Penalize peers that send an invalid rpc request#6986
Penalize peers that send an invalid rpc request#6986mergify[bot] merged 26 commits intosigp:unstablefrom
Conversation
| ConnectionEvent::ListenUpgradeError(e) => { | ||
| if matches!(e.error, RPCError::InvalidData(_)) { | ||
| // Peer is not complying with the protocol. Notify the application and disconnect. | ||
| let inbound_substream_id = self.current_inbound_substream_id; | ||
| self.current_inbound_substream_id.0 += 1; | ||
|
|
||
| self.events_out.push(HandlerEvent::Err(HandlerErr::Inbound { | ||
| id: inbound_substream_id, | ||
| proto: Protocol::DataColumnsByRange, // FIXME: replace this hardcoded protocol | ||
| error: e.error, | ||
| })); | ||
| self.shutdown(None); | ||
| } | ||
| } |
There was a problem hiding this comment.
// FIXME: replace this hardcoded protocol
The RPCError::InvalidData error is emitted by the inbound codec here. The problem I'm facing is that the handler cannot determine which protocol the invalid data belongs to. I think changing the type of InboundUpgrade::Error from RPCError to (Protocol, RPCError) might solves this. What do you think?
ackintosh
changed the title
ackintosh
changed the title
ackintosh
added
ready-for-review
|
This pull request has merge conflicts. Could you please resolve them @ackintosh? 🙏 |
mergify
bot
added
waiting-on-author
# Conflicts: # beacon_node/lighthouse_network/tests/rpc_tests.rs
|
Some required checks have failed. Could you please take a look @ackintosh? 🙏 |
jxs
left a comment
jxs
left a comment
There was a problem hiding this comment.
Hi Akihito, overall this looks good to me, sorry for the delay in the review, left some comments
| ConnectionEvent::ListenUpgradeError(e) => { | ||
| if matches!(e.error.1, RPCError::InvalidData(_)) { |
There was a problem hiding this comment.
you don't need the nested matches Akihito, you can do:
| ConnectionEvent::ListenUpgradeError(e) => { | |
| if matches!(e.error.1, RPCError::InvalidData(_)) { | |
| ConnectionEvent::ListenUpgradeError(ListenUpgradeError { | |
| error: (_, RPCError::IoError(_)), | |
| .. | |
| }) => { |
| { | ||
| type Output = InboundOutput<TSocket, E>; | ||
| type Error = RPCError; | ||
| type Error = (Protocol, RPCError); |
There was a problem hiding this comment.
why use a tuple instead of putting the Protocol inside RPCError?
There was a problem hiding this comment.
I saw a struct that has Protocol and RPCError as separate fields like this, and I thought it was a reasonable way to represent what the error is and where it happened separately:
lighthouse/beacon_node/lighthouse_network/src/rpc/handler.rs
Lines 938 to 946 in c56c63e
ackintosh
added
ready-for-review
jimmygchen
added
waiting-on-author
The receiver might not receive a response due to a race condition: sigp#6986 (comment)
|
@jimmygchen Thanks for your feedback! I've updated the tests to remove response validation. |
…o-large # Conflicts: # beacon_node/lighthouse_network/tests/rpc_tests.rs
ackintosh
force-pushed
the
test-request-too-large
branch
from
03b9cb6 to
9f9e9dc
Compare
pawanjay176
added
ready-for-merge
Merge Queue StatusRule:
This pull request spent 29 minutes 35 seconds in the queue, including 27 minutes 33 seconds running CI. Required conditions to merge
|
Since #6847, invalid `BlocksByRange`/`BlobsByRange` requests, which do not comply with the spec, are [handled in the Handler](https://github.com/sigp/lighthouse/blob/3d16d1080f5b93193404967dcb5525fa68840ea0/beacon_node/lighthouse_network/src/rpc/handler.rs#L880-L911). Any peer that sends an invalid request is penalized and disconnected. However, other kinds of invalid rpc request, which result in decoding errors, are just dropped. No penalty is applied and the connection with the peer remains. I have added handling for the `ListenUpgradeError` event to notify the application of an `RPCError:InvalidData` error and disconnect to the peer that sent the invalid rpc request. I also added tests for handling invalid rpc requests. Co-Authored-By: ackintosh <[email protected]>
6 participants
Issue Addressed
Since #6847, invalid
BlocksByRange/BlobsByRangerequests, which do not comply with the spec, are handled in the Handler. Any peer that sends an invalid request is penalized and disconnected.However, other kinds of invalid rpc request, which result in decoding errors, are just dropped. No penalty is applied and the connection with the peer remains.
Proposed Changes
I have added handling for the
ListenUpgradeErrorevent to notify the application of anRPCError:InvalidDataerror and disconnect to the peer that sent the invalid rpc request.I also added tests for handling invalid rpc requests.