diff --git a/cmd/ipfs/daemon.go b/cmd/ipfs/daemon.go index e5a9b922cb6d..11769dbd0318 100644 --- a/cmd/ipfs/daemon.go +++ b/cmd/ipfs/daemon.go @@ -174,7 +174,7 @@ Headers. cmds.BoolOption(migrateKwd, "If true, assume yes at the migrate prompt. If false, assume no."), cmds.BoolOption(enablePubSubKwd, "Instantiate the ipfs daemon with the experimental pubsub feature enabled."), cmds.BoolOption(enableIPNSPubSubKwd, "Enable IPNS record distribution through pubsub; enables pubsub."), - cmds.BoolOption(enableMultiplexKwd, "Add the experimental 'go-multiplex' stream muxer to libp2p on construction.").WithDefault(true), + cmds.BoolOption(enableMultiplexKwd, "DEPRECATED"), // TODO: add way to override addresses. tricky part: updating the config if also --init. // cmds.StringOption(apiAddrKwd, "Address for the daemon rpc API (overrides config)"), @@ -296,7 +296,10 @@ func daemonFunc(req *cmds.Request, re cmds.ResponseEmitter, env cmds.Environment offline, _ := req.Options[offlineKwd].(bool) ipnsps, _ := req.Options[enableIPNSPubSubKwd].(bool) pubsub, _ := req.Options[enablePubSubKwd].(bool) - mplex, _ := req.Options[enableMultiplexKwd].(bool) + if _, hasMplex := req.Options[enableMultiplexKwd]; hasMplex { + log.Errorf("The mplex multiplexer has been enabled by default and the experimental %s flag has been removed.") + log.Errorf("To disable this multiplexer, please configure `Swarm.Transports.Multiplexers'.") + } // Start assembling node config ncfg := &core.BuildCfg{ @@ -307,7 +310,6 @@ func daemonFunc(req *cmds.Request, re cmds.ResponseEmitter, env cmds.Environment ExtraOpts: map[string]bool{ "pubsub": pubsub, "ipnsps": ipnsps, - "mplex": mplex, }, //TODO(Kubuxu): refactor Online vs Offline by adding Permanent vs Ephemeral } diff --git a/core/node/groups.go b/core/node/groups.go index 823d9037b66a..78bbb0c6abd4 100644 --- a/core/node/groups.go +++ b/core/node/groups.go @@ -9,6 +9,7 @@ import ( blockstore "github.com/ipfs/go-ipfs-blockstore" config "github.com/ipfs/go-ipfs-config" util "github.com/ipfs/go-ipfs-util" + log "github.com/ipfs/go-log" peer "github.com/libp2p/go-libp2p-core/peer" pubsub "github.com/libp2p/go-libp2p-pubsub" @@ -22,6 +23,8 @@ import ( "go.uber.org/fx" ) +var logger = log.Logger("core:constructor") + var BaseLibP2P = fx.Options( fx.Provide(libp2p.UserAgent), fx.Provide(libp2p.PNet), @@ -108,19 +111,32 @@ func LibP2P(bcfg *BuildCfg, cfg *config.Config) fx.Option { autonat = fx.Provide(libp2p.AutoNATService(cfg.AutoNAT.Throttle)) } - // Gather all the options + // If `cfg.Swarm.DisableRelay` is set and `Network.Relay` isn't, use the former. + enableRelay := cfg.Swarm.Transports.Network.Relay.WithDefault(!cfg.Swarm.DisableRelay) //nolint + + // Warn about a deprecated option. + //nolint + if cfg.Swarm.DisableRelay { + logger.Error("The `Swarm.DisableRelay' config field is deprecated.") + if enableRelay { + logger.Error("`Swarm.DisableRelay' has been overridden by `Swarm.Transports.Network.Relay'") + } else { + logger.Error("Use the `Swarm.Transports.Network.Relay' config field instead") + } + } + // Gather all the options opts := fx.Options( BaseLibP2P, fx.Provide(libp2p.AddrFilters(cfg.Swarm.AddrFilters)), fx.Provide(libp2p.AddrsFactory(cfg.Addresses.Announce, cfg.Addresses.NoAnnounce)), - fx.Provide(libp2p.SmuxTransport(bcfg.getOpt("mplex"))), - fx.Provide(libp2p.Relay(cfg.Swarm.DisableRelay, cfg.Swarm.EnableRelayHop)), + fx.Provide(libp2p.SmuxTransport(cfg.Swarm.Transports)), + fx.Provide(libp2p.Relay(enableRelay, cfg.Swarm.EnableRelayHop)), fx.Invoke(libp2p.StartListening(cfg.Addresses.Swarm)), fx.Invoke(libp2p.SetupDiscovery(cfg.Discovery.MDNS.Enabled, cfg.Discovery.MDNS.Interval)), - fx.Provide(libp2p.Security(!bcfg.DisableEncryptedConnections, cfg.Experimental.OverrideSecurityTransports)), + fx.Provide(libp2p.Security(!bcfg.DisableEncryptedConnections, cfg.Swarm.Transports)), fx.Provide(libp2p.Routing), fx.Provide(libp2p.BaseRouting), diff --git a/core/node/libp2p/libp2p.go b/core/node/libp2p/libp2p.go index d9b0b5f5558a..51183c9543aa 100644 --- a/core/node/libp2p/libp2p.go +++ b/core/node/libp2p/libp2p.go @@ -1,9 +1,11 @@ package libp2p import ( + "sort" "time" version "github.com/ipfs/go-ipfs" + config "github.com/ipfs/go-ipfs-config" logging "github.com/ipfs/go-log" "github.com/libp2p/go-libp2p" @@ -48,3 +50,32 @@ func simpleOpt(opt libp2p.Option) func() (opts Libp2pOpts, err error) { return } } + +type priorityOption struct { + priority, defaultPriority config.Priority + opt libp2p.Option +} + +func prioritizeOptions(opts []priorityOption) libp2p.Option { + type popt struct { + priority int64 + opt libp2p.Option + } + enabledOptions := make([]popt, 0, len(opts)) + for _, o := range opts { + if prio, ok := o.priority.WithDefault(o.defaultPriority); ok { + enabledOptions = append(enabledOptions, popt{ + priority: prio, + opt: o.opt, + }) + } + } + sort.Slice(enabledOptions, func(i, j int) bool { + return enabledOptions[i].priority > enabledOptions[j].priority + }) + p2pOpts := make([]libp2p.Option, len(enabledOptions)) + for i, opt := range enabledOptions { + p2pOpts[i] = opt.opt + } + return libp2p.ChainOptions(p2pOpts...) +} diff --git a/core/node/libp2p/relay.go b/core/node/libp2p/relay.go index d27466dbfd20..e625b4d001c3 100644 --- a/core/node/libp2p/relay.go +++ b/core/node/libp2p/relay.go @@ -5,17 +5,16 @@ import ( relay "github.com/libp2p/go-libp2p-circuit" ) -func Relay(disable, enableHop bool) func() (opts Libp2pOpts, err error) { +func Relay(enableRelay, enableHop bool) func() (opts Libp2pOpts, err error) { return func() (opts Libp2pOpts, err error) { - if disable { - // Enabled by default. - opts.Opts = append(opts.Opts, libp2p.DisableRelay()) - } else { + if enableRelay { relayOpts := []relay.RelayOpt{} if enableHop { relayOpts = append(relayOpts, relay.OptHop) } opts.Opts = append(opts.Opts, libp2p.EnableRelay(relayOpts...)) + } else { + opts.Opts = append(opts.Opts, libp2p.DisableRelay()) } return } diff --git a/core/node/libp2p/sec.go b/core/node/libp2p/sec.go new file mode 100644 index 000000000000..e129448c460c --- /dev/null +++ b/core/node/libp2p/sec.go @@ -0,0 +1,39 @@ +package libp2p + +import ( + config "github.com/ipfs/go-ipfs-config" + "github.com/libp2p/go-libp2p" + noise "github.com/libp2p/go-libp2p-noise" + secio "github.com/libp2p/go-libp2p-secio" + tls "github.com/libp2p/go-libp2p-tls" +) + +func Security(enabled bool, tptConfig config.Transports) interface{} { + if !enabled { + return func() (opts Libp2pOpts) { + // TODO: shouldn't this be Errorf to guarantee visibility? + log.Warnf(`Your IPFS node has been configured to run WITHOUT ENCRYPTED CONNECTIONS. + You will not be able to connect to any nodes configured to use encrypted connections`) + opts.Opts = append(opts.Opts, libp2p.NoSecurity) + return opts + } + } + + // Using the new config options. + return func() (opts Libp2pOpts) { + opts.Opts = append(opts.Opts, prioritizeOptions([]priorityOption{{ + priority: tptConfig.Security.TLS, + defaultPriority: 100, + opt: libp2p.Security(tls.ID, tls.New), + }, { + priority: tptConfig.Security.SECIO, + defaultPriority: 200, + opt: libp2p.Security(secio.ID, secio.New), + }, { + priority: tptConfig.Security.Noise, + defaultPriority: 300, + opt: libp2p.Security(noise.ID, noise.New), + }})) + return opts + } +} diff --git a/core/node/libp2p/smux.go b/core/node/libp2p/smux.go index e89e00956529..e088eaceb278 100644 --- a/core/node/libp2p/smux.go +++ b/core/node/libp2p/smux.go @@ -1,54 +1,76 @@ package libp2p import ( + "fmt" "os" "strings" + config "github.com/ipfs/go-ipfs-config" "github.com/libp2p/go-libp2p" smux "github.com/libp2p/go-libp2p-core/mux" mplex "github.com/libp2p/go-libp2p-mplex" yamux "github.com/libp2p/go-libp2p-yamux" ) -func makeSmuxTransportOption(mplexExp bool) libp2p.Option { +func yamuxTransport() smux.Multiplexer { + tpt := *yamux.DefaultTransport + tpt.AcceptBacklog = 512 + if os.Getenv("YAMUX_DEBUG") != "" { + tpt.LogOutput = os.Stderr + } + + return &tpt +} + +func makeSmuxTransportOption(tptConfig config.Transports) (libp2p.Option, error) { const yamuxID = "/yamux/1.0.0" const mplexID = "/mplex/6.7.0" ymxtpt := *yamux.DefaultTransport ymxtpt.AcceptBacklog = 512 - if os.Getenv("YAMUX_DEBUG") != "" { - ymxtpt.LogOutput = os.Stderr - } - - muxers := map[string]smux.Multiplexer{yamuxID: &ymxtpt} - if mplexExp { - muxers[mplexID] = mplex.DefaultTransport - } - - // Allow muxer preference order overriding - order := []string{yamuxID, mplexID} if prefs := os.Getenv("LIBP2P_MUX_PREFS"); prefs != "" { - order = strings.Fields(prefs) - } + // Using legacy LIBP2P_MUX_PREFS variable. + log.Error("LIBP2P_MUX_PREFS is now deprecated.") + log.Error("Use the `Swarm.Transports.Multiplexers' config field.") + muxers := strings.Fields(prefs) + enabled := make(map[string]bool, len(muxers)) - opts := make([]libp2p.Option, 0, len(order)) - for _, id := range order { - tpt, ok := muxers[id] - if !ok { - log.Warn("unknown or duplicate muxer in LIBP2P_MUX_PREFS: %s", id) - continue + var opts []libp2p.Option + for _, tpt := range muxers { + if enabled[tpt] { + return nil, fmt.Errorf( + "duplicate muxer found in LIBP2P_MUX_PREFS: %s", + tpt, + ) + } + switch tpt { + case yamuxID: + opts = append(opts, libp2p.Muxer(tpt, yamuxTransport)) + case mplexID: + opts = append(opts, libp2p.Muxer(tpt, mplex.DefaultTransport)) + default: + return nil, fmt.Errorf("unknown muxer: %s", tpt) + } } - delete(muxers, id) - opts = append(opts, libp2p.Muxer(id, tpt)) + return libp2p.ChainOptions(opts...), nil + } else { + return prioritizeOptions([]priorityOption{{ + priority: tptConfig.Multiplexers.Yamux, + defaultPriority: 100, + opt: libp2p.Muxer(yamuxID, yamuxTransport), + }, { + priority: tptConfig.Multiplexers.Mplex, + defaultPriority: 200, + opt: libp2p.Muxer(mplexID, mplex.DefaultTransport), + }}), nil } - - return libp2p.ChainOptions(opts...) } -func SmuxTransport(mplex bool) func() (opts Libp2pOpts, err error) { +func SmuxTransport(tptConfig config.Transports) func() (opts Libp2pOpts, err error) { return func() (opts Libp2pOpts, err error) { - opts.Opts = append(opts.Opts, makeSmuxTransportOption(mplex)) - return + res, err := makeSmuxTransportOption(tptConfig) + opts.Opts = append(opts.Opts, res) + return opts, err } } diff --git a/core/node/libp2p/transport.go b/core/node/libp2p/transport.go index 0bbc7cf01b8d..c87b9a4163c1 100644 --- a/core/node/libp2p/transport.go +++ b/core/node/libp2p/transport.go @@ -3,63 +3,44 @@ package libp2p import ( "fmt" - "github.com/libp2p/go-libp2p" + config "github.com/ipfs/go-ipfs-config" + libp2p "github.com/libp2p/go-libp2p" metrics "github.com/libp2p/go-libp2p-core/metrics" - noise "github.com/libp2p/go-libp2p-noise" libp2pquic "github.com/libp2p/go-libp2p-quic-transport" - secio "github.com/libp2p/go-libp2p-secio" - tls "github.com/libp2p/go-libp2p-tls" + tcp "github.com/libp2p/go-tcp-transport" + websocket "github.com/libp2p/go-ws-transport" "go.uber.org/fx" ) -// default security transports for libp2p -var defaultSecurityTransports = []string{"tls", "secio", "noise"} +func Transports(tptConfig config.Transports) interface{} { + return func(pnet struct { + fx.In + Fprint PNetFingerprint `optional:"true"` + }) (opts Libp2pOpts, err error) { + privateNetworkEnabled := pnet.Fprint != nil -func Transports(pnet struct { - fx.In - Fprint PNetFingerprint `optional:"true"` -}) (opts Libp2pOpts) { - opts.Opts = append(opts.Opts, libp2p.DefaultTransports) - if pnet.Fprint == nil { - opts.Opts = append(opts.Opts, libp2p.Transport(libp2pquic.NewTransport)) - } - return opts -} - -func Security(enabled bool, securityTransportOverride []string) interface{} { - if !enabled { - return func() (opts Libp2pOpts) { - // TODO: shouldn't this be Errorf to guarantee visibility? - log.Warnf(`Your IPFS node has been configured to run WITHOUT ENCRYPTED CONNECTIONS. - You will not be able to connect to any nodes configured to use encrypted connections`) - opts.Opts = append(opts.Opts, libp2p.NoSecurity) - return opts + if tptConfig.Network.TCP.WithDefault(true) { + opts.Opts = append(opts.Opts, libp2p.Transport(tcp.NewTCPTransport)) } - } - securityTransports := defaultSecurityTransports - if len(securityTransportOverride) > 0 { - securityTransports = securityTransportOverride - } + if tptConfig.Network.Websocket.WithDefault(true) { + opts.Opts = append(opts.Opts, libp2p.Transport(websocket.New)) + } - var libp2pOpts []libp2p.Option - for _, tpt := range securityTransports { - switch tpt { - case "tls": - libp2pOpts = append(libp2pOpts, libp2p.Security(tls.ID, tls.New)) - case "secio": - libp2pOpts = append(libp2pOpts, libp2p.Security(secio.ID, secio.New)) - case "noise": - libp2pOpts = append(libp2pOpts, libp2p.Security(noise.ID, noise.New)) - default: - return fx.Error(fmt.Errorf("invalid security transport specified in config: %s", tpt)) + if tptConfig.Network.QUIC.WithDefault(privateNetworkEnabled) { + if privateNetworkEnabled { + // QUIC was force enabled while the private network was turned on. + // Fail and tell the user. + return opts, fmt.Errorf( + "The QUIC transport does not support private networks. " + + "Please disable Swarm.Transports.Network.QUIC.", + ) + } + opts.Opts = append(opts.Opts, libp2p.Transport(libp2pquic.NewTransport)) } - } - return func() (opts Libp2pOpts) { - opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2pOpts...)) - return opts + return opts, nil } } diff --git a/docs/config.md b/docs/config.md index ac5e01682c17..028251fe7a78 100644 --- a/docs/config.md +++ b/docs/config.md @@ -5,7 +5,7 @@ is read once at node instantiation, either for an offline command, or when starting the daemon. Commands that execute on a running daemon do not read the config file at runtime. -#### Profiles +## Profiles Configuration profiles allow to tweak configuration quickly. Profiles can be applied with `--profile` flag to `ipfs init` or with the `ipfs config profile @@ -89,6 +89,46 @@ documented in `ipfs config profile --help`. functionality - performance of content discovery and data fetching may be degraded. +## Types + +This document refers to the standard JSON types (e.g., `null`, `string`, +`number`, etc.), as well as a few custom types, described below. + +### `flag` + +Flags allow enabling and disabling features. However, unlike simple booleans, +they can also be `null` (or omitted) to indicate that the default value should +be chosen. This makes it easier for go-ipfs to change the defaults in the +future unless the user _explicitly_ sets the flag to either `true` (enabled) or +`false` (disabled). Flags have three possible states: + +- `null` or missing (apply the default value). +- `true` (enabled) +- `false` (disabled) + +### `priority` + +Priorities allow specifying the priority of a feature/protocol and disabling the +feature/protocol. Priorities can take one of the following values: + +- `null`/missing (apply the default priority, same as with flags) +- `false` (disabled) +- `1 - 2^63` (priority, lower is preferred) + +### `strings` + +Strings is a special type for conveniently specifying a single string, an array +of strings, or null: + +- `null` +- `"a single string"` +- `["an", "array", "of", "strings"]` + +### `duration` + +Duration is a type for describing lengths of time, using the same format go +does (e.g, `"1d2h4m40.01s"`). + ## Table of Contents - [`Addresses`](#addresses) @@ -176,6 +216,8 @@ Supported Transports: Default: `/ip4/127.0.0.1/tcp/5001` +Type: `strings` + ### `Addresses.Gateway` Multiaddr or array of multiaddrs describing the address to serve the local @@ -188,6 +230,8 @@ Supported Transports: Default: `/ip4/127.0.0.1/tcp/8080` +Type: `strings` + ### `Addresses.Swarm` Array of multiaddrs describing which addresses to listen on for p2p swarm @@ -209,6 +253,8 @@ Default: ] ``` +Type: `array[string]` + ### `Addresses.Announce` If non-empty, this array specifies the swarm addresses to announce to the @@ -216,11 +262,15 @@ network. If empty, the daemon will announce inferred swarm addresses. Default: `[]` +Type: `array[string]` + ### `Addresses.NoAnnounce` Array of swarm addresses not to announce to the network. Default: `[]` +Type: `array[string]` + ## `API` Contains information used by the API gateway. @@ -236,6 +286,8 @@ Example: Default: `null` +Type: `object[string -> array[string]]` + ## `AutoNAT` Contains the configuration options for the AutoNAT service. The AutoNAT service @@ -253,6 +305,8 @@ field can take one of two values: Additional modes may be added in the future. +Type: `string` (can only be "enabled" and "disabled") + ### `AutoNAT.Throttle` When set, this option configure's the AutoNAT services throttling behavior. By @@ -265,18 +319,24 @@ Configures how many AutoNAT requests to service per `AutoNAT.Throttle.Interval`. Default: 30 +Type: `integer` + ### `AutoNAT.Throttle.PeerLimit` Configures how many AutoNAT requests per-peer to service per `AutoNAT.Throttle.Interval`. Default: 3 +Type: `integer` + ### `AutoNAT.Throttle.Interval` Configures the interval for the above limits. Default: 1 Minute +Type: `duration` + ## `Bootstrap` Bootstrap is an array of multiaddrs of trusted nodes to connect to in order to @@ -284,6 +344,8 @@ initiate a connection to the network. Default: The ipfs.io bootstrap nodes +Type: `array[string]` + ## `Datastore` Contains information related to the construction and operation of the on-disk @@ -294,7 +356,9 @@ storage system. A soft upper limit for the size of the ipfs repository's datastore. With `StorageGCWatermark`, is used to calculate whether to trigger a gc run (only if `--enable-gc` flag is set). -Default: `10GB` +Default: `"10GB"` + +Type: `string` (size) ### `Datastore.StorageGCWatermark` @@ -304,6 +368,8 @@ option defaults to false currently). Default: `90` +Type: `integer` + ### `Datastore.GCPeriod` A time duration specifying how frequently to run a garbage collection. Only used @@ -311,6 +377,8 @@ if automatic gc is enabled. Default: `1h` +Type: `duration` or an empty string for the default value. + ### `Datastore.HashOnRead` A boolean value. If set to true, all block reads from disk will be hashed and @@ -318,6 +386,8 @@ verified. This will cause increased CPU utilization. Default: `false` +Type: `bool` + ### `Datastore.BloomFilterSize` A number representing the size in bytes of the blockstore's [bloom @@ -334,8 +404,9 @@ we'd want to use 1199120 bytes. As of writing, [7 hash functions](https://github.com/ipfs/go-ipfs-blockstore/blob/547442836ade055cc114b562a3cc193d4e57c884/caching.go#L22) are used, so the constant `k` is 7 in the formula. +Default: `0` (disabled) -Default: `0` +Type: `integer` ### `Datastore.Spec` @@ -381,6 +452,8 @@ Default: } ``` +Type: `object` + ## `Discovery` Contains options for configuring ipfs node discovery mechanisms. @@ -395,10 +468,14 @@ A boolean value for whether or not mdns should be active. Default: `true` +Type: `bool` + #### `Discovery.MDNS.Interval` A number of seconds to wait between discovery checks. +Type: `integer` (_not_ a duration) + ## `Gateway` Options for the HTTP gateway. @@ -410,6 +487,8 @@ and will not fetch files from the network. Default: `false` +Type: `bool` + ### `Gateway.NoDNSLink` A boolean to configure whether DNSLink lookup for value in `Host` HTTP header @@ -418,6 +497,8 @@ record becomes the `/` and respective payload is returned to the client. Default: `false` +Type: `bool` + ### `Gateway.HTTPHeaders` Headers to set on gateway responses. @@ -437,18 +518,24 @@ Default: } ``` +Type: `object[string -> array[string]]` + ### `Gateway.RootRedirect` A url to redirect requests for `/` to. Default: `""` +Type: `string` + ### `Gateway.Writable` A boolean to configure whether the gateway is writeable or not. Default: `false` +Type: `bool` + ### `Gateway.PathPrefixes` Array of acceptable url paths that a client can specify in X-Ipfs-Path-Prefix @@ -479,6 +566,7 @@ location /blog/ { Default: `[]` +Type: `array[string]` ### `Gateway.PublicGateways` @@ -505,6 +593,8 @@ Above enables `http://example.com/ipfs/*` and `http://example.com/ipns/*` but no Default: `[]` +Type: `array[string]` + #### `Gateway.PublicGateways: UseSubdomains` A boolean to configure whether the gateway at the hostname provides [Origin isolation](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy) @@ -542,6 +632,7 @@ between content roots. Default: `false` +Type: `bool` #### `Gateway.PublicGateways: NoDNSLink` @@ -551,6 +642,8 @@ If `Paths` are defined, they take priority over DNSLink. Default: `false` (DNSLink lookup enabled by default for every defined hostname) +Type: `bool` + #### Implicit defaults of `Gateway.PublicGateways` Default entries for `localhost` hostname and loopback IPs are always present. @@ -636,23 +729,33 @@ The unique PKI identity label for this configs peer. Set on init and never read, it's merely here for convenience. Ipfs will always generate the peerID from its keypair at runtime. +Type: `string` + ### `Identity.PrivKey` The base64 encoded protobuf describing (and containing) the nodes private key. +Type: `string` + ## `Ipns` ### `Ipns.RepublishPeriod` A time duration specifying how frequently to republish ipns records to ensure -they stay fresh on the network. If unset, we default to 4 hours. +they stay fresh on the network. + +Default: 4 hours. + +Type: `interval` or an empty string for the default. ### `Ipns.RecordLifetime` A time duration specifying the value to set on ipns records for their validity lifetime. -If unset, we default to 24 hours. +Default: 24 hours. + +Type: `interval` or an empty string for the default. ### `Ipns.ResolveCacheSize` @@ -661,6 +764,8 @@ will be kept cached until their lifetime is expired. Default: `128` +Type: `integer` + ## `Mounts` FUSE mount point configuration options. @@ -669,10 +774,18 @@ FUSE mount point configuration options. Mountpoint for `/ipfs/`. +Default: `/ipfs` + +Type: `string` + ### `Mounts.IPNS` Mountpoint for `/ipns/`. +Default: `/ipns` + +Type: `string` + ### `Mounts.FuseAllowOther` Sets the FUSE allow other option on the mountpoint. @@ -693,6 +806,8 @@ Sets the default router used by pubsub to route messages to peers. This can be o Default: `"gossipsub"` +Type: `string` + [gossipsub]: https://github.com/libp2p/specs/tree/master/pubsub/gossipsub ### `Pubsub.DisableSigning` @@ -706,6 +821,8 @@ intentionally re-using the real message's message ID. Default: `false` +Type: `bool` + ### `Peering` Configures the peering subsystem. The peering subsystem configures go-ipfs to @@ -756,6 +873,10 @@ The set of peers with which to peer. Each entry is of the form: Additional fields may be added in the future. +Default: empty. + +Type: `array[peering]` + ## `Reprovider` ### `Reprovider.Interval` @@ -769,12 +890,18 @@ not being able to discover that you have the objects that you have. If you want to have this disabled and keep the network aware of what you have, you must manually announce your content periodically. +Type: `array[peering]` + ### `Reprovider.Strategy` Tells reprovider what should be announced. Valid strategies are: - - "all" (default) - announce all stored data + - "all" - announce all stored data - "pinned" - only announce pinned data - "roots" - only announce directly pinned keys and root keys of recursive pins + +Default: all + +Type: `string` (or unset for the default) ## `Routing` @@ -817,6 +944,9 @@ unless you're sure your node is reachable from the public network. } ``` +Default: dht + +Type: `string` (or unset for the default) ## `Swarm` @@ -836,6 +966,9 @@ preventing dials to all non-routable IP addresses (e.g., `192.168.0.0/16`) but you should always check settings against your own network and/or hosting provider. +Default: `[]` + +Type: `array[string]` ### `Swarm.DisableBandwidthMetrics` @@ -843,6 +976,10 @@ A boolean value that when set to true, will cause ipfs to not keep track of bandwidth metrics. Disabling bandwidth metrics can lead to a slight performance improvement, as well as a reduction in memory usage. +Default: `false` + +Type: `bool` + ### `Swarm.DisableNatPortMap` Disable automatic NAT port forwarding. @@ -852,12 +989,22 @@ up an external port and forward it to the port go-ipfs is running on. When this works (i.e., when your router supports NAT port forwarding), it makes the local go-ipfs node accessible from the public internet. +Default: `false` + +Type: `bool` + ### `Swarm.DisableRelay` +Deprecated: Set `Swarm.Transports.Network.Relay` to `false`. + Disables the p2p-circuit relay transport. This will prevent this node from connecting to nodes behind relays, or accepting connections from nodes behind relays. +Default: `false` + +Type: `bool` + ### `Swarm.EnableRelayHop` Configures this node to act as a relay "hop". A relay "hop" relays traffic for other peers. @@ -866,12 +1013,20 @@ WARNING: Do not enable this option unless you know what you're doing. Other peers will randomly decide to use your node as a relay and consume _all_ available bandwidth. There is _no_ rate-limiting. +Default: `false` + +Type: `bool` + ### `Swarm.EnableAutoRelay` Enables "automatic relay" mode for this node. This option does two _very_ different things based on the `Swarm.EnableRelayHop`. See [#7228](https://github.com/ipfs/go-ipfs/issues/7228) for context. +Default: `false` + +Type: `bool` + #### Mode 1: `EnableRelayHop` is `false` If `Swarm.EnableAutoRelay` is enabled and `Swarm.EnableRelayHop` is disabled, @@ -906,30 +1061,24 @@ be configured to keep. Sets the type of connection manager to use, options are: `"none"` (no connection management) and `"basic"`. -#### Basic Connection Manager - -##### `Swarm.ConnMgr.LowWater` - -LowWater is the minimum number of connections to maintain. +Default: `"basic"` -##### `Swarm.ConnMgr.HighWater` +Type: `string` (one of `"basic"`, `"none"`, or `""` (default, i.e. `"basic"`). -HighWater is the number of connections that, when exceeded, will trigger a -connection GC operation. - -##### `Swarm.ConnMgr.GracePeriod` +#### Basic Connection Manager -GracePeriod is a time duration that new connections are immune from being closed -by the connection manager. +The basic connection manager uses a "high water", a "low water", and internal +scoring to periodically close connections to free up resources. When a node +using the basic connection manager reaches `HighWater` idle connections, it will +close the least useful ones until it reaches `LowWater` idle connections. -The "basic" connection manager tries to keep between `LowWater` and `HighWater` -connections. It works by: +The connection manager considers a connection idle if: -1. Keeping all connections until `HighWater` connections is reached. -2. Once `HighWater` is reached, it closes connections until `LowWater` is - reached. -3. To prevent thrashing, it never closes connections established within the - `GracePeriod`. +* It has not been explicitly _protected_ by some subsystem. For example, Bitswap + will protect connections to peers from which it is actively downloading data, + the DHT will protect some peers for routing, and the peering subsystem will + protect all "peered" nodes. +* It has existed for longer than the `GracePeriod`. **Example:** @@ -945,3 +1094,197 @@ connections. It works by: } } ``` + +##### `Swarm.ConnMgr.LowWater` + +LowWater is the number of connections that the basic connection manager will +trim down to. + +Default: `600` + +Type: `integer` + +##### `Swarm.ConnMgr.HighWater` + +HighWater is the number of connections that, when exceeded, will trigger a +connection GC operation. Note: protected/recently formed connections don't count +towards this limit. + +Default: `900` + +Type: `integer` + +##### `Swarm.ConnMgr.GracePeriod` + +GracePeriod is a time duration that new connections are immune from being closed +by the connection manager. + +Default: `"20s"` + +Type: `duration` + +### `Swarm.Transports` + +Configuration section for libp2p transports. An empty configuration will apply +the defaults. + +### `Swarm.Transports.Network` + +Configuration section for libp2p _network_ transports. Transports enabled in +this section will be used for dialing. However, to receive connections on these +transports, multiaddrs for these transports must be added to `Addresses.Swarm`. + +Supported transports are: QUIC, TCP, WS, and Relay. + +Each field in this section is a `flag`. + +#### `Swarm.Transports.Network.TCP` + +[TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) is the most +widely used transport by go-ipfs nodes. It doesn't directly support encryption +and/or multiplexing, so libp2p will layer a security & multiplexing transport +over it. + +Default: Enabled + +Type: `flag` + +Listen Addresses: +* /ip4/0.0.0.0/tcp/4001 (default) +* /ip6/::/tcp/4001 (default) + +#### `Swarm.Transports.Network.Websocket` + +[Websocket](https://en.wikipedia.org/wiki/WebSocket) is a transport usually used +to connect to non-browser-based IPFS nodes from browser-based js-ipfs nodes. + +While it's enabled by default for dialing, go-ipfs doesn't listen on this +transport by default. + +Default: Enabled + +Type: `flag` + +Listen Addresses: +* /ip4/0.0.0.0/tcp/4002/ws +* /ip6/::/tcp/4002/ws + +#### `Swarm.Transports.Network.QUIC` + +[QUIC](https://en.wikipedia.org/wiki/QUIC) is a UDP-based transport with +built-in encryption and multiplexing. The primary benefits over TCP are: + +1. It doesn't require a file descriptor per connection, easing the load on the OS. +2. It currently takes 2 round trips to establish a connection (our TCP transport + currently takes 6). + +Default: Enabled + +Type: `flag` + +Listen Addresses: +* /ip4/0.0.0.0/udp/4001/quic (default) +* /ip6/::/udp/4001/quic (default) + +#### `Swarm.Transports.Network.Relay` + +[Libp2p Relay](https://github.com/libp2p/specs/tree/master/relay) proxy +transport that forms connections by hopping between multiple libp2p nodes. This +transport is primarily useful for bypassing firewalls and NATs. + +Default: Enabled + +Type: `flag` + +Listen Addresses: This transport is special. Any node that enables this +transport can receive inbound connections on this transport, without specifying +a listen address. + +### `Swarm.Transports.Security` + +Configuration section for libp2p _security_ transports. Transports enabled in +this section will be used to secure unencrypted connections. + +Security transports are configured with the `priority` type. + +When establishing an _outbound_ connection, go-ipfs will try each security +transport in priority order (lower first), until it finds a protocol that the +receiver supports. When establishing an _inbound_ connection, go-ipfs will let +the initiator choose the protocol, but will refuse to use any of the disabled +transports. + +Supported transports are: TLS (priority 100), SECIO (priority 200), Noise +(priority 300). + +No default priority will ever be less than 100. + +#### `Swarm.Transports.Security.TLS` + +[TLS](https://github.com/libp2p/specs/tree/master/tls) (1.3) is the default +security transport as of go-ipfs 0.5.0. It's also the most scrutinized and +trusted security transport. + +Default: `100` + +Type: `priority` + +#### `Swarm.Transports.Security.SECIO` + +[SECIO](https://github.com/libp2p/specs/tree/master/secio) is the most widely +supported IPFS & libp2p security transport. However, it is currently being +phased out in favor of more popular and better vetted protocols like TLS and +Noise. + +Default: `200` + +Type: `priority` + +#### `Swarm.Transports.Security.Noise` + +[Noise](https://github.com/libp2p/specs/tree/master/noise) is slated to replace +TLS as the cross-platform, default libp2p protocol due to ease of +implementation. It is currently enabled by default but with low priority as it's +not yet widely supported. + +Default: `300` + +Type: `priority` + +### `Swarm.Transports.Multiplexers` + +Configuration section for libp2p _multiplexer_ transports. Transports enabled in +this section will be used to multiplex duplex connections. + +Multiplexer transports are secured the same way security transports are, with +the `priority` type. Like with security transports, the initiator gets their +first choice. + +Supported transports are: Yamux (priority 100) and Mplex (priority 200) + +No default priority will ever be less than 100. + +### `Swarm.Transports.Multiplexers.Yamux` + +Yamux is the default multiplexer used when communicating between go-ipfs nodes. + +Default: `100` + +Type: `priority` + +### `Swarm.Transports.Multiplexers.Mplex` + +Mplex is the default multiplexer used when communicating between go-ipfs and all +other IPFS and libp2p implementations. Unlike Yamux: + +* Mplex is a simpler protocol. +* Mplex is more efficient. +* Mplex does not have built-in keepalives. +* Mplex does not support backpressure. Unfortunately, this means that, if a + single stream to a peer gets backed up for a period of time, the mplex + transport will kill the stream to allow the others to proceed. On the other + hand, the lack of backpressure means mplex can be significantly faster on some + high-latency connections. + +Default: `200` + +Type: `priority` diff --git a/docs/environment-variables.md b/docs/environment-variables.md index b2338ae3fc93..7f7d0f53bd14 100644 --- a/docs/environment-variables.md +++ b/docs/environment-variables.md @@ -98,6 +98,8 @@ $ ipfs resolve -r /ipns/dnslink-test2.example.com ## `LIBP2P_MUX_PREFS` +Deprecated: Use the `Swarm.Transports.Multiplexers` config field. + Tells go-ipfs which multiplexers to use in which order. Default: "/yamux/1.0.0 /mplex/6.7.0" diff --git a/docs/experimental-features.md b/docs/experimental-features.md index 6fd639e76203..725ccd46251f 100644 --- a/docs/experimental-features.md +++ b/docs/experimental-features.md @@ -550,12 +550,17 @@ Experimental, enabled by default ### How to enable -While the Noise transport is now shipped and enabled by default in go-ipfs, it won't be used by default for most connections because TLS and SECIO are currently preferred. If you'd like to test out the Noise transport, you can use the `Experimental.OverrideSecurityTransports` option to enable, disable, and reorder security transports. +While the Noise transport is now shipped and enabled by default in go-ipfs, it won't be used by default for most connections because TLS and SECIO are currently preferred. If you'd like to test out the Noise transport, you can increase the priority of the noise transport: -For example, to prefer noise over TLS and disable SECIO, run: +``` +ipfs config --json Swarm.Transports.Security.Noise 1 +``` + +Or even disable TLS and/or SECIO (not recommended for the moment): ``` -ipfs config --json Experimental.OverrideSecurityTransports '["noise", "tls"]' +ipfs config --json Swarm.Transports.Security.TLS false +ipfs config --json Swarm.Transports.Security.SECIO false ``` ### Road to being a real feature diff --git a/go.mod b/go.mod index 7bbb9998baa8..8b81a3aeeee0 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( github.com/ipfs/go-ipfs-blockstore v0.1.4 github.com/ipfs/go-ipfs-chunker v0.0.5 github.com/ipfs/go-ipfs-cmds v0.2.9 - github.com/ipfs/go-ipfs-config v0.7.1 + github.com/ipfs/go-ipfs-config v0.7.3-0.20200616074558-7fbc0dffff0c github.com/ipfs/go-ipfs-ds-help v0.1.1 github.com/ipfs/go-ipfs-exchange-interface v0.0.1 github.com/ipfs/go-ipfs-exchange-offline v0.0.1 @@ -83,6 +83,8 @@ require ( github.com/libp2p/go-libp2p-tls v0.1.3 github.com/libp2p/go-libp2p-yamux v0.2.8 github.com/libp2p/go-socket-activation v0.0.2 + github.com/libp2p/go-tcp-transport v0.2.0 + github.com/libp2p/go-ws-transport v0.3.1 github.com/mattn/go-runewidth v0.0.9 // indirect github.com/miekg/dns v1.1.29 // indirect github.com/mitchellh/go-homedir v1.1.0 @@ -105,7 +107,7 @@ require ( go.uber.org/zap v1.15.0 golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect - golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2 // indirect + golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2 golang.org/x/sys v0.0.0-20200523222454-059865788121 golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375 // indirect gopkg.in/cheggaaa/pb.v1 v1.0.28 diff --git a/go.sum b/go.sum index 605c21636b6c..b271ffbe20a3 100644 --- a/go.sum +++ b/go.sum @@ -342,8 +342,8 @@ github.com/ipfs/go-ipfs-chunker v0.0.5 h1:ojCf7HV/m+uS2vhUGWcogIIxiO5ubl5O57Q7Na github.com/ipfs/go-ipfs-chunker v0.0.5/go.mod h1:jhgdF8vxRHycr00k13FM8Y0E+6BoalYeobXmUyTreP8= github.com/ipfs/go-ipfs-cmds v0.2.9 h1:zQTENe9UJrtCb2bOtRoDGjtuo3rQjmuPdPnVlqoBV/M= github.com/ipfs/go-ipfs-cmds v0.2.9/go.mod h1:ZgYiWVnCk43ChwoH8hAmI1IRbuVtq3GSTHwtRB/Kqhk= -github.com/ipfs/go-ipfs-config v0.7.1 h1:57ZzoiUIbOIT01x1RconKtCv1MElV/6+kqW8hZY9NJ4= -github.com/ipfs/go-ipfs-config v0.7.1/go.mod h1:GQUxqb0NfkZmEU92PxqqqLVVFTLpoGGUlBaTyDaAqrE= +github.com/ipfs/go-ipfs-config v0.7.3-0.20200616074558-7fbc0dffff0c h1:15sXXs5slO1ZZC6ST4299v1B1gCbE6hYtIvAES6R2U8= +github.com/ipfs/go-ipfs-config v0.7.3-0.20200616074558-7fbc0dffff0c/go.mod h1:GQUxqb0NfkZmEU92PxqqqLVVFTLpoGGUlBaTyDaAqrE= github.com/ipfs/go-ipfs-delay v0.0.0-20181109222059-70721b86a9a8/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw= github.com/ipfs/go-ipfs-delay v0.0.1 h1:r/UXYyRcddO6thwOnhiznIAiSvxMECGgtv35Xs1IeRQ= github.com/ipfs/go-ipfs-delay v0.0.1/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw= diff --git a/test/sharness/t0125-twonode.sh b/test/sharness/t0125-twonode.sh index a3b1006a4d38..029ebc76d22b 100755 --- a/test/sharness/t0125-twonode.sh +++ b/test/sharness/t0125-twonode.sh @@ -89,38 +89,47 @@ test_expect_success "set up tcp testbed" ' iptb testbed create -type localipfs -count 2 -force -init ' +addrs='"[\"/ip4/127.0.0.1/tcp/0\", \"/ip4/127.0.0.1/udp/0/quic\"]"' +test_expect_success "configure addresses" ' + iptb run -- ipfs config --json Addresses.Swarm '${addrs}' +' + # Test TCP transport echo "Testing TCP" -tcp_addr='"[\"/ip4/127.0.0.1/tcp/0\"]"' test_expect_success "use TCP only" ' - ipfsi 0 config --json Addresses.Swarm '${tcp_addr}' && - ipfsi 1 config --json Addresses.Swarm '${tcp_addr}' + iptb run -- ips config --json Swarm.Transports.Network.QUIC false && + iptb run -- ips config --json Swarm.Transports.Network.Relay false && + iptb run -- ips config --json Swarm.Transports.Network.Websocket false && ' run_advanced_test # test multiplex muxer echo "Running advanced tests with mplex" -export LIBP2P_MUX_PREFS="/mplex/6.7.0" -run_advanced_test "--enable-mplex-experiment" -unset LIBP2P_MUX_PREFS +test_expect_success "disable yamux" ' + iptb run -- ips config --json Swarm.Transports.Multiplexers.Yamux false +' +run_advanced_test + +test_expect_success "re-enable yamux" ' + iptb run -- ips config --json Swarm.Transports.Multiplexers.Yamux null +' # test Noise echo "Running advanced tests with NOISE" noise_transports='"[\"noise\"]"' test_expect_success "use noise only" ' - ipfsi 0 config --json Experimental.OverrideSecurityTransports '${noise_transports}' && - ipfsi 1 config --json Experimental.OverrideSecurityTransports '${noise_transports}' + iptb run -- ipfs config --json Swarm.Transports.Security TLS false && + iptb run -- ipfs config --json Swarm.Transports.Security Secio false ' run_advanced_test # test QUIC echo "Running advanced tests over QUIC" -addr1='"[\"/ip4/127.0.0.1/udp/0/quic\"]"' test_expect_success "use QUIC only" ' - ipfsi 0 config --json Addresses.Swarm '${quic_addr}' && - ipfsi 1 config --json Addresses.Swarm '${quic_addr}' + iptb run -- ips config --json Swarm.Transports.Network.QUIC true && + iptb run -- ips config --json Swarm.Transports.Network.TCP false ' run_advanced_test diff --git a/test/sharness/t0130-multinode.sh b/test/sharness/t0130-multinode.sh index e0a27b666004..c018908d132b 100755 --- a/test/sharness/t0130-multinode.sh +++ b/test/sharness/t0130-multinode.sh @@ -88,24 +88,27 @@ test_expect_success "set up /tcp testbed" ' iptb testbed create -type localipfs -count 5 -force -init ' -# test multiplex muxer -export LIBP2P_MUX_PREFS="/mplex/6.7.0" +# test default configuration run_advanced_test -unset LIBP2P_MUX_PREFS -# test default configuration +# test multiplex muxer +test_expect_success "disable yamux" ' + iptb run -- ipfs config --json Swarm.Transports.Multiplexers.Yamux false +' run_advanced_test test_expect_success "set up /ws testbed" ' iptb testbed create -type localipfs -count 5 -attr listentype,ws -force -init ' +# test default configuration +run_advanced_test + # test multiplex muxer -export LIBP2P_MUX_PREFS="/mplex/6.7.0" -run_advanced_test "--enable-mplex-experiment" -unset LIBP2P_MUX_PREFS +test_expect_success "disable yamux" ' + iptb run -- ipfs config --json Swarm.Transports.Multiplexers.Yamux false +' -# test default configuration run_advanced_test diff --git a/test/sharness/t0191-noise.sh b/test/sharness/t0191-noise.sh index 4787dfc53fd5..bffec2d80c91 100755 --- a/test/sharness/t0191-noise.sh +++ b/test/sharness/t0191-noise.sh @@ -11,14 +11,14 @@ test_expect_success 'init iptb' ' iptb testbed create -type localipfs -count 3 -init ' -noise_transports='"[\"noise\"]"' -other_transports='"[\"tls\",\"secio\"]"' tcp_addr='"[\"/ip4/127.0.0.1/tcp/0\"]"' test_expect_success "configure security transports" ' - ipfsi 0 config --json Experimental.OverrideSecurityTransports '${noise_transports}' && - ipfsi 1 config --json Experimental.OverrideSecurityTransports '${noise_transports}' && - ipfsi 2 config --json Experimental.OverrideSecurityTransports '${other_transports}' && - iptb run -- ipfs config --json Addresses.Swarm '${tcp_addr}' +iptb run <