Merge pull request #1575 from mysteriumnetwork/wg-nat-fixes

Wireguard port mapping fixes and some refactorings

.dockerignore

@@ -1 +1,2 @@
 .git/
+vendor

ci/test/e2e.go

@@ -45,7 +45,7 @@ func TestE2ENAT() error {
 	composeFiles := []string{
 		"./docker-compose.e2e-traversal.yml",
 	}
-	runner, cleanup := e2e.NewRunner(composeFiles, "node_e2e_nat_test", "openvpn,wireguard")
+	runner, cleanup := e2e.NewRunner(composeFiles, "node_e2e_nat_test", "wireguard,openvpn")
 	defer cleanup()
 	if err := runner.Init(); err != nil {
 		return err

cmd/di.go

@@ -805,9 +805,8 @@ func (di *Dependencies) bootstrapNATComponents(options node.Options) {
 	if options.ExperimentNATPunching {
 		log.Debug().Msg("Experimental NAT punching enabled, creating a pinger")
 		di.NATPinger = traversal.NewPinger(
-			di.NATTracker,
+			traversal.DefaultPingConfig(),
 			traversal.NewNATProxy(),
-			mapping.StageName,
 			di.EventBus,
 		)
 	} else {

cmd/di_desktop.go

@@ -81,16 +81,6 @@ func (di *Dependencies) bootstrapServiceWireguard(nodeOptions node.Options) {
 
 			wgOptions := serviceOptions.(wireguard_service.Options)
 
-			mapPort := func(port int) func() {
-				return mapping.GetPortMappingFunc(
-					loc.IP,
-					outIP,
-					"UDP",
-					port,
-					"Myst node wireguard(tm) port mapping",
-					di.EventBus)
-			}
-
 			var portPool port.ServicePortSupplier
 			if wgOptions.Ports.IsSpecified() {
 				log.Info().Msgf("Fixed service port range (%s) configured, using custom port pool", wgOptions.Ports)
@@ -105,15 +95,19 @@ func (di *Dependencies) bootstrapServiceWireguard(nodeOptions node.Options) {
 				Country: loc.Country,
 			}
 
+			portmapConfig := mapping.DefaultConfig()
+			portMapper := mapping.NewPortMapper(portmapConfig, di.EventBus)
+
 			svc := wireguard_service.NewManager(
 				di.IPResolver,
 				locationInfo,
 				di.NATService,
 				di.NATPinger,
 				di.NATTracker,
-				mapPort,
+				di.EventBus,
 				wgOptions,
-				portPool)
+				portPool,
+				portMapper)
 			return svc, wireguard_service.GetProposal(loc), nil
 		},
 	)
@@ -146,16 +140,6 @@ func (di *Dependencies) bootstrapServiceOpenvpn(nodeOptions node.Options) {
 
 		transportOptions := serviceOptions.(openvpn_service.Options)
 
-		mapPort := func(port int) func() {
-			return mapping.GetPortMappingFunc(
-				loc.IP,
-				outIP,
-				transportOptions.Protocol,
-				port,
-				"Myst node OpenVPN port mapping",
-				di.EventBus)
-		}
-
 		locationInfo := location.ServiceLocationInfo{
 			OutIP:   outIP,
 			PubIP:   loc.IP,
@@ -171,17 +155,19 @@ func (di *Dependencies) bootstrapServiceOpenvpn(nodeOptions node.Options) {
 			portPool = port.NewPool()
 		}
 
+		portMapper := mapping.NewPortMapper(mapping.DefaultConfig(), di.EventBus)
+
 		manager := openvpn_service.NewManager(
 			nodeOptions,
 			transportOptions,
 			locationInfo,
 			di.ServiceSessionStorage,
 			di.NATService,
 			di.NATPinger,
-			mapPort,
 			di.NATTracker,
 			portPool,
 			di.EventBus,
+			portMapper,
 		)
 		return manager, proposal, nil
 	}
@@ -192,12 +178,12 @@ func (di *Dependencies) bootstrapServiceNoop(nodeOptions node.Options) {
 	di.ServiceRegistry.Register(
 		service_noop.ServiceType,
 		func(serviceOptions service.Options) (service.Service, market.ServiceProposal, error) {
-			location, err := di.LocationResolver.DetectLocation()
+			loc, err := di.LocationResolver.DetectLocation()
 			if err != nil {
 				return nil, market.ServiceProposal{}, err
 			}
 
-			return service_noop.NewManager(), service_noop.GetProposal(location), nil
+			return service_noop.NewManager(), service_noop.GetProposal(loc), nil
 		},
 	)
 }

docker-compose.e2e-basic.yml

@@ -145,7 +145,6 @@ services:
       --transactor.address=http://transactor:8888/api/v1
       --keystore.lightweight
       --log-level=debug
-      --quality.address=http://morqa:8085/api/v1
       --quality-oracle.address=http://morqa:8085/api/v1
       service
       --agreed-terms-and-conditions

docker-compose.e2e-traversal.yml

@@ -12,6 +12,13 @@ services:
     expose:
       - 8085
       - 8080
+    cap_add:
+      - NET_ADMIN
+    sysctls:
+      - net.ipv4.conf.default.rp_filter=0
+      - net.ipv4.conf.all.rp_filter=0
+      - net.ipv4.conf.eth0.rp_filter=0
+      - net.ipv4.conf.eth1.rp_filter=0
     dns: 172.30.0.254
     networks:
       public0:
@@ -176,6 +183,11 @@ services:
       PORT: 8889
     expose:
       - 8889
+    sysctls:
+      - net.ipv4.conf.default.rp_filter=0
+      - net.ipv4.conf.all.rp_filter=0
+      - net.ipv4.conf.eth0.rp_filter=0
+      - net.ipv4.conf.eth1.rp_filter=0
     depends_on:
       - ganache
     command: >
@@ -187,8 +199,15 @@ services:
       -chImplementation 0x599d43715DF3070f83355D9D90AE62c159E62A75
       -keystoreDir /keystore
       -accountantAddress 0x241F6e1d0bB17f45767DC60A6Bd3D21Cdb543a0c
+      -boltPath /bolt.db
     volumes:
       - ./e2e/blockchain/keystore:/keystore
+    dns: 172.30.0.254
+    networks:
+      public0:
+        ipv4_address: 172.30.0.204
+      public1:
+        ipv4_address: 172.31.0.204
 
   myst-consumer:
     build:

docker-compose.localnet.yml

@@ -12,6 +12,13 @@ services:
     expose:
       - 8085
       - 8080
+    cap_add:
+      - NET_ADMIN
+    sysctls:
+      - net.ipv4.conf.default.rp_filter=0
+      - net.ipv4.conf.all.rp_filter=0
+      - net.ipv4.conf.eth0.rp_filter=0
+      - net.ipv4.conf.eth1.rp_filter=0
     dns: 172.30.0.254
     networks:
       public0:
@@ -176,6 +183,11 @@ services:
       PORT: 8889
     expose:
       - 8889
+    sysctls:
+      - net.ipv4.conf.default.rp_filter=0
+      - net.ipv4.conf.all.rp_filter=0
+      - net.ipv4.conf.eth0.rp_filter=0
+      - net.ipv4.conf.eth1.rp_filter=0
     depends_on:
       - ganache
     command: >
@@ -187,8 +199,15 @@ services:
       -chImplementation 0x599d43715DF3070f83355D9D90AE62c159E62A75
       -keystoreDir /keystore
       -accountantAddress 0x241F6e1d0bB17f45767DC60A6Bd3D21Cdb543a0c
+      -boltPath /bolt.db
     volumes:
       - ./e2e/blockchain/keystore:/keystore
+    dns: 172.30.0.254
+    networks:
+      public0:
+        ipv4_address: 172.30.0.204
+      public1:
+        ipv4_address: 172.31.0.204
 
   myst-consumer:
     build:

localnet/README.md

@@ -40,7 +40,7 @@ Run consumer daemon
 Run consumer CLI
 
 ```
-./cli.sh
+./localnet/cli.sh
 ```
 
 5. **Stop localnet docker stack**

localnet/provider.sh

@@ -7,6 +7,8 @@ exec /node/build/myst/myst \
   --log-dir= --data-dir=/var/lib/mysterium-node \
   --runtime-dir=/var/run/mysterium-node \
   --tequilapi.address=0.0.0.0 \
+  --discovery.ping=10s \
+  --discovery.fetch=10s \
   --payments.mystscaddress=0x4D1d104AbD4F4351a0c51bE1e9CA0750BbCa1665 \
   --ip-detector=http://ipify:3000/?format=json \
   --location.type=manual \

mobile/mysterium/openvpn_connection_setup.go

@@ -34,8 +34,7 @@ import (
 )
 
 type natPinger interface {
-	PingProvider(ip string, port int, consumerPort int, stop <-chan struct{}) error
-	StopNATProxy()
+	traversal.NATProviderPinger
 	SetProtectSocketCallback(SocketProtect func(socket int) bool)
 }
 
@@ -64,6 +63,7 @@ func (wrapper *openvpnConnection) Start(options connection.ConnectOptions) error
 			clientConfig.VpnConfig.OriginalRemoteIP,
 			clientConfig.VpnConfig.OriginalRemotePort,
 			clientConfig.LocalPort,
+			clientConfig.LocalPort+1,
 			wrapper.pingerStop,
 		)
 		if err != nil {

mobile/mysterium/wireguard_connection_setup.go

@@ -20,8 +20,6 @@ package mysterium
 import (
 	"bufio"
 	"encoding/json"
-	"fmt"
-	"net"
 	"strings"
 	"time"
 
@@ -133,15 +131,6 @@ func newTunnDevice(wgTunnSetup WireguardTunnelSetup, config wireguard.ServiceCon
 		time.Sleep(time.Duration(config.Consumer.ConnectDelay) * time.Millisecond)
 	}
 
-	// Wait for local port to become available since it will be used as WireGuard listen port
-	// when provider is behind NAT.
-	if config.LocalPort > 0 {
-		log.Info().Msgf("Waiting for port %d to become available", config.LocalPort)
-		if err := waitUDPPortReadyFor(config.LocalPort, 10*time.Second); err != nil {
-			return nil, errors.Wrap(err, "failed to wait for UDP port")
-		}
-	}
-
 	fd, err := wgTunnSetup.Establish()
 	if err != nil {
 		return nil, err
@@ -157,24 +146,6 @@ func newTunnDevice(wgTunnSetup WireguardTunnelSetup, config wireguard.ServiceCon
 	return tunDevice, err
 }
 
-func waitUDPPortReadyFor(port int, timeout time.Duration) error {
-	timeoutChan := time.After(timeout)
-	for {
-		select {
-		case <-time.After(500 * time.Millisecond):
-			p, err := net.ListenPacket("udp", fmt.Sprintf(":%d", port))
-			if err != nil {
-				log.Err(err).Msgf("Port %d is in use. Trying to check again...", port)
-			} else {
-				p.Close()
-				return nil
-			}
-		case <-timeoutChan:
-			return fmt.Errorf("timeout waiting for UDP port %d", port)
-		}
-	}
-}
-
 type wireguardConnection struct {
 	done       chan struct{}
 	pingerStop chan struct{}
@@ -204,6 +175,7 @@ func (c *wireguardConnection) Start(options connection.ConnectOptions) (err erro
 			config.Provider.Endpoint.IP.String(),
 			config.RemotePort,
 			config.LocalPort,
+			0,
 			c.pingerStop,
 		)
 		if err != nil {