Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Send notfound inv items to the inv collector, Credit: Equilibrium #2156

Closed
5 tasks done
Tracked by #2311
teor2345 opened this issue May 14, 2021 · 0 comments · Fixed by #3505
Closed
5 tasks done
Tracked by #2311

Security: Send notfound inv items to the inv collector, Credit: Equilibrium #2156

teor2345 opened this issue May 14, 2021 · 0 comments · Fixed by #3505
Assignees
@teor2345
Labels
A-network Area: Network protocol updates or fixes A-rust Area: Updates to Rust code C-security Category: Security issues I-hang A Zebra component stops responding to requests I-remote-node-overload Zebra can overload other nodes on the network

Comments

@teor2345
Copy link
Contributor

teor2345 commented May 14, 2021
edited
Loading

Is your feature request related to a problem? Please describe.

Zebra currently ignores notfound responses from peers.

  1. To avoid duplicate requests for notfound items, if a peer has recently told us that item was not found, we should redirect or reject that item request.
  2. We should also synthesise notfound inv entries for peers that didn't respond to a request, even if they don't send a notfound message themselves.

This helps prevent request/response loops.

A similar issue was reported by Niklas Long of Equilibrium.

Describe the solution you'd like

  • Send notfound messages to the inv collector
  • Synthesise notfound messages to the inv collector when peers don't find an item, if the peer doesn't actually send a notfound message
  • Synthesise notfound messages to the inv collector when the peer request times out, or is dropped for some other reason (use the Drop impl)
    • Document this behaviour in zebra_network::Request, and also document that requests for multiple items wait for data or notfound for all of them (or wait for an obviously unrelated response)
  • When a Client sends a request for an item:
    1. direct it to a peer that has the item (inv collector)
    2. direct it to a peer that hasn't recently returned notfound for the item
    3. reject the request and return an error

Describe alternatives you've considered

This doesn't seem to be causing any issues right now, so we might not need to do this fix.

Dependencies

This change might be easier after we do #1973.
@teor2345 teor2345 added A-rust Area: Updates to Rust code S-needs-triage Status: A bug report needs triage P-Low C-security Category: Security issues I-remote-node-overload Zebra can overload other nodes on the network A-network Area: Network protocol updates or fixes labels May 14, 2021
@teor2345 teor2345 changed the title Security: Drop or redirect requests for notfound inv items, Credit: Niklas Long of Equilibrium Security: Drop or redirect requests for notfound inv items, Credit: Equilibrium May 17, 2021
@mpguerra mpguerra removed the S-needs-triage Status: A bug report needs triage label May 19, 2021
@teor2345 teor2345 changed the title Security: Drop or redirect requests for notfound inv items, Credit: Equilibrium Security: Send notfound inv items to the inv collector, Credit: Equilibrium May 24, 2021
@mpguerra mpguerra mentioned this issue Nov 30, 2021
Closed
76 tasks
@teor2345 teor2345 added P-Medium and removed P-Low labels Dec 7, 2021
@teor2345 teor2345 mentioned this issue Dec 7, 2021
Closed
@teor2345 teor2345 self-assigned this Dec 8, 2021
This was referenced Dec 8, 2021
Merged
Merged
This was referenced Dec 15, 2021
Closed
Closed
Merged
@teor2345 teor2345 added the I-hang A Zebra component stops responding to requests label Dec 20, 2021
@mpguerra mpguerra mentioned this issue Jan 27, 2022
Closed
40 tasks
This was referenced Jan 30, 2022
Closed
Merged
Merged
Closed
@teor2345 teor2345 mentioned this issue Feb 10, 2022
Merged
3 tasks
@mergify mergify bot closed this as completed in #3505 Feb 15, 2022
@arya2 arya2 mentioned this issue Mar 31, 2023
Merged
6 tasks
@mpguerra mpguerra mentioned this issue Apr 11, 2023
Closed
4 tasks
mpguerra added a commit that referenced this issue May 19, 2023
@mpguerra
#3235 was obsoleted by #2156 which was fixed by #3505
2e362d9
mergify bot pushed a commit that referenced this issue May 23, 2023
@mpguerra @teor2345
Delete outdated TODOs refering to closed issues (#6732)
ec2e9ca 
* ZIPs were updated to remove ambiguity, this was tracked in #1267.

* #2105 was fixed by #3039 and #2379 was closed by #3069

* #2230 was a duplicate of #2231 which was closed by #2511

* #3235 was obsoleted by #2156 which was fixed by #3505

* #1850 was fixed by #2944, #1851 was fixed by #2961 and #2902 was fixed by #2969

* We migrated to Rust 2021 edition in Jan 2022 with #3332

* #1631 was closed as not needed

* #338 was fixed by #3040 and #1162 was fixed by #3067

* #2079 was fixed by #2445

* #4794 was fixed by #6122

* #1678 stopped being an issue

* #3151 was fixed by #3934

* #3204 was closed as not needed

* #1213 was fixed by #4586

* #1774 was closed as not needed

* #4633 was closed as not needed

* Clarify behaviour of difficulty spacing

Co-authored-by: teor <teor@riseup.net>

* Update comment to reflect implemented behaviour

Co-authored-by: teor <teor@riseup.net>

* Update comment to reflect implemented behaviour when retrying block downloads

Co-authored-by: teor <teor@riseup.net>

* Update `TODO` to remove closed issue and clarify when we might want to fix

Co-authored-by: teor <teor@riseup.net>

* Update `TODO` to remove closed issue and clarify what we might want to change in future

Co-authored-by: teor <teor@riseup.net>

* Clarify benefits of how we do block verification

Co-authored-by: teor <teor@riseup.net>

* Fix rustfmt errors

---------

Co-authored-by: teor <teor@riseup.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@teor2345 teor2345

Labels
A-network Area: Network protocol updates or fixes A-rust Area: Updates to Rust code C-security Category: Security issues I-hang A Zebra component stops responding to requests I-remote-node-overload Zebra can overload other nodes on the network
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

4. Avoid repeated requests to peers after partial responses or errors ZcashFoundation/zebra
2 participants
@mpguerra @teor2345