Make it possible to not send outgoing traffic to RFC1918 addresses

[fabricedesre]

Summary

libp2p dials addresses that are in the RFC1918 range, and that's causing issues in some environments. For instance, Hetzner will flag that traffic as abuse.

This needs to be configurable in libp2p instead of having to use ip filtering.

Expected behaviour

With some configuration or exposed API, allow libp2p users to not send any traffic to hosts in the RFC1918 range.

Actual behaviour

All peers discovered in that range are dialed, or at least there is no way to filter them out.

Possible Solution

Either a configuration flag or some api?

Version

• libp2p version (version number, commit, or branch): 0.2.0

Would you like to work on fixing this bug?

Maybe.

[thomaseizinger]

Once we ship #2824, you will be able to build your own connection management logic. There you can for example inspect all addresses of new outgoing connections and abort those where the address is within the RFC1918 range.

[fabricedesre]

thanks!

[mxinden]

For instance, Hetzner will flag that traffic as abuse.

Can confirm. I have been flagged multiple times and got an IP blocked once.

In the meantime, I suggest wrapping your transport with https://github.com/mxinden/kademlia-exporter/blob/master/src/exporter/client/global_only.rs @fabricedesre .

[fabricedesre]

Thanks @mxinden ! It looks like this would fit well with iroh's transport setup at https://github.com/n0-computer/iroh/blob/1b630801686b7b59ecd3328ebdce25a200cab1bb/iroh-p2p/src/swarm.rs#L23

[jxs]

beware that is_global is still unstable, but you can use is_private which covers RFC1918

[mxinden]

Adding a GlobalIPOnly Transport implementation to rust-libp2p would be great. Tracked in #3669. Closing here.