Add Network::probe_address for non-disruptive reachability + identity probing#13
Closed
aschran wants to merge 8 commits into
Closed
Add Network::probe_address for non-disruptive reachability + identity probing#13aschran wants to merge 8 commits into
aschran wants to merge 8 commits into
Conversation
Move route, add_rpc_service, and merge onto Router<ServicesOpen>; route_layer transitions to Router<ServicesSealed>, on which only further route_layer calls are available. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* anemo: allow separate max_frame_size for requests and responses Adds `max_request_frame_size` and `max_response_frame_size` Config options. Each falls back to `max_frame_size` when unset, preserving existing behavior. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix rustdoc intra-doc link to public Config fields Rename the private accessors (`max_request_frame_size`, `max_response_frame_size`) to `request_frame_size` / `response_frame_size` so the public field names referenced in the `max_frame_size` doc comment resolve to the public fields rather than the private methods. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Add inbound connection admission control to the QUIC endpoint * doc fix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
A discovery-shared address prober (built in the
suirepo) needs to check whether a peer's advertised address is actually reachable and presents the expected cryptographic identity — without joining the peer set or disturbing any existing production connection to that peer. anemo had the low-level dial primitive but no safe, non-disruptive way to use it as a probe.What
Adds
Network::probe_address(addr, expected_peer_id) -> ProbeOutcome: a short-lived QUIC+TLS connection that verifies reachability + identity, then closes. It bypasses the connection manager (and its peer-id dedup) entirely.Probes are marked with a dedicated probe server-name (SNI),
anemo-probe:add_peer, so a probe never reaches simultaneous-dial tie-breaking and can never displace the peer's production connection. Prompt close is a secondary safety net.Supporting changes:
Connection::server_name()exposes the negotiated SNI (read from quinn's handshake data);client_config_for_probeis factored alongside the existing expected-identity client config.Identity is enforced at the TLS layer, so a
ProbeOutcome::Reachableresult means both reachability and identity were confirmed; other outcomes distinguish unreachable / wrong-identity / bad-address / timeout.Tests
New unit tests cover identity match, identity mismatch, unreachable address, and — most importantly — that probing a peer with an existing connection does not disrupt it (no
LostPeerevent, peer stays connected, RPC still works).