From 8e11ec987f9d6926f5fb8b22ca4689579821e4a9 Mon Sep 17 00:00:00 2001 From: Garand Tyson Date: Mon, 29 Jun 2026 17:07:00 -0700 Subject: [PATCH] Allow private addresses for testing --- src/main/Config.cpp | 7 ++++++- src/main/Config.h | 7 +++++++ src/overlay/Peer.cpp | 3 ++- src/overlay/PeerManager.cpp | 4 +++- 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/main/Config.cpp b/src/main/Config.cpp index 7f10981d38..feba295230 100644 --- a/src/main/Config.cpp +++ b/src/main/Config.cpp @@ -77,7 +77,7 @@ static std::unordered_set const TESTING_ONLY_OPTIONS = { // Options that should only be used for testing static std::unordered_set const TESTING_SUGGESTED_OPTIONS = { - "ALLOW_LOCALHOST_FOR_TESTING"}; + "ALLOW_LOCALHOST_FOR_TESTING", "ALLOW_PRIVATE_ADDRESSES_FOR_TESTING"}; namespace { @@ -199,6 +199,7 @@ Config::Config() : NODE_SEED(SecretKey::random()) std::chrono::seconds::zero(); ARTIFICIALLY_DELAY_LEDGER_CLOSE_FOR_TESTING = std::chrono::milliseconds(0); ALLOW_LOCALHOST_FOR_TESTING = false; + ALLOW_PRIVATE_ADDRESSES_FOR_TESTING = false; USE_CONFIG_FOR_GENESIS = false; GENESIS_TEST_ACCOUNT_COUNT = 0; FAILURE_SAFETY = -1; @@ -1315,6 +1316,10 @@ Config::processConfig(std::shared_ptr t) }}, {"ALLOW_LOCALHOST_FOR_TESTING", [&]() { ALLOW_LOCALHOST_FOR_TESTING = readBool(item); }}, + {"ALLOW_PRIVATE_ADDRESSES_FOR_TESTING", + [&]() { + ALLOW_PRIVATE_ADDRESSES_FOR_TESTING = readBool(item); + }}, {"PUBLISH_TO_ARCHIVE_DELAY", [&]() { PUBLISH_TO_ARCHIVE_DELAY = diff --git a/src/main/Config.h b/src/main/Config.h index f3dd0405bf..78dbff6bae 100644 --- a/src/main/Config.h +++ b/src/main/Config.h @@ -575,6 +575,13 @@ class Config : public std::enable_shared_from_this // this should only be enabled when testing as it's a security issue bool ALLOW_LOCALHOST_FOR_TESTING; + // A config to allow gossiping (advertising and accepting in PEERS + // messages) and connecting to RFC1918 private addresses (10/8, 172.16/12, + // 192.168/16). Private addresses are normally filtered out of peer + // exchange, which disables gossip-based peer discovery in environments + // where every node has a private address (e.g. a Kubernetes pod network). + bool ALLOW_PRIVATE_ADDRESSES_FOR_TESTING; + // Set to use config file values for genesis ledger // not setable in config file - only tests are allowed to do this bool USE_CONFIG_FOR_GENESIS; diff --git a/src/overlay/Peer.cpp b/src/overlay/Peer.cpp index a16122f003..7219901bc4 100644 --- a/src/overlay/Peer.cpp +++ b/src/overlay/Peer.cpp @@ -2018,7 +2018,8 @@ Peer::recvPeers(StellarMessage const& msg) releaseAssert(peer.ip.type() == IPv4); auto address = PeerBareAddress{peer}; - if (address.isPrivate()) + if (address.isPrivate() && + !mAppConnector.getConfig().ALLOW_PRIVATE_ADDRESSES_FOR_TESTING) { CLOG_DEBUG(Overlay, "ignoring received private address {}", address.toString()); diff --git a/src/overlay/PeerManager.cpp b/src/overlay/PeerManager.cpp index f204a5beb8..6255a68ee3 100644 --- a/src/overlay/PeerManager.cpp +++ b/src/overlay/PeerManager.cpp @@ -211,8 +211,10 @@ std::vector PeerManager::getPeersToSend(size_t size, PeerBareAddress const& address) { ZoneScoped; + bool const allowPrivate = + mApp.getConfig().ALLOW_PRIVATE_ADDRESSES_FOR_TESTING; auto keep = [&](PeerBareAddress const& pba) { - return !pba.isPrivate() && pba != address; + return (allowPrivate || !pba.isPrivate()) && pba != address; }; auto peers = mOutboundPeersToSend->getRandomPeers(size, keep);