Score and drop misbehaving peer connections #9111
Labels
A-network
Area: Network protocol updates or fixes
C-bug
Category: This is a bug
C-enhancement
Category: This is an improvement
C-feature
Category: New features
C-security
Category: Security issues
I-heavy
Problems with excessive memory, disk, or CPU usage
I-invalid-data
Zebra relies on invalid or untrusted data, or sends invalid data
P-Medium ⚡
Milestone
Motivation
It's currently trivial to modify or configure Zebra or zcashd so that the node doesn't follow the consensus rules on Mainnet or the default Testnet.
This is mitigated while there are many zcashd nodes in the network because zcashd tracks a "bad score" which is incremented when a peer misbehaves (e.g. gossiping semantically invalid mempool transactions or blocks).
Zebra will need a similar mechanism before it becomes the only node implementation on the network.
Design
Overview
Advertisement of semantically invalid blocks or mempool transactions by peer connections should be considered misbehaviour and should be scored.
Excessive misbehaviour should result in a peer connection being dropped and its IP being banned from re-connecting to the Zebra node.
Bans should eventually expire, and there should be a limit on how many IPs are banned from connecting to a Zebra node at any given time.
Update Address Book
misbehavior_score
field toMetaAddr
MetaAddrChange
for incrementing the misbehaviour score,AddressBook::update()
method to apply that change,GetAddr
requests with addresses of misbehaving peers,Update
zebra-network
Typesadvertisers
field of typeVec<SocketAddr>
to theTransactions
andBlocks
variants ofzebra_network::Response
,HashMap<SocketAddr, MisbehaviorScore>
as fields onPeerSet
Request
variant to be used byChainSync
and the mempool'sDownloads
stream to report advertisers of semantically invalid blocks or mempool transactions, andPeerSet
's misbehaviour score mapCall
PeerSet
With Misbehaving Peer Addresseshandle_block_response()
and wherever else blocks are sent to the block verifier, andDownloads
stream.The text was updated successfully, but these errors were encountered: