fix(iroh): preserve ordering of IPs for nat traversal

[dignifiedquire]

Depends on n0-computer/noq#571

[github-actions]

Documentation for this PR has been generated and is available at: https://n0-computer.github.io/iroh/pr/4090/docs/iroh/

Last updated: 2026-04-08T15:44:51Z

[github-actions]

Netsim report & logs for this PR have been generated and is available at: LOGS
This report will remain available for 3 days.

Last updated for commit: add34f8

[matheus23]

Let's dogfood this!

[matheus23]

Looking at https://github.com/n0-computer/iroh/blob/v0.35.0/iroh/src/magicsock.rs#L2690-L2824 it doesn't seem like we used to have an order to our DirectAddrs: Although we were careful to first put Portmapper, then Stun, then Stun4LocalPort, then Local addrs into our collection, this collection was a BTreeMap<SocketAddr, DirectAddrType>, and later in send_queued_call_me_maybes we stripped the DirectAddrType from the addrs before sending them over in the order they're in the BTreeMap.

---

The reason I'm saying all this is because I initially wanted to cross-reference the priorities we have here with what we used to have in iroh 0.35, but it turns out although it looks like we had some order to them, we actually threw away the order when we put it all in a BTreeMap, and it worked fine, too. So the apparent order we had in iroh 0.35 should be taken with a good grain of salt.

---

Anyways - given all of the above, the ordering seems fine.

[matheus23]

This doesn't match the comment for this function.
The addresses this generates are

• 10.200.0.1
• 10.201.1.1
• 10.202.2.1

This is a weird pattern IMO. Shouldn't this just be

Suggested change

	let ip = format!("10.{}.{}.1/24", 200 + i, i);
	let ip = format!("10.200.{i}.1/24");

?

(And then the function's comment needs to be adjusted to say 10.200.x.1, too)

Alternatively, this can take a u16 and you split it up, so it's 10.200.x.y, but I've heard x.x.x.0 addrs are special, so perhaps the .1 at the end is a good idea.

[matheus23]

This scares me.

Can we do the same thing by spawning a bunch of routers in patchbay and connecting to them via interfaces? Or even better, add a bunch of interfaces to the same router or sth like that?

[dignifiedquire]

no idea, cc @Arqu @Frando for better ways to simulate this

[Arqu]

Will take a look soon

[dignifiedquire]

@Frando has added something in latest patchbay asfaik

[Arqu]

This doesn't look that bad tbh. I mean any type of bad addr/or interface injection should do the job.

[matheus23]

Dogfooding indicates this is doing pretty well (I found other issues w.r.t. my mobile phone hotspot, but that's likely unrelated)

[matheus23]

@Arqu FYI there was discussion about this issue in discord: https://discord.com/channels/949724860232392765/1491399258526580807/1491457127812960386

TLDR: We've fixed the underlying issue with having "too many interfaces" in another way that is simpler: n0-computer/noq#575
In the future we'll improve upon that more, but at this point I haven't seen any cases that this PR improves over the state in main. So it might be worth not introducing this complexity yet, even if it's little complexity.

[dignifiedquire]

@matheus23 @Frando this tests should be ported though to make sure this actually works if we drop this PR, have you done that already?

[matheus23]

Hasn't happened yet, AFAIK.

[Arqu]

@Arqu FYI there was discussion about this issue in discord: https://discord.com/channels/949724860232392765/1491399258526580807/1491457127812960386

TLDR: We've fixed the underlying issue with having "too many interfaces" in another way that is simpler: n0-computer/noq#575 In the future we'll improve upon that more, but at this point I haven't seen any cases that this PR improves over the state in main. So it might be worth not introducing this complexity yet, even if it's little complexity.

Thanks for the context!