fix: run UPnP nat on address change, update nat port mapper (#2797)

- Updates NAT port mapper to handle unavailable ports
- Runs NAT port mapping on address change rather than once at startup
- Re-maps addresses when the public IP address changes

Author: achingbrain

packages/upnp-nat/package.json

@@ -50,12 +50,15 @@
     "test:electron-main": "aegir test -t electron-main"
   },
   "dependencies": {
-    "@achingbrain/nat-port-mapper": "^1.0.13",
+    "@achingbrain/nat-port-mapper": "^2.0.1",
+    "@chainsafe/is-ip": "^2.0.2",
     "@libp2p/interface": "^2.2.0",
     "@libp2p/interface-internal": "^2.0.10",
     "@libp2p/utils": "^6.1.3",
     "@multiformats/multiaddr": "^12.2.3",
-    "wherearewe": "^2.0.1"
+    "@multiformats/multiaddr-matcher": "^1.4.0",
+    "p-defer": "^4.0.1",
+    "race-signal": "^1.1.0"
   },
   "devDependencies": {
     "@libp2p/crypto": "^5.0.6",

packages/upnp-nat/src/check-external-address.ts

@@ -0,0 +1,139 @@
+import { NotStartedError, start, stop } from '@libp2p/interface'
+import { repeatingTask } from '@libp2p/utils/repeating-task'
+import { multiaddr } from '@multiformats/multiaddr'
+import pDefer from 'p-defer'
+import { raceSignal } from 'race-signal'
+import type { NatAPI } from '@achingbrain/nat-port-mapper'
+import type { AbortOptions, ComponentLogger, Logger, Startable } from '@libp2p/interface'
+import type { AddressManager } from '@libp2p/interface-internal'
+import type { RepeatingTask } from '@libp2p/utils/repeating-task'
+import type { DeferredPromise } from 'p-defer'
+
+export interface ExternalAddressCheckerComponents {
+  client: NatAPI
+  addressManager: AddressManager
+  logger: ComponentLogger
+}
+
+export interface ExternalAddressCheckerInit {
+  interval?: number
+  timeout?: number
+  autoConfirmAddress?: boolean
+}
+
+export interface ExternalAddress {
+  getPublicIp (options?: AbortOptions): Promise<string> | string
+}
+
+/**
+ * Monitors the external network address and notifies when/if it changes
+ */
+class ExternalAddressChecker implements ExternalAddress, Startable {
+  private readonly log: Logger
+  private readonly client: NatAPI
+  private readonly addressManager: AddressManager
+  private started: boolean
+  private lastPublicIp?: string
+  private readonly lastPublicIpPromise: DeferredPromise<string>
+  private readonly check: RepeatingTask
+  private readonly autoConfirmAddress: boolean
+
+  constructor (components: ExternalAddressCheckerComponents, init: ExternalAddressCheckerInit = {}) {
+    this.log = components.logger.forComponent('libp2p:upnp-nat:external-address-check')
+    this.client = components.client
+    this.addressManager = components.addressManager
+    this.autoConfirmAddress = init.autoConfirmAddress ?? false
+    this.started = false
+
+    this.checkExternalAddress = this.checkExternalAddress.bind(this)
+
+    this.lastPublicIpPromise = pDefer()
+
+    this.check = repeatingTask(this.checkExternalAddress, init.interval ?? 30000, {
+      timeout: init.timeout ?? 10000,
+      runImmediately: true
+    })
+  }
+
+  async start (): Promise<void> {
+    if (this.started) {
+      return
+    }
+
+    await start(this.check)
+
+    this.check.start()
+    this.started = true
+  }
+
+  async stop (): Promise<void> {
+    await stop(this.check)
+
+    this.started = false
+  }
+
+  /**
+   * Return the last public IP address we found, or wait for it to be found
+   */
+  async getPublicIp (options?: AbortOptions): Promise<string> {
+    if (!this.started) {
+      throw new NotStartedError('Not started yet')
+    }
+
+    return this.lastPublicIp ?? raceSignal(this.lastPublicIpPromise.promise, options?.signal, {
+      errorMessage: 'Requesting the public IP from the network gateway timed out - UPnP may not be enabled'
+    })
+  }
+
+  private async checkExternalAddress (options?: AbortOptions): Promise<void> {
+    try {
+      const externalAddress = await this.client.externalIp(options)
+
+      // check if our public address has changed
+      if (this.lastPublicIp != null && externalAddress !== this.lastPublicIp) {
+        this.log('external address changed from %s to %s', this.lastPublicIp, externalAddress)
+
+        for (const ma of this.addressManager.getAddresses()) {
+          const addrString = ma.toString()
+
+          if (!addrString.includes(this.lastPublicIp)) {
+            continue
+          }
+
+          // create a new version of the multiaddr with the new public IP
+          const newAddress = multiaddr(addrString.replace(this.lastPublicIp, externalAddress))
+
+          // remove the old address and add the new one
+          this.addressManager.removeObservedAddr(ma)
+          this.addressManager.confirmObservedAddr(newAddress)
+
+          if (this.autoConfirmAddress) {
+            this.addressManager.confirmObservedAddr(newAddress)
+          } else {
+            this.addressManager.addObservedAddr(newAddress)
+          }
+        }
+      }
+
+      this.lastPublicIp = externalAddress
+      this.lastPublicIpPromise.resolve(externalAddress)
+    } catch (err: any) {
+      if (this.lastPublicIp != null) {
+        // ignore the error if we've previously run successfully
+        return
+      }
+
+      this.lastPublicIpPromise.reject(err)
+    }
+  }
+}
+
+export function dynamicExternalAddress (components: ExternalAddressCheckerComponents, init: ExternalAddressCheckerInit = {}): ExternalAddress {
+  return new ExternalAddressChecker(components, init)
+}
+
+export function staticExternalAddress (address: string): ExternalAddress {
+  return {
+    getPublicIp: () => address
+  }
+}

packages/upnp-nat/src/errors.ts

@@ -4,3 +4,8 @@ export class DoubleNATError extends Error {
     this.name = 'DoubleNATError'
   }
 }
+
+export class InvalidIPAddressError extends Error {
+  static name = 'InvalidIPAddressError'
+  name = 'InvalidIPAddressError'
+}

packages/upnp-nat/src/index.ts

@@ -36,8 +36,8 @@
  */
 
 import { UPnPNAT as UPnPNATClass, type NatAPI, type MapPortOptions } from './upnp-nat.js'
-import type { ComponentLogger, NodeInfo, PeerId } from '@libp2p/interface'
-import type { AddressManager, TransportManager } from '@libp2p/interface-internal'
+import type { ComponentLogger, Libp2pEvents, NodeInfo, PeerId, TypedEventTarget } from '@libp2p/interface'
+import type { AddressManager } from '@libp2p/interface-internal'
 
 export type { NatAPI, MapPortOptions }
 
@@ -50,10 +50,27 @@ export interface PMPOptions {
 
 export interface UPnPNATInit {
   /**
-   * Pass a value to use instead of auto-detection
+   * Pass a string to hard code the external address, otherwise it will be
+   * auto-detected
    */
   externalAddress?: string
 
+  /**
+   * Check if the external address has changed this often in ms. Ignored if an
+   * external address is specified.
+   *
+   * @default 30000
+   */
+  externalAddressCheckInterval?: number
+
+  /**
+   * Do not take longer than this to check if the external address has changed
+   * in ms.  Ignored if an external address is specified.
+   *
+   * @default 10000
+   */
+  externalAddressCheckTimeout?: number
+
   /**
    * Pass a value to use instead of auto-detection
    */
@@ -78,14 +95,50 @@ export interface UPnPNATInit {
    * Pass a value to use instead of auto-detection
    */
   gateway?: string
+
+  /**
+   * How long in ms to wait before giving up trying to auto-detect a
+   * `urn:schemas-upnp-org:device:InternetGatewayDevice:1` device on the local
+   * network
+   *
+   * @default 10000
+   */
+  gatewayDetectionTimeout?: number
+
+  /**
+   * Ports are mapped when the `self:peer:update` event fires, which happens
+   * when the node's addresses change. To avoid starting to map ports while
+   * multiple addresses are being added, the mapping function is debounced by
+   * this number of ms
+   *
+   * @default 5000
+   */
+  delay?: number
+
+  /**
+   * A preconfigured instance of a NatAPI client can be passed as an option,
+   * otherwise one will be created
+   */
+  client?: NatAPI
+
+  /**
+   * Any mapped addresses are added to the observed address list. These
+   * addresses require additional verification by the `@libp2p/autonat` protocol
+   * or similar before they are trusted.
+   *
+   * To skip this verification and trust them immediately pass `true` here
+   *
+   * @default false
+   */
+  autoConfirmAddress?: boolean
 }
 
 export interface UPnPNATComponents {
   peerId: PeerId
   nodeInfo: NodeInfo
   logger: ComponentLogger
-  transportManager: TransportManager
   addressManager: AddressManager
+  events: TypedEventTarget<Libp2pEvents>
 }
 
 export interface UPnPNAT {