libp2p · achingbrain · May 4, 2023 · May 4, 2023 · May 4, 2023 · May 4, 2023
diff --git a/doc/migrations/v0.44-v0.45.md b/doc/migrations/v0.44-v0.45.md
@@ -13,6 +13,7 @@ A migration guide for refactoring your application code from libp2p v0.44.x to v
     - [`peer:update`](#peerupdate)
     - [`self:peer:update`](#selfpeerupdate)
 - [Atomic peer store methods](#atomic-peer-store-methods)
+- [Do not dial private addresses by default in browsers](#do-not-dial-private-addresses-by-default-in-browsers)
 
 ## Services
 
@@ -234,7 +235,43 @@ await node.peerStore.merge(peerId, {
 })
 ```
 
+## Do not dial private addresses by default in browsers
+
+Browsers are incredibly resource-constrained environments in which to run a network-heavy program like libp2p.
+
+This is compounded by the fact that remote peers often include private network addresses in their peer records, so a libp2p node will often waste resources by trying to dial unroutable addresses.
+
+The default [connection gater][] used by libp2p in browsers will filter out any private addresses and not attempt to dial them.
+
+No change has been made to the connection gater used by Node.js.
+
+This can be re-enabled by configuring a more permissive connection gater:
+
+**Before**
+
+```js
+import { createLibp2p } from 'libp2p'
+
+const node = createLibp2p({
+  // ... other options here
+})
+```
+
+**After**
+
+```js
+import { createLibp2p } from 'libp2p'
+
+const node = createLibp2p({
+  connectionGater: {
+    denyDialMultiaddr: () => false
+  }
+  // ... other options here
+})
+```
+
 [Connection]: https://libp2p.github.io/js-libp2p-interfaces/interfaces/_libp2p_interface_connection.Connection.html
 [PeerId]: https://libp2p.github.io/js-libp2p-interfaces/types/_libp2p_interface_peer_id.PeerId.html
 [Identify]: https://github.com/libp2p/specs/blob/master/identify/README.md
 [AutoNAT]: https://github.com/libp2p/specs/blob/master/autonat/README.md
+[Connection Gater]: https://github.com/libp2p/js-libp2p/blob/master/doc/CONFIGURATION.md#configuring-connection-gater
diff --git a/examples/webrtc-direct/dialer.js b/examples/webrtc-direct/dialer.js
@@ -15,7 +15,10 @@ document.addEventListener('DOMContentLoaded', async () => {
       bootstrap({
         list: [`/ip4/127.0.0.1/tcp/9090/http/p2p-webrtc-direct/p2p/${hardcodedPeerId}`]
       })
-    ]
+    ],
+    connectionGater: {
+      denyDialMultiaddr: () => false
+    }
   })
 
   const status = document.getElementById('status')

diff --git a/package.json b/package.json
@@ -223,6 +223,7 @@
     "sinon-ts": "^1.0.0"
   },
   "browser": {
+    "./dist/src/config/connection-gater.js": "./dist/src/config/connection-gater.browser.js",
     "nat-api": false
   }
 }
diff --git a/src/config/connection-gater.browser.ts b/src/config/connection-gater.browser.ts
@@ -0,0 +1,31 @@
+import type { ConnectionGater } from '@libp2p/interface-connection-gater'
+import type { Multiaddr } from '@multiformats/multiaddr'
+import isPrivate from 'private-ip'
+
+/**
+ * Returns a connection gater that disallows dialling private addresses by
+ * default. Browsers are severely limited in their resource usage so don't
+ * waste time trying to dial undiallable addresses.
+ */
+export function connectionGater (gater: ConnectionGater = {}): ConnectionGater {
+  return {
+    denyDialPeer: async () => false,
+    denyDialMultiaddr: async (multiaddr: Multiaddr) => {
+      const tuples = multiaddr.stringTuples()
+
+      if (tuples[0][0] === 4 || tuples[0][0] === 41) {
+        return Boolean(isPrivate(`${tuples[0][1]}`))
+      }
+
+      return false
+    },
+    denyInboundConnection: async () => false,
+    denyOutboundConnection: async () => false,
+    denyInboundEncryptedConnection: async () => false,
+    denyOutboundEncryptedConnection: async () => false,
+    denyInboundUpgradedConnection: async () => false,
+    denyOutboundUpgradedConnection: async () => false,
+    filterMultiaddrForPeer: async () => true,
+    ...gater
+  }
+}
diff --git a/src/config/connection-gater.ts b/src/config/connection-gater.ts
@@ -0,0 +1,19 @@
+import type { ConnectionGater } from '@libp2p/interface-connection-gater'
+
+/**
+ * Returns a default connection gater implementation that allows everything
+ */
+export function connectionGater (gater: ConnectionGater = {}): ConnectionGater {
+  return {
+    denyDialPeer: async () => false,
+    denyDialMultiaddr: async () => false,
+    denyInboundConnection: async () => false,
+    denyOutboundConnection: async () => false,
+    denyInboundEncryptedConnection: async () => false,
+    denyOutboundEncryptedConnection: async () => false,
+    denyInboundUpgradedConnection: async () => false,
+    denyOutboundUpgradedConnection: async () => false,
+    filterMultiaddrForPeer: async () => true,
+    ...gater
+  }
+}
diff --git a/src/libp2p.ts b/src/libp2p.ts
@@ -38,6 +38,7 @@ import { validateConfig } from './config.js'
 import { ContentRouting, contentRouting } from '@libp2p/interface-content-routing'
 import { PeerRouting, peerRouting } from '@libp2p/interface-peer-routing'
 import { peerDiscovery } from '@libp2p/interface-peer-discovery'
+import { connectionGater } from './config/connection-gater.js'
 
 const log = logger('libp2p')
 
@@ -82,18 +83,7 @@ export class Libp2pNode<T extends ServiceMap = {}> extends EventEmitter<Libp2pEv
       peerId: init.peerId,
       events,
       datastore: init.datastore ?? new MemoryDatastore(),
-      connectionGater: {
-        denyDialPeer: async () => await Promise.resolve(false),
-        denyDialMultiaddr: async () => await Promise.resolve(false),
-        denyInboundConnection: async () => await Promise.resolve(false),
-        denyOutboundConnection: async () => await Promise.resolve(false),
-        denyInboundEncryptedConnection: async () => await Promise.resolve(false),
-        denyOutboundEncryptedConnection: async () => await Promise.resolve(false),
-        denyInboundUpgradedConnection: async () => await Promise.resolve(false),
-        denyOutboundUpgradedConnection: async () => await Promise.resolve(false),
-        filterMultiaddrForPeer: async () => await Promise.resolve(true),
-        ...init.connectionGater
-      }
+      connectionGater: connectionGater(init.connectionGater)
     })
 
     this.peerStore = this.configureComponent('peerStore', new PersistentPeerStore(components, {

diff --git a/test/configuration/utils.ts b/test/configuration/utils.ts
@@ -10,6 +10,7 @@ import type { Libp2pInit, Libp2pOptions } from '../../src/index.js'
 import type { PeerId } from '@libp2p/interface-peer-id'
 import * as cborg from 'cborg'
 import { circuitRelayTransport } from '../../src/circuit-relay/index.js'
+import { mockConnectionGater } from '@libp2p/interface-mocks'
 
 const relayAddr = MULTIADDRS_WEBSOCKETS[0]
 
@@ -88,5 +89,6 @@ export const pubsubSubsystemOptions: Libp2pOptions<{ pubsub: PubSub }> = mergeOp
   ],
   services: {
     pubsub: (components: PubSubComponents) => new MockPubSub(components)
-  }
+  },
+  connectionGater: mockConnectionGater()
 })
diff --git a/test/connection-manager/direct.spec.ts b/test/connection-manager/direct.spec.ts
@@ -373,7 +373,8 @@ describe('libp2p.dialer (direct, WebSockets)', () => {
       ],
       services: {
         identify: identifyService()
-      }
+      },
+      connectionGater: mockConnectionGater()
     })
 
     if (libp2p.services.identify == null) {
@@ -413,7 +414,8 @@ describe('libp2p.dialer (direct, WebSockets)', () => {
       ],
       connectionEncryption: [
         plaintext()
-      ]
+      ],
+      connectionGater: mockConnectionGater()
     })
 
     await libp2p.start()
@@ -441,7 +443,8 @@ describe('libp2p.dialer (direct, WebSockets)', () => {
       ],
       connectionEncryption: [
         plaintext()
-      ]
+      ],
+      connectionGater: mockConnectionGater()
     })
 
     await libp2p.hangUp(MULTIADDRS_WEBSOCKETS[0])
@@ -460,7 +463,8 @@ describe('libp2p.dialer (direct, WebSockets)', () => {
       ],
       connectionEncryption: [
         plaintext()
-      ]
+      ],
+      connectionGater: mockConnectionGater()
     })
 
     await libp2p.start()

diff --git a/test/connection-manager/resolver.spec.ts b/test/connection-manager/resolver.spec.ts
@@ -8,7 +8,7 @@ import { codes as ErrorCodes } from '../../src/errors.js'
 import { MULTIADDRS_WEBSOCKETS } from '../fixtures/browser.js'
 import type { PeerId } from '@libp2p/interface-peer-id'
 import pDefer from 'p-defer'
-import { mockConnection, mockDuplex, mockMultiaddrConnection } from '@libp2p/interface-mocks'
+import { mockConnection, mockConnectionGater, mockDuplex, mockMultiaddrConnection } from '@libp2p/interface-mocks'
 import { peerIdFromString } from '@libp2p/peer-id'
 import { createFromJSON } from '@libp2p/peer-id-factory'
 import { RELAY_V2_HOP_CODEC } from '../../src/circuit-relay/constants.js'
@@ -66,7 +66,8 @@ describe('dialing (resolvable addresses)', () => {
         },
         connectionEncryption: [
           plaintext()
-        ]
+        ],
+        connectionGater: mockConnectionGater()
       }),
       createLibp2pNode({
         addresses: {
@@ -91,7 +92,8 @@ describe('dialing (resolvable addresses)', () => {
         ],
         services: {
           relay: circuitRelayServer()
-        }
+        },
+        connectionGater: mockConnectionGater()
       })
     ])
 

diff --git a/test/upgrading/upgrader.spec.ts b/test/upgrading/upgrader.spec.ts
@@ -677,7 +677,8 @@ describe('libp2p.upgrader', () => {
       ],
       connectionEncryption: [
         plaintext()
-      ]
+      ],
+      connectionGater: mockConnectionGater()
     })
     await libp2p.start()
 
@@ -694,7 +695,8 @@ describe('libp2p.upgrader', () => {
       ],
       connectionEncryption: [
         plaintext()
-      ]
+      ],
+      connectionGater: mockConnectionGater()
     })
     await remoteLibp2p.start()
 
@@ -745,7 +747,8 @@ describe('libp2p.upgrader', () => {
         test: (components: any) => {
           localDeferred.resolve(components)
         }
-      }
+      },
+      connectionGater: mockConnectionGater()
     })
 
     remoteLibp2p = await createLibp2p({
@@ -763,7 +766,8 @@ describe('libp2p.upgrader', () => {
         test: (components: any) => {
           remoteDeferred.resolve(components)
         }
-      }
+      },
+      connectionGater: mockConnectionGater()
     })
 
     const { inbound, outbound } = mockMultiaddrConnPair({ addrs, remotePeer })
@@ -820,7 +824,8 @@ describe('libp2p.upgrader', () => {
         test: (components: any) => {
           localDeferred.resolve(components)
         }
-      }
+      },
+      connectionGater: mockConnectionGater()
     })
 
     remoteLibp2p = await createLibp2p({

diff --git a/test/utils/base-options.browser.ts b/test/utils/base-options.browser.ts
@@ -7,6 +7,7 @@ import type { Libp2pOptions } from '../../src/index.js'
 import mergeOptions from 'merge-options'
 import { circuitRelayTransport } from '../../src/circuit-relay/index.js'
 import type { ServiceMap } from '@libp2p/interface-libp2p'
+import { mockConnectionGater } from '@libp2p/interface-mocks'
 
 export function createBaseOptions <T extends ServiceMap = {}> (overrides?: Libp2pOptions<T>): Libp2pOptions<T> {
   const options: Libp2pOptions = {
@@ -21,7 +22,8 @@ export function createBaseOptions <T extends ServiceMap = {}> (overrides?: Libp2
     ],
     connectionEncryption: [
       plaintext()
-    ]
+    ],
+    connectionGater: mockConnectionGater()
   }
 
   return mergeOptions(options, overrides)