In http://www.bittorrent.org/beps/bep_0005.html, the announce_peer query needs a token which has the require ,"the "token" received in response to a previous get_peers query".
Does it mean that if node A has never send a get_peer query to node B, then node A would never receive a peer_announce query from node B ?
Does it mean that if node A has never send a get_peer query to node B, then node A would never receive a peer_announce query from node B ?
No, it's the other way around:
get_peers query to Node B.get_peers query that it has just sent. Node B's response includes the token.announce_peer query to Node B using the token it has just received from Node B's response.Why all this fuss?
The return value for a query for peers includes an opaque value known as the "token." For a node to announce that its controlling peer is downloading a torrent, it must present the token received from the same queried node in a recent query for peers. When a node attempts to "announce" a torrent, the queried node checks the token against the querying node's IP address. This is to prevent malicious hosts from signing up other hosts for torrents.
The token represents a capability to announce that one is joining a swarm. It's like first you ask about the swarm -- "Hey, what's up with this swarm?" -- and the peer you ask tells you what it knows about that swarm, and it also gives you a ticket you can return, or not, if you want to join that swarm too. Fine-grained capability security for the win!
Yes that's right. It ensures that someone announcing a peer is actually interested in the corresponding torrent, and has demonstrated control over the announced address.
