-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don’t join DHT when behind a NAT #778
Comments
Updated libp2p/go-libp2p-autonat#37 to make it easy to merge when we're ready. |
How do we detect that the peer dosen't actually speak the DHT protocol ? Should we open a DHT Stream to it with our protocol and verify that it's successful ? |
Closing the loop here from a conversation in chat. From @raulk: "We can either trust them or open a stream to verify. An attacker could easily circumvent any of those measures though, so it might not be worth opening the stream, just adding them to the routing table and doing failure counting to evict them if they misbehave or mislead us" |
Merged in libp2p/go-libp2p-autonat#37
Will be in stablize once libp2p/go-libp2p-kad-dht#436 goes in.
This is already in stabilize here.
I'd like to separate this out into it's own stream of work, possibly as a part of libp2p/go-libp2p-kad-dht#283 as we will also need some form of failure counting(count failed connectivity attempts) there & I could possibly merge the failure counting of this one with that.
Already in stabilize here. If we are okay with doing the work for evicting misbehaving peers separately as I've mentioned in the comment, I think we should be good with this epic once libp2p/go-libp2p-kad-dht#448 goes in and start testing. |
@aarshkshah1992 what about libp2p/go-libp2p-kad-dht#367? That PR is still open and is not included in your summary above. Has it been completed elsewhere?
I think it makes sense to separate this out and complete it in a subsequent sprint. Let's not add it to libp2p/go-libp2p-kad-dht#283 for now. Depending on the approach that work might handle this case, but I'd prefer to move this to a followup sprint (as needed), where we focus on hardening and performance. If that sounds reasonable I will split that out into its own issue and reprioritize it accordingly. |
Code from it has been absorbed in libp2p/go-libp2p-kad-dht#436 & libp2p/go-libp2p-kad-dht#448 combined. That PR can now be closed. I've added a comment to it.
I agree. We should split it into it's own issue as it would be part of larger stream of work where we harden the DHT against misbehaving peers/Sybil attacks. |
👍 I will get that moved to its own / another issue today. |
Added libp2p/go-libp2p-kad-dht#808 to track false dht protocol advertisements, this issue can be resolved now as libp2p/go-libp2p-kad-dht#448 has been merged. |
Design notes
Testing mechanics
Testing with the code from the disjoint lookups and correctly terminating queries, dial up the number of undialable nodes to 95% and make sure everything works.
Success Criteria
The text was updated successfully, but these errors were encountered: