reject hole punching attempts when we don't have any public addresses #1214
Conversation
marten-seemann
force-pushed
the
dont-holepunch-if-no-addresses
branch
2 times, most recently
from
e24daa6
to
2c760aa
Compare
| @@ -219,6 +221,10 @@ func (hs *Service) directConnect(rp peer.ID) error { | |||
| } | |||
| } | |||
|
|
|||
| if len(hs.ids.OwnObservedAddrs()) == 0 { | |||
| return errors.New("can't initiate hole punch, as we don't have any public addresses") | |||
There was a problem hiding this comment.
let's make this a named error, we use it in a few places.
There was a problem hiding this comment.
Let's keep them different for now. This will make debugging easier.
| obsDial := addrsFromBytes(msg.ObsAddrs) | ||
| obsDial := removeRelayAddrs(addrsFromBytes(msg.ObsAddrs)) | ||
| if len(obsDial) == 0 { | ||
| return 0, nil, fmt.Errorf("expected CONNECT message to contain at least one message") |
There was a problem hiding this comment.
why fmt.Errorf? There is no interpolation here.
There was a problem hiding this comment.
also, named error as well would be nice.
There was a problem hiding this comment.
Converted to errors.New.
marten-seemann
force-pushed
the
dont-holepunch-if-no-addresses
branch
from
2c760aa
to
1f5db5a
Compare
|
I'm working on an update to this PR: We should wait until we actually have a public address, before we:
The problem I'm running into is mostly how to test this. |
marten-seemann
force-pushed
the
dont-holepunch-if-no-addresses
branch
from
4036a06
to
b74e94e
Compare
|
@vyzo I made the changes to the coordination protocol: We now only start the hole punching service once we have a public address (without a publicly dialable address, there’s no way a hole punch can succeed: the peer wouldn’t even know who to dial). I think that the code is correct as it is right now. Even after a long time of playing around with this code, I can’t find a way to make the tests work. The problem is that
Any idea how to proceed here? |
|
can we clobber manet's private address ranges so that `IsPublicAddr`
returns true?
…On Tue, Oct 26, 2021, 16:24 Marten Seemann ***@***.***> wrote:
@vyzo <https://github.com/vyzo> I made the changes to the coordination
protocol: We now only start the hole punching service once we have a public
address (without a publicly dialable address, there’s no way a hole punch
can succeed: the peer wouldn’t even know who to dial). I *think* that the
code is correct as it is right now.
Even after a long time of playing around with this code, I can’t find a
way to make the tests work. The problem is that
1. we only start the hole punch service once we have a public address
2. we try a direct dial if a node has a public address (note that a
direct dial *always* succeeds in the setup, since we don't have an
actual NAT implementation)
Any idea how to proceed here?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1214 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAI4SR7AQD6UFC57LJOTZLUI2TZLANCNFSM5FC4L7KA>
.
|
We can, and that would allow us to start the holepunch service. But that would also mean that the check if any of the peer's addresses are public in would succeed, and we wouldn't holepunch, but do a direct connect instead. |
|
it is even worse: when we enable autotelay, we install an address factory that will rewrite Addrs and end up nevwr having a public address. |
marten-seemann
force-pushed
the
dont-holepunch-if-no-addresses
branch
2 times, most recently
from
4e776e5
to
51bfb25
Compare
|
I updated this PR, using the observed addresses to determine if we have a public address. Also, we can't listen for the |
marten-seemann
force-pushed
the
dont-holepunch-if-no-addresses
branch
from
51bfb25
to
65d7070
Compare
marten-seemann
force-pushed
the
dont-holepunch-if-no-addresses
branch
from
65d7070
to
a2fd8e8
Compare
marten-seemann
force-pushed
the
dont-holepunch-if-no-addresses
branch
from
a2fd8e8
to
da4c861
Compare
marten-seemann
force-pushed
the
dont-holepunch-if-no-addresses
branch
from
da4c861
to
ac2d335
Compare
If we don't have any public addresses, the hole punch attempt is bound to fail - there's no address that can be used to dial us.
Question: Any idea how to fix the tests?
IDService.OwnObservedAddrs()always returns an empty set of addresses, as we're not really running the ID protocol (and we're only listening on localhost anyway). The obvious solution would be to mock theIDService, but it's not an interface.