Transit: protocol improvements #16
Conversation
Fancy things! And code cleanup. - We now do firewall hole punching. If your device got a firewall connected (and it really should, and by default), direct transfers should now work for you too. - If you aren't behind any NATs (IPv6 users rejoice), **direct connections should now work across the internet** 🎉 - NAT traversal using STUN, for our poor IPv4 users. Gives you direct connections as well, provided that the NAT behaves well (fortunately, they mostly do). - If we found a connection over a relay, we wait some longer in the hope of a direct connection. See also magic-wormhole/magic-wormhole-protocols#16 for some more words on what this code does in a bit more detail.
piegamesde
changed the title
|
I added support for other transport protocols than plain TCP, thus this PR now supersedes #10. Discussion on the hints format can be found there. |
| * I2P: like Tor, but not capable of proxying to normal TCP hints. | ||
| * ICE-mediated STUN/STUNT: NAT hole-punching, assisted somewhat by a server | ||
| that can tell you your external IP address and port. Maybe implemented as a | ||
| uTP stream (which is UDP based, and thus easier to get through NAT). |
There was a problem hiding this comment.
proabably worth adding a point about Tor onion services, since that got deleted in a paragraph above. Perhaps:
- Tor Onion services: one side could run an Onion service, allowing a "direct" Tor connection without using any relay
There was a problem hiding this comment.
Oh, did I delete too much somewhere? Everything that the Python implementation does should be covered by the spec.
|
Thank you for mentioning the framing, this is a good point: we only require a continuous byte stream (as TCP gives us) because we build our own framing on top. With WebSockets, this seems wasteful. Should I describe a variant that removes the framing for protocols that already bring their own? This would amount to saving the |
piegamesde
force-pushed
the
transit-improvements
branch
from
e1c4eba
to
185c6ed
Compare
| and you always want to prefer IPv6 connections. | ||
|
|
||
| \* Since you should always host your own for production use (and also most of | ||
| the public ones don't support TCP), we provide <tcp://stun.magic-wormhole.io:3478> |
There was a problem hiding this comment.
By the way we need infrastructure access to set this up (CC @warner). In the meantime, I host a public instance at stun.piegames.de.
Fancy things! And code cleanup. - We now do firewall hole punching. If your device got a firewall connected (and it really should, and by default), direct transfers should now work for you too. - If you aren't behind any NATs (IPv6 users rejoice), **direct connections should now work across the internet** 🎉 - NAT traversal using STUN, for our poor IPv4 users. Gives you direct connections as well, provided that the NAT behaves well (fortunately, they mostly do). - If we found a connection over a relay, we wait some longer in the hope of a direct connection. See also magic-wormhole/magic-wormhole-protocols#16 for some more words on what this code does in a bit more detail.
|
I feel a bit weird for bumping the relay version although we technically only change the message formatting and not the way the protocol actually works. I just had an idea for an alternative implementation: the abilities are already serialized as objects, i.e. they may have complex structured values. So instead of having a |
|
I implemented the idea described in my last comment, and it turned out to be quite an improvement IMO. Thus, the |
We already do this everywhere anyways, so this is more a correction of the documentation than a change to the protocol. Therefore, I've omitted describing any backwards compatibility handling.
Most messages have structured content (JSON, …) and require a lot more resources to be parsed than is needed to only hold the byte buffer in memory. Therefore, 4GiB is totally unrealistic and there is need for an artificially reduced upper bound.
We use WebSockets as an example, but actually this applies to all protocols that offer their own message framing
piegamesde
force-pushed
the
transit-improvements
branch
2 times, most recently
from
1a9bcc8
to
e267c6c
Compare
|
🔔 I think this is good to go, so let's start a Final Comment Period! 🔔 I expect all commits except the last one to be rather uncontroversial. If this turns out to be true and the first part does not get any complaints, I'll split this up into two PRs to get that half merged early. |
piegamesde
added
the
Final comment period
|
Is the intent of "version A" versus "version B" to decide in this PR on one and only use that, or something else? |
No. The thing is, that due to how our abstractions are layered, that transit cannot specify how the required messages should be encoded. This is part of the application protocol on top. Usually, there is a "canonical" encoding that everybody follows, like for the hints. For the abilities however, it has some (minor) drawbacks that are improved in Version B. That one is not used anywhere at the moment, except by my port forwarding and file transfer v2 experiments. That being said, I'll remove Version B and mark Version A as "canonical". This will make it easier to understand. It does not change any semantics, since the upper layer protocol still has the last word on how things should be done.
Will do. |
|
I will do a more in-depth review tomorrow and/or weekend, but a couple quick thoughts:
|
piegamesde
force-pushed
the
transit-improvements
branch
4 times, most recently
from
78f0ef0
to
815862b
Compare
|
All comments are resolved, maybe we all read through it once or twice to catch even the last typo and then it should be good to go 🎉 |
According to the newest spec proposal in magic-wormhole/magic-wormhole-protocols#16.
`relay-v2` is the same as `relay-v1`, but with enhanced hints encoding that allows for different ways to connect to a relay server become possible. Furthermore, relay hints may provide a human readable name. Additionally, a few things are moved around between files, both to put things where they belong and in anticipation of future features.
piegamesde
force-pushed
the
transit-improvements
branch
from
815862b
to
af046df
Compare
piegamesde
removed
the
Final comment period
|
awesome (and sorry this took so long to get merged) |
According to the newest spec proposal in magic-wormhole/magic-wormhole-protocols#16.
According to the newest spec proposal in magic-wormhole/magic-wormhole-protocols#16.
According to the newest spec proposal in magic-wormhole/magic-wormhole-protocols#16.
According to the newest spec proposal in magic-wormhole/magic-wormhole-protocols#16.
According to the newest spec proposal in magic-wormhole/magic-wormhole-protocols#16.
According to the newest spec proposal in magic-wormhole/magic-wormhole-protocols#16.
According to the newest spec proposal in magic-wormhole/magic-wormhole-protocols#16.
A prototype implementation can be found here.
Also note that stun.magic-wormhole.io doesn't exist yet ^^