-
Notifications
You must be signed in to change notification settings - Fork 286
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(core-p2p): Validate GET replies from other peers #2102
Conversation
@air1one @faustbrian @supaiku0 - please review this in the next few days. Be sure to explicitly select labels so I know what's going on. If no reviewer appears after a week, a reminder will be sent out. |
@vasild The ci/circleci: test-node11-2 job is failing as of 94761b29e288c4c1a6e4dfed652219d7cf64516b. Please review the logs for more information. Once you've pushed the fixes, the build will automatically re-run. Thanks! |
This is a breaking change in how the legacy P2P API responds, some people still rely on it so that is a no go. This is a change that will be made for websockets. |
We agreed that I add a schema validation as a followup PR after #2032: Now, should I relax the validation so that it allows "legacy P2P API" replies, or completely ditch this PR |
By the way I get the following with this patch:
and the node keeps working by fetching the peer list from another peer. This looks like a good way to get rid of the IP addresses like "2130706433" with which devnet is poisoned. |
If you change it so that the responses don't change we can keep it open, otherwise I would wait until 2.6 with it and talk to @air1one as he currently is working on the websockets. |
Yes, sure. The idea was never to change the responses. The idea is to check that the responses are the expected ones. So, I guess, the rules should be relaxed. @air1one how would this fit with websockets? I guess with websockets we still send JSONs back and forth, right? So the validation is still relevant, no matter whether we received the reply via HTTP or websockets. |
@vasild try to finish this until the end of the week so we can put it on devnet and freeze the develop branch for the 2.2 release. |
Codecov Report
@@ Coverage Diff @@
## develop #2102 +/- ##
===========================================
- Coverage 79.55% 79.48% -0.07%
===========================================
Files 329 330 +1
Lines 7900 7913 +13
Branches 1123 1114 -9
===========================================
+ Hits 6285 6290 +5
- Misses 1582 1590 +8
Partials 33 33
Continue to review full report at Codecov.
|
packages/core-p2p/src/peer.ts
Outdated
import util from "util"; | ||
import { config as localConfig } from "./config"; | ||
import { PeerPingTimeoutError, PeerStatusResponseError, PeerVerificationFailedError } from "./errors"; | ||
import { PeerVerificationResult, PeerVerifier } from "./peer-verifier"; | ||
|
||
export class Peer implements P2P.IPeer { | ||
private static replySchemas: any = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please move the schemas into a separate file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved in abb0242.
…ply-validation * ArkEcosystem/core/develop: chore(release): 2.2.0-beta.7 (#2141)
* ArkEcosystem/core/2.3: chore: move core-graphql to the deprecated folder (#2169) refactor(crypto): benchmarks (#2167) refactor: replace micromatch with nanomatch and remove heavy deps (#2165) feat(crypto): increase vendor field length to 255 bytes (#2159) feat(core-api): search delegates by usernames (#2143) feat(core-logger-pino): initial implementation (#2134) perf(crypto): integrate bcrypto (#2158) feat(core): ask for process restarts after updating (#2155) refactor(core): replace pm2 with process manager (#2154) refactor(core): require the user to take action for updates (#2153) feat(core-p2p): Fetch list of peers from at least a few others (#2152) refactor(core): more robust check for ensureDefaults (#2151) fix(core): ensure file and defaults before reading fix(core): return correct suffix for core:restart command (#2150) fix(core-database): properly sort BigNumber values (#2144) feat(core): configuration and channel support for the CLI (#2145) feat(core): merge core-snapshot-cli commands into core (#2149) fix(core-api): pass query to findAllByVote method (#2142) feat(core-p2p): Validate GET replies from other peers (#2102) chore(release): 2.2.0-beta.7 (#2141) fix(core-blockchain): stuck at not ready to accept new block (#2139) refactor(core-p2p): Improve selection of peer for downloading blocks (#2137) fix(core): overwrite the config path if an env variable is provided (#2140) fix(core): do not ignore the network flag in parseWithNetwork (#2138) chore(release): 2.2.0-beta.6 (#2136) refactor(core-container): throw an error if the peers or plugins file are missing (#2135) chore(release): 2.2.0-beta.5 (#2132) refactor(core-p2p): reduce logging noise (#2129) misc(core-p2p): remove superfluous log message (#2128) refactor(core-p2p): Improve fork handling in updatePeersOnMissingBlocks (#2125)
Proposed changes
Types of changes
Checklist