Implement BEP-42: DHT Security extension #43
Conversation
Add the compute_prefix function to compute the 21bit prefix of a node ID from its IP address.
Add a voting system to reliably discover our node's external IP address. Once the node's external IP address has been reliably established, compute the prefix and reset current node ID.
Do not accept a get_peer search response if the node ID prefix does not match its external IP address. Introduce DHT_BEP42_ENFORCE macro to enable enforcement (disabled by default).
|
Your patch series looks good. The only thing I don't understand is what happens when the (external) IP address changes. What's more, I'm not convinced that BEP-42 is a good idea: in IPv4, it implies that there can be only one DHT node behind a NAT, which breaks the DHT for e.g. multiple family members sharing an IP, or people suck behind a CGNAT. In IPv6, it's even worse — it prevents multiple nodes on a single /64. Am I missing something? |
With bep-42, your external IP address, as seen by other nodes of the network, is returned to you in a top-level "ip" field of each replies. If the address changes, the value contained in "ip" changes. Once the node has received enough replies with the same ip value, it regards the value as it's new external IP address and then recompute the node ID prefix.
I'm quite unfamiliar with IPv6 so I cannot comment on that. However, bep-42 only restricts the first 21 most significant of the 160 bits of the node-id, which means that as much as 2^139 nodes can run behind a NAT. Besides, for each "external" IP address, there are 8 possible prefixes. |
This change implements BEP-42.
Whenever the voting process terminates, we directly update the myid variable with the new prefix, the ID change will automatically be reflected in all new requests.
edit: some cleanups, split the change in multiple independent commits, add the enforcement (disabled by default).