Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

p2p: Do not relay banned IP addresses #15617

Merged
merged 1 commit into from
Mar 20, 2019
Merged

p2p: Do not relay banned IP addresses #15617

merged 1 commit into from
Mar 20, 2019

Conversation

sipa
Copy link
Member

@sipa sipa commented Mar 18, 2019

No description provided.

@fanquake fanquake added the P2P label Mar 18, 2019
@gmaxwell
Copy link
Contributor

Concept ACK. utACK, will test.

@naumenkogs
Copy link
Member

utACK

@jonasschnelli
Copy link
Contributor

utACK 054d01d

1 similar comment
@practicalswift
Copy link
Contributor

utACK 054d01d

@maflcko maflcko changed the title Do not relay banned IP addresses p2p: Do not relay banned IP addresses Mar 18, 2019
@promag
Copy link
Contributor

promag commented Mar 18, 2019

How can this be tested?

@gmaxwell
Copy link
Contributor

ACK (now tested it, appears to work)

@gmaxwell
Copy link
Contributor

@promag Instrument your node to log the addr message it sends, ban stuff, check that it's not relaying the banned stuff... which is what I did :) (or otherwise, run the patch, and observe that nothing catches fire)

@promag
Copy link
Contributor

promag commented Mar 19, 2019

@gmaxwell I mean it could have a functional test or something.

@gmaxwell
Copy link
Contributor

I sure hope that when people say they've tested a PR it doesn't mean they just ran its unit test...

@promag
Copy link
Contributor

promag commented Mar 19, 2019

I hope too, but a test would be a nice addition no?

@practicalswift
Copy link
Contributor

practicalswift commented Mar 19, 2019
edited
Loading

Nit: Do we care about the object slicing going on here (slicing from CAddress to CNetAddr)?

(Note: Slicing was present in this code also before this patch.)

@laanwj laanwj added this to the 0.18.0 milestone Mar 19, 2019
@pstratem
Copy link
Contributor

utACK 054d01d

@jonasschnelli
Copy link
Contributor

I sure hope that when people say they've tested a PR it doesn't mean they just ran its unit test...

Heh. Indeed.
Though, the functional tests are usually a good starting point in how to understand how manual testing can be done...

@laanwj
Copy link
Member

laanwj commented Mar 20, 2019
edited
Loading

I sure hope that when people say they've tested a PR it doesn't mean they just ran its unit test...

I don't hope so either. Would make sense to extend the definition of ACKs in CONTRIBUTING.md to describe that a tested ACK involves change-specific manual testing, and in case it's not obvious how that's done, it should be described in the post.

(not trying to say that running the unit+functional tests locally isn't useful! travis cannot possible cover all possible combinations of hardware and software)

utACK 054d01d

@laanwj laanwj merged commit 054d01d into bitcoin:master Mar 20, 2019
laanwj added a commit that referenced this pull request Mar 20, 2019
@laanwj
Merge #15617: p2p: Do not relay banned IP addresses
81f732b 
054d01d Do not relay banned IP addresses (Pieter Wuille)

Pull request description:

Tree-SHA512: 538c43781c789949e1ae566533e76835d478e40e8ba6427b22234ee611cb4a311b2940a214e37c1e9c9afe28a6814a00d490a39e3580bb5ebd85b03e95040246
laanwj pushed a commit that referenced this pull request Mar 20, 2019
@sipa @laanwj
Do not relay banned IP addresses
238ef33 
Github-Pull: #15617
Rebased-From: 054d01d
Tree-SHA512: 2c47cf823cc51aee5a224513a0ca2fd1132f4c567d255ead661e88f009dc5d1db73da79b5e65a63b11b222e17292fdff9035a93cb2e53215d9bbb21a5bce7a41
jonatack added a commit to jonatack/bitcoin that referenced this pull request Mar 20, 2019
@jonatack
Doc: update ACK description in CONTRIBUTING.md
731414d 
as per bitcoin#15617 (comment)
@jonatack jonatack mentioned this pull request Mar 20, 2019
Merged
jonatack added a commit to jonatack/bitcoin that referenced this pull request Mar 20, 2019
@jonatack
Doc: update ACK description in CONTRIBUTING.md
0d9d2b3 
as per bitcoin#15617 (comment) and bitcoin#15626 (comment).
@promag
Copy link
Contributor

promag commented Mar 20, 2019

My comment was about having this new behavior checked, not about how reviews should be done.

laanwj added a commit that referenced this pull request Mar 20, 2019
@laanwj
Merge #15626: Docs: Update ACK description in CONTRIBUTING.md
bbc436e 
0d9d2b3 Doc: update ACK description in CONTRIBUTING.md (Jon Atack)

Pull request description:

  as per #15617 (comment).

  Edit:

  as per #15617 (comment) and #15626 (comment).

Tree-SHA512: 12df420d20338270bca310873c73d2f38b631c05cf8b3e5b2c1380f95936cb122687ba66b71de53348222efd5fed6d21e67f535a6ada689bf294dceec184a631
marcinja pushed a commit to marcinja/bitcoin that referenced this pull request Mar 20, 2019
@jonatack @marcinja
Doc: update ACK description in CONTRIBUTING.md
8cfdf0c 
as per bitcoin#15617 (comment) and bitcoin#15626 (comment).
marcinja pushed a commit to marcinja/bitcoin that referenced this pull request Mar 20, 2019
@jonatack @marcinja
Doc: update ACK description in CONTRIBUTING.md
2f60596 
as per bitcoin#15617 (comment) and bitcoin#15626 (comment).
@luke-jr
Copy link
Member

luke-jr commented Apr 17, 2019

utACK

HashUnlimited pushed a commit to HashUnlimited/chaincoin that referenced this pull request Apr 19, 2019
@sipa
Do not relay banned IP addresses
1726ca6 
Github-Pull: bitcoin#15617
Rebased-From: 054d01d
Tree-SHA512: 2c47cf823cc51aee5a224513a0ca2fd1132f4c567d255ead661e88f009dc5d1db73da79b5e65a63b11b222e17292fdff9035a93cb2e53215d9bbb21a5bce7a41
HashUnlimited pushed a commit to HashUnlimited/chaincoin that referenced this pull request Aug 30, 2019
@jonatack
Doc: update ACK description in CONTRIBUTING.md
6554cea 
as per bitcoin#15617 (comment) and bitcoin#15626 (comment).
barrystyle pushed a commit to zentoshi/zentoshi that referenced this pull request Nov 11, 2019
@jonatack @barrystyle
Doc: update ACK description in CONTRIBUTING.md
57d5dd3 
as per bitcoin/bitcoin#15617 (comment) and bitcoin/bitcoin#15626 (comment).
deadalnix pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this pull request May 21, 2020
@sipa @majcosta
[backport#15617] Do not relay banned IP addresses
4676f0d 
Summary: Backport of Core [[bitcoin/bitcoin#15617 | PR15617]]

Test Plan:
  ninja check check-functional

Reviewers: #bitcoin_abc, deadalnix

Reviewed By: #bitcoin_abc, deadalnix

Differential Revision: https://reviews.bitcoinabc.org/D6212
@cculianu
Copy link

cculianu commented Jun 8, 2020

You guys realize -- this is a DoS vector. This commit introduces effectively a quadratic loop for GETADDR. IsBanned() is a relatively expensive call which linearly scans the entire ban table after taking a lock. This loop does IsBanned for each item in vAddr up to 2500 items max.

What's worse, the ban table can be manipulated and is unbounded in size -- anybody with enough IP addresses can grow it on any target node they can connect to -- to tens of thousands of entries. This is especially true if using IPv6 where thousands of IP addresses are easily obtained by people with even modest resources. See RFC3177 - Recommendations on IPv6 Address Allocations to Sites

I was able to manipulate the ban table on my testnet node. I added some debug/printing to my local build. This is to service just 1 GETADDR message:

2020-06-08T21:09:40Z GETADDR vAddr: 2500 banSz: 47506 ~iters: 118765000(118764972) took: 2010.761 ms

ftrader pushed a commit to bitcoin-cash-node/bitcoin-cash-node that referenced this pull request Aug 17, 2020
@cculianu
[backport] Do not relay banned or discouraged IP addresses
a9e47e7 
Summary
---

This is a backport of D6212 but adapted to the new "discouragement
filter" API in !555. It depends on !555 (it is a commit on top of that
MR).

Adapted (partial) backport of:
 - Core [[bitcoin/bitcoin#15617 | PR15617]]
 - Core [[bitcoin/bitcoin#19219 | PR19219]]
 - Differential Revision: https://reviews.bitcoinabc.org/D6212

Test Plan:
---

    ninja check check-functional
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jun 25, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15617: p2p: Do not relay banned IP addresses
76c9cbf 
054d01d Do not relay banned IP addresses (Pieter Wuille)

Pull request description:

Tree-SHA512: 538c43781c789949e1ae566533e76835d478e40e8ba6427b22234ee611cb4a311b2940a214e37c1e9c9afe28a6814a00d490a39e3580bb5ebd85b03e95040246
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jun 27, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15617: p2p: Do not relay banned IP addresses
328d43c 
054d01d Do not relay banned IP addresses (Pieter Wuille)

Pull request description:

Tree-SHA512: 538c43781c789949e1ae566533e76835d478e40e8ba6427b22234ee611cb4a311b2940a214e37c1e9c9afe28a6814a00d490a39e3580bb5ebd85b03e95040246
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jun 27, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15626: Docs: Update ACK description in CONTRIBUTING.md
5851979 
0d9d2b3 Doc: update ACK description in CONTRIBUTING.md (Jon Atack)

Pull request description:

  as per bitcoin#15617 (comment).

  Edit:

  as per bitcoin#15617 (comment) and bitcoin#15626 (comment).

Tree-SHA512: 12df420d20338270bca310873c73d2f38b631c05cf8b3e5b2c1380f95936cb122687ba66b71de53348222efd5fed6d21e67f535a6ada689bf294dceec184a631
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jun 28, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15617: p2p: Do not relay banned IP addresses
8923a42 
054d01d Do not relay banned IP addresses (Pieter Wuille)

Pull request description:

Tree-SHA512: 538c43781c789949e1ae566533e76835d478e40e8ba6427b22234ee611cb4a311b2940a214e37c1e9c9afe28a6814a00d490a39e3580bb5ebd85b03e95040246
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jun 28, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15626: Docs: Update ACK description in CONTRIBUTING.md
02f8e75 
0d9d2b3 Doc: update ACK description in CONTRIBUTING.md (Jon Atack)

Pull request description:

  as per bitcoin#15617 (comment).

  Edit:

  as per bitcoin#15617 (comment) and bitcoin#15626 (comment).

Tree-SHA512: 12df420d20338270bca310873c73d2f38b631c05cf8b3e5b2c1380f95936cb122687ba66b71de53348222efd5fed6d21e67f535a6ada689bf294dceec184a631
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jun 29, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15617: p2p: Do not relay banned IP addresses
ab79520 
054d01d Do not relay banned IP addresses (Pieter Wuille)

Pull request description:

Tree-SHA512: 538c43781c789949e1ae566533e76835d478e40e8ba6427b22234ee611cb4a311b2940a214e37c1e9c9afe28a6814a00d490a39e3580bb5ebd85b03e95040246
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jun 29, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15626: Docs: Update ACK description in CONTRIBUTING.md
6dacf59 
0d9d2b3 Doc: update ACK description in CONTRIBUTING.md (Jon Atack)

Pull request description:

  as per bitcoin#15617 (comment).

  Edit:

  as per bitcoin#15617 (comment) and bitcoin#15626 (comment).

Tree-SHA512: 12df420d20338270bca310873c73d2f38b631c05cf8b3e5b2c1380f95936cb122687ba66b71de53348222efd5fed6d21e67f535a6ada689bf294dceec184a631
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jul 1, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15626: Docs: Update ACK description in CONTRIBUTING.md
e386e99 
0d9d2b3 Doc: update ACK description in CONTRIBUTING.md (Jon Atack)

Pull request description:

  as per bitcoin#15617 (comment).

  Edit:

  as per bitcoin#15617 (comment) and bitcoin#15626 (comment).

Tree-SHA512: 12df420d20338270bca310873c73d2f38b631c05cf8b3e5b2c1380f95936cb122687ba66b71de53348222efd5fed6d21e67f535a6ada689bf294dceec184a631
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jul 1, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15626: Docs: Update ACK description in CONTRIBUTING.md
fb8d075 
0d9d2b3 Doc: update ACK description in CONTRIBUTING.md (Jon Atack)

Pull request description:

  as per bitcoin#15617 (comment).

  Edit:

  as per bitcoin#15617 (comment) and bitcoin#15626 (comment).

Tree-SHA512: 12df420d20338270bca310873c73d2f38b631c05cf8b3e5b2c1380f95936cb122687ba66b71de53348222efd5fed6d21e67f535a6ada689bf294dceec184a631
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jul 8, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15626: Docs: Update ACK description in CONTRIBUTING.md
47ddb26 
0d9d2b3 Doc: update ACK description in CONTRIBUTING.md (Jon Atack)

Pull request description:

  as per bitcoin#15617 (comment).

  Edit:

  as per bitcoin#15617 (comment) and bitcoin#15626 (comment).

Tree-SHA512: 12df420d20338270bca310873c73d2f38b631c05cf8b3e5b2c1380f95936cb122687ba66b71de53348222efd5fed6d21e67f535a6ada689bf294dceec184a631
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jul 10, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15626: Docs: Update ACK description in CONTRIBUTING.md
368f5f0 
0d9d2b3 Doc: update ACK description in CONTRIBUTING.md (Jon Atack)

Pull request description:

  as per bitcoin#15617 (comment).

  Edit:

  as per bitcoin#15617 (comment) and bitcoin#15626 (comment).

Tree-SHA512: 12df420d20338270bca310873c73d2f38b631c05cf8b3e5b2c1380f95936cb122687ba66b71de53348222efd5fed6d21e67f535a6ada689bf294dceec184a631
linuxsh2 pushed a commit to linuxsh2/dash that referenced this pull request Aug 11, 2021
@laanwj @linuxsh2
Merge bitcoin#15617: p2p: Do not relay banned IP addresses
1818cb0 
054d01d Do not relay banned IP addresses (Pieter Wuille)

Pull request description:

Tree-SHA512: 538c43781c789949e1ae566533e76835d478e40e8ba6427b22234ee611cb4a311b2940a214e37c1e9c9afe28a6814a00d490a39e3580bb5ebd85b03e95040246
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Feb 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
P2P
Projects
None yet
Milestone
0.18.0
Development

Successfully merging this pull request may close these issues.