* protocols/kad: Do not attempt to store expired record in record store
`Kademlia::record_received` calculates the expiration time of a record
before inserting it into the record store. Instead of inserting the
record into the record store in any case, with this patch the record is
only inserted if it is not expired. If the record is expired a
`KademliaHandlerIn::Reset` for the given (sub) stream is triggered.
This would serve as a tiny defense mechanism against an attacker trying
to fill a node's record store with expired records before the record
store's clean up procedure removes the records.
* protocols/kad: Send regular ack when record discarded due to expiration
With this commit the remote receives a
[`KademliaHandlerIn::PutRecordRes`] even in the case where the record is
discarded due to being expired. Given that the remote sent the local
node a [`KademliaHandlerEvent::PutRecord`] request, the remote perceives
the local node as one node among the k closest nodes to the target.
Returning a [`KademliaHandlerIn::Reset`] instead of an
[`KademliaHandlerIn::PutRecordRes`] to have the remote try another node
would only result in the remote node to contact an even more distant
node. In addition returning [`KademliaHandlerIn::PutRecordRes`] does not
reveal any internal information to a possibly malicious remote node.
* protocols/kad/src/behaviour: Use `now` and reword expiration comment
Co-authored-by: Roman Borschel <romanb@users.noreply.github.com>
* protocols/kad: Add test to reproduce right shift overflow panic
* protocols/kad: Fix right shift overflow panic in record_received
Within `Behaviour::record_received` the exponentially decreasing
expiration based on the distance to the target for a record is
calculated as following:
1. Calculate the amount of nodes between us and the record key beyond
the k replication constant as `n`.
2. Shift the configured record time-to-live `n` times to the right to
calculate an exponentially decreasing expiration.
The configured record time-to-live is a u64. If `n` is larger or equal
to 64 the right shift will lead to an overflow which panics in debug
mode.
This patch uses a checked right shift instead, defaulting to 0 (`now +
0`) for the expiration on overflow.
* protocols/kad: Put attribute below comment
* protocols/kad: Extract shifting logic and rework test
Extract right shift into isolated function and replace complex
regression test with small isolated one.
* protocols/kad/src/behaviour: Refactor exp_decr_expiration
Co-authored-by: Roman Borschel <romanb@users.noreply.github.com>
* Allow multiple connections per peer in libp2p-core.
Instead of trying to enforce a single connection per peer,
which involves quite a bit of additional complexity e.g.
to prioritise simultaneously opened connections and can
have other undesirable consequences [1], we now
make multiple connections per peer a feature.
The gist of these changes is as follows:
The concept of a "node" with an implicit 1-1 correspondence
to a connection has been replaced with the "first-class"
concept of a "connection". The code from `src/nodes` has moved
(with varying degrees of modification) to `src/connection`.
A `HandledNode` has become a `Connection`, a `NodeHandler` a
`ConnectionHandler`, the `CollectionStream` was the basis for
the new `connection::Pool`, and so forth.
Conceptually, a `Network` contains a `connection::Pool` which
in turn internally employs the `connection::Manager` for
handling the background `connection::manager::Task`s, one
per connection, as before. These are all considered implementation
details. On the public API, `Peer`s are managed as before through
the `Network`, except now the API has changed with the shift of focus
to (potentially multiple) connections per peer. The `NetworkEvent`s have
accordingly also undergone changes.
The Swarm APIs remain largely unchanged, except for the fact that
`inject_replaced` is no longer called. It may now practically happen
that multiple `ProtocolsHandler`s are associated with a single
`NetworkBehaviour`, one per connection. If implementations of
`NetworkBehaviour` rely somehow on communicating with exactly
one `ProtocolsHandler`, this may cause issues, but it is unlikely.
[1]: https://github.com/paritytech/substrate/issues/4272
* Fix intra-rustdoc links.
* Update core/src/connection/pool.rs
Co-Authored-By: Max Inden <mail@max-inden.de>
* Address some review feedback and fix doc links.
* Allow responses to be sent on the same connection.
* Remove unnecessary remainders of inject_replaced.
* Update swarm/src/behaviour.rs
Co-Authored-By: Pierre Krieger <pierre.krieger1708@gmail.com>
* Update swarm/src/lib.rs
Co-Authored-By: Pierre Krieger <pierre.krieger1708@gmail.com>
* Update core/src/connection/manager.rs
Co-Authored-By: Pierre Krieger <pierre.krieger1708@gmail.com>
* Update core/src/connection/manager.rs
Co-Authored-By: Pierre Krieger <pierre.krieger1708@gmail.com>
* Update core/src/connection/pool.rs
Co-Authored-By: Pierre Krieger <pierre.krieger1708@gmail.com>
* Incorporate more review feedback.
* Move module declaration below imports.
* Update core/src/connection/manager.rs
Co-Authored-By: Toralf Wittner <tw@dtex.org>
* Update core/src/connection/manager.rs
Co-Authored-By: Toralf Wittner <tw@dtex.org>
* Simplify as per review.
* Fix rustoc link.
* Add try_notify_handler and simplify.
* Relocate DialingConnection and DialingAttempt.
For better visibility constraints.
* Small cleanup.
* Small cleanup. More robust EstablishedConnectionIter.
* Clarify semantics of `DialingPeer::connect`.
* Don't call inject_disconnected on InvalidPeerId.
To preserve the previous behavior and ensure calls to
`inject_disconnected` are always paired with calls to
`inject_connected`.
* Provide public ConnectionId constructor.
Mainly needed for testing purposes, e.g. in substrate.
* Move the established connection limit check to the right place.
* Clean up connection error handling.
Separate connection errors into those occuring during
connection setup or upon rejecting a newly established
connection (the `PendingConnectionError`) and those
errors occurring on previously established connections,
i.e. for which a `ConnectionEstablished` event has
been emitted by the connection pool earlier.
* Revert change in log level and clarify an invariant.
* Remove inject_replaced entirely.
* Allow notifying all connection handlers.
Thereby simplify by introducing a new enum `NotifyHandler`,
used with a single constructor `NetworkBehaviourAction::NotifyHandler`.
* Finishing touches.
Small API simplifications and code deduplication.
Some more useful debug logging.
Co-authored-by: Max Inden <mail@max-inden.de>
Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
Co-authored-by: Toralf Wittner <tw@dtex.org>
The `QueryId` type should be exported as it is used in the
`NetworkBehaviour::ProtocolsHandler` type of `Kademlia`.
`Kademlia::protocol_name` is added for convenience.
* Replace some remaining `AsRef` constraints for DHT keys with `Borrow`.
* Add a bit of debug/trace logging.
* Tiny refactoring and a debug assertion for the `bucket` module.
* Fix broken links in rustdoc
This fixes all of the rustdoc warnings on nightly.
* Check documentation intra-link
* Fix config
* Fix bad indent
* Make nightly explicit
* More links fixes
* Fix link broken after master merge
Co-authored-by: Demi Obenour <48690212+DemiMarie-parity@users.noreply.github.com>
* Simplify trait bounds requirements
* More work
* Moar
* Finish
* Fix final tests
* More simplification
* Use separate traits for Inbound/Outbound
* Update gossipsub and remove warnings
* Add documentation to swarm
* Remove BoxSubstream
* Fix tests not compiling
* Fix stack overflow
* Address concerns
* For some reason my IDE ignored libp2p-kad
- Pin `futures_codec` to version 0.3.3 as later versions require
at least bytes-0.5 which he have not upgraded to yet.
- Replace `futures::executor::block_on` with `async_std::task::block_on`
where `async-std` is already a dependency to work around an issue with
`park`/`unpark` behaviour.
- Use the published version of `quicksink`.
* Implement Debug for (ed25519|secp256k1)::(Keypair|SecretKey) (#1285)
* Fix possible arithmetic overflow in libp2p-kad. (#1291)
When the number of active queries exceeds the (internal)
JOBS_MAX_QUERIES limit, which is only supposed to bound
the number of concurrent queries relating to background
jobs, an arithmetic overflow occurs. This is fixed by
using saturating subtraction.
* protocols/plaintext: Add example on how to upgrade with PlainTextConfig1 (#1286)
* [mdns] - Support for long mDNS names (Bug #1232) (#1287)
* Dead code -- commenting out with a note referencing future implementation
* Adding "std" feature so that cargo can build in other directories (notably `misc/mdns`, so that I could run these tests)
* Permitting `PeerID` to be built from an `Identity` multihash
* The length limit for DNS labels is 63 characters, as per RFC1035
* Allocates the vector with capacity for the service name plus additional QNAME encoding bytes
* Added support for encoding/decoding peer IDs with an encoded length greater than 63 characters
* Removing "std" from ring features
Co-Authored-By: Pierre Krieger <pierre.krieger1708@gmail.com>
* Retaining MAX_INLINE_KEY_LENGTH with comment about future usage
* `segment_peer_id` consumes `peer_id` ... plus an early return for IDs that don't need to be segmented
* Fixing logic
* Bump most dependencies (#1268)
* Bump most dependencies
This actually builds 😊.
* Bump all dependencies
Includes the excellent work of @rschulman in #1265.
* Remove use of ed25519-dalek fork
* Monomorphize more dependencies
* Add compatibility hack for rand
Cargo allows a crate to depend on multiple versions of another, but
`cargo-web` panics in that situation. Use a wrapper crate to work
around the panic.
* Use @tomaka’s idea for using a newer `rand`
instead of my own ugly hack.
* Switch to Parity master
as its dependency-bumping PR has been merged.
* Update some depenendencies again
* Remove unwraps and `#[allow(deprecated)]`.
* Remove spurious changes to dependencies
Bumping minor or patch versions is not needed, and increases likelyhood
of merge conflicts.
* Remove some redundant Cargo.toml changes
* Replace a retry loop with an expect
`ed25519::SecretKey::from_bytes` will never fail for 32-byte inputs.
* Revert changes that don’t belong in this PR
* Remove using void to bypass ICE (#1295)
* Publish 0.13.0 (#1294)
* Bump most dependencies
This actually builds 😊.
* Bump all dependencies
Includes the excellent work of @rschulman in #1265.
* Remove use of ed25519-dalek fork
* Monomorphize more dependencies
* Add compatibility hack for rand
Cargo allows a crate to depend on multiple versions of another, but
`cargo-web` panics in that situation. Use a wrapper crate to work
around the panic.
* Use @tomaka’s idea for using a newer `rand`
instead of my own ugly hack.
* Switch to Parity master
as its dependency-bumping PR has been merged.
* Update some depenendencies again
* Remove unwraps and `#[allow(deprecated)]`.
* Remove spurious changes to dependencies
Bumping minor or patch versions is not needed, and increases likelyhood
of merge conflicts.
* Remove some redundant Cargo.toml changes
* Replace a retry loop with an expect
`ed25519::SecretKey::from_bytes` will never fail for 32-byte inputs.
* Revert changes that don’t belong in this PR
When the number of active queries exceeds the (internal)
JOBS_MAX_QUERIES limit, which is only supposed to bound
the number of concurrent queries relating to background
jobs, an arithmetic overflow occurs. This is fixed by
using saturating subtraction.
* Configurable multistream-select protocol. Add V1Lazy variant. (#1245)
Make the multistream-select protocol (version) configurable
on transport upgrades as well as for individual substreams.
Add a "lazy" variant of multistream-select 1.0 that delays
sending of negotiation protocol frames as much as possible
but is only safe to use under additional assumptions that
go beyond what is required by the multistream-select v1
specification.
* Improve the code readability of the chat example (#1253)
* Add bridged chats (#1252)
* Try fix CI (#1261)
* Print Rust version on CI
* Don't print where not appropriate
* Change caching strategy
* Remove win32 build
* Remove win32 from list
* Update libsecp256k1 dep to 0.3.0 (#1258)
* Update libsecp256k1 dep to 0.3.0
* Sign now cannot fail
* Upgrade url and percent-encoding deps to 2.1.0 (#1267)
* Upgrade percent-encoding dep to 2.1.0
* Upgrade url dep to 2.1.0
* Revert CIPHERS set to null (#1273)
* Update dependency versions (#1265)
* Update versions of many dependencies
* Bump version of rand
* Updates for changed APIs in rand, ring, and webpki
* Replace references to `snow::Session`
`Session` no longer exists in `snow` but the replacement is two structs `HandshakeState` and `TransportState`
Something will have to be done to harmonize `NoiseOutput.session`
* Add precise type for UnparsedPublicKey
* Update data structures/functions to match new snow's API
* Delete diff.diff
Remove accidentally committed diff file
* Remove commented lines in identity/rsa.rs
* Bump libsecp256k1 to 0.3.1
* Implement /plaintext/2.0.0 (#1236)
* WIP
* plaintext/2.0.0
* Refactor protobuf related issues to compatible with the spec
* Rename: new PlainTextConfig -> PlainText2Config
* Keep plaintext/1.0.0 as PlainText1Config
* Config contains pubkey
* Rename: proposition -> exchange
* Add PeerId to Exchange
* Check the validity of the remote's `Exchange`
* Tweak
* Delete unused import
* Add debug log
* Delete unused field: public_key_encoded
* Delete unused field: local
* Delete unused field: exchange_bytes
* The inner instance should not be public
* identity::Publickey::Rsa is not available on wasm
* Delete PeerId from Config as it should be generated from the pubkey
* Catch up for #1240
* Tweak
* Update protocols/plaintext/src/error.rs
Co-Authored-By: Pierre Krieger <pierre.krieger1708@gmail.com>
* Update protocols/plaintext/src/handshake.rs
Co-Authored-By: Pierre Krieger <pierre.krieger1708@gmail.com>
* Update protocols/plaintext/src/error.rs
Co-Authored-By: Pierre Krieger <pierre.krieger1708@gmail.com>
* Update protocols/plaintext/src/error.rs
Co-Authored-By: Roman Borschel <romanb@users.noreply.github.com>
* Update protocols/plaintext/src/error.rs
Co-Authored-By: Roman Borschel <romanb@users.noreply.github.com>
* Rename: pubkey -> local_public_key
* Delete unused error
* Rename: PeerIdValidationFailed -> InvalidPeerId
* Fix: HandShake -> Handshake
* Use bytes insteadof Publickey to avoid code duplication
* Replace with ProtobufError
* Merge HandshakeContext<()> into HandshakeContext<Local>
* Improve the peer ID validation to simplify the handshake
* Propagate Remote to allow extracting the PeerId from the Remote
* Collapse the same kind of errors into the variant
* [noise]: `sodiumoxide 0.2.5` (#1276)
Fixes https://github.com/RustSec/advisory-db/pull/192
* examples/ipfs-kad.rs: Remove outdated reference to `without_init` (#1280)
* CircleCI Test Fix (#1282)
* Disabling "Docker Layer Caching" because it breaks one of the circleci checks
* Bump to trigger CircleCI build
* unbump
* zeroize: Upgrade to v1.0 (#1284)
v1.0 final release is out. Release notes:
https://github.com/iqlusioninc/crates/pull/279
* *: Consolidate protobuf scripts and update to rust-protobuf 2.8.1 (#1275)
* *: Consolidate protobuf generation scripts
* *: Update to rust-protobuf 2.8.1
* *: Mark protobuf generated modules with '_proto'
* examples: Add distributed key value store (#1281)
* examples: Add distributed key value store
This commit adds a basic distributed key value store supporting GET and
PUT commands using Kademlia and mDNS.
* examples/distributed-key-value-store: Fix typo
* Simple Warning Cleanup (#1278)
* Cleaning up warnings - removing unused `use`
* Cleaning up warnings - unused tuple value
* Cleaning up warnings - removing dead code
* Cleaning up warnings - fixing deprecated name
* Cleaning up warnings - removing dead code
* Revert "Cleaning up warnings - removing dead code"
This reverts commit f18a765e4bf240b0ed9294ec3ae5dab5c186b801.
* Enable the std feature of ring (#1289)
* Configurable multistream-select protocol. Add V1Lazy variant. (#1245)
Make the multistream-select protocol (version) configurable
on transport upgrades as well as for individual substreams.
Add a "lazy" variant of multistream-select 1.0 that delays
sending of negotiation protocol frames as much as possible
but is only safe to use under additional assumptions that
go beyond what is required by the multistream-select v1
specification.
* Improve the code readability of the chat example (#1253)
* Add bridged chats (#1252)
* Try fix CI (#1261)
* Print Rust version on CI
* Don't print where not appropriate
* Change caching strategy
* Remove win32 build
* Remove win32 from list
* Update libsecp256k1 dep to 0.3.0 (#1258)
* Update libsecp256k1 dep to 0.3.0
* Sign now cannot fail
* Upgrade url and percent-encoding deps to 2.1.0 (#1267)
* Upgrade percent-encoding dep to 2.1.0
* Upgrade url dep to 2.1.0
* Fix more conflicts
* Revert CIPHERS set to null (#1273)
Make the multistream-select protocol (version) configurable
on transport upgrades as well as for individual substreams.
Add a "lazy" variant of multistream-select 1.0 that delays
sending of negotiation protocol frames as much as possible
but is only safe to use under additional assumptions that
go beyond what is required by the multistream-select v1
specification.
* Rework the transport upgrade API.
ALthough transport upgrades must follow a specific pattern
in order fot the resulting transport to be usable with a
`Network` or `Swarm`, that pattern is currently not well
reflected in the transport upgrade API. Rather, transport
upgrades are rather laborious and involve non-trivial code
duplication.
This commit introduces a `transport::upgrade::Builder` that is
obtained from `Transport::upgrade`. The `Builder` encodes the
previously implicit rules for transport upgrades:
1. Authentication upgrades must happen first.
2. Any number of upgrades may follow.
3. A multiplexer upgrade must happen last.
Since multiplexing is the last (regular) transport upgrade (because
that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead`
/ `AsyncWrite` resource, which the upgrade process is based on),
the upgrade starts with `Transport::upgrade` and ends with
`Builder::multiplex`, which drops back down to the `Transport`,
providing a fluent API.
Authentication and multiplexer upgrades must furthermore adhere
to a minimal contract w.r.t their outputs:
1. An authentication upgrade is given an (async) I/O resource `C`
and must produce a pair `(I, D)` where `I: ConnectionInfo` and
`D` is a new (async) I/O resource `D`.
2. A multiplexer upgrade is given an (async) I/O resource `C`
and must produce a `M: StreamMuxer`.
To that end, two changes to the `secio` and `noise` protocols have been
made:
1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`.
The former implements `ConnectionInfo` and the latter `AsyncRead` /
`AsyncWrite`, fulfilling the `Builder` contract.
2. A new `NoiseAuthenticated` upgrade has been added that wraps around
any noise upgrade (i.e. `NoiseConfig`) and has an output of
`(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from
the handshake output is an `IdentityKey`, failing if that is not the
case. This is the standard upgrade procedure one wants for integrating
noise with libp2p-core/swarm.
* Cleanup
* Add a new integration test.
* Add missing license.
* Remove tokio-codec dependency from multistream-select.
In preparation for the eventual switch from tokio to std futures.
Includes some initial refactoring in preparation for further work
in the context of https://github.com/libp2p/rust-libp2p/issues/659.
* Reduce default buffer sizes.
* Allow more than one frame to be buffered for sending.
* Doc tweaks.
* Remove superfluous (duplicated) Message types.
* Reduce roundtrips in multistream-select negotiation.
1. Enable 0-RTT: If the dialer only supports a single protocol, it can send
protocol data (e.g. the actual application request) together with
the multistream-select header and protocol proposal. Similarly,
if the listener supports a proposed protocol, it can send protocol
data (e.g. the actual application response) together with the
multistream-select header and protocol confirmation.
2. In general, the dialer "settles on" an expected protocol as soon
as it runs out of alternatives. Furthermore, both dialer and listener
do not immediately flush the final protocol confirmation, allowing it
to be sent together with application protocol data. Attempts to read
from the negotiated I/O stream implicitly flushes any pending data.
3. A clean / graceful shutdown of an I/O stream always completes protocol
negotiation.
The publich API of multistream-select changed slightly, requiring both
AsyncRead and AsyncWrite bounds for async reading and writing due to
the implicit buffering and "lazy" negotiation. The error types have
also been changed, but they were not previously fully exported.
Includes some general refactoring with simplifications and some more tests,
e.g. there was an edge case relating to a possible ambiguity when parsing
multistream-select protocol messages.
* Further missing commentary.
* Remove unused test dependency.
* Adjust commentary.
* Cleanup NegotiatedComplete::poll()
* Fix deflate protocol tests.
* Stabilise network_simult test.
The test implicitly relied on "slow" connection establishment
in order to have a sufficient probability of passing.
With the removal of roundtrips in multistream-select, it is now
more likely that within the up to 50ms duration between swarm1
and swarm2 dialing, the connection is already established, causing
the expectation of step == 1 to fail when receiving a Connected event,
since the step may then still be 0.
This commit aims to avoid these spurious errors by detecting runs
during which a connection is established "too quickly", repeating
the test run.
It still seems theoretically possible that, if connections are always
established "too quickly", the test runs forever. However, given that
the delta between swarm1 and swarm2 dialing is 0-50ms and that the
TCP transport is used, that seems probabilistically unlikely.
Nevertheless, the purpose of the artificial dialing delay between
swarm1 and swarm2 should be re-evaluated and possibly at least
the maximum delay further reduced.
* Complete negotiation between upgrades in libp2p-core.
While multistream-select, as a standalone library and providing
an API at the granularity of a single negotiation, supports
lazy negotiation (and in particular 0-RTT negotiation), in the
context of libp2p-core where any number of negotiations are
composed generically within the concept of composable "upgrades",
it is necessary to wait for protocol negotiation between upgrades
to complete.
* Clarify docs. Simplify listener upgrades.
Since reading from a Negotiated I/O stream implicitly flushes any pending
negotiation data, there is no pitfall involved in not waiting for completion.
