Do not announce local and reserved addresses over DHT

iotaledger · Apr 22, 2024 · bada59b · bada59b
1 parent 4ea317a
commit bada59b
Show file tree

Hide file tree

Showing 8 changed files with 99 additions and 36 deletions.
diff --git a/components/p2p/component.go b/components/p2p/component.go
@@ -8,9 +8,11 @@ import (
 	"github.com/libp2p/go-libp2p/core/crypto"
 	"github.com/libp2p/go-libp2p/core/host"
 	"github.com/libp2p/go-libp2p/core/peer"
+	p2pbhost "github.com/libp2p/go-libp2p/p2p/host/basic"
 	"github.com/libp2p/go-libp2p/p2p/net/connmgr"
 	"github.com/libp2p/go-libp2p/p2p/transport/tcp"
 	"github.com/multiformats/go-multiaddr"
+	mamask "github.com/whyrusleeping/multiaddr-filter"
 	"go.uber.org/dig"
 
 	"github.com/iotaledger/hive.go/app"
@@ -19,6 +21,7 @@ import (
 	"github.com/iotaledger/hive.go/db"
 	"github.com/iotaledger/hive.go/ierrors"
 	"github.com/iotaledger/hive.go/kvstore"
+	"github.com/iotaledger/hive.go/lo"
 	"github.com/iotaledger/iota-core/pkg/daemon"
 	"github.com/iotaledger/iota-core/pkg/network"
 	"github.com/iotaledger/iota-core/pkg/network/p2p"
@@ -215,23 +218,7 @@ func provide(c *dig.Container) error {
 			libp2p.NATPortMap(),
 			libp2p.DisableRelay(),
 			// Define a custom address factory to inject external addresses to the DHT advertisements.
-			libp2p.AddrsFactory(func() func(addrs []multiaddr.Multiaddr) []multiaddr.Multiaddr {
-				var externalMultiAddrs []multiaddr.Multiaddr
-				if len(ParamsP2P.ExternalMultiAddresses) > 0 {
-					for _, externalMultiAddress := range ParamsP2P.ExternalMultiAddresses {
-						addr, err := multiaddr.NewMultiaddr(externalMultiAddress)
-						if err != nil {
-							Component.LogPanicf("unable to parse external multi address %s: %s", externalMultiAddress, err)
-						}
-
-						externalMultiAddrs = append(externalMultiAddrs, addr)
-					}
-				}
-
-				return func(addrs []multiaddr.Multiaddr) []multiaddr.Multiaddr {
-					return append(addrs, externalMultiAddrs...)
-				}
-			}()),
+			libp2p.AddrsFactory(publicOnlyAddresses(ParamsP2P.Autopeering.ExternalMultiAddresses)),
 		)
 		if err != nil {
 			Component.LogFatalf("unable to initialize libp2p host: %s", err)
@@ -368,3 +355,72 @@ func connectConfigKnownPeers() {
 		}
 	}
 }
+
+// Based on https://github.com/ipfs/kubo/blob/master/config/profile.go
+// defaultServerFilters has is a list of IPv4 and IPv6 prefixes that are private, local only, or unrouteable.
+// according to https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
+// and https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
+var reservedFilters = []string{
+	"/ip4/0.0.0.0/ipcidr/32",
+	"/ip4/10.0.0.0/ipcidr/8",
+	"/ip4/100.64.0.0/ipcidr/10",
+	"/ip4/127.0.0.0/ipcidr/8",
+	"/ip4/169.254.0.0/ipcidr/16",
+	"/ip4/172.16.0.0/ipcidr/12",
+	"/ip4/192.0.0.0/ipcidr/24",
+	"/ip4/192.0.2.0/ipcidr/24",
+	"/ip4/192.168.0.0/ipcidr/16",
+	"/ip4/192.31.196.0/ipcidr/24",
+	"/ip4/192.52.193.0/ipcidr/24",
+	"/ip4/198.18.0.0/ipcidr/15",
+	"/ip4/198.51.100.0/ipcidr/24",
+	"/ip4/203.0.113.0/ipcidr/24",
+	"/ip4/240.0.0.0/ipcidr/4",
+
+	"/ip6/::1/ipcidr/64",
+	"/ip6/100::/ipcidr/64",
+	"/ip6/2001:2::/ipcidr/48",
+	"/ip6/2001:db8::/ipcidr/32",
+	"/ip6/fc00::/ipcidr/7",
+	"/ip6/fe80::/ipcidr/10",
+}
+
+func publicOnlyAddresses(additionalMultiaddresses []string) p2pbhost.AddrsFactory {
+	var externalMultiAddrs []multiaddr.Multiaddr
+
+	// Add the external multi addresses to the list of addresses to be announced.
+	if len(additionalMultiaddresses) > 0 {
+		for _, externalMultiAddress := range additionalMultiaddresses {
+			addr, err := multiaddr.NewMultiaddr(externalMultiAddress)
+			if err != nil {
+				Component.LogPanicf("unable to parse external multi address %s: %s", externalMultiAddress, err)
+			}
+
+			externalMultiAddrs = append(externalMultiAddrs, addr)
+		}
+	}
+
+	// Create a filter that blocks localhost and reserved addresses.
+	filters := multiaddr.NewFilters()
+	for _, addr := range reservedFilters {
+		f, err := mamask.NewMask(addr)
+		if err != nil {
+			Component.LogPanicf("unable to parse ip mask filter %s: %s", addr, err)
+		}
+		filters.AddFilter(*f, multiaddr.ActionDeny)
+	}
+
+	return func(addresses []multiaddr.Multiaddr) []multiaddr.Multiaddr {
+		filteredAddresses := lo.Filter(append(addresses, externalMultiAddrs...), func(m multiaddr.Multiaddr) bool {
+			blocked := filters.AddrBlocked(m)
+			if blocked {
+				Component.LogTracef("Filtered out address %s", m)
+			}
+			return !blocked
+		})
+
+		Component.LogTracef("Announcing addresses: %v", filteredAddresses)
+
+		return filteredAddresses
+	}
+}
diff --git a/components/p2p/params.go b/components/p2p/params.go
@@ -22,14 +22,15 @@ type ParametersP2P struct {
 		LowWatermark int `default:"5" usage:"the minimum connections count to hold after the high watermark was reached"`
 	}
 
-	// ExternalMultiAddress defines additional p2p multiaddresses to be advertised via DHT.
-	ExternalMultiAddresses []string `default:"" usage:"external reacheable multi addresses advertised to the network"`
-
 	// Defines the private key used to derive the node identity (optional).
 	IdentityPrivateKey string `default:"" usage:"private key used to derive the node identity (optional)"`
 
 	Autopeering struct {
-		MaxPeers int `default:"5" usage:"the max number of autopeer connections. Set to 0 to disable autopeering."`
+		// MaxPeers defines the max number of auto-peer connections. Set to 0 to disable auto-peering.
+		MaxPeers int `default:"5" usage:"the max number of auto-peer connections. Set to 0 to disable auto-peering."`
+
+		// ExternalMultiAddress defines additional p2p multiaddresses to be advertised via DHT.
+		ExternalMultiAddresses []string `default:"" usage:"external reacheable multi addresses advertised to the network"`
 	}
 
 	Database struct {

diff --git a/config_defaults.json b/config_defaults.json
@@ -26,10 +26,10 @@
       "highWatermark": 10,
       "lowWatermark": 5
     },
-    "externalMultiAddresses": [],
     "identityPrivateKey": "",
     "autopeering": {
-      "maxPeers": 5
+      "maxPeers": 5,
+      "externalMultiAddresses": []
     },
     "db": {
       "path": "testnet/p2pstore"

diff --git a/documentation/configuration.md b/documentation/configuration.md
@@ -93,14 +93,13 @@ Example:
 
 ## <a id="p2p"></a> 3. Peer to Peer
 
-| Name                                        | Description                                                   | Type   | Default value                                |
-| ------------------------------------------- | ------------------------------------------------------------- | ------ | -------------------------------------------- |
-| bindMultiAddresses                          | The bind multi addresses for p2p connections                  | array  | /ip4/0.0.0.0/tcp/15600<br/>/ip6/::/tcp/15600 |
-| [connectionManager](#p2p_connectionmanager) | Configuration for connectionManager                           | object |                                              |
-| externalMultiAddresses                      | External reacheable multi addresses advertised to the network | array  |                                              |
-| identityPrivateKey                          | Private key used to derive the node identity (optional)       | string | ""                                           |
-| [autopeering](#p2p_autopeering)             | Configuration for autopeering                                 | object |                                              |
-| [db](#p2p_db)                               | Configuration for Database                                    | object |                                              |
+| Name                                        | Description                                             | Type   | Default value                                |
+| ------------------------------------------- | ------------------------------------------------------- | ------ | -------------------------------------------- |
+| bindMultiAddresses                          | The bind multi addresses for p2p connections            | array  | /ip4/0.0.0.0/tcp/15600<br/>/ip6/::/tcp/15600 |
+| [connectionManager](#p2p_connectionmanager) | Configuration for connectionManager                     | object |                                              |
+| identityPrivateKey                          | Private key used to derive the node identity (optional) | string | ""                                           |
+| [autopeering](#p2p_autopeering)             | Configuration for autopeering                           | object |                                              |
+| [db](#p2p_db)                               | Configuration for Database                              | object |                                              |
 
 ### <a id="p2p_connectionmanager"></a> ConnectionManager
 
@@ -111,9 +110,10 @@ Example:
 
 ### <a id="p2p_autopeering"></a> Autopeering
 
-| Name     | Description                                                              | Type | Default value |
-| -------- | ------------------------------------------------------------------------ | ---- | ------------- |
-| maxPeers | The max number of autopeer connections. Set to 0 to disable autopeering. | int  | 5             |
+| Name                   | Description                                                                | Type  | Default value |
+| ---------------------- | -------------------------------------------------------------------------- | ----- | ------------- |
+| maxPeers               | The max number of auto-peer connections. Set to 0 to disable auto-peering. | int   | 5             |
+| externalMultiAddresses | External reacheable multi addresses advertised to the network              | array |               |
 
 ### <a id="p2p_db"></a> Database
 
@@ -134,10 +134,10 @@ Example:
         "highWatermark": 10,
         "lowWatermark": 5
       },
-      "externalMultiAddresses": [],
       "identityPrivateKey": "",
       "autopeering": {
-        "maxPeers": 5
+        "maxPeers": 5,
+        "externalMultiAddresses": []
       },
       "db": {
         "path": "testnet/p2pstore"

diff --git a/go.mod b/go.mod
@@ -169,6 +169,7 @@ require (
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
 	github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 // indirect
+	github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.25.0 // indirect
 	go.opentelemetry.io/otel/metric v1.25.0 // indirect

diff --git a/go.sum b/go.sum
@@ -695,6 +695,8 @@ github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0 h1:GDDkbFiaK8jsSD
 github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0/go.mod h1:x6AKhvSSexNrVSrViXSHUEbICjmGXhtgABaHIySUSGw=
 github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 h1:EKhdznlJHPMoKr0XTrX+IlJs1LH3lyx2nfr1dOlZ79k=
 github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1/go.mod h1:8UvriyWtv5Q5EOgjHaSseUEdkQfvwFv1I/In/O2M9gc=
+github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7 h1:E9S12nwJwEOXe2d6gT6qxdvqMnNq+VnSsKPgm2ZZNds=
+github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7/go.mod h1:X2c0RVCI1eSUFI8eLcY3c0423ykwiUdxLJtkDvruhjI=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=

diff --git a/tools/gendoc/go.mod b/tools/gendoc/go.mod
@@ -160,6 +160,7 @@ require (
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
 	github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 // indirect
+	github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7 // indirect
 	github.com/zyedidia/generic v1.2.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.25.0 // indirect

diff --git a/tools/gendoc/go.sum b/tools/gendoc/go.sum
@@ -697,6 +697,8 @@ github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0 h1:GDDkbFiaK8jsSD
 github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0/go.mod h1:x6AKhvSSexNrVSrViXSHUEbICjmGXhtgABaHIySUSGw=
 github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 h1:EKhdznlJHPMoKr0XTrX+IlJs1LH3lyx2nfr1dOlZ79k=
 github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1/go.mod h1:8UvriyWtv5Q5EOgjHaSseUEdkQfvwFv1I/In/O2M9gc=
+github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7 h1:E9S12nwJwEOXe2d6gT6qxdvqMnNq+VnSsKPgm2ZZNds=
+github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7/go.mod h1:X2c0RVCI1eSUFI8eLcY3c0423ykwiUdxLJtkDvruhjI=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=