fix(autonatv2): secondary addrs inherit reachability from primary#3435
Merged
fix(autonatv2): secondary addrs inherit reachability from primary#3435
Conversation
secondary transports (WSS, WebTransport, WebRTC) now inherit ReachabilityPublic from their primary transport (TCP, QUIC) when they share the same network socket. rationale: as the Amino DHT gained more diverse implementations (2025 Q4), we observed false negatives where AutoNAT v2 probes failed for secondary protocols not because the port was blocked, but because the probing peer simply didn't support the protocol. there is also a chicken-and-egg problem with AutoTLS (p2p-forge): WSS probes fail during initial setup because the TLS certificate is not provisioned yet. without inheritance, WSS would be marked unreachable and excluded from announcements. waiting for the next probe cycle means ~5 minutes without WSS on initial start or when cert needs renewal. when the primary confirms the port is network-reachable, secondary addresses sharing that socket are also reachable to peers that support those protocols. inheriting Public from a confirmed primary avoids incorrect Private status from protocol-level probe failures. inheritance is conservative: only Public propagates. Private doesn't propagate because it could indicate protocol-specific issues rather than port unreachability, so secondaries still get probed.
lidel
changed the title
sukunrt
approved these changes
Dec 9, 2025
Member
sukunrt
left a comment
sukunrt
left a comment
There was a problem hiding this comment.
This seems fine to me. I was conservative when implementing this and required 1 confirmation for the secondary address before marking it as primary. To inherit this from primary is fine too.
fixes staticcheck U1000 error in CI
Member
Author
|
@sukunrt fixed go check, lgtm from my end too. would be nice to ship it early in January, so we can include it in Kubo 0.40, helping with AutoTLS false-negatives. |
MarcoPolo
approved these changes
Jan 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
This PR aims to future-proof AutoNAT v2 so it doesn't lose its usefulness over time.
As the Amino DHT gains more diverse implementations (2025 Q4), different nodes will only support different subsets of protocols. We've already observed false negatives where AutoNAT v2 probes failed not because the port was blocked, but because the probing peer simply didn't support the protocol.
This problem is real and will only get worse. We've seen:
All of these nodes can still act as AutoNAT v2 servers, but with a limited set of transports. This acts as artificial chokepoint for deploying new protocols: they become punished by the fact majority of AutoNAT probe servers do not support them.
There is also a chicken-and-egg problem with AutoTLS (p2p-forge): WSS probes fail during initial setup because the TLS certificate is not provisioned yet. Without inheritance, WSS would be marked unreachable and excluded from announcements. Waiting for the next probe cycle means ~5 minutes without WSS on initial start or when the cert needs renewal.
Solution?
As per usual, I'm mostly improvising here, likely lacking historical context, and trying to fix problem with minimal code changes.
Secondary transports (WSS, WebTransport, WebRTC) now inherit
ReachabilityPublicfrom their primary transport (TCP, QUIC) when they share the same network socket.Based on my limited understanding this change is a prerequisite to reduce the false negatives produced by AutoNAT peers. When the primary confirms the port is reachable over the network, secondary addresses sharing that socket are also reachable to peers that support those protocols. Inheriting Public from a confirmed primary avoids incorrect Private status caused by protocol-level probe failures.
Inheritance is conservative: only Public propagates. Private does not propagate because it could indicate protocol-specific issues rather than port unreachability, so secondaries still get probed independently.
Feels like safer default long-term, but we could also make this opt-in behavior via configuration option, if that is preferable – lmk
Or maybe I missed the point here entirely?