Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

identify: don't report listen addresses as external addresses #4010

Closed
thomaseizinger opened this issue May 30, 2023 · 10 comments
Closed

identify: don't report listen addresses as external addresses #4010

thomaseizinger opened this issue May 30, 2023 · 10 comments

Comments

@thomaseizinger
Copy link
Contributor

thomaseizinger commented May 30, 2023

Description

At the moment, we concatenate all listen addresses and all external addresses for the identify payload:

fn all_addresses(&self) -> HashSet<Multiaddr> {
self.listen_addresses
.iter()
.chain(self.external_addresses.iter())
.cloned()
.collect()
}

This is quite unnecessary because it very likely contains addresses that cannot be dialed by the remote peer, for example link-local addresses such as 127.0.0.1.

To mitigate this, we should remove the listen_addresses from libp2p-identify and instead only report our external addresses. For the rare case where the listen address is actually directly reachable via the public internet, users can manually add this address via Swarm::add_external_address.

@thomaseizinger thomaseizinger added the decision-pending Marks issues where a decision is pending before we can move forward. label May 30, 2023
@thomaseizinger

This comment was marked as resolved.

@mxinden

This comment was marked as resolved.

@thomaseizinger

This comment was marked as outdated.

@thomaseizinger thomaseizinger added difficulty:easy help wanted and removed decision-pending Marks issues where a decision is pending before we can move forward. labels Sep 24, 2023
@thomaseizinger
Copy link
Contributor Author

It seems that go only adds the listen address of the current connection to it:

libp2p/go-libp2p@1f7b0d2/p2p/protocol/identify/id.go#L606-L625

@MarcoPolo Am I understand this correctly? Does go-libp2p not append the listen addresses of all network interfaces? Does it append external addresses confirmed via AutoNAT?

@marten-seemann Can you confirm this?

@marten-seemann
Copy link

Most commonly, you won't know the external address of an interface, since you'll be listening on 0.0.0.0 or its IPv6 equivalent. The only way to learn your actual address is by observing actual connections, either via Identify, or AutoNATv2.

@thomaseizinger
Copy link
Contributor Author

Most commonly, you won't know the external address of an interface, since you'll be listening on 0.0.0.0 or its IPv6 equivalent. The only way to learn your actual address is by observing actual connections, either via Identify, or AutoNATv2.

Thanks! Does go-libp2p only share its actual (read: external) addresses in identify.listenAddresses? Or do you also include the listen addresses reported by the interfaces you are listening on?

@thomaseizinger
Copy link
Contributor Author

I'd suggest we:

  • Provide config option to not add listen addresses to this list
  • Deprecate said config option in favor of it becoming the default in the next breaking release

That is backwards-compatible but allows users to not report thede (likely useless) addresses today.

I'll open an issue on specs to clarify this.

@thomaseizinger
Copy link
Contributor Author

I'll open an issue on specs to clarify this.

See libp2p/specs#597.

@thomaseizinger
Copy link
Contributor Author

Deemed invalid, see libp2p/specs#597.

@thomaseizinger thomaseizinger closed this as not planned Won't fix, can't repro, duplicate, stale Feb 14, 2024
@b-zee
Copy link
Contributor

b-zee commented Jul 10, 2024

Sorry to dig up this closed issue, but perhaps it's worth re-opening.

Deemed invalid, see libp2p/specs#597.

I think it's still a good feature to implement, as mentioned later in that discussion (libp2p/specs#597 (comment)):

One aspect I do not see mentioned is privacy/security...

I don't think this is an issue the spec needs to define. Although I could see a version of the spec making recommendations.

This sounds like an implementation decision. Maybe bring up the ability to filter the advertised listenAddrs as a feature request to your preferred libp2p implementation? It seems like a reasonable request that wouldn't be hard to implement.

Currently, in our libp2p application, we're sometimes left scratching our heads when we're seeing these local addresses being 'dialed'. We have the global IP filter enabled so these local addresses end up with MultiaddrNotSupported, but it's not the cleanest.

Adding a send_listen_addresses config value to identify and defaulting to current behavior might be an option that wouldn't disrupt current behavior in local networks.

mergify bot pushed a commit that referenced this issue Sep 5, 2024
## Description

Implements #4010, which was closed. It was closed because it appeared
that the Identify specification doesn't dictate this feature. But, in
the discussion on the specs repo
(libp2p/specs#597) it is mentioned that this
might very well be an implementation detail.

This PR introduces a `hide_listen_addrs` flag that will prevent our
listen addresses to be included, effectively only sharing our external
addresses.

<!--
Please write a summary of your changes and why you made them.
This section will appear as the commit message after merging.
Please craft it accordingly.
For a quick primer on good commit messages, check out this blog post:
https://cbea.ms/git-commit/

Please include any relevant issues in here, for example:

Related https://github.com/libp2p/rust-libp2p/issues/ABCD.
Fixes https://github.com/libp2p/rust-libp2p/issues/XYZ.
-->

## Notes & open questions

An alternative implementation would be to allow us to filter the
addresses we are sending out, by providing a closure I imagine.

<!--
Any notes, remarks or open questions you have to make about the PR which
don't need to go into the final commit message.
-->

## Change checklist

<!-- Please add a Changelog entry in the appropriate crates and bump the
crate versions if needed. See
<https://github.com/libp2p/rust-libp2p/blob/master/docs/release.md#development-between-releases>-->

- [x] I have performed a self-review of my own code
- [x] I have made corresponding changes to the documentation
- [x] I have added tests that prove my fix is effective or that my
feature works
- [x] A changelog entry has been made in the appropriate crates

---------

Co-authored-by: Darius Clark <[email protected]>
TimTinkers pushed a commit to unattended-backpack/rust-libp2p that referenced this issue Sep 14, 2024
## Description

Implements libp2p#4010, which was closed. It was closed because it appeared
that the Identify specification doesn't dictate this feature. But, in
the discussion on the specs repo
(libp2p/specs#597) it is mentioned that this
might very well be an implementation detail.

This PR introduces a `hide_listen_addrs` flag that will prevent our
listen addresses to be included, effectively only sharing our external
addresses.

<!--
Please write a summary of your changes and why you made them.
This section will appear as the commit message after merging.
Please craft it accordingly.
For a quick primer on good commit messages, check out this blog post:
https://cbea.ms/git-commit/

Please include any relevant issues in here, for example:

Related https://github.com/libp2p/rust-libp2p/issues/ABCD.
Fixes https://github.com/libp2p/rust-libp2p/issues/XYZ.
-->

## Notes & open questions

An alternative implementation would be to allow us to filter the
addresses we are sending out, by providing a closure I imagine.

<!--
Any notes, remarks or open questions you have to make about the PR which
don't need to go into the final commit message.
-->

## Change checklist

<!-- Please add a Changelog entry in the appropriate crates and bump the
crate versions if needed. See
<https://github.com/libp2p/rust-libp2p/blob/master/docs/release.md#development-between-releases>-->

- [x] I have performed a self-review of my own code
- [x] I have made corresponding changes to the documentation
- [x] I have added tests that prove my fix is effective or that my
feature works
- [x] A changelog entry has been made in the appropriate crates

---------

Co-authored-by: Darius Clark <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants