Malicious validators advertising localhost as ip address

[TheEnigmaa]

Problem

A large number of malicious/iditotic validators are advertising localhost and their own ip address! This can possibly be catastrophic to validators that repeatedly and quickly hit their own tpu/gossip with high throughput.
Example:
solana gossip | grep 127.0.0.1 | head -n 1 127.0.0.1 | 6vwvffpcs2WpxjfviMneL9uzHjErwMqEwxTcaUk3uS83 | 55554 | 55555 | 127.0.0.1:8899 | 1.13.5 | 1365939126
As of current time of post there are 143 of these!

Proposed Solution

Exclude any local ip address sending to validators advertising incorrect (local when obviously not) ips

[bw-solana]

Yes, this makes sense, and is something that's been discussed before. There is an existing API, solana_gossip::legacy_contact_info::LegacyContactInfo::is_valid_address, that is convenient to plug into.

The only complication I'm aware of is around testing, where sending to the loopback address is normal.

We would also need to ensure we are actually using this API everywhere to filter IP addresses before sending. At first glance, use seems widespread, so should be catching the bulk of traffic.

[bw-solana]

Closing as resolved by #29992