js-libp2p icon indicating copy to clipboard operation
js-libp2p copied to clipboard
verified publisher icon libp2p

Return only non-deprecated temporary IPv6 addresses in node.js

Open achingbrain opened this issue 1 year ago • 4 comments

When we listen a wildcard interface (e.g. add /ip4/0.0.0.0/tcp/0 or /ip6/::/tcp/0 to addresses.listen), the transport in question loops over the output of os.networkInterfaces() to work out which addresses the node is reachable on.

This works find for IPv4, but for IPv6 we get a multiple addresses reported for the interface.

Because IPv6 addresses can identify a host uniquely in the world, OSs generate temporary addresses for traffic that will leave the local network as a privacy measure.

Each temporary address exists for a limited time - when a new temporary address is generated, older addresses are marked "deprecated" which means they'll be removed at some point in the near future.

Ideally when reporting the addresses we are listening on, we'd filter out any deprecated addresses to keep our peer records small and to avoid broadcasting soon-to-be-removed addresses.

Unfortunately this information is not available in the Node.js API.

  • https://github.com/libuv/libuv/pull/1371 adds the relevant feature in libuv
  • https://github.com/nodejs/node/issues/14977 tracks the issue in Node.js

An alternative is to use the network-interfaces-plus module which uses a native add-on to access the flags for each interface. The module is not well used and it's compatibility with current or future versions of Node.js is unclear, there may be other options.

achingbrain avatar Dec 04 '24 12:12 achingbrain

Wondering if deprecated addresses are still removed when there is a server is listening on them? Will do some tests over the weekend

dozyio avatar Dec 05 '24 00:12 dozyio

How about adding a note to the docs regarding disabling temporary addresses?

sudo sysctl -w net.inet6.ip6.use_tempaddr=0
ifconfig en0 down
ifconfig en0 up

dozyio avatar Feb 20 '25 16:02 dozyio

I'm not sure, I think we want them since they are a ~~security~~ privacy feature?

achingbrain avatar Feb 20 '25 17:02 achingbrain

Can confirm addresses are removed if a sever is listening on it, at least on macos. Open connections stay up though.

Checked aws & digital ocean linux servers - both have privacy disabled

Maybe some sort of polling address monitor could help?

These settings seem to trigger ipv6 temporary addresses fairly rapidly

sudo sysctl -w net.inet6.ip6.tempvltime=120
sudo sysctl -w net.inet6.ip6.temppltime=120
sudo ifconfig en0 down
sudo ifconfig en0 up

import { networkInterfaces } from 'os';
import { EventEmitter } from 'events';

class LocalAddressMonitor extends EventEmitter {
  constructor(pollInterval = 1000) {
    super();
    this.pollInterval = pollInterval;
    this.currentAddresses = [];
    this.timer = null;
  }

  // Start polling for address changes
  start() {
    this.currentAddresses = this.getLocalAddresses();
    this.timer = setInterval(() => {
      const newAddresses = this.getLocalAddresses();
      if (this.haveAddressesChanged(newAddresses)) {
        this.currentAddresses = newAddresses;
        this.emit('change', newAddresses);
      }
    }, this.pollInterval);
  }

  // Stop the polling
  stop() {
    if (this.timer) {
      clearInterval(this.timer);
      this.timer = null;
    }
  }

  getLocalAddresses() {
    const interfaces = networkInterfaces();
    let addresses = [];
    for (const ifaceName in interfaces) {
      for (const iface of interfaces[ifaceName]) {
        // Ignore internal addresses like 127.0.0.1
        if (iface.internal) continue;
        addresses.push({
          interface: ifaceName,
          address: iface.address,
          family: iface.family,
          netmask: iface.netmask,
          cidr: iface.cidr
        });
      }
    }
    return addresses;
  }

  // Compare the previous and new address lists to see if a change occurred
  haveAddressesChanged(newAddresses) {
    if (this.currentAddresses.length !== newAddresses.length) return true;

    const sortFn = (a, b) => a.address.localeCompare(b.address);
    const old = this.currentAddresses.slice().sort(sortFn);
    const neu = newAddresses.slice().sort(sortFn);

    for (let i = 0; i < old.length; i++) {
      if (old[i].address !== neu[i].address || old[i].family !== neu[i].family) {
        return true;
      }
    }
    return false;
  }
}

// Example usage:
const monitor = new LocalAddressMonitor(1000); // Poll every 1 seconds

monitor.on('change', (addresses) => {
  console.log("");
  console.log('Local IP addresses have changed:');
  addresses.forEach((addrInfo) => {
    console.log(addrInfo.address);
  });
});

monitor.start();

// Gracefully stop the monitor on application exit
process.on('SIGINT', () => {
  monitor.stop();
  process.exit();
});

dozyio avatar Feb 21 '25 18:02 dozyio