-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Conversation
It looks like @NamsooCho signed our Contributor License Agreement. 👍 Many thanks, Parity Technologies CLA Bot |
My biggest concern here is: why do we need NAT-PMP? What problem does it solve, what is the gain? I know of no NAT related issues our users are having but maybe I'm wrong. Another curiosity: it seems like NAT-PMP is superseded by NAT-PCP so if there is a NAT problem, why not go for the current standard? Is it because no NAT-PCP libraries exist in Rust? Or...? |
NAT-PCP is not widely used in real-world. There are some security issues in UPnP. NAP-PMP is widely used and has not been reported to have security issues. If we support NAT PMP then users can disable UPnP. |
I have read about the security concerns regarding upnp (thank you for the link!) but unless I'm missing something the same concerns apply to NAT-PMP in that it also assumes the local application requesting a port mapping is trustworthy? Or are there other security concerns with upnp? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs some code style corrections, and other question answered.
Yes. Sorry for careless response. I found this article. According to the article, Apple routers do not support UPnP. |
bad5168
to
98442cd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we're close, good job!
3f5121d
to
d420dfd
Compare
util/network-devp2p/src/ip_utils.rs
Outdated
match Natpmp::new() { | ||
Ok(mut n) => { | ||
let gw = get_public_addr(&mut n)?; | ||
let tcp_r = get_mapped_tcp_port(&mut n)?; | ||
let udp_r = get_mapped_udp_port(&mut n)?; | ||
|
||
Ok(NodeEndpoint { | ||
address: SocketAddr::V4(SocketAddrV4::new(*gw.public_address(), tcp_r.public_port())), | ||
udp_port: udp_r.public_port() | ||
}) | ||
}, | ||
Err(e) => Err(e) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest using let mut n = Natpmp::new()?;
here, and remove the function closures (get_mapped_udp_port
and such)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few grumbles
util/network-devp2p/src/ip_utils.rs
Outdated
return search_gateway_child.join() | ||
.map(|node| { | ||
node.map_err(|e| debug!("NAT PMP port mapping error: {:?}", e)).ok() | ||
}).ok()? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could do:
return search_gateway_child.join().ok()?
.map_err(|e| debug!("NAT PMP port mapping error: {:?}", e))
.ok();
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
util/network-devp2p/src/ip_utils.rs
Outdated
match n.read_response_or_retry() { | ||
Ok(Response::TCP(tcp)) => Ok(tcp), | ||
Err(e) => { | ||
debug!("Port mapping for TCP error: {}", e); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a target
to the debug
and such logs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@ngotchac @seunlanlege please take a look again. |
ping @ngotchac @seunlanlege |
None of my comments have been addressed or answered yet |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just going to approve this, once @ngotchac's comments have been addressed, it can be merged
d00ca89
to
1796ae4
Compare
util/network-devp2p/src/ip_utils.rs
Outdated
|
||
let mut n = Natpmp::new()?; | ||
|
||
let gw = get_public_addr(&mut n)?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could replace the function closure with a direct call as you did bellow IMO
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Add Nat PMP method to P2P module.
I am not sure if it is needed and correct.
I will add tests fn to this PR after someone comments that this PR is correct.