Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/libp2p/go-tcp-transport
This package has moved into go-libp2p as a sub-package, github.com/libp2p/go-libp2p/p2p/transport/tcp.
A libp2p transport implementation for tcp, including reuseport socket options.
go-tcp-transport
is an implementation of the libp2p transport
interface that streams data over TCP/IP sockets. It is
included by default in the main go-libp2p
"entry point" module.
go-tcp-transport
is included as a dependency of go-libp2p
, which is the most
common libp2p entry point. If you depend on go-libp2p
, there is generally no
need to explicitly depend on this module.
go-tcp-transport
is a standard Go module which can be installed with:
go get github.com/libp2p/go-tcp-transport
This repo is gomod-compatible, and users of
go 1.11 and later with modules enabled will automatically pull the latest tagged release
by referencing this package. Upgrades to future releases can be managed using go get
,
or by editing your go.mod
file as described by the gomod documentation.
TCP is one of the default transports enabled when constructing a standard libp2p Host, along with WebSockets.
Calling libp2p.New
to construct a libp2p Host will enable
the TCP transport, unless you override the default transports by passing in
Options
to libp2p.New
.
To explicitly enable the TCP transport while constructing a host, use the
libp2p.Transport
option, passing in the NewTCPTransport
constructor function:
import (
libp2p "github.com/libp2p/go-libp2p"
tcp "github.com/libp2p/go-tcp-transport"
)
// TCP only:
h, err := libp2p.New(
libp2p.Transport(tcp.NewTCPTransport)
)
The example above will replace the default transports with a single TCP transport. To add multiple transports:
// TCP and QUIC:
h, err := libp2p.New(
libp2p.Transport(tcp.NewTCPTransport),
libp2p.Transport(quic.NewTransport), // see https://github.com/libp2p/go-libp2p-quic-transport
)
To use TCP transport options, pass them to the libp2p.Transport
constructor:
h, err := libp2p.New(
libp2p.Transport(tcp.NewTCPTransport, tcp.DisableReuseport(), tcp.WithConnectionTimeout(20*time.Second))
)
The TCP transport supports multiaddrs that contain a tcp
component, provided that there is sufficient addressing information for the IP
layer of the connection.
Examples:
addr | description |
---|---|
/ip4/1.2.3.4/tcp/1234 | IPv4: 1.2.3.4, TCP port 1234 |
/ip6/::1/tcp/1234 | IPv6 loopback, TCP port 1234 |
Because TCP lacks native connection security and stream multiplexing facilities, the TCP transport uses a transport upgrader to provide those features. The transport upgrader negotiates transport security and multiplexing for each connection according to the protocols supported by each party.
The SO_REUSEPORT
socket option allows multiple processes
or threads to bind to the same TCP port, provided that all of them set the
socket option. This has some performance benefits, and it can potentially assist
in NAT traversal by only requiring one port to be accessible for many
connections.
The reuseport functionality is provided by a seperate module,
go-reuseport-transport. It
is enabled by default, but can be disabled at runtime by setting the
LIBP2P_TCP_REUSEPORT
environment variable to false
or 0
.
PRs are welcome!
Small note: If editing the Readme, please conform to the standard-readme specification.
MIT © Jeromy Johnson
The last gx published version of this module was: 2.0.28: QmTGiDkw4eeKq31wwpQRk5GwWiReaxrcTQLuCCLWgfKo5M
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.