Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion src/main/Config.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ static std::unordered_set<std::string> const TESTING_ONLY_OPTIONS = {

// Options that should only be used for testing
static std::unordered_set<std::string> const TESTING_SUGGESTED_OPTIONS = {
"ALLOW_LOCALHOST_FOR_TESTING"};
"ALLOW_LOCALHOST_FOR_TESTING", "ALLOW_PRIVATE_ADDRESSES_FOR_TESTING"};

namespace
{
Expand Down Expand Up @@ -199,6 +199,7 @@ Config::Config() : NODE_SEED(SecretKey::random())
std::chrono::seconds::zero();
ARTIFICIALLY_DELAY_LEDGER_CLOSE_FOR_TESTING = std::chrono::milliseconds(0);
ALLOW_LOCALHOST_FOR_TESTING = false;
ALLOW_PRIVATE_ADDRESSES_FOR_TESTING = false;
USE_CONFIG_FOR_GENESIS = false;
GENESIS_TEST_ACCOUNT_COUNT = 0;
FAILURE_SAFETY = -1;
Expand Down Expand Up @@ -1315,6 +1316,10 @@ Config::processConfig(std::shared_ptr<cpptoml::table> t)
}},
{"ALLOW_LOCALHOST_FOR_TESTING",
[&]() { ALLOW_LOCALHOST_FOR_TESTING = readBool(item); }},
{"ALLOW_PRIVATE_ADDRESSES_FOR_TESTING",
[&]() {
ALLOW_PRIVATE_ADDRESSES_FOR_TESTING = readBool(item);
}},
{"PUBLISH_TO_ARCHIVE_DELAY",
[&]() {
PUBLISH_TO_ARCHIVE_DELAY =
Expand Down
7 changes: 7 additions & 0 deletions src/main/Config.h
Original file line number Diff line number Diff line change
Expand Up @@ -575,6 +575,13 @@ class Config : public std::enable_shared_from_this<Config>
// this should only be enabled when testing as it's a security issue
bool ALLOW_LOCALHOST_FOR_TESTING;

// A config to allow gossiping (advertising and accepting in PEERS
// messages) and connecting to RFC1918 private addresses (10/8, 172.16/12,
// 192.168/16). Private addresses are normally filtered out of peer
// exchange, which disables gossip-based peer discovery in environments
// where every node has a private address (e.g. a Kubernetes pod network).
bool ALLOW_PRIVATE_ADDRESSES_FOR_TESTING;

// Set to use config file values for genesis ledger
// not setable in config file - only tests are allowed to do this
bool USE_CONFIG_FOR_GENESIS;
Expand Down
3 changes: 2 additions & 1 deletion src/overlay/Peer.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2018,7 +2018,8 @@ Peer::recvPeers(StellarMessage const& msg)
releaseAssert(peer.ip.type() == IPv4);
auto address = PeerBareAddress{peer};

if (address.isPrivate())
if (address.isPrivate() &&
!mAppConnector.getConfig().ALLOW_PRIVATE_ADDRESSES_FOR_TESTING)
{
CLOG_DEBUG(Overlay, "ignoring received private address {}",
address.toString());
Expand Down
4 changes: 3 additions & 1 deletion src/overlay/PeerManager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -211,8 +211,10 @@ std::vector<PeerBareAddress>
PeerManager::getPeersToSend(size_t size, PeerBareAddress const& address)
{
ZoneScoped;
bool const allowPrivate =
mApp.getConfig().ALLOW_PRIVATE_ADDRESSES_FOR_TESTING;
auto keep = [&](PeerBareAddress const& pba) {
return !pba.isPrivate() && pba != address;
return (allowPrivate || !pba.isPrivate()) && pba != address;
};

auto peers = mOutboundPeersToSend->getRandomPeers(size, keep);
Expand Down
Loading