Do not make it trivial for inbound peers to generate log entries #11583
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Concept ACK |
promag
reviewed
Oct 31, 2017
src/net_processing.cpp
Outdated
| @@ -1514,7 +1511,9 @@ bool static ProcessMessage(CNode* pfrom, const std::string& strCommand, CDataStr | |||
| if (nVersion < MIN_PEER_PROTO_VERSION) | |||
| { | |||
| // disconnect from peers older than this proto version | |||
| LogPrintf("peer=%d using obsolete version %i; disconnecting\n", pfrom->GetId(), nVersion); | |||
| std::string obsolete_msg(strprintf("peer=%d using obsolete version %i; disconnecting\n", pfrom->GetId(), nVersion)); | |||
| if (pfrom->fInbound) LogPrint(BCLog::NET, "%s", obsolete_log); | |||
There was a problem hiding this comment.
obsolete_msg or above obsolete_log?
src/net_processing.cpp
Outdated
| LogPrintf("peer=%d using obsolete version %i; disconnecting\n", pfrom->GetId(), nVersion); | ||
| std::string obsolete_msg(strprintf("peer=%d using obsolete version %i; disconnecting\n", pfrom->GetId(), nVersion)); | ||
| if (pfrom->fInbound) LogPrint(BCLog::NET, "%s", obsolete_log); | ||
| else LogPrintf( "%s", obsolete_log); |
7344795 to
dba5160
Compare
ryanofsky
reviewed
Nov 2, 2017
There was a problem hiding this comment.
utACK dba516034898cd390a07edf86af3e9ff9f52c911. I didn't try to verify there were no missing logprints, but these changes seem reasonable.
I think it would be good to add your "We should generally avoid writing to debug.log unconditionally..." comment from the commit message to the LogFlags enum, so there is a little information about good logging practices and how the enum values are supposed to be used.
|
Concept ACK |
Yes please. Loose logging practices just cause scared users. Concept ACK. |
laanwj
reviewed
Nov 9, 2017
src/net_processing.cpp
Outdated
| LogPrintf("peer=%d using obsolete version %i; disconnecting\n", pfrom->GetId(), nVersion); | ||
| std::string obsolete_log(strprintf("peer=%d using obsolete version %i; disconnecting\n", pfrom->GetId(), nVersion)); | ||
| if (pfrom->fInbound) LogPrint(BCLog::NET, "%s", obsolete_log); | ||
| else LogPrintf( "%s", obsolete_log); |
There was a problem hiding this comment.
Would prefer to create a BCLog::ALWAYS category and use something like pfrom->fInbound ? BCLog::NET: BCLog::ALWAYS instead of repeating the log statements in this way.
(after that you could even factor it to a uint32_t log_category = ...` at the beginning of the function ProcessMessage)
dba5160 to
0d763ef
Compare
|
After discussion on IRC I removed the weird branching on fInbound to decide between LogPrint and LogPrintf...added a new "New outbound peer connected" log to ::VERACK handling to replace it. Also added a general comment in util.h about LogPrint/LogPrintf usage. |
|
What about the debug.log message Because this permanently spammed the debug.log, I added iptables rules to drop these silently on OS layer :-/ Edit: running 0.15.1rc1 |
We should generally avoid writing to debug.log unconditionally for inbound peers which misbehave (the peer being about to be banned being an exception, since they cannot do this twice). To avoid removing logs for outbound peers, a new log is added to notify users when a new outbound peer is connected which mimics the version print.
0d763ef to
be9f38c
Compare
|
Added the banned listing to the list as well (thanks!)...I'm sure there's others that are missed that can be triggered in validation logic, but I'll leave those for a future PR. |
|
Concept ACK. |
|
utACK be9f38c |
laanwj
added a commit
that referenced
this pull request
Dec 11, 2017
…g entries be9f38c Do not make it trivial for inbound peers to generate log entries (Matt Corallo) Pull request description: Based on #11580 because I'm lazy. We should generally avoid writing to debug.log unconditionally for inbound peers which misbehave (the peer being about to be banned being an exception, since they cannot do this twice). Tree-SHA512: 8e59c8d08d00b1527951b30f4842d010a4c2fc440503ade112baa2c1b9afd0e0d1c5c2df83dde25183a242af45089cf9b9f873b71796771232ffb6c5fc6cc0cc
This was referenced Jan 18, 2018
laanwj
added a commit
to laanwj/bitcoin
that referenced
this pull request
Jan 24, 2018
This moves the error messages for misbehavior (when available) into the line that reports the misbehavior, as well as moves the logging to the `net` category. This is a continuation of bitcoin#11583 and avoids serious-looking errors due to misbehaving peers. To do this, Misbehaving() gains an optional `message` argument. E.g. change: 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED 2018-01-18 16:02:27 ERROR: non-continuous headers sequence to 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED: non-continuous headers sequence
clemtaylor
added a commit
to clemtaylor/bitcoin
that referenced
this pull request
Feb 3, 2018
…non-contributing peers (port scanners?) 37% of the log default log entries for a node that has been up for ~24hrs was "version handshake timeout..."
laanwj
added a commit
that referenced
this pull request
Feb 6, 2018
…ssage c887f87 Extend #11583 to include the most common message generated by non-contributing peers (port scanners?) 37% of the log default log entries for a node that has been up for ~24hrs was "version handshake timeout..." (Clem Taylor) Pull request description: 37% of the default log entries for a node that has been up for ~24hrs was "version handshake timeout..." Tree-SHA512: dceeee5d55a9ff7570174aeb63faac9beda239087220522adefef7ed11e0eeffa008ca28726011247c8834c1a222d37817baf895635ab874a95ebc435959070e
laanwj
added a commit
that referenced
this pull request
Feb 6, 2018
d3a185a net: Move misbehaving logging to net logging category (Wladimir J. van der Laan) Pull request description: This moves the error messages for misbehavior (when available) into the line that reports the misbehavior, as well as moves the logging to the `net` category. This is a continuation of #11583 and avoids serious-looking errors due to misbehaving peers. As it is impossible to correlate the `peer=X` numbers to specific incoming connections now without enabling the `net` category, it doesn't really help to see these messages by default. To do this, Misbehaving() gains an optional `message` argument. E.g. change: 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED 2018-01-18 16:02:27 ERROR: non-continuous headers sequence to 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED: non-continuous headers sequence When there is a category for "important" net messages (see #12219 ), we should move it there. Tree-SHA512: 51c97e9a649bf5409f2fd4625fa1243a036e9c9de6037bb064244207408c2e0eb025e3af80866df673cdc006b8f35dc4078d074033f0d4c6a73bbb03949a269f
hkjn
pushed a commit
to hkjn/bitcoin
that referenced
this pull request
Feb 12, 2018
This moves the error messages for misbehavior (when available) into the line that reports the misbehavior, as well as moves the logging to the `net` category. This is a continuation of bitcoin#11583 and avoids serious-looking errors due to misbehaving peers. To do this, Misbehaving() gains an optional `message` argument. E.g. change: 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED 2018-01-18 16:02:27 ERROR: non-continuous headers sequence to 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED: non-continuous headers sequence
hkjn
pushed a commit
to hkjn/bitcoin
that referenced
this pull request
Feb 12, 2018
…non-contributing peers (port scanners?) 37% of the log default log entries for a node that has been up for ~24hrs was "version handshake timeout..."
HashUnlimited
pushed a commit
to HashUnlimited/chaincoin
that referenced
this pull request
Jul 31, 2018
…non-contributing peers (port scanners?) 37% of the log default log entries for a node that has been up for ~24hrs was "version handshake timeout..."
HashUnlimited
pushed a commit
to HashUnlimited/chaincoin
that referenced
this pull request
Jul 31, 2018
This moves the error messages for misbehavior (when available) into the line that reports the misbehavior, as well as moves the logging to the `net` category. This is a continuation of bitcoin#11583 and avoids serious-looking errors due to misbehaving peers. To do this, Misbehaving() gains an optional `message` argument. E.g. change: 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED 2018-01-18 16:02:27 ERROR: non-continuous headers sequence to 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED: non-continuous headers sequence
deadalnix
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Jan 20, 2019
Summary: bitcoin/bitcoin#11583 We should generally avoid writing to debug.log unconditionally for inbound peers which misbehave (the peer being about to be banned being an exception, since they cannot do this twice). To avoid removing logs for outbound peers, a new log is added to notify users when a new outbound peer is connected which mimics the version print. This is a backport of Core PR11583 Test Plan: CI Reviewers: #bitcoin_abc, deadalnix, Fabien Reviewed By: #bitcoin_abc, deadalnix, Fabien Subscribers: Fabien, teamcity, schancel Differential Revision: https://reviews.bitcoinabc.org/D2323
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 26, 2020
…rate log entries be9f38c Do not make it trivial for inbound peers to generate log entries (Matt Corallo) Pull request description: Based on bitcoin#11580 because I'm lazy. We should generally avoid writing to debug.log unconditionally for inbound peers which misbehave (the peer being about to be banned being an exception, since they cannot do this twice). Tree-SHA512: 8e59c8d08d00b1527951b30f4842d010a4c2fc440503ade112baa2c1b9afd0e0d1c5c2df83dde25183a242af45089cf9b9f873b71796771232ffb6c5fc6cc0cc
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 26, 2020
…egory d3a185a net: Move misbehaving logging to net logging category (Wladimir J. van der Laan) Pull request description: This moves the error messages for misbehavior (when available) into the line that reports the misbehavior, as well as moves the logging to the `net` category. This is a continuation of bitcoin#11583 and avoids serious-looking errors due to misbehaving peers. As it is impossible to correlate the `peer=X` numbers to specific incoming connections now without enabling the `net` category, it doesn't really help to see these messages by default. To do this, Misbehaving() gains an optional `message` argument. E.g. change: 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED 2018-01-18 16:02:27 ERROR: non-continuous headers sequence to 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED: non-continuous headers sequence When there is a category for "important" net messages (see bitcoin#12219 ), we should move it there. Tree-SHA512: 51c97e9a649bf5409f2fd4625fa1243a036e9c9de6037bb064244207408c2e0eb025e3af80866df673cdc006b8f35dc4078d074033f0d4c6a73bbb03949a269f
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 26, 2020
…ke timeout" message c887f87 Extend bitcoin#11583 to include the most common message generated by non-contributing peers (port scanners?) 37% of the log default log entries for a node that has been up for ~24hrs was "version handshake timeout..." (Clem Taylor) Pull request description: 37% of the default log entries for a node that has been up for ~24hrs was "version handshake timeout..." Tree-SHA512: dceeee5d55a9ff7570174aeb63faac9beda239087220522adefef7ed11e0eeffa008ca28726011247c8834c1a222d37817baf895635ab874a95ebc435959070e
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 26, 2020
…ke timeout" message c887f87 Extend bitcoin#11583 to include the most common message generated by non-contributing peers (port scanners?) 37% of the log default log entries for a node that has been up for ~24hrs was "version handshake timeout..." (Clem Taylor) Pull request description: 37% of the default log entries for a node that has been up for ~24hrs was "version handshake timeout..." Tree-SHA512: dceeee5d55a9ff7570174aeb63faac9beda239087220522adefef7ed11e0eeffa008ca28726011247c8834c1a222d37817baf895635ab874a95ebc435959070e
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 26, 2020
…ke timeout" message c887f87 Extend bitcoin#11583 to include the most common message generated by non-contributing peers (port scanners?) 37% of the log default log entries for a node that has been up for ~24hrs was "version handshake timeout..." (Clem Taylor) Pull request description: 37% of the default log entries for a node that has been up for ~24hrs was "version handshake timeout..." Tree-SHA512: dceeee5d55a9ff7570174aeb63faac9beda239087220522adefef7ed11e0eeffa008ca28726011247c8834c1a222d37817baf895635ab874a95ebc435959070e
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 27, 2020
…ke timeout" message c887f87 Extend bitcoin#11583 to include the most common message generated by non-contributing peers (port scanners?) 37% of the log default log entries for a node that has been up for ~24hrs was "version handshake timeout..." (Clem Taylor) Pull request description: 37% of the default log entries for a node that has been up for ~24hrs was "version handshake timeout..." Tree-SHA512: dceeee5d55a9ff7570174aeb63faac9beda239087220522adefef7ed11e0eeffa008ca28726011247c8834c1a222d37817baf895635ab874a95ebc435959070e
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 27, 2020
…egory d3a185a net: Move misbehaving logging to net logging category (Wladimir J. van der Laan) Pull request description: This moves the error messages for misbehavior (when available) into the line that reports the misbehavior, as well as moves the logging to the `net` category. This is a continuation of bitcoin#11583 and avoids serious-looking errors due to misbehaving peers. As it is impossible to correlate the `peer=X` numbers to specific incoming connections now without enabling the `net` category, it doesn't really help to see these messages by default. To do this, Misbehaving() gains an optional `message` argument. E.g. change: 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED 2018-01-18 16:02:27 ERROR: non-continuous headers sequence to 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED: non-continuous headers sequence When there is a category for "important" net messages (see bitcoin#12219 ), we should move it there. Tree-SHA512: 51c97e9a649bf5409f2fd4625fa1243a036e9c9de6037bb064244207408c2e0eb025e3af80866df673cdc006b8f35dc4078d074033f0d4c6a73bbb03949a269f
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 27, 2020
…ke timeout" message c887f87 Extend bitcoin#11583 to include the most common message generated by non-contributing peers (port scanners?) 37% of the log default log entries for a node that has been up for ~24hrs was "version handshake timeout..." (Clem Taylor) Pull request description: 37% of the default log entries for a node that has been up for ~24hrs was "version handshake timeout..." Tree-SHA512: dceeee5d55a9ff7570174aeb63faac9beda239087220522adefef7ed11e0eeffa008ca28726011247c8834c1a222d37817baf895635ab874a95ebc435959070e
random-zebra
added a commit
to PIVX-Project/PIVX
that referenced
this pull request
Jan 13, 2021
… to generate log entries 4801464 Do not make it trivial for inbound peers to generate log entries (Matt Corallo) Pull request description: Adapted from bitcoin#11583, following the same rationale: We have to be much more conservative when using LogPrintf/error or other things which unconditionally log to debug.log, It should not be the case that an inbound peer can fill up a users disk with debug.log entries (DoS). This rule should be applied in many other areas of the sources as well (not only on the net area). But well, step by step. ACKs for top commit: random-zebra: utACK 4801464 Fuzzbawls: utACK 4801464 Tree-SHA512: 746bdb46f286d34a0bd109b3f4d278f714ce3140c34c897ccfbe948b8c56eb7e04e91b004a9ff9e60e56c312dfc4f47d31a1f77c5e8f0f71310c3e77f5d47460
gades
pushed a commit
to cosanta/cosanta-core
that referenced
this pull request
Jun 30, 2021
…rate log entries be9f38c Do not make it trivial for inbound peers to generate log entries (Matt Corallo) Pull request description: Based on bitcoin#11580 because I'm lazy. We should generally avoid writing to debug.log unconditionally for inbound peers which misbehave (the peer being about to be banned being an exception, since they cannot do this twice). Tree-SHA512: 8e59c8d08d00b1527951b30f4842d010a4c2fc440503ade112baa2c1b9afd0e0d1c5c2df83dde25183a242af45089cf9b9f873b71796771232ffb6c5fc6cc0cc
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based on #11580 because I'm lazy.
We should generally avoid writing to debug.log unconditionally for
inbound peers which misbehave (the peer being about to be banned
being an exception, since they cannot do this twice).