Support for blocking logically inbound connections #2221
Labels
exp/expert
Having worked on the specific codebase is important
P2
Medium: Good to have, but can wait until someone steps up
go-libp2p has a ConnectionGater interface that allows the user to control the types of inbound and outbound connections that a given host can make. However, as far as I can tell these limitations are based at the Transport level which does not interact nicely with DCuTR.
I suspect there is a class of users (perhaps most of them) that when blocking inbound connections what they really mean to be doing is blocking logically inbound connections rather than ones that are mechanically inbound. An example use case here might be a user running a libp2p node on a public IP address that wants to fetch data from many peers (including those behind NATs which will do DCuTR dialback) but does not want to communicate with any peers other than those it has reached out to.
In a mode where there is support for blocking logically inbound connections we would end up with the following: ( ❌ means we want a failure, ✅ means we want a success)
IIUC this contrasts with using the ConnectionGater to deny all
InterceptAccept
responses since it would give the correct result for 1, 2 and 4 but an incorrect result for 3.The text was updated successfully, but these errors were encountered: