Don’t process unrequested, low-work blocks #11458

pull sdaftuar wants to merge 3 commits into bitcoin:master from sdaftuar:2017-10-blocks-before-minwork changing 3 files +54 −13
  1. sdaftuar commented at 6:36 pm on October 6, 2017: member

    A peer could try to waste our resources by sending us unrequested blocks with low work (eg to fill up our disk). Since e265200 we no longer request blocks until we know we’re on a chain with more than nMinimumChainWork (our anti-DoS threshold), but we would still process unrequested blocks that had more work than our tip (which generally has low-work during IBD), even though we may not yet have found a headers chain with sufficient work.

    Fix this and add a test.

  2. gmaxwell commented at 7:04 pm on October 6, 2017: contributor
    Concept ACK
  3. TheBlueMatt commented at 0:17 am on October 7, 2017: member
    Concept ACK, though fForceProcessing/fRequested doesn’t do the thing you think it does, see, eg #9352#pullrequestreview-13343287.
  4. fanquake added the label Validation on Oct 7, 2017
  5. promag commented at 7:49 am on October 7, 2017: member

    This is only useful if tip chain work is less than minimum chain work, which I think only happens in IBD?

    Edit: ready more carefully the PR description.

    Maybe we should just ignore unrequested blocks if tip chain work < minimum chain work? This way this test could be moved before AcceptBlockHeader?

  6. sdaftuar commented at 12:31 pm on October 7, 2017: member

    Concept ACK, though fForceProcessing/fRequested doesn’t do the thing you think it does, see, eg #9352 (review). @TheBlueMatt Is there a mistake here? I know we use the fForceProcessing/fRequested in a couple ways but I believe this is correct – for instance the unusual use of it in compact block processing shouldn’t be an issue, because we don’t try to reconstruct compact blocks when our chain tip is far behind. Did I miss a case?

  7. achow101 commented at 9:17 pm on October 8, 2017: member
    Concept ACK
  8. TheBlueMatt commented at 11:07 pm on October 19, 2017: member

    @sdaftuar Indeed. You were right, I was confused, but this does leave the logic being added here super brittle to future changes. For those following along at home, the reason compact blocks always passing fRequested as true doesn’t break this is that it does a CanDirectFetch first, which only looks at the timestamp of our chainActive.Tip(). Thus, this logic would be broken if there were any way for an attacker to cheaply feed us a single best-chain block which had a timestamp close to today, though there should be no way to do so as other ways to get the block onto disk (and, thus, to become our chainActive.Tip()) without meeting the nMinimumChainWork test in FindNextBlocksToDownload. This anti-DoS-logic-stradling-validation-and-net_processing stuff irritates me endlessly, but I think this is fine for now (and should likely be backported in 0.15.0.2 if we do one as a part of #11531).

    utACK (didn’t review test changes, which will conflict with #11531) f0940e462cb435f10ef6f052dae609655202f245

  9. TheBlueMatt commented at 11:34 pm on October 19, 2017: member
    Also, maybe add a comment about the CanDirectFetch stuff somewhere.
  10. Don't process unrequested, low-work blocks
    A peer could try to waste our resources by sending us unrequested blocks with
    low work, eg to fill up our disk.  Since
    e2652002b6011f793185d473f87f1730c625593b we no longer request blocks until we
    know we're on a chain with more than nMinimumChainWork (our anti-DoS
    threshold), but we would still process unrequested blocks that had more work
    than our tip.  This commit fixes that behavior.
    ce8cd7a7da
  11. qa: add test for minchainwork use in acceptblock 08fd822771
  12. sdaftuar force-pushed on Oct 20, 2017
  13. sdaftuar commented at 0:39 am on October 20, 2017: member
    Needed a rebase due to a conflict in the test.
  14. Add comment explaining forced processing of compact blocks 01b52cedd4
  15. sdaftuar commented at 0:59 am on October 20, 2017: member
    @TheBlueMatt I added a comment. @promag Thanks for the patch and for the review, but I (slightly) prefer the code that I’ve presented already. Skipping the call to AcceptBlockHeader doesn’t do much in the adversarial case (which is the only case we’re concerned about here), because an attacker would just separately deliver the header which we would process and store. And it seems clearer to me to just put this in the same block with the other checks we do when a block is not requested.
  16. promag commented at 8:45 am on October 20, 2017: member

    utACK 01b52ce.

    Nit, I would squash the test with the commit adding the feature.

  17. sipa commented at 11:03 am on October 20, 2017: member
    utACK 01b52cedd42f50a93b40981c91af7c12de6e45ce
  18. TheBlueMatt commented at 5:25 pm on October 20, 2017: member
    utACK 01b52cedd42f50a93b40981c91af7c12de6e45ce, didnt review the test parts.
  19. laanwj merged this on Oct 21, 2017
  20. laanwj closed this on Oct 21, 2017

  21. laanwj referenced this in commit c0e5139413 on Oct 21, 2017
  22. laanwj referenced this in commit cffa5ee132 on Nov 1, 2017
  23. MarcoFalke added the label Needs backport on Nov 1, 2017
  24. TheBlueMatt commented at 2:44 pm on November 1, 2017: member
    Needs backport (#11531 depends on this somewhat indirectly)
  25. MarcoFalke added this to the milestone 0.15.0.2 on Nov 1, 2017
  26. MarcoFalke referenced this in commit 07502603c0 on Nov 1, 2017
  27. MarcoFalke referenced this in commit 6c8e2471b6 on Nov 1, 2017
  28. MarcoFalke referenced this in commit 691c73379f on Nov 1, 2017
  29. MarcoFalke referenced this in commit 347c74b9ea on Nov 1, 2017
  30. MarcoFalke referenced this in commit d20508f84a on Nov 1, 2017
  31. MarcoFalke referenced this in commit 1aa6f8807a on Nov 1, 2017
  32. MarcoFalke referenced this in commit 2ff59ef99b on Nov 1, 2017
  33. MarcoFalke referenced this in commit 4a9621dac9 on Nov 1, 2017
  34. MarcoFalke referenced this in commit d98815e64e on Nov 1, 2017
  35. MarcoFalke referenced this in commit 5fa26f0a5b on Nov 1, 2017
  36. MarcoFalke referenced this in commit b40f5924f3 on Nov 1, 2017
  37. MarcoFalke referenced this in commit 69cb6e10ce on Nov 1, 2017
  38. MarcoFalke removed the label Needs backport on Nov 1, 2017
  39. MarcoFalke referenced this in commit 3acec38781 on Nov 2, 2017
  40. MarcoFalke referenced this in commit 2df65eeb98 on Nov 2, 2017
  41. MarcoFalke referenced this in commit ffb6ea4e5e on Nov 2, 2017
  42. codablock referenced this in commit e820f396aa on Sep 26, 2019
  43. codablock referenced this in commit b246b58720 on Sep 26, 2019
  44. codablock referenced this in commit 35d60de2b5 on Sep 29, 2019
  45. codablock referenced this in commit 7d21a78fa1 on Sep 29, 2019
  46. barrystyle referenced this in commit e07add8dd8 on Jan 22, 2020
  47. barrystyle referenced this in commit 95b0dcef19 on Jan 22, 2020
  48. MarcoFalke locked this on Sep 8, 2021

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-18 21:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me