Skip to content

Commit c92d8c5

Browse files
martinconicjanosgacevicljubisa
authored
feat(p2p): add AutoTLS support for secure WebSocket connections (#5187)
Co-authored-by: Janoš Guljaš <janos@resenje.org> Co-authored-by: Ljubisa Gacevic <ljubisa.rs@gmail.com> Co-authored-by: Ljubiša Gačević <35105035+gacevicljubisa@users.noreply.github.com>
1 parent 66519d7 commit c92d8c5

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

44 files changed

+2468
-708
lines changed

.github/workflows/go.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,15 @@ jobs:
2727
with:
2828
cache: true
2929
go-version-file: go.mod
30+
- name: Increase UDP buffer sizes (Ubuntu)
31+
if: matrix.os == 'ubuntu-latest'
32+
run: |
33+
sudo sysctl -w net.core.rmem_max=7500000
34+
sudo sysctl -w net.core.wmem_max=7500000
35+
- name: Increase UDP buffer sizes (macOS)
36+
if: matrix.os == 'macos-latest'
37+
run: |
38+
sudo sysctl -w kern.ipc.maxsockbuf=6291456
3039
- name: Build
3140
run: make build
3241
- name: Test with race detector (Ubuntu and MacOS)

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
/.idea
33
/.vscode
44
/tmp
5+
/vendor
56

67
# Compiled Object files, Static and Dynamic libs (Shared Objects)
78
*.o

cmd/bee/cmd/cmd.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ import (
1717
"github.com/ethersphere/bee/v2/pkg/log"
1818
"github.com/ethersphere/bee/v2/pkg/node"
1919
"github.com/ethersphere/bee/v2/pkg/swarm"
20+
p2pforge "github.com/ipshipyard/p2p-forge/client"
2021
"github.com/spf13/cobra"
2122
"github.com/spf13/viper"
2223
)
@@ -82,6 +83,12 @@ const (
8283
optionReserveCapacityDoubling = "reserve-capacity-doubling"
8384
optionSkipPostageSnapshot = "skip-postage-snapshot"
8485
optionNameMinimumGasTipCap = "minimum-gas-tip-cap"
86+
optionNameP2PWSSEnable = "p2p-wss-enable"
87+
optionP2PWSSAddr = "p2p-wss-addr"
88+
optionNATWSSAddr = "nat-wss-addr"
89+
optionAutoTLSDomain = "autotls-domain"
90+
optionAutoTLSRegistrationEndpoint = "autotls-registration-endpoint"
91+
optionAutoTLSCAEndpoint = "autotls-ca-endpoint"
8592
)
8693

8794
// nolint:gochecknoinits
@@ -292,6 +299,12 @@ func (c *command) setAllFlags(cmd *cobra.Command) {
292299
cmd.Flags().Int(optionReserveCapacityDoubling, 0, "reserve capacity doubling")
293300
cmd.Flags().Bool(optionSkipPostageSnapshot, false, "skip postage snapshot")
294301
cmd.Flags().Uint64(optionNameMinimumGasTipCap, 0, "minimum gas tip cap in wei for transactions, 0 means use suggested gas tip cap")
302+
cmd.Flags().Bool(optionNameP2PWSSEnable, false, "Enable Secure WebSocket P2P connections")
303+
cmd.Flags().String(optionP2PWSSAddr, ":1635", "p2p wss address")
304+
cmd.Flags().String(optionNATWSSAddr, "", "WSS NAT exposed address")
305+
cmd.Flags().String(optionAutoTLSDomain, p2pforge.DefaultForgeDomain, "autotls domain")
306+
cmd.Flags().String(optionAutoTLSRegistrationEndpoint, p2pforge.DefaultForgeEndpoint, "autotls registration endpoint")
307+
cmd.Flags().String(optionAutoTLSCAEndpoint, p2pforge.DefaultCAEndpoint, "autotls certificate authority endpoint")
295308
}
296309

297310
func newLogger(cmd *cobra.Command, verbosity string) (log.Logger, error) {

cmd/bee/cmd/start.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -281,12 +281,16 @@ func buildBeeNode(ctx context.Context, c *command, cmd *cobra.Command, logger lo
281281
Addr: c.config.GetString(optionNameP2PAddr),
282282
AllowPrivateCIDRs: c.config.GetBool(optionNameAllowPrivateCIDRs),
283283
APIAddr: c.config.GetString(optionNameAPIAddr),
284+
EnableWSS: c.config.GetBool(optionNameP2PWSSEnable),
285+
WSSAddr: c.config.GetString(optionP2PWSSAddr),
286+
AutoTLSStorageDir: filepath.Join(c.config.GetString(optionNameDataDir), "autotls"),
284287
BlockchainRpcEndpoint: c.config.GetString(optionNameBlockchainRpcEndpoint),
285288
BlockProfile: c.config.GetBool(optionNamePProfBlock),
286289
BlockTime: networkConfig.blockTime,
287290
BootnodeMode: bootNode,
288291
Bootnodes: networkConfig.bootNodes,
289292
CacheCapacity: c.config.GetUint64(optionNameCacheCapacity),
293+
AutoTLSCAEndpoint: c.config.GetString(optionAutoTLSCAEndpoint),
290294
ChainID: networkConfig.chainID,
291295
ChequebookEnable: c.config.GetBool(optionNameChequebookEnable),
292296
CORSAllowedOrigins: c.config.GetStringSlice(optionCORSAllowedOrigins),
@@ -297,12 +301,15 @@ func buildBeeNode(ctx context.Context, c *command, cmd *cobra.Command, logger lo
297301
DBWriteBufferSize: c.config.GetUint64(optionNameDBWriteBufferSize),
298302
EnableStorageIncentives: c.config.GetBool(optionNameStorageIncentivesEnable),
299303
EnableWS: c.config.GetBool(optionNameP2PWSEnable),
304+
AutoTLSDomain: c.config.GetString(optionAutoTLSDomain),
305+
AutoTLSRegistrationEndpoint: c.config.GetString(optionAutoTLSRegistrationEndpoint),
300306
FullNodeMode: fullNode,
301307
Logger: logger,
302308
MinimumGasTipCap: c.config.GetUint64(optionNameMinimumGasTipCap),
303309
MinimumStorageRadius: c.config.GetUint(optionMinimumStorageRadius),
304310
MutexProfile: c.config.GetBool(optionNamePProfMutex),
305311
NATAddr: c.config.GetString(optionNameNATAddr),
312+
NATWSSAddr: c.config.GetString(optionNATWSSAddr),
306313
NeighborhoodSuggester: neighborhoodSuggester,
307314
PaymentEarly: c.config.GetInt64(optionNamePaymentEarly),
308315
PaymentThreshold: c.config.GetString(optionNamePaymentThreshold),

go.mod

Lines changed: 81 additions & 67 deletions
Original file line numberDiff line numberDiff line change
@@ -8,40 +8,41 @@ require (
88
contrib.go.opencensus.io/exporter/prometheus v0.4.2
99
github.com/armon/go-radix v1.0.0
1010
github.com/btcsuite/btcd/btcec/v2 v2.3.2
11+
github.com/caddyserver/certmagic v0.21.6
1112
github.com/coreos/go-semver v0.3.0
1213
github.com/ethereum/go-ethereum v1.15.11
1314
github.com/ethersphere/batch-archive v0.0.4
1415
github.com/ethersphere/go-price-oracle-abi v0.6.9
1516
github.com/ethersphere/go-storage-incentives-abi v0.9.4
1617
github.com/ethersphere/go-sw3-abi v0.6.9
1718
github.com/ethersphere/langos v1.0.0
18-
github.com/go-playground/validator/v10 v10.11.1
19+
github.com/go-playground/validator/v10 v10.19.0
1920
github.com/gogo/protobuf v1.3.2
20-
github.com/google/go-cmp v0.6.0
21-
github.com/google/uuid v1.4.0
21+
github.com/google/go-cmp v0.7.0
22+
github.com/google/uuid v1.6.0
2223
github.com/gorilla/handlers v1.4.2
23-
github.com/gorilla/mux v1.8.0
24-
github.com/gorilla/websocket v1.5.1
24+
github.com/gorilla/mux v1.8.1
25+
github.com/gorilla/websocket v1.5.3
2526
github.com/hashicorp/go-multierror v1.1.1
26-
github.com/hashicorp/golang-lru/v2 v2.0.5
27-
github.com/ipfs/go-cid v0.4.1
27+
github.com/hashicorp/golang-lru/v2 v2.0.7
28+
github.com/ipfs/go-cid v0.5.0
29+
github.com/ipshipyard/p2p-forge v0.7.0
2830
github.com/kardianos/service v1.2.2
2931
github.com/klauspost/reedsolomon v1.11.8
30-
github.com/libp2p/go-libp2p v0.33.2
31-
github.com/multiformats/go-multiaddr v0.12.3
32-
github.com/multiformats/go-multiaddr-dns v0.3.1
32+
github.com/libp2p/go-libp2p v0.46.0
33+
github.com/multiformats/go-multiaddr v0.16.1
34+
github.com/multiformats/go-multiaddr-dns v0.4.1
3335
github.com/multiformats/go-multihash v0.2.3
34-
github.com/multiformats/go-multistream v0.5.0
35-
github.com/multiformats/go-varint v0.0.7
36+
github.com/multiformats/go-multistream v0.6.1
3637
github.com/opentracing/opentracing-go v1.2.0
37-
github.com/prometheus/client_golang v1.21.1
38+
github.com/prometheus/client_golang v1.22.0
3839
github.com/spf13/afero v1.6.0
3940
github.com/spf13/cobra v1.8.1
4041
github.com/spf13/viper v1.7.0
41-
github.com/stretchr/testify v1.10.0
42+
github.com/stretchr/testify v1.11.1
4243
github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7
4344
github.com/uber/jaeger-client-go v2.24.0+incompatible
44-
github.com/vmihailenco/msgpack/v5 v5.3.4
45+
github.com/vmihailenco/msgpack/v5 v5.4.1
4546
github.com/wealdtech/go-ens/v3 v3.5.1
4647
gitlab.com/nolash/go-mockbytes v0.0.7
4748
go.uber.org/atomic v1.11.0
@@ -51,79 +52,70 @@ require (
5152
golang.org/x/sync v0.18.0
5253
golang.org/x/sys v0.38.0
5354
golang.org/x/term v0.37.0
54-
golang.org/x/time v0.9.0
55+
golang.org/x/time v0.12.0
5556
gopkg.in/yaml.v2 v2.4.0
5657
resenje.org/feed v0.1.2
5758
resenje.org/multex v0.1.0
5859
resenje.org/singleflight v0.4.0
5960
resenje.org/web v0.4.3
6061
)
6162

62-
require golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 // indirect
63-
6463
require (
65-
github.com/BurntSushi/toml v1.1.0 // indirect
64+
github.com/BurntSushi/toml v1.3.2 // indirect
6665
github.com/Microsoft/go-winio v0.6.2 // indirect
6766
github.com/StackExchange/wmi v1.2.1 // indirect
6867
github.com/benbjohnson/clock v1.3.5 // indirect
6968
github.com/beorn7/perks v1.0.1 // indirect
7069
github.com/bits-and-blooms/bitset v1.20.0 // indirect
7170
github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1 // indirect
71+
github.com/caddyserver/zerossl v0.1.3 // indirect
7272
github.com/cespare/xxhash/v2 v2.3.0 // indirect
7373
github.com/codahale/hdrhistogram v0.0.0-00010101000000-000000000000 // indirect
7474
github.com/consensys/gnark-crypto v0.18.1 // indirect
75-
github.com/containerd/cgroups v1.1.0 // indirect
76-
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
7775
github.com/crate-crypto/go-eth-kzg v1.3.0 // indirect
7876
github.com/crate-crypto/go-ipa v0.0.0-20240724233137-53bbb0ceb27a // indirect
79-
github.com/davecgh/go-spew v1.1.1 // indirect
77+
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
8078
github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
8179
github.com/deckarep/golang-set/v2 v2.6.0 // indirect
82-
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
83-
github.com/docker/go-units v0.5.0 // indirect
84-
github.com/elastic/gosigar v0.14.2 // indirect
80+
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
8581
github.com/ethereum/c-kzg-4844/v2 v2.1.0 // indirect
8682
github.com/ethereum/go-verkle v0.2.2 // indirect
8783
github.com/felixge/fgprof v0.9.5
8884
github.com/flynn/noise v1.1.0 // indirect
89-
github.com/francoispqt/gojay v1.2.13 // indirect
90-
github.com/fsnotify/fsnotify v1.6.0 // indirect
85+
github.com/fsnotify/fsnotify v1.9.0 // indirect
86+
github.com/gabriel-vasile/mimetype v1.4.3 // indirect
9187
github.com/go-kit/log v0.2.1 // indirect
92-
github.com/go-logfmt/logfmt v0.5.1 // indirect
88+
github.com/go-logfmt/logfmt v0.6.0 // indirect
9389
github.com/go-ole/go-ole v1.3.0 // indirect
94-
github.com/go-playground/locales v0.14.0 // indirect
95-
github.com/go-playground/universal-translator v0.18.0 // indirect
96-
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
97-
github.com/godbus/dbus/v5 v5.1.0 // indirect
90+
github.com/go-playground/locales v0.14.1 // indirect
91+
github.com/go-playground/universal-translator v0.18.1 // indirect
9892
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
9993
github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect
100-
github.com/google/gopacket v1.1.19 // indirect
101-
github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7 // indirect
102-
github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 // indirect
103-
github.com/hashicorp/errwrap v1.0.0 // indirect
94+
github.com/google/pprof v0.0.0-20250607225305-033d6d78b36a // indirect
95+
github.com/hashicorp/errwrap v1.1.0 // indirect
10496
github.com/hashicorp/hcl v1.0.0 // indirect
10597
github.com/holiman/uint256 v1.3.2 // indirect
10698
github.com/huin/goupnp v1.3.0 // indirect
10799
github.com/inconshreveable/mousetrap v1.1.0 // indirect
108-
github.com/ipfs/go-log/v2 v2.5.1 // indirect
100+
github.com/ipfs/go-log/v2 v2.6.0 // indirect
109101
github.com/jackpal/go-nat-pmp v1.0.2 // indirect
110102
github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect
111-
github.com/klauspost/compress v1.17.11 // indirect
112-
github.com/klauspost/cpuid/v2 v2.2.7 // indirect
113-
github.com/koron/go-ssdp v0.0.4 // indirect
114-
github.com/leodido/go-urn v1.2.1 // indirect
103+
github.com/klauspost/cpuid/v2 v2.2.10 // indirect
104+
github.com/koron/go-ssdp v0.0.6 // indirect
105+
github.com/leodido/go-urn v1.4.0 // indirect
106+
github.com/libdns/libdns v0.2.2 // indirect
115107
github.com/libp2p/go-buffer-pool v0.1.0 // indirect
116-
github.com/libp2p/go-flow-metrics v0.1.0 // indirect
108+
github.com/libp2p/go-flow-metrics v0.2.0 // indirect
117109
github.com/libp2p/go-libp2p-asn-util v0.4.1 // indirect
118110
github.com/libp2p/go-msgio v0.3.0 // indirect
119-
github.com/libp2p/go-nat v0.2.0 // indirect
120-
github.com/libp2p/go-netroute v0.2.1 // indirect
111+
github.com/libp2p/go-netroute v0.3.0 // indirect
121112
github.com/libp2p/go-reuseport v0.4.0 // indirect
122-
github.com/libp2p/go-yamux/v4 v4.0.1 // indirect
113+
github.com/libp2p/go-yamux/v5 v5.0.1 // indirect
123114
github.com/magiconair/properties v1.8.1 // indirect
124115
github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect
125116
github.com/mattn/go-isatty v0.0.20 // indirect
126-
github.com/miekg/dns v1.1.58 // indirect
117+
github.com/mholt/acmez/v3 v3.0.0 // indirect
118+
github.com/miekg/dns v1.1.66 // indirect
127119
github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect
128120
github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect
129121
github.com/minio/sha256-simd v1.0.1 // indirect
@@ -133,24 +125,42 @@ require (
133125
github.com/multiformats/go-base36 v0.2.0 // indirect
134126
github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect
135127
github.com/multiformats/go-multibase v0.2.0 // indirect
136-
github.com/multiformats/go-multicodec v0.9.0 // indirect
128+
github.com/multiformats/go-multicodec v0.9.1 // indirect
129+
github.com/multiformats/go-varint v0.0.7
137130
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
138-
github.com/onsi/ginkgo/v2 v2.15.0 // indirect
139-
github.com/opencontainers/runtime-spec v1.2.0 // indirect
131+
github.com/onsi/gomega v1.36.3 // indirect
140132
github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
141133
github.com/pelletier/go-toml v1.8.0 // indirect
134+
github.com/pion/datachannel v1.5.10 // indirect
135+
github.com/pion/dtls/v2 v2.2.12 // indirect
136+
github.com/pion/dtls/v3 v3.0.6 // indirect
137+
github.com/pion/ice/v4 v4.0.10 // indirect
138+
github.com/pion/interceptor v0.1.40 // indirect
139+
github.com/pion/logging v0.2.3 // indirect
140+
github.com/pion/mdns/v2 v2.0.7 // indirect
141+
github.com/pion/randutil v0.1.0 // indirect
142+
github.com/pion/rtcp v1.2.15 // indirect
143+
github.com/pion/rtp v1.8.19 // indirect
144+
github.com/pion/sctp v1.8.39 // indirect
145+
github.com/pion/sdp/v3 v3.0.13 // indirect
146+
github.com/pion/srtp/v3 v3.0.6 // indirect
147+
github.com/pion/stun v0.6.1 // indirect
148+
github.com/pion/stun/v3 v3.0.0 // indirect
149+
github.com/pion/transport/v2 v2.2.10 // indirect
150+
github.com/pion/transport/v3 v3.0.7 // indirect
151+
github.com/pion/turn/v4 v4.0.2 // indirect
152+
github.com/pion/webrtc/v4 v4.1.2 // indirect
142153
github.com/pkg/errors v0.9.1 // indirect
143-
github.com/pmezard/go-difflib v1.0.0 // indirect
144-
github.com/prometheus/client_model v0.6.1 // indirect
145-
github.com/prometheus/common v0.62.0
146-
github.com/prometheus/procfs v0.15.1 // indirect
147-
github.com/prometheus/statsd_exporter v0.22.7 // indirect
148-
github.com/quic-go/qpack v0.4.0 // indirect
149-
github.com/quic-go/quic-go v0.42.0 // indirect
150-
github.com/quic-go/webtransport-go v0.6.0 // indirect
151-
github.com/raulk/go-watchdog v1.3.0 // indirect
154+
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
155+
github.com/prometheus/client_model v0.6.2 // indirect
156+
github.com/prometheus/common v0.64.0
157+
github.com/prometheus/procfs v0.16.1 // indirect
158+
github.com/prometheus/statsd_exporter v0.26.1 // indirect
159+
github.com/quic-go/qpack v0.6.0 // indirect
160+
github.com/quic-go/quic-go v0.57.1 // indirect
161+
github.com/quic-go/webtransport-go v0.9.0 // indirect
162+
github.com/rogpeppe/go-internal v1.13.1 // indirect
152163
github.com/shirou/gopsutil v3.21.5+incompatible // indirect
153-
github.com/smartystreets/assertions v1.1.1 // indirect
154164
github.com/spaolacci/murmur3 v1.1.0 // indirect
155165
github.com/spf13/cast v1.3.0 // indirect
156166
github.com/spf13/jwalterweatherman v1.0.0 // indirect
@@ -162,20 +172,24 @@ require (
162172
github.com/uber/jaeger-lib v2.2.0+incompatible // indirect
163173
github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
164174
github.com/wealdtech/go-multicodec v1.4.0 // indirect
175+
github.com/wlynxg/anet v0.0.5 // indirect
176+
github.com/zeebo/blake3 v0.2.4 // indirect
165177
go.opencensus.io v0.24.0 // indirect
166-
go.uber.org/dig v1.17.1 // indirect
167-
go.uber.org/fx v1.20.1 // indirect
168-
go.uber.org/mock v0.4.0 // indirect
178+
go.uber.org/dig v1.19.0 // indirect
179+
go.uber.org/fx v1.24.0 // indirect
180+
go.uber.org/mock v0.5.2 // indirect
169181
go.uber.org/multierr v1.11.0 // indirect
170-
go.uber.org/zap v1.27.0 // indirect
171-
golang.org/x/exp v0.0.0-20240213143201-ec583247a57a // indirect
182+
go.uber.org/zap v1.27.0
183+
go.uber.org/zap/exp v0.3.0 // indirect
184+
golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476 // indirect
172185
golang.org/x/mod v0.29.0 // indirect
186+
golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 // indirect
173187
golang.org/x/text v0.31.0 // indirect
174188
golang.org/x/tools v0.38.0 // indirect
175-
google.golang.org/protobuf v1.36.1 // indirect
176-
gopkg.in/ini.v1 v1.57.0 // indirect
189+
google.golang.org/protobuf v1.36.6 // indirect
190+
gopkg.in/ini.v1 v1.67.0 // indirect
177191
gopkg.in/yaml.v3 v3.0.1 // indirect
178-
lukechampine.com/blake3 v1.2.1 // indirect
192+
lukechampine.com/blake3 v1.4.1 // indirect
179193
)
180194

181195
replace github.com/codahale/hdrhistogram => github.com/HdrHistogram/hdrhistogram-go v0.0.0-20200919145931-8dac23c8dac1

0 commit comments

Comments
 (0)