identify: filter received addresses based on the node's remote address

marten-seemann · marten-seemann · commit cf0ca1befb16 · 2023-06-01T11:57:13.000+03:00
diff --git a/p2p/protocol/identify/id.go b/p2p/protocol/identify/id.go
@@ -769,7 +769,7 @@ func (ids *idService) consumeMessage(mes *pb.Identify, c network.Conn, isPush bo
 			log.Debugf("error adding signed addrs to peerstore: %v", err)
 		}
 	} else {
-		ids.Host.Peerstore().AddAddrs(p, lmaddrs, ttl)
+		ids.Host.Peerstore().AddAddrs(p, filterAddrs(lmaddrs, c.RemoteMultiaddr()), ttl)
 	}
 
 	// Finally, expire all temporary addrs.
@@ -959,3 +959,17 @@ func (nn *netNotifiee) Disconnected(_ network.Network, c network.Conn) {
 
 func (nn *netNotifiee) Listen(n network.Network, a ma.Multiaddr)      {}
 func (nn *netNotifiee) ListenClose(n network.Network, a ma.Multiaddr) {}
+
+// filterAddrs filters the address slice based on the remove multiaddr:
+// * if it's a localhost address, no filtering is applied
+// * if it's a local network address, all localhost addresses are filtered out
+// * if it's a public address, all localhost and local network addresses are filtered out
+func filterAddrs(addrs []ma.Multiaddr, remote ma.Multiaddr) []ma.Multiaddr {
+	if manet.IsIPLoopback(remote) {
+		return addrs
+	}
+	if manet.IsPrivateAddr(remote) {
+		return ma.FilterAddrs(addrs, func(a ma.Multiaddr) bool { return !manet.IsIPLoopback(a) })
+	}
+	return ma.FilterAddrs(addrs, manet.IsPublicAddr)
+}
