Ipv6 dual-stack by default

sigp · Jan 15, 2025 · 7ee6a71 · 7ee6a71
1 parent 06e4d22
commit 7ee6a71
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/beacon_node/lighthouse_network/Cargo.toml b/beacon_node/lighthouse_network/Cargo.toml
@@ -19,6 +19,7 @@ fnv = { workspace = true }
 futures = { workspace = true }
 gossipsub = { workspace = true }
 hex = { workspace = true }
+local-ip-address = "0.6"
 itertools = { workspace = true }
 libp2p-mplex = "0.42"
 lighthouse_version = { workspace = true }

diff --git a/beacon_node/lighthouse_network/src/config.rs b/beacon_node/lighthouse_network/src/config.rs
@@ -6,6 +6,7 @@ use directory::{
     DEFAULT_BEACON_NODE_DIR, DEFAULT_HARDCODED_NETWORK, DEFAULT_NETWORK_DIR, DEFAULT_ROOT_DIR,
 };
 use libp2p::Multiaddr;
+use local_ip_address::local_ipv6;
 use serde::{Deserialize, Serialize};
 use sha2::{Digest, Sha256};
 use std::net::{Ipv4Addr, Ipv6Addr};
@@ -265,6 +266,18 @@ impl Config {
         }
     }
 
+    /// A helper function to check if the local host has a globally routeable IPv6 address. If so,
+    /// returns true.
+    pub fn is_ipv6_supported() -> bool {
+        // If IPv6 is supported
+        let Ok(std::net::IpAddr::V6(local_ip)) = local_ipv6() else {
+            return false;
+        };
+
+        // If its globally routable, return true
+        is_global_ipv6(&local_ip)
+    }
+
     pub fn listen_addrs(&self) -> &ListenAddress {
         &self.listen_addresses
     }

diff --git a/beacon_node/src/cli.rs b/beacon_node/src/cli.rs
@@ -224,6 +224,13 @@ pub fn cli_app() -> Command {
                 .action(ArgAction::Set)
                 .display_order(0)
         )
+        .arg(
+            Arg::new("disable-ipv6")
+                .long("disable-ipv6")
+                .help("If 0.0.0.0 is set as the IPv4 listening address and the host has a globally routeable IPv6 address, Lighthouse will listen on :: by default, in dual-stack mode. This flag prevents this.")
+                .action(ArgAction::SetTrue)
+                .display_order(0)
+        )
         .arg(
             Arg::new("target-peers")
                 .long("target-peers")

diff --git a/beacon_node/src/config.rs b/beacon_node/src/config.rs
@@ -899,6 +899,7 @@ pub fn parse_listening_addresses(
     // parse the possible ips
     let mut maybe_ipv4 = None;
     let mut maybe_ipv6 = None;
+
     for addr_str in listen_addresses_str {
         let addr = addr_str.parse::<IpAddr>().map_err(|parse_error| {
             format!("Failed to parse listen-address ({addr_str}) as an Ip address: {parse_error}")
@@ -926,6 +927,19 @@ pub fn parse_listening_addresses(
         }
     }
 
+    // If we have specified an IPv4 listen address and not an IPv6 address and the
+    // host has a globally routeable IPv6 address and the CLI doesn't expressly disable IPv6,
+    // then we also listen on IPv6.
+    // Note that we will only listen on all interfaces if the IPv4 counterpart is also listening on
+    // all interfaces, to prevent accidental exposure of ports.
+    if maybe_ipv4 == Some(Ipv4Addr::UNSPECIFIED)
+        && maybe_ipv6.is_none()
+        && !cli_args.get_flag("disable_ipv6")
+        && NetworkConfig::is_ipv6_supported()
+    {
+        maybe_ipv6 = Some(Ipv6Addr::UNSPECIFIED);
+    }
+
     // parse the possible tcp ports
     let port = cli_args
         .get_one::<String>("port")