protocols/autonat: optionally use only global IPs (#2618)

Optionally only perform dial-backs on peers that are observed at a global ip-address. This is relevant when multiple peers are in the same local network, in which case a peer could incorrectly assume themself to be public because a peer in the same local network was able to dial them. Thus servers should reject dial-back requests from clients with a non-global IP address, and at the same time clients should only pick connected peers as servers if they are global. Behind a config flag (enabled by default) to also allow use-cases where AutoNAT is needed within a private network.
2025-06-25 07:41:34 +00:00 · 2022-05-22 22:04:05 +02:00
parent 48598fc1da
commit ef2afcd41e
6 changed files with 247 additions and 57 deletions
--- a/protocols/autonat/src/behaviour/as_client.rs
+++ b/protocols/autonat/src/behaviour/as_client.rs
@ -262,7 +262,12 @@ impl<'a> AsClient<'a> {
        let mut servers: Vec<&PeerId> = self.servers.iter().collect();

        if self.config.use_connected {
-            servers.extend(self.connected.iter().map(|(id, _)| id));
+            servers.extend(self.connected.iter().filter_map(|(id, addrs)| {
+                // Filter servers for which no qualified address is known.
+                // This is the case if the connection is relayed or the address is
+                // not global (in case of Config::only_global_ips).
+                addrs.values().any(|a| a.is_some()).then(|| id)
+            }));
        }

        servers.retain(|s| !self.throttled_servers.iter().any(|(id, _)| s == &id));