I've read a BEP 5 specification and get expectation that token value in DHT message always has 20 bytes length. Because:
The BitTorrent implementation uses the SHA1 hash of the IP address concatenated onto a secret that changes every five minutes and tokens up to ten minutes old are accepted.
And SHA1 is 20 bytes.
But on practice I'm getting 8-bytes long token in get_peers response. Also BEP 5 contains examples where 8-bytes long token is used.
Is that some other type of token? If it so, are there any specification or constraints on its length? Can I assume it <= 20?
UPD: in fact I'm getting also tokens with sizes 20 and 4. Rarely: 2,3,7.
That sha1 is used to generate a token does not mean that what you're receiving is the sha1 output, i.e. sha1 being used does not rule out additional processing steps. Additionally the previous sentence says
Since the token is merely returned by the querying node to the same node it received the token from, the implementation is not defined
Thus the implementation used by the original bittorrent client is just an example how it can be done in a stateless manner.
The token is an opaque value of implementation-specific length that should be returned to the sender as-is.