search

matrix-org / dendrite

Dendrite is a second-generation Matrix homeserver written in Go!
https://matrix-org.github.io/dendrite/
Apache License 2.0
5.75k stars 676 forks source link

dendrite is not working in p2p scenario of no DNS, no public IPs, localhost, offline-first #1747

Closed pedro-nonfree closed 3 years ago

pedro-nonfree commented 3 years ago

Background information

Description

Recently we tried to set up two dendrites in different laptops (let's say alice and bob) on the same LAN

Steps to reproduce

in dendrite.yaml:

when alice tries to invite bob they both get "invalid request signature"

alice's side

ERRO[2021-01-27T17:37:27.184517681Z] [github.com/matrix-org/dendrite@/roomserver/internal/perform/perform_invite.go:161] PerformInvite
     r.FSAPI.PerformInvite failed                  error="r.federation.SendInviteV2: contents=[123 34 109 101 115 115 97 103 101 34 58 34 73 110 118 97 108 105 100 32 114 101 113 117 101 115 116 32 115 105 103 110 97 116 117 114 101 34 125] msg=Failed to PUT JSON (hostname \"mila\" path \"/_matrix/federation/v2/invite/!gMt5cJ618mpl0huR:localhost/$BSednXibEiA_WrVvplFY12jAY4P8hSdY0RiZhbhq8_Y\"): {\"message\":\"Invalid request signature\"} code=401 wrapped=" event_id="$BSednXibEiA_WrVvplFY12jAY4P8hSdY0RiZhbhq8_Y"

bob's side

INFO[2021-01-27T17:37:25.362310400Z] [github.com/matrix-org/gomatrixserverlib@v0.0.0-20210122154608-a38974bd8a37/request.go:239] VerifyHTTPRequest Invalid request signature error="Bad signature from "pedro" with ID "ed25519:7iBOJR"" req.id=xcJG3aidfAcn req.method=GET req.path=/_matrix/federation/v1/query/profile
kegsay commented 3 years ago

So every request is checked to make sure it is signed by the originating server. The way we do this is by doing a key query to the server name in question (pedro in this case). In a no DNS situation, this lookup will fail.

If you want to do no internet P2P, use one of the P2P binaries eg https://github.com/matrix-org/dendrite/tree/master/cmd/dendrite-demo-yggdrasil which works in a different way, particularly for fetching federation keys. Note that the two forms are incompatible: you can't talk to the normal Matrix network using P2P.