Peer Diversity for Routing Table and Querying #88
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,326 @@ | ||
| package peerdiversity | ||
|
|
||
| import ( | ||
| "errors" | ||
| "fmt" | ||
| asnutil "github.com/libp2p/go-libp2p-asn-util" | ||
| "github.com/libp2p/go-libp2p-core/peer" | ||
| "net" | ||
| "sort" | ||
| "sync" | ||
|
|
||
| logging "github.com/ipfs/go-log" | ||
| ma "github.com/multiformats/go-multiaddr" | ||
| manet "github.com/multiformats/go-multiaddr-net" | ||
|
|
||
| "github.com/yl2chen/cidranger" | ||
| ) | ||
|
|
||
| var dfLog = logging.Logger("diversityFilter") | ||
|
|
||
| type asnStore interface { | ||
| AsnForIPv6(ip net.IP) (string, error) | ||
| } | ||
|
|
||
| // PeerIPGroupKey is a unique key that represents ONE of the IP Groups the peer belongs to. | ||
| // A peer has one PeerIPGroupKey per address. Thus, a peer can belong to MULTIPLE Groups if it has | ||
| // multiple addresses. | ||
| // For now, given a peer address, our grouping mechanism is as follows: | ||
| // 1. For IPv6 addresses, we group by the ASN of the IP address. | ||
| // 2. For IPv4 addresses, all addresses that belong to same legacy (Class A)/8 allocations | ||
| // OR share the same /16 prefix are in the same group. | ||
| type PeerIPGroupKey string | ||
|
|
||
| // https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks | ||
| var legacyClassA = []string{"12.0.0.0/8", "17.0.0.0/8", "19.0.0.0/8", "38.0.0.0/8", "48.0.0.0/8", "56.0.0.0/8", "73.0.0.0/8", "53.0.0.0/8"} | ||
|
|
||
| // PeerGroupInfo represents the grouping info for a Peer. | ||
| type PeerGroupInfo struct { | ||
| Id peer.ID | ||
| Cpl int | ||
| IPGroupKey PeerIPGroupKey | ||
| isWhiteListed bool | ||
| } | ||
|
|
||
| // PeerIPGroupFilter is the interface that must be implemented by callers who want to | ||
| // instantiate a `peerdiversity.Filter`. This interface provides the function hooks | ||
| // that are used/called by the `peerdiversity.Filter`. | ||
| type PeerIPGroupFilter interface { | ||
| // Allow is called by the Filter to test if a peer with the given | ||
| // grouping info should be allowed/rejected by the Filter. This will be called ONLY | ||
| // AFTER the peer has successfully passed all of the Filter's internal checks. | ||
| // Note: If the peer is deemed accepted because of a whitelisting criteria configured on the Filter, | ||
| // the peer will be allowed by the Filter without calling this function. | ||
| // Similarly, if the peer is deemed rejected because of a blacklisting criteria | ||
| // configured on the Filter, the peer will be rejected without calling this function. | ||
| Allow(PeerGroupInfo) (allow bool) | ||
|
|
||
| // Increment is called by the Filter when a peer with the given Grouping Info. | ||
| // is added to the Filter state. This will happen after the peer has passed | ||
| // all of the Filter's internal checks and the Allow function defined above for all of it's Groups. | ||
| Increment(PeerGroupInfo) | ||
|
|
||
| // Decrement is called by the Filter when a peer with the given | ||
| // Grouping Info is removed from the Filter. This will happen when the caller/user of the Filter | ||
| // no longer wants the peer and the IP groups it belongs to to count towards the Filter state. | ||
| Decrement(PeerGroupInfo) | ||
|
|
||
| // PeerAddresses is called by the Filter to determine the addresses of the given peer | ||
| // it should use to determine the IP groups it belongs to. | ||
| PeerAddresses(peer.ID) []ma.Multiaddr | ||
| } | ||
|
|
||
| // Filter is a peer diversity filter that accepts or rejects peers based on the blacklisting/whitelisting | ||
| // rules configured AND the diversity policies defined by the implementation of the PeerIPGroupFilter interface | ||
| // passed to it. | ||
| type Filter struct { | ||
| mu sync.Mutex | ||
| // An implementation of the `PeerIPGroupFilter` interface defined above. | ||
| pgm PeerIPGroupFilter | ||
| peerGroups map[peer.ID][]PeerGroupInfo | ||
|
|
||
| // whitelist peers | ||
| wlpeers map[peer.ID]struct{} | ||
| // whitelisted Networks | ||
| wls cidranger.Ranger | ||
| // blacklisted Networks. | ||
| bls cidranger.Ranger | ||
| // legacy IPv4 Class A networks. | ||
| legacyCidrs cidranger.Ranger | ||
|
|
||
| logKey string | ||
|
|
||
| cplFnc func(peer.ID) int | ||
|
|
||
| cplPeerGroups map[int]map[peer.ID][]PeerIPGroupKey | ||
|
|
||
| asnStore asnStore | ||
| } | ||
|
|
||
| // NewFilter creates a Filter for Peer Diversity. | ||
| func NewFilter(pgm PeerIPGroupFilter, logKey string, cplFnc func(peer.ID) int) (*Filter, error) { | ||
| if pgm == nil { | ||
| return nil, errors.New("peergroup implementation can not be nil") | ||
| } | ||
|
|
||
| // Crate a Trie for legacy Class N networks | ||
| legacyCidrs := cidranger.NewPCTrieRanger() | ||
| for _, cidr := range legacyClassA { | ||
| _, nn, err := net.ParseCIDR(cidr) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| if err := legacyCidrs.Insert(cidranger.NewBasicRangerEntry(*nn)); err != nil { | ||
| return nil, err | ||
| } | ||
| } | ||
|
|
||
| return &Filter{ | ||
| pgm: pgm, | ||
| peerGroups: make(map[peer.ID][]PeerGroupInfo), | ||
| wlpeers: make(map[peer.ID]struct{}), | ||
| wls: cidranger.NewPCTrieRanger(), | ||
| bls: cidranger.NewPCTrieRanger(), | ||
| legacyCidrs: legacyCidrs, | ||
| logKey: logKey, | ||
| cplFnc: cplFnc, | ||
|
There was a problem hiding this comment. It seems bizarre that the "default" cpl implementation needs to be passed in externally like There was a problem hiding this comment. The reason is to not have a dependency on the I'll fix this if we move this to the DHT package. There was a problem hiding this comment. Ah, so trying to avoid circular dependencies? This will likely cause problems even in the DHT package (RT still needs Filter and Filter still needs RT). However, if the RT takes an interface this goes away. There was a problem hiding this comment. As discussed offline, let's punt this for now and we can pay this tech debt later if required. |
||
| cplPeerGroups: make(map[int]map[peer.ID][]PeerIPGroupKey), | ||
| asnStore: asnutil.Store, | ||
| }, nil | ||
| } | ||
|
|
||
| func (f *Filter) Remove(p peer.ID) { | ||
| f.mu.Lock() | ||
| defer f.mu.Unlock() | ||
|
|
||
| cpl := f.cplFnc(p) | ||
|
|
||
| for _, info := range f.peerGroups[p] { | ||
| if info.isWhiteListed { | ||
| continue | ||
| } | ||
| f.pgm.Decrement(info) | ||
| } | ||
| f.peerGroups[p] = nil | ||
| delete(f.peerGroups, p) | ||
| delete(f.cplPeerGroups[cpl], p) | ||
|
|
||
| if len(f.cplPeerGroups[cpl]) == 0 { | ||
| delete(f.cplPeerGroups, cpl) | ||
| } | ||
| } | ||
|
|
||
| // TryAdd attempts to add the peer to the Filter state and returns true if it's successful, false otherwise. | ||
| func (f *Filter) TryAdd(p peer.ID) bool { | ||
| f.mu.Lock() | ||
| defer f.mu.Unlock() | ||
|
|
||
| cpl := f.cplFnc(p) | ||
|
|
||
| // don't allow peers for which we can't determine addresses. | ||
| addrs := f.pgm.PeerAddresses(p) | ||
| if len(addrs) == 0 { | ||
| dfLog.Debugw("no addresses found for peer", "appKey", f.logKey, "peer", p.Pretty()) | ||
| return false | ||
| } | ||
|
|
||
| peerGroups := make([]PeerGroupInfo, 0, len(addrs)) | ||
| isWhiteListed := false | ||
| for _, a := range addrs { | ||
| // if the IP belongs to a whitelisted network, allow it straight away. | ||
| // if the IP belongs to a blacklisted network, reject it. | ||
| // Otherwise, call the `PeerIPGroupFilter.Allow` hook to determine if we should allow/reject the peer. | ||
| ip, err := manet.ToIP(a) | ||
| if err != nil { | ||
| dfLog.Errorw("failed to parse IP from multiaddr", "appKey", f.logKey, | ||
| "multiaddr", a.String(), "err", err) | ||
| return false | ||
| } | ||
|
|
||
| // reject the peer if we can't determine a grouping for one of it's address. | ||
| key, err := f.ipGroupKey(ip) | ||
| if err != nil { | ||
| dfLog.Errorw("failed to find Group Key", "appKey", f.logKey, "ip", ip.String(), "peer", p, | ||
| "err", err) | ||
| return false | ||
| } | ||
| if len(key) == 0 { | ||
| dfLog.Errorw("group key is empty", "appKey", f.logKey, "ip", ip.String(), "peer", p) | ||
| return false | ||
| } | ||
| group := PeerGroupInfo{Id: p, Cpl: cpl, IPGroupKey: key} | ||
|
|
||
| // is it a whitelisted peer | ||
| if _, ok := f.wlpeers[p]; ok { | ||
| isWhiteListed = true | ||
| peerGroups = append(peerGroups, group) | ||
| continue | ||
| } | ||
|
|
||
| // is it on a whitelisted network | ||
| if rs, _ := f.wls.ContainingNetworks(ip); len(rs) != 0 { | ||
|
There was a problem hiding this comment. What are the example use cases for whitelists? I'm wondering if peers that are whitelisted should count as 0 across the board instead of just getting an approval. For example, peer A is part of groups 1 + 2 and is whitelisted, while peer B is part of group 1 only. If we add B and then A they will both make it into the table, but if we add A and then B it's possible B might not make it. There was a problem hiding this comment. One example use case right now is whitelisting all the private IP address (I'm still figuring out how that'd work). Once we figure out the long lived peers logic, we might want to whitelist their peer Ids as well. Also, I agree with you. I don't think whitelisted peers should take up slots/tickets. I've changed the code accordingly and added a test for it. Let me know what you think. |
||
| isWhiteListed = true | ||
| peerGroups = append(peerGroups, group) | ||
| continue | ||
| } | ||
|
|
||
| if rs, _ := f.bls.ContainingNetworks(ip); len(rs) != 0 { | ||
| return false | ||
| } | ||
|
|
||
| if !f.pgm.Allow(group) { | ||
| return false | ||
| } | ||
|
|
||
| peerGroups = append(peerGroups, group) | ||
| } | ||
|
|
||
| if _, ok := f.cplPeerGroups[cpl]; !ok { | ||
| f.cplPeerGroups[cpl] = make(map[peer.ID][]PeerIPGroupKey) | ||
| } | ||
|
|
||
| for _, g := range peerGroups { | ||
| g.isWhiteListed = isWhiteListed | ||
| if !g.isWhiteListed { | ||
| f.pgm.Increment(g) | ||
| } | ||
| f.peerGroups[p] = append(f.peerGroups[p], g) | ||
| f.cplPeerGroups[cpl][p] = append(f.cplPeerGroups[cpl][p], g.IPGroupKey) | ||
| } | ||
|
|
||
| return true | ||
| } | ||
|
|
||
| // BlacklistIPv4Network will blacklist the IPv4/6 network with the given IP CIDR. | ||
| func (f *Filter) BlacklistIPNetwork(cidr string) error { | ||
| f.mu.Lock() | ||
| defer f.mu.Unlock() | ||
|
|
||
| _, nn, err := net.ParseCIDR(cidr) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| return f.bls.Insert(cidranger.NewBasicRangerEntry(*nn)) | ||
| } | ||
|
|
||
| // WhitelistIPNetwork will always allow IP addresses from networks with the given CIDR. | ||
| // This will always override the blacklist. | ||
| func (f *Filter) WhitelistIPNetwork(cidr string) error { | ||
|
Comment on lines
+246
to
+248
There was a problem hiding this comment. It's possible that we'd want to whitelist more than just domain ranges (e.g. peers I've been well connected to for more than a month are exempted whitelisted no matter their IP address). If we were passing an interface instead of a struct into There was a problem hiding this comment. @aschmahmann I don't see the point of having a Have added a |
||
| f.mu.Lock() | ||
| defer f.mu.Unlock() | ||
|
|
||
| _, nn, err := net.ParseCIDR(cidr) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| return f.wls.Insert(cidranger.NewBasicRangerEntry(*nn)) | ||
| } | ||
|
|
||
| // WhiteListPeerIds will always allow the peers given here. | ||
| // This will always override the blacklist. | ||
| func (f *Filter) WhitelistPeers(peers ...peer.ID) { | ||
| f.mu.Lock() | ||
| defer f.mu.Unlock() | ||
|
|
||
| for _, p := range peers { | ||
| f.wlpeers[p] = struct{}{} | ||
| } | ||
| } | ||
|
|
||
| // returns the PeerIPGroupKey to which the given IP belongs. | ||
| func (f *Filter) ipGroupKey(ip net.IP) (PeerIPGroupKey, error) { | ||
| switch bz := ip.To4(); bz { | ||
| case nil: | ||
| // TODO Clean up the ASN codebase | ||
| // ipv6 Address -> get ASN | ||
| s, err := f.asnStore.AsnForIPv6(ip) | ||
| if err != nil { | ||
| return "", fmt.Errorf("failed to fetch ASN for IPv6 addr %s: %w", ip.String(), err) | ||
| } | ||
| return PeerIPGroupKey(s), nil | ||
| default: | ||
| // If it belongs to a legacy Class 8, we return the /8 prefix as the key | ||
| rs, _ := f.legacyCidrs.ContainingNetworks(ip) | ||
| if len(rs) != 0 { | ||
| key := ip.Mask(net.IPv4Mask(255, 0, 0, 0)).String() | ||
| return PeerIPGroupKey(key), nil | ||
| } | ||
|
|
||
| // otherwise -> /16 prefix | ||
| key := ip.Mask(net.IPv4Mask(255, 255, 0, 0)).String() | ||
| return PeerIPGroupKey(key), nil | ||
| } | ||
| } | ||
|
|
||
| // CplDiversityStats contains the peer diversity stats for a Cpl. | ||
| type CplDiversityStats struct { | ||
| Cpl int | ||
| Peers map[peer.ID][]PeerIPGroupKey | ||
| } | ||
|
|
||
| // GetDiversityStats returns the diversity stats for each CPL and is sorted by the CPL. | ||
| func (f *Filter) GetDiversityStats() []CplDiversityStats { | ||
| f.mu.Lock() | ||
| defer f.mu.Unlock() | ||
|
|
||
| stats := make([]CplDiversityStats, 0, len(f.cplPeerGroups)) | ||
|
|
||
| var sortedCpls []int | ||
| for cpl := range f.cplPeerGroups { | ||
| sortedCpls = append(sortedCpls, cpl) | ||
| } | ||
| sort.Ints(sortedCpls) | ||
|
|
||
| for _, cpl := range sortedCpls { | ||
| ps := make(map[peer.ID][]PeerIPGroupKey, len(f.cplPeerGroups[cpl])) | ||
| cd := CplDiversityStats{cpl, ps} | ||
|
|
||
| for p, groups := range f.cplPeerGroups[cpl] { | ||
| ps[p] = groups | ||
| } | ||
| stats = append(stats, cd) | ||
| } | ||
|
|
||
| return stats | ||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TODO: depend on a release instead of a commit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI, It will be a while before we make a release for that as it's going to be on a long-lived branch till we figure out a good way to regularly update the ASN DB.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't feel super strongly about release vs commit, although it seems a bit silly to not do a release of a thing that will be in production just because it's "not done yet". If we're going to do this I'd like to see the commit in master though, otherwise if we squash, force push or otherwise delete this commit then applications like go-ipfs might not build anymore.
@Stebalien thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. If we're putting this into production, we shouldn't be working off of branches.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's just merge that. We don't need to figure out a way to update the ASN DB right now, that's a future concern.