feat: connection gater #987
Conversation
BigLep
added
the
need/maintainer-input
|
@vasco-santos : is this desirable to land soon, and is this a PR you can look at, or is there someone else we can delegate to? |
| @@ -18,3 +18,39 @@ The following is a list of available options for setting limits for the Connecti | |||
| - `pollInterval`: sets the poll interval (in milliseconds) for assessing the current state and determining if this peer needs to force a disconnect. Defaults to `2000` (2 seconds). | |||
| - `movingAverageInterval`: the interval used to calculate moving averages (in milliseconds). Defaults to `60000` (1 minute). This must be an available interval configured in `Metrics` | |||
| - `defaultPeerValue`: number between 0 and 1. Defaults to 1. | |||
| - `gater`: gater options. | |||
|
|
|||
| ### Gater Options | |||
There was a problem hiding this comment.
It may be nice to have the comments from https://github.com/libp2p/go-libp2p-core/blob/master/connmgr/gater.go#L11-L43 included here or wherever is most appropriate
| @@ -118,6 +124,10 @@ class Dialer { | |||
| * @returns {Promise<Connection>} | |||
| */ | |||
| async connectToPeer (peer, options = {}) { | |||
| const { id } = getPeer(peer) | |||
| if (this.connectionManager && await this.connectionManager.gater.interceptPeerDial(id)) { | |||
There was a problem hiding this comment.
Is there a case when this.connectionManager will be undefined? In the upgrader, it seems like it isn't treated that way.
| @@ -180,10 +190,12 @@ class Dialer { | |||
| const { id, multiaddrs } = getPeer(peer) | |||
|
|
|||
| if (multiaddrs) { | |||
| this.peerStore.addressBook.add(id, multiaddrs) | |||
| const filteredMultiaddrs = await all(filter(multiaddrs, async (multiaddr) => !(this.connectionManager && await this.connectionManager.gater.interceptAddrDial(id, multiaddr)))) | |||
| this.peerStore.addressBook.add(id, filteredMultiaddrs) | |||
There was a problem hiding this comment.
Should the gater be called here?
The intercept below (L198) will filter addrs that are attempting to be dialed.
There was a problem hiding this comment.
To prevent malicious multiaddrs from adding to addressBook
| if (await this.connectionManager.gater.interceptSecured('outbound', remotePeer, encryptedConn)) { | ||
| throw errCode(new Error('The multiaddr connection is blocked by gater.interceptSecured'), codes.ERR_CONNECTION_INTERCEPTED) | ||
| } | ||
|
|
There was a problem hiding this comment.
interceptUpgraded is needed for outbound too
|
Too many conflicts from master, may postpone until next month. |
|
Continued in #1142 since this PR does not allow maintainer commits. |
https://github.com/libp2p/go-libp2p-core/blob/master/connmgr/gater.go