network: Only insert global addresses into the DHT.

[twittner]

Currently every address reported via libp2p-identify is inserted into the DHT which thus contains a multitude of unreachable addresses such as from 127.0.0.0/8 or 10.0.0.0/8.

Issue paritytech/polkadot-sdk#563 suggested a dedicated service over UDP to gauge the reachability of an address, which would however incur extra I/O costs and be of limited use.

As an alternative and simpler tactic, this PR only allows global IP addresses to be inserted into the DHT unless an explicit command-line flag --allow-non-global-addresses-in-dht is given or a node is started with --dev. This opt-in behaviour is meant to allow site-local networks to still make use of a DHT.

[cecton]

The CLI part LGTM

[tomaka]

Looks good to me.
@mxinden and/or @romanb let me know your opinion this.

[tomaka]

You probably have to enable the flag for tests to pass. The tests use /memory/... addresses.

[mxinden]

Definitely in favor of this.

In a personal project I had to drop all non global addresses returned by the Kusama Dht, because my server hoster thought I am doing a netscan over their backbone.

[mxinden]

👍 for B1-clientnoteworthy. Maybe someone is using Substrate in a private IPv4 network.

[arkpar]

CLI option name could be a bit more user friendly. Something like --discover-local - Enable peer discovery on local networks. "DHT" is an implementation detail.

[twittner]

CLI option name could be a bit more user friendly. Something like --discover-local - Enable peer discovery on local networks. "DHT" is an implementation detail.

I would be fine changing it to this. The meaning of "discover-local" overlaps perhaps slightly with mDNS but since we have a separate option to disable mDNS I guess it is fine.

[tomaka]

Please merge master for the CI to pass.