Connection whitelisting on an ongoing basis

Hi,

I am trying to implement a way to white-list nodes on an ongoing/periodic basis and wanted to run by you all what I have gathered so far in terms of libp2p features and also get your opinion.

In our network, new nodes can join while bad nodes can be evicted. Each node gets a continuously updated whitelist of all the nodes it can connect to. I was looking at different libp2p features that could allow me honour such a white list on a node.

I found there are these three features that I could possibly use:

  1. Decaying tags - This would allow explicit trimming of connections by removing the tags of nodes not on the white list. However, the real intention of the feature is for heuristics based connection maintenance and not really whitelist/blacklist.

  2. PubSub blacklisting - I don’t have a blacklist of nodes so this may not work.

  3. Connection Gator - This seems to be a good fit since it could allows rejecting inbound and outbound connection with a node not on the whitelist. The only one problem I see with connection gator is that it wouldn’t drop existing connection for a node that was earlier on the whitelist but was then later evicted.

Are there any other options that I am missing?
Would love to get your feedback.

thanks,
Vishal

@vishal hey, you’re better served by the connection gater. The gater allows you to gate new connections on their way in and on their way out. For connections that already exist when the whitelist is updated, you will want the component that receives, accepts and applies the whitelist to get a list of active connections from the host.Network(), and close any connections to peers that are not whitelisted any longer. This component can be the same as the gater, as the gater is simply an interface. That’s probably the simplest option.

1 Like

I have the same confusion about blacklist and whitelist, so glad to see some good opinions.