diff --git a/p2p/host/basic/basic_host.go b/p2p/host/basic/basic_host.go index e20685c340..606cb67b9a 100644 --- a/p2p/host/basic/basic_host.go +++ b/p2p/host/basic/basic_host.go @@ -101,8 +101,9 @@ type BasicHost struct { addrChangeChan chan struct{} - signKey crypto.PrivKey - caBook peerstore.CertifiedAddrBook + disableSignedPeerRecord bool + signKey crypto.PrivKey + caBook peerstore.CertifiedAddrBook } var _ host.Host = (*BasicHost)(nil) @@ -138,6 +139,9 @@ type HostOpts struct { // UserAgent sets the user-agent for the host. Defaults to ClientVersion. UserAgent string + + // DisableSignedPeerRecord disables the generation of Signed Peer Records on this host. + DisableSignedPeerRecord bool } // NewHost constructs a new *BasicHost and activates it by attaching its stream and connection handlers to the given inet.Network. @@ -145,15 +149,16 @@ func NewHost(ctx context.Context, net network.Network, opts *HostOpts) (*BasicHo hostCtx, cancel := context.WithCancel(ctx) h := &BasicHost{ - network: net, - mux: msmux.NewMultistreamMuxer(), - negtimeout: DefaultNegotiationTimeout, - AddrsFactory: DefaultAddrsFactory, - maResolver: madns.DefaultResolver, - eventbus: eventbus.NewBus(), - addrChangeChan: make(chan struct{}, 1), - ctx: hostCtx, - ctxCancel: cancel, + network: net, + mux: msmux.NewMultistreamMuxer(), + negtimeout: DefaultNegotiationTimeout, + AddrsFactory: DefaultAddrsFactory, + maResolver: madns.DefaultResolver, + eventbus: eventbus.NewBus(), + addrChangeChan: make(chan struct{}, 1), + ctx: hostCtx, + ctxCancel: cancel, + disableSignedPeerRecord: opts.DisableSignedPeerRecord, } var err error @@ -164,15 +169,27 @@ func NewHost(ctx context.Context, net network.Network, opts *HostOpts) (*BasicHo return nil, err } - cab, ok := peerstore.GetCertifiedAddrBook(net.Peerstore()) - if !ok { - return nil, errors.New("peerstore should also be a certified address book") - } - h.caBook = cab + if !h.disableSignedPeerRecord { + cab, ok := peerstore.GetCertifiedAddrBook(net.Peerstore()) + if !ok { + return nil, errors.New("peerstore should also be a certified address book") + } + h.caBook = cab - h.signKey = h.Peerstore().PrivKey(h.ID()) - if h.signKey == nil { - return nil, errors.New("unable to access host key") + h.signKey = h.Peerstore().PrivKey(h.ID()) + if h.signKey == nil { + return nil, errors.New("unable to access host key") + } + + // persist a signed peer record for self to the peerstore. + rec := peer.PeerRecordFromAddrInfo(peer.AddrInfo{h.ID(), h.Addrs()}) + ev, err := record.Seal(rec, h.signKey) + if err != nil { + return nil, fmt.Errorf("failed to create signed record for self: %w", err) + } + if _, err := cab.ConsumePeerRecord(ev, peerstore.PermanentAddrTTL); err != nil { + return nil, fmt.Errorf("failed to persist signed record to peerstore: %w", err) + } } if opts.MultistreamMuxer != nil { @@ -180,7 +197,11 @@ func NewHost(ctx context.Context, net network.Network, opts *HostOpts) (*BasicHo } // we can't set this as a default above because it depends on the *BasicHost. - h.ids = identify.NewIDService(h, identify.UserAgent(opts.UserAgent)) + if h.disableSignedPeerRecord { + h.ids = identify.NewIDService(h, identify.UserAgent(opts.UserAgent), identify.DisableSignedPeerRecord()) + } else { + h.ids = identify.NewIDService(h, identify.UserAgent(opts.UserAgent)) + } if uint64(opts.NegotiationTimeout) != 0 { h.negtimeout = opts.NegotiationTimeout @@ -211,16 +232,6 @@ func NewHost(ctx context.Context, net network.Network, opts *HostOpts) (*BasicHo net.SetStreamHandler(h.newStreamHandler) - // persist a signed peer record for self to the peerstore. - rec := peer.PeerRecordFromAddrInfo(peer.AddrInfo{h.ID(), h.Addrs()}) - ev, err := record.Seal(rec, h.signKey) - if err != nil { - return nil, fmt.Errorf("failed to create signed record for self: %w", err) - } - if _, err := cab.ConsumePeerRecord(ev, peerstore.PermanentAddrTTL); err != nil { - return nil, fmt.Errorf("failed to persist signed record to peerstore: %w", err) - } - return h, nil } @@ -384,18 +395,20 @@ func (h *BasicHost) background() { return } - // add signed peer record to the event - sr, err := h.makeSignedPeerRecord(changeEvt) - if err != nil { - log.Errorf("error creating a signed peer record from the set of current addresses, err=%s", err) - return - } - changeEvt.SignedPeerRecord = sr + if !h.disableSignedPeerRecord { + // add signed peer record to the event + sr, err := h.makeSignedPeerRecord(changeEvt) + if err != nil { + log.Errorf("error creating a signed peer record from the set of current addresses, err=%s", err) + return + } + changeEvt.SignedPeerRecord = sr - // persist the signed record to the peerstore - if _, err := h.caBook.ConsumePeerRecord(sr, peerstore.PermanentAddrTTL); err != nil { - log.Errorf("failed to persist signed peer record in peer store, err=%s", err) - return + // persist the signed record to the peerstore + if _, err := h.caBook.ConsumePeerRecord(sr, peerstore.PermanentAddrTTL); err != nil { + log.Errorf("failed to persist signed peer record in peer store, err=%s", err) + return + } } // emit addr change event on the bus diff --git a/p2p/net/mock/mock_net.go b/p2p/net/mock/mock_net.go index 9ed89df8a9..eccaaec80f 100644 --- a/p2p/net/mock/mock_net.go +++ b/p2p/net/mock/mock_net.go @@ -107,7 +107,8 @@ func (mn *mocknet) AddPeerWithPeerstore(p peer.ID, ps peerstore.Peerstore) (host } opts := &bhost.HostOpts{ - NegotiationTimeout: -1, + NegotiationTimeout: -1, + DisableSignedPeerRecord: true, } h, err := bhost.NewHost(mn.ctx, n, opts) diff --git a/p2p/protocol/identify/id.go b/p2p/protocol/identify/id.go index f9c37bf159..7b6c0cfe2c 100644 --- a/p2p/protocol/identify/id.go +++ b/p2p/protocol/identify/id.go @@ -87,6 +87,8 @@ type IDService struct { // track resources that need to be shut down before we shut down refCount sync.WaitGroup + disableSignedPeerRecord bool + // Identified connections (finished and in progress). connsMu sync.RWMutex conns map[network.Conn]chan struct{} @@ -129,6 +131,8 @@ func NewIDService(h host.Host, opts ...Option) *IDService { conns: make(map[network.Conn]chan struct{}), observedAddrs: NewObservedAddrManager(hostCtx, h), + disableSignedPeerRecord: cfg.disableSignedPeerRecord, + addPeerHandlerCh: make(chan addPeerHandlerReq), rmPeerHandlerCh: make(chan rmPeerHandlerReq), } @@ -421,10 +425,12 @@ func (ids *IDService) handleIdentifyResponse(s network.Stream) { func (ids *IDService) getSnapshot() *identifySnapshot { snapshot := new(identifySnapshot) - if cab, ok := peerstore.GetCertifiedAddrBook(ids.Host.Peerstore()); ok { - snapshot.record = cab.GetPeerRecord(ids.Host.ID()) - if snapshot.record == nil { - log.Errorf("latest peer record does not exist. identify message incomplete!") + if !ids.disableSignedPeerRecord { + if cab, ok := peerstore.GetCertifiedAddrBook(ids.Host.Peerstore()); ok { + snapshot.record = cab.GetPeerRecord(ids.Host.ID()) + if snapshot.record == nil { + log.Errorf("latest peer record does not exist. identify message incomplete!") + } } } snapshot.addrs = ids.Host.Addrs() @@ -459,12 +465,14 @@ func (ids *IDService) populateMessage( mes.ListenAddrs = append(mes.ListenAddrs, addr.Bytes()) } - recBytes, err := snapshot.record.Marshal() - if err != nil { - log.Errorf("error marshaling peer record: %v", err) - } else { - mes.SignedPeerRecord = recBytes - log.Debugf("%s sent peer record to %s", ids.Host.ID(), conn.RemotePeer()) + if !ids.disableSignedPeerRecord { + recBytes, err := snapshot.record.Marshal() + if err != nil { + log.Errorf("error marshaling peer record: %v", err) + } else { + mes.SignedPeerRecord = recBytes + log.Debugf("%s sent peer record to %s", ids.Host.ID(), conn.RemotePeer()) + } } // set our public key diff --git a/p2p/protocol/identify/opts.go b/p2p/protocol/identify/opts.go index 670b213b71..0eb1d96644 100644 --- a/p2p/protocol/identify/opts.go +++ b/p2p/protocol/identify/opts.go @@ -1,7 +1,8 @@ package identify type config struct { - userAgent string + userAgent string + disableSignedPeerRecord bool } // Option is an option function for identify. @@ -13,3 +14,11 @@ func UserAgent(ua string) Option { cfg.userAgent = ua } } + +// DisableSignedPeerRecord disables populating signed peer records on the outgoing Identify response +// and ONLY sends the unsigned addresses. +func DisableSignedPeerRecord() Option { + return func(cfg *config) { + cfg.disableSignedPeerRecord = true + } +}