query: ip diversity filter #1070
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
guillaumemichel
force-pushed
the
query/ip-diversity-filter
branch
from
17a95dc to
41715ff
Compare
sukunrt
approved these changes
Mar 24, 2025
|
Added the IP diversity filter to accelerated DHT client |
sukunrt
approved these changes
Apr 1, 2025
The best we have is the IPFS Kademlia DHT draft spec, see this section. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
IP diversity checks have been added to the DHT implementation to enhance the DHT robustness (see implementation here and here). However, these checks are only effective for the routing table. These checks aren't helping clients to avoid malicious nodes during lookups.
Problem
When clients want to write content to the DHT (provider records, IPNS record), they will look for the
kclosest peers to the key they are trying to write. Since most DHT Servers implement the IP Diversity Filter, it means that these honest DHT Servers should never return more than 2 peers from the same IP block/ASN.However, if the query hits a (malicious) peer not implementing the IP Diversity Filter, this peer may return plenty of closer peers sharing the same IP block/ASN, or even the same IP address. Since these peers are closer to the target, the client will continue the lookup by querying these potentially malicious peers, and the records will eventually be allocated to these peers.
Same for when clients want to read records from the DHT.
Solution
The query process on the client side can implement a check similar to the IP diversity filter check in the routing table. If a peer respond with more than e.g
3closer peer sharing the same IP block/ASN, the client would drop all these addresses sharing the same address range, and only keep less represented IP addresses (if any).Implications
This means that
GetClosestPeersmay not return the actualkclosest peers in XOR distance to a key, if many of the actual closest peers share the same address range.GetClosestPeersmay return a limited (e.g3) number of peers sharing the same address range, but the other returned peers will be located in other IP blocks/ASNs.Hence in the case of a many nodes on the same IP range in the same small keyspace region, the content is expected to be stored on some of the actual closest peers (in XOR distance) that are on the same IP range (potentially malicious), and on the closest peers (in XOR distance) to the key that are using other IP blocks/ASNs. Hence client should be able to retrieve the value from the nodes with more diverse IPs.
References