evo: introduce purpose-based port restrictions

Additionally, ports defined as defaults are exempt from bad port
restrictions for that purpose. In other purposes, they are still
considered bad ports.

Author: kwvg

src/evo/netinfo.cpp

@@ -44,6 +44,20 @@ bool MatchSuffix(const std::string& str, const T1& list)
     }
     return false;
 }
+
+uint16_t GetMainnetPurposePort(const uint8_t purpose)
+{
+    assert(IsValidPurpose(purpose));
+    switch (purpose) {
+    case Purpose::CORE_P2P:
+        return MainParams().GetDefaultPort();
+    case Purpose::PLATFORM_P2P:
+        return MainParams().GetDefaultPlatformP2PPort();
+    case Purpose::PLATFORM_HTTPS:
+        return MainParams().GetDefaultPlatformHTTPPort();
+    } // no default case, so the compiler can warn about missing cases
+    assert(false);
+}
 } // anonymous namespace
 
 bool NetInfoEntry::operator==(const NetInfoEntry& rhs) const
@@ -213,9 +227,8 @@ NetInfoStatus MnNetInfo::ValidateService(const CService& service)
         return NetInfoStatus::NotRoutable;
     }
 
-    if (IsNodeOnMainnet() != (service.GetPort() == MainParams().GetDefaultPort())) {
-        // Must use mainnet port on mainnet.
-        // Must NOT use mainnet port on other networks.
+    if (IsNodeOnMainnet() != (service.GetPort() == GetMainnetPurposePort(Purpose::CORE_P2P))) {
+        // Must use mainnet port on mainnet and any other port for other networks
         return NetInfoStatus::BadPort;
     }
 
@@ -359,7 +372,7 @@ NetInfoStatus ExtNetInfo::ProcessCandidate(const uint8_t purpose, const NetInfoE
     }
 }
 
-NetInfoStatus ExtNetInfo::ValidateService(const CService& service, bool is_primary)
+NetInfoStatus ExtNetInfo::ValidateService(const CService& service, const uint8_t purpose, bool is_primary)
 {
     if (!service.IsValid()) {
         return NetInfoStatus::BadAddress;
@@ -370,16 +383,27 @@ NetInfoStatus ExtNetInfo::ValidateService(const CService& service, bool is_prima
     if (Params().RequireRoutableExternalIP() && !service.IsRoutable()) {
         return NetInfoStatus::NotRoutable;
     }
-    if (service.IsI2P() && service.GetPort() != I2P_SAM31_PORT) {
+
+    const uint16_t service_port{service.GetPort()};
+    if (service.IsI2P() && service_port != I2P_SAM31_PORT) {
         // I2P SAM 3.1 and earlier don't support arbitrary ports
         return NetInfoStatus::BadPort;
-    } else if (!service.IsI2P() && (IsBadPort(service.GetPort()) || service.GetPort() == 0)) {
+    } else if (!service.IsI2P() &&
+               ((IsBadPort(service_port) && service_port != GetMainnetPurposePort(purpose)) || service_port == 0)) {
         return NetInfoStatus::BadPort;
     }
+
     if (is_primary) {
         if (!service.IsIPv4()) {
             return NetInfoStatus::BadType;
         }
+        if (IsNodeOnMainnet() && service_port != GetMainnetPurposePort(purpose)) {
+            // On mainnet, the primary address must use the fixed port assigned to the purpose
+            return NetInfoStatus::BadPort;
+        } else if (!IsNodeOnMainnet() && service_port == GetMainnetPurposePort(Purpose::CORE_P2P)) {
+            // The mainnet CORE_P2P port may not be used for any purpose outside of mainnet
+            return NetInfoStatus::BadPort;
+        }
     }
 
     return NetInfoStatus::Success;
@@ -415,7 +439,7 @@ NetInfoStatus ExtNetInfo::AddEntry(const uint8_t purpose, const std::string& inp
             CNetAddr netaddr;
             if (netaddr.SetSpecial(addr)) {
                 const CService service{netaddr, port};
-                const auto ret{ValidateService(service, /*is_primary=*/false)};
+                const auto ret{ValidateService(service, purpose, /*is_primary=*/false)};
                 if (ret == NetInfoStatus::Success) {
                     return ProcessCandidate(purpose, NetInfoEntry{service});
                 }
@@ -428,7 +452,7 @@ NetInfoStatus ExtNetInfo::AddEntry(const uint8_t purpose, const std::string& inp
     // IP:port safe, try to parse it as IP:port
     if (auto service_opt{Lookup(addr, /*portDefault=*/port, /*fAllowLookup=*/false)}) {
         const auto service{MaybeFlipIPv6toCJDNS(*service_opt)};
-        const auto ret{ValidateService(service, is_primary)};
+        const auto ret{ValidateService(service, purpose, is_primary)};
         if (ret == NetInfoStatus::Success) {
             return ProcessCandidate(purpose, NetInfoEntry{service});
         }
@@ -494,7 +518,7 @@ NetInfoStatus ExtNetInfo::Validate() const
                 return NetInfoStatus::Malformed;
             }
             if (const auto& service_opt{entry.GetAddrPort()}) {
-                if (auto ret{ValidateService(*service_opt, /*is_primary=*/entry == *entries.begin())};
+                if (auto ret{ValidateService(*service_opt, purpose, /*is_primary=*/entry == *entries.begin())};
                     ret != NetInfoStatus::Success) {
                     // Stores CService underneath but doesn't pass validation rules
                     return ret;

src/evo/netinfo.h

@@ -262,7 +262,7 @@ class ExtNetInfo final : public NetInfoInterface
     bool HasDuplicates(const std::vector<NetInfoEntry>* entries) const;
     bool IsDuplicateCandidate(const NetInfoEntry& candidate, const std::vector<NetInfoEntry>* entries) const;
     NetInfoStatus ProcessCandidate(const uint8_t purpose, const NetInfoEntry& candidate);
-    static NetInfoStatus ValidateService(const CService& service, bool is_primary);
+    static NetInfoStatus ValidateService(const CService& service, const uint8_t purpose, bool is_primary);
 
 private:
     uint8_t m_version{CURRENT_VERSION};

src/test/evo_netinfo_tests.cpp

@@ -23,9 +23,8 @@ static const TestVectors vals_main{
     // - Port should default to default P2P core with MnNetInfo
     // - Ports are no longer implied with ExtNetInfo
     {{Purpose::CORE_P2P, "1.1.1.1"}, NetInfoStatus::Success, NetInfoStatus::BadPort},
-    // - Non-mainnet port on mainnet causes failure in MnNetInfo
-    // - ExtNetInfo is indifferent to choice of port unless it's a bad port which 9998 isn't
-    {{Purpose::CORE_P2P, "1.1.1.1:9998"}, NetInfoStatus::BadPort, NetInfoStatus::Success},
+    // Non-mainnet port on mainnet not allowed
+    {{Purpose::CORE_P2P, "1.1.1.1:9998"}, NetInfoStatus::BadPort, NetInfoStatus::BadPort},
     // Internal addresses not allowed on mainnet
     {{Purpose::CORE_P2P, "127.0.0.1:9999"}, NetInfoStatus::NotRoutable, NetInfoStatus::NotRoutable},
     // Valid IPv4 formatting but invalid IPv4 address
@@ -44,9 +43,14 @@ static const TestVectors vals_main{
     {{Purpose::CORE_P2P, ":9999"}, NetInfoStatus::BadInput, NetInfoStatus::BadInput},
     // Bad purpose code
     {{64, "1.1.1.1:9999"}, NetInfoStatus::MaxLimit, NetInfoStatus::MaxLimit},
-    // - MnNetInfo doesn't allow storing anything except a Core P2P address
-    // - ExtNetInfo allows storing Platform P2P addresses
-    {{Purpose::PLATFORM_P2P, "1.1.1.1:9999"}, NetInfoStatus::MaxLimit, NetInfoStatus::Success},
+    // - MnNetInfo only supports CORE_P2P and cannot store PLATFORM_HTTPS
+    // - ExtNetInfo can store PLATFORM_HTTPS but non-default ports are not allowed on mainnet
+    {{Purpose::PLATFORM_HTTPS, "1.1.1.1:443"}, NetInfoStatus::MaxLimit, NetInfoStatus::Success},
+    {{Purpose::PLATFORM_HTTPS, "1.1.1.1:1445"}, NetInfoStatus::MaxLimit, NetInfoStatus::BadPort},
+    // - MnNetInfo only supports CORE_P2P and cannot store PLATFORM_HTTPS
+    // - ExtNetInfo can store PLATFORM_P2P but non-default ports are not allowed on mainnet
+    {{Purpose::PLATFORM_P2P, "1.1.1.1:26656"}, NetInfoStatus::MaxLimit, NetInfoStatus::Success},
+    {{Purpose::PLATFORM_P2P, "1.1.1.1:26657"}, NetInfoStatus::MaxLimit, NetInfoStatus::BadPort},
 };
 
 void ValidateGetEntries(const NetInfoList& entries, const size_t expected_size)
@@ -125,12 +129,21 @@ static const TestVectors vals_reg{
     // - MnNetInfo doesn't mind using port 0
     // - ExtNetInfo prohibits non-zero ports
     {{Purpose::CORE_P2P, "1.1.1.1:0"}, NetInfoStatus::Success, NetInfoStatus::BadPort},
-    // - Mainnet P2P port on non-mainnet cause failure in MnNetInfo
-    // - ExtNetInfo is indifferent to choice of port unless it's a bad port which 9999 isn't
-    {{Purpose::CORE_P2P, "1.1.1.1:9999"}, NetInfoStatus::BadPort, NetInfoStatus::Success},
+    // Mainnet P2P port on non-mainnet not allowed
+    {{Purpose::CORE_P2P, "1.1.1.1:9999"}, NetInfoStatus::BadPort, NetInfoStatus::BadPort},
     // - Non-mainnet P2P port is allowed in MnNetInfo regardless of bad port status
     // - Port 22 (SSH) is below the privileged ports threshold (1023) and is therefore a bad port, disallowed in ExtNetInfo
     {{Purpose::CORE_P2P, "1.1.1.1:22"}, NetInfoStatus::Success, NetInfoStatus::BadPort},
+    // - MnNetInfo only supports CORE_P2P and cannot store PLATFORM_HTTPS
+    // - ExtNetInfo can store PLATFORM_HTTPS but default and non-default ports are allowed on non-mainnet
+    {{Purpose::PLATFORM_HTTPS, "1.1.1.1:443"}, NetInfoStatus::MaxLimit, NetInfoStatus::Success},
+    {{Purpose::PLATFORM_HTTPS, "1.1.1.1:1445"}, NetInfoStatus::MaxLimit, NetInfoStatus::Success},
+    // The port 443 bad ports carve-out doesn't apply outside PLATFORM_HTTPS (where it is default)
+    {{Purpose::PLATFORM_P2P, "1.1.1.1:443"}, NetInfoStatus::MaxLimit, NetInfoStatus::BadPort},
+    // - MnNetInfo only supports CORE_P2P and cannot store PLATFORM_P2P
+    // - ExtNetInfo can store PLATFORM_P2P but default and non-default ports are allowed on non-mainnet
+    {{Purpose::PLATFORM_P2P, "1.1.1.1:26656"}, NetInfoStatus::MaxLimit, NetInfoStatus::Success},
+    {{Purpose::PLATFORM_P2P, "1.1.1.1:26657"}, NetInfoStatus::MaxLimit, NetInfoStatus::Success},
 };
 
 enum class ExpectedType : uint8_t {