Don't forward packets received from TPU forwards port #22078
Conversation
|
No test yet but just want to see if we agree on this direction. Any detractors? I think there's risk of tx land rate to drop with this change but send tx service should make up for that. |
Codecov Report
@@ Coverage Diff @@
## master #22078 +/- ##
=========================================
- Coverage 81.3% 81.3% -0.1%
=========================================
Files 518 518
Lines 145734 145812 +78
=========================================
+ Hits 118554 118595 +41
- Misses 27180 27217 +37 |
|
Logic changes looks good to me |
jstarry
force-pushed
the
disable-forwards
branch
3 times, most recently
from
1d7653e
to
e2c784e
Compare
|
My suggestion is not to add any port-based logic to the validator:
Besides the problems with port-based decisions, it is not very evident that forwarded transactions should be treated this way. There was actually a counter argument on discord that forwarded txs should be prioritized because:
I am not necessarily in favor of that argument, but just pointing out nuances involved. Primarily I am in favor just not adding any port-based logic to the validator. |
jstarry
force-pushed
the
disable-forwards
branch
from
e2c784e
to
2ccf965
Compare
|
Thanks for weighing in @behzadnouri!
Agreed 100%, this is not secure if we don't check if the packet came from a legitimate source. In this case, after the changes in this PR, any client (including validators) can choose to either send to the TPU or the TPU forwards port. If they send to the TPU port, well behaved validators will try to process and forward if needed. If a packet is sent to the TPU forwards port, well-behaved validators will try to process and will not forward.
There is not much incentive for a validator to change this behavior so we can assume that everyone will exclusively use the TPU port for sending transactions and then well-behaved validators protect each other by only sending messages one hop. So this change actually helps a lot because it guarantees that bad actors can't amplify their access to blocks by spamming TPU ports on upcoming leaders and having those leaders continue forwarding any unprocessed packets.
I agree that it's not very clear here what the right thing to do is. I think this will need to be resolved in a few different changes. We already have the data budget in place which might be enough so that we don't need this change. But given that clients already retry their transactions using the send-tx-service, I don't think validators would choose to have this extra forwarding overhead if given the choice. |
|
Forwarding my reply on this topic from Discord
Further, this change brings behavior in line with how a majority of the eng team thought TPU forwards worked today. |
|
@sakridge how do you feel about this change? Any particular testing you would like done? |
|
好的,已收到
|
In general I like it, I would rather push more forwarding into the client. It would be nice to have some kind of idea of how it affects the system though. Maybe we can experiment with it on testnet first? Send a bunch of transactions and then can we instrument and see what kind of traffic we are accepting through this path today? |
* Don't forward packets received from TPU forwards port * Add banking stage test (cherry picked from commit b1d9a2e) # Conflicts: # core/src/banking_stage.rs # core/src/vote_simulator.rs # rpc/src/cluster_tpu_info.rs
* Don't forward packets received from TPU forwards port * Add banking stage test (cherry picked from commit b1d9a2e)
Problem
Transactions received on the TPU forwards port should only be forwarded one hop but are actually forwarded multiple hops until they expire.
Summary of Changes
Fixes #