refactor: disallow certain Source variants to be constructed externally

Fixes #3639

Author: dignifiedquire

iroh/src/magicsock/endpoint_map.rs

@@ -209,9 +209,8 @@ impl EndpointMap {
 /// address through multiple means.
 #[derive(Serialize, Deserialize, strum::Display, Debug, Clone, Eq, PartialEq, Hash)]
 #[strum(serialize_all = "kebab-case")]
+#[allow(private_interfaces)]
 pub enum Source {
-    /// Address was loaded from the fs.
-    Saved,
     /// An endpoint communicated with us first via UDP.
     Udp,
     /// An endpoint communicated with us first via relay.
@@ -231,18 +230,34 @@ pub enum Source {
         name: String,
     },
     /// The address was advertised by a call-me-maybe DISCO message.
-    CallMeMaybe,
+    #[strum(serialize = "CallMeMaybe")]
+    CallMeMaybe {
+        /// private marker
+        _0: Private,
+    },
     /// We received a ping on the path.
-    Ping,
+    #[strum(serialize = "Ping")]
+    Ping {
+        /// private marker
+        _0: Private,
+    },
     /// We established a connection on this address.
     ///
     /// Currently this means the path was in uses as [`PathId::ZERO`] when the a connection
     /// was added to the `EndpointStateActor`.
     ///
     /// [`PathId::ZERO`]: quinn_proto::PathId::ZERO
-    Connection,
+    #[strum(serialize = "Connection")]
+    Connection {
+        /// private marker
+        _0: Private,
+    },
 }
 
+/// Helper to ensure certain `Source` variants can not be constructed externally.
+#[derive(Serialize, Deserialize, Debug, Clone, Copy, Eq, PartialEq, Hash)]
+struct Private;
+
 /// An (Ip, Port) pair.
 ///
 /// NOTE: storing an [`IpPort`] is safer than storing a [`SocketAddr`] because for IPv6 socket

iroh/src/magicsock/endpoint_map/endpoint_state.rs

@@ -31,6 +31,7 @@ use crate::{
     endpoint::DirectAddr,
     magicsock::{
         DiscoState, HEARTBEAT_INTERVAL, MagicsockMetrics, PATH_MAX_IDLE_TIMEOUT,
+        endpoint_map::Private,
         mapped_addrs::{AddrMap, MappedAddr, RelayMappedAddr},
         transports::{self, OwnedTransmit, TransportsSender},
     },
@@ -378,7 +379,7 @@ impl EndpointStateActor {
                     .entry(path_remote)
                     .or_default()
                     .sources
-                    .insert(Source::Connection, Instant::now());
+                    .insert(Source::Connection { _0: Private }, Instant::now());
                 self.select_path();
 
                 if path_remote_is_ip {
@@ -439,7 +440,8 @@ impl EndpointStateActor {
             let ping = disco::Ping::new(self.local_endpoint_id);
 
             let path = self.paths.entry(dst.clone()).or_default();
-            path.sources.insert(Source::CallMeMaybe, now);
+            path.sources
+                .insert(Source::CallMeMaybe { _0: Private }, now);
             path.ping_sent = Some(ping.tx_id);
 
             event!(
@@ -481,7 +483,8 @@ impl EndpointStateActor {
             .await;
 
         let path = self.paths.entry(src).or_default();
-        path.sources.insert(Source::Ping, Instant::now());
+        path.sources
+            .insert(Source::Ping { _0: Private }, Instant::now());
 
         trace!("ping received, triggering holepunching");
         self.trigger_holepunching().await;
@@ -621,12 +624,12 @@ impl EndpointStateActor {
             .filter_map(|(addr, state)| {
                 if state
                     .sources
-                    .get(&Source::CallMeMaybe)
+                    .get(&Source::CallMeMaybe { _0: Private })
                     .map(|when| when.elapsed() <= CALL_ME_MAYBE_VALIDITY)
                     .unwrap_or_default()
                     || state
                         .sources
-                        .get(&Source::Ping)
+                        .get(&Source::Ping { _0: Private })
                         .map(|when| when.elapsed() <= CALL_ME_MAYBE_VALIDITY)
                         .unwrap_or_default()
                 {
@@ -824,7 +827,7 @@ impl EndpointStateActor {
                         .entry(path_remote.clone())
                         .or_default()
                         .sources
-                        .insert(Source::Connection, Instant::now());
+                        .insert(Source::Connection { _0: Private }, Instant::now());
                 }
 
                 self.select_path();