autonatv2: don't dial dns addresses

libp2p · Oct 2, 2024 · dea622d · dea622d
1 parent 9038a72
commit dea622d
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 28 deletions.
diff --git a/p2p/protocol/autonatv2/autonat.go b/p2p/protocol/autonatv2/autonat.go
@@ -25,9 +25,9 @@ const (
 	DialProtocol     = "/libp2p/autonat/2/dial-request"
 
 	maxMsgSize            = 8192
-	streamTimeout         = time.Minute
+	streamTimeout         = 15 * time.Second
 	dialBackStreamTimeout = 5 * time.Second
-	dialBackDialTimeout   = 30 * time.Second
+	dialBackDialTimeout   = 10 * time.Second
 	dialBackMaxMsgSize    = 1024
 	minHandshakeSizeBytes = 30_000 // for amplification attack prevention
 	maxHandshakeSizeBytes = 100_000

diff --git a/p2p/protocol/autonatv2/client.go b/p2p/protocol/autonatv2/client.go
@@ -309,31 +309,10 @@ func (ac *client) areAddrsConsistent(connLocalAddr, dialedAddr ma.Multiaddr) boo
 		return false
 	}
 	for i := 0; i < len(localProtos); i++ {
-		if i == 0 {
-			switch externalProtos[i].Code {
-			case ma.P_DNS, ma.P_DNSADDR:
-				if localProtos[i].Code == ma.P_IP4 || localProtos[i].Code == ma.P_IP6 {
-					continue
-				}
-				return false
-			case ma.P_DNS4:
-				if localProtos[i].Code == ma.P_IP4 {
-					continue
-				}
-				return false
-			case ma.P_DNS6:
-				if localProtos[i].Code == ma.P_IP6 {
-					continue
-				}
-				return false
-			}
-			if localProtos[i].Code != externalProtos[i].Code {
-				return false
-			}
-		} else {
-			if localProtos[i].Code != externalProtos[i].Code {
-				return false
-			}
+		// TODO: handle sni for websocket addresses. Ideally this should be handled by
+		// normalize multiaddr.
+		if localProtos[i].Code != externalProtos[i].Code {
+			return false
 		}
 	}
 	return true

diff --git a/p2p/protocol/autonatv2/options.go b/p2p/protocol/autonatv2/options.go
@@ -21,7 +21,7 @@ func defaultSettings() *autoNATSettings {
 		serverPerPeerRPM:                     12, // 1 every 5 seconds
 		serverDialDataRPM:                    12, // 1 every 5 seconds
 		dataRequestPolicy:                    amplificationAttackPrevention,
-		amplificatonAttackPreventionDialWait: 3 * time.Second,
+		amplificatonAttackPreventionDialWait: 5 * time.Second,
 		now:                                  time.Now,
 	}
 }

diff --git a/p2p/protocol/autonatv2/server.go b/p2p/protocol/autonatv2/server.go
@@ -19,6 +19,7 @@ import (
 	"math/rand"
 
 	ma "github.com/multiformats/go-multiaddr"
+	madns "github.com/multiformats/go-multiaddr-dns"
 	manet "github.com/multiformats/go-multiaddr/net"
 )
 
@@ -170,6 +171,11 @@ func (as *server) serveDialRequest(s network.Stream) EventDialRequestCompleted {
 		if !as.allowPrivateAddrs && !manet.IsPublicAddr(a) {
 			continue
 		}
+		// Don't dial any address with a dns component.
+		// We may leak some DNS configuration information by DNS resolution.
+		if madns.Matches(a) {
+			continue
+		}
 		if !as.dialerHost.Network().CanDial(p, a) {
 			continue
 		}