feat(iroh)!: allow multiple IP transports, including filtering by interface #3692
Conversation
|
Documentation for this PR has been generated and is available at: https://n0-computer.github.io/iroh/pr/3692/docs/iroh/ Last updated: 2026-01-07T20:54:33Z |
dignifiedquire
changed the title
dignifiedquire
changed the title
dignifiedquire
force-pushed
the
feat-bind-interfaces
branch
2 times, most recently
from
6726f3c to
479652f
Compare
dignifiedquire
force-pushed
the
feat-bind-interfaces
branch
from
479652f to
232524f
Compare
|
We could remove the |
well currently they are treated differently internally as an explicit fallback, thats why the difference in configuration exists |
matheus23
left a comment
matheus23
left a comment
There was a problem hiding this comment.
I'm not super convinced this is the right API 🤔
Looking at your example:
let endpoint = Endpoint::builder()
.bind_addr_v4_default("127.0.0.1", 1234)
.bind_addr_v4("192.168.1.2/24".parse()?, 1234) // bind to prefix_len of 24
.bind()
.await?It looks like the configuration for an endpoint that will only send traffic in the local network and localhost.
So let's say quinn produces a datagram that's meant to be sent to 192.168.1.101:1234.
Iroh will then first check this against your 192.168.1.2/24 and find a match. However, it turns out that interface is actually busy, so it continues.
Then it'll see the "default" 127.0.0.1 interface and try to send on that. But obviously it can't send outside localhost, so ideally that should just fail sending, but I think it won't? I'm not actually sure what will happen.
Also another thing about the default socket: What if someone wants to bind a dual-stack socket with [::]? I think that should match against an IPv4 address, but IIUC currently it doesn't?
Minor note: I'm not sure what should happen if you bind multiple sockets to the same port, but different IP addrs. What happens in these cases? I'm not sure.
We don't support dual socket, not currently, and not in this setup |
|
So, if we removed the default, we could have this: let endpoint = Endpoint::builder()
.bind_addr_v4("192.168.1.2/0".parse()?, 0) // bind to prefix_len of 0
.bind_addr_v4("10.0.0.3/24".parse()?, 0) // bind to prefix_len of 24
.bind_addr_v6("[::]/0".parse()?, 0)
.bind()
.await?Which would mean:
Which is, I think, the common thing people would want from this API. I.e. have a default interface (netmask prefix len 0) and a more specific interface that only handles destinations in the interface's subnet. But what would happen if a user sets up binds, but not one with prefix len 0? Then we would have to error for all sends that are not matched by any of the netmasks of the bound addrs. Not sure if this is preferable to the the |
iroh/src/magicsock/transports/ip.rs
Outdated
| return false; | ||
| } | ||
| Self::V6 { | ||
| ip_addr, scope_id, .. |
There was a problem hiding this comment.
I think this is just an unused variable warning that makes CI barf (scope_id is unused)
| if let Some(src) = src { | ||
| match self { |
There was a problem hiding this comment.
Thoughts on code style: Perhaps matching on (src, self) is potentially slightly nicer?
I think the example you give in the PR description is still weird. You wouldn't want to use a let endpoint = Endpoint::builder()
.bind_addr_v4("127.0.0.1/8", 1234)
.bind_addr_v4("192.168.1.2/24".parse()?, 1234) // bind to prefix_len of 24
.bind()
.await?I.e. that'd be a configuration that only allows sending on localhost or LAN. That said, one should be aware that this still in theory allows the endpoint to receive & process traffic from outside those netmasks. |
Description
This allows for multiple interfaces to be bound, and be actually used.
You can now use this by passing
The selection of the interface is done internally by first looking at all specific bindings, and then fallbing back to the
defaultversion for this family.Breaking Changes
irohEndpoint::bind_addr_v4toEndpoint::bind_addr_v4_defaultEndpoint::bind_addr_v6toEndpoint::bind_addr_v6_defaultEndpoint::bind_addr_v4Endpoint::bind_addr_v6endpoint::Ipv4Netendpoint::Ipv6Net