (PickFirst :| []),
@@ -4513,7 +4513,7 @@ prop_issue_3494 = prop_governor_nofail $
                                                 peerSharingScript = Script (PeerSharingDisabled :| []),
                                                 connectionScript = Script ((ToCold,NoDelay) :| [(Noop,NoDelay)])
                                               })],
-      localRootPeers = LocalRootPeers.fromGroups [(1,1,Map.fromList [(PeerAddr 64, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])],
+      localRootPeers = LocalRootPeers.fromGroups [(1,1,Map.fromList [(PeerAddr 64, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode Outbound IsNotTrustable)])],
       publicRootPeers = PublicRootPeers.empty Cardano.ExtraPeers.empty,
       targets = Script . NonEmpty.fromList $ targets'',
       pickKnownPeersForPeerShare = Script (PickFirst :| []),
@@ -4563,8 +4563,8 @@ prop_issue_3233 = prop_governor_nolivelock $
          (PeerAddr 15,[],GovernorScripts {peerShareScript = Script (Just ([],PeerShareTimeSlow) :| []), peerSharingScript = Script (PeerSharingDisabled :| []), connectionScript = Script ((Noop,NoDelay) :| [])})
         ],
       localRootPeers = LocalRootPeers.fromGroups
-        [ (1, 1, Map.fromList [(PeerAddr 15, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])
-        , (1, 1, Map.fromList [(PeerAddr 13, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])
+        [ (1, 1, Map.fromList [(PeerAddr 15, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode Outbound IsNotTrustable)])
+        , (1, 1, Map.fromList [(PeerAddr 13, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode Outbound IsNotTrustable)])
         ],
       publicRootPeers = Cardano.PublicRootPeers.fromPublicRootPeers
         (Map.fromList [(PeerAddr 4, DoNotAdvertisePeer)]),

cardano-diffusion/tests/lib/Test/Cardano/Network/PeerSelection.hs

@@ -62,6 +62,7 @@ import Control.Monad.IOSim
 import Control.Tracer (Tracer (..), contramap, traceWith)
 
 import Ouroboros.Network.BlockFetch (FetchMode (..), PraosFetchMode (..))
+import Ouroboros.Network.ConnectionManager.Types (Provenance)
 import Ouroboros.Network.DiffusionMode
 import Ouroboros.Network.ExitPolicy
 import Ouroboros.Network.PeerSelection hiding (requestPublicRootPeers)
@@ -550,8 +551,8 @@ mockPeerSelectionActions' tracer
           traceWith tracer (TraceEnvPeerShareResult addr peeraddrs)
           return (PeerSharingResult peeraddrs)
 
-    establishPeerConnection :: IsBigLedgerPeer -> DiffusionMode -> PeerAddr -> m (PeerConn m)
-    establishPeerConnection _ _ peeraddr = do
+    establishPeerConnection :: IsBigLedgerPeer -> DiffusionMode -> Provenance -> PeerAddr -> m (PeerConn m)
+    establishPeerConnection _ _ _ peeraddr = do
       --TODO: add support for variable delays and synchronous failure
       traceWith tracer (TraceEnvEstablishConn peeraddr)
       threadDelay 1

cardano-diffusion/tests/lib/Test/Cardano/Network/PeerSelection/MockEnvironment.hs

@@ -1,21 +1,15 @@
-{-# LANGUAGE OverloadedStrings #-}
-{-# LANGUAGE TypeApplications  #-}
-
-{-# OPTIONS_GHC -Wno-orphans #-}
-
 module Test.Ouroboros.Network.PeerSelection.RelayAccessPoint (tests) where
 
 import Codec.CBOR.Read as CBOR
 import Codec.CBOR.Write as CBOR
 import Data.Aeson qualified as Aeson
 import Data.ByteString.Char8 qualified as BSC
-import Data.IP qualified as IP
-import Data.Word
 
 import Cardano.Binary (FromCBOR (..), ToCBOR (..))
 import Ouroboros.Network.PeerSelection.PeerAdvertise
 import Ouroboros.Network.PeerSelection.RelayAccessPoint
 
+import Test.Ouroboros.Network.OrphanInstances ()
 import Test.QuickCheck
 import Test.Tasty (TestTree, testGroup)
 import Test.Tasty.QuickCheck (testProperty)
@@ -33,54 +27,6 @@ tests = testGroup "Ouroboros.Network.PeerSelection"
     ]
   ]
 
--- TODO:
--- These instances & generators belong to `ouroboros-network-testing`, but we
--- cannot put them there until we pack all packages as a one package with
--- sublibraries (due to cyclic depndecies).
---
--- These instances are also useful in `ouroboros-network:testlib`, and for now
--- they are duplicated.
-
-genIPv4 :: Gen IP.IP
-genIPv4 =
-    IP.IPv4 . IP.toIPv4w <$> resize 200 arbitrary `suchThat` (> 100)
-
-genIPv6 :: Gen IP.IP
-genIPv6 =
-    IP.IPv6 . IP.toIPv6w <$> genFourWord32
-  where
-    genFourWord32 :: Gen (Word32, Word32, Word32, Word32)
-    genFourWord32 =
-       (,,,) <$> resize 200 arbitrary `suchThat` (> 100)
-             <*> arbitrary
-             <*> arbitrary
-             <*> arbitrary
-
-instance Arbitrary PortNumber where
-  arbitrary = elements [1000..1100]
-  shrink = map fromIntegral
-         . filter (>=1000)
-         . shrink
-         . fromIntegral @PortNumber @Word16
-
-instance Arbitrary RelayAccessPoint where
-    arbitrary = prefixLedgerRelayAccessPoint "_prefix._tcp" <$> arbitrary
-
-instance Arbitrary LedgerRelayAccessPoint where
-  arbitrary =
-      frequency [ (4, LedgerRelayAccessAddress <$> oneof [genIPv4, genIPv6] <*> arbitrary)
-                , (4, LedgerRelayAccessDomain <$> genDomainName <*> arbitrary)
-                , (1, LedgerRelayAccessSRVDomain <$> genDomainName)]
-    where
-      genDomainName = elements $ (\i -> "test" <> (BSC.pack . show $ i)) <$> [1..6 :: Int]
-
-instance Arbitrary PeerAdvertise where
-  arbitrary = elements [ DoAdvertisePeer, DoNotAdvertisePeer ]
-
-  shrink DoAdvertisePeer    = []
-  shrink DoNotAdvertisePeer = [DoAdvertisePeer]
-
-
 prop_cbor_LedgerRelayAccessPoint :: LedgerRelayAccessPoint
                                  -> Property
 prop_cbor_LedgerRelayAccessPoint ap =

ouroboros-network/api/tests/Test/Ouroboros/Network/PeerSelection/RelayAccessPoint.hs

@@ -0,0 +1,37 @@
+<!--
+A new scriv changelog fragment.
+
+Uncomment the section that is right (remove the HTML comment wrapper).
+For top level release notes, leave all the headers commented out.
+-->
+
+### Breaking
+
+- Changed the type of `localRoots` to `LocalRoots`.
+- Modified `AcquireOutboundConnection` to include an additional parameter: `Provenance`.
+- `acquireOutboundConnectionImpl` only creates a new connection if `Provenance` permits it.
+- `jobPromoteColdPeer` only creates a new connection if no inbound connection is found and provenance is set to `Outbound`.
+
+### Non-Breaking
+
+- Added `LocalRoots` type in `Ouroboros.Network.PeerSelection.State.LocalRootPeers` with the following fields:
+  - `rootConfig` of type `RootConfig`
+  - `provenance` of type `Provenance`
+- Added `localProvenance` field to `LocalRootConfig`.
+- Added a new constructor `InboundConnectionNotFound` for `ConnectionManagerError`.
+- Renamed `Test.Ouroboros.Network.Orphans` to `Test.Ouroboros.Network.OrphanInstances`.
+- Moved the following instances from `Test.Ouroboros.Network.PeerSelection.LocalRootPeers` to `Test.Ouroboros.Network.OrphanInstances`:
+  - `Arbitrary WarmValency`
+  - `Arbitrary HotValency`
+- Removed duplicated code from `Test.Ouroboros.Network.PeerSelection.Instances` and `Test.Ouroboros.Network.PeerSelection.RelayAccessPoint`, and moved it to `Test.Ouroboros.Network.OrphanInstances`:
+  - `genIPv4`
+  - `genIPv6`
+  - `Arbitrary SlotNo`
+  - `Arbitrary PeerAdvertise`
+  - `Arbitrary PeerSharing`
+  - `Arbitrary AfterSlot`
+  - `Arbitrary UseLedgerPeers`
+  - `Arbitrary PortNumber`
+  - `Arbitrary RelayAccessPoint`
+  - `Arbitrary LedgerRelayAccessPoint`
+  - `Arbitrary (LocalRootConfig extraFlags)`