Skip to content

Penalize peers that send an invalid rpc request #6986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 12 commits into
base: unstable
Choose a base branch
from
Open

Penalize peers that send an invalid rpc request #6986

wants to merge 12 commits into from

Conversation

ackintosh
Copy link
Member

@ackintosh ackintosh commented Feb 11, 2025
edited
Loading

Issue Addressed

Since #6847, invalid BlocksByRange/BlobsByRange requests, which do not comply with the spec, are handled in the Handler. Any peer that sends an invalid request is penalized and disconnected.

However, other kinds of invalid rpc request, which result in decoding errors, are just dropped. No penalty is applied and the connection with the peer remains.

Proposed Changes

I have added handling for the ListenUpgradeError event to notify the application of an RPCError:InvalidData error and disconnect to the peer that sent the invalid rpc request.

I also added tests for handling invalid rpc requests.

@ackintosh ackintosh added the work-in-progress PR is a work-in-progress label Feb 11, 2025
ackintosh
ackintosh commented Feb 12, 2025
View reviewed changes
beacon_node/lighthouse_network/src/rpc/handler.rs Outdated
Comment on lines 840 to 853
ConnectionEvent::ListenUpgradeError(e) => {
if matches!(e.error, RPCError::InvalidData(_)) {
// Peer is not complying with the protocol. Notify the application and disconnect.
let inbound_substream_id = self.current_inbound_substream_id;
self.current_inbound_substream_id.0 += 1;

self.events_out.push(HandlerEvent::Err(HandlerErr::Inbound {
id: inbound_substream_id,
proto: Protocol::DataColumnsByRange, // FIXME: replace this hardcoded protocol
error: e.error,
}));
self.shutdown(None);
}
}
Copy link
Member Author

@ackintosh ackintosh Feb 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

// FIXME: replace this hardcoded protocol

@jxs

The RPCError::InvalidData error is emitted by the inbound codec here. The problem I'm facing is that the handler cannot determine which protocol the invalid data belongs to. I think changing the type of InboundUpgrade::Error from RPCError to (Protocol, RPCError) might solves this. What do you think?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated in 2ff8cf2

@ackintosh ackintosh changed the title Penalize peers that send an invalid DataColumnsByRange request Penalize peers that send an invalid request Feb 12, 2025
@ackintosh ackintosh changed the title Penalize peers that send an invalid request Penalize peers that send an invalid rpc request Feb 12, 2025
@ackintosh ackintosh marked this pull request as ready for review February 13, 2025 23:02
@ackintosh ackintosh requested a review from jxs as a code owner February 13, 2025 23:02
@ackintosh ackintosh added ready-for-review The code is ready for review and removed work-in-progress PR is a work-in-progress labels Feb 13, 2025
ackintosh added a commit to ackintosh/lighthouse that referenced this pull request Feb 14, 2025
@ackintosh
Remove RPC::is_request_size_too_large
cfea9d2 
because that such invalid requests are handled in the Handler since the following PRs:

sigp#6847
sigp#6986
@ackintosh ackintosh mentioned this pull request Feb 14, 2025
Merged
@mergify Mergify
Copy link

mergify bot commented May 19, 2025

This pull request has merge conflicts. Could you please resolve them @ackintosh? 🙏

@mergify mergify bot added waiting-on-author The reviewer has suggested changes and awaits thier implementation. and removed ready-for-review The code is ready for review labels May 19, 2025
ackintosh added 3 commits May 20, 2025 07:36
@ackintosh
Merge branch 'unstable' into test-request-too-large
ca6fe1b 
# Conflicts:
#	beacon_node/lighthouse_network/tests/rpc_tests.rs
@ackintosh
Fix old field name
e41943e
@ackintosh
cargo fmt
ea184d2
@mergify Mergify
Copy link

mergify bot commented May 19, 2025

Some required checks have failed. Could you please take a look @ackintosh? 🙏

jxs
jxs reviewed May 29, 2025
View reviewed changes
Copy link
Member

@jxs jxs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Akihito, overall this looks good to me, sorry for the delay in the review, left some comments

beacon_node/lighthouse_network/src/rpc/handler.rs Outdated
Comment on lines 895 to 896
ConnectionEvent::ListenUpgradeError(e) => {
if matches!(e.error.1, RPCError::InvalidData(_)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you don't need the nested matches Akihito, you can do:

Suggested change
ConnectionEvent::ListenUpgradeError(e) => {
if matches!(e.error.1, RPCError::InvalidData(_)) {
ConnectionEvent::ListenUpgradeError(ListenUpgradeError {
error: (_, RPCError::IoError(_)),
..
}) => {

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Refactored in 7e09c47

beacon_node/lighthouse_network/src/rpc/protocol.rs
@@ -652,7 +652,7 @@ where
E: EthSpec,
{
type Output = InboundOutput<TSocket, E>;
type Error = RPCError;
type Error = (Protocol, RPCError);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why use a tuple instead of putting the Protocol inside RPCError?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw a struct that has Protocol and RPCError as separate fields like this, and I thought it was a reasonable way to represent what the error is and where it happened separately:

lighthouse/beacon_node/lighthouse_network/src/rpc/handler.rs

Lines 938 to 946 in c56c63e

self.events_out.push(HandlerEvent::Err(HandlerErr::Inbound {
id: self.current_inbound_substream_id,
proto: Protocol::BlocksByRange,
error: RPCError::InvalidData(format!(
"requested exceeded limit. allowed: {}, requested: {}",
max_allowed,
request.count()
)),
}));

@ackintosh ackintosh added ready-for-review The code is ready for review and removed waiting-on-author The reviewer has suggested changes and awaits thier implementation. labels Jul 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jxs jxs jxs left review comments

Assignees
No one assigned
Labels
Networking ready-for-review The code is ready for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ackintosh @jxs