-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
reject hole punching attempts when we don't have any public addresses #1214
Conversation
e24daa6
to
2c760aa
Compare
@@ -219,6 +221,10 @@ func (hs *Service) directConnect(rp peer.ID) error { | |||
} | |||
} | |||
|
|||
if len(hs.ids.OwnObservedAddrs()) == 0 { | |||
return errors.New("can't initiate hole punch, as we don't have any public addresses") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's make this a named error, we use it in a few places.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't have to be public.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's keep them different for now. This will make debugging easier.
obsDial := addrsFromBytes(msg.ObsAddrs) | ||
obsDial := removeRelayAddrs(addrsFromBytes(msg.ObsAddrs)) | ||
if len(obsDial) == 0 { | ||
return 0, nil, fmt.Errorf("expected CONNECT message to contain at least one message") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why fmt.Errorf
? There is no interpolation here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, named error as well would be nice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Converted to errors.New
.
2c760aa
to
1f5db5a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but can we address the (minor) comments?
I'm working on an update to this PR: We should wait until we actually have a public address, before we:
The problem I'm running into is mostly how to test this. |
4036a06
to
b74e94e
Compare
@vyzo I made the changes to the coordination protocol: We now only start the hole punching service once we have a public address (without a publicly dialable address, there’s no way a hole punch can succeed: the peer wouldn’t even know who to dial). I think that the code is correct as it is right now. Even after a long time of playing around with this code, I can’t find a way to make the tests work. The problem is that
Any idea how to proceed here? |
can we clobber manet's private address ranges so that `IsPublicAddr`
returns true?
…On Tue, Oct 26, 2021, 16:24 Marten Seemann ***@***.***> wrote:
@vyzo <https://github.com/vyzo> I made the changes to the coordination
protocol: We now only start the hole punching service once we have a public
address (without a publicly dialable address, there’s no way a hole punch
can succeed: the peer wouldn’t even know who to dial). I *think* that the
code is correct as it is right now.
Even after a long time of playing around with this code, I can’t find a
way to make the tests work. The problem is that
1. we only start the hole punch service once we have a public address
2. we try a direct dial if a node has a public address (note that a
direct dial *always* succeeds in the setup, since we don't have an
actual NAT implementation)
Any idea how to proceed here?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1214 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAI4SR7AQD6UFC57LJOTZLUI2TZLANCNFSM5FC4L7KA>
.
|
We can, and that would allow us to start the holepunch service. But that would also mean that the check if any of the peer's addresses are public in
would succeed, and we wouldn't holepunch, but do a direct connect instead. |
it is even worse: when we enable autotelay, we install an address factory that will rewrite Addrs and end up nevwr having a public address. |
4e776e5
to
51bfb25
Compare
I updated this PR, using the observed addresses to determine if we have a public address. Also, we can't listen for the |
51bfb25
to
65d7070
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good, can we also fix the two small nits?
65d7070
to
a2fd8e8
Compare
a2fd8e8
to
da4c861
Compare
da4c861
to
ac2d335
Compare
If we don't have any public addresses, the hole punch attempt is bound to fail - there's no address that can be used to dial us.
Question: Any idea how to fix the tests?
IDService.OwnObservedAddrs()
always returns an empty set of addresses, as we're not really running the ID protocol (and we're only listening on localhost anyway). The obvious solution would be to mock theIDService
, but it's not an interface.