feat: publish pkarr self-announces through the derper

Author: Frando

iroh-base/src/key.rs

@@ -229,6 +229,12 @@ impl From<VerifyingKey> for PublicKey {
     }
 }
 
+impl From<PublicKey> for VerifyingKey {
+    fn from(value: PublicKey) -> Self {
+        value.public()
+    }
+}
+
 impl Debug for PublicKey {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         write!(f, "PublicKey({})", base32::fmt_short(self.as_bytes()))
@@ -391,6 +397,12 @@ impl From<SigningKey> for SecretKey {
     }
 }
 
+impl From<SecretKey> for SigningKey {
+    fn from(secret: SecretKey) -> Self {
+        secret.secret
+    }
+}
+
 impl From<[u8; 32]> for SecretKey {
     fn from(value: [u8; 32]) -> Self {
         Self::from_bytes(&value)

iroh-net/src/bin/iroh-relay.rs

@@ -32,6 +32,7 @@ use tracing::{debug, debug_span, error, info, info_span, trace, warn, Instrument
 use tracing_subscriber::{prelude::*, EnvFilter};
 
 use metrics::StunMetrics;
+use url::Url;
 
 type BytesBody = http_body_util::Full<hyper::body::Bytes>;
 type HyperError = Box<dyn std::error::Error + Send + Sync>;
@@ -199,6 +200,8 @@ struct Config {
     #[cfg(feature = "metrics")]
     /// Metrics serve address. If not set, metrics are not served.
     metrics_addr: Option<SocketAddr>,
+    /// Pkarr relay to publish node announces to
+    pkarr_relay: Option<Url>,
 }
 
 #[derive(Serialize, Deserialize)]
@@ -249,6 +252,7 @@ impl Default for Config {
             limits: None,
             #[cfg(feature = "metrics")]
             metrics_addr: None,
+            pkarr_relay: None,
         }
     }
 }
@@ -451,6 +455,10 @@ async fn run(
             Box::new(serve_no_content_handler),
         );
     }
+
+    if let Some(pkarr_relay) = cfg.pkarr_relay {
+        builder = builder.pkarr_relay(pkarr_relay);
+    }
     let relay_server = builder.spawn().await?;
 
     // captive portal detections must be served over HTTP

iroh-net/src/discovery/dns.rs

@@ -18,8 +18,8 @@ pub const N0_TESTDNS_NODE_ORIGIN: &str = "testdns.iroh.link";
 /// Node information is resolved via an _iroh_node.z32encodednodeid TXT record.
 ///
 /// The content of this record is expected to be a DNS attribute string, with a required
-/// `node=` attribute containing the base32 encoded node id and a derp_url attribute containing the
-/// node's home Derp server.
+/// `node` attribute containing the base32 encoded node id and a `relay` attribute containing the
+/// node's home relay server.
 ///
 /// The discovery has to be configured with a `node_origin`, which is the domain name under which
 /// lookups for nodes will be made.

iroh-net/src/discovery/pkarr_publish.rs

@@ -24,7 +24,7 @@ use crate::{discovery::Discovery, dns::node_info::NodeInfo, key::SecretKey, Addr
 pub const N0_TESTDNS_PKARR_RELAY: &str = "https://testdns.iroh.link/pkarr";
 
 /// Default TTL for the _iroh_node TXT record in the pkarr signed packet
-const DEFAULT_PKARR_TTL: u32 = 30;
+pub const DEFAULT_PKARR_TTL: u32 = 30;
 
 /// Publish node info to a pkarr relay.
 #[derive(derive_more::Debug, Clone)]

iroh-net/src/dns/node_info.rs

@@ -42,7 +42,7 @@ pub(crate) async fn lookup_node_info(
 ) -> Result<NodeInfo> {
     let name = ensure_iroh_node_txt_label(name)?;
     let lookup = resolver.txt_lookup(name).await?;
-    NodeInfo::from_hickory_lookup(lookup.as_lookup())
+    NodeInfo::from_hickory_records(lookup.as_lookup().records())
 }
 
 fn ensure_iroh_node_txt_label(name: Name) -> Result<Name, ProtoError> {
@@ -100,8 +100,11 @@ impl From<NodeInfo> for AddrInfo {
 
 impl NodeInfo {
     /// Create a new [`NodeInfo`] from its parts.
-    pub fn new(node_id: NodeId, relay_url: Option<Url>) -> Self {
-        Self { node_id, relay_url }
+    pub fn new(node_id: NodeId, relay_url: Option<impl Into<Url>>) -> Self {
+        Self {
+            node_id,
+            relay_url: relay_url.map(Into::into),
+        }
     }
 
     /// Convert this node info into a DNS attribute string.
@@ -117,11 +120,6 @@ impl NodeInfo {
         attrs.join(" ")
     }
 
-    /// Try to parse a [`NodeInfo`] from the lookup result of our DNS resolver.
-    pub fn from_hickory_lookup(lookup: &hickory_resolver::lookup::Lookup) -> Result<Self> {
-        Self::from_hickory_records(lookup.records())
-    }
-
     /// Try to parse a [`NodeInfo`] from a set of DNS records.
     pub fn from_hickory_records(records: &[hickory_proto::rr::Record]) -> Result<Self> {
         use hickory_proto::rr;

iroh-net/src/magic_endpoint.rs

@@ -41,6 +41,7 @@ pub struct MagicEndpointBuilder {
     /// Path for known peers. See [`MagicEndpointBuilder::peers_data_path`].
     peers_path: Option<PathBuf>,
     dns_resolver: Option<DnsResolver>,
+    pkarr_announce: bool,
 }
 
 impl Default for MagicEndpointBuilder {
@@ -55,6 +56,7 @@ impl Default for MagicEndpointBuilder {
             discovery: Default::default(),
             peers_path: None,
             dns_resolver: None,
+            pkarr_announce: false,
         }
     }
 }
@@ -156,6 +158,21 @@ impl MagicEndpointBuilder {
         self
     }
 
+    /// Announce the endpoint through the home relay.
+    ///
+    /// If enabled, and connected to a relay server, the node will publish its basic node
+    /// information to the relay server as a [`pkarr::SignedPacket`]. The node information contains
+    /// only our [`NodeId`] and the URL of our home relay. This is the minimal information needed
+    /// for other nodes to be able to connect to us if they only know our [`NodeId`].
+    ///
+    /// The default relay servers run by number0 will republish this information as a resolvable TXT record
+    /// in the Domain Name System (DNS), which makes the assocation of a [`NodeId`] to its home
+    /// relay globally resolvable.
+    pub fn pkarr_announce(mut self) -> Self {
+        self.pkarr_announce = true;
+        self
+    }
+
     /// Bind the magic endpoint on the specified socket address.
     ///
     /// The *bind_port* is the port that should be bound locally.
@@ -192,6 +209,7 @@ impl MagicEndpointBuilder {
             nodes_path: self.peers_path,
             discovery: self.discovery,
             dns_resolver,
+            pkarr_announce: self.pkarr_announce,
         };
         MagicEndpoint::bind(Some(server_config), msock_opts, self.keylog).await
     }

iroh-net/src/magicsock.rs

@@ -119,6 +119,11 @@ pub struct Options {
     /// You can use [`crate::dns::default_resolver`] for a resolver that uses the system's DNS
     /// configuration.
     pub dns_resolver: DnsResolver,
+
+    /// Whether to announce ourselves to the relay with a pkarr signed packet.
+    ///
+    /// If set to false no self-announces will be published.
+    pub pkarr_announce: bool,
 }
 
 impl Default for Options {
@@ -130,6 +135,7 @@ impl Default for Options {
             nodes_path: None,
             discovery: None,
             dns_resolver: crate::dns::default_resolver().clone(),
+            pkarr_announce: false,
         }
     }
 }
@@ -220,6 +226,9 @@ struct Inner {
 
     /// Indicates the update endpoint state.
     endpoints_update_state: EndpointUpdateState,
+
+    /// Whether to announce ourselves to the relay with a pkarr signed packet.
+    pkarr_announce: bool,
 }
 
 impl Inner {
@@ -1147,6 +1156,7 @@ impl MagicSock {
             discovery,
             nodes_path,
             dns_resolver,
+            pkarr_announce,
         } = opts;
 
         let nodes_path = match nodes_path {
@@ -1227,6 +1237,7 @@ impl MagicSock {
             pending_call_me_maybes: Default::default(),
             endpoints_update_state: EndpointUpdateState::new(),
             dns_resolver,
+            pkarr_announce,
         });
 
         let mut actor_tasks = JoinSet::default();
@@ -2203,10 +2214,10 @@ impl Actor {
             info!("home is now relay {}", relay_url);
             self.inner.publish_my_addr();
 
-            self.send_relay_actor(RelayActorMessage::NotePreferred(relay_url.clone()));
-            self.send_relay_actor(RelayActorMessage::Connect {
+            // This will also send a NotePreferred message to the relay,
+            // and, if configured, a [`pkarr::SignedPacket`] with info about ourselves.
+            self.send_relay_actor(RelayActorMessage::ConnectAsHomeRelay {
                 url: relay_url.clone(),
-                peer: None,
             });
         }
 

iroh-net/src/magicsock/relay_actor.rs

@@ -19,6 +19,8 @@ use tokio_util::sync::CancellationToken;
 use tracing::{debug, info, info_span, trace, warn, Instrument};
 
 use crate::{
+    discovery::pkarr_relay_publish::DEFAULT_PKARR_TTL,
+    dns::node_info::NodeInfo,
     key::{PublicKey, PUBLIC_KEY_LENGTH},
     relay::{self, http::ClientError, ReceivedMessage, RelayUrl, MAX_PACKET_SIZE},
 };
@@ -38,11 +40,9 @@ pub(super) enum RelayActorMessage {
         contents: RelayContents,
         peer: PublicKey,
     },
-    Connect {
+    ConnectAsHomeRelay {
         url: RelayUrl,
-        peer: Option<PublicKey>,
     },
-    NotePreferred(RelayUrl),
     MaybeCloseRelaysOnRebind(Vec<IpAddr>),
 }
 
@@ -79,6 +79,7 @@ enum ActiveRelayMessage {
     GetPeerRoute(PublicKey, oneshot::Sender<Option<relay::http::Client>>),
     GetClient(oneshot::Sender<relay::http::Client>),
     NotePreferred(bool),
+    PkarrPublish(pkarr::SignedPacket),
     Shutdown,
 }
 
@@ -133,6 +134,9 @@ impl ActiveRelay {
                         ActiveRelayMessage::NotePreferred(is_preferred) => {
                             self.relay_client.note_preferred(is_preferred).await;
                         }
+                        ActiveRelayMessage::PkarrPublish(packet) => {
+                            self.relay_client.pkarr_publish(packet).await;
+                        }
                         ActiveRelayMessage::GetPeerRoute(peer, r) => {
                             let res = if self.relay_routes.contains(&peer) {
                                 Some(self.relay_client.clone())
@@ -349,11 +353,8 @@ impl RelayActor {
             } => {
                 self.send_relay(&url, contents, peer).await;
             }
-            RelayActorMessage::Connect { url, peer } => {
-                self.connect_relay(&url, peer.as_ref()).await;
-            }
-            RelayActorMessage::NotePreferred(my_relay) => {
-                self.note_preferred(&my_relay).await;
+            RelayActorMessage::ConnectAsHomeRelay { url } => {
+                self.connect_relay_as_home(&url).await;
             }
             RelayActorMessage::MaybeCloseRelaysOnRebind(ifs) => {
                 self.maybe_close_relays_on_rebind(&ifs).await;
@@ -420,6 +421,29 @@ impl RelayActor {
     }
 
     /// Connect to the given relay node.
+    async fn connect_relay_as_home(&mut self, url: &RelayUrl) {
+        self.connect_relay(url, None).await;
+        self.note_preferred(url).await;
+        if let Err(err) = self.pkarr_announce_to_relay(url).await {
+            warn!(?err, %url, "failed to send pkarr self-announce to home derper");
+        }
+    }
+
+    async fn pkarr_announce_to_relay(&self, my_relay: &RelayUrl) -> anyhow::Result<()> {
+        if self.conn.pkarr_announce {
+            let s = self
+                .active_relay
+                .iter()
+                .find_map(|(relay_url, (s, _))| (relay_url == my_relay).then_some(s))
+                .context("home derp not in list of active derps")?;
+            let info = NodeInfo::new(self.conn.secret_key.public(), Some(my_relay.clone()));
+            let packet = info.to_pkarr_signed_packet(&self.conn.secret_key, DEFAULT_PKARR_TTL)?;
+            s.send(ActiveRelayMessage::PkarrPublish(packet)).await?;
+        }
+        Ok(())
+    }
+
+    /// Connect to the given derp node.
     async fn connect_relay(
         &mut self,
         url: &RelayUrl,
@@ -583,7 +607,7 @@ impl RelayActor {
     async fn close_or_reconnect_relay(&mut self, url: &RelayUrl, why: &'static str) {
         self.close_relay(url, why).await;
         if self.conn.my_relay().as_ref() == Some(url) {
-            self.connect_relay(url, None).await;
+            self.connect_relay_as_home(url).await;
         }
     }
 

iroh-net/src/relay/client.rs

@@ -22,6 +22,7 @@ use super::{
 };
 
 use crate::key::{PublicKey, SecretKey};
+use crate::relay::codec::PkarrWirePacket;
 use crate::util::AbortingJoinHandle;
 
 const CLIENT_RECV_TIMEOUT: Duration = Duration::from_secs(120);
@@ -122,6 +123,17 @@ impl Client {
         Ok(())
     }
 
+    /// Send a pkarr packet to the derper to publish for us.
+    ///
+    /// Must be signed by our secret key, otherwise the derper will reject it.
+    pub async fn pkarr_publish_packet(&self, packet: pkarr::SignedPacket) -> Result<()> {
+        self.inner
+            .writer_channel
+            .send(ClientWriterMessage::PkarrPublish(packet))
+            .await?;
+        Ok(())
+    }
+
     /// The local address that the [`Client`] is listening on.
     pub fn local_addr(&self) -> Result<SocketAddr> {
         Ok(self.inner.local_addr)
@@ -205,6 +217,8 @@ enum ClientWriterMessage {
     Ping([u8; 8]),
     /// Tell the server whether or not this client is the user's preferred client
     NotePreferred(bool),
+    /// Publish a pkarr signed packet about ourselves
+    PkarrPublish(pkarr::SignedPacket),
     /// Shutdown the writer
     Shutdown,
 }
@@ -239,6 +253,11 @@ impl<W: AsyncWrite + Unpin + Send + 'static> ClientWriter<W> {
                     write_frame(&mut self.writer, Frame::NotePreferred { preferred }, None).await?;
                     self.writer.flush().await?;
                 }
+                ClientWriterMessage::PkarrPublish(packet) => {
+                    let packet = PkarrWirePacket::V0(packet.as_bytes());
+                    write_frame(&mut self.writer, Frame::PkarrPublish { packet }, None).await?;
+                    self.writer.flush().await?;
+                }
                 ClientWriterMessage::Shutdown => {
                     return Ok(());
                 }
@@ -331,6 +350,7 @@ impl ClientBuilder {
         };
         let mut buf = encrypted_message.to_vec();
         shared_secret.open(&mut buf)?;
+
         let info: ServerInfo = postcard::from_bytes(&buf)?;
         if info.version != PROTOCOL_VERSION {
             bail!(