2 years ago · 40c0ea0f70
--- a/cmd/util.go
+++ b/cmd/util.go
@@ -26,12 +26,13 @@ import (
 
				 	"time"
			
 
				 
			
 
				 	"github.com/ipfs/go-log"
			
 
				-	"github.com/libp2p/go-libp2p/core/peer"
			
 
				 	"github.com/libp2p/go-libp2p/core/crypto"
			
 
				+	"github.com/libp2p/go-libp2p/core/peer"
			
 
				 	rcmgr "github.com/libp2p/go-libp2p/p2p/host/resource-manager"
			
 
				 	"github.com/mudler/edgevpn/internal"
			
 
				 	"github.com/mudler/edgevpn/pkg/config"
			
 
				 	nodeConfig "github.com/mudler/edgevpn/pkg/config"
			
 
				+	"github.com/multiformats/go-multiaddr"
			
 
				 
			
 
				 	"github.com/mudler/edgevpn/pkg/logger"
			
 
				 	node "github.com/mudler/edgevpn/pkg/node"
			
@@ -239,7 +240,7 @@ var CommonFlags []cli.Flag = []cli.Flag{
 
				 	},
			
 
				 	&cli.StringFlag{
			
 
				 		Name:   "limit-file",
			
 
				-		Usage:  "Specify an limit config (json)",
			
 
				+		Usage:  "Specify a resource limit config (json)",
			
 
				 		EnvVar: "LIMITFILE",
			
 
				 	},
			
 
				 	&cli.StringFlag{
			
@@ -249,12 +250,7 @@ var CommonFlags []cli.Flag = []cli.Flag{
 
				 		Value:  "system",
			
 
				 	},
			
 
				 	&cli.BoolFlag{
			
 
				-		Name:   "limit-config",
			
 
				-		Usage:  "Enable inline resource limit configuration",
			
 
				-		EnvVar: "LIMITCONFIG",
			
 
				-	},
			
 
				-	&cli.BoolFlag{
			
 
				-		Name:   "limit-enable",
			
 
				+		Name:   "resource-limit",
			
 
				 		Usage:  "Enable resource manager. (Experimental) All options prefixed with limit requires resource manager to be enabled",
			
 
				 		EnvVar: "LIMITENABLE",
			
 
				 	},
			
@@ -321,6 +317,11 @@ var CommonFlags []cli.Flag = []cli.Flag{
 
				 		Usage:  "List of static peers to use (in `ip:peerid` format)",
			
 
				 		EnvVar: "EDGEVPNSTATICPEERTABLE",
			
 
				 	},
			
 
				+	&cli.StringSliceFlag{
			
 
				+		Name:   "whitelist",
			
 
				+		Usage:  "List of peers in the whitelist",
			
 
				+		EnvVar: "EDGEVPNWHITELIST",
			
 
				+	},
			
 
				 	&cli.BoolFlag{
			
 
				 		Name:   "peergate",
			
 
				 		Usage:  "Enable peergating. (Experimental)",
			
@@ -367,31 +368,27 @@ func displayStart(ll *logger.Logger) {
 
				 	ll.Infof("Version: %s commit: %s", internal.Version, internal.Commit)
			
 
				 }
			
 
				 
			
 
				+func stringsToMultiAddr(peers []string) []multiaddr.Multiaddr {
			
 
				+	res := []multiaddr.Multiaddr{}
			
 
				+	for _, p := range peers {
			
 
				+		addr, err := multiaddr.NewMultiaddr(p)
			
 
				+		if err != nil {
			
 
				+			continue
			
 
				+		}
			
 
				+		res = append(res, addr)
			
 
				+	}
			
 
				+	return res
			
 
				+}
			
 
				+
			
 
				 func cliToOpts(c *cli.Context) ([]node.Option, []vpn.Option, *logger.Logger) {
			
 
				 
			
 
				-	var limitConfig *rcmgr.LimitConfig
			
 
				+	var limitConfig *rcmgr.PartialLimitConfig
			
 
				 
			
 
				 	autorelayInterval, err := time.ParseDuration(c.String("autorelay-discovery-interval"))
			
 
				 	if err != nil {
			
 
				 		autorelayInterval = 0
			
 
				 	}
			
 
				 
			
 
				-	if c.Bool("limit-config") {
			
 
				-		limitConfig = &rcmgr.LimitConfig{
			
 
				-
			
 
				-			System: rcmgr.BaseLimit{
			
 
				-				Streams:         c.Int("limit-config-streams"),
			
 
				-				StreamsInbound:  c.Int("limit-config-streams-inbound"),
			
 
				-				StreamsOutbound: c.Int("limit-config-streams-outbound"),
			
 
				-				Conns:           c.Int("limit-config-conn"),
			
 
				-				ConnsInbound:    c.Int("limit-config-conn-inbound"),
			
 
				-				ConnsOutbound:   c.Int("limit-config-conn-outbound"),
			
 
				-				FD:              c.Int("limit-config-fd"),
			
 
				-				Memory:          c.Int64("limit-config-memory"),
			
 
				-			},
			
 
				-		}
			
 
				-	}
			
 
				-
			
 
				 	// Authproviders are supposed to be passed as a json object
			
 
				 	pa := c.String("peergate-auth")
			
 
				 	d := map[string]map[string]interface{}{}
			
@@ -413,6 +410,7 @@ func cliToOpts(c *cli.Context) ([]node.Option, []vpn.Option, *logger.Logger) {
 
				 		InterfaceMTU:      c.Int("mtu"),
			
 
				 		PacketMTU:         c.Int("packet-mtu"),
			
 
				 		BootstrapIface:    c.Bool("bootstrap-iface"),
			
 
				+		Whitelist:         stringsToMultiAddr(c.StringSlice("whitelist")),
			
 
				 		Ledger: config.Ledger{
			
 
				 			StateDir:         c.String("ledger-state"),
			
 
				 			AnnounceInterval: time.Duration(c.Int("ledger-announce-interval")) * time.Second,
			
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -40,6 +40,7 @@ import (
 
				 	"github.com/mudler/edgevpn/pkg/trustzone/authprovider/ecdsa"
			
 
				 	"github.com/mudler/edgevpn/pkg/vpn"
			
 
				 	"github.com/mudler/water"
			
 
				+	"github.com/multiformats/go-multiaddr"
			
 
				 	"github.com/peterbourgon/diskv"
			
 
				 )
			
 
				 
			
@@ -65,6 +66,8 @@ type Config struct {
 
				 	// PeerGuard (experimental)
			
 
				 	// enable peerguardian and add specific auth options
			
 
				 	PeerGuard PeerGuard
			
 
				+
			
 
				+	Whitelist []multiaddr.Multiaddr
			
 
				 }
			
 
				 
			
 
				 type PeerGuard struct {
			
@@ -81,7 +84,7 @@ type PeerGuard struct {
 
				 
			
 
				 type ResourceLimit struct {
			
 
				 	FileLimit   string
			
 
				-	LimitConfig *rcmgr.LimitConfig
			
 
				+	LimitConfig *rcmgr.PartialLimitConfig
			
 
				 	Scope       string
			
 
				 	MaxConns    int
			
 
				 	StaticMin   int64
			
@@ -147,6 +150,7 @@ func peers2List(peers []string) discovery.AddrList {
 
				 	}
			
 
				 	return addrsList
			
 
				 }
			
 
				+
			
 
				 func peers2AddrInfo(peers []string) []peer.AddrInfo {
			
 
				 	addrsList := []peer.AddrInfo{}
			
 
				 	for _, p := range peers {
			
@@ -255,7 +259,7 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) {
 
				 		}
			
 
				 		// If no relays are specified and no discovery interval, then just use default static relays (to be deprecated)
			
 
				 
			
 
				-		relayOpts = append(relayOpts, autorelay.WithPeerSource(d.FindClosePeers(llger, c.Connection.OnlyStaticRelays, staticRelays...), c.Connection.AutoRelayDiscoveryInterval))
			
 
				+		relayOpts = append(relayOpts, autorelay.WithPeerSource(d.FindClosePeers(llger, c.Connection.OnlyStaticRelays, staticRelays...)))
			
 
				 
			
 
				 		libp2pOpts = append(libp2pOpts,
			
 
				 			libp2p.EnableAutoRelay(relayOpts...))
			
@@ -291,7 +295,7 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) {
 
				 	}
			
 
				 
			
 
				 	if !c.Limit.Enable || runtime.GOOS == "darwin" {
			
 
				-		libp2pOpts = append(libp2pOpts, libp2p.ResourceManager(network.NullResourceManager))
			
 
				+		libp2pOpts = append(libp2pOpts, libp2p.ResourceManager(&network.NullResourceManager{}))
			
 
				 	} else {
			
 
				 		var limiter rcmgr.Limiter
			
 
				 
			
@@ -322,7 +326,6 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) {
 
				 			defaultLimits := rcmgr.DefaultLimits.Scale(min+max/2, logScale(2*maxconns))
			
 
				 
			
 
				 			limiter = rcmgr.NewFixedLimiter(defaultLimits)
			
 
				-
			
 
				 		} else {
			
 
				 			defaults := rcmgr.DefaultLimits
			
 
				 			def := &defaults
			
@@ -331,17 +334,11 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) {
 
				 			limiter = rcmgr.NewFixedLimiter(def.AutoScale())
			
 
				 		}
			
 
				 
			
 
				-		rc, err := rcmgr.NewResourceManager(limiter)
			
 
				+		rc, err := rcmgr.NewResourceManager(limiter, rcmgr.WithAllowlistedMultiaddrs(c.Whitelist))
			
 
				 		if err != nil {
			
 
				 			llger.Fatal("could not create resource manager")
			
 
				 		}
			
 
				 
			
 
				-		if c.Limit.LimitConfig != nil {
			
 
				-			if err := node.NetSetLimit(rc, c.Limit.Scope, &c.Limit.LimitConfig.System); err != nil {
			
 
				-				return opts, vpnOpts, err
			
 
				-			}
			
 
				-		}
			
 
				-
			
 
				 		libp2pOpts = append(libp2pOpts, libp2p.ResourceManager(rc))
			
 
				 	}