feat: add peer-ids to blacklist using sysctl #1554
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Bencher Report| Branch | feat/sysctl/peer-id-blacklist |
| Testbed | ubuntu-22.04 |
🚨 1 Alert
| Benchmark | Measure Units | View | Benchmark Result (Result Δ%) | Lower Boundary (Limit %) |
|---|---|---|---|---|
| sync-v2 (up to 20000 blocks) | Latency minutes (m) | 📈 plot 🚷 threshold 🚨 alert (🔔) | 1.38 m(-19.62%)Baseline: 1.72 m | 1.54 m (111.97%) |
Click to view all benchmark results
| Benchmark | Latency | Benchmark Result minutes (m) (Result Δ%) | Lower Boundary minutes (m) (Limit %) | Upper Boundary minutes (m) (Limit %) |
|---|---|---|---|---|
| sync-v2 (up to 20000 blocks) | 📈 view plot 🚷 view threshold 🚨 view alert (🔔) | 1.38 m(-19.62%)Baseline: 1.72 m | 1.54 m (111.97%) | 2.06 m (66.98%) |
luislhl
force-pushed
the
feat/sysctl/peer-id-blacklist
branch
from
ebde188 to
73cc599
Compare
luislhl
force-pushed
the
feat/sysctl/peer-id-blacklist
branch
from
73cc599 to
87d1c04
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
An easy way to dynamically add peer-ids to our blacklist was needed to block some misbehaving peers.
Although we have the
/p2p/netfilterendpoint built in #484, it's more generic and more low level, requiring the user to know about chain names, rule names, keep the uuid of created rules when deleting them, etc.The sysctl command aims to be a simpler/quicker way to add peer-ids to the blacklist, and it works well with the current
p2p.kill_connectionsysctl command (because neither this new command nor the existing endpoint will disconnect the peer-ids after adding to the blacklist, in case it's connected already).Acceptance Criteria
p2p.blacklist.add_peers,p2p.blacklist.remove_peersandp2p.blacklist.list_peers--peer-id-blacklistcli arg to make them persist in each needed fullnode.TODO
Checklist
master, confirm this code is production-ready and can be included in future releases as soon as it gets merged