Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Use canonical SocketAddrs to avoid duplicate peer connections, Feature: Send local listener to peers #2276

Merged
merged 17 commits into from
Jun 22, 2021
Merged

Security: Use canonical SocketAddrs to avoid duplicate peer connections, Feature: Send local listener to peers #2276

merged 17 commits into from
Jun 22, 2021

Conversation

teor2345
Copy link
Contributor

@teor2345 teor2345 commented Jun 10, 2021
edited
Loading

Motivation

  1. Zebra's seed peers and local listener address can be non-canonical, leading to duplicate peer connections.

  2. In PR Security: stop gossiping failure and attempt times as last_seen times #2273, Zebra stopped gossiping its local listener address to peers, because it didn't have a last seen time.

  3. In PR Security: stop gossiping failure and attempt times as last_seen times #2273, Zebra applied its local listener to any existing entry for that address, which could skip the listener, or leak internal state.

  4. Since the listener was added to the cloned AddressBook, it was briefly included in the address book metrics.

These changes help test PRs #2273 and #2275.

Specifications

addr.time:

Nodes advertising their own IP address set this to the current time.

https://developer.bitcoin.org/reference/p2p_networking.html#addr

Solution

  1. Make Zebra always use canonical seed, listener, MetaAddr, and MetaAddrChange SocketAddrs
  2. Give the local listener address a last seen time
  3. Replace any existing address book entry for the local listener
  4. Get the peer list from the address book, rather than cloning it

As a side-effect, this change also makes sanitization slightly faster, because it avoids some useless peer filtering and sorting.

Testing

Adds proptests for the following properties:

  • regardless of any existing entry for a local listener MetaAddr, a sanitized address book contains a copy of the local listener with the current time
    • but listeners that are not valid for outbound connections should be skipped
  • Zebra doesn't share invalid listeners (IP addresses or client services) with its peers

Review

@jvff can review this change.

Reviewer Checklist

  • Code implements Specs and Designs
  • Tests for Expected Behaviour
  • Tests for Errors

Follow Up

Make MetaAddr.addr a private field #2357, so the constructors can make sure it's canonical

@teor2345 teor2345 added C-bug Category: This is a bug A-rust Area: Updates to Rust code P-Medium I-privacy Zebra discloses private information A-network Area: Network protocol updates or fixes labels Jun 10, 2021
@teor2345 teor2345 added this to the 2021 Sprint 11 - Zcon2 milestone Jun 10, 2021
@teor2345 teor2345 requested a review from jvff June 10, 2021 05:31
@teor2345 teor2345 self-assigned this Jun 10, 2021
@teor2345

This comment has been minimized.

Sign in to view
@teor2345 teor2345 marked this pull request as ready for review June 10, 2021 05:38
@teor2345 teor2345 marked this pull request as draft June 10, 2021 05:38
This was referenced Jun 10, 2021
Merged
Closed
Merged
@mpguerra mpguerra removed this from the 2021 Sprint 11 - Zcon2 milestone Jun 14, 2021
@teor2345 teor2345 force-pushed the limit-addr-reconnection-rate branch 2 times, most recently from 2954ba3 to 318a495 Compare June 15, 2021 03:34
@teor2345 teor2345 force-pushed the local-listener-fix branch from cc7bb3b to 5fe6efe Compare June 16, 2021 02:37
@teor2345 teor2345 force-pushed the local-listener-fix branch from af18c98 to 6fcf788 Compare June 16, 2021 10:47
@teor2345 teor2345 mentioned this pull request Jun 16, 2021
Merged
3 tasks
@teor2345 teor2345 force-pushed the local-listener-fix branch 2 times, most recently from 80b68d5 to 1313f10 Compare June 18, 2021 09:23
Base automatically changed from limit-addr-reconnection-rate to main June 18, 2021 12:30
@teor2345 teor2345 force-pushed the local-listener-fix branch from 1313f10 to 87bfff9 Compare June 20, 2021 23:14
@teor2345 teor2345 mentioned this pull request Jun 21, 2021
Closed
2 tasks
@teor2345 teor2345 force-pushed the local-listener-fix branch from 87bfff9 to a3950e1 Compare June 21, 2021 03:11
@teor2345
Always send our local listener with the latest time
a71db64 
Previously, whenever there was an inbound request for peers, we would
clone the address book and update it with the local listener.

This had two impacts:
- the listener could conflict with an existing entry,
  rather than unconditionally replacing it, and
- the listener was briefly included in the address book metrics.

As a side-effect, this change also makes sanitization slightly faster,
because it avoids some useless peer filtering and sorting.
teor2345 added 2 commits June 21, 2021 13:38
@teor2345
Security: Use canonical SocketAddrs to avoid duplicate connections
e290a42 
If we allow multiple variants for each peer address, we can make multiple
connections to that peer.

Also make sure sanitized MetaAddrs are valid for outbound connections.
@teor2345
Test that address books contain the local listener address
4aa6b00
@teor2345 teor2345 force-pushed the local-listener-fix branch from c644df2 to 4aa6b00 Compare June 21, 2021 03:39
This was referenced Jun 21, 2021
Merged
Merged
@teor2345 teor2345 changed the title Always send our local listener with the latest time Security: Use canonical SocketAddrs to avoid duplicate peer connections, Feature: send local listener to peers Jun 21, 2021
@teor2345 teor2345 added C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data I-remote-node-overload Zebra can overload other nodes on the network labels Jun 21, 2021
@teor2345 teor2345 marked this pull request as ready for review June 21, 2021 03:59
@teor2345 teor2345 changed the title Security: Use canonical SocketAddrs to avoid duplicate peer connections, Feature: send local listener to peers Security: Use canonical SocketAddrs to avoid duplicate peer connections, Feature: Send local listener to peers Jun 21, 2021
jvff
jvff previously approved these changes Jun 21, 2021
View reviewed changes
Copy link
Contributor

@jvff jvff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good! I added some minor suggestions, but they're all optional.

zebra-chain/src/serialization/date_time.rs Outdated Show resolved Hide resolved
zebra-chain/src/serialization/date_time.rs Outdated Show resolved Hide resolved
zebra-chain/src/serialization/date_time.rs Outdated Show resolved Hide resolved
zebra-chain/src/serialization/date_time.rs Outdated Show resolved Hide resolved
zebra-chain/src/serialization/date_time.rs Outdated Show resolved Hide resolved
zebra-chain/src/serialization/date_time.rs Outdated Show resolved Hide resolved
zebra-chain/src/serialization/date_time.rs Outdated Show resolved Hide resolved
zebra-network/src/meta_addr.rs Show resolved Hide resolved
zebra-network/src/meta_addr.rs Show resolved Hide resolved
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
@teor2345 teor2345 mentioned this pull request Jun 22, 2021
Closed
9 tasks
teor2345 and others added 5 commits June 22, 2021 11:16
@teor2345 @jvff
Fix method comments
eddc7e7 
Co-authored-by: Janito Vaqueiro Ferreira Filho <janito.vff@gmail.com>
@teor2345 @jvff
Refactor checked_add
7e88c3a 
Co-authored-by: Janito Vaqueiro Ferreira Filho <janito.vff@gmail.com>
@teor2345
Clarify method comments
19f1b29
@teor2345
Simplify some conversions
015e090
@teor2345
fastmod new_local_listener new_local_listener_change
8434ad3
@teor2345 teor2345 requested a review from jvff June 22, 2021 01:37
jvff
jvff approved these changes Jun 22, 2021
View reviewed changes
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
zebra-network/src/meta_addr.rs Show resolved Hide resolved
@teor2345 teor2345 enabled auto-merge (squash) June 22, 2021 02:10
@teor2345 teor2345 merged commit 1a57023 into main Jun 22, 2021
@teor2345 teor2345 deleted the local-listener-fix branch June 22, 2021 02:17
@teor2345 teor2345 mentioned this pull request Jun 23, 2021
Merged
2 tasks
@arya2 arya2 mentioned this pull request Mar 31, 2023
Merged
6 tasks
@mpguerra mpguerra mentioned this pull request Apr 11, 2023
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jvff jvff jvff approved these changes

Assignees

@teor2345 teor2345

Labels
A-network Area: Network protocol updates or fixes A-rust Area: Updates to Rust code C-bug Category: This is a bug C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data I-privacy Zebra discloses private information I-remote-node-overload Zebra can overload other nodes on the network
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@teor2345 @jvff @mpguerra