-
Notifications
You must be signed in to change notification settings - Fork 764
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
authority-discovery: Ignore multi-addresses without IP from DHT records #6545
base: master
Are you sure you want to change the base?
Changes from 28 commits
a0fca05
3e3e461
0724372
7e5aa7b
5e71861
f36d749
9e7c867
109bb1c
281e1eb
f09e25c
3906c57
9061359
52acb47
6389be9
d109dd7
d6da5d4
6372b5f
0144119
335e0e8
19a3c4e
a0243b7
9fe8cff
bb5653e
36ff0c7
457b4f1
45b02e1
7fca2c4
65ca987
dd8e5ec
7ea83f4
a5e756d
86cab78
66d47b9
40ebbda
d075120
fd1a4b4
d22d23f
711f1c3
e87378d
b8285bc
fa01496
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
title: Ignore multi-addresses without IP from DHT records | ||
|
||
doc: | ||
- audience: [ Node Dev, Node Operator ] | ||
description: | | ||
This PR ensures that multiaddresses without an IP protocol are not published or utilized from DHT records. | ||
|
||
crates: | ||
- name: sc-network | ||
bump: patch | ||
- name: sc-authority-discovery | ||
bump: patch | ||
- name: sc-network-types | ||
bump: patch |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -746,13 +746,21 @@ impl<B: BlockT + 'static, H: ExHashT> NetworkBackend<B, H> for Litep2pNetworkBac | |
}; | ||
} | ||
NetworkServiceCommand::AddKnownAddress { peer, address } => { | ||
let mut address: Multiaddr = address.into(); | ||
|
||
if !address.iter().any(|protocol| std::matches!(protocol, Protocol::P2p(_))) { | ||
address.push(Protocol::P2p(litep2p::PeerId::from(peer).into())); | ||
if !address.is_external_address_valid() { | ||
log::warn!( | ||
target: LOG_TARGET, | ||
"ignoring invalid external address {address} for {peer:?}", | ||
); | ||
continue | ||
} | ||
|
||
if self.litep2p.add_known_address(peer.into(), iter::once(address.clone())) == 0usize { | ||
let Some(address) = address.clone().ensure_peer_id(peer) else { | ||
log::warn!( | ||
target: LOG_TARGET, | ||
"ignoring address ({address}) with different peer ID {peer:?}", | ||
); | ||
continue | ||
}; | ||
if self.litep2p.add_known_address(peer.into(), iter::once(address.clone().into())) == 0usize { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. With this PR deployed, we receive the following warnings for adding addresses (only on Kusama validators):
All warnings coming from this are related to addresses pointing to the localhost. Will let this deployment run for a bit and then I believe its safe to turn these into debug |
||
log::warn!( | ||
target: LOG_TARGET, | ||
"couldn't add known address ({address}) for {peer:?}, unsupported transport" | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -66,6 +66,9 @@ pub struct PeerInfoBehaviour { | |
ping: Ping, | ||
/// Periodically identifies the remote and responds to incoming requests. | ||
identify: Identify, | ||
/// Identity of our local node. | ||
local_peer_id: PeerId, | ||
|
||
/// Information that we know about all nodes. | ||
nodes_info: FnvHashMap<PeerId, NodeInfo>, | ||
/// Interval at which we perform garbage collection in `nodes_info`. | ||
|
@@ -123,6 +126,7 @@ impl PeerInfoBehaviour { | |
local_public_key: PublicKey, | ||
external_addresses: Arc<Mutex<HashSet<Multiaddr>>>, | ||
) -> Self { | ||
let local_peer_id = local_public_key.to_peer_id(); | ||
let identify = { | ||
let cfg = IdentifyConfig::new("/substrate/1.0".to_string(), local_public_key) | ||
.with_agent_version(user_agent) | ||
|
@@ -134,6 +138,7 @@ impl PeerInfoBehaviour { | |
Self { | ||
ping: Ping::new(PingConfig::new()), | ||
identify, | ||
local_peer_id, | ||
nodes_info: FnvHashMap::default(), | ||
garbage_collect: Box::pin(interval(GARBAGE_COLLECT_INTERVAL)), | ||
external_addresses: ExternalAddresses { addresses: external_addresses }, | ||
|
@@ -401,17 +406,23 @@ impl NetworkBehaviour for PeerInfoBehaviour { | |
self.external_addresses.remove(e.addr); | ||
}, | ||
FromSwarm::NewExternalAddrCandidate(e @ NewExternalAddrCandidate { addr }) => { | ||
self.ping.on_swarm_event(FromSwarm::NewExternalAddrCandidate(e)); | ||
self.identify.on_swarm_event(FromSwarm::NewExternalAddrCandidate(e)); | ||
|
||
// Manually confirm all external address candidates. | ||
// TODO: consider adding [AutoNAT protocol](https://docs.rs/libp2p/0.52.3/libp2p/autonat/index.html) | ||
// (must go through the polkadot protocol spec) or implemeting heuristics for | ||
// approving external address candidates. This can be done, for example, by | ||
// approving only addresses reported by multiple peers. | ||
// See also https://github.com/libp2p/rust-libp2p/pull/4721 introduced | ||
// in libp2p v0.53 for heuristics approach. | ||
self.pending_actions.push_back(ToSwarm::ExternalAddrConfirmed(addr.clone())); | ||
// Verify the external address is valid. | ||
let multiaddr: sc_network_types::multiaddr::Multiaddr = addr.clone().into(); | ||
if multiaddr.is_external_address_valid() && | ||
multiaddr.ensure_peer_id(self.local_peer_id.into()).is_some() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just cross-checking if the following is intended: There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yep, unfortunately libp2p API forces us to pass the event with a reference to the multiaddr ( |
||
{ | ||
self.ping.on_swarm_event(FromSwarm::NewExternalAddrCandidate(e)); | ||
self.identify.on_swarm_event(FromSwarm::NewExternalAddrCandidate(e)); | ||
|
||
// Manually confirm all external address candidates. | ||
// TODO: consider adding [AutoNAT protocol](https://docs.rs/libp2p/0.52.3/libp2p/autonat/index.html) | ||
// (must go through the polkadot protocol spec) or implemeting heuristics for | ||
// approving external address candidates. This can be done, for example, by | ||
// approving only addresses reported by multiple peers. | ||
// See also https://github.com/libp2p/rust-libp2p/pull/4721 introduced | ||
// in libp2p v0.53 for heuristics approach. | ||
self.pending_actions.push_back(ToSwarm::ExternalAddrConfirmed(addr.clone())); | ||
} | ||
}, | ||
FromSwarm::ExternalAddrConfirmed(e @ ExternalAddrConfirmed { addr }) => { | ||
self.ping.on_swarm_event(FromSwarm::ExternalAddrConfirmed(e)); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will downgrade to debug after more testing, here and below