Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add libp2p connection Firewall #2478

Merged
merged 9 commits into from Jul 30, 2020
Merged

Add libp2p connection Firewall #2478

merged 9 commits into from Jul 30, 2020

Conversation

Nashatyrev
Copy link
Contributor

PR Description

Add a Libp2p Firewall class as a first line handler for every Connection. Incorporate @ajsutton tweaks he made in this PR: libp2p/jvm-libp2p#127

Documentation

  • I thought about documentation and added the documentation label to this PR if updates are required.

@Nashatyrev Nashatyrev requested a review from ajsutton July 29, 2020 16:37
@Nashatyrev Nashatyrev mentioned this pull request Jul 29, 2020
Closed
@ajsutton ajsutton mentioned this pull request Jul 29, 2020
Closed
@ajsutton
Copy link
Contributor

I definitely like this approach so we can control the settings we need in Teku. Have tested it out and syncing blocks works with a local network. I tried with a throttled connection and did start getting disconnections but it seems pretty reasonable given I throttled the server since it was conveniently in a docker container and it had 35 other peers on just a 256kbit connection.

When the peer was disconnected through we got an error logged in the server which we should probably find a way to handle cleanly:

teku_1           | 2020-07-30 05:21:02.123 | nioEventLoopGroup-3-3     | ERROR | NoiseXXSecureChannel           | Unexpected error in Noise channel
teku_1           | io.netty.handler.timeout.WriteTimeoutException: null

I'm also going to look into adjusting Teku so that it actually uses the returned future when writing requested blocks - currently it just sends them as fast as it can but should actually pay attention to when the response stream becomes unwritable and delay loading the next block to send.

@ajsutton
Copy link
Contributor

I'm not seeing any disconnections with a reasonably 1024Kbit upload limit on the serving node so I'd say these are workable starting values and we don't need to wait for the change I mentioned about waiting for blocks to finish writing.

I think we should fix the error message before merging this though.

ajsutton
ajsutton approved these changes Jul 30, 2020
View reviewed changes
Copy link
Contributor

@ajsutton ajsutton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reran the test and confirmed we don't log errors when disconnecting which is great.

LGTM.

@Nashatyrev Nashatyrev merged commit 4c4a83b into Consensys:master Jul 30, 2020
@Nashatyrev Nashatyrev deleted the fix-attacks-1 branch September 8, 2020 11:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajsutton ajsutton ajsutton approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Nashatyrev @ajsutton