Don't hole punch if either peer is behind a Symmetric NAT #1046
Conversation
|
Based on an offline discussion with @willscott The fact that we dial a peer if it has any public addresses at all before giving up on Hole Punching due to NAT types will take care of Full Cone NATs. It will break for address restricted Cones. So, we need to look at how our current code performs in the wild (with some stats around failures rates) to decide if we need to remove the restriction this PR introduces. |
aarshkshah1992
changed the title
|
but after my experiment, some operators can make reverse connections through the opened ports. |
|
@godcong Yeah, that's a FULL Cone NAT. This PR will dial public addresses before giving up because of the NAT type. |
p2p/protocol/identify/id.go
Outdated
| UDPNATDeviceTypeKey = "UdpNATDeviceType" | ||
| // TCPNATDeviceTypeKey is the key with which we will persist a peer's TCP NAT Device Type to the peerstore. | ||
| TCPNATDeviceTypeKey = "TcpNATDeviceType" |
There was a problem hiding this comment.
funky capitalization in the strings; it's UDP not Udp and same for TCP.
| UNKNOWN = 100; | ||
| CONE = 200; | ||
| SYMMETRIC = 300; |
|
|
||
| optional NATDeviceType tcpNATDeviceType = 10; | ||
| optional NATDeviceType udpNATDeviceType = 11; | ||
| } |
|
|
||
| for { | ||
| select { | ||
| case _, ok := <-sub.Out(): |
There was a problem hiding this comment.
shouldn't we look at the actual event? why are we ignoring it?
There was a problem hiding this comment.
Also, where do we set the support meta-variables into the peerstore?
Shouldn't we be doing it here? Or is it handled elsewhere?
I think we need a comment if this is correct as is.
There was a problem hiding this comment.
-
Our local vars are set in the peerstore in
basic_host.goduring initialisation of the Host & updated in the obs addr manager. -
Remote vars are set in the peerstore by Identify.
Both changes are included in this PR. I've added a comment.
p2p/protocol/identify/id.go
Outdated
|
|
||
| return mes | ||
| } | ||
|
|
||
| func toPbNATDeviceTyp(typ network.NATDeviceType) pb.Identify_NATDeviceType { |
There was a problem hiding this comment.
typo in method name; shouldn't this be Type?
Also, typ is a very funky variable name, better call it just t.
| if hs.peerSupportsHolePunching(hs.host.ID(), hs.host.Addrs()) { | ||
| hs.host.SetStreamHandler(protocol, hs.handleNewStream) | ||
| } else { | ||
| hs.host.RemoveStreamHandler(protocol) |
There was a problem hiding this comment.
wait, this is a BUG -- we lose the ability to dial back connect to a public node that has dialed us.
vyzo
dismissed
their stale review
oh wait, nvm we just direct dial back when we see the relayed connection without coordination. Sorry about that.
aarshkshah1992
changed the base branch from
feat/simopen
to
feat/hole-punching-signalling
aarshkshah1992
changed the base branch from
feat/hole-punching-signalling
to
feat/simopen
aarshkshah1992
changed the base branch from
feat/simopen
to
feat/hole-punching-signalling
|
|
||
| for { | ||
| select { | ||
| case _, ok := <-sub.Out(): |
There was a problem hiding this comment.
-
Our local vars are set in the peerstore in
basic_host.goduring initialisation of the Host & updated in the obs addr manager. -
Remote vars are set in the peerstore by Identify.
Both changes are included in this PR. I've added a comment.
p2p/protocol/identify/id.go
Outdated
|
|
||
| return mes | ||
| } | ||
|
|
||
| func toPbNATDeviceTyp(typ network.NATDeviceType) pb.Identify_NATDeviceType { |
p2p/protocol/identify/obsaddr.go
Outdated
| @@ -200,6 +207,21 @@ func (oas *ObservedAddrManager) filter(observedAddrs []*observedAddr) []ma.Multi | |||
| } | |||
| } | |||
|
|
|||
| // For certain use cases such as hole punching, it's better to advertise even unactivated observed addresses rather than none at all | |||
There was a problem hiding this comment.
@vyzo This needs your attention. I discussed this with @Stebalien and he was okay with it.
…update-deps update deps due to license
|
@marten-seemann @vyzo @aarshkshah1992 : I'm putting this back to draft for now. Feel free to close if that's the better option. |
|
I actually think we ahould close it, i personally find it dangerous. |
|
@aarshkshah1992 @BigLep @vyzo @marten-seemann |
For #1039.
If either peer is behind a Symmetric NAT, there's no point in wasting a hole punch and bandwidth on Relay servers.
TODO