Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Put addresses from the peer's version message and remote IP in the connection cache, don't send them directly to the address book #7951

Closed
Tracked by #7824
teor2345 opened this issue Nov 16, 2023 · 1 comment · Fixed by #7977
Closed
Tracked by #7824

Put addresses from the peer's version message and remote IP in the connection cache, don't send them directly to the address book #7951

teor2345 opened this issue Nov 16, 2023 · 1 comment · Fixed by #7977
Assignees
@arya2 @teor2345
Labels
A-network Area: Network protocol updates or fixes C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data I-remote-trigger Remote nodes can make Zebra do something bad

Comments

@teor2345
Copy link
Contributor

teor2345 commented Nov 16, 2023
edited
Loading

Motivation

This prevents an attack where peers can repeatedly connect, supply an address in the version message, and fill the address book.

Complex Requirements or Code

Potential drawbacks:

We might lose these addresses when the peer sends an addr message (but addr messages should always contain that peer's address, so in some cases we might lose the remote address of inbound connections). This is fixed in #7952 by adding all new addresses to the cache, taking any that are needed, then truncating the rest if needed.

These addresses are treated like gossiped addresses, so they have slightly higher priority. This is unlikely to have a significant impact, because their times will quickly become outdated by new addresses from this peer or other peers.
@teor2345 teor2345 mentioned this issue Nov 16, 2023
Closed
9 tasks
@mpguerra mpguerra added this to Zebra Nov 16, 2023
@github-project-automation github-project-automation bot moved this to 🆕 New in Zebra Nov 16, 2023
@teor2345 teor2345 assigned teor2345 and unassigned teor2345 Nov 17, 2023
@teor2345 teor2345 added P-Medium ⚡ C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data A-network Area: Network protocol updates or fixes I-remote-trigger Remote nodes can make Zebra do something bad labels Nov 17, 2023
@mpguerra
Copy link
Contributor

Hey team! Please add your planning poker estimate with Zenhub @arya2 @oxarbitrage @teor2345 @upbqdn

@teor2345 teor2345 mentioned this issue Nov 22, 2023
Merged
9 tasks
@mergify mergify bot closed this as completed in #7977 Nov 24, 2023
@github-project-automation github-project-automation bot moved this from 🆕 New to ✅ Done in Zebra Nov 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arya2 arya2

@teor2345 teor2345

Labels
A-network Area: Network protocol updates or fixes C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data I-remote-trigger Remote nodes can make Zebra do something bad
Projects
Zebra
Archived in project
Milestone
No milestone
3 participants
@mpguerra @arya2 @teor2345