Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use standard IP cidr format for allow/deny lists #1510

Closed
achingbrain opened this issue Dec 4, 2022 · 10 comments
Closed

Use standard IP cidr format for allow/deny lists #1510

achingbrain opened this issue Dec 4, 2022 · 10 comments
Assignees
@achingbrain
Labels
effort/hours Estimated to take one or several hours exp/beginner Can be confidently tackled by newcomers good first issue Good issue for new contributors help wanted Seeking public contribution on this issue kind/enhancement A net-new feature or improvement to an existing feature P2 Medium: Good to have, but can wait until someone steps up

Comments

@achingbrain
Copy link
Member

Currently the connection manager treats multiaddrs in the allow/deny lists as string prefixes (e.g. "/ip4/52.55"), it should use the standard IP cidr format instead (e.g. "/ip4/52.55.0.0/ipcidr/16") which will allow us to validate these as multiaddrs.

This will likely involve changes to the @multiformats/multiaddr module to allow using address ranges.
@achingbrain achingbrain added the need/triage Needs initial labeling and prioritization label Dec 4, 2022
@p-shahi p-shahi added this to js-libp2p Dec 6, 2022
@p-shahi p-shahi moved this to 🥞Weekly Candidates/Discuss🎙 in js-libp2p Dec 6, 2022
@achingbrain achingbrain added help wanted Seeking public contribution on this issue good first issue Good issue for new contributors exp/intermediate Prior experience is likely helpful and removed need/triage Needs initial labeling and prioritization labels Dec 6, 2022
@achingbrain
Copy link
Member Author

Related issue: libp2p/js-libp2p-utils#12

@maschad maschad mentioned this issue Jan 10, 2023
Closed
@mpetrunic
Copy link
Member

This will likely involve changes to the @multiformats/multiaddr module to allow using address ranges.

@achingbrain Doesn't multiaddr already have ipcidr for this purpose?

Seems like we are missing https://github.com/multiformats/go-multiaddr/blob/master/protocols.go#L112 in js?

Should we add cidr based filtering implementation in js-multiaddr (like go) or in js-libp2p-utils?

@mpetrunic mpetrunic self-assigned this Jan 17, 2023
@mpetrunic mpetrunic moved this from 🥞Weekly Candidates/Discuss🎙 to 🏃‍♀️In Progress in js-libp2p Jan 17, 2023
@mpetrunic mpetrunic mentioned this issue Jan 24, 2023
Merged
@p-shahi p-shahi removed this from js-libp2p Jan 24, 2023
@p-shahi p-shahi added the P2 Medium: Good to have, but can wait until someone steps up label Jan 24, 2023
achingbrain added a commit to multiformats/js-multiaddr that referenced this issue Mar 21, 2023
@mpetrunic @achingbrain
feat: add multiaddr filter function (#305)
bcd3cb5 
related to libp2p/js-libp2p#1510

---------

Co-authored-by: Alex Potsides <alex@achingbrain.net>
@maschad maschad assigned maschad and unassigned mpetrunic Mar 21, 2023
@achingbrain achingbrain mentioned this issue Apr 7, 2023
Merged
@maschad maschad assigned achingbrain and unassigned maschad Apr 12, 2023
@SgtPooki
Copy link
Member

do we still need this @achingbrain ?

@achingbrain
Copy link
Member Author

Yes

@SgtPooki
Copy link
Member

JS Colo 2024 rough discussion It looks like we already have the code in js-multiaddr, https://github.com/multiformats/js-multiaddr/blob/d4164fbce730d3b43a10682b651bcc96db845e7c/src/convert.ts#L120C17-L135, so we don't need to change it

Should only need changes in js-libp2p

convertToIpNet defined at https://github.com/multiformats/js-multiaddr/blob/d4164fbce730d3b43a10682b651bcc96db845e7c/src/convert.ts#L120C17-L135

Action items:

  1. Convert .allow and .deny properties of connection-manager to be IpNet[].
  2. replace startsWith in

    js-libp2p/packages/libp2p/src/connection-manager/connection-pruner.ts

    Lines 101 to 104 in 6ccbb06

    // check allow list
    const connectionInAllowList = this.allow.some((ma) => {
    return connection.remoteAddr.toString().startsWith(ma.toString())
    })
    with Instance<IpNet>.contains(ip)
  3. replace startsWith in

    js-libp2p/packages/libp2p/src/connection-manager/index.ts

    Lines 534 to 537 in 4fd7eb2

    // check allow list
    const allowConnection = this.allow.some(ma => {
    return maConn.remoteAddr.toString().startsWith(ma.toString())
    })
    with Instance<IpNet>.contains(ip)
  4. replace startsWith in

    js-libp2p/packages/libp2p/src/connection-manager/index.ts

    Lines 524 to 527 in 4fd7eb2

    // check deny list
    const denyConnection = this.deny.some(ma => {
    return maConn.remoteAddr.toString().startsWith(ma.toString())
    })
    with Instance<IpNet>.contains(ip)

@SgtPooki SgtPooki added exp/beginner Can be confidently tackled by newcomers kind/enhancement A net-new feature or improvement to an existing feature effort/hours Estimated to take one or several hours and removed exp/intermediate Prior experience is likely helpful labels Sep 20, 2024
@acul71
Copy link
Contributor

acul71 commented Oct 15, 2024

@SgtPooki @achingbrain
Hello I'm Luca Cohort-1.
I would like to work on this issue (I already started to modify the code)

@wemeetagain
Copy link
Member

@acul71 go for it! open a PR when you're ready.

@acul71
Copy link
Contributor

acul71 commented Oct 22, 2024
edited
Loading

@SgtPooki @wemeetagain

I modified the code following #1510 (comment)
When I run tests (npm run test:node) I got this error:

LUCA1234 init.allow= [ '/ip4/83.13.55.32' ]
  62 passing (3s)
  1 failing
  1) Connection Manager
       should not close connection that is on the allowlist when pruning:
     Error: Invalid multiaddr
      at convertToIpNet (/home/luca/Informatica/Learning/PNL_Launchpad_Curriculum/Libp2p/js-libp2p/node_modules/@multiformats/multiaddr/src/convert.ts:132:11)
      at /home/luca/Informatica/Learning/PNL_Launchpad_Curriculum/Libp2p/js-libp2p/packages/libp2p/src/connection-manager/index.ts:229:47
      at Array.map (<anonymous>)
      at new DefaultConnectionManager (/home/luca/Informatica/Learning/PNL_Launchpad_Curriculum/Libp2p/js-libp2p/packages/libp2p/src/connection-manager/index.ts:229:37)
      at new Libp2p (/home/luca/Informatica/Learning/PNL_Launchpad_Curriculum/Libp2p/js-libp2p/packages/libp2p/src/libp2p.ts:123:50)
      at createLibp2p (/home/luca/Informatica/Learning/PNL_Launchpad_Curriculum/Libp2p/js-libp2p/packages/libp2p/src/index.ts:202:16)
      at createNode (/home/luca/Informatica/Learning/PNL_Launchpad_Curriculum/Libp2p/js-libp2p/packages/libp2p/test/fixtures/creators/peer.ts:49:16)
      at Context2.<anonymous> (/home/luca/Informatica/Learning/PNL_Launchpad_Curriculum/Libp2p/js-libp2p/packages/libp2p/test/connection-manager/index.spec.ts:206:14)

Is '/ip4/83.13.55.32' a valid multiaddress?
Checked here:

this.allow = (init.allow ?? []).map(ma => convertToIpNet(multiaddr(ma)))

This is the test

it('should not close connection that is on the allowlist when pruning', async () => {
    const max = 2
    const remoteAddr = multiaddr('/ip4/83.13.55.32/tcp/59283')
    console.log("LUCA9999") // luca
    libp2p = await createNode({
      config: createBaseOptions({
        connectionManager: {
          maxConnections: max,
          allow: [
            '/ip4/83.13.55.32'
          ]
        }
      }),
      started: false
    })

This is the function processing the multiaddress (convertToIpNet)

export function convertToIpNet (multiaddr: Multiaddr): IpNet {
  let mask: string | undefined
  let addr: string | undefined
  multiaddr.stringTuples().forEach(([code, value]) => {
    if (code === ip4Protocol.code || code === ip6Protocol.code) {
      addr = value
    }
    if (code === ipcidrProtocol.code) {
      mask = value
    }
  })
  if (mask == null || addr == null) {
    throw new Error('Invalid multiaddr')
  }
  return new IpNet(addr, mask)
}

@kt-wawro kt-wawro moved this to In Progress in PLDG Cohort 1 Github Board Oct 22, 2024
@acul71 acul71 mentioned this issue Oct 24, 2024
Merged
3 tasks
@SgtPooki
Copy link
Member

Is there any further work to do here? #2783 was completed and this can probably be closed unless i'm missing something.

@achingbrain

@achingbrain
Copy link
Member Author

No, this is complete and has shipped.

@github-project-automation github-project-automation bot moved this from In Progress to Done in PLDG Cohort 1 Github Board Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@achingbrain achingbrain

Labels
effort/hours Estimated to take one or several hours exp/beginner Can be confidently tackled by newcomers good first issue Good issue for new contributors help wanted Seeking public contribution on this issue kind/enhancement A net-new feature or improvement to an existing feature P2 Medium: Good to have, but can wait until someone steps up
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use standard IP cidr format for allow/deny lists maschad/js-libp2p
7 participants
@achingbrain @SgtPooki @wemeetagain @mpetrunic @maschad @acul71 @p-shahi