dht icon indicating copy to clipboard operation
dht copied to clipboard

Published 20 hours ago verified publisher icon jech

Implement BEP-42: DHT Security extension

Open joel-su opened this issue 6 years ago • 3 comments

This change implements BEP-42.

  • Decode the "ip" field in replies' top-level dictionnary
  • Implement a simple voting system for selecting the external IP address that will be used to compute the node id's prefix
  • Add a CRC32C implementation to compute the node id's prefix.
  • Include an "ip" field when replying to other nodes

Whenever the voting process terminates, we directly update the myid variable with the new prefix, the ID change will automatically be reflected in all new requests.

edit: some cleanups, split the change in multiple independent commits, add the enforcement (disabled by default).

joel-su avatar Dec 16 '18 23:12 joel-su

@jech

joel-su avatar Dec 20 '18 18:12 joel-su

Your patch series looks good. The only thing I don't understand is what happens when the (external) IP address changes.

What's more, I'm not convinced that BEP-42 is a good idea: in IPv4, it implies that there can be only one DHT node behind a NAT, which breaks the DHT for e.g. multiple family members sharing an IP, or people suck behind a CGNAT. In IPv6, it's even worse — it prevents multiple nodes on a single /64.

Am I missing something?

jech avatar Jan 03 '19 18:01 jech

@jech

Your patch series looks good. The only thing I don't understand is what happens when the (external) IP address changes.

With bep-42, your external IP address, as seen by other nodes of the network, is returned to you in a top-level "ip" field of each replies. If the address changes, the value contained in "ip" changes. Once the node has received enough replies with the same ip value, it regards the value as it's new external IP address and then recompute the node ID prefix.

What's more, I'm not convinced that BEP-42 is a good idea: in IPv4, it implies that there can be only one DHT node behind a NAT, which breaks the DHT for e.g. multiple family members sharing an IP, or people suck behind a CGNAT. In IPv6, it's even worse — it prevents multiple nodes on a single /64.

I'm quite unfamiliar with IPv6 so I cannot comment on that. However, bep-42 only restricts the first 21 most significant of the 160 bits of the node-id, which means that as much as 2^139 nodes can run behind a NAT. Besides, for each "external" IP address, there are 8 possible prefixes.

joel-su avatar Jan 06 '19 16:01 joel-su