adds validator flag to allow private ip addresses (#18850)
This commit is contained in:
behzad nouri
GitHub
@ -46,6 +46,7 @@ solana-poh = { path = "../poh", version = "=1.8.0" }
|
||||
solana-rpc = { path = "../rpc", version = "=1.8.0" }
|
||||
solana-runtime = { path = "../runtime", version = "=1.8.0" }
|
||||
solana-sdk = { path = "../sdk", version = "=1.8.0" }
|
||||
solana-streamer = { path = "../streamer", version = "=1.8.0" }
|
||||
solana-version = { path = "../version", version = "=1.8.0" }
|
||||
solana-vote-program = { path = "../programs/vote", version = "=1.8.0" }
|
||||
symlink = "0.1.0"
|
||||
|
||||
@ -21,6 +21,7 @@ use {
|
||||
signature::{read_keypair_file, write_keypair_file, Keypair, Signer},
|
||||
system_program,
|
||||
},
|
||||
solana_streamer::socket::SocketAddrSpace,
|
||||
solana_validator::{
|
||||
admin_rpc_service, dashboard::Dashboard, println_name_value, redirect_stderr_to_file,
|
||||
test_validator::*,
|
||||
@ -278,8 +279,16 @@ fn main() {
|
||||
If the ledger already exists then this parameter is silently ignored",
|
||||
),
|
||||
)
|
||||
.arg(
|
||||
Arg::with_name("allow_private_addr")
|
||||
.long("allow-private-addr")
|
||||
.takes_value(false)
|
||||
.help("Allow contacting private ip addresses")
|
||||
.hidden(true),
|
||||
)
|
||||
.get_matches();
|
||||
|
||||
let socket_addr_space = SocketAddrSpace::new(matches.is_present("allow_private_addr"));
|
||||
let cli_config = if let Some(config_file) = matches.value_of("config_file") {
|
||||
solana_cli_config::Config::load(config_file).unwrap_or_default()
|
||||
} else {
|
||||
@ -584,7 +593,7 @@ fn main() {
|
||||
genesis.bind_ip_addr(bind_address);
|
||||
}
|
||||
|
||||
match genesis.start_with_mint_address(mint_address) {
|
||||
match genesis.start_with_mint_address(mint_address, socket_addr_space) {
|
||||
Ok(test_validator) => {
|
||||
*admin_service_cluster_info.write().unwrap() = Some(test_validator.cluster_info());
|
||||
if let Some(dashboard) = dashboard {
|
||||
|
||||
@ -58,6 +58,7 @@ use {
|
||||
pubkey::Pubkey,
|
||||
signature::{Keypair, Signer},
|
||||
},
|
||||
solana_streamer::socket::SocketAddrSpace,
|
||||
solana_validator::{
|
||||
admin_rpc_service, dashboard::Dashboard, new_spinner_progress_bar, println_name_value,
|
||||
redirect_stderr_to_file,
|
||||
@ -368,13 +369,14 @@ fn start_gossip_node(
|
||||
expected_shred_version: Option<u16>,
|
||||
gossip_validators: Option<HashSet<Pubkey>>,
|
||||
should_check_duplicate_instance: bool,
|
||||
socket_addr_space: SocketAddrSpace,
|
||||
) -> (Arc<ClusterInfo>, Arc<AtomicBool>, GossipService) {
|
||||
let contact_info = ClusterInfo::gossip_contact_info(
|
||||
identity_keypair.pubkey(),
|
||||
*gossip_addr,
|
||||
expected_shred_version.unwrap_or(0),
|
||||
);
|
||||
let mut cluster_info = ClusterInfo::new(contact_info, identity_keypair);
|
||||
let mut cluster_info = ClusterInfo::new(contact_info, identity_keypair, socket_addr_space);
|
||||
cluster_info.set_entrypoints(cluster_entrypoints.to_vec());
|
||||
cluster_info.restore_contact_info(ledger_path, 0);
|
||||
let cluster_info = Arc::new(cluster_info);
|
||||
@ -671,24 +673,25 @@ fn verify_reachable_ports(
|
||||
node: &Node,
|
||||
cluster_entrypoint: &ContactInfo,
|
||||
validator_config: &ValidatorConfig,
|
||||
socket_addr_space: &SocketAddrSpace,
|
||||
) -> bool {
|
||||
let mut udp_sockets = vec![&node.sockets.gossip, &node.sockets.repair];
|
||||
|
||||
if ContactInfo::is_valid_address(&node.info.serve_repair) {
|
||||
if ContactInfo::is_valid_address(&node.info.serve_repair, socket_addr_space) {
|
||||
udp_sockets.push(&node.sockets.serve_repair);
|
||||
}
|
||||
if ContactInfo::is_valid_address(&node.info.tpu) {
|
||||
if ContactInfo::is_valid_address(&node.info.tpu, socket_addr_space) {
|
||||
udp_sockets.extend(node.sockets.tpu.iter());
|
||||
}
|
||||
if ContactInfo::is_valid_address(&node.info.tpu_forwards) {
|
||||
if ContactInfo::is_valid_address(&node.info.tpu_forwards, socket_addr_space) {
|
||||
udp_sockets.extend(node.sockets.tpu_forwards.iter());
|
||||
}
|
||||
if ContactInfo::is_valid_address(&node.info.tvu) {
|
||||
if ContactInfo::is_valid_address(&node.info.tvu, socket_addr_space) {
|
||||
udp_sockets.extend(node.sockets.tvu.iter());
|
||||
udp_sockets.extend(node.sockets.broadcast.iter());
|
||||
udp_sockets.extend(node.sockets.retransmit_sockets.iter());
|
||||
}
|
||||
if ContactInfo::is_valid_address(&node.info.tvu_forwards) {
|
||||
if ContactInfo::is_valid_address(&node.info.tvu_forwards, socket_addr_space) {
|
||||
udp_sockets.extend(node.sockets.tvu_forwards.iter());
|
||||
}
|
||||
|
||||
@ -698,7 +701,7 @@ fn verify_reachable_ports(
|
||||
("RPC", rpc_addr, &node.info.rpc),
|
||||
("RPC pubsub", rpc_pubsub_addr, &node.info.rpc_pubsub),
|
||||
] {
|
||||
if ContactInfo::is_valid_address(public_addr) {
|
||||
if ContactInfo::is_valid_address(public_addr, socket_addr_space) {
|
||||
tcp_listeners.push((
|
||||
bind_addr.port(),
|
||||
TcpListener::bind(bind_addr).unwrap_or_else(|err| {
|
||||
@ -763,14 +766,19 @@ fn rpc_bootstrap(
|
||||
start_progress: &Arc<RwLock<ValidatorStartProgress>>,
|
||||
minimal_snapshot_download_speed: f32,
|
||||
maximum_snapshot_download_abort: u64,
|
||||
socket_addr_space: SocketAddrSpace,
|
||||
) {
|
||||
if !no_port_check {
|
||||
let mut order: Vec<_> = (0..cluster_entrypoints.len()).collect();
|
||||
order.shuffle(&mut thread_rng());
|
||||
if order
|
||||
.into_iter()
|
||||
.all(|i| !verify_reachable_ports(node, &cluster_entrypoints[i], validator_config))
|
||||
{
|
||||
if order.into_iter().all(|i| {
|
||||
!verify_reachable_ports(
|
||||
node,
|
||||
&cluster_entrypoints[i],
|
||||
validator_config,
|
||||
&socket_addr_space,
|
||||
)
|
||||
}) {
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
@ -795,6 +803,7 @@ fn rpc_bootstrap(
|
||||
validator_config.expected_shred_version,
|
||||
validator_config.gossip_validators.clone(),
|
||||
should_check_duplicate_instance,
|
||||
socket_addr_space,
|
||||
));
|
||||
}
|
||||
|
||||
@ -1859,6 +1868,13 @@ pub fn main() {
|
||||
.help("Disables duplicate instance check")
|
||||
.hidden(true),
|
||||
)
|
||||
.arg(
|
||||
Arg::with_name("allow_private_addr")
|
||||
.long("allow-private-addr")
|
||||
.takes_value(false)
|
||||
.help("Allow contacting private ip addresses")
|
||||
.hidden(true),
|
||||
)
|
||||
.after_help("The default subcommand is run")
|
||||
.subcommand(
|
||||
SubCommand::with_name("exit")
|
||||
@ -1975,6 +1991,7 @@ pub fn main() {
|
||||
)
|
||||
.get_matches();
|
||||
|
||||
let socket_addr_space = SocketAddrSpace::new(matches.is_present("allow_private_addr"));
|
||||
let ledger_path = PathBuf::from(matches.value_of("ledger_path").unwrap());
|
||||
|
||||
let operation = match matches.subcommand() {
|
||||
@ -2669,6 +2686,7 @@ pub fn main() {
|
||||
&start_progress,
|
||||
minimal_snapshot_download_speed,
|
||||
maximum_snapshot_download_abort,
|
||||
socket_addr_space,
|
||||
);
|
||||
*start_progress.write().unwrap() = ValidatorStartProgress::Initializing;
|
||||
}
|
||||
@ -2688,6 +2706,7 @@ pub fn main() {
|
||||
&validator_config,
|
||||
should_check_duplicate_instance,
|
||||
start_progress,
|
||||
socket_addr_space,
|
||||
);
|
||||
*admin_service_cluster_info.write().unwrap() = Some(validator.cluster_info.clone());
|
||||
|
||||
|
||||
Reference in New Issue
Block a user