Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: Limit how many addresses we use from each peer address message #7952

Merged
merged 9 commits into from
Nov 19, 2023
Merged

security: Limit how many addresses we use from each peer address message #7952

merged 9 commits into from
Nov 19, 2023

Conversation

teor2345
Copy link
Contributor

@teor2345 teor2345 commented Nov 16, 2023
edited
Loading

Motivation

We want to limit how many addresses we use from each peer, so that our outbound connections are based on peers shared by most of our peers.

Close #1869

PR Author Checklist

Check before marking the PR as ready for review:

  • Will the PR name make sense to users?
  • Does the PR have a priority label?
  • Have you added or updated tests?
  • Is the documentation up to date?
For significant changes:
  • Is there a summary in the CHANGELOG?
  • Can these changes be split into multiple PRs?

If a checkbox isn't relevant to the PR, mark it as done.

We might want to have an overall changelog entry for the tracking issue, but it doesn't need to be added here.

Complex Code or Requirements

We need to limit in two places: existing cached peers, and responses based on a request. These limits operate slightly differently, because only a new response can cause an overflow.

Solution

  • When we have cached peers, only take some of them to answer a request
  • When we send a peer request, only take some of the response to answer a request, and put the rest in the cache
  • In response to unsolicited address messages, add the latest addresses to the cache, and discard the oldest ones
  • Choose response addresses at random
  • Update outdated docs referring to this ticket

Testing

Add a new proptest for the cache update method.

The remaining parts of the PR are simple and can be checked by manual review, or by existing tests (including integration tests).

Review

This is a routine fix.

Reviewer Checklist

Check before approving the PR:

  • Does the PR scope match the ticket?
  • Are there enough tests to make sure it works? Do the tests cover the PR motivation?
  • Are all the PR blockers dealt with?
    PR blockers can be dealt with in new tickets or PRs.

And check the PR Author checklist is complete.

@teor2345 teor2345 added P-Medium ⚡ C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data A-network Area: Network protocol updates or fixes I-remote-trigger Remote nodes can make Zebra do something bad labels Nov 16, 2023
@teor2345 teor2345 self-assigned this Nov 16, 2023
@teor2345 teor2345 requested a review from a team as a code owner November 16, 2023 03:36
@teor2345 teor2345 requested review from oxarbitrage and removed request for a team November 16, 2023 03:36
@teor2345 teor2345 marked this pull request as draft November 16, 2023 03:36
@mpguerra
Copy link
Contributor

mpguerra commented Nov 16, 2023
edited
Loading

Is this PR linked to #1869 ?

@teor2345
Copy link
Contributor Author

Is this PR linked to #1869 ?

Yes, I've updated the ticket.

@teor2345 teor2345 marked this pull request as ready for review November 17, 2023 00:23
This was referenced Nov 17, 2023
Merged
Closed
@arya2 arya2 self-requested a review November 17, 2023 16:55
@arya2 arya2 mentioned this pull request Nov 17, 2023
Closed
@arya2 arya2 added the do-not-merge Tells Mergify not to merge this PR label Nov 17, 2023
arya2
arya2 approved these changes Nov 17, 2023
View reviewed changes
Copy link
Contributor

@arya2 arya2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great!

I opened an optional suggestion PR (#7960), but this is good to merge as-is, feel free to remove the do-not-merge tag and close #7960 if you disagree with the suggestion.

@arya2 arya2 self-requested a review November 17, 2023 21:14
@teor2345 teor2345 removed the do-not-merge Tells Mergify not to merge this PR label Nov 19, 2023
@teor2345
Copy link
Contributor Author

This looks great!

I opened an optional suggestion PR (#7960), but this is good to merge as-is, feel free to remove the do-not-merge tag and close #7960 if you disagree with the suggestion.

I am happy to deal with #7960 separately. (Since it is an optional suggestion, this PR does not need to be blocked by it.)

@mergify mergify bot merged commit 3be22b2 into main Nov 19, 2023
3 checks passed
@mergify mergify bot deleted the limit-peer-addrs branch November 19, 2023 21:43
@teor2345 teor2345 mentioned this pull request Nov 23, 2023
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oxarbitrage oxarbitrage Awaiting requested review from oxarbitrage oxarbitrage is a code owner automatically assigned from ZcashFoundation/network-reviewers

@arya2 arya2 Awaiting requested review from arya2

Assignees

@teor2345 teor2345

Labels
A-network Area: Network protocol updates or fixes C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data I-remote-trigger Remote nodes can make Zebra do something bad
Projects
None yet
Milestone
No milestone
3 participants
@teor2345 @mpguerra @arya2