Skip to content

v0.42.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 18 Jun 16:18
v0.42.0
000582c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

⚠ Breaking Changes

Added a new method, VerifySourceAddress(net.Addr) bool, to the Resource Manager interface.
For more details see the Source Address Verification section.

For custom implementation which want to opt out of Source Address Verification and keep the existing behavior, return false from the method.

🔦 Highlights

Per Address Reachability via AutoNAT v2

libp2p hosts can now determine reachability for individual addresses using AutoNATV2. To opt in to reachability checking use the EnableAutoNATV2 libp2p option. Using this nodes can now determine their IPv4, IPv6, and browser address reachability separately. In a future release, AutoRelay will use this information and make appropriate relay reservations accordingly. https://pkg.go.dev/github.com/libp2p/go-libp2p#EnableAutoNATv2

To query addresses by their reachability, ConfirmedAddrs() (reachable, unreachable, unknown []ma.Multiaddr) that provides Reachability information per host address. https://pkg.go.dev/github.com/libp2p/go-libp2p/p2p/host/basic#BasicHost.ConfirmedAddrs
For notifications, Subscribe to the event event.EvtHostReachableAddrsChanged https://pkg.go.dev/github.com/libp2p/go-libp2p/core/event#EvtHostReachableAddrsChanged

Rate Limiting

We've introduced the package github.com/libp2p/go-libp2p/x/rate for rate limiting. The struct rate.Limiter provides Global, Network Specific, and Subnet Specific rate limiting. The Subnet specific rate limits allows for better DoS Protection by rate limiting malicious IPs. https://pkg.go.dev/github.com/libp2p/go-libp2p/x/rate

Use Limit(f func(s network.Stream)) func(s network.Stream) on Limiter to limit specific stream handlers. For example, within libp2p, the Identify Service uses this as
ids.Host.SetStreamHandler(IDPush, ids.rateLimiter.Limit(ids.handlePush)) to rate limit the number of times peers can perform identify push.

For non Stream use cases use the Allow(ip) method on the limiter.

Connection Rate Limiting

New connection requests are now rate limited per IP. By default we allow 1 connection every 5 seconds from an IP address with a burst of 16 connections per IP. The burst is high enough that this should only block malicious peers.

To configure the connection rate limits, use the WithConnRateLimiters option on the Resource Manager. https://pkg.go.dev/github.com/libp2p/go-libp2p/p2p/host/resource-manager#WithConnRateLimiters

Source Address Verification for QUIC

This release introduces Source Address Verification for QUIC, preventing DoS attacks by spoofing IP addresses. See: https://www.rfc-editor.org/rfc/rfc9000.html#section-8 for details.

We are now gating incoming QUIC connections before the handshake is started. This further improves DoS protection by not wasting CPU on handshaking QUIC connections which would have been dropped by the Resource Manager.

Other changes

  • WebRTC Direct peers can now send messages of up to 256 kB (see spec: libp2p/specs#628)
  • Refactored the addressing code within BasicHost and moved it into Address Manager. In a future release, this will be exposed to users with an improved Address API for the libp2p Host.

What's Changed

New Contributors

Full Changelog: v0.41.0...v0.42.0

Contributors

lidel, sukunrt, and 13 other contributors
Assets 2
Loading