-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
More lenient ipv6 auto-update #266
Conversation
cc @pawanjay176 @ackintosh - What do you think of this logic? Is there an easy way to test this with the current infra? |
Currently, we accept a PONG response as a vote only if the node exists our routing table. So the PONG response is ignored even if we PING a node that failed to make it into our routing table. We should also change this condition? Lines 816 to 818 in 765abac
|
I think Testground doesn’t support IPv6, so we can build a test environment based on Docker Compose. It might require a little work, but I’ll give it a try. |
ah nice! Thanks for the catch! I've modified the logic a bit to also just do this if we are in DualStack mode. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM age, left some suggestions
Co-authored-by: João Oliveira <[email protected]>
Co-authored-by: João Oliveira <[email protected]>
Co-authored-by: João Oliveira <[email protected]>
Co-authored-by: João Oliveira <[email protected]>
Co-authored-by: João Oliveira <[email protected]>
Co-authored-by: João Oliveira <[email protected]>
Co-authored-by: João Oliveira <[email protected]>
Co-authored-by: João Oliveira <[email protected]>
Co-authored-by: João Oliveira <[email protected]>
Co-authored-by: João Oliveira <[email protected]>
Co-authored-by: João Oliveira <[email protected]>
b488327
to
7df439c
Compare
7df439c
to
f84ba02
Compare
I've implemented a simulation (https://github.com/ackintosh/discv5-dual-stack) and tested this PR using it. The ipv6 auto-update works fine! |
Description
On IPv4 dominated networks, local routing tables can be fully populated with ipv4 nodes limiting the number of ipv6 ping/pong responses. This can prevent the enr-auto-update from finding and updating a node's ENR to its external socket.
For security reasons, we can't just accept PONG responses from any node on the network. For this reason, we only ping peers that make it into our routing table as a number of security measures must be passed for a node to enter the table. However if the table is full, we reject peers from entering and therefore do not attempt to PING them.
This PR suggests the following mechanism:
If a peer fails to make it into the routing table, and we are lacking votes on either IPv4 or IPv6 and this peer can add a vote AND they are an outgoing peer (i.e one that we have chosen to connect to, for security reasons) then we ping them to get an extra vote for our external address.