Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

uplink/piecestore: Check SN piece hash timestamp #3246

Merged
merged 3 commits into from Oct 15, 2019
Merged

uplink/piecestore: Check SN piece hash timestamp #3246

merged 3 commits into from Oct 15, 2019

Conversation

ifraixedes
Copy link
Member

What: Uplink verifies that the timestamp of upload result piece hash got from a storage node is not older than the amount of time that the Satellite accepts (currently 2 hours).

Why: Because if uplink doesn't verify it, it counts as a valid result upload piece and cuts down the long tail of potential valid ones.
When uplinks count the upload results with a too old timestamp as valid, it may send a number of upload results equal to the optimal threshold, then the Satellite filters out the ones with a too old timestamp and then get only a total number of valid ones less than the optimal threshold, causing to reject the uplink request with an error response and aborting completely the upload operation.

Please describe the tests: No additional test, the current test should pass.
Please describe the performance impact: N/A

It should close the ticket https://storjlabs.atlassian.net/browse/V3-2474

Code Review Checklist (to be filled out by reviewer)

  • Does the PR describe what changes are being made?
  • Does the PR describe why the changes are being made?
  • Does the code follow our style guide?
  • Does the code follow our testing guide?
  • Is the PR appropriately sized? (If it could be broken into smaller PRs it should be)
  • Does the new code have enough tests? (every PR should have tests or justification otherwise. Bug-fix PRs especially)
  • Does the new code have enough documentation that answers "how do I use it?" and "what does it do?"? (both source documentation and higher level, diagrams?)
  • Does any documentation need updating?
  • Do the database access patterns make sense?

@ifraixedes
uplink/piecestore: Check SN piece hash timestamp
e967d84 
Uplink must verify that every piece upload to a storage node return a
hash whose timestamp isn't older than the maximum elapsed time allowed
by the Satellite.

We cannot leave this check only to the Satellite site, because if there
is no error reported by this matter, the uplink cuts down the long tail.
When uplink submits the result uploads including these invalid ones, the
Satellite filters out the invalid ones and that can provoke that it gets
less than the optimal threshold amount of valid upload results, so it
rejects the request.

Detecting the error at this stage will allow the uplink to detect these
uploads as invalid and avoid to cut down the long tail prematurely.
@ifraixedes ifraixedes added the WIP Work In Progress label Oct 11, 2019
@ifraixedes ifraixedes self-assigned this Oct 11, 2019
@cla-bot cla-bot bot added the cla-signed label Oct 11, 2019
@ifraixedes ifraixedes added Request Code Review Code review requested Reviewer Can Merge If all checks have passed, non-owner can merge PR and removed WIP Work In Progress labels Oct 11, 2019
@ifraixedes ifraixedes marked this pull request as ready for review October 11, 2019 17:28
@ifraixedes ifraixedes requested a review from a team October 11, 2019 17:28
@ghost ghost requested review from jenlij and JessicaGreben and removed request for a team October 11, 2019 17:28
navillasa
navillasa approved these changes Oct 12, 2019
View reviewed changes
uplink/piecestore/verification.go
@@ -14,13 +15,17 @@ import (
"storj.io/storj/pkg/signing"
)

const pieceHashExpiration = 2 * time.Hour
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be configurable or okay as const?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was and it still is a const in the satellite part, so I applied the same.

https://github.com/storj/storj/blob/master/satellite/metainfo/metainfo.go#L36

Which is used in https://github.com/storj/storj/blob/master/satellite/metainfo/validation.go#L378

@littleskunk
Copy link
Member

Time window will be changed with #3255

@ifraixedes
Copy link
Member Author

Time window will be changed with #3255

@littleskunk I've seen the changes in that PR but I'm not sure in how that impacts to this PR considering that the links posted to @navillasa question #3246 (comment)

If something has to be changed with those changes merged by #3255 I would need some guidance.

VinozzZ
VinozzZ approved these changes Oct 15, 2019
View reviewed changes
Copy link
Contributor

@VinozzZ VinozzZ left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. There are some tests failing on Jenkins though

@ifraixedes ifraixedes merged commit 9caa318 into master Oct 15, 2019
@ifraixedes ifraixedes deleted the orange/v3-2474-uplink-signature-check branch October 15, 2019 14:07
@ifraixedes
Copy link
Member Author

@littleskunk if there is anything to change regarding your comment, please open a new ticket with it.

littleskunk pushed a commit that referenced this pull request Oct 16, 2019
@ifraixedes @littleskunk
uplink/piecestore: Check SN piece hash timestamp (#3246)
11de5ef 
Uplink must verify that every piece upload to a storage node return a
hash whose timestamp isn't older than the maximum elapsed time allowed
by the Satellite.

We cannot leave this check only to the Satellite site, because if there
is no error reported by this matter, the uplink cuts down the long tail.
When uplink submits the result uploads including these invalid ones, the
Satellite filters out the invalid ones and that can provoke that it gets
less than the optimal threshold amount of valid upload results, so it
rejects the request.

Detecting the error at this stage will allow the uplink to detect these
uploads as invalid and avoid to cut down the long tail prematurely.

(cherry picked from commit 9caa318)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VinozzZ VinozzZ VinozzZ approved these changes

@navillasa navillasa navillasa approved these changes

@jenlij jenlij Awaiting requested review from jenlij

@JessicaGreben JessicaGreben Awaiting requested review from JessicaGreben

Assignees

@ifraixedes ifraixedes

Labels
cla-signed Request Code Review Code review requested Reviewer Can Merge If all checks have passed, non-owner can merge PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ifraixedes @littleskunk @VinozzZ @navillasa @mniewrzal