-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Messaging layer #71
Comments
also cc @Stebalien @diasdavid @bigs @mgoelzer @miyazono This is a pretty big thing that could have a significant impact on the overall performance of protocols implemented on top of libp2p. Within message based systems, the main 'choice' to make it reliable vs unreliable. The nice thing though, is that the interfaces shouldnt change between the two, meaning we could bootstrap the interfaces for packet based communications on top of tcp (many ipfs protocols are really just sending messages around), then add in the option later for 'unreliable' backends. The other thing to consider, is transport security. Libp2p requires that all communications are encrypted peer to peer, so we need a workable encryption scheme (and method for negotiating this, really). Wireguard should work, and we've been meaning to investigate that. |
One thing to note with wireguard is that is would require us to switch to ed25519 keys (which afaik is something we want to do anyway, so there is yet another reason to do that) https://www.wireguard.com/protocol/#key-exchange-and-data-packets |
Wireguard is implemented as a Linux kernel space module, so using it plainly would break libp2p's multi-platform ability. Would we just be using its transport protocol? It's funny that you guys bring that up, because my VPN project creates a Wireguard mesh network using IPFS for the p2p networking layer. If secure messages were already provided by IPFS, the VPN layer becomes much simpler. |
@DavidHuie wireguard is just a protocol. There is a go implementation IIRC, and we would likely just use that to wrap an 'unencrypted packet transport'. should work just fine cross platform. On specific platforms would could have optimizations using kernel modules though. |
The recently merged transports changes (libp2p/go-libp2p#297 ❤️) have made packet/message stuff significantly easier to reason about. Packet mode can be just another feature of a transport. The transport can support it natively (e.g. UDP or Ethernet), or can gain it by getting passed an upgrader which puts packets into frames on a stream. The ReadFrom/WriteTo functions should probably live on the Conn interface? After all we do have to shake crypto-hands before doing anything, so it makes sense to represent this state as a connection (also means less stuff to add of course.) An important thing that we have yet to design is the packet-mode equivalent of multistream - something that lets us negotiate protocols and multiplex them into a single packet connection. There's a very old draft branch of multigram here: https://github.com/multiformats/multigram/tree/draft1
Yes there's in fact implementations in Rust and JS too. I have only looked at the Go impl, it's pretty badly coupled to the networking and CLI parts, but with a bit of refactoring it looks perfectly usable to me. (/me LOVES wireguard) |
I'd like to raise another hand for WireGuard. It's very well designed. Linus Torvalds recently called it a "work of art" (compared to OpenVPN and IPSec). And yeah, the kernel mode aspect is a bit tricky, but as @whyrusleeping noted, there are a indeed a few userspace implementations in early development. I found this thread because I was looking at secio and I was wondering if anyone had tried to implement a middleware using the Noise Protocol Framework, the framework that underlies WireGuard, Signal, WhatsApp, and, apparently, Lightning. I couldn't find any and am trying to decide if I should take a stab at implementing them. Great intro by its author, Trevor Perrin: https://www.youtube.com/watch?v=3gipxdJ22iM |
This issue is aimed at getting discussion started around designing a messaging layer for libp2p. The messaging layer is for encapsulating unreliable transports, like UDP, along with other use cases.
Specifically, I want to use IPFS in order to provide p2p networking for VPN traffic, which is usually implemented over UDP. It is possible to use other transports, although wasteful since TCP is usually also implemented within the networking stack the VPN encapsulates.
We discussed this a bit in ipfs/kubo#3994
From @magik6k:
cc: @whyrusleeping @magik6k @lgierth
The text was updated successfully, but these errors were encountered: