Add netmask filter transport configuration + interface allowlist and …

…blocklist (#659) * Add documentation for interfaces configuration (netmask_filter/allowlist/blocklist) Signed-off-by: Juan Lopez Fernandez <[email protected]> * Update after Fast-DDS branch changes Signed-off-by: Juan Lopez Fernandez <[email protected]> * Apply suggestions Signed-off-by: Juan Lopez Fernandez <[email protected]> * Minor changes Signed-off-by: Juan Lopez Fernandez <[email protected]> * Add example with explicit NetworkInterface construction + minor changes Signed-off-by: Juan Lopez Fernandez <[email protected]> --------- Signed-off-by: Juan Lopez Fernandez <[email protected]>
eProsima · Mar 17, 2024 · 079dde6 · 079dde6
1 parent 4011cfd
commit 079dde6
Show file tree

Hide file tree

Showing 13 changed files with 481 additions and 6 deletions.
diff --git a/code/DDSCodeTester.cpp b/code/DDSCodeTester.cpp
@@ -34,6 +34,9 @@
 #include <fastdds/rtps/attributes/ThreadSettings.hpp>
 #include <fastdds/rtps/transport/ChainingTransport.h>
 #include <fastdds/rtps/transport/ChainingTransportDescriptor.h>
+#include <fastdds/rtps/transport/network/AllowedNetworkInterface.hpp>
+#include <fastdds/rtps/transport/network/BlockedNetworkInterface.hpp>
+#include <fastdds/rtps/transport/network/NetmaskFilterKind.hpp>
 #include <fastdds/rtps/transport/shared_mem/SharedMemTransportDescriptor.h>
 #include <fastdds/rtps/transport/TCPTransportDescriptor.h>
 #include <fastdds/rtps/transport/TCPv4TransportDescriptor.h>
@@ -4909,6 +4912,85 @@ void dds_transport_examples ()
         //!--
     }
 
+    {
+        using namespace eprosima::fastdds::rtps;
+        //CONF-NETMASK-FILTER
+        DomainParticipantQos qos;
+
+        // Configure netmask filtering at participant level
+        qos.transport().netmask_filter = NetmaskFilterKind::AUTO;
+        qos.wire_protocol().ignore_non_matching_locators = true; // Required if not defining an allowlist or blocklist
+
+        // Create a descriptor for the new transport.
+        auto udp_transport = std::make_shared<UDPv4TransportDescriptor>();
+
+        // Configure netmask filtering at transport level
+        udp_transport->netmask_filter = NetmaskFilterKind::AUTO;
+        qos.wire_protocol().ignore_non_matching_locators = true; // Required if not defining an allowlist or blocklist
+
+        // Configure netmask filtering at interface level
+        udp_transport->interface_allowlist.emplace_back("wlp59s0", NetmaskFilterKind::ON);
+
+        // Link the Transport Layer to the Participant.
+        qos.transport().user_transports.push_back(udp_transport);
+
+        // Avoid using the builtin transports
+        qos.transport().use_builtin_transports = false;
+        //!--
+    }
+
+    {
+        using namespace eprosima::fastdds::rtps;
+        //CONF-INTERFACES-ALLOWLIST
+        DomainParticipantQos qos;
+
+        // Create a descriptor for the new transport.
+        auto udp_transport = std::make_shared<UDPv4TransportDescriptor>();
+
+        // Add allowed interface by device name
+        udp_transport->interface_allowlist.emplace_back("eth0", NetmaskFilterKind::OFF);
+
+        // Add allowed interface by IP address (using default netmask filter AUTO)
+        udp_transport->interface_allowlist.emplace_back("127.0.0.1");
+
+        // Add allowed interface with explicit AllowedNetworkInterface construction
+        AllowedNetworkInterface another_allowed_interface("docker0", NetmaskFilterKind::OFF);
+        udp_transport->interface_allowlist.emplace_back(another_allowed_interface);
+
+        // Link the Transport Layer to the Participant.
+        qos.transport().user_transports.push_back(udp_transport);
+
+        // Avoid using the builtin transports
+        qos.transport().use_builtin_transports = false;
+        //!--
+    }
+
+    {
+        using namespace eprosima::fastdds::rtps;
+        //CONF-INTERFACES-BLOCKLIST
+        DomainParticipantQos qos;
+
+        // Create a descriptor for the new transport.
+        auto udp_transport = std::make_shared<UDPv4TransportDescriptor>();
+
+        // Add blocked interface by device name
+        udp_transport->interface_blocklist.emplace_back("docker0");
+
+        // Add blocked interface by IP address
+        udp_transport->interface_blocklist.emplace_back("127.0.0.1");
+
+        // Add blocked interface with explicit BlockedNetworkInterface construction
+        BlockedNetworkInterface another_blocked_interface("eth0");
+        udp_transport->interface_blocklist.emplace_back(another_blocked_interface);
+
+        // Link the Transport Layer to the Participant.
+        qos.transport().user_transports.push_back(udp_transport);
+
+        // Avoid using the builtin transports
+        qos.transport().use_builtin_transports = false;
+        //!--
+    }
+
     {
         //CONF-DISABLE-MULTICAST
         DomainParticipantQos qos;

diff --git a/code/XMLTester.xml b/code/XMLTester.xml
@@ -1004,6 +1004,99 @@
     </participant>
 <!--><-->
 
+<!-->PARTICIPANT-NETMASK-FILTER<-->
+<!--
+<?xml version="1.0" encoding="UTF-8" ?>
+<profiles xmlns="http://www.eprosima.com/XMLSchemas/fastRTPS_Profiles">
+-->
+    <participant profile_name="CustomTcpParticipantNetmaskFilterParticipant">
+        <rtps>
+            <ignore_non_matching_locators>true</ignore_non_matching_locators>
+            <netmask_filter>ON</netmask_filter>
+        </rtps>
+    </participant>
+<!--><-->
+
+<!-->TRANSPORT-NETMASK-FILTER<-->
+<!--
+<?xml version="1.0" encoding="UTF-8" ?>
+<profiles xmlns="http://www.eprosima.com/XMLSchemas/fastRTPS_Profiles">
+-->
+    <transport_descriptors>
+        <transport_descriptor>
+            <transport_id>CustomTcpTransportNetmaskFilter</transport_id>
+            <type>TCPv4</type>
+            <netmask_filter>ON</netmask_filter>
+        </transport_descriptor>
+    </transport_descriptors>
+
+    <participant profile_name="CustomTcpTransportNetmaskFilterParticipant">
+        <rtps>
+            <useBuiltinTransports>false</useBuiltinTransports>
+            <userTransports>
+                <transport_id>CustomTcpTransportNetmaskFilter</transport_id>
+            </userTransports>
+            <ignore_non_matching_locators>true</ignore_non_matching_locators>
+        </rtps>
+    </participant>
+<!--><-->
+
+<!-->INTERFACES-ALLOWLIST<-->
+<!--
+<?xml version="1.0" encoding="UTF-8" ?>
+<profiles xmlns="http://www.eprosima.com/XMLSchemas/fastRTPS_Profiles">
+-->
+    <transport_descriptors>
+        <transport_descriptor>
+            <transport_id>CustomTcpTransportAllowlist</transport_id>
+            <type>TCPv4</type>
+            <interfaces>
+                <allowlist>
+                    <interface name="wlp59s0" netmask_filter="ON"/>
+                    <interface name="192.168.1.10" netmask_filter="OFF"/>
+                </allowlist>
+            </interfaces>
+        </transport_descriptor>
+    </transport_descriptors>
+
+    <participant profile_name="CustomTcpTransportAllowlistParticipant">
+        <rtps>
+            <useBuiltinTransports>false</useBuiltinTransports>
+            <userTransports>
+                <transport_id>CustomTcpTransportAllowlist</transport_id>
+            </userTransports>
+        </rtps>
+    </participant>
+<!--><-->
+
+<!-->INTERFACES-BLOCKLIST<-->
+<!--
+<?xml version="1.0" encoding="UTF-8" ?>
+<profiles xmlns="http://www.eprosima.com/XMLSchemas/fastRTPS_Profiles">
+-->
+    <transport_descriptors>
+        <transport_descriptor>
+            <transport_id>CustomTcpTransportBlocklist</transport_id>
+            <type>TCPv4</type>
+            <interfaces>
+                <blocklist>
+                    <interface name="127.0.0.1"/>
+                    <interface name="docker0"/>
+                </blocklist>
+            </interfaces>
+        </transport_descriptor>
+    </transport_descriptors>
+
+    <participant profile_name="CustomTcpTransportBlocklistParticipant">
+        <rtps>
+            <useBuiltinTransports>false</useBuiltinTransports>
+            <userTransports>
+                <transport_id>CustomTcpTransportBlocklist</transport_id>
+            </userTransports>
+        </rtps>
+    </participant>
+<!--><-->
+
 <!-->CONF-TRANSPORT_METAMULTICASTLOCATOR<-->
 <!--
 <?xml version="1.0" encoding="UTF-8" ?>
@@ -1094,7 +1187,8 @@
         <transport_id>CustomTransport</transport_id>
         <type>UDPv4</type>
         <interfaceWhiteList>
-            <address>127.0.0.1</address>
+            <address>192.168.1.10</address>
+            <interface>lo</interface>
         </interfaceWhiteList>
     </transport_descriptor>
 
@@ -1110,7 +1204,7 @@
         <maxInitialPeersRange>100</maxInitialPeersRange>
         <interfaceWhiteList>
             <address>192.168.1.41</address>
-            <address>127.0.0.1</address>
+            <interface>lo</interface>
         </interfaceWhiteList>
         <wan_addr>80.80.55.44</wan_addr>
         <output_port>5101</output_port>
@@ -1279,6 +1373,8 @@
 
                 <listenSocketBufferSize>8192</listenSocketBufferSize>
 
+                <netmask_filter>ON</netmask_filter>
+
                 <builtin>
                     <!-- BUILTIN -->
                 </builtin>
@@ -3803,9 +3899,19 @@
                 <receiveBufferSize>8192</receiveBufferSize>
                 <maxMessageSize>16384</maxMessageSize>
                 <maxInitialPeersRange>100</maxInitialPeersRange>
+                <netmask_filter>AUTO</netmask_filter>
+                <interfaces>
+                    <allowlist>
+                        <interface name="wlp59s0" netmask_filter="ON"/>
+                    </allowlist>
+                    <blocklist>
+                        <interface name="127.0.0.1"/>
+                        <interface name="docker0"/>
+                    </blocklist>
+                </interfaces>
                 <interfaceWhiteList>
                     <address>192.168.1.41</address>
-                    <address>127.0.0.1</address>
+                    <interface>lo</interface>
                 </interfaceWhiteList>
                 <TTL>250</TTL>
                 <non_blocking_send>false</non_blocking_send>

diff --git a/code/XMLTesterExample.xml b/code/XMLTesterExample.xml
@@ -10,9 +10,19 @@
                 <receiveBufferSize>8192</receiveBufferSize>
                 <maxMessageSize>16384</maxMessageSize>
                 <maxInitialPeersRange>100</maxInitialPeersRange>
+                <netmask_filter>AUTO</netmask_filter>
+                <interfaces>
+                    <allowlist>
+                        <interface name="wlp59s0" netmask_filter="ON"/>
+                    </allowlist>
+                    <blocklist>
+                        <interface name="127.0.0.1"/>
+                        <interface name="docker0"/>
+                    </blocklist>
+                </interfaces>
                 <interfaceWhiteList>
                     <address>192.168.1.41</address>
-                    <address>127.0.0.1</address>
+                    <interface>lo</interface>
                 </interfaceWhiteList>
                 <wan_addr>80.80.55.44</wan_addr>
                 <keep_alive_frequency_ms>5000</keep_alive_frequency_ms>
@@ -212,6 +222,7 @@
                 <ignore_non_matching_locators>true</ignore_non_matching_locators>
                 <sendSocketBufferSize>8192</sendSocketBufferSize>
                 <listenSocketBufferSize>8192</listenSocketBufferSize>
+                <netmask_filter>AUTO</netmask_filter>
 
                 <builtin>
                     <discovery_config>

diff --git a/docs/03-exports/aliases-api.include b/docs/03-exports/aliases-api.include
@@ -612,6 +612,15 @@
 .. |SocketTransportDescriptor::interfaceWhiteList-api| replace:: :cpp:var:`interfaceWhiteList<eprosima::fastdds::rtps::SocketTransportDescriptor::interfaceWhiteList>`
 .. |SocketTransportDescriptor::TTL-api| replace:: :cpp:var:`TTL<eprosima::fastdds::rtps::SocketTransportDescriptor::TTL>`
 
+.. |NetmaskFilterKind-api| replace:: :cpp:enum:`NetmaskFilterKind<eprosima::fastdds::rtps::NetmaskFilterKind>`
+.. |NetmaskFilterKind::ON-api| replace:: :cpp:enumerator:`ON<eprosima::fastdds::rtps::NetmaskFilterKind::ON>`
+.. |NetmaskFilterKind::OFF-api| replace:: :cpp:enumerator:`OFF<eprosima::fastdds::rtps::NetmaskFilterKind::OFF>`
+.. |NetmaskFilterKind::AUTO-api| replace:: :cpp:enumerator:`AUTO<eprosima::fastdds::rtps::NetmaskFilterKind::AUTO>`
+.. |SocketTransportDescriptor::netmask_filter-api| replace:: :cpp:var:`netmask_filter<eprosima::fastdds::rtps::SocketTransportDescriptor::netmask_filter>`
+.. |SocketTransportDescriptor::interface_allowlist-api| replace:: :cpp:var:`allowlist<eprosima::fastdds::rtps::SocketTransportDescriptor::interface_allowlist>`
+.. |SocketTransportDescriptor::interface_blocklist-api| replace:: :cpp:var:`blocklist<eprosima::fastdds::rtps::SocketTransportDescriptor::interface_blocklist>`
+
+
 .. |UDPTransportDescriptor::m_output_udp_socket-api| replace:: :cpp:var:`m_output_udp_socket<eprosima::fastdds::rtps::UDPTransportDescriptor::m_output_udp_socket>`
 .. |UDPTransportDescriptor::non_blocking_send-api| replace:: :cpp:var:`non_blocking_send<eprosima::fastdds::rtps::UDPTransportDescriptor::non_blocking_send>`
 .. |UDPv4TransportDescriptor-api| replace:: :cpp:struct:`UDPv4TransportDescriptor<eprosima::fastdds::rtps::UDPv4TransportDescriptor>`

diff --git a/docs/fastdds/api_reference/spelling_wordlist.txt b/docs/fastdds/api_reference/spelling_wordlist.txt
@@ -3,11 +3,13 @@ ACKs
 addReaderLocator
 addReaderProxy
 addWriterProxy
+allowlist
 assignability
 autodispose
 autoenable
 autopurge
 behaviour
+blocklist
 booleans
 bytesPerPeriod
 cacheChange
@@ -93,6 +95,7 @@ mutexes
 myFilterFactory
 nackResponseDelay
 nackSupressionDuration
+netmask
 NonConstEnabler
 NoOpDomainParticipantListener
 nullptr
@@ -150,6 +153,7 @@ Struct
 Subclassed
 subclasses
 subentities
+subnetwork
 SubscriberListener
 SubscriptionMatchedStatus
 synchronism