fix(libp2p): quieter dead-listener check#11342
Merged
Merged
Conversation
Scope the v0.42 dead-listener ERROR to explicit listens in Addresses.Swarm: a server-profile node with default `/ip4/0.0.0.0` and `/ip6/::` listens otherwise logged ERROR for every loopback, Docker bridge, ULA, or other private interface the wildcard expanded into, drowning the actual gotcha (a `/ip4/127.0.0.1/tcp/.../ws` listener fronted by a local reverse proxy). Log routing: - AddrFilters + explicit listen: ERROR (whole listener unreachable). - AddrFilters + wildcard expansion: DEBUG (other interfaces still serve). - NoAnnounce match: DEBUG (operator intent, useful when tracing identify or DHT contents).
Explicit-ness keyed on the listener IP alone, so a wildcard listen expanding onto an interface whose IP was also bound explicitly on another port (server profile plus a /ip4/127.0.0.1/.../ws reverse proxy) was logged as a spurious ERROR. Match the full resolved multiaddr instead: InterfaceListenAddresses echoes a specific-IP listen verbatim while a wildcard never resolves to itself.
Classify a dead listener as explicit by its bound socket (IP, transport, port) instead of the full multiaddr string. A listener is reported under a different multiaddr than its Addresses.Swarm entry once a transport rewrites trailing components: WebTransport appends /certhash, WebSocket turns /wss into /tls/ws. The string compare missed these and silently downgraded the affected explicit listeners from ERROR to DEBUG, hiding the reverse-proxy gotcha the check exists to surface. The transport is part of the key because TCP and QUIC share a port number by default (4001), so a pinned QUIC listener must not promote the same-port TCP wildcard expansion to ERROR.
gammazero
approved these changes
Jun 3, 2026
lidel
added a commit
that referenced
this pull request
Jun 5, 2026
* fix(libp2p): quieter dead-listener check Scope the v0.42 dead-listener ERROR to explicit listens in Addresses.Swarm: a server-profile node with default `/ip4/0.0.0.0` and `/ip6/::` listens otherwise logged ERROR for every loopback, Docker bridge, ULA, or other private interface the wildcard expanded into, drowning the actual gotcha (a `/ip4/127.0.0.1/tcp/.../ws` listener fronted by a local reverse proxy). Log routing: - AddrFilters + explicit listen: ERROR (whole listener unreachable). - AddrFilters + wildcard expansion: DEBUG (other interfaces still serve). - NoAnnounce match: DEBUG (operator intent, useful when tracing identify or DHT contents). * fix(libp2p): match explicit listens by full addr Explicit-ness keyed on the listener IP alone, so a wildcard listen expanding onto an interface whose IP was also bound explicitly on another port (server profile plus a /ip4/127.0.0.1/.../ws reverse proxy) was logged as a spurious ERROR. Match the full resolved multiaddr instead: InterfaceListenAddresses echoes a specific-IP listen verbatim while a wildcard never resolves to itself. * fix(libp2p): match explicit listens by socket Classify a dead listener as explicit by its bound socket (IP, transport, port) instead of the full multiaddr string. A listener is reported under a different multiaddr than its Addresses.Swarm entry once a transport rewrites trailing components: WebTransport appends /certhash, WebSocket turns /wss into /tls/ws. The string compare missed these and silently downgraded the affected explicit listeners from ERROR to DEBUG, hiding the reverse-proxy gotcha the check exists to surface. The transport is part of the key because TCP and QUIC share a port number by default (4001), so a pinned QUIC listener must not promote the same-port TCP wildcard expansion to ERROR.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What was broken
The dead-listener check added in #11299 (v0.42) logs an ERROR for every
Addresses.Swarmlistener whose IP falls inside anAddresses.NoAnnounceorSwarm.AddrFiltersCIDR. On aserver-profile node with default/ip4/0.0.0.0and/ip6/::listens, the wildcards expand to every interface (loopback, Docker bridge172.17.0.1, ULAfd7d:...), each matching a server-profile CIDR. Result: 20+ ERROR lines at startup describing intentional behavior, drowning the actual signal: an explicit/ip4/127.0.0.1/tcp/.../wslistener fronted by nginx or Caddy that the gater silently RSTs.How this PR fixes it
Findings route by source and origin:
Swarm.AddrFilters+ explicit listen inAddresses.Swarm: ERROR. The whole listener is unreachable (the reverse-proxy gotcha).Swarm.AddrFilters+ wildcard expansion: DEBUG. Other interfaces still serve.Addresses.NoAnnouncematch: DEBUG. Useful when tracing identify or DHT contents.The v0.42 release notes are updated to describe the routed behavior.