Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

storagenode/signature: Reject uploads with a timestamp too far in the future #3194

Merged
merged 2 commits into from
Oct 8, 2019
Merged

storagenode/signature: Reject uploads with a timestamp too far in the future #3194

merged 2 commits into from
Oct 8, 2019

Conversation

littleskunk
Copy link
Member

What: Reject uploads if the OrderCreation timestamp is too far in the future.

Why: Most likely the storage node clock is out of sync. In that case the satellite will remove the pointer because the storage node signature is too old. We are upload pieces to the storage node and later call garbage collection to delete all the data. This PR will reject the upload in the first place. We don't want to waste traffic. Hopefully the storage node will notice the error messages in the logfile and fix the system clock.

Please describe the tests:

  • Test 1:
  • Test 2:

Please describe the performance impact:

Code Review Checklist (to be filled out by reviewer)

  • Does the PR describe what changes are being made?
  • Does the PR describe why the changes are being made?
  • Does the code follow our style guide?
  • Does the code follow our testing guide?
  • Is the PR appropriately sized? (If it could be broken into smaller PRs it should be)
  • Does the new code have enough tests? (every PR should have tests or justification otherwise. Bug-fix PRs especially)
  • Does the new code have enough documentation that answers "how do I use it?" and "what does it do?"? (both source documentation and higher level, diagrams?)
  • Does any documentation need updating?
  • Do the database access patterns make sense?

@littleskunk littleskunk requested a review from a team October 7, 2019 01:13
@cla-bot cla-bot bot added the cla-signed label Oct 7, 2019
@ghost ghost requested review from bryanchriswhite and zeebo and removed request for a team October 7, 2019 01:14
@littleskunk littleskunk added Request Code Review Code review requested Reviewer Can Merge If all checks have passed, non-owner can merge PR labels Oct 7, 2019
bryanchriswhite
bryanchriswhite approved these changes Oct 7, 2019
View reviewed changes
Copy link
Contributor

@bryanchriswhite bryanchriswhite left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems pretty straightforward, I just have a question about the expected behavior.

Are we sure that we want to use the same value for past and future grace period durations? Is it expected by the user that this config value would represent half of the total window of valid times and/or should we halve our defaults for this value?

@littleskunk
Copy link
Member Author

The user doesn't know the config on the satellite side. At the moment both configs are in sync and if we want to change the timewindow we would have to do it on both sides.

If the clock has an offset of 50 minutes the upload will still be accepted as long as the upload takes less than 10 minutes.

@littleskunk littleskunk merged commit d5b2e1e into master Oct 8, 2019
@littleskunk littleskunk deleted the jh/clock branch October 8, 2019 11:09
bryanchriswhite added a commit that referenced this pull request Oct 9, 2019
@bryanchriswhite
Merge remote-tracking branch 'storj/master' into team-literally-anyth…
fa4547a 
…ing/track-monkit-func-names-used

* storj/master: (62 commits)
  Fix typo in libuplink docs. (#3222)
  satellite/audit: fix audit panic (#3217)
  installer/windows: checkbox for opening SNOboard after installation (#3212)
  satellite/console: Removed 'user not found' message on password reset request (#3184)
  satellite/audit: add mutex to pieceHashesVerified map (#3214)
  satellite/overlay: do not include gracefully exiting nodes in node selection (#3211)
  cmd/storagenode: enable migration of configs of different types (#3189)
  satellite/gracefulexit: Add protobuf definitions for communication between storage node and satellite (#3201)
  satellite/metainfo: remove Iterate from service (#3196)
  satellite/overlay: remove overlay.IsVetted (#3203)
  Fix jenkins builds of storagenode console. (#3208)
  installer/windows: add to private Jenkins build (#3206)
  storagenode/signature: Reject uploads with a timestamp too far in the future (#3194)
  satellite/audit: Add piece hash verified to log messages (#3204)
  storagenode: embed the console into the binary and makefile (#3164)
  Update links to documentation (#3198)
  Storage Node Dashboard shortcut opens the SNOboard (#3171)
  satellite/accounting: implement tally as an observer (#2992)
  satellite/gracefulexit: add transfer queue for pieces (#3174)
  satellite/audit: do not fail or contain nodes for audited segments that are not piece-hash-verified (#3161)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bryanchriswhite bryanchriswhite bryanchriswhite approved these changes

@ifraixedes ifraixedes ifraixedes approved these changes

@zeebo zeebo Awaiting requested review from zeebo

Assignees
No one assigned
Labels
cla-signed Request Code Review Code review requested Reviewer Can Merge If all checks have passed, non-owner can merge PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@littleskunk @bryanchriswhite @ifraixedes