Add Nat PMP method to P2P module#11210
Conversation
|
It looks like @NamsooCho signed our Contributor License Agreement. 👍 Many thanks, Parity Technologies CLA Bot |
jam10o-new
added
A0-pleasereview 🤓
|
My biggest concern here is: why do we need NAT-PMP? What problem does it solve, what is the gain? I know of no NAT related issues our users are having but maybe I'm wrong. Another curiosity: it seems like NAT-PMP is superseded by NAT-PCP so if there is a NAT problem, why not go for the current standard? Is it because no NAT-PCP libraries exist in Rust? Or...? |
|
NAT-PCP is not widely used in real-world. There are some security issues in UPnP. NAP-PMP is widely used and has not been reported to have security issues. If we support NAT PMP then users can disable UPnP. |
NamsooCho
changed the title
I have read about the security concerns regarding upnp (thank you for the link!) but unless I'm missing something the same concerns apply to NAT-PMP in that it also assumes the local application requesting a port mapping is trustworthy? Or are there other security concerns with upnp? |
seunlanlege
left a comment
seunlanlege
left a comment
There was a problem hiding this comment.
Needs some code style corrections, and other question answered.
Yes. Sorry for careless response. I found this article. According to the article, Apple routers do not support UPnP. |
NamsooCho
force-pushed
the
natpmp
branch
2 times, most recently
from
bad5168 to
98442cd
Compare
dvdplm
left a comment
dvdplm
left a comment
There was a problem hiding this comment.
I think we're close, good job!
NamsooCho
force-pushed
the
natpmp
branch
2 times, most recently
from
3f5121d to
d420dfd
Compare
| match Natpmp::new() { | ||
| Ok(mut n) => { | ||
| let gw = get_public_addr(&mut n)?; | ||
| let tcp_r = get_mapped_tcp_port(&mut n)?; | ||
| let udp_r = get_mapped_udp_port(&mut n)?; | ||
|
|
||
| Ok(NodeEndpoint { | ||
| address: SocketAddr::V4(SocketAddrV4::new(*gw.public_address(), tcp_r.public_port())), | ||
| udp_port: udp_r.public_port() | ||
| }) | ||
| }, | ||
| Err(e) => Err(e) | ||
| } |
There was a problem hiding this comment.
I'd suggest using let mut n = Natpmp::new()?; here, and remove the function closures (get_mapped_udp_port and such)
| return search_gateway_child.join() | ||
| .map(|node| { | ||
| node.map_err(|e| debug!("NAT PMP port mapping error: {:?}", e)).ok() | ||
| }).ok()? |
There was a problem hiding this comment.
You could do:
return search_gateway_child.join().ok()?
.map_err(|e| debug!("NAT PMP port mapping error: {:?}", e))
.ok();| match n.read_response_or_retry() { | ||
| Ok(Response::TCP(tcp)) => Ok(tcp), | ||
| Err(e) => { | ||
| debug!("Port mapping for TCP error: {}", e); |
There was a problem hiding this comment.
Please add a target to the debug and such logs
|
@ngotchac @seunlanlege please take a look again. |
|
ping @ngotchac @seunlanlege |
|
None of my comments have been addressed or answered yet |
seunlanlege
left a comment
seunlanlege
left a comment
There was a problem hiding this comment.
Just going to approve this, once @ngotchac's comments have been addressed, it can be merged
NamsooCho
force-pushed
the
natpmp
branch
2 times, most recently
from
d00ca89 to
1796ae4
Compare
|
|
||
| let mut n = Natpmp::new()?; | ||
|
|
||
| let gw = get_public_addr(&mut n)?; |
There was a problem hiding this comment.
You could replace the function closure with a direct call as you did bellow IMO
6 participants
Add Nat PMP method to P2P module.
I am not sure if it is needed and correct.
I will add tests fn to this PR after someone comments that this PR is correct.