-
Notifications
You must be signed in to change notification settings - Fork 999
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(autonat): Implement AutoNATv2 #5526
Conversation
…n if we already have a listener for outgoing connections.
@jxs this already got an approving review over on umgefahren#1 but it wouldn't hurt if you took a look at it before merging. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work @umgefahren ! This has been vetted extensively in your fork already, so good to go from my end.
Co-authored-by: Thomas Eizinger <[email protected]>
Co-authored-by: Thomas Eizinger <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for all the hard work Hannes, and again Thomas for the review! ❤️
It was a pleasure and I'm so grateful we are here. |
Closes: libp2p#4524 This is the implementation of the evolved AutoNAT protocol, named AutonatV2 as defined in the [spec](https://github.com/libp2p/specs/blob/03718ef0f2dea4a756a85ba716ee33f97e4a6d6c/autonat/autonat-v2.md). The stabilization PR for the spec can be found under libp2p/specs#538. The work on the Rust implementation can be found in the PR to my fork: umgefahren#1. The implementation has been smoke-tested with the Go implementation (PR: libp2p/go-libp2p#2469). The new protocol addresses shortcomings of the original AutoNAT protocol: - Since the server now always dials back over a newly allocated port, this made libp2p#4568 necessary; the client can be sure of the reachability state for other peers, even if the connection to the server was made through a hole punch. - The server can now test addresses different from the observed address (i.e., the connection to the server was made through a `p2p-circuit`). To mitigate against DDoS attacks, the client has to send more data to the server than the dial-back costs. Pull-Request: libp2p#5526.
I've been testing out this v2 protocol. When testing locally I see that my loopback address is being confirmed as external address. I'm curious if this is designed on purpose like that. E.g. would I need to remove the external address in logic for I'd happily make an issue for this, but perhaps I am using the behaviour wrong as there isn't a lot of surface documentation on the usage. (The v1 protocol has built-in confidence logic, which I reckon we're supposed to implement ourselves in v2, which I fully stand behind, but just wondering how this is supposed to work.) |
Description
Closes: #4524
This is the implementation of the evolved AutoNAT protocol, named AutonatV2 as defined in the spec.
The stabilization PR for the spec can be found under libp2p/specs#538.
The work on the Rust implementation can be found in the PR to my fork: umgefahren#1.
The implementation has been smoke-tested with the Go implementation (PR: libp2p/go-libp2p#2469).
The new protocol addresses shortcomings of the original AutoNAT protocol:
p2p-circuit
). To mitigate against DDoS attacks, the client has to send more data to the server than the dial-back costs.Notes & open questions
Notes
IPv4 & IPv6
There are open questions on how to handle cases where a client is only reachable over IPv4 or IPv6, but the server is connected to a network with an incompatible IP family.
Relevant comments in the other PR:
The decision was made to ship the improvement in a later version, when we know more about the issue. It's still an improvement over AutoNATv1.
Handling these cases would be easier once rust-lang/rust#86442 is merged.
Picking algorithm
The spec proposes a picking algorithm for the address tested by the server. At the moment, the server is just using the first address sent by the client. An improvement to this algorithm can be implemented later.
Open questions
Change checklist
This work was sponsored by the Filecoin grant program: filecoin-project/devgrants#1421