Gate connections from vpn addresses

go.mod

@@ -6,34 +6,26 @@ require (
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
-	github.com/golang/protobuf v1.4.3 // indirect
 	github.com/google/go-cmp v0.5.5 // indirect
-	github.com/ipfs/go-log/v2 v2.1.1
+	github.com/ipfs/go-ipns v0.1.2 // indirect
+	github.com/ipfs/go-log/v2 v2.3.0
 	github.com/kr/text v0.2.0 // indirect
-	github.com/libp2p/go-libp2p v0.13.0
-	github.com/libp2p/go-libp2p-core v0.8.0
-	github.com/libp2p/go-libp2p-discovery v0.5.0
+	github.com/libp2p/go-libp2p v0.15.0
+	github.com/libp2p/go-libp2p-core v0.9.0
+	github.com/libp2p/go-libp2p-discovery v0.5.1
 	github.com/libp2p/go-libp2p-kad-dht v0.11.1
-	github.com/libp2p/go-libp2p-pubsub v0.4.1
+	github.com/libp2p/go-libp2p-pubsub v0.5.4
 	github.com/lthibault/jitterbug v2.0.0+incompatible
-	github.com/multiformats/go-multiaddr v0.3.1
+	github.com/multiformats/go-multiaddr v0.4.0
 	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
 	github.com/pkg/errors v0.9.1
 	github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091
 	github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
 	github.com/vishvananda/netlink v1.1.0
 	github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119
-	go.uber.org/zap v1.16.0
-	golang.org/x/crypto v0.0.0-20210317152858-513c2a44f670 // indirect
+	go.uber.org/zap v1.19.0
 	golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
-	golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4 // indirect
-	golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4 // indirect
-	golang.org/x/text v0.3.5 // indirect
-	golang.org/x/tools v0.1.1-0.20210319172145-bda8f5cee399 // indirect
-	google.golang.org/protobuf v1.25.0 // indirect
-	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
 	gopkg.in/yaml.v2 v2.4.0
-	gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c // indirect
 	honnef.co/go/tools v0.1.1 // indirect
 )
 

pkg/discovery/mdns.go

@@ -2,24 +2,19 @@ package discovery
 
 import (
 	"context"
-	"time"
 
 	"github.com/libp2p/go-libp2p"
 	"go.uber.org/zap"
 
-	"github.com/libp2p/go-libp2p-core/peer"
-	"github.com/libp2p/go-libp2p/p2p/discovery"
-
 	"github.com/libp2p/go-libp2p-core/host"
+	"github.com/libp2p/go-libp2p-core/peer"
+	mdns "github.com/libp2p/go-libp2p/p2p/discovery/mdns"
 )
 
 type MDNS struct {
 	DiscoveryServiceTag string
 }
 
-// DiscoveryInterval is how often we re-publish our mDNS records.
-const DiscoveryInterval = time.Second
-
 // discoveryNotifee gets notified when we find a new peer via mDNS discovery
 type discoveryNotifee struct {
 	h host.Host
@@ -44,10 +39,7 @@ func (d *MDNS) Option(ctx context.Context) func(c *libp2p.Config) error {
 func (d *MDNS) Run(l *zap.Logger, ctx context.Context, host host.Host) error {
 
 	// setup mDNS discovery to find local peers
-	disc, err := discovery.NewMdnsService(ctx, host, DiscoveryInterval, d.DiscoveryServiceTag)
-	if err != nil {
-		return err
-	}
+	disc := mdns.NewMdnsService(host, d.DiscoveryServiceTag)
 
 	n := discoveryNotifee{h: host, c: l}
 	disc.RegisterNotifee(&n)

pkg/edgevpn/config.go

@@ -43,7 +43,8 @@ type Config struct {
 	NetLinkBootstrap bool
 
 	// Handle is a handle consumed by HumanInterfaces to handle received messages
-	Handle func(bool, *hub.Message)
+	Handle  func(bool, *hub.Message)
+	Options []libp2p.Option
 }
 
 type Handler func(*hub.Message) error

pkg/edgevpn/connection.go

@@ -5,10 +5,12 @@ import (
 	"crypto/rand"
 	"io"
 	mrand "math/rand"
+	"net"
 
 	"github.com/libp2p/go-libp2p"
 	"github.com/libp2p/go-libp2p-core/crypto"
 	"github.com/libp2p/go-libp2p-core/host"
+	conngater "github.com/libp2p/go-libp2p/p2p/net/conngater"
 
 	hub "github.com/mudler/edgevpn/pkg/hub"
 	multiaddr "github.com/multiformats/go-multiaddr"
@@ -33,17 +35,34 @@ func (e *EdgeVPN) genHost(ctx context.Context) (host.Host, error) {
 		return nil, err
 	}
 
+	// Avoid to loopback traffic by trying to connect to nodes in via VPN
+	_, vpnNetwork, err := net.ParseCIDR(e.config.InterfaceAddress)
+	if err != nil {
+		return nil, err
+	}
+
+	cg, err := conngater.NewBasicConnectionGater(nil)
+	if err != nil {
+		return nil, err
+	}
+	if err := cg.BlockSubnet(vpnNetwork); err != nil {
+		return nil, err
+	}
+
 	opts := []libp2p.Option{
 		libp2p.ListenAddrs([]multiaddr.Multiaddr(e.config.ListenAddresses)...),
 		libp2p.Identity(prvKey),
 		libp2p.EnableAutoRelay(),
 		libp2p.EnableNATService(),
+		libp2p.ConnectionGater(cg),
 	}
 
 	for _, d := range e.config.ServiceDiscovery {
 		opts = append(opts, d.Option(ctx))
 	}
 
+	opts = append(opts, e.config.Options...)
+
 	if e.config.Insecure {
 		opts = append(opts, libp2p.NoSecurity)
 	}

pkg/edgevpn/options.go

@@ -4,6 +4,7 @@ import (
 	"io/ioutil"
 
 	"github.com/ipfs/go-log/v2"
+	"github.com/libp2p/go-libp2p"
 	discovery "github.com/mudler/edgevpn/pkg/discovery"
 	"github.com/mudler/edgevpn/pkg/hub"
 	"github.com/mudler/edgevpn/pkg/utils"
@@ -22,6 +23,13 @@ func IfaceWriter(i *water.Interface) Handler {
 	})
 }
 
+func WithLibp2pOptions(i ...libp2p.Option) func(cfg *Config) error {
+	return func(cfg *Config) error {
+		cfg.Options = append(cfg.Options, i...)
+		return nil
+	}
+}
+
 func WithInterface(i *water.Interface) func(cfg *Config) error {
 	return func(cfg *Config) error {
 		cfg.Interface = i