From 3aad05debb4b4927ea3226fbb25002a0e6bc11a7 Mon Sep 17 00:00:00 2001 From: edgr Date: Tue, 23 Sep 2025 19:58:01 +0800 Subject: [PATCH] Behind a firewall conf for local root peers --- .../Ouroboros/Network/OrphanInstances.hs | 1 + .../Ouroboros/Network/Diffusion/Topology.hs | 12 +- .../Network/PeerSelection/Governor.hs | 2 +- .../Governor/EstablishedPeers.hs | 49 +++++-- .../Network/PeerSelection/State/KnownPeers.hs | 3 + .../PeerSelection/State/LocalRootPeers.hs | 7 +- .../Network/Diffusion/Testnet/Cardano.hs | 61 ++++----- .../Test/Ouroboros/Network/PeerSelection.hs | 124 ++++++++++++++++-- .../PeerSelection/Cardano/MockEnvironment.hs | 28 +++- .../Network/PeerSelection/Instances.hs | 1 + .../Network/PeerSelection/RootPeersDNS.hs | 4 +- 11 files changed, 231 insertions(+), 61 deletions(-) diff --git a/ouroboros-network/orphan-instances/Ouroboros/Network/OrphanInstances.hs b/ouroboros-network/orphan-instances/Ouroboros/Network/OrphanInstances.hs index 80712407cf6..df9c78b5fc7 100644 --- a/ouroboros-network/orphan-instances/Ouroboros/Network/OrphanInstances.hs +++ b/ouroboros-network/orphan-instances/Ouroboros/Network/OrphanInstances.hs @@ -102,6 +102,7 @@ instance FromJSON RootConfig where RootConfig <$> o .: "accessPoints" <*> o .:? "advertise" .!= DoNotAdvertisePeer + <*> o .: "behindFirewall" instance ToJSON RootConfig where toJSON ra = object diff --git a/ouroboros-network/src/Ouroboros/Network/Diffusion/Topology.hs b/ouroboros-network/src/Ouroboros/Network/Diffusion/Topology.hs index 60af1266634..bf0b277c469 100644 --- a/ouroboros-network/src/Ouroboros/Network/Diffusion/Topology.hs +++ b/ouroboros-network/src/Ouroboros/Network/Diffusion/Topology.hs @@ -56,6 +56,8 @@ data RootConfig = RootConfig , rootAdvertise :: PeerAdvertise -- ^ 'advertise' configures whether the root should be advertised through -- peer sharing. + , behindFirewall :: Bool + -- ^ peer is unreachable and will initiate the connection first } deriving (Eq, Show) @@ -64,9 +66,9 @@ data RootConfig = RootConfig -- rootConfigToRelayAccessPoint :: RootConfig - -> [(RelayAccessPoint, PeerAdvertise)] -rootConfigToRelayAccessPoint RootConfig { rootAccessPoints, rootAdvertise } = - [ (ap, rootAdvertise) | ap <- rootAccessPoints ] + -> [(RelayAccessPoint, PeerAdvertise, Bool)] +rootConfigToRelayAccessPoint RootConfig { rootAccessPoints, rootAdvertise, behindFirewall } = + [ (ap, rootAdvertise, behindFirewall) | ap <- rootAccessPoints ] producerAddresses :: NetworkTopology extraConfig extraFlags @@ -80,11 +82,12 @@ producerAddresses NetworkTopology { localRootPeersGroups ( map (\lrp -> ( hotValency lrp , warmValency lrp , Map.fromList - . map (\(addr, peerAdvertise) -> + . map (\(addr, peerAdvertise, behindFirewall) -> ( addr , LocalRootConfig { diffusionMode = rootDiffusionMode lrp, peerAdvertise, + behindFirewall, LRP.extraFlags = extraFlags lrp } ) @@ -95,6 +98,7 @@ producerAddresses NetworkTopology { localRootPeersGroups ) (groups localRootPeersGroups) , foldMap ( Map.fromList + . fmap (\(a, b, _) -> (a, b)) . rootConfigToRelayAccessPoint . publicRoots ) publicRootPeers diff --git a/ouroboros-network/src/Ouroboros/Network/PeerSelection/Governor.hs b/ouroboros-network/src/Ouroboros/Network/PeerSelection/Governor.hs index 6b7b9e7feab..c1c75592a0e 100644 --- a/ouroboros-network/src/Ouroboros/Network/PeerSelection/Governor.hs +++ b/ouroboros-network/src/Ouroboros/Network/PeerSelection/Governor.hs @@ -708,7 +708,7 @@ peerSelectionGovernorLoop tracer actions blockedAt inboundPeers policy st <> KnownPeers.aboveTarget actions policy st - <> EstablishedPeers.belowTarget enableProgressMakingActions + <> EstablishedPeers.belowTarget enableProgressMakingActions inboundPeers actions policy st <> EstablishedPeers.aboveTarget actions policy st diff --git a/ouroboros-network/src/Ouroboros/Network/PeerSelection/Governor/EstablishedPeers.hs b/ouroboros-network/src/Ouroboros/Network/PeerSelection/Governor/EstablishedPeers.hs index bc6e137a817..d706fd14176 100644 --- a/ouroboros-network/src/Ouroboros/Network/PeerSelection/Governor/EstablishedPeers.hs +++ b/ouroboros-network/src/Ouroboros/Network/PeerSelection/Governor/EstablishedPeers.hs @@ -31,7 +31,8 @@ import Ouroboros.Network.PeerSelection.PeerSharing (PeerSharing (..)) import Ouroboros.Network.PeerSelection.PublicRootPeers qualified as PublicRootPeers import Ouroboros.Network.PeerSelection.State.EstablishedPeers qualified as EstablishedPeers import Ouroboros.Network.PeerSelection.State.KnownPeers qualified as KnownPeers -import Ouroboros.Network.PeerSelection.State.LocalRootPeers (WarmValency (..)) +import Ouroboros.Network.PeerSelection.State.LocalRootPeers (WarmValency (..), + LocalRootConfig (LocalRootConfig, behindFirewall)) import Ouroboros.Network.PeerSelection.State.LocalRootPeers qualified as LocalRootPeers import Ouroboros.Network.PeerSelection.Types (PeerStatus (..), PublicExtraPeersAPI (..)) @@ -74,6 +75,8 @@ belowTarget -- This might be useful if the user requires its diffusion layer to -- stop making progress during a sensitive/vulnerable situation and -- quarantine it and make sure it is only connected to trusted peers. + -> Map peeraddr PeerSharing + -- ^ Inbound peers that have negotiated a duplex connection -> PeerSelectionActions extraState extraFlags @@ -91,10 +94,10 @@ belowTarget peeraddr peerconn m -belowTarget enableAction = +belowTarget enableAction inboundPeers = belowTargetBigLedgerPeers enableAction - <> belowTargetLocal - <> belowTargetOther + <> belowTargetLocal inboundPeers + <> belowTargetOther inboundPeers -- | For locally configured root peers we have the explicit target that comes from local @@ -107,7 +110,9 @@ belowTargetLocal , Ord peeraddr , HasCallStack ) - => PeerSelectionActions + => Map peeraddr PeerSharing + -- ^ Inbound peers that have negotiated a duplex connection + -> PeerSelectionActions extraState extraFlags extraPeers extraAPI extraCounters peeraddr peerconn m @@ -119,7 +124,8 @@ belowTargetLocal peeraddr peerconn m -belowTargetLocal actions@PeerSelectionActions { +belowTargetLocal inboundPeers + actions@PeerSelectionActions { extraPeersAPI = PublicExtraPeersAPI { memberExtraPeers, extraPeersToSet @@ -149,6 +155,7 @@ belowTargetLocal actions@PeerSelectionActions { [ (numMembersToPromote, membersAvailableToPromote) | let availableToPromote = localAvailableToConnect + Set.\\ unreachablePeers Set.\\ localEstablishedPeers Set.\\ localConnectInProgress Set.\\ inProgressDemoteToCold @@ -194,6 +201,7 @@ belowTargetLocal actions@PeerSelectionActions { , let potentialToPromote = -- These are local peers that are cold but not ready. localRootPeersSet + Set.\\ unreachablePeers Set.\\ localEstablishedPeers Set.\\ KnownPeers.availableToConnect knownPeers , not (Set.null potentialToPromote) @@ -202,6 +210,14 @@ belowTargetLocal actions@PeerSelectionActions { | otherwise = GuardedSkip Nothing where + isUnreachablePeer addr (LocalRootConfig {behindFirewall}) = + behindFirewall && not (Map.member addr inboundPeers) + + unreachablePeers = + Map.keysSet + $ Map.filterWithKey isUnreachablePeer + $ LocalRootPeers.toMap localRootPeers + groupsBelowTarget = [ (warmValency, members, membersEstablished) | (_, warmValency, members) <- LocalRootPeers.toGroupSets localRootPeers @@ -225,7 +241,9 @@ belowTargetOther , Ord peeraddr , HasCallStack ) - => PeerSelectionActions + => Map peeraddr PeerSharing + -- ^ Inbound peers that have negotiated a duplex connection + -> PeerSelectionActions extraState extraFlags extraPeers @@ -242,7 +260,7 @@ belowTargetOther peeraddr peerconn m -belowTargetOther actions@PeerSelectionActions { +belowTargetOther inboundPeers actions@PeerSelectionActions { extraPeersAPI = PublicExtraPeersAPI { memberExtraPeers, extraPeersToSet @@ -253,6 +271,7 @@ belowTargetOther actions@PeerSelectionActions { policyPickColdPeersToPromote } st@PeerSelectionState { + localRootPeers, knownPeers, establishedPeers, inProgressPromoteCold, @@ -268,7 +287,7 @@ belowTargetOther actions@PeerSelectionActions { -- not cold and our invariant is that they are always in the connect set. -- We can also subtract the in progress ones since they are also already -- in the connect set and we cannot pick them again. - , numAvailableToConnect - numEstablishedPeers - numConnectInProgress > 0 + , numAvailableToConnect - numUnreachablePeers - numEstablishedPeers - numConnectInProgress > 0 = Guarded Nothing $ do -- The availableToPromote here is non-empty due to the second guard. -- The known peers map restricted to the connect set is the same size as @@ -280,11 +299,13 @@ belowTargetOther actions@PeerSelectionActions { -- let availableToPromote :: Set peeraddr availableToPromote = availableToConnect + Set.\\ unreachablePeers Set.\\ EstablishedPeers.toSet establishedPeers Set.\\ inProgressPromoteCold numPeersToPromote = targetNumberOfEstablishedPeers - numEstablishedPeers - numConnectInProgress + selectedToPromote <- pickPeers memberExtraPeers st policyPickColdPeersToPromote availableToPromote @@ -310,6 +331,16 @@ belowTargetOther actions@PeerSelectionActions { | otherwise = GuardedSkip Nothing where + numUnreachablePeers = Set.size unreachablePeers + + isUnreachablePeer addr (LocalRootConfig {behindFirewall}) = + behindFirewall && not (Map.member addr inboundPeers) + + unreachablePeers = + Map.keysSet + $ Map.filterWithKey isUnreachablePeer + $ LocalRootPeers.toMap localRootPeers + PeerSelectionView { viewKnownBigLedgerPeers = (bigLedgerPeersSet, _), diff --git a/ouroboros-network/src/Ouroboros/Network/PeerSelection/State/KnownPeers.hs b/ouroboros-network/src/Ouroboros/Network/PeerSelection/State/KnownPeers.hs index 537a439f3ca..a7eeefb08c7 100644 --- a/ouroboros-network/src/Ouroboros/Network/PeerSelection/State/KnownPeers.hs +++ b/ouroboros-network/src/Ouroboros/Network/PeerSelection/State/KnownPeers.hs @@ -79,6 +79,9 @@ data KnownPeers peeraddr = KnownPeers { -- establish a connection to now. This is because we have not connected -- with them before or because any failure backoff time has expired. -- + -- Note: Some peers may be behind a firewall. Local root peers marked as + -- behind a firewall are not excluded from this list. + -- availableToConnect :: !(Set peeraddr), -- | The subset of known peers that we cannot connect to for the moment. diff --git a/ouroboros-network/src/Ouroboros/Network/PeerSelection/State/LocalRootPeers.hs b/ouroboros-network/src/Ouroboros/Network/PeerSelection/State/LocalRootPeers.hs index b822e14ebc2..c035513cd64 100644 --- a/ouroboros-network/src/Ouroboros/Network/PeerSelection/State/LocalRootPeers.hs +++ b/ouroboros-network/src/Ouroboros/Network/PeerSelection/State/LocalRootPeers.hs @@ -48,9 +48,10 @@ import Ouroboros.Network.PeerSelection.PeerAdvertise (PeerAdvertise) -- data LocalRootConfig extraFlags = LocalRootConfig { - peerAdvertise :: !PeerAdvertise, - diffusionMode :: !DiffusionMode, - extraFlags :: !extraFlags + peerAdvertise :: !PeerAdvertise, + diffusionMode :: !DiffusionMode, + behindFirewall :: !Bool, + extraFlags :: !extraFlags } deriving (Show, Eq) diff --git a/ouroboros-network/testlib/Test/Ouroboros/Network/Diffusion/Testnet/Cardano.hs b/ouroboros-network/testlib/Test/Ouroboros/Network/Diffusion/Testnet/Cardano.hs index f4b9e97b0ea..019010437a2 100644 --- a/ouroboros-network/testlib/Test/Ouroboros/Network/Diffusion/Testnet/Cardano.hs +++ b/ouroboros-network/testlib/Test/Ouroboros/Network/Diffusion/Testnet/Cardano.hs @@ -380,7 +380,7 @@ unit_cm_valid_transitions = [ (HotValency {getHotValency = 1}, WarmValency {getWarmValency = 1}, Map.fromList [(RelayAccessAddress "0:71:0:1:0:1:0:1" 65_534, - LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsTrustable)]) + LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsTrustable)]) ] (Script (LedgerPools [] :| [])) (PeerSelectionTargets @@ -422,7 +422,7 @@ unit_cm_valid_transitions = [ (HotValency {getHotValency = 1}, WarmValency {getWarmValency = 1}, Map.fromList [(RelayAccessAddress "0:79::1:0:0" 3, - LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsTrustable)]) + LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsTrustable)]) ] (Script (LedgerPools [] :| [])) ( PeerSelectionTargets @@ -628,7 +628,7 @@ unit_connection_manager_trace_coverage = naPeerSharing = PeerSharingDisabled, naLocalRootPeers = [ (1,1,Map.fromList [ (RelayAccessAddress (read "127.0.0.1") 1000, - LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable) + LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable) ]) ], naLedgerPeers = Script (LedgerPools [] :| []), @@ -752,7 +752,7 @@ unit_connection_manager_transitions_coverage = naPeerSharing = PeerSharingDisabled, naLocalRootPeers = [ (1,1,Map.fromList [ (RelayAccessAddress (read "127.0.0.1") 1000, - LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable) + LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable) ]) ], naLedgerPeers = Script (LedgerPools [] :| []), @@ -879,6 +879,7 @@ prop_txSubmission_allTransactions (ArbTxDecisionPolicy decisionPolicy) let localRootConfig = LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode + False IsNotTrustable diffScript = DiffusionScript @@ -1318,8 +1319,8 @@ unit_4177 = prop_inbound_governor_transitions_coverage absNoAttenuation script (Script (UseBootstrapPeers [RelayAccessDomain "bootstrap" 0] :| [])) (TestAddress (IPAddr (read "0:7:0:7::") 65_533)) PeerSharingDisabled - [ (1,1,Map.fromList [(RelayAccessDomain "test2" 65_535,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable) - , (RelayAccessAddress "0:6:0:3:0:6:0:5" 65_530,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)]) + [ (1,1,Map.fromList [(RelayAccessDomain "test2" 65_535,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable) + , (RelayAccessAddress "0:6:0:3:0:6:0:5" 65_530,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)]) ] (Script (LedgerPools [] :| [])) (nullPeerSelectionTargets { @@ -1337,11 +1338,11 @@ unit_4177 = prop_inbound_governor_transitions_coverage absNoAttenuation script (Script (PraosFetchMode FetchModeDeadline :| [])) [] , [JoinNetwork 1.742_857_142_857 - ,Reconfigure 6.333_333_333_33 [(1,1,Map.fromList [(RelayAccessDomain "test2" 65_535,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)]), - (1,1,Map.fromList [(RelayAccessAddress "0:6:0:3:0:6:0:5" 65_530,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable) + ,Reconfigure 6.333_333_333_33 [(1,1,Map.fromList [(RelayAccessDomain "test2" 65_535,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)]), + (1,1,Map.fromList [(RelayAccessAddress "0:6:0:3:0:6:0:5" 65_530,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable) ])] - ,Reconfigure 23.888_888_888_88 [(1,1,Map.empty),(1,1,Map.fromList [(RelayAccessAddress "0:6:0:3:0:6:0:5" 65_530,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])] - ,Reconfigure 4.870_967_741_935 [(1,1,Map.fromList [(RelayAccessDomain "test2" 65_535,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])] + ,Reconfigure 23.888_888_888_88 [(1,1,Map.empty),(1,1,Map.fromList [(RelayAccessAddress "0:6:0:3:0:6:0:5" 65_530,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])] + ,Reconfigure 4.870_967_741_935 [(1,1,Map.fromList [(RelayAccessDomain "test2" 65_535,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])] ] ) , ( NodeArgs 1 InitiatorAndResponderDiffusionMode @@ -1977,8 +1978,8 @@ unit_4191 = testWithIOSim prop_diffusion_dns_can_recover long_trace absInfo scri (Script (UseBootstrapPeers [RelayAccessDomain "bootstrap" 0] :| [])) (TestAddress (IPAddr (read "0.0.1.236") 65_527)) PeerSharingDisabled - [ (2,2,Map.fromList [ (RelayAccessDomain "test2" 15,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable) - , (RelayAccessDomain "test3" 4,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)]) + [ (2,2,Map.fromList [ (RelayAccessDomain "test2" 15,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable) + , (RelayAccessDomain "test3" 4,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)]) ] (Script (LedgerPools [] :| [])) (PeerSelectionTargets @@ -2028,7 +2029,7 @@ unit_4191 = testWithIOSim prop_diffusion_dns_can_recover long_trace absInfo scri , Reconfigure 0.415_384_615_384 [(1,1,Map.fromList []) , (1,1,Map.empty)] , Reconfigure 15.550_561_797_752 [(1,1,Map.empty) - , (1,1,Map.fromList [(RelayAccessDomain "test2" 15,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])] + , (1,1,Map.fromList [(RelayAccessDomain "test2" 15,LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])] , Reconfigure 82.857_142_857_14 [] ]) ] @@ -2093,7 +2094,7 @@ prop_connect_failure (AbsIOError ioerr) = naBootstrapPeers = Script (DontUseBootstrapPeers :| []), naAddr = TestAddress (IPAddr nodeIP nodePort), naPeerSharing = PeerSharingDisabled, - naLocalRootPeers = [(1,1,Map.fromList [(RelayAccessAddress relayIP relayPort,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])], + naLocalRootPeers = [(1,1,Map.fromList [(RelayAccessAddress relayIP relayPort,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])], naLedgerPeers = Script (LedgerPools [] :| []), naPeerTargets = (PeerSelectionTargets { targetNumberOfRootPeers = 1, @@ -2221,7 +2222,7 @@ prop_accept_failure (AbsIOError ioerr) = naBootstrapPeers = Script (DontUseBootstrapPeers :| []), naAddr = TestAddress (IPAddr nodeIP nodePort), naPeerSharing = PeerSharingDisabled, - naLocalRootPeers = [(1,1,Map.fromList [(RelayAccessAddress relayIP relayPort,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])], + naLocalRootPeers = [(1,1,Map.fromList [(RelayAccessAddress relayIP relayPort,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])], naLedgerPeers = Script (LedgerPools [] :| []), naPeerTargets = (PeerSelectionTargets { targetNumberOfRootPeers = 1, @@ -3238,21 +3239,21 @@ async_demotion_network_script = ] ) , ( common { naAddr = addr2, - naLocalRootPeers = [(1,1, Map.fromList [(ra_addr1, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])] } + naLocalRootPeers = [(1,1, Map.fromList [(ra_addr1, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])] } , [JoinNetwork 0, Kill 5, JoinNetwork 20] ) , ( common { naAddr = addr3, - naLocalRootPeers = [(1,1, Map.fromList [(ra_addr1, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])] } + naLocalRootPeers = [(1,1, Map.fromList [(ra_addr1, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])] } , [JoinNetwork 0] ) ] where addr1 = TestAddress (IPAddr (read "10.0.0.1") 3000) ra_addr1 = RelayAccessAddress (read "10.0.0.1") 3000 - localRoots1 = [(2,2, Map.fromList [(ra_addr2, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable) - ,(ra_addr3, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])] - localRoots1' = [(2,2, Map.fromList [(ra_addr2, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable) - ,(ra_addr3, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])] + localRoots1 = [(2,2, Map.fromList [(ra_addr2, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable) + ,(ra_addr3, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])] + localRoots1' = [(2,2, Map.fromList [(ra_addr2, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable) + ,(ra_addr3, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])] addr2 = TestAddress (IPAddr (read "10.0.0.2") 3000) ra_addr2 = RelayAccessAddress (read "10.0.0.2") 3000 @@ -3858,7 +3859,7 @@ prop_unit_4258 = (Script (UseBootstrapPeers [RelayAccessDomain "bootstrap" 0] :| [])) (TestAddress (IPAddr (read "0.0.0.4") 9)) PeerSharingDisabled - [(1,1,Map.fromList [(RelayAccessAddress "0.0.0.8" 65_531,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])] + [(1,1,Map.fromList [(RelayAccessAddress "0.0.0.8" 65_531,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])] (Script (LedgerPools [] :| [])) (nullPeerSelectionTargets { targetNumberOfRootPeers = 2, @@ -3893,7 +3894,7 @@ prop_unit_4258 = (Script (UseBootstrapPeers [RelayAccessDomain "bootstrap" 0] :| [])) (TestAddress (IPAddr (read "0.0.0.8") 65_531)) PeerSharingDisabled - [(1,1,Map.fromList [(RelayAccessAddress "0.0.0.4" 9,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])] + [(1,1,Map.fromList [(RelayAccessAddress "0.0.0.4" 9,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])] (Script (LedgerPools [] :| [])) (nullPeerSelectionTargets { targetNumberOfRootPeers = 4, @@ -3924,7 +3925,7 @@ prop_unit_4258 = (Script (PraosFetchMode FetchModeDeadline :| [])) [] , [ JoinNetwork 3.384_615_384_615, - Reconfigure 3.583_333_333_333 [(1,1,Map.fromList [(RelayAccessAddress "0.0.0.4" 9,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])], + Reconfigure 3.583_333_333_333 [(1,1,Map.fromList [(RelayAccessAddress "0.0.0.4" 9,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])], Kill 15.555_555_555_55, JoinNetwork 30.533_333_333_33, Kill 71.111_111_111_11 @@ -3965,8 +3966,8 @@ prop_unit_reconnect = (Script (DontUseBootstrapPeers :| [])) (TestAddress (IPAddr (read "0.0.0.0") 0)) PeerSharingDisabled - [ (2,2,Map.fromList [ (RelayAccessAddress "0.0.0.1" 0,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable) - , (RelayAccessAddress "0.0.0.2" 0,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable) + [ (2,2,Map.fromList [ (RelayAccessAddress "0.0.0.1" 0,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable) + , (RelayAccessAddress "0.0.0.2" 0,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable) ]) ] (Script (LedgerPools [] :| [])) @@ -3996,7 +3997,7 @@ prop_unit_reconnect = (Script (DontUseBootstrapPeers :| [])) (TestAddress (IPAddr (read "0.0.0.1") 0)) PeerSharingDisabled - [(1,1,Map.fromList [(RelayAccessAddress "0.0.0.0" 0,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])] + [(1,1,Map.fromList [(RelayAccessAddress "0.0.0.0" 0,LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])] (Script (LedgerPools [] :| [])) (PeerSelectionTargets { targetNumberOfRootPeers = 1, @@ -4437,7 +4438,7 @@ unit_peer_sharing = (mainnetSimArgs 3 defaultTxDecisionPolicy) (singletonScript (mempty, ShortDelay)) [ ( (defaultNodeArgs GenesisMode) { naAddr = ip_0, - naLocalRootPeers = [(1, 1, Map.fromList [(ra_1, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])], + naLocalRootPeers = [(1, 1, Map.fromList [(ra_1, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])], naPeerTargets = targets 1 } , [JoinNetwork 0] @@ -4449,7 +4450,7 @@ unit_peer_sharing = , [JoinNetwork 0] ) , ( (defaultNodeArgs GenesisMode) { naAddr = ip_2, - naLocalRootPeers = [(1, 1, Map.fromList [(ra_1, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])], + naLocalRootPeers = [(1, 1, Map.fromList [(ra_1, LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])], naPeerTargets = targets 2 } , [JoinNetwork 0] @@ -4960,7 +4961,7 @@ unit_local_root_diffusion_mode diffusionMode = naPeerSharing = PeerSharingDisabled, naLocalRootPeers = [ (1,1,Map.fromList [ (RelayAccessAddress (read "127.0.0.1") 1000, - LocalRootConfig DoNotAdvertisePeer diffusionMode IsNotTrustable) + LocalRootConfig DoNotAdvertisePeer diffusionMode False IsNotTrustable) ]) ], naLedgerPeers = Script (LedgerPools [] :| []), diff --git a/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection.hs b/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection.hs index 031453ff5ed..6075c4c3d13 100644 --- a/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection.hs +++ b/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection.hs @@ -166,6 +166,8 @@ tests = prop_governor_target_active_local_below , testProperty "progresses towards active target (from above)" prop_governor_target_active_local_above + , testProperty "never connect to peers behind a firewall" + prop_governor_never_connect_peer_behind_firewall ] , testGroup "big ledger peers" @@ -2471,7 +2473,7 @@ prop_governor_target_known_big_ledger_peers_above (MaxTime maxTime) env = -- test to assert that this happens in some fraction of test cases. -- prop_governor_target_established_below :: MaxTime -> GovernorMockEnvironment -> Property -prop_governor_target_established_below (MaxTime maxTime) env = +prop_governor_target_established_below (MaxTime maxTime) env@GovernorMockEnvironment{inboundPeers} = let events = Signal.eventsFromListUpToTime maxTime . selectPeerSelectionTraceEvents @Cardano.ExtraState @@ -2487,6 +2489,27 @@ prop_governor_target_established_below (MaxTime maxTime) env = (Cardano.ExtraState.empty (consensusMode env) (NumberOfBigLedgerPeers 0)) Cardano.ExtraPeers.empty events + govLocalRootPeersSig :: Signal (LocalRootPeers PeerTrustable PeerAddr) + govLocalRootPeersSig = + selectGovState Governor.localRootPeers + (Cardano.ExtraState.empty (consensusMode env) (NumberOfBigLedgerPeers 0)) Cardano.ExtraPeers.empty + events + + govUnreachablePeersSig :: Signal (Set PeerAddr) + govUnreachablePeersSig = + (\local -> + let + isUnreachablePeer addr (LocalRootConfig {behindFirewall}) = + behindFirewall && not (Set.member addr inboundPeers) + + unreachablePeers = + Map.keysSet + $ Map.filterWithKey isUnreachablePeer + $ LocalRootPeers.toMap local + in + unreachablePeers + ) <$> govLocalRootPeersSig + govKnownPeersSig :: Signal (Set PeerAddr) govKnownPeersSig = selectGovState (dropBigLedgerPeers $ @@ -2538,12 +2561,13 @@ prop_governor_target_established_below (MaxTime maxTime) env = -- There are no opportunities if we're at or above target -- - promotionOpportunity target known established recentFailures + promotionOpportunity target known unreachable established recentFailures | Set.size established >= target = Set.empty | otherwise = known Set.\\ established + Set.\\ unreachable Set.\\ recentFailures promotionOpportunities :: Signal (Set PeerAddr) @@ -2551,6 +2575,7 @@ prop_governor_target_established_below (MaxTime maxTime) env = promotionOpportunity <$> govTargetsSig <*> govKnownPeersSig + <*> govUnreachablePeersSig <*> govEstablishedPeersSig <*> govEstablishedFailuresSig @@ -3210,6 +3235,64 @@ prop_governor_target_active_big_ledger_peers_above (MaxTime maxTime) env = <*> demotionOpportunities <*> demotionOpportunitiesIgnoredTooLong) +-- | Avoid connecting to root peers marked as behind a firewall and without inbound connection. +prop_governor_never_connect_peer_behind_firewall :: MaxTime -> GovernorMockEnvironment -> Property +prop_governor_never_connect_peer_behind_firewall (MaxTime maxTime) env@GovernorMockEnvironment{inboundPeers} = + let events = Signal.eventsFromListUpToTime maxTime + . selectPeerSelectionTraceEvents + @Cardano.ExtraState + @PeerTrustable + @(Cardano.ExtraPeers PeerAddr) + @(Cardano.ExtraPeerSelectionSetsWithSizes PeerAddr) + . runGovernorInMockEnvironment + $ env + + govLocalRootPeersSig :: Signal (LocalRootPeers PeerTrustable PeerAddr) + govLocalRootPeersSig = + selectGovState Governor.localRootPeers + (Cardano.ExtraState.empty (consensusMode env) (NumberOfBigLedgerPeers 0)) Cardano.ExtraPeers.empty + events + + govUnreachablePeersSig :: Signal (Set PeerAddr) + govUnreachablePeersSig = + (\local -> + let + isUnreachablePeer addr (LocalRootConfig {behindFirewall}) = + behindFirewall && not (Set.member addr inboundPeers) + + unreachablePeers = + Map.keysSet + $ Map.filterWithKey isUnreachablePeer + $ LocalRootPeers.toMap local + in + unreachablePeers + ) <$> govLocalRootPeersSig + + govPromotionSig :: Signal (Set PeerAddr) + govPromotionSig = + Signal.fromEventsWith Set.empty + . Signal.selectEvents + (\case TracePromoteColdPeers _ _ peers -> Just $! peers + _ -> Nothing + ) + . selectGovEvents + $ events + + unreachablePromotions :: Signal (Set PeerAddr) + unreachablePromotions = + Set.intersection + <$> govUnreachablePeersSig + <*> govPromotionSig + + in counterexample + "\nSignal key: (local root peers, unreachable local root peers, promotions, unreachable promotions)" $ + + signalProperty 20 show + (\(_,_,_,promotions) -> Set.null promotions) + ((,,,) <$> govLocalRootPeersSig + <*> govUnreachablePeersSig + <*> govPromotionSig + <*> unreachablePromotions) -- | A variant of 'prop_governor_target_established_below' but for the target -- that all local root peers should become established. @@ -3218,7 +3301,7 @@ prop_governor_target_active_big_ledger_peers_above (MaxTime maxTime) env = -- is not possible to exceed the target. -- prop_governor_target_established_local :: MaxTime -> GovernorMockEnvironment -> Property -prop_governor_target_established_local (MaxTime maxTime) env = +prop_governor_target_established_local (MaxTime maxTime) env@GovernorMockEnvironment{inboundPeers} = let events = Signal.eventsFromListUpToTime maxTime . selectPeerSelectionTraceEvents @Cardano.ExtraState @@ -3234,6 +3317,21 @@ prop_governor_target_established_local (MaxTime maxTime) env = (Cardano.ExtraState.empty (consensusMode env) (NumberOfBigLedgerPeers 0)) Cardano.ExtraPeers.empty events + govUnreachablePeersSig :: Signal (Set PeerAddr) + govUnreachablePeersSig = + (\local -> + let + isUnreachablePeer addr (LocalRootConfig {behindFirewall}) = + behindFirewall && not (Set.member addr inboundPeers) + + unreachablePeers = + Map.keysSet + $ Map.filterWithKey isUnreachablePeer + $ LocalRootPeers.toMap local + in + unreachablePeers + ) <$> govLocalRootPeersSig + govEstablishedPeersSig :: Signal (Set PeerAddr) govEstablishedPeersSig = selectGovState @@ -3281,18 +3379,20 @@ prop_governor_target_established_local (MaxTime maxTime) env = promotionOpportunities :: Signal (Set PeerAddr) promotionOpportunities = - (\local established recentFailures inProgressPromoteCold -> + (\local unreachable established recentFailures inProgressPromoteCold -> Set.unions [ -- There are no opportunities if we're at or above target if Set.size groupEstablished >= warmTarget' then Set.empty else group Set.\\ established + Set.\\ unreachable Set.\\ recentFailures Set.\\ inProgressPromoteCold | (_, WarmValency warmTarget', group) <- LocalRootPeers.toGroupSets local , let groupEstablished = group `Set.intersection` established ] ) <$> govLocalRootPeersSig + <*> govUnreachablePeersSig <*> govEstablishedPeersSig <*> govEstablishedFailuresSig <*> govInProgressPromoteColdSig @@ -4063,8 +4163,8 @@ prop_issue_3550 = prop_governor_target_established_below defaultMaxTime $ (PeerAddr 29,[],GovernorScripts {peerShareScript = Script (Nothing :| []), peerSharingScript = Script (PeerSharingDisabled :| []), connectionScript = Script ((ToWarm,NoDelay) :| [(ToCold,NoDelay),(Noop,NoDelay)])}) ], localRootPeers = LocalRootPeers.fromGroups - [ (1, 1, Map.fromList [(PeerAddr 16, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)]) - , (1, 1, Map.fromList [(PeerAddr 4, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)]) + [ (1, 1, Map.fromList [(PeerAddr 16, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)]) + , (1, 1, Map.fromList [(PeerAddr 4, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)]) ], publicRootPeers = Cardano.PublicRootPeers.fromPublicRootPeers (Map.fromList [ (PeerAddr 14, DoNotAdvertisePeer) @@ -4079,6 +4179,7 @@ prop_issue_3550 = prop_governor_target_established_below defaultMaxTime $ targetNumberOfActivePeers = 3 }, nullPeerSelectionTargets), NoDelay) :| []), + inboundPeers = Set.empty, pickKnownPeersForPeerShare = Script (PickFirst :| []), pickColdPeersToPromote = Script (PickFirst :| []), pickWarmPeersToPromote = Script (PickFirst :| []), @@ -4111,9 +4212,10 @@ prop_issue_3515 = prop_governor_nolivelock $ peerSharingScript = Script (PeerSharingDisabled :| []), connectionScript = Script ((ToCold,NoDelay) :| [(Noop,NoDelay)]) })], - localRootPeers = LocalRootPeers.fromGroups [(1,1,Map.fromList [(PeerAddr 10, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])], + localRootPeers = LocalRootPeers.fromGroups [(1,1,Map.fromList [(PeerAddr 10, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])], publicRootPeers = PublicRootPeers.empty Cardano.ExtraPeers.empty, targets = Script . NonEmpty.fromList $ targets'', + inboundPeers = Set.empty, pickKnownPeersForPeerShare = Script (PickFirst :| []), pickColdPeersToPromote = Script (PickFirst :| []), pickWarmPeersToPromote = Script (PickFirst :| []), @@ -4153,9 +4255,10 @@ prop_issue_3494 = prop_governor_nofail $ peerSharingScript = Script (PeerSharingDisabled :| []), connectionScript = Script ((ToCold,NoDelay) :| [(Noop,NoDelay)]) })], - localRootPeers = LocalRootPeers.fromGroups [(1,1,Map.fromList [(PeerAddr 64, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)])], + localRootPeers = LocalRootPeers.fromGroups [(1,1,Map.fromList [(PeerAddr 64, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)])], publicRootPeers = PublicRootPeers.empty Cardano.ExtraPeers.empty, targets = Script . NonEmpty.fromList $ targets'', + inboundPeers = Set.empty, pickKnownPeersForPeerShare = Script (PickFirst :| []), pickColdPeersToPromote = Script (PickFirst :| []), pickWarmPeersToPromote = Script (PickFirst :| []), @@ -4203,12 +4306,13 @@ prop_issue_3233 = prop_governor_nolivelock $ (PeerAddr 15,[],GovernorScripts {peerShareScript = Script (Just ([],PeerShareTimeSlow) :| []), peerSharingScript = Script (PeerSharingDisabled :| []), connectionScript = Script ((Noop,NoDelay) :| [])}) ], localRootPeers = LocalRootPeers.fromGroups - [ (1, 1, Map.fromList [(PeerAddr 15, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)]) - , (1, 1, Map.fromList [(PeerAddr 13, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode IsNotTrustable)]) + [ (1, 1, Map.fromList [(PeerAddr 15, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)]) + , (1, 1, Map.fromList [(PeerAddr 13, LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False IsNotTrustable)]) ], publicRootPeers = Cardano.PublicRootPeers.fromPublicRootPeers (Map.fromList [(PeerAddr 4, DoNotAdvertisePeer)]), targets = Script . NonEmpty.fromList $ targets'', + inboundPeers = Set.empty, pickKnownPeersForPeerShare = Script (PickFirst :| []), pickColdPeersToPromote = Script (PickFirst :| []), pickWarmPeersToPromote = Script (PickFirst :| []), diff --git a/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/Cardano/MockEnvironment.hs b/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/Cardano/MockEnvironment.hs index 90e7cab8ce4..0024b0785ff 100644 --- a/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/Cardano/MockEnvironment.hs +++ b/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/Cardano/MockEnvironment.hs @@ -67,6 +67,8 @@ import Ouroboros.Network.ExitPolicy import Ouroboros.Network.NodeToNode.Version (DiffusionMode) import Ouroboros.Network.PeerSelection.Governor hiding (PeerSelectionState (..)) import Ouroboros.Network.PeerSelection.Governor qualified as Governor +import Ouroboros.Network.PeerSelection.State.LocalRootPeers ( + LocalRootConfig (LocalRootConfig, behindFirewall)) import Ouroboros.Network.PeerSelection.State.LocalRootPeers qualified as LocalRootPeers import Ouroboros.Network.Point @@ -151,6 +153,7 @@ data GovernorMockEnvironment = GovernorMockEnvironment { localRootPeers :: !(LocalRootPeers PeerTrustable PeerAddr), publicRootPeers :: !(PublicRootPeers (Cardano.ExtraPeers PeerAddr) PeerAddr), targets :: !(TimedScript (PeerSelectionTargets, PeerSelectionTargets)), + inboundPeers :: !(Set PeerAddr), pickKnownPeersForPeerShare :: !(PickScript PeerAddr), pickColdPeersToPromote :: !(PickScript PeerAddr), pickWarmPeersToPromote :: !(PickScript PeerAddr), @@ -458,7 +461,8 @@ mockPeerSelectionActions' tracer GovernorMockEnvironment { localRootPeers, publicRootPeers, - peerSharingFlag + peerSharingFlag, + inboundPeers } (originalPeerTargets, _peerTargets) scripts @@ -504,7 +508,7 @@ mockPeerSelectionActions' tracer writeTVar outboundConnectionsStateVar a } }, - readInboundPeers = pure Map.empty, + readInboundPeers, readLedgerPeerSnapshot = pure Nothing, peerSelectionTargets = originalPeerTargets, extraPeersAPI = Cardano.ExtraPeers.cardanoPublicRootPeersAPI, @@ -551,6 +555,15 @@ mockPeerSelectionActions' tracer traceWith tracer (TraceEnvRootsResult (Set.toList (PublicRootPeers.toSet Cardano.ExtraPeers.toSet result))) return (result, ttl) + readInboundPeers :: m (Map PeerAddr PeerSharing) + readInboundPeers = sequence $ + Map.fromSet + (\addr -> do + let Just (_, peerSharingScript, _) = Map.lookup addr scripts + stepScript peerSharingScript + ) + inboundPeers + requestPeerShare :: PeerSharingAmount -> PeerAddr -> m (PeerSharingResult PeerAddr) requestPeerShare _ addr = do let Just (peerShareScript, _, _) = Map.lookup addr scripts @@ -939,6 +952,7 @@ instance Arbitrary GovernorMockEnvironment where let peersSet = allPeers peerGraph (localRootPeers, publicRootPeers) <- arbitraryRootPeers peersSet + inboundPeers <- arbitraryInboundPeers localRootPeers let arbitrarySubsetOfPeers = arbitrarySubset peersSet pickKnownPeersForPeerShare <- arbitraryPickScript arbitrarySubsetOfPeers @@ -961,6 +975,16 @@ instance Arbitrary GovernorMockEnvironment where return GovernorMockEnvironment{..} where + -- Subset of peers behind a firewall + arbitraryInboundPeers :: LocalRootPeers PeerTrustable PeerAddr -> Gen (Set PeerAddr) + arbitraryInboundPeers local = + let + behindFirewallPeers = + Map.keysSet + $ Map.filter (\LocalRootConfig {behindFirewall} -> behindFirewall) + $ LocalRootPeers.toMap local + in arbitrarySubset behindFirewallPeers + arbitraryRootPeers :: Set PeerAddr -> Gen (LocalRootPeers PeerTrustable PeerAddr, PublicRootPeers (Cardano.ExtraPeers PeerAddr) PeerAddr) arbitraryRootPeers peers | Set.null peers = diff --git a/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/Instances.hs b/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/Instances.hs index 98cf3a9c4fb..c3a063d0ee1 100644 --- a/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/Instances.hs +++ b/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/Instances.hs @@ -171,6 +171,7 @@ instance Arbitrary extraFlags => Arbitrary (LocalRootConfig extraFlags) where <$> arbitrary <*> elements [InitiatorAndResponderDiffusionMode, InitiatorOnlyDiffusionMode] <*> arbitrary + <*> arbitrary shrink a@LocalRootConfig { peerAdvertise, extraFlags, diffusionMode } = [ a { extraFlags = peerTrustable' } | peerTrustable' <- shrink extraFlags diff --git a/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/RootPeersDNS.hs b/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/RootPeersDNS.hs index cf9ea9aad26..03fcebc1392 100644 --- a/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/RootPeersDNS.hs +++ b/ouroboros-network/testlib/Test/Ouroboros/Network/PeerSelection/RootPeersDNS.hs @@ -347,10 +347,10 @@ simpleMockRoots = MockRoots localRootPeers dnsMap Map.empty (singletonScript Map [ ( 2, 2 , Map.fromList [ ( RelayAccessAddress (read "192.0.2.1") (read "3333") - , LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode () + , LocalRootConfig DoAdvertisePeer InitiatorAndResponderDiffusionMode False () ) , ( RelayAccessDomain "test.domain" (read "4444") - , LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode () + , LocalRootConfig DoNotAdvertisePeer InitiatorAndResponderDiffusionMode False () ) ] )