-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IPFS filtering to allow node operators to decide on content they are willing to serve #8492
Comments
@thibmeu : thanks for bringing this up. I think we need to have a larger discussion about the kind of software Gateway Operators want to have before we keep proceeding with the status quo of go-ipfs serving the wide range of usecases from high traffic gateways to desktop applications. go-ipfs maintainers are going to link discussions/notes that we're having in 2021Q4 on this topic to #8499 . We'll certainly be engaging with Cloudflare as part of this process. |
2022-06-03 conversation: we have the capability for this in go-bitswap per #8763 . If you're interested in contributing a plugin, that would be welcome. Otherwise this isn't a priority for the core maintainers because go-ipfs isn't really designed for large-scale operations, but we'll support operators on any reviews. |
@guseggert will link the issue that is actively being worked on right now that will make plugins easier to write/maintain. |
The issue is #7653, which allows arbitrary modifications to the go-ipfs dependency graph using a plugin, so that you can inject a custom |
I believe it is time to prioritize this. There is enough need and interest around blocking bad bits for this to be part of Kubo, and not just a plugin:
Quick notes:
|
Another requirement from Infra team: ability to allow / deny specific PeerIDs. This is a real world which I also needed in the past. In many cases, we struggle to create deterministic test fixtures. Making sure node can't dial specific Peer and needs to get data from someone else requires disabliing more and more internal services (mdns, routing, relays...) and is very brittle, test setup can break the moment we introduce new discovery method. When we design
|
For clarity, the new spec on this topic is ipfs/specs#340 |
Linking related work by @hsanjuan for discoverability
|
Note that it depends on: #9750. Nopfs injects itself as a NameSystem, path.Resolver and BlockService wrapper so that it can block things before Resolution and Retrieval. More generally it depends on Kubo providing a more stable way of plugging-in a Blocker, which basically provides 2 methods:
The Result can be a |
Relevant discussion happened today in 2023-05-16-Content-Routing-WG-11. Summary of the burning need at hand
Loose implementation scope/direction
|
Hi, I chatted briefly with @BigLep and there seems to be interest to bring this MVP to Kubo. I can do that. To summarize:
What we need:
Is there a meeting we can use to go over this so I can start work ASAP (my window of availability is 4 weeks). |
2023-10-02 conversation:
|
I have done another round on the spec. There's an open question about defaulting or strongly suggesting a function for double-hashing... input is welcome as I understand that sha256 is not the best. Note that every CID and CID+Path needs to be double-hashed when a list includes a double-hashed block item in it, so the function should aim to minimize the perf impact. |
Fixes #8492. This introduces "nopfs" as a preloaded plugin into Kubo. It automatically make Kubo watch *.deny files found in: - /etc/ipfs/denylists - $XDG_CONFIG_HOME/ipfs/denylists - $IPFS_PATH/denylists (files need to be present before boot in order to be watched). Debug logging can be enabled with `GOLOG_LOG_LEVEL="nopfs=debug"`. All blocks are logged to "nopfs-blocks", so logging requests for blocked content can be achieved with `GOLOG_LOG_LEVEL="nopfs-blocks=info"`. Interactive users will receive the error as response to their commands too. One particularity to keep in mind is that GetMany() will silently drop blocked blocks from the response (an error and a warning are logged). AddMany() will act similarly and avoid adding blocked blocks.
Fixes #8492. This introduces "nopfs" as a preloaded plugin into Kubo. It automatically make Kubo watch *.deny files found in: - /etc/ipfs/denylists - $XDG_CONFIG_HOME/ipfs/denylists - $IPFS_PATH/denylists (files need to be present before boot in order to be watched). Debug logging can be enabled with `GOLOG_LOG_LEVEL="nopfs=debug"`. All blocks are logged to "nopfs-blocks", so logging requests for blocked content can be achieved with `GOLOG_LOG_LEVEL="nopfs-blocks=warn"`: ``` WARN (...) QmRFniDxwxoG2n4AcnGhRdjqDjCM5YeUcBE75K8WXmioH3: blocked (test.deny:9) ``` Interactive/gateway users will also receive errors as responses but with less details: ``` Error: /ipfs/QmQvjk82hPkSaZsyJ8vNER5cmzKW7HyGX5XVusK7EAenCN is blocked and cannot be provided ``` One particularity to keep in mind is that GetMany() will silently drop blocked blocks from the response (a warnings are logged). AddMany() will act similarly and avoid adding blocked blocks. The code implementing all this is actually in nopfs: - https://github.com/ipfs-shipyard/nopfs (main library) - https://github.com/ipfs-shipyard/nopfs/tree/master/ipfs (wrappers) The interpretation of the list rules and block detection is well tested, but a general review might be in order.
Fixes #8492. This introduces "nopfs" as a preloaded plugin into Kubo. It automatically make Kubo watch *.deny files found in: - /etc/ipfs/denylists - $XDG_CONFIG_HOME/ipfs/denylists - $IPFS_PATH/denylists (files need to be present before boot in order to be watched). Debug logging can be enabled with `GOLOG_LOG_LEVEL="nopfs=debug"`. All blocks are logged to "nopfs-blocks", so logging requests for blocked content can be achieved with `GOLOG_LOG_LEVEL="nopfs-blocks=warn"`: ``` WARN (...) QmRFniDxwxoG2n4AcnGhRdjqDjCM5YeUcBE75K8WXmioH3: blocked (test.deny:9) ``` Interactive/gateway users will also receive errors as responses but with less details: ``` Error: /ipfs/QmQvjk82hPkSaZsyJ8vNER5cmzKW7HyGX5XVusK7EAenCN is blocked and cannot be provided ``` One particularity to keep in mind is that GetMany() will silently drop blocked blocks from the response (a warnings are logged). AddMany() will act similarly and avoid adding blocked blocks. The code implementing all this is actually in nopfs: - https://github.com/ipfs-shipyard/nopfs (main library) - https://github.com/ipfs-shipyard/nopfs/tree/master/ipfs (wrappers) The interpretation of the list rules and block detection is well tested, but a general review might be in order.
Fixes #8492 This introduces "nopfs" as a preloaded plugin into Kubo with support for denylists from ipfs/specs#383 It automatically makes Kubo watch *.deny files found in: - /etc/ipfs/denylists - $XDG_CONFIG_HOME/ipfs/denylists - $IPFS_PATH/denylists * test: Gateway.NoFetch and GatewayOverLibp2p adds missing tests for "no fetch" gateways one can expose, in both cases the offline mode is done by passing custom blockservice/exchange into path resolver, which means global path resolver that has nopfs intercept is not used, and the content blocking does not happen on these gateways. * fix: use offline path resolvers where appropriate this fixes the problem described in #10161 (comment) by adding explicit offline path resolvers that are backed by offline exchange, and using them in NoFetch gateways instead of the default online ones --------- Co-authored-by: Henrique Dias <[email protected]> Co-authored-by: Marcin Rataj <[email protected]>
A minimal implementation of IPIP-383 from #10161 landed in master branch and is scheduled to be released in Kubo 0.24-rc1 for feedback. More details in |
Checklist
Description
Recently, Cloudflare has open sourced a fork of go-ipfs providing filtering capabilities, grouped under
safemode
command. The architecture is described in a dedicated blog.The system works by filtering certain CID when walking the DAG. This allow node operators to prevent certain CID from being provided, both by the HTTP gateway and to the P2P network.
CIDs to be filtered are stored in a blocklist. By default, this blocklist is in a dedicated mount of the datastore
/safemode
.Action that can be performed by a blocklist are (based on the proposed interface):
block
to add content to the blocklistunblock
to remove itpurge
to remove content from the blockstore. Ideally, this option could be extensible, to purge remote datastore, or HTTP cache for instancesearch
to query the blocklistaudit
to access the log of actions that have been performed against the blocklistFor convenience,
ipfs safemode
command provides multiple way to resolve content. From its documentation:This is a proposal implementation, which satisfies some requirements laid out in ipfs/roadmap#64. It provides a more standardised approach for node operators to filter content they are willing to provide.
The implementation has been developed 3 years ago, and may not suit the current architecture of the go-ipfs project.
The text was updated successfully, but these errors were encountered: