Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(network): Avoid initiating outbound handshakes with IPs for which Zebra already has an active peer. #7029

Merged
merged 20 commits into from
Jul 6, 2023
Merged

fix(network): Avoid initiating outbound handshakes with IPs for which Zebra already has an active peer. #7029

merged 20 commits into from
Jul 6, 2023

Conversation

arya2
Copy link
Contributor

@arya2 arya2 commented Jun 21, 2023
edited
Loading

Motivation

This prevents some kinds of attacks.

Closes #6982.

Solution

  • Adds a most_recent_by_ip field to AddressBook.
  • Updates the new field when there's an update with a later last_response time, or when addresses are removed.
  • Adds && !self.has_active_peer_with_ip() to the filter in reconnection_peers().
  • Tests that the iterator from reconnection_peers() skips over address when there's already a live address with the same IP.

Review

Part of regular scheduled work.

Reviewer Checklist

  • Will the PR name make sense to users?
    • Does it need extra CHANGELOG info? (new features, breaking changes, large changes)
  • Are the PR labels correct?
  • Does the code do what the ticket and PR says?
    • Does it change concurrent code, unsafe code, or consensus rules?
  • How do you know it works? Does it have tests?

Follow Up Work

@arya2 arya2 added C-bug Category: This is a bug P-Medium ⚡ C-security Category: Security issues I-remote-node-overload Zebra can overload other nodes on the network A-network Area: Network protocol updates or fixes A-concurrency Area: Async code, needs extra work to make it work properly. I-remote-trigger Remote nodes can make Zebra do something bad labels Jun 21, 2023
@arya2 arya2 requested a review from a team as a code owner June 21, 2023 01:13
@arya2 arya2 self-assigned this Jun 21, 2023
@arya2 arya2 requested review from oxarbitrage and teor2345 and removed request for a team and oxarbitrage June 21, 2023 01:13
@codecov
Copy link

codecov bot commented Jun 21, 2023
edited
Loading

Codecov Report

Merging #7029 (b9edfe8) into main (56a7638) will decrease coverage by 0.24%.
The diff coverage is 74.77%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7029      +/-   ##
==========================================
- Coverage   77.47%   77.24%   -0.24%     
==========================================
  Files         310      310              
  Lines       41647    41913     +266     
==========================================
+ Hits        32268    32377     +109     
- Misses       9379     9536     +157

@arya2 arya2 force-pushed the constrain-outbound-connector branch from d1e335a to 704850a Compare June 21, 2023 15:11
teor2345
teor2345 requested changes Jun 21, 2023
View reviewed changes
Copy link
Collaborator

@teor2345 teor2345 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a nice minimal design!

I think checking AttemptPending peers is a blocking change. If we decide to put this PR in a later release, that could also be blocking.

The rest of my comments provide context, ask for more context so we can check the design works as expected, or ask for docs so future developers and auditors can do those checks.

Feel free to ask me to find some of these details myself.

zebra-network/src/address_book.rs Show resolved Hide resolved
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
zebra-network/src/address_book/tests/vectors.rs Outdated Show resolved Hide resolved
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
@arya2
Updates most_recent_by_ip in .take()
489e63d 
Updates should_update_most_recent_by_ip() and has_active_peer_with_ip to check last_attempt and last_failure times

Renames has_active_peer_with_ip
@arya2 arya2 changed the title fix(network): Avoid initiating handshakes with IPs for which Zebra already has an active peer. fix(network): Avoid initiating outbound handshakes with IPs for which Zebra already has an active peer. Jun 23, 2023
teor2345
teor2345 requested changes Jul 4, 2023
View reviewed changes
Copy link
Collaborator

@teor2345 teor2345 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like the scope of this PR has grown a bit. I'm partly responsible for that, I think my suggestion about pending handshakes was out of scope. (And it's difficult to do securely.)

So I'd like to make sure all the code we add in this PR has a strong security motivation. That way, it's less likely to have other negative security impacts.

zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
zebra-network/src/constants.rs Outdated Show resolved Hide resolved
zebra-network/src/config.rs Outdated Show resolved Hide resolved
@arya2 arya2 requested a review from teor2345 July 5, 2023 19:57
teor2345
teor2345 previously approved these changes Jul 5, 2023
View reviewed changes
Copy link
Collaborator

@teor2345 teor2345 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

I just want to double-check the logic in two places where we might be returning an incorrect value.

zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
zebra-network/src/address_book.rs Outdated Show resolved Hide resolved
@arya2 @teor2345
Apply suggestions from code review
febbb7d 
Co-authored-by: teor <teor@riseup.net>
teor2345
teor2345 previously approved these changes Jul 5, 2023
View reviewed changes
Copy link
Collaborator

@teor2345 teor2345 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry about the Rust syntax, I didn't check it before suggesting

mergify bot added a commit that referenced this pull request Jul 6, 2023
@mergify
Merge of #7029
949adcb
@mergify mergify bot mentioned this pull request Jul 6, 2023
Closed
@arya2
Copy link
Contributor Author

arya2 commented Jul 6, 2023

@Mergifyio refresh

@mergify
Copy link
Contributor

mergify bot commented Jul 6, 2023

refresh

✅ Pull request refreshed

mergify bot added a commit that referenced this pull request Jul 6, 2023
@mergify
Merge of #7029
1297b80
@mergify mergify bot mentioned this pull request Jul 6, 2023
Closed
@mergify mergify bot merged commit 77ad91c into main Jul 6, 2023
@mergify mergify bot deleted the constrain-outbound-connector branch July 6, 2023 05:54
@teor2345 teor2345 mentioned this pull request Jul 7, 2023
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@teor2345 teor2345 teor2345 approved these changes

Assignees

@arya2 arya2

Labels
A-concurrency Area: Async code, needs extra work to make it work properly. A-network Area: Network protocol updates or fixes C-bug Category: This is a bug C-security Category: Security issues I-remote-node-overload Zebra can overload other nodes on the network I-remote-trigger Remote nodes can make Zebra do something bad no-review-reminders Turn off review reminders
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Don't initiate handshakes to outbound IPs that were recently connected
2 participants
@arya2 @teor2345