Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implements ping-pong packets between nodes (bp #12794) #13281

Merged
merged 2 commits into from
Oct 29, 2020
Merged

implements ping-pong packets between nodes (bp #12794) #13281

merged 2 commits into from
Oct 29, 2020

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Oct 29, 2020

This is an automated backport of pull request #12794 done by Mergify

Cherry-pick of ae91270 has failed:

On branch mergify/bp/v1.3/pr-12794
Your branch is up to date with 'origin/v1.3'.

You are currently cherry-picking commit ae9127096.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:

	modified:   core/Cargo.toml
	modified:   core/src/crds_gossip.rs
	modified:   core/src/crds_gossip_pull.rs
	modified:   core/src/lib.rs
	new file:   core/src/ping_pong.rs
	modified:   core/tests/crds_gossip.rs

Unmerged paths:
  (use "git add <file>..." to mark resolution)

	both modified:   Cargo.lock
	both modified:   core/src/cluster_info.rs

To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

Mergify commands and options

More conditions and actions can be found in the documentation.

You can also trigger Mergify actions by commenting on this pull request:

  • @Mergifyio refresh will re-evaluate the rules
  • @Mergifyio rebase will rebase this PR on its base branch
  • @Mergifyio update will merge the base branch into this PR
  • @Mergifyio backport <destination> will backport this PR on <destination> branch

Additionally, on Mergify dashboard you can:

  • look at your merge queues
  • generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.io/

@behzadnouri
implements ping-pong packets between nodes (#12794)
c57ea49 
https://hackerone.com/reports/991106

> It’s possible to use UDP gossip protocol to amplify DDoS attacks. An attacker
> can spoof IP address in UDP packet when sending PullRequest to the node.
> There's no any validation if provided source IP address is not spoofed and
> the node can send much larger PullResponse to victim's IP. As I checked,
> PullRequest is about 290 bytes, while PullResponse is about 10 kB. It means
> that amplification is about 34x. This way an attacker can easily perform DDoS
> attack both on Solana node and third-party server.
>
> To prevent it, need for example to implement ping-pong mechanism similar as
> in Ethereum: Before accepting requests from remote client needs to validate
> his IP. Local node sends Ping packet to the remote node and it needs to reply
> with Pong packet that contains hash of matching Ping packet. Content of Ping
> packet is unpredictable. If hash from Pong packet matches, local node can
> remember IP where Ping packet was sent as correct and allow further
> communication.
>
> More info:
> https://github.com/ethereum/devp2p/blob/master/discv4.md#endpoint-proof
> https://github.com/ethereum/devp2p/blob/master/discv4.md#wire-protocol

The commit adds a PingCache, which maintains records of remote nodes
which have returned a valid response to a ping message, and on-the-fly
ping messages pending a pong response from the remote node.

When handling pull-requests, those from addresses which have not passed
the ping-pong check are filtered out, and additionally ping packets are
added for addresses which need to be (re)verified.

(cherry picked from commit ae91270)

# Conflicts:
#	Cargo.lock
#	core/src/cluster_info.rs
@mergify mergify bot added conflicts automerge Merge this Pull Request automatically once CI passes labels Oct 29, 2020
@mergify
Copy link
Contributor Author

mergify bot commented Oct 29, 2020

automerge label removed due to a CI failure

@mergify mergify bot removed the automerge Merge this Pull Request automatically once CI passes label Oct 29, 2020
@mergify mergify bot added the automerge Merge this Pull Request automatically once CI passes label Oct 29, 2020
@codecov
Copy link

codecov bot commented Oct 29, 2020

Codecov Report

Merging #13281 into v1.3 will decrease coverage by 0.0%.
The diff coverage is 72.6%.

@@           Coverage Diff            @@
##            v1.3   #13281     +/-   ##
========================================
- Coverage   82.2%    82.1%   -0.1%     
========================================
  Files        351      366     +15     
  Lines      81640    85338   +3698     
========================================
+ Hits       67153    70116   +2963     
- Misses     14487    15222    +735

@mergify mergify bot merged commit 06067dd into v1.3 Oct 29, 2020
@mergify mergify bot deleted the mergify/bp/v1.3/pr-12794 branch October 29, 2020 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
automerge Merge this Pull Request automatically once CI passes conflicts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@behzadnouri