Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to completely blacklist a domain/server from federating #3173

Closed
turt2live opened this issue May 2, 2018 · 10 comments

Comments

Projects
None yet
5 participants
@turt2live
Copy link
Member

commented May 2, 2018

This is related to, but not the same as, #1217. #2820 allows one to specify a whitelist for federation, but does not provide the option for a blacklist.

This should go a step further and prevent events/objects from the blacklisted servers as well. Just blocking traffic is not enough, synapse should also not reach out to get events, groups, etc from the blacklisted servers, including from other sources (ie: don't ask matrix.org for an event from a blacklisted server). This probably requires changes to how the DAG is handled to avoid inconsistent state.

The goal/use case is to prevent constantly bad acting servers from affecting a given synapse instance.

@Half-Shot

This comment has been minimized.

Copy link
Contributor

commented May 2, 2018

As a first step, you could offer direct blacklisting. I know it's not going to be as effective as blocking by event origin, but it's a start? That can't be very difficult to implement

@Half-Shot

This comment has been minimized.

Copy link
Contributor

commented May 2, 2018

And, I'm super worried about just how infeasible this is going to be :(. You'll need the state events, no matter what because otherwise your state will differ and it won't match up with everyone else and it will cry. So we'd need to make sure that we don't blacklist state events.

Regular messages would be fine if they didn't rely on prev_events but because they do you'd end up with huge swathes of disconnected DAG -- which might not be bad, or good. I don't know if synapse would have a fallback of attaching itself to the Most Recent Node™️ (which could mean many things).

@turt2live

This comment has been minimized.

Copy link
Member Author

commented May 2, 2018

tbh I'd be perfectly okay with state events being rejected, however that does cause problems for everything. Events should at the very least be highly sanitized to prevent them from being troublesome.

@ara4n

This comment has been minimized.

Copy link
Member

commented Sep 6, 2018

We had another request from this from @muppeth today - i misremembered and though I'd already implemented it.

I guess the main problem here is that the problem is equivalent to server ACLs - and suffer from the same issues of server ACLs: that any servers which don't uphold ACLs will leak events, and so for the blacklist to work, you'd have to blacklist those servers too. So presumably the correct implementation of this would have to do just that (which might not be a bad thing, in terms of encouraging servers to actually implement server ACLs if they want to play nice in Matrix)...

@richvdh, wdyt?

@turt2live

This comment has been minimized.

Copy link
Member Author

commented Sep 6, 2018

Wouldn't that cause a cascading failure where the server eventually becomes isolated? If matrix.org doesn't blacklist evil.com, but example.org does, then example.org will have to blacklist matrix.org and whatever other servers decided to not blacklist evil.com.

@richvdh

This comment has been minimized.

Copy link
Member

commented Sep 6, 2018

I'm afraid I don't quite understand what this is asking for that is different from ACLs?

@ara4n

This comment has been minimized.

Copy link
Member

commented Sep 7, 2018

hum, yes.

@ara4n

This comment has been minimized.

Copy link
Member

commented Sep 8, 2018

("hum, yes" was directed at @turt2live; github didn't show me @richvdh's comment).

What this is asking for is the ability to blanket blacklist a server from participating in any room in your server. I.e. "i hate evil.net; i do not want arasphere.net talking to it or receiving any events from it".

@richvdh

This comment has been minimized.

Copy link
Member

commented Sep 17, 2018

right, but it sounds like we're agreeing that's not a thing that is practical. So can we reject this bug?

@turt2live

This comment has been minimized.

Copy link
Member Author

commented Sep 17, 2018

Yea, this is borderline impossible. Closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.