fix: err if no incoming capacity and no trusted nodes (#7361)

2025-12-06 10:59:55 +00:00 · 2024-03-27 23:53:09 +01:00
parent e2e09b4281
commit d6e4eab527
1 changed files with 27 additions and 7 deletions
--- a/crates/net/network/src/peers/manager.rs
+++ b/crates/net/network/src/peers/manager.rs
@ -237,7 +237,9 @@ impl PeersManager {
            return Err(InboundConnectionError::IpBanned)
        }

-        if self.connection_info.max_inbound == 0 && self.trusted_peer_ids.is_empty() {
+        if (!self.connection_info.has_in_capacity() || self.connection_info.max_inbound == 0) &&
+            self.trusted_peer_ids.is_empty()
+        {
            // if we don't have any inbound slots and no trusted peers, we don't accept any new
            // connections
            return Err(InboundConnectionError::ExceedsCapacity)
@ -1522,7 +1524,7 @@ impl Default for PeerBackoffDurations {
 }

 /// Error thrown when a incoming connection is rejected right away
-#[derive(Debug, Error)]
+#[derive(Debug, Error, PartialEq, Eq)]
 pub enum InboundConnectionError {
    /// The remote's ip address is banned
    IpBanned,
@ -1544,7 +1546,7 @@ mod tests {
        peers::{
            manager::{ConnectionInfo, PeerBackoffDurations, PeerConnectionState},
            reputation::DEFAULT_REPUTATION,
-            PeerAction,
+            InboundConnectionError, PeerAction,
        },
        session::PendingSessionHandshakeError,
        PeersConfig,
@ -2099,6 +2101,9 @@ mod tests {
    async fn accept_incoming_trusted_unknown_peer_address() {
        let socket_addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 1, 99)), 8008);
        let mut peers = PeersManager::new(PeersConfig::test().with_max_inbound(2));
+        // try to connect trusted peer
+        let trusted = PeerId::random();
+        peers.add_trusted_peer_id(trusted);

        // saturate the inbound slots
        for i in 0..peers.connection_info.max_inbound {
@ -2136,10 +2141,6 @@ mod tests {
            _ => unreachable!(),
        }

-        // try to connect trusted peer
-        let trusted = PeerId::random();
-        peers.add_trusted_peer_id(trusted);
-
        let socket_addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 1, 100)), 8008);
        assert!(peers.on_incoming_pending_session(socket_addr.ip()).is_ok());
        peers.on_incoming_session_established(trusted, socket_addr);
@ -2611,6 +2612,25 @@ mod tests {
        assert!(peers.peers.contains_key(&basic_peer));
    }

+    #[tokio::test]
+    async fn test_incoming_at_capacity() {
+        let mut config = PeersConfig::test();
+        config.connection_info.max_inbound = 1;
+        let mut peers = PeersManager::new(config);
+
+        let peer = PeerId::random();
+        let addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 1, 2)), 8009);
+        assert!(peers.on_incoming_pending_session(addr.ip()).is_ok());
+
+        peers.on_incoming_session_established(peer, addr);
+
+        let addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 1, 2)), 8009);
+        assert_eq!(
+            peers.on_incoming_pending_session(addr.ip()).unwrap_err(),
+            InboundConnectionError::ExceedsCapacity
+        );
+    }
+
    #[tokio::test]
    async fn test_tick() {
        let ip = IpAddr::V4(Ipv4Addr::new(127, 0, 1, 2));