On Friday 15 May 2009 17:05:09 Robert Hailey wrote: > > On May 14, 2009, at 5:06 PM, Matthew Toseland wrote: > > > On Thursday 14 May 2009 20:36:31 Robert Hailey wrote: > >> > >> On May 14, 2009, at 12:17 PM, Matthew Toseland wrote: > >> > >>> Because we were both on the same LAN, it did not connect, until I > >>> told him to > >>> set it to allow local addresses on that peer. There should be a > >>> checkbox when > >>> adding a noderef, defaulting to on, "Friend may be on the same local > >>> network > >>> as me" or something. (#3098) > >> > >> I think that it should be possible to automatically detect this. > >> Specifically, if we detect that our peer has the same "external > >> address" as us, try and connect locally. Is that a reliable > >> indicator? > > > > Not very (what if it changes?) ... we don't want darknet peers to > > cause us to > > connect to addresses on our LAN ... otherwise the solution is simply > > to try > > the local addresses included ... > > I agree that we don't want to try the local addresses of ~all~ our > peers; local connections are in principal an exception and not cause > enough to be sending so much local garbage handshaking traffic (that > could give away a freenet node). > > But I think this is the right way to go... If it is not defined for a > given peer (allow/disallow local connections), then we could just > calculate the default boolean as > his.extAddresses.containsAny(my.extAddresses).... if it matches, then > there is an excellent chance of it being a local connection (99%). If > it changes, that's great! The decision to try local connections would > change too! As it's probably a laptop that has floated out of the LAN > (and we would want to stop sending handshakes to the local address > anyway). At worst we might send a few garbage handshakes to local non- > freenet machine until we connect to the node & find it's new external > address. > > The reason I think this would solve the problem because (I think) the > principal reason that the nodes could not communicate is because the > gateway would have to send a packet to itself (many inexpensive or > firewalled ones will not). > > e.g. > internal -> firewall -> external (generally works w/ current > countermeasures) > > internal --> > firewall > internal <-- > > Does not work (at least for me). So what I propose is really an > extension of "detecting the problem" (the gateway which has the same > external ip). Don't know about multihoming, but I presume that this is > works in the common case.
Nonetheless it is highly unreliable as a way to detect it with dynamic external IP address, especially given that the two nodes are unable to communicate by any other means. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090521/750183d2/attachment.pgp>