-
Notifications
You must be signed in to change notification settings - Fork 176
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
4103: Khalil/6474 Gossipsub RPC control message Spam protection: GRAFT & PRUNE r=kc1116 a=gomisha This PR adds spam protection for gossipsub RPC control messages (GRAFT & PRUNE). It adds a new [ControlMsgValidationInspector](https://github.com/dapperlabs/flow-go/compare/khalil/6474-graft-prune-spam?expand=1#diff-875c4aae39d07a22e184608be05abd0dce2447e593716de23cb70495d8c3ab2fR52) which is a gossipsub RPC inspector that performs the following validation on control messages for each of the control types (GRAFT & PRUNE). These protections are important due to the fact that RPC messages are processed synchronously by libp2p and a malicious actor could exhaust the nodes resources or degrade the nodes network performance by spamming costly control messages. - Ensure RPC messages with a count > configured upper threshold are immediately rejected - Ensure RPC messages for specific control type are not rate limited for peer - Ensure RPC messages for specific control type < safety threshold < upper threshold have valid topic ID's - Ensure RPC messages with a count < safety threshold bypass validation I suggest you start your review in the [inspector package](https://github.com/dapperlabs/flow-go/tree/khalil/6474-graft-prune-spam/network/p2p/inspector) which contains all the new inspector logic and the [control message validation inspector gossip spammer tests.](https://github.com/dapperlabs/flow-go/blob/khalil/6474-graft-prune-spam/insecure/rpc_inspector_test/control_message_validation_test.go) ref: https://github.com/dapperlabs/flow-go/pull/6555 author: `@kc1116` Co-authored-by: Khalil Claybon <khalil.claybon@dapperlabs.com> Co-authored-by: Misha <misha.rybalov@dapperlabs.com>
- Loading branch information
Showing
58 changed files
with
2,268 additions
and
538 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.