Merge pull request #16109 from karalabe/p2p-bond-check

karalabe · web-flow · commit 9fd76e33af36 · 2018-02-17T18:47:44.000+02:00
p2p/discover: validate bond against lastpong, not db presence
diff --git a/p2p/discover/database.go b/p2p/discover/database.go
@@ -257,7 +257,7 @@ func (db *nodeDB) expireNodes() error {
 		}
 		// Skip the node if not expired yet (and not self)
 		if !bytes.Equal(id[:], db.self[:]) {
-			if seen := db.lastPong(id); seen.After(threshold) {
+			if seen := db.bondTime(id); seen.After(threshold) {
 				continue
 			}
 		}
@@ -278,13 +278,18 @@ func (db *nodeDB) updateLastPing(id NodeID, instance time.Time) error {
 	return db.storeInt64(makeKey(id, nodeDBDiscoverPing), instance.Unix())
 }
 
-// lastPong retrieves the time of the last successful contact from remote node.
-func (db *nodeDB) lastPong(id NodeID) time.Time {
+// bondTime retrieves the time of the last successful pong from remote node.
+func (db *nodeDB) bondTime(id NodeID) time.Time {
 	return time.Unix(db.fetchInt64(makeKey(id, nodeDBDiscoverPong)), 0)
 }
 
-// updateLastPong updates the last time a remote node successfully contacted.
-func (db *nodeDB) updateLastPong(id NodeID, instance time.Time) error {
+// hasBond reports whether the given node is considered bonded.
+func (db *nodeDB) hasBond(id NodeID) bool {
+	return time.Since(db.bondTime(id)) < nodeDBNodeExpiration
+}
+
+// updateBondTime updates the last pong time of a node.
+func (db *nodeDB) updateBondTime(id NodeID, instance time.Time) error {
 	return db.storeInt64(makeKey(id, nodeDBDiscoverPong), instance.Unix())
 }
 
@@ -327,7 +332,7 @@ seek:
 		if n.ID == db.self {
 			continue seek
 		}
-		if now.Sub(db.lastPong(n.ID)) > maxAge {
+		if now.Sub(db.bondTime(n.ID)) > maxAge {
 			continue seek
 		}
 		for i := range nodes {
diff --git a/p2p/discover/database_test.go b/p2p/discover/database_test.go
@@ -125,13 +125,13 @@ func TestNodeDBFetchStore(t *testing.T) {
 		t.Errorf("ping: value mismatch: have %v, want %v", stored, inst)
 	}
 	// Check fetch/store operations on a node pong object
-	if stored := db.lastPong(node.ID); stored.Unix() != 0 {
+	if stored := db.bondTime(node.ID); stored.Unix() != 0 {
 		t.Errorf("pong: non-existing object: %v", stored)
 	}
-	if err := db.updateLastPong(node.ID, inst); err != nil {
+	if err := db.updateBondTime(node.ID, inst); err != nil {
 		t.Errorf("pong: failed to update: %v", err)
 	}
-	if stored := db.lastPong(node.ID); stored.Unix() != inst.Unix() {
+	if stored := db.bondTime(node.ID); stored.Unix() != inst.Unix() {
 		t.Errorf("pong: value mismatch: have %v, want %v", stored, inst)
 	}
 	// Check fetch/store operations on a node findnode-failure object
@@ -224,8 +224,8 @@ func TestNodeDBSeedQuery(t *testing.T) {
 		if err := db.updateNode(seed.node); err != nil {
 			t.Fatalf("node %d: failed to insert: %v", i, err)
 		}
-		if err := db.updateLastPong(seed.node.ID, seed.pong); err != nil {
-			t.Fatalf("node %d: failed to insert lastPong: %v", i, err)
+		if err := db.updateBondTime(seed.node.ID, seed.pong); err != nil {
+			t.Fatalf("node %d: failed to insert bondTime: %v", i, err)
 		}
 	}
 
@@ -332,8 +332,8 @@ func TestNodeDBExpiration(t *testing.T) {
 		if err := db.updateNode(seed.node); err != nil {
 			t.Fatalf("node %d: failed to insert: %v", i, err)
 		}
-		if err := db.updateLastPong(seed.node.ID, seed.pong); err != nil {
-			t.Fatalf("node %d: failed to update pong: %v", i, err)
+		if err := db.updateBondTime(seed.node.ID, seed.pong); err != nil {
+			t.Fatalf("node %d: failed to update bondTime: %v", i, err)
 		}
 	}
 	// Expire some of them, and check the rest
@@ -365,8 +365,8 @@ func TestNodeDBSelfExpiration(t *testing.T) {
 		if err := db.updateNode(seed.node); err != nil {
 			t.Fatalf("node %d: failed to insert: %v", i, err)
 		}
-		if err := db.updateLastPong(seed.node.ID, seed.pong); err != nil {
-			t.Fatalf("node %d: failed to update pong: %v", i, err)
+		if err := db.updateBondTime(seed.node.ID, seed.pong); err != nil {
+			t.Fatalf("node %d: failed to update bondTime: %v", i, err)
 		}
 	}
 	// Expire the nodes and make sure self has been evacuated too
diff --git a/p2p/discover/table.go b/p2p/discover/table.go
@@ -455,7 +455,7 @@ func (tab *Table) loadSeedNodes(bond bool) {
 	}
 	for i := range seeds {
 		seed := seeds[i]
-		age := log.Lazy{Fn: func() interface{} { return time.Since(tab.db.lastPong(seed.ID)) }}
+		age := log.Lazy{Fn: func() interface{} { return time.Since(tab.db.bondTime(seed.ID)) }}
 		log.Debug("Found seed node in database", "id", seed.ID, "addr", seed.addr(), "age", age)
 		tab.add(seed)
 	}
@@ -596,7 +596,7 @@ func (tab *Table) bond(pinged bool, id NodeID, addr *net.UDPAddr, tcpPort uint16
 	}
 	// Start bonding if we haven't seen this node for a while or if it failed findnode too often.
 	node, fails := tab.db.node(id), tab.db.findFails(id)
-	age := time.Since(tab.db.lastPong(id))
+	age := time.Since(tab.db.bondTime(id))
 	var result error
 	if fails > 0 || age > nodeDBNodeExpiration {
 		log.Trace("Starting bonding ping/pong", "id", id, "known", node != nil, "failcount", fails, "age", age)
@@ -663,7 +663,7 @@ func (tab *Table) ping(id NodeID, addr *net.UDPAddr) error {
 	if err := tab.net.ping(id, addr); err != nil {
 		return err
 	}
-	tab.db.updateLastPong(id, time.Now())
+	tab.db.updateBondTime(id, time.Now())
 	return nil
 }
 
diff --git a/p2p/discover/udp.go b/p2p/discover/udp.go
@@ -613,7 +613,7 @@ func (req *findnode) handle(t *udp, from *net.UDPAddr, fromID NodeID, mac []byte
 	if expired(req.Expiration) {
 		return errExpired
 	}
-	if t.db.node(fromID) == nil {
+	if !t.db.hasBond(fromID) {
 		// No bond exists, we don't process the packet. This prevents
 		// an attack vector where the discovery protocol could be used
 		// to amplify traffic in a DDOS attack. A malicious actor
diff --git a/p2p/discover/udp_test.go b/p2p/discover/udp_test.go
@@ -247,12 +247,8 @@ func TestUDP_findnode(t *testing.T) {
 
 	// ensure there's a bond with the test node,
 	// findnode won't be accepted otherwise.
-	test.table.db.updateNode(NewNode(
-		PubkeyID(&test.remotekey.PublicKey),
-		test.remoteaddr.IP,
-		uint16(test.remoteaddr.Port),
-		99,
-	))
+	test.table.db.updateBondTime(PubkeyID(&test.remotekey.PublicKey), time.Now())
+
 	// check that closest neighbors are returned.
 	test.packetIn(nil, findnodePacket, &findnode{Target: testTarget, Expiration: futureExp})
 	expected := test.table.closest(targetHash, bucketSize)

Original file line number	Diff line number	Diff line change
`@@ -257,7 +257,7 @@ func (db *nodeDB) expireNodes() error {`
`257`	`257`	`}`
`258`	`258`	`// Skip the node if not expired yet (and not self)`
`259`	`259`	`if !bytes.Equal(id[:], db.self[:]) {`
`260`		`- if seen := db.lastPong(id); seen.After(threshold) {`
	`260`	`+ if seen := db.bondTime(id); seen.After(threshold) {`
`261`	`261`	`continue`
`262`	`262`	`}`
`263`	`263`	`}`
`@@ -278,13 +278,18 @@ func (db *nodeDB) updateLastPing(id NodeID, instance time.Time) error {`
`278`	`278`	`return db.storeInt64(makeKey(id, nodeDBDiscoverPing), instance.Unix())`
`279`	`279`	`}`
`280`	`280`
`281`		`-// lastPong retrieves the time of the last successful contact from remote node.`
`282`		`-func (db *nodeDB) lastPong(id NodeID) time.Time {`
	`281`	`+// bondTime retrieves the time of the last successful pong from remote node.`
	`282`	`+func (db *nodeDB) bondTime(id NodeID) time.Time {`
`283`	`283`	`return time.Unix(db.fetchInt64(makeKey(id, nodeDBDiscoverPong)), 0)`
`284`	`284`	`}`
`285`	`285`
`286`		`-// updateLastPong updates the last time a remote node successfully contacted.`
`287`		`-func (db *nodeDB) updateLastPong(id NodeID, instance time.Time) error {`
	`286`	`+// hasBond reports whether the given node is considered bonded.`
	`287`	`+func (db *nodeDB) hasBond(id NodeID) bool {`
	`288`	`+ return time.Since(db.bondTime(id)) < nodeDBNodeExpiration`
	`289`	`+}`
	`290`	`+`
	`291`	`+// updateBondTime updates the last pong time of a node.`
	`292`	`+func (db *nodeDB) updateBondTime(id NodeID, instance time.Time) error {`
`288`	`293`	`return db.storeInt64(makeKey(id, nodeDBDiscoverPong), instance.Unix())`
`289`	`294`	`}`
`290`	`295`
`@@ -327,7 +332,7 @@ seek:`
`327`	`332`	`if n.ID == db.self {`
`328`	`333`	`continue seek`
`329`	`334`	`}`
`330`		`- if now.Sub(db.lastPong(n.ID)) > maxAge {`
	`335`	`+ if now.Sub(db.bondTime(n.ID)) > maxAge {`
`331`	`336`	`continue seek`
`332`	`337`	`}`
`333`	`338`	`for i := range nodes {`
Original file line number	Diff line number	Diff line change
`@@ -125,13 +125,13 @@ func TestNodeDBFetchStore(t *testing.T) {`
`125`	`125`	`t.Errorf("ping: value mismatch: have %v, want %v", stored, inst)`
`126`	`126`	`}`
`127`	`127`	`// Check fetch/store operations on a node pong object`
`128`		`- if stored := db.lastPong(node.ID); stored.Unix() != 0 {`
	`128`	`+ if stored := db.bondTime(node.ID); stored.Unix() != 0 {`
`129`	`129`	`t.Errorf("pong: non-existing object: %v", stored)`
`130`	`130`	`}`
`131`		`- if err := db.updateLastPong(node.ID, inst); err != nil {`
	`131`	`+ if err := db.updateBondTime(node.ID, inst); err != nil {`
`132`	`132`	`t.Errorf("pong: failed to update: %v", err)`
`133`	`133`	`}`
`134`		`- if stored := db.lastPong(node.ID); stored.Unix() != inst.Unix() {`
	`134`	`+ if stored := db.bondTime(node.ID); stored.Unix() != inst.Unix() {`
`135`	`135`	`t.Errorf("pong: value mismatch: have %v, want %v", stored, inst)`
`136`	`136`	`}`
`137`	`137`	`// Check fetch/store operations on a node findnode-failure object`
`@@ -224,8 +224,8 @@ func TestNodeDBSeedQuery(t *testing.T) {`
`224`	`224`	`if err := db.updateNode(seed.node); err != nil {`
`225`	`225`	`t.Fatalf("node %d: failed to insert: %v", i, err)`
`226`	`226`	`}`
`227`		`- if err := db.updateLastPong(seed.node.ID, seed.pong); err != nil {`
`228`		`- t.Fatalf("node %d: failed to insert lastPong: %v", i, err)`
	`227`	`+ if err := db.updateBondTime(seed.node.ID, seed.pong); err != nil {`
	`228`	`+ t.Fatalf("node %d: failed to insert bondTime: %v", i, err)`
`229`	`229`	`}`
`230`	`230`	`}`
`231`	`231`
`@@ -332,8 +332,8 @@ func TestNodeDBExpiration(t *testing.T) {`
`332`	`332`	`if err := db.updateNode(seed.node); err != nil {`
`333`	`333`	`t.Fatalf("node %d: failed to insert: %v", i, err)`
`334`	`334`	`}`
`335`		`- if err := db.updateLastPong(seed.node.ID, seed.pong); err != nil {`
`336`		`- t.Fatalf("node %d: failed to update pong: %v", i, err)`
	`335`	`+ if err := db.updateBondTime(seed.node.ID, seed.pong); err != nil {`
	`336`	`+ t.Fatalf("node %d: failed to update bondTime: %v", i, err)`
`337`	`337`	`}`
`338`	`338`	`}`
`339`	`339`	`// Expire some of them, and check the rest`
`@@ -365,8 +365,8 @@ func TestNodeDBSelfExpiration(t *testing.T) {`
`365`	`365`	`if err := db.updateNode(seed.node); err != nil {`
`366`	`366`	`t.Fatalf("node %d: failed to insert: %v", i, err)`
`367`	`367`	`}`
`368`		`- if err := db.updateLastPong(seed.node.ID, seed.pong); err != nil {`
`369`		`- t.Fatalf("node %d: failed to update pong: %v", i, err)`
	`368`	`+ if err := db.updateBondTime(seed.node.ID, seed.pong); err != nil {`
	`369`	`+ t.Fatalf("node %d: failed to update bondTime: %v", i, err)`
`370`	`370`	`}`
`371`	`371`	`}`
`372`	`372`	`// Expire the nodes and make sure self has been evacuated too`
Original file line number	Diff line number	Diff line change
`@@ -455,7 +455,7 @@ func (tab *Table) loadSeedNodes(bond bool) {`
`455`	`455`	`}`
`456`	`456`	`for i := range seeds {`
`457`	`457`	`seed := seeds[i]`
`458`		`- age := log.Lazy{Fn: func() interface{} { return time.Since(tab.db.lastPong(seed.ID)) }}`
	`458`	`+ age := log.Lazy{Fn: func() interface{} { return time.Since(tab.db.bondTime(seed.ID)) }}`
`459`	`459`	`log.Debug("Found seed node in database", "id", seed.ID, "addr", seed.addr(), "age", age)`
`460`	`460`	`tab.add(seed)`
`461`	`461`	`}`
`@@ -596,7 +596,7 @@ func (tab Table) bond(pinged bool, id NodeID, addr net.UDPAddr, tcpPort uint16`
`596`	`596`	`}`
`597`	`597`	`// Start bonding if we haven't seen this node for a while or if it failed findnode too often.`
`598`	`598`	`node, fails := tab.db.node(id), tab.db.findFails(id)`
`599`		`- age := time.Since(tab.db.lastPong(id))`
	`599`	`+ age := time.Since(tab.db.bondTime(id))`
`600`	`600`	`var result error`
`601`	`601`	`if fails > 0 \|\| age > nodeDBNodeExpiration {`
`602`	`602`	`log.Trace("Starting bonding ping/pong", "id", id, "known", node != nil, "failcount", fails, "age", age)`
`@@ -663,7 +663,7 @@ func (tab Table) ping(id NodeID, addr net.UDPAddr) error {`
`663`	`663`	`if err := tab.net.ping(id, addr); err != nil {`
`664`	`664`	`return err`
`665`	`665`	`}`
`666`		`- tab.db.updateLastPong(id, time.Now())`
	`666`	`+ tab.db.updateBondTime(id, time.Now())`
`667`	`667`	`return nil`
`668`	`668`	`}`
`669`	`669`
Original file line number	Diff line number	Diff line change
`@@ -613,7 +613,7 @@ func (req findnode) handle(t udp, from *net.UDPAddr, fromID NodeID, mac []byte`
`613`	`613`	`if expired(req.Expiration) {`
`614`	`614`	`return errExpired`
`615`	`615`	`}`
`616`		`- if t.db.node(fromID) == nil {`
	`616`	`+ if !t.db.hasBond(fromID) {`
`617`	`617`	`// No bond exists, we don't process the packet. This prevents`
`618`	`618`	`// an attack vector where the discovery protocol could be used`
`619`	`619`	`// to amplify traffic in a DDOS attack. A malicious actor`