[net processing] Drop unknown types in getdata #18808

pull jnewbery wants to merge 4 commits into bitcoin:master from jnewbery:2020-04-getdata changing 3 files +74 −18
  1. jnewbery commented at 0:40 am on April 29, 2020: member

    Currently we’ll stall peers that send us an unknown INV type in a GETDATA message. Be a bit more friendly and just drop the invalid request.

    Ditto for blocks-relay-only peers that send us a GETDATA for a transaction.

    There’s a test for the first part. The second is difficult to test in the functional test framework since we aren’t able to make blocks-relay-only connections.

  2. fanquake added the label P2P on Apr 29, 2020
  3. DrahtBot commented at 2:40 am on April 29, 2020: member

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #17303 (p2p: Stop relaying non-mempool txs, improve tx privacy slightly by MarcoFalke)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  4. in src/net_processing.cpp:1600 in c71754bd93 outdated 
    1603-        // mempool entries added before this time have likely expired from mapRelay
1604-        const std::chrono::seconds longlived_mempool_time = GetTime<std::chrono::seconds>() - RELAY_TX_CACHE_TIME;
1605-        const std::chrono::seconds mempool_req = pfrom->m_tx_relay->m_last_mempool_req.load();
1606+    // mempool entries added before this time have likely expired from mapRelay
1607+    const std::chrono::seconds longlived_mempool_time = GetTime<std::chrono::seconds>() - RELAY_TX_CACHE_TIME;
1608+    const std::chrono::seconds mempool_req = pfrom->m_tx_relay->m_last_mempool_req.load();
    MarcoFalke commented at 1:19 pm on April 29, 2020:
    Why is it ok to remove the nullptr check? This line crashes the node.
    jnewbery commented at 2:57 pm on April 29, 2020:
    Thanks. Fixed.
  5. MarcoFalke commented at 1:20 pm on April 29, 2020: member
    Concept ACK
  6. [net processing] ignore tx GETDATA from blocks-only peers 
    Co-Authored-By: John Newbery <john@johnnewbery.com>
    047ceac142
  7. [net processing] ignore unknown INV types in GETDATA messages 
    Co-Authored-By: John Newbery <john@johnnewbery.com>
    e257cf71c8
  8. jnewbery force-pushed on Apr 29, 2020
  9. naumenkogs commented at 4:33 pm on April 29, 2020: member
    Concept ACK, light code review ack
  10. in src/net_processing.cpp:1651 in 4ecd5585cf outdated 
    1647@@ -1642,19 +1648,17 @@ void static ProcessGetData(CNode* pfrom, const CChainParams& chainparams, CConnm
1648         }
1649     } // release cs_main
1650 
1651+    // Only process one BLOCK item per call, since they're uncommon and can be
    naumenkogs commented at 4:38 pm on April 29, 2020:
    What’s the worst local processing delay we may expect if 2 blocks are generated within 5 seconds (and got queued together), but we process them separately? The probability of this is definitely non-zero.
    jnewbery commented at 8:36 pm on April 29, 2020:
    Usually milliseconds. However long it takes to do one round of the messagehandler thread. We won’t pause processing for 100ms because there’s more work to do for this peer.
  11. in test/functional/p2p_getdata.py:25 in a458f713d7 outdated 
    20+
21+    def __init__(self):
22+        super().__init__()
23+        self.blocks = defaultdict(int)
24+
25+    def on_inv(self, message):
    mzumsande commented at 10:12 pm on April 29, 2020:
    What’s the purpose of this override? (No invs seem to be sent in the test)
    jnewbery commented at 11:29 pm on April 29, 2020:
    no reason. Bad copy-paste. Fixed. Thanks!
  12. mzumsande commented at 10:28 pm on April 29, 2020: member

    Concept ACK.

    I think there was discussion in earlier PRs on whether to ignore the unknown data or disconnect the peer. Why did you choose the former / are there legitimate constellations in which peers would send us unknown GETDATA but be worth staying connected to?

  13. jnewbery commented at 11:31 pm on April 29, 2020: member

    Why did you choose the former / are there legitimate constellations in which peers would send us unknown GETDATA but be worth staying connected to?

    Just conservatism. Better to not let a logic bug turn into a peer disconnect if possible. In the adversarial case, there are messages that a peer can send us that would be much costlier for us to process, so no need to punish for something that we can just drop.

  14. [test] test that an invalid GETDATA doesn't prevent processing of future messages 
    Co-Authored-By: John Newbery <john@johnnewbery.com>
    2f032556e0
  15. [docs] Improve commenting in ProcessGetData() 9847e205bf
  16. jnewbery force-pushed on Apr 29, 2020
  17. laanwj commented at 8:34 am on April 30, 2020: member
    Concept ACK, though I think disconnecting the peer because the application doesn’t know how to handle a request would be slightly preferable in this case. It indicates a bug at the side of the peer and explicit error handling is better to track down errors. I could understand the ignore behavior as a kind of extension mechanism, however, I think in case of a protocol extension it needs to be negotiated in some way first, not simply assumed to be present.
  18. brakmic commented at 4:16 pm on April 30, 2020: contributor

    ACK https://github.com/bitcoin/bitcoin/commit/9847e205bf7edcac4c30ce4b6d62f482aa7bc1b7

    Built, run and tested on macOS Catalina 10.15.4. Functional test p2p_getdata successful.

  19. jnewbery commented at 4:58 pm on April 30, 2020: member

    I think disconnecting the peer because the application doesn’t know how to handle a request would be slightly preferable in this case. It indicates a bug at the side of the peer and explicit error handling is better to track down errors.

    There are lots of p2p messages that indicate bugs in the peer which we just silently drop, eg if a peer sends us multiple VERACKs, multiple SENDHEADERs, a GETDATA with no items, etc. I think if the cost to process those messages is low, then dropping and not disconnecting is the safer thing to do.

  20. luke-jr commented at 10:06 pm on May 2, 2020: member

    Why did you choose the former / are there legitimate constellations in which peers would send us unknown GETDATA but be worth staying connected to?

    It’s generally important to avoid splitting the p2p network. Even if peers are implementing different rules allowing invalid stuff (eg, an old node after a softfork), they still need to get the blocks from updated peers…

  21. luke-jr approved
  22. luke-jr commented at 0:16 am on May 6, 2020: member
    utACK 9847e205bf7edcac4c30ce4b6d62f482aa7bc1b7
  23. laanwj commented at 12:23 pm on May 6, 2020: member

    if a peer sends us multiple VERACKs, multiple SENDHEADERs, a GETDATA with no items, etc. I think if the cost to process those messages is low, then dropping and not disconnecting is the safer thing to do.

    I think those are different in that they are quantitatively different not qualitatively. There may be spurious messages (or lack of messages) but the messages that are sent have a known meaning. In this case the type is unknown and it is completely unknown how to handle it.

  24. jnewbery commented at 1:50 pm on May 6, 2020: member

    In this case the type is unknown and it is completely unknown how to handle it.

    Yes, and so the most cautious action is to drop it. We already drop unknown message types:

    https://github.com/bitcoin/bitcoin/blob/60091d20f9bb6bb2d57b634567ba63b4f0e458d0/src/net_processing.cpp#L3299-L3301

    I could use the same extensibility argument here. It’s possible that in future another P2P client or a future version of Bitcoin Core might use the inv/getdata/notfound messages for different payload types. We shouldn’t disconnect them unnecessarily.

  25. sipa commented at 2:22 am on May 8, 2020: member
    utACK 9847e205bf7edcac4c30ce4b6d62f482aa7bc1b7
  26. naumenkogs commented at 2:50 pm on May 8, 2020: member
    utACK 9847e20
  27. in src/net_processing.cpp:1618 in 047ceac142 outdated 
    1615-            it++;
1616+            const CInv &inv = *it++;
1617+
1618+            if (pfrom->m_tx_relay == nullptr) {
1619+                // Ignore GETDATA requests for transactions from blocks-only peers.
1620+                continue;
    ajtowns commented at 3:47 pm on May 11, 2020:
    Seems mildly wasteful to grab the cs_main lock just to skip over MSG_TX and MSG_WITNESS_TX. I think this patch (“ignore tx GETDATA from blocks only peers”) could be dropped entirely, allowing the “ignore unknown INV types in GETDATA messages” patch’s handling to cover it instead.
    jnewbery commented at 6:33 pm on May 11, 2020:
    Yeah, it’s slightly wasteful, but I think it’s clearer to have tx and non-tx handling fully separated in different parts of the functions, and explicitly have a code path/comment documenting behaviour, rather than having to think “so what happens if we receive a request for a tx from a blocks-relay-only peer? Oh, it falls through here and then we handle it below as if it were an unknown type”.
  28. ajtowns commented at 3:56 pm on May 11, 2020: member
    utACK 9847e205bf7edcac4c30ce4b6d62f482aa7bc1b7
  29. fanquake merged this on May 12, 2020
  30. fanquake closed this on May 12, 2020
  31. sidhujag referenced this in commit 8418b2d377 on May 12, 2020
  32. laanwj added the label Needs backport (0.20) on May 13, 2020
  33. fanquake referenced this in commit 9b679a6a2e on May 14, 2020
  34. fanquake referenced this in commit e4444d61ac on May 14, 2020
  35. fanquake referenced this in commit 06911c141b on May 14, 2020
  36. fanquake referenced this in commit 3549473fc3 on May 14, 2020
  37. fanquake removed the label Needs backport (0.20) on May 14, 2020
  38. fanquake referenced this in commit fb821731eb on May 15, 2020
  39. fanquake referenced this in commit 1e73d7248a on May 15, 2020
  40. fanquake referenced this in commit 011532e380 on May 15, 2020
  41. fanquake referenced this in commit a3fe458a1e on May 15, 2020
  42. MarcoFalke referenced this in commit 17bdf2afae on May 15, 2020
  43. MarcoFalke commented at 2:11 pm on May 23, 2020: member
    Post merge ACK 9847e205bf7edcac4c30ce4b6d62f482aa7bc1b7
  44. jnewbery deleted the branch on May 23, 2020
  45. deadalnix referenced this in commit d2d68c3f85 on Jan 28, 2021
  46. Fabcien referenced this in commit a3dac181b4 on Jan 28, 2021
  47. Fabcien referenced this in commit cd5131913f on Jan 28, 2021
  48. deadalnix referenced this in commit a282075844 on Jan 28, 2021
  49. backpacker69 referenced this in commit 8a45c78d0b on Mar 28, 2021
  50. backpacker69 referenced this in commit 16fee04577 on Mar 28, 2021
  51. backpacker69 referenced this in commit 37bd7442c2 on Mar 28, 2021
  52. backpacker69 referenced this in commit b3bdfea80c on Mar 28, 2021
  53. DrahtBot locked this on Feb 15, 2022


jnewbery DrahtBot MarcoFalke naumenkogs mzumsande laanwj brakmic luke-jr sipa ajtowns

Labels
P2P

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-04 19:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me