New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Always accept incoming connections from trusted peers #7140
Merged
Merged
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
079a660
Always accept incoming connections from trusted peers
AbnerZheng 468a4bd
clean up
AbnerZheng 0478b25
add more comments
AbnerZheng 5ca1ecb
clean up
AbnerZheng be2cd99
clean up
AbnerZheng ca18851
fix: should decrease num_inbount when on_already_connected
AbnerZheng File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -213,19 +213,14 @@ impl PeersManager { | |
|
||
/// Invoked when a new _incoming_ tcp connection is accepted. | ||
/// | ||
/// returns an error if the inbound ip address is on the ban list or | ||
/// we have reached our limit for max inbound connections | ||
/// returns an error if the inbound ip address is on the ban list | ||
pub(crate) fn on_incoming_pending_session( | ||
&mut self, | ||
addr: IpAddr, | ||
) -> Result<(), InboundConnectionError> { | ||
if self.ban_list.is_banned_ip(&addr) { | ||
return Err(InboundConnectionError::IpBanned) | ||
} | ||
if !self.connection_info.has_in_capacity() { | ||
return Err(InboundConnectionError::ExceedsLimit(self.connection_info.max_inbound)) | ||
} | ||
// keep track of new connection | ||
self.connection_info.inc_in(); | ||
Ok(()) | ||
} | ||
|
@@ -284,6 +279,14 @@ impl PeersManager { | |
return | ||
} | ||
value.state = PeerConnectionState::In; | ||
// if a peer is not trusted and we don't have capacity for more inbound connections, | ||
// disconnecting the peer | ||
if !value.is_trusted() && !self.connection_info.has_in_capacity() { | ||
self.queued_actions.push_back(PeerAction::Disconnect { | ||
peer_id, | ||
reason: Some(DisconnectReason::TooManyPeers), | ||
}); | ||
} | ||
} | ||
Entry::Vacant(entry) => { | ||
// peer is missing in the table, we add it but mark it as to be removed after | ||
|
@@ -292,6 +295,14 @@ impl PeersManager { | |
peer.remove_after_disconnect = true; | ||
entry.insert(peer); | ||
self.queued_actions.push_back(PeerAction::PeerAdded(peer_id)); | ||
|
||
// disconnect the peer if we don't have capacity for more inbound connections | ||
if !self.connection_info.has_in_capacity() { | ||
self.queued_actions.push_back(PeerAction::Disconnect { | ||
peer_id, | ||
reason: Some(DisconnectReason::TooManyPeers), | ||
}); | ||
} | ||
} | ||
} | ||
} | ||
|
@@ -875,7 +886,7 @@ impl ConnectionInfo { | |
|
||
/// Returns `true` if there's still capacity for a new incoming connection. | ||
fn has_in_capacity(&self) -> bool { | ||
self.num_inbound < self.max_inbound | ||
self.num_inbound <= self.max_inbound | ||
} | ||
|
||
fn decr_state(&mut self, state: PeerConnectionState) { | ||
|
@@ -1241,18 +1252,6 @@ impl PeersConfig { | |
self | ||
} | ||
|
||
/// Maximum occupied slots for outbound connections. | ||
pub fn with_max_pending_outbound(mut self, num_outbound: usize) -> Self { | ||
self.connection_info.num_outbound = num_outbound; | ||
self | ||
} | ||
|
||
/// Maximum occupied slots for inbound connections. | ||
pub fn with_max_pending_inbound(mut self, num_inbound: usize) -> Self { | ||
self.connection_info.num_inbound = num_inbound; | ||
self | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. please add again There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. |
||
|
||
/// Maximum allowed outbound connections. | ||
pub fn with_max_outbound(mut self, max_outbound: usize) -> Self { | ||
self.connection_info.max_outbound = max_outbound; | ||
|
@@ -1420,7 +1419,6 @@ impl Default for PeerBackoffDurations { | |
|
||
#[derive(Debug, Error)] | ||
pub enum InboundConnectionError { | ||
ExceedsLimit(usize), | ||
IpBanned, | ||
} | ||
|
||
|
@@ -2166,9 +2164,6 @@ mod tests { | |
Ok(_) => panic!(), | ||
Err(err) => match err { | ||
super::InboundConnectionError::IpBanned {} => {} | ||
super::InboundConnectionError::ExceedsLimit { .. } => { | ||
panic!() | ||
} | ||
}, | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering if we have actually have a bug here where we allow multiple incoming sessions from the same peerid.
could you please add a test case for this scenario, because I think we should check the peer's state here
similar setup as https://github.com/paradigmxyz/reth/blob/main/crates/net/network/src/peers/manager.rs#L1913-L1913
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here is the test I can imagine:
max_in_bound
= 1.AlreadyConnected
, the connected peers should not be connected and removed.The point is that a connected peer shouldn't be disconnected by another incoming session. Am I in the right direction?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exactly
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, there seems be a bug that
num_inbound
should have be decreased whenon_already_connected
, and I add a unit test and an integration test, PTAL.Also, I think
num_inbound
should only be increased when session established which may simplify the code to maintain it.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this makes sense, I'd like to introduce a new state
PendingIn
, similar to PendingOutwe can do this separately