This repository has been archived by the owner on Sep 26, 2019. It is now read-only.
[PAN-1683] Limit the fraction of wire connections initiated by peers #1665
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To protect against eclipse attacks, we should not allow all of our wire connections to be initiated from network peers. Some fraction of wire connections should be initiated by our node by connecting to peers in our discovery peer table. This PR ensures the fraction abides the limit.
…limit-fraction-remote-wire-connections
…limit-fraction-remote-wire-connections
AbdelStark
added
security
- add a cli option to configure the fraction: `--fraction-remote-connections-allowed` - introduce `Fraction` class to handle the conversion of the CLI option to a double and check if the value is between 0.0 and 1.0 - add tests - fix broken tests
…limit-fraction-remote-wire-connections
AbdelStark
requested review from
NicolasMassart,
mbaxter,
ajsutton,
shemnon and
RatanRSur
and removed request for
NicolasMassart and
mbaxter
shemnon
reviewed
Jul 11, 2019
ethereum/p2p/src/main/java/tech/pegasys/pantheon/ethereum/p2p/rlpx/RlpxAgent.java
Outdated
Show resolved
Hide resolved
shemnon
reviewed
Jul 11, 2019
ethereum/p2p/src/main/java/tech/pegasys/pantheon/ethereum/p2p/rlpx/RlpxAgent.java
Outdated
Show resolved
Hide resolved
shemnon
reviewed
Jul 11, 2019
ethereum/p2p/src/main/java/tech/pegasys/pantheon/ethereum/p2p/rlpx/RlpxAgent.java
Outdated
Show resolved
Hide resolved
shemnon
reviewed
Jul 11, 2019
ethereum/p2p/src/main/java/tech/pegasys/pantheon/ethereum/p2p/rlpx/RlpxAgent.java
Outdated
Show resolved
Hide resolved
…rlpx/RlpxAgent.java Co-Authored-By: Danno Ferrin <[email protected]>
…rlpx/RlpxAgent.java Co-Authored-By: Danno Ferrin <[email protected]>
…rlpx/RlpxAgent.java Co-Authored-By: Danno Ferrin <[email protected]>
shemnon
reviewed
Jul 11, 2019
| @@ -236,6 +237,21 @@ void setBootnodes(final List<String> values) { | |||
| "Maximum P2P peer connections that can be established (default: ${DEFAULT-VALUE})") | |||
| private final Integer maxPeers = DEFAULT_MAX_PEERS; | |||
|
|
|||
| @Option( | |||
There was a problem hiding this comment.
I think these names need a once over for UX. I opened PIE-1766 to cover that.
shemnon
approved these changes
Jul 11, 2019
AbdelStark
deleted the
feature/pan-1683-limit-fraction-remote-wire-connections
branch
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR description
To protect against eclipse attacks, we should not allow all of our wire connections to be initiated from network peers. Some fraction of wire connections should be initiated by our node by connecting to peers in our discovery peer table. This PR ensures the fraction abides the limit.
RlpxAgentchecks thefractionRemoteConnectionsAllowedinhandleIncomingConnectionmethod--fraction-remote-connections-allowedFractionclass to handle the conversion of the CLI option to a double and check if the value is between 0.0 and 1.0--limit-remote-wire-connections-enabledFixed Issue(s)