[testing] Enable QUIC support #5229
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## develop #5229 +/- ##
=========================================
- Coverage 77.5% 77.4% -0.1%
=========================================
Files 252 254 +2
Lines 29650 29989 +339
=========================================
+ Hits 22983 23239 +256
- Misses 5209 5273 +64
- Partials 1458 1477 +19 ☔ View full report in Codecov by Sentry. |
p2p/host.go
Outdated
| @@ -206,6 +211,7 @@ func New( | |||
| return tcp.NewTCPTransport(upgrader, rcmgr, opts...) | |||
| }, | |||
| ), | |||
| libp2p.Transport(quic.NewTransport), | |||
There was a problem hiding this comment.
we are using noise prologue with tcp transport so that peers from different networks can't establish connection with each other. it will fail with obsure error that secure handshake failed if they are using different genesis value.
i noticed that quic.NewTransport accepts PSK that can be used with the same purpose, but implementation doesn't support that yet. we will need to find out what are other options. we can also do genesis check after establishing connection, but it is slightly annoying.
There was a problem hiding this comment.
From what I see implementing PSK for QUIC in go-libp2p is a serious issue: libp2p/go-libp2p#1432
There's a simpler trick we could use, given that we're speaking about a safeguard against users shooting themselves in the foot (IIUC). QUIC uses TLS certs and libp2p injects its own extension into the cert: https://github.com/libp2p/go-libp2p/blob/master/p2p/security/tls/crypto.go#L233-L238
https://github.com/libp2p/go-libp2p/blob/master/p2p/security/tls/crypto.go#L200
When a client connects, the extension is verified to be present in the peer's cert
https://github.com/libp2p/go-libp2p/blob/master/p2p/security/tls/crypto.go#L152-L168
We could "customize" the extension, or add another one including the byte sequence used as Noise prologue for TCP connections, and check that the byte sequence matches the expected sequence.
The problem with this approach is that there appear to be no proper extension points in go-libp2p to do this. We could solve that by either
- "Forking" libp2p QUIC transport package, which is not that big, and relevant parts of the helper
tlspackage in libp2p, copying that code into go-spacemesh project, and adding the feature here, or - Suggesting this feature in go-libp2p upstream and posting a PR there, but in this case, I'm not fully sure they will want it
There was a problem hiding this comment.
If we go with (2), then maybe we may already be able to provide the cert extension in the cert template, so we just need to add a certificate chain verification callback. Such a change can be accepted by the go-libp2p maintainers I think. Will check it further
There was a problem hiding this comment.
in the past we had this https://github.com/spacemeshos/go-spacemesh/blob/v0.3.0-beta.0/p2p/handshake/handshake.go
the main downside is that we accidentally can connect another network, and some protocols will be doing useless work until we disconnect such peer. we had such issues in the past.
ivan4th
force-pushed
the
testing-quic
branch
2 times, most recently
from
4dae952 to
042b420
Compare
p2p/dhtdiscovery/discovery.go
Outdated
| } | ||
|
|
||
| func (d *Discovery) Start() { | ||
| if len(d.pingPeers) != 0 { |
There was a problem hiding this comment.
This is a quick temporary hack to get 2 peers to talk to each other for debugging. To be removed.
ivan4th
force-pushed
the
testing-quic
branch
2 times, most recently
from
be56ce0 to
9e96cb9
Compare
Allow multiple values
|
Closing in favor of #5329 |
Motivation
Testing QUIC support for better NAT hole punching performance
Changes
Test Plan
TODO