-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(network): Avoid initiating outbound handshakes with IPs for which Zebra already has an active peer. #7029
Conversation
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #7029 +/- ##
==========================================
- Coverage 77.47% 77.24% -0.24%
==========================================
Files 310 310
Lines 41647 41913 +266
==========================================
+ Hits 32268 32377 +109
- Misses 9379 9536 +157 |
d1e335a
to
704850a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a nice minimal design!
I think checking AttemptPending
peers is a blocking change. If we decide to put this PR in a later release, that could also be blocking.
The rest of my comments provide context, ask for more context so we can check the design works as expected, or ask for docs so future developers and auditors can do those checks.
Feel free to ask me to find some of these details myself.
Updates should_update_most_recent_by_ip() and has_active_peer_with_ip to check last_attempt and last_failure times Renames has_active_peer_with_ip
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems like the scope of this PR has grown a bit. I'm partly responsible for that, I think my suggestion about pending handshakes was out of scope. (And it's difficult to do securely.)
So I'd like to make sure all the code we add in this PR has a strong security motivation. That way, it's less likely to have other negative security impacts.
…mpt_with_ip updates test
Co-authored-by: teor <teor@riseup.net>
Co-authored-by: teor <teor@riseup.net>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great!
I just want to double-check the logic in two places where we might be returning an incorrect value.
Co-authored-by: teor <teor@riseup.net>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry about the Rust syntax, I didn't check it before suggesting
@Mergifyio refresh |
✅ Pull request refreshed |
Motivation
This prevents some kinds of attacks.
Closes #6982.
Solution
most_recent_by_ip
field toAddressBook
.last_response
time, or when addresses are removed.&& !self.has_active_peer_with_ip()
to the filter inreconnection_peers()
.reconnection_peers()
skips over address when there's already a live address with the same IP.Review
Part of regular scheduled work.
Reviewer Checklist
Follow Up Work