Page MenuHomePhabricator

Make invalid network magic cause Misbehaving points
AbandonedPublic

Authored by OverlordQ on Jan 11 2018, 22:00.

Details

Reviewers
deadalnix
Group Reviewers
Restricted Owners Package(Owns No Changed Paths)
Restricted Project
Summary

Clients repeatdly connecting with invalid magic will eventually get banned

Test Plan

make check

Diff Detail

Repository
rABC Bitcoin ABC
Branch
invalid-messagestart-is-misbehaving
Lint
Lint Passed
SeverityLocationCodeMessage
Auto-Fixsrc/net_processing.cpp:1CFMTCode style violation
Unit
No Test Coverage
Build Status
Buildable 1577
Build 1577: arc lint + arc unit

Event Timeline

Owners added a reviewer: Restricted Owners Package.Jan 11 2018, 22:00
deadalnix requested changes to this revision.Jan 12 2018, 00:14
deadalnix added a subscriber: deadalnix.

Thanks for the patch, this is very much needed. However,

lackoftest

This revision now requires changes to proceed.Jan 12 2018, 00:14

Also I'd probably put something a bit higher for penalty. It's gonna take forever before a node is banned that way.

I'll add in some tests.

I figured on a lower amount JIC there was a misconfigured pre-magic switch Cash node out there to not inadvertently get them blacklisted also.

Changes:

  • Increase penalty
  • Add functional test

Still some work to be done, just wanted to get the WIP updated.

Arcanist was throwing an error if I didn't skip linting.

[2018-01-12 06:31:50] EXCEPTION: (Exception) Two objects (of classes "ClangFormatLinter" and "FnClangFormatLinter", descendants of ancestor class "ArcanistLinter") returned the same key from "getLinterConfigurationName()" ("clang-format"), but each object in this class map must be identified by a unique key. at [<phutil>/src/symbols/PhutilClassMapQuery.php:268]
arcanist(custom=1), arcanist-abc(head=arcpatch-D934, ref.master=16cbb9e86e3f, ref.arcpatch-D934=874389cf9672), fn-phabricator-linters(), phutil()
  #0 PhutilClassMapQuery::loadMap() called at [<phutil>/src/symbols/PhutilClassMapQuery.php:179]
  #1 PhutilClassMapQuery::execute() called at [<arcanist>/src/lint/engine/ArcanistConfigurationDrivenLintEngine.php:143]
  #2 ArcanistConfigurationDrivenLintEngine::loadAvailableLinters() called at [<arcanist>/src/lint/engine/ArcanistConfigurationDrivenLintEngine.php:32]
  #3 ArcanistConfigurationDrivenLintEngine::buildLinters() called at [<arcanist>/src/lint/engine/ArcanistLintEngine.php:166]
  #4 ArcanistLintEngine::run() called at [<arcanist>/src/workflow/ArcanistLintWorkflow.php:334]
  #5 ArcanistLintWorkflow::run() called at [<arcanist>/scripts/arcanist.php:394]

This diff contains only part of your changes. Presumably you have several commits and submit only the topmost one. If that's the case you use git rebase -i master and mark all the commit but the first one as f and then run arc diff again.

Also, from what I can see, this looks pretty damn good.

test/functional/p2p-badmagic.py
144 ↗(On Diff #2467)

This is banning the node and check it is banned. This should be checking that the node gets banned when using the wrong magic a few times. To do so, 127.0.0.0/24 should be removed from the whitelist of the node.

test/functional/p2p-badmagic.py
144 ↗(On Diff #2467)

I didn't see a way around not whitelisting localhost due to the CNetAddr::IsLocal check in the CheckIfBanned function, and I didn't feel like I should fiddle in there also.

test/functional/p2p-badmagic.py
144 ↗(On Diff #2467)

Looking into it, it seems indeed difficult. Maybe that's something we want to fix, but it's a bit outside the scope of this diff. Maybe one thing that can be done here is to check the banscore of the faulty node ?

test/functional/p2p-badmagic.py
144 ↗(On Diff #2467)

So when it sends bad magic it gets disconnected immediately so all the associated meta such has hostid/ip/banscore/etc gets dropped as well.

So you can't use getpeerinfo to grab the banscore as only connected nodes appear there.

So without refactoring I'm not sure there's a easy way to accurately test this in the python test suite.

test/functional/p2p-badmagic.py
144 ↗(On Diff #2467)

But then, why do we increase the banscore in this patch ? And does it improve things at all ?

deadalnix requested changes to this revision.Jan 14 2018, 14:01

So I checked running this patch and indeed, it doesn't ban anything. The misbehaving points need to be associated to the IP (or the /64 for IPv6).

Log extract: P18 . We can see the same host try to connect numerous time, but its ban score gets reseted to 0 every time, so it never gets banned.

This revision now requires changes to proceed.Jan 14 2018, 14:01

Abandoning the changes for now until I can figure out how to work around the code restrictions that prevent a proper testcase.