feat(identify): add hide_listen_addrs config option

libp2p · Jul 19, 2024 · df67098 · df67098
1 parent a749a41
commit df67098
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 5 deletions.
diff --git a/protocols/identify/CHANGELOG.md b/protocols/identify/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 - Add `ConnectionId` in `Event`.
   See [PR 4981](https://github.com/libp2p/rust-libp2p/pull/4981).
+- Add `hide_listen_addrs` option to prevent leaking (local) listen addresses.
 
 ## 0.44.2
 

diff --git a/protocols/identify/src/behaviour.rs b/protocols/identify/src/behaviour.rs
@@ -97,6 +97,12 @@ pub struct Config {
     ///
     /// Disabled by default.
     pub cache_size: usize,
+
+    /// Whether to include our listen addresses in our responses. If enabled,
+    /// we will effectively only share our external addresses.
+    ///
+    /// Disabled by default.
+    pub hide_listen_addrs: bool,
 }
 
 impl Config {
@@ -110,6 +116,7 @@ impl Config {
             interval: Duration::from_secs(5 * 60),
             push_listen_addr_updates: false,
             cache_size: 100,
+            hide_listen_addrs: false,
         }
     }
 
@@ -139,6 +146,12 @@ impl Config {
         self.cache_size = cache_size;
         self
     }
+
+    /// Configures whether we prevent sending out our listen addresses.
+    pub fn with_hide_listen_addrs(mut self, b: bool) -> Self {
+        self.hide_listen_addrs = b;
+        self
+    }
 }
 
 impl Behaviour {
@@ -207,11 +220,11 @@ impl Behaviour {
     }
 
     fn all_addresses(&self) -> HashSet<Multiaddr> {
-        self.listen_addresses
-            .iter()
-            .chain(self.external_addresses.iter())
-            .cloned()
-            .collect()
+        let mut addrs = HashSet::from_iter(self.external_addresses.iter().cloned());
+        if !self.config.hide_listen_addrs {
+            addrs.extend(self.listen_addresses.iter().cloned());
+        };
+        addrs
     }
 }
 

diff --git a/protocols/identify/tests/smoke.rs b/protocols/identify/tests/smoke.rs
@@ -228,6 +228,77 @@ async fn emits_unique_listen_addresses() {
     assert!(reported_addrs.contains(&(swarm2_peer_id, swarm2_tcp_listen_addr)));
 }
 
+#[async_std::test]
+async fn hides_listen_addresses() {
+    let _ = tracing_subscriber::fmt()
+        .with_env_filter(EnvFilter::from_default_env())
+        .try_init();
+
+    let mut swarm1 = Swarm::new_ephemeral(|identity| {
+        identify::Behaviour::new(
+            identify::Config::new("a".to_string(), identity.public())
+                .with_agent_version("b".to_string())
+                .with_interval(Duration::from_secs(1))
+                .with_cache_size(10),
+        )
+    });
+    let mut swarm2 = Swarm::new_ephemeral(|identity| {
+        identify::Behaviour::new(
+            identify::Config::new("c".to_string(), identity.public())
+                .with_agent_version("d".to_string())
+                .with_hide_listen_addrs(true),
+        )
+    });
+
+    let (_swarm2_mem_listen_addr, swarm2_tcp_listen_addr) =
+        swarm2.listen().with_tcp_addr_external().await;
+    let swarm2_peer_id = *swarm2.local_peer_id();
+    swarm1.connect(&mut swarm2).await;
+
+    async_std::task::spawn(swarm2.loop_on_next());
+
+    let swarm_events = futures::stream::poll_fn(|cx| swarm1.poll_next_unpin(cx))
+        .take(8)
+        .collect::<Vec<_>>()
+        .await;
+
+    let infos = swarm_events
+        .iter()
+        .filter_map(|e| match e {
+            SwarmEvent::Behaviour(identify::Event::Received { info, .. }) => Some(info.clone()),
+            _ => None,
+        })
+        .collect::<Vec<_>>();
+
+    assert!(
+        infos.len() > 1,
+        "should exchange identify payload more than once"
+    );
+
+    let listen_addrs = infos
+        .iter()
+        .map(|i| i.listen_addrs.clone())
+        .collect::<Vec<_>>();
+
+    for addrs in listen_addrs {
+        assert_eq!(addrs.len(), 1);
+        assert!(addrs.contains(&swarm2_tcp_listen_addr));
+    }
+
+    let reported_addrs = swarm_events
+        .iter()
+        .filter_map(|e| match e {
+            SwarmEvent::NewExternalAddrOfPeer { peer_id, address } => {
+                Some((*peer_id, address.clone()))
+            }
+            _ => None,
+        })
+        .collect::<Vec<_>>();
+
+    assert_eq!(reported_addrs.len(), 1, "To have one TCP address of remote");
+    assert!(reported_addrs.contains(&(swarm2_peer_id, swarm2_tcp_listen_addr)));
+}
+
 #[async_std::test]
 async fn identify_push() {
     let _ = tracing_subscriber::fmt()