ipfs daemon lists many ports for its address

[mitar]

Version information:

go-ipfs version: 0.4.6-
Repo version: 5
System version: amd64/linux
Golang version: go1.8

Type: Bug

Priority: P3

Description:

I am running IPFS inside a Docker container. I mapped xxx:4002->4002/udp and xxx:4001->4001/tcp ports to the outside IP. But when I use id API to get addresses of those IPFS daemons, I get a long list of ports, which are not really mapped from outside.

Like:

"/ip4/128.32.153.235/tcp/49806",
"/ip4/128.32.153.235/tcp/49906",
"/ip4/128.32.153.235/tcp/36138",
"/ip4/128.32.153.235/tcp/36934",
"/ip4/128.32.153.235/tcp/55664",
"/ip4/128.32.153.235/tcp/51292",
"/ip4/128.32.153.235/tcp/44162",
"/ip4/128.32.153.235/tcp/42530",
"/ip4/128.32.153.235/tcp/39136",
"/ip4/128.32.153.235/tcp/33234",
"/ip4/128.32.153.235/tcp/34694",
"/ip4/128.32.153.235/tcp/35042",
"/ip4/128.32.153.235/tcp/54770",
"/ip4/128.32.153.235/tcp/1071",
"/ip4/128.32.153.235/tcp/43402",
"/ip4/128.32.153.235/tcp/33892",
"/ip4/128.32.153.235/tcp/47114",
"/ip4/128.32.153.235/tcp/37012",
"/ip4/128.32.153.235/tcp/44352",
"/ip4/128.32.153.235/tcp/38852",
"/ip4/128.32.153.235/tcp/38236",
"/ip4/128.32.153.235/tcp/37674",
"/ip4/128.32.153.235/tcp/49682",
"/ip4/128.32.153.235/tcp/38240",
"/ip4/128.32.153.235/tcp/42128",
"/ip4/128.32.153.235/tcp/57494",
"/ip4/128.32.153.235/tcp/38474",
"/ip4/128.32.153.235/tcp/60244",
"/ip4/128.32.153.235/tcp/38708",
"/ip4/128.32.153.235/tcp/58096",
"/ip4/128.32.153.235/tcp/42442",
"/ip4/128.32.153.235/tcp/37488",
"/ip4/128.32.153.235/tcp/35778",
"/ip4/128.32.153.235/tcp/60534",
"/ip4/128.32.153.235/tcp/59954",
"/ip4/128.32.153.235/tcp/52886",
"/ip4/128.32.153.235/tcp/41550",
"/ip4/128.32.153.235/tcp/37902",
"/ip4/128.32.153.235/tcp/36354",
"/ip4/128.32.153.235/tcp/45614",
"/ip4/128.32.153.235/tcp/51008",
"/ip4/128.32.153.235/tcp/53130",
"/ip4/128.32.153.235/tcp/47450",
"/ip4/128.32.153.235/tcp/54072",
"/ip4/128.32.153.235/tcp/58890",
"/ip4/128.32.153.235/tcp/55266",
"/ip4/128.32.153.235/tcp/49002",
"/ip4/128.32.153.235/tcp/41232",
"/ip4/128.32.153.235/tcp/49650",
"/ip6/::1/tcp/4001",
"/ip4/128.32.153.235/tcp/52556",
"/ip4/128.32.153.235/tcp/45478",
"/ip4/128.32.153.235/tcp/58940",
"/ip4/172.17.0.3/tcp/4001",
"/ip4/128.32.153.235/tcp/53680",
"/ip4/128.32.153.235/tcp/50678",
"/ip4/128.32.153.235/tcp/47494",
"/ip4/128.32.153.235/tcp/39134",
"/ip4/128.32.153.235/tcp/52214",
"/ip4/128.32.153.235/tcp/48912",
"/ip4/128.32.153.235/tcp/53588",
"/ip4/128.32.153.235/tcp/41188",
"/ip4/128.32.153.235/tcp/43522",
"/ip4/128.32.153.235/tcp/38668",
"/ip4/128.32.153.235/tcp/47820",
"/ip4/128.32.153.235/tcp/37570",
"/ip4/128.32.153.235/tcp/35990",
"/ip4/128.32.153.235/tcp/40720",
"/ip4/128.32.153.235/tcp/56896",
"/ip4/128.32.153.235/tcp/54526",
"/ip4/128.32.153.235/tcp/40304",
"/ip4/128.32.153.235/tcp/34904",
"/ip4/128.32.153.235/tcp/61969",
"/ip4/128.32.153.235/tcp/35238",
"/ip4/128.32.153.235/tcp/40350",
"/ip4/128.32.153.235/tcp/32798",
"/ip4/128.32.153.235/tcp/1024",
"/ip4/128.32.153.235/tcp/57498",
"/ip4/128.32.153.235/tcp/48640",
"/ip4/128.32.153.235/tcp/1073",
"/ip4/128.32.153.235/tcp/36298",
"/ip4/128.32.153.235/tcp/33456",
"/ip4/128.32.153.235/tcp/48826",
"/ip4/128.32.153.235/tcp/59730",
"/ip4/128.32.153.235/tcp/51108",
"/ip4/128.32.153.235/tcp/45392",
"/ip4/128.32.153.235/tcp/50716",
"/ip4/128.32.153.235/tcp/54058",
"/ip4/128.32.153.235/tcp/51340",
"/ip4/128.32.153.235/tcp/45524",
"/ip4/128.32.153.235/tcp/55048",
"/ip4/128.32.153.235/tcp/57994",
"/ip4/128.32.153.235/tcp/48250",
"/ip4/128.32.153.235/tcp/2136",
"/ip4/128.32.153.235/tcp/17447",
"/ip4/128.32.153.235/tcp/36432",
"/ip4/128.32.153.235/tcp/58728",
"/ip4/128.32.153.235/tcp/50322",
"/ip4/128.32.153.235/tcp/50234",
"/ip4/128.32.153.235/tcp/34834",
"/ip4/128.32.153.235/tcp/45946",
"/ip4/128.32.153.235/tcp/52996",
"/ip4/128.32.153.235/tcp/36794",
"/ip4/128.32.153.235/tcp/52638",
"/ip4/128.32.153.235/tcp/47446",
"/ip4/128.32.153.235/tcp/45414",
"/ip4/128.32.153.235/tcp/46612",
"/ip4/128.32.153.235/tcp/41896",
"/ip4/128.32.153.235/tcp/47334",
"/ip4/127.0.0.1/tcp/4001",
"/ip4/128.32.153.235/tcp/44844",
"/ip4/128.32.153.235/tcp/49638",
"/ip4/128.32.153.235/tcp/60772",
"/ip4/128.32.153.235/tcp/33194",
"/ip4/128.32.153.235/tcp/50720",
"/ip4/128.32.153.235/tcp/54376",
"/ip4/128.32.153.235/tcp/58962",
"/ip4/128.32.153.235/tcp/42332",
"/ip4/128.32.153.235/tcp/1122",
"/ip4/128.32.153.235/tcp/61932"

You can maybe see yourself what is being reported:

• https://lucky.tnode.com/api/v0/peers
• https://sgx01.cs.berkeley.edu/api/v0/peers
• https://sgx02.cs.berkeley.edu/api/v0/peers
• https://sgx03.cs.berkeley.edu/api/v0/peers

[Kubuxu]

This is again listing temporary ports issue. cc @whyrusleeping
Any idea for resolution?

[whyrusleeping]

We really need to filter out ephemeral ports... at least on linux, anything on linux should be considered undialable unless we are explicitly listening on it

[whyrusleeping]

https://en.wikipedia.org/wiki/Ephemeral_port

If someone wants to tackle this that would be great. I won't be able to get to it until maybe later this week.

It should be fairly simple, Just have to add checks into go-libp2p/p2p/protocol/identify/obsaddr.go and filter out things within ephemeral port ranges per OS (Since different OSes have different ephemeral ranges)

[mitar]

Is ipfs port fixed? Because one can in theory bind the port into that range. So blindly filtering them out might not be the best.

[whyrusleeping]

@mitar We wouldnt be blindly filtering them out. The Ephemeral port metric for observed addresses is a good one i think, If someone we're connected to says the address they see us connecting from is in the ephemeral range, we shouldnt use that port as something we advertise we're listening on. If however, we do happen to be listening on that by manually specifying the port, we will announce the address anyways (We announce listenAddrs + observedAddrs to the network)

[Kubuxu]

We might want to wait for multiple confirmations or the same outgoing port.

[kevina]

I am not familiar with Ephemeral port but with a little guidance I might be able to do this. @whyrusleeping let me know if this will be helpful.

[whyrusleeping]

@Kubuxu that is with two confirmations of the same port. The problem is we only have about 32,000 ports, and over the course of a week, we're definitely going to overlap on some of those. Just by making around 250 outbound dials, we have a 50% chance of overlapping on an ephemeral port. At 500 outbound dials, we have a nearly 100% chance of an overlap. Given thousands of outbound dials over the course of a day, we end up with something like what @mitar posted in the issue.

[whyrusleeping]

Lets definitely try and get this fixed in 0.4.9, it will help a lot with resource consumption and connectivity

[whyrusleeping]

@Kubuxu are those changes you made merged in?

[Kubuxu]

It is in go-libp2p, they weren't propagated.

[whyrusleeping]

@Kubuxu how about now?

[Kubuxu]

It should be good now. Closing, please open a new issue if it happens again.