Skip to content
This repository has been archived by the owner on Jan 22, 2025. It is now read-only.

Exclude loopback from valid IP addresses #29992

Merged
merged 6 commits into from
Feb 1, 2023
Merged

Exclude loopback from valid IP addresses #29992

merged 6 commits into from
Feb 1, 2023

Conversation

bw-solana
Copy link
Contributor

@bw-solana bw-solana commented Jan 30, 2023
edited
Loading

Problem

See #29966. Large number of validators are advertising loopback IP. This could cause a naive validator implementation to jam its own loopback ports without proper IP screening.

Summary of Changes

  • Exclude loopback IPs from valid IPs when SocketAddrSpace is specified as global (e.g. MNB and testnet configurations)
  • Update localnet tests to allow private addresses (because we want to allow cross validator communication through loopback addresses)

@bw-solana bw-solana marked this pull request as ready for review January 31, 2023 15:02
@bw-solana bw-solana requested a review from behzadnouri January 31, 2023 15:02
behzadnouri
behzadnouri reviewed Jan 31, 2023
View reviewed changes
Copy link
Contributor

@behzadnouri behzadnouri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Last time we changed these stuff, system-tests broke: #18850 #18876

Can you please double check they are ok?

multinode-demo/bootstrap-validator.sh Outdated Show resolved Hide resolved
multinode-demo/validator.sh Outdated Show resolved Hide resolved
@bw-solana
Copy link
Contributor Author

Last time we changed these stuff, system-tests broke: #18850 #18876

Can you please double check they are ok?

Are these not run as part of CI? Any pointers on how to run?

@behzadnouri
Copy link
Contributor

Last time we changed these stuff, system-tests broke: #18850 #18876
Can you please double check they are ok?

Are these not run as part of CI? Any pointers on how to run?

no, they are either manually triggered on buildkite or run as scheduled jobs.
See #alerts-performance-results channel on slack.
https://docs.google.com/document/d/1h1nYR7uwCNxntkKCvbsx64rVPGhhcH1Ub47rVYYVFZw/edit?usp=sharing

@bw-solana
Copy link
Contributor Author

bw-solana commented Jan 31, 2023
edited
Loading

Kicked off system-performance-test here

Update: system-performance-test passed

@bw-solana bw-solana requested a review from behzadnouri February 1, 2023 00:07
behzadnouri
behzadnouri previously approved these changes Feb 1, 2023
View reviewed changes
Copy link
Contributor

@behzadnouri behzadnouri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

would be good to double check that this:
https://github.com/solana-labs/solana/tree/master/net#quick-start
still works fine.

multinode-demo/validator.sh Outdated Show resolved Hide resolved
@mergify mergify bot dismissed behzadnouri’s stale review February 1, 2023 04:01

Pull request has been modified.

@bw-solana
Copy link
Contributor Author

lgtm

would be good to double check that this: https://github.com/solana-labs/solana/tree/master/net#quick-start still works fine.

Confirmed that GCE net scripts still work okay

@bw-solana bw-solana merged commit b29a50a into solana-labs:master Feb 1, 2023
@behzadnouri
Copy link
Contributor

I think this needs to be backported to v1.15

@bw-solana bw-solana added the v1.15 (abandoned) The v1.15 branch has been abandoned label Feb 2, 2023
@mergify mergify bot mentioned this pull request Feb 2, 2023
Merged
mergify bot pushed a commit that referenced this pull request Feb 2, 2023
@bw-solana @mergify
Exclude loopback from valid IP addresses (#29992)
2736142 
Excludes loopback IP addresses from being valid IP addresses unless private addresses are explicitly allowed

(cherry picked from commit b29a50a)
@bw-solana bw-solana mentioned this pull request Feb 2, 2023
Closed
bw-solana added a commit that referenced this pull request Feb 3, 2023
@bw-solana
Exclude loopback from valid IP addresses (#29992)
67c2411 
Excludes loopback IP addresses from being valid IP addresses unless private addresses are explicitly allowed

(cherry picked from commit b29a50a)
mergify bot added a commit that referenced this pull request Feb 3, 2023
@mergify @bw-solana
Exclude loopback from valid IP addresses (backport #29992) (#30102)
0ef8629 
Co-authored-by: Brennan <brennan.watt@solana.com>
@bw-solana bw-solana mentioned this pull request Feb 7, 2023
Merged
@KirillLykov KirillLykov mentioned this pull request Feb 20, 2023
Closed
2 tasks
@bw-solana bw-solana mentioned this pull request Mar 8, 2023
Closed
@andreisilviudragnea andreisilviudragnea mentioned this pull request Sep 11, 2023
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@behzadnouri behzadnouri behzadnouri left review comments

Assignees
No one assigned
Labels
v1.15 (abandoned) The v1.15 branch has been abandoned
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bw-solana @behzadnouri