548 lines
16 KiB
Go
Raw Normal View History

package identify
import (
2019-06-09 09:24:20 +02:00
"context"
2021-10-19 09:43:41 -04:00
"fmt"
2024-06-05 16:10:03 -04:00
"net"
"slices"
"sort"
"sync"
2022-11-04 09:57:20 -04:00
"github.com/libp2p/go-libp2p/core/network"
2019-06-09 09:24:20 +02:00
ma "github.com/multiformats/go-multiaddr"
manet "github.com/multiformats/go-multiaddr/net"
)
// ActivationThresh sets how many times an address must be seen as "activated"
// and therefore advertised to other peers as an address that the local peer
// can be contacted on. The "seen" events expire by default after 40 minutes
// (OwnObservedAddressTTL * ActivationThreshold). The are cleaned up during
// the GC rounds set by GCInterval.
var ActivationThresh = 4
// observedAddrManagerWorkerChannelSize defines how many addresses can be enqueued
// for adding to an ObservedAddrManager.
var observedAddrManagerWorkerChannelSize = 16
2024-06-05 16:10:03 -04:00
const maxExternalThinWaistAddrsPerLocalAddr = 3
2019-06-09 09:24:20 +02:00
2024-06-05 16:10:03 -04:00
// thinWaist is a struct that stores the address along with it's thin waist prefix and rest of the multiaddr
type thinWaist struct {
Addr, TW, Rest ma.Multiaddr
}
2024-06-05 16:10:03 -04:00
// thinWaistWithCount is a thinWaist along with the count of the connection that have it as the local address
type thinWaistWithCount struct {
thinWaist
Count int
}
2024-06-05 16:10:03 -04:00
func thinWaistForm(a ma.Multiaddr) (thinWaist, error) {
i := 0
tw, rest := ma.SplitFunc(a, func(c ma.Component) bool {
if i > 1 {
return true
}
2024-06-05 16:10:03 -04:00
switch i {
case 0:
if c.Protocol().Code == ma.P_IP4 || c.Protocol().Code == ma.P_IP6 {
i++
return false
}
return true
case 1:
if c.Protocol().Code == ma.P_TCP || c.Protocol().Code == ma.P_UDP {
i++
return false
}
return true
}
return false
})
2024-06-05 16:10:03 -04:00
if i <= 1 {
return thinWaist{}, fmt.Errorf("not a thinwaist address: %s", a)
}
return thinWaist{Addr: a, TW: tw, Rest: rest}, nil
}
2024-06-05 16:10:03 -04:00
// getObserver returns the observer for the multiaddress
// For an IPv4 multiaddress the observer is the IP address
// For an IPv6 multiaddress the observer is the first /56 prefix of the IP address
func getObserver(a ma.Multiaddr) (string, error) {
ip, err := manet.ToIP(a)
if err != nil {
return "", err
}
if ip4 := ip.To4(); ip4 != nil {
return ip4.String(), nil
}
// Count /56 prefix as a single observer.
return ip.Mask(net.CIDRMask(56, 128)).String(), nil
2019-06-09 09:24:20 +02:00
}
2024-06-05 16:10:03 -04:00
// connMultiaddrs provides IsClosed along with network.ConnMultiaddrs. It is easier to mock this than network.Conn
type connMultiaddrs interface {
network.ConnMultiaddrs
IsClosed() bool
}
2022-04-01 12:16:46 -04:00
2024-06-05 16:10:03 -04:00
// observerSetCacheSize is the number of transport sharing the same thinwaist (tcp, ws, wss), (quic, webtransport, webrtc-direct)
// This is 3 in practice right now, but keep a buffer of 3 extra elements
const observerSetCacheSize = 5
2024-06-05 16:10:03 -04:00
// observerSet is the set of observers who have observed ThinWaistAddr
type observerSet struct {
ObservedTWAddr ma.Multiaddr
ObservedBy map[string]int
2019-06-09 09:24:20 +02:00
2024-06-05 16:10:03 -04:00
mu sync.RWMutex // protects following
cachedMultiaddrs map[string]ma.Multiaddr // cache of localMultiaddr rest(addr - thinwaist) => output multiaddr
}
2021-10-19 09:43:41 -04:00
2024-06-05 16:10:03 -04:00
func (s *observerSet) cacheMultiaddr(addr ma.Multiaddr) ma.Multiaddr {
if addr == nil {
return s.ObservedTWAddr
}
addrStr := string(addr.Bytes())
s.mu.RLock()
res, ok := s.cachedMultiaddrs[addrStr]
s.mu.RUnlock()
if ok {
return res
}
s.mu.Lock()
defer s.mu.Unlock()
// Check if some other go routine added this while we were waiting
res, ok = s.cachedMultiaddrs[addrStr]
if ok {
return res
}
if s.cachedMultiaddrs == nil {
s.cachedMultiaddrs = make(map[string]ma.Multiaddr, observerSetCacheSize)
}
if len(s.cachedMultiaddrs) == observerSetCacheSize {
// remove one entry if we will go over the limit
for k := range s.cachedMultiaddrs {
delete(s.cachedMultiaddrs, k)
break
}
}
s.cachedMultiaddrs[addrStr] = ma.Join(s.ObservedTWAddr, addr)
return s.cachedMultiaddrs[addrStr]
}
2021-10-19 09:43:41 -04:00
2024-06-05 16:10:03 -04:00
type observation struct {
conn connMultiaddrs
observed ma.Multiaddr
}
2024-06-05 16:10:03 -04:00
// ObservedAddrManager maps connection's local multiaddrs to their externally observable multiaddress
type ObservedAddrManager struct {
// Our listen addrs
listenAddrs func() []ma.Multiaddr
// Our listen addrs with interface addrs for unspecified addrs
interfaceListenAddrs func() ([]ma.Multiaddr, error)
// All host addrs
hostAddrs func() []ma.Multiaddr
// Any normalization required before comparing. Useful to remove certhash
normalize func(ma.Multiaddr) ma.Multiaddr
// worker channel for new observations
wch chan observation
// notified on recording an observation
addrRecordedNotif chan struct{}
// for closing
wg sync.WaitGroup
ctx context.Context
ctxCancel context.CancelFunc
2021-10-19 09:43:41 -04:00
2024-06-05 16:10:03 -04:00
mu sync.RWMutex
// local thin waist => external thin waist => observerSet
externalAddrs map[string]map[string]*observerSet
// connObservedTWAddrs maps the connection to the last observed thin waist multiaddr on that connection
connObservedTWAddrs map[connMultiaddrs]ma.Multiaddr
// localMultiaddr => thin waist form with the count of the connections the multiaddr
// was seen on for tracking our local listen addresses
localAddrs map[string]*thinWaistWithCount
}
2021-10-19 09:43:41 -04:00
2024-06-05 16:10:03 -04:00
// NewObservedAddrManager returns a new address manager using peerstore.OwnObservedAddressTTL as the TTL.
func NewObservedAddrManager(listenAddrs, hostAddrs func() []ma.Multiaddr,
interfaceListenAddrs func() ([]ma.Multiaddr, error), normalize func(ma.Multiaddr) ma.Multiaddr) (*ObservedAddrManager, error) {
if normalize == nil {
normalize = func(addr ma.Multiaddr) ma.Multiaddr { return addr }
}
o := &ObservedAddrManager{
externalAddrs: make(map[string]map[string]*observerSet),
connObservedTWAddrs: make(map[connMultiaddrs]ma.Multiaddr),
localAddrs: make(map[string]*thinWaistWithCount),
wch: make(chan observation, observedAddrManagerWorkerChannelSize),
addrRecordedNotif: make(chan struct{}, 1),
listenAddrs: listenAddrs,
interfaceListenAddrs: interfaceListenAddrs,
hostAddrs: hostAddrs,
normalize: normalize,
}
o.ctx, o.ctxCancel = context.WithCancel(context.Background())
o.wg.Add(1)
go o.worker()
return o, nil
2019-06-09 09:24:20 +02:00
}
// AddrsFor return all activated observed addresses associated with the given
// (resolved) listen address.
2024-06-05 16:10:03 -04:00
func (o *ObservedAddrManager) AddrsFor(addr ma.Multiaddr) (addrs []ma.Multiaddr) {
if addr == nil {
return nil
}
2024-06-05 16:10:03 -04:00
o.mu.RLock()
defer o.mu.RUnlock()
tw, err := thinWaistForm(o.normalize(addr))
if err != nil {
return nil
2019-06-09 09:24:20 +02:00
}
2024-06-05 16:10:03 -04:00
observerSets := o.getTopExternalAddrs(string(tw.TW.Bytes()))
res := make([]ma.Multiaddr, 0, len(observerSets))
for _, s := range observerSets {
res = append(res, s.cacheMultiaddr(tw.Rest))
}
return res
2019-06-09 09:24:20 +02:00
}
// Addrs return all activated observed addresses
2024-06-05 16:10:03 -04:00
func (o *ObservedAddrManager) Addrs() []ma.Multiaddr {
o.mu.RLock()
defer o.mu.RUnlock()
m := make(map[string][]*observerSet)
for localTWStr := range o.externalAddrs {
m[localTWStr] = append(m[localTWStr], o.getTopExternalAddrs(localTWStr)...)
}
addrs := make([]ma.Multiaddr, 0, maxExternalThinWaistAddrsPerLocalAddr*5) // assume 5 transports
for _, t := range o.localAddrs {
for _, s := range m[string(t.TW.Bytes())] {
addrs = append(addrs, s.cacheMultiaddr(t.Rest))
}
}
2024-06-05 16:10:03 -04:00
return addrs
}
2024-06-05 16:10:03 -04:00
func (o *ObservedAddrManager) getTopExternalAddrs(localTWStr string) []*observerSet {
observerSets := make([]*observerSet, 0, len(o.externalAddrs[localTWStr]))
for _, v := range o.externalAddrs[localTWStr] {
if len(v.ObservedBy) >= ActivationThresh {
observerSets = append(observerSets, v)
}
}
2024-06-05 16:10:03 -04:00
slices.SortFunc(observerSets, func(a, b *observerSet) int {
diff := len(b.ObservedBy) - len(a.ObservedBy)
if diff != 0 {
return diff
}
// In case we have elements with equal counts,
// keep the address list stable by using the lexicographically smaller address
as := a.ObservedTWAddr.String()
bs := b.ObservedTWAddr.String()
if as < bs {
return -1
} else if as > bs {
2024-05-15 19:15:00 -04:00
return 1
2024-06-05 16:10:03 -04:00
} else {
return 0
}
2024-06-05 16:10:03 -04:00
})
n := len(observerSets)
if n > maxExternalThinWaistAddrsPerLocalAddr {
n = maxExternalThinWaistAddrsPerLocalAddr
}
return observerSets[:n]
}
2024-06-05 16:10:03 -04:00
// Record enqueues an observation for recording
func (o *ObservedAddrManager) Record(conn connMultiaddrs, observed ma.Multiaddr) {
2019-06-09 09:24:20 +02:00
select {
2024-06-05 16:10:03 -04:00
case o.wch <- observation{
conn: conn,
observed: observed,
}:
2019-06-09 09:24:20 +02:00
default:
log.Debugw("dropping address observation due to full buffer",
"from", conn.RemoteMultiaddr(),
"observed", observed,
)
2019-06-09 09:24:20 +02:00
}
}
2024-06-05 16:10:03 -04:00
func (o *ObservedAddrManager) worker() {
defer o.wg.Done()
2019-06-09 09:24:20 +02:00
for {
select {
2024-06-05 16:10:03 -04:00
case obs := <-o.wch:
o.maybeRecordObservation(obs.conn, obs.observed)
case <-o.ctx.Done():
2019-06-09 09:24:20 +02:00
return
}
}
}
2024-06-05 16:10:03 -04:00
func (o *ObservedAddrManager) shouldRecordObservation(conn connMultiaddrs, observed ma.Multiaddr) (shouldRecord bool, localTW thinWaist, observedTW thinWaist) {
if conn == nil || observed == nil {
return false, thinWaist{}, thinWaist{}
}
// Ignore observations from loopback nodes. We already know our loopback
// addresses.
if manet.IsIPLoopback(observed) {
2024-06-05 16:10:03 -04:00
return false, thinWaist{}, thinWaist{}
}
// Provided by NAT64 peers, these addresses are specific to the peer and not publicly routable
if manet.IsNAT64IPv4ConvertedIPv6Addr(observed) {
2024-06-05 16:10:03 -04:00
return false, thinWaist{}, thinWaist{}
}
// we should only use ObservedAddr when our connection's LocalAddr is one
// of our ListenAddrs. If we Dial out using an ephemeral addr, knowing that
// address's external mapping is not very useful because the port will not be
// the same as the listen addr.
2024-06-05 16:10:03 -04:00
ifaceaddrs, err := o.interfaceListenAddrs()
if err != nil {
log.Infof("failed to get interface listen addrs", err)
2024-06-05 16:10:03 -04:00
return false, thinWaist{}, thinWaist{}
2023-05-19 16:23:55 -04:00
}
2024-06-05 16:10:03 -04:00
for i, a := range ifaceaddrs {
ifaceaddrs[i] = o.normalize(a)
}
2024-06-05 16:10:03 -04:00
local := o.normalize(conn.LocalMultiaddr())
2023-05-19 16:23:55 -04:00
2024-06-05 16:10:03 -04:00
listenAddrs := o.listenAddrs()
for i, a := range listenAddrs {
listenAddrs[i] = o.normalize(a)
2023-05-19 16:23:55 -04:00
}
if !ma.Contains(ifaceaddrs, local) && !ma.Contains(listenAddrs, local) {
// not in our list
2024-06-05 16:10:03 -04:00
return false, thinWaist{}, thinWaist{}
2023-05-19 16:23:55 -04:00
}
2024-06-05 16:10:03 -04:00
localTW, err = thinWaistForm(local)
if err != nil {
return false, thinWaist{}, thinWaist{}
}
observedTW, err = thinWaistForm(o.normalize(observed))
if err != nil {
return false, thinWaist{}, thinWaist{}
}
hostAddrs := o.hostAddrs()
for i, a := range hostAddrs {
hostAddrs[i] = o.normalize(a)
}
// We should reject the connection if the observation doesn't match the
// transports of one of our advertised addresses.
2023-05-19 16:23:55 -04:00
if !HasConsistentTransport(observed, hostAddrs) &&
!HasConsistentTransport(observed, listenAddrs) {
log.Debugw(
"observed multiaddr doesn't match the transports of any announced addresses",
"from", conn.RemoteMultiaddr(),
"observed", observed,
)
2024-06-05 16:10:03 -04:00
return false, thinWaist{}, thinWaist{}
}
2024-06-05 16:10:03 -04:00
return true, localTW, observedTW
2023-05-19 16:23:55 -04:00
}
2021-10-19 09:43:41 -04:00
2024-06-05 16:10:03 -04:00
func (o *ObservedAddrManager) maybeRecordObservation(conn connMultiaddrs, observed ma.Multiaddr) {
shouldRecord, localTW, observedTW := o.shouldRecordObservation(conn, observed)
if !shouldRecord {
return
}
log.Debugw("added own observed listen addr", "observed", observed)
2023-05-19 16:23:55 -04:00
2024-06-05 16:10:03 -04:00
o.mu.Lock()
defer o.mu.Unlock()
o.recordObservationUnlocked(conn, localTW, observedTW)
select {
case o.addrRecordedNotif <- struct{}{}:
default:
2021-10-19 09:43:41 -04:00
}
}
2024-06-05 16:10:03 -04:00
func (o *ObservedAddrManager) recordObservationUnlocked(conn connMultiaddrs, localTW, observedTW thinWaist) {
if conn.IsClosed() {
// dont record if the connection is already closed. Any previous observations will be removed in
// the disconnected callback
return
}
localTWStr := string(localTW.TW.Bytes())
observedTWStr := string(observedTW.TW.Bytes())
observer, err := getObserver(conn.RemoteMultiaddr())
if err != nil {
return
}
2024-06-05 16:10:03 -04:00
prevObservedTWAddr, ok := o.connObservedTWAddrs[conn]
if !ok {
t, ok := o.localAddrs[string(localTW.Addr.Bytes())]
if !ok {
t = &thinWaistWithCount{
thinWaist: localTW,
}
o.localAddrs[string(localTW.Addr.Bytes())] = t
}
t.Count++
} else {
if prevObservedTWAddr.Equal(observedTW.TW) {
// we have received the same observation again, nothing to do
2019-06-09 09:24:20 +02:00
return
}
2024-06-05 16:10:03 -04:00
// if we have a previous entry remove it from externalAddrs
o.removeExternalAddrsUnlocked(observer, localTWStr, string(prevObservedTWAddr.Bytes()))
// no need to change the localAddrs map here
}
2024-06-05 16:10:03 -04:00
o.connObservedTWAddrs[conn] = observedTW.TW
o.addExternalAddrsUnlocked(observedTW.TW, observer, localTWStr, observedTWStr)
}
2024-06-05 16:10:03 -04:00
func (o *ObservedAddrManager) removeExternalAddrsUnlocked(observer, localTWStr, observedTWStr string) {
s, ok := o.externalAddrs[localTWStr][observedTWStr]
if !ok {
return
}
s.ObservedBy[observer]--
if s.ObservedBy[observer] <= 0 {
delete(s.ObservedBy, observer)
}
if len(s.ObservedBy) == 0 {
delete(o.externalAddrs[localTWStr], observedTWStr)
}
if len(o.externalAddrs[localTWStr]) == 0 {
delete(o.externalAddrs, localTWStr)
}
2024-06-05 16:10:03 -04:00
}
func (o *ObservedAddrManager) addExternalAddrsUnlocked(observedTWAddr ma.Multiaddr, observer, localTWStr, observedTWStr string) {
s, ok := o.externalAddrs[localTWStr][observedTWStr]
if !ok {
s = &observerSet{
ObservedTWAddr: observedTWAddr,
ObservedBy: make(map[string]int),
}
if _, ok := o.externalAddrs[localTWStr]; !ok {
o.externalAddrs[localTWStr] = make(map[string]*observerSet)
}
o.externalAddrs[localTWStr][observedTWStr] = s
}
2024-06-05 16:10:03 -04:00
s.ObservedBy[observer]++
}
2024-06-05 16:10:03 -04:00
func (o *ObservedAddrManager) removeConn(conn connMultiaddrs) {
if conn == nil {
return
2021-10-19 09:43:41 -04:00
}
2024-06-05 16:10:03 -04:00
o.mu.Lock()
defer o.mu.Unlock()
2021-10-19 09:43:41 -04:00
2024-07-11 15:34:20 -04:00
observedTWAddr, ok := o.connObservedTWAddrs[conn]
if !ok {
return
}
delete(o.connObservedTWAddrs, conn)
2024-06-05 16:10:03 -04:00
// normalize before obtaining the thinWaist so that we are always dealing
// with the normalized form of the address
localTW, err := thinWaistForm(o.normalize(conn.LocalMultiaddr()))
if err != nil {
return
}
t, ok := o.localAddrs[string(localTW.Addr.Bytes())]
if !ok {
return
}
t.Count--
if t.Count <= 0 {
delete(o.localAddrs, string(localTW.Addr.Bytes()))
2021-10-19 09:43:41 -04:00
}
2024-06-05 16:10:03 -04:00
observer, err := getObserver(conn.RemoteMultiaddr())
if err != nil {
return
2021-10-19 09:43:41 -04:00
}
2024-06-05 16:10:03 -04:00
o.removeExternalAddrsUnlocked(observer, string(localTW.TW.Bytes()), string(observedTWAddr.Bytes()))
select {
case o.addrRecordedNotif <- struct{}{}:
default:
}
}
2021-10-19 09:43:41 -04:00
2024-06-05 16:10:03 -04:00
func (o *ObservedAddrManager) getNATType() (tcpNATType, udpNATType network.NATDeviceType) {
o.mu.RLock()
defer o.mu.RUnlock()
var tcpCounts, udpCounts []int
var tcpTotal, udpTotal int
for _, m := range o.externalAddrs {
isTCP := false
for _, v := range m {
if _, err := v.ObservedTWAddr.ValueForProtocol(ma.P_TCP); err == nil {
isTCP = true
2021-10-19 09:43:41 -04:00
}
2024-06-05 16:10:03 -04:00
break
2021-10-19 09:43:41 -04:00
}
2024-06-05 16:10:03 -04:00
for _, v := range m {
if isTCP {
tcpCounts = append(tcpCounts, len(v.ObservedBy))
tcpTotal += len(v.ObservedBy)
} else {
udpCounts = append(udpCounts, len(v.ObservedBy))
udpTotal += len(v.ObservedBy)
2021-10-19 09:43:41 -04:00
}
}
}
2024-06-05 16:10:03 -04:00
sort.Sort(sort.Reverse(sort.IntSlice(tcpCounts)))
sort.Sort(sort.Reverse(sort.IntSlice(udpCounts)))
2021-10-19 09:43:41 -04:00
2024-06-05 16:10:03 -04:00
tcpTopCounts, udpTopCounts := 0, 0
for i := 0; i < maxExternalThinWaistAddrsPerLocalAddr && i < len(tcpCounts); i++ {
tcpTopCounts += tcpCounts[i]
}
for i := 0; i < maxExternalThinWaistAddrsPerLocalAddr && i < len(udpCounts); i++ {
udpTopCounts += udpCounts[i]
2022-04-01 12:16:46 -04:00
}
2024-06-05 16:10:03 -04:00
// If the top elements cover more than 1/2 of all the observations, there's a > 50% chance that
// hole punching based on outputs of observed address manager will succeed
if tcpTotal >= 3*maxExternalThinWaistAddrsPerLocalAddr {
if tcpTopCounts >= tcpTotal/2 {
tcpNATType = network.NATDeviceTypeCone
} else {
tcpNATType = network.NATDeviceTypeSymmetric
}
}
if udpTotal >= 3*maxExternalThinWaistAddrsPerLocalAddr {
if udpTopCounts >= udpTotal/2 {
udpNATType = network.NATDeviceTypeCone
} else {
udpNATType = network.NATDeviceTypeSymmetric
}
}
return
}
2024-06-05 16:10:03 -04:00
func (o *ObservedAddrManager) Close() error {
o.ctxCancel()
o.wg.Wait()
return nil
}