feat(connection-limit): set bypass rules for connections

[drHuangMHT]

Description

Add BypassRules for connection_limit::Behaviour to allow bypasses.
May close #5605

Notes & open questions

This implememtation does not distingush between local addresses and remote addresses, will that be a problem?

Change checklist

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• A changelog entry has been made in the appropriate crates

[drHuangMHT]

I also found that you can get a mutable reference to the ConnectionLimits at runtime but since all fields are private and all methods require ownership, you need to do clone and replace to actually modifiy it. Is that intentional?

[elenaf9]

I think adding bypass rules for a PeerId makes sense. I am not sure about having them for a MultiAddr as well.
When would one know the address of a trusted peer, but not it's PeerId?

[drHuangMHT]

I think adding bypass rules for a PeerId makes sense. I am not sure about having them for a MultiAddr as well. When would one know the address of a trusted peer, but not it's PeerId?

I don't know, but trusting an address also kind of makes sense? Though this behaviour is not primarily used for managing trusts between peers.
Also this is brought up by the issue itself, @dariusc93 what do you think?

[drHuangMHT]

I think adding bypass rules for a PeerId makes sense. I am not sure about having them for a MultiAddr as well. When would one know the address of a trusted peer, but not it's PeerId?

Also you can use the rule to allow a range of peers from an address, for example behind a load balancer and such, or a domain(I guess it only works for dialing). Allowing a range of addresses will grant even greater flexibility but it will be a bit difficult to implement.
We can also allow all connections from specific listeners.

[elenaf9]

We can also allow all connections from specific listeners.

Not sure I understand what you mean. Won't using the listeners PeerId do exactly that?

---

I still have a slight preference to only allow bypassing of connection limits based on PeerIds. In allow-block-list we also only operated on PeerIds and not on multiaddresses.
But I don't feel strongly about it, so if from a user perspective it's useful and needed I am okay with also bypassing based on addresses.

[dariusc93]

Sorry for the late response. Looking at the comments and review, I think what we can do for now is exclude the address portion of the code and allow it based on PeerId alone and have a later discussion on if we should allow Multiaddr to be used as well. My train of thought in my issue #5605 was to not only allow PeerId but also specific Multiaddr (i.e if the local node wish to only allow connections from a specific relay, to allow connections from a specific address from the peer for content discovery, etc), but as i think about it more, I can imagine it getting more complex down the road. I could be wrong though on that and I may be overthinking that use-case, but in all I am not against just sticking with PeerId in this PR for now. Thoughts?

CC @drHuangMHT @elenaf9

[elenaf9]

Given that this is function pointer type, an implementation won't be able to capture an environment. So it could only hardcode here a list of allowed peer-ids or multiaddresses, right?
I am not sure this brings any advantage over the former bypass_multiaddr and is more complex. Do you have an example use-case for it?

[drHuangMHT]

No example for this unfortunately. It only grants more flexibility so that users can mix and match rules. Of course it can be a Box<dyn Fn>.

[dknopik]

I agree with @elenaf9 that allowing a closure here would open up many nice use-cases.

We could also instead do a trait BypassRule instead and add some default implementations, for example:

• HashSet<PeerId> to allow the whitelisting you implemented,
• FnMut(Option<&PeerId>, &[Multiaddr], Option<&Multiaddr>) for convenience,
• Vec<B> to compose multiple rules,
• struct NoBypass; as default to allow no bypasses.
• ...

and then make Behaviour generic over BypassRule. But I am not sure if that would add to much complexity for too little added value.

[elenaf9]

Interesting idea!

But I am a bit torn about it. As you also noted, I am unsure if we really need the complexity.
I would expect that you usually know the PeerId of trusted peers. Thus I think most use-cases can be simply satisfied with the one bypass_peer function, and the rest is for now only theoretical.

As mentioned before (and I think @dariusc93) agrees, I would prefer if we for now just add bypass rules for PeerIds, and extend the API and it's complexity only when the need arises.

[jxs]

what is the advantage of having an external structure (BypassRules) instead of having these methods in the main Behaviour?

[dariusc93]

Left a couple of comments. Can we also add a test for this feature?

[dariusc93]

Since there is a breaking change to the API, we should bump the minor version

Suggested change

	## 0.5.1
	## 0.6.0

[elenaf9]

Why is it a breaking change? We just add new methods no? https://doc.rust-lang.org/cargo/reference/semver.html#item-new

[dariusc93]

Because we added bypass_rules to Behaviour::new, which would then require a minor bump to satisfy semver. See #5720 (comment) :)

[dariusc93]

I wonder if we should remove bypass_rules from here and have it be empty internally by default, or have a separate function to supply it when constructing the behaviour. This would then allow us to keep this as a patch release instead of bumping the minor version of the crate due to it being a breaking change. Thoughts?

[elenaf9]

Thank you for the follow-ups @drHuangMHT! LGTM.

[dariusc93]

LGTM. Can you update the versions in both Cargo.toml (crate and workpace)? :)