Pass clientAddress to firewall

holepunchto / hyperswarm

A distributed networking stack for connecting peers.

https://docs.holepunch.to

MIT License

1.03k stars 84 forks source link

Pass clientAddress to firewall #131

Open gmaclennan opened 1 year ago

gmaclennan commented 1 year ago

Pass through the clientAddress (from @hyperswarm.dht) to the opts.firewall function.

gmaclennan commented 10 months ago

@mafintosh any chance of merging this?

mafintosh commented 10 months ago

Can you explain the use case when its only for remote connections?

gmaclennan commented 10 months ago

We use mdns for discovery on the local network (and cases where there is no internet connectivity). We advertise a different port on mdns (which doesn't connect through hyperswarm, but uses secretStream directly).

In order to avoid duplicate connections we want to block connections through hyperswarm from local IPs. It seems like the firewall is the best place to do this?

mafintosh commented 10 months ago

Ok, we can add it to fix your immediate use case - will land local discovery at some point, but as a middle ground don't document it so its not guaranteed to be there in the future.

gmaclennan commented 10 months ago

Want me to remove the README change in this PR?

mafintosh commented 10 months ago

gmaclennan commented 10 months ago

Force-pushed to remove README changes

sethvincent commented 10 months ago

It looks like this method call may also need to be updated. Is that right? https://github.com/holepunchto/hyperswarm/blob/80ea460c2e2774c6aaa043009150893df6dc8489/index.js#L139 @gmaclennan