Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Khalil/6474 Gossipsub RPC control message Spam protection: GRAFT & PRUNE #4103

Merged
merged 138 commits into from Mar 27, 2023
Merged

Khalil/6474 Gossipsub RPC control message Spam protection: GRAFT & PRUNE #4103

merged 138 commits into from Mar 27, 2023

Conversation

gomisha
Copy link
Contributor

@gomisha gomisha commented Mar 27, 2023
edited

This PR adds spam protection for gossipsub RPC control messages (GRAFT & PRUNE). It adds a new ControlMsgValidationInspector which is a gossipsub RPC inspector that performs the following validation on control messages for each of the control types (GRAFT & PRUNE). These protections are important due to the fact that RPC messages are processed synchronously by libp2p and a malicious actor could exhaust the nodes resources or degrade the nodes network performance by spamming costly control messages.

  • Ensure RPC messages with a count > configured upper threshold are immediately rejected
  • Ensure RPC messages for specific control type are not rate limited for peer
  • Ensure RPC messages for specific control type < safety threshold < upper threshold have valid topic ID's
  • Ensure RPC messages with a count < safety threshold bypass validation

I suggest you start your review in the inspector package which contains all the new inspector logic and the control message validation inspector gossip spammer tests.

ref: https://github.com/dapperlabs/flow-go/pull/6555
author: @kc1116

gomisha and others added 30 commits February 17, 2023 11:55
@gomisha
CI sync scripts
9a9c2ed
@gomisha
added README for branch sync branches
61ee991
@github-actions
Merge branch 'master' of https://github.com/onflow/flow-go into maste…
a379818 
…r-private
@gomisha
Merge pull request #6504 from dapperlabs/master-sync
ce1f3a2 
Public flow-go master sync
@gomisha
Update sync-from-public-flow-go.yml
f912471 
workflow_dispatch: only on master-private branch
@gomisha
Merge branch 'master-private' of https://github.com/dapperlabs/flow-go
ce61d9f 
…into master-private
@Latkes @Kay-Zee
Security Code Scanning
c7873fd 
Please approve this workflow for security code scanning. Please let me know if you have any questions!
@Kay-Zee
Update for new branch structure
b27ba03
@franc-crypt0-s3curity
adding C in addition to GO
013f7e5
@franc-crypt0-s3curity
Merge pull request #6508 from dapperlabs/kan/add-sec-scanning
6810a56 
Kan/add sec scanning
@github-actions
Merge branch 'master' of https://github.com/onflow/flow-go into maste…
456329e 
…r-private
@gomisha
Merge pull request #6510 from dapperlabs/master-sync
5a21b15 
Public flow-go master sync
@gomisha
Create dependabot.yml
b877593 
target-branch: "master-public"
@gomisha
Update dependabot.yml
b858f81 
added all directories with go.mod
@Kay-Zee
Run CI against all master branches
3b23a76
@github-actions
Merge branch 'master' of https://github.com/onflow/flow-go into maste…
5e7980d 
…r-private
@Kay-Zee
Merge pull request #6530 from dapperlabs/kan/run-ci-against-all-maste…
9979d02 
…r-branches

Kan/run ci against all master branches
@gomisha
Merge pull request #6531 from dapperlabs/master-sync
f7cca6b 
Public flow-go master sync
@gomisha
Update ci.yml
c113a14 
master* branch name match
@gomisha
Update ci.yml
90e9a53 
revert back to `master` - test if CI not run
@gomisha
Update ci.yml
2342d8f 
foo2
@gomisha
Update ci.yml
9c5e615 
revert back to master*
@gomisha
Merge pull request #6532 from dapperlabs/misha/run-ci-against-all-mas…
cb3d0c2 
…ter-branches

run ci against all master branches - `master-public`
@gomisha
Merge pull request #6534 from dapperlabs/master-sync
3e56b3f 
Public flow-go master sync
@gomisha
Merge pull request #6547 from dapperlabs/master-sync
0b61b91 
Public flow-go master sync
@gomisha
Merge pull request #6550 from dapperlabs/master-sync
6cf1b35 
Public flow-go master sync
@gomisha
Merge pull request #6552 from dapperlabs/master-sync
af8a983 
Public flow-go master sync
@kc1116
add RPC validation inspector
4a01602
@gomisha
Merge pull request #6554 from dapperlabs/master-sync
7f99cba 
Public flow-go master sync
@kc1116
add testing for each validation error case using gossip spammer
5a16923
kc1116 and others added 20 commits March 23, 2023 15:19
@kc1116
Merge branch 'master-public' into khalil/6474-graft-prune-spam
b016d5b
@kc1116
add Name() to print inspector component name when starting up
511c8cd
@kc1116
add godocs
0b97cd0
@kc1116 @peterargue
Update network/channels/channels.go
66b8994 
Co-authored-by: Peter Argue <89119817+peterargue@users.noreply.github.com>
@kc1116 @peterargue
Update network/channels/channels.go
ea93cdc 
Co-authored-by: Peter Argue <89119817+peterargue@users.noreply.github.com>
@kc1116
Update control_message_validation.go
55a5132
@kc1116
remove requestMsgInspection func
2af1c23
@kc1116
use NoopReadyDoneAware
367f417
@kc1116
Merge branch 'khalil/6474-graft-prune-spam' of github.com:dapperlabs/…
aa07aed 
…flow-go into khalil/6474-graft-prune-spam
@kc1116
wait for rate limiter to be done
9593aab
@gomisha
Merge pull request #6599 from dapperlabs/master-sync
f535ce1 
Public flow-go master sync
@gomisha
Merge pull request #6601 from dapperlabs/master-sync
de45f61 
Public flow-go master sync
@kc1116
Merge branch 'master-public' of github.com:dapperlabs/flow-go into kh…
1603ed0 
…alil/6474-graft-prune-spam
@kc1116
reduce entropy to 16 bytes
15d06ee
@kc1116
add NoopComponent
fdc9c4e
@kc1116
Update control_message_validation.go
06662cb
@kc1116
remove rpc validation inspector from public libp2p node
e46de0a
@gomisha
Merge branch 'master-public' of https://github.com/dapperlabs/flow-go
ba04bca 
…into private-to-public-sync
@kc1116
Merge pull request #6555 from dapperlabs/khalil/6474-graft-prune-spam
827ce54 
Khalil/6474 Gossupsub RPC control message Spam protection: GRAFT & PRUNE
@gomisha
Merge branch 'master-public' of https://github.com/dapperlabs/flow-go
09a5704 
…into private-to-public-sync
@gomisha gomisha changed the title Private to public sync Khalil/6474 Gossupsub RPC control message Spam protection: GRAFT & PRUNE Mar 27, 2023
@gomisha gomisha changed the title Khalil/6474 Gossupsub RPC control message Spam protection: GRAFT & PRUNE Khalil/6474 Gossipsub RPC control message Spam protection: GRAFT & PRUNE Mar 27, 2023
@kc1116 kc1116 marked this pull request as ready for review March 27, 2023 20:57
@kc1116
Copy link
Contributor

kc1116 commented Mar 27, 2023

bors merge

@bors
Copy link
Contributor

bors bot commented Mar 27, 2023

Build succeeded:

@bors bors bot merged commit b500369 into onflow:master Mar 27, 2023
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yhassanzadeh13 yhassanzadeh13 yhassanzadeh13 approved these changes

@peterargue peterargue peterargue approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@gomisha @kc1116 @yhassanzadeh13 @peterargue @Latkes @Kay-Zee @franc-crypt0-s3curity