identify: Improve identify message decoding #379
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>
Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>
Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>
Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>
dmitry-markin
approved these changes
Apr 25, 2025
Comment on lines
+345
to
+357
| // The check ensures the provided public key is the same one as the | ||
| // one exchanged during the connection establishment. | ||
| if let Some(public_key) = &info.public_key { | ||
| let public_key = PublicKey::from_protobuf_encoding(&public_key).map_err(|err| { | ||
| tracing::debug!(target: LOG_TARGET, ?peer, ?err, "peer identified provided undecodable public key"); | ||
| err | ||
| })?; | ||
|
|
||
| if public_key.to_peer_id() != peer { | ||
| tracing::debug!(target: LOG_TARGET, ?peer, "peer identified provided invalid public key"); | ||
| return Err(Error::InvalidData); | ||
| } | ||
| } |
There was a problem hiding this comment.
I don't think we need to waste CPU cycles on checking this, as obviously the remote possesses the public key if it is communicating to us over an encrypted noise channel. And it's not our responsibility to check for bugs in the remote implementation of the public key serialization to the Identify message.
There was a problem hiding this comment.
Had a look at the CPU info reported by substrate_tasks_polling_duration_sum and the dashboards look more or less the same, I expect this will be negligible
There was a problem hiding this comment.
I still don't see a point in checking this if we don't use this info.
Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>
Co-authored-by: Dmitry Markin <dmitry@markin.tech>
Co-authored-by: Dmitry Markin <dmitry@markin.tech>
lexnv
added a commit
that referenced
this pull request
Apr 28, 2025
Squashed commit of the following: commit b33cb09 Merge: 291e1e7 6ad2161 Author: Alexandru Vasile <60601340+lexnv@users.noreply.github.com> Date: Mon Apr 28 17:55:51 2025 +0300 Merge branch 'master' into lexnv/identify-checks commit 291e1e7 Merge: 27a6f3d 48d540d Author: Alexandru Vasile <60601340+lexnv@users.noreply.github.com> Date: Mon Apr 28 13:02:58 2025 +0300 Merge branch 'master' into lexnv/identify-checks commit 27a6f3d Author: Alexandru Vasile <60601340+lexnv@users.noreply.github.com> Date: Mon Apr 28 13:02:52 2025 +0300 Update src/protocol/libp2p/identify.rs Co-authored-by: Dmitry Markin <dmitry@markin.tech> commit 1391075 Author: Alexandru Vasile <60601340+lexnv@users.noreply.github.com> Date: Mon Apr 28 13:02:34 2025 +0300 Update src/protocol/libp2p/identify.rs Co-authored-by: Dmitry Markin <dmitry@markin.tech> commit f4b0c6b Author: Alexandru Vasile <alexandru.vasile@parity.io> Date: Mon Apr 28 13:01:01 2025 +0300 identify: Update expect message Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io> commit 0199557 Author: Alexandru Vasile <alexandru.vasile@parity.io> Date: Thu Apr 24 17:05:37 2025 +0300 identify: Add more debug logs Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io> commit 3d4c886 Author: Alexandru Vasile <alexandru.vasile@parity.io> Date: Wed Apr 23 20:00:56 2025 +0300 identify: Ensure the observed address coresponds to us Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io> commit c8752c2 Author: Alexandru Vasile <alexandru.vasile@parity.io> Date: Wed Apr 23 19:53:05 2025 +0300 identify: Check the provided address ends with the peer ID Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io> commit 51ab40b Author: Alexandru Vasile <alexandru.vasile@parity.io> Date: Wed Apr 23 19:48:42 2025 +0300 identify: Verify provided public key Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io> Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>
This was referenced Apr 29, 2025
lexnv
added a commit
that referenced
this pull request
May 1, 2025
## [0.9.4] - 2025-04-29 This release brings several improvements and fixes to litep2p, advancing its stability and readiness for production use. ### Performance Improvements This release addresses an issue where notification protocols failed to exit on handle drop, lowering CPU usage in scenarios like minimal-relay-chains from 7% to 0.1%. ### Robustness Improvements - Kademlia: - Optimized address store by sorting addresses based on dialing score, bounding memory consumption and improving efficiency. - Limited `FIND_NODE` responses to the replication factor, reducing data stored in the routing table. - Address store improvements enhance robustness against routing table alterations. - Identify Codec: - Enhanced message decoding to manage malformed or unexpected messages gracefully. - Bitswap: - Introduced a write timeout for sending frames, preventing protocol hangs or delays. ### Testing and Reliability - Fuzzing Harness: Added a fuzzing harness by SRLabs to uncover and resolve potential issues, improving code robustness. Thanks to @R9295 for the contribution! - Testing Enhancements: Improved notification state machine testing. Thanks to Dominique (@Imod7) for the contribution! ### Dependency Management - Updated all dependencies for stable feature flags (default and "websocket") to their latest versions. - Reorganized dependencies under specific feature flags, shrinking the default feature set and avoiding exposure of outdated dependencies from experimental features. ### Fixed - notifications: Exit protocols on handle drop to save up CPU of `minimal-relay-chains` ([#376](#376)) - identify: Improve identify message decoding ([#379](#379)) - crypto/noise: Set timeout limits for the noise handshake ([#373](#373)) - kad: Improve robustness of addresses from the routing table ([#369](#369)) - kad: Bound kademlia messages to the replication factor ([#371](#371)) - codec: Decode smaller payloads for identity to None ([#362](#362)) ### Added - bitswap: Add write timeout for sending frames ([#361](#361)) - notif/tests: check test state ([#360](#360)) - SRLabs: Introduce simple fuzzing harness ([#367](#367)) - SRLabs: Introduce Fuzzing Harness ([#365](#365)) ### Changed - features: Move quic related dependencies under feature flag ([#359](#359)) - tests/substrate: Remove outdated substrate specific conformace testing ([#370](#370)) - ci: Update stable dependencies ([#375](#375)) - build(deps): bump hex-literal from 0.4.1 to 1.0.0 ([#381](#381)) - build(deps): bump tokio from 1.44.1 to 1.44.2 in /fuzz/structure-aware ([#378](#378)) - build(deps): bump Swatinem/rust-cache from 2.7.7 to 2.7.8 ([#363](#363)) - build(deps): bump tokio from 1.43.0 to 1.43.1 ([#368](#368)) - build(deps): bump openssl from 0.10.70 to 0.10.72 ([#366](#366)) --------- Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>
github-merge-queue bot
pushed a commit
to paritytech/polkadot-sdk
that referenced
this pull request
May 1, 2025
# Litep2p Release This release brings several improvements and fixes to litep2p, advancing its stability and readiness for production use. ### Performance Improvements This release addresses an issue where notification protocols failed to exit on handle drop, lowering CPU usage in scenarios like minimal-relay-chains from 7% to 0.1%. ### Robustness Improvements - Kademlia: - Optimized address store by sorting addresses based on dialing score, bounding memory consumption and improving efficiency. - Limited `FIND_NODE` responses to the replication factor, reducing data stored in the routing table. - Address store improvements enhance robustness against routing table alterations. - Identify Codec: - Enhanced message decoding to manage malformed or unexpected messages gracefully. - Bitswap: - Introduced a write timeout for sending frames, preventing protocol hangs or delays. ### Testing and Reliability - Fuzzing Harness: Added a fuzzing harness by SRLabs to uncover and resolve potential issues, improving code robustness. Thanks to @R9295 for the contribution! - Testing Enhancements: Improved notification state machine testing. Thanks to Dominique (@Imod7) for the contribution! ### Dependency Management - Updated all dependencies for stable feature flags (default and "websocket") to their latest versions. - Reorganized dependencies under specific feature flags, shrinking the default feature set and avoiding exposure of outdated dependencies from experimental features. ### Fixed - notifications: Exit protocols on handle drop to save up CPU of `minimal-relay-chains` ([#376](paritytech/litep2p#376)) - identify: Improve identify message decoding ([#379](paritytech/litep2p#379)) - crypto/noise: Set timeout limits for the noise handshake ([#373](paritytech/litep2p#373)) - kad: Improve robustness of addresses from the routing table ([#369](paritytech/litep2p#369)) - kad: Bound kademlia messages to the replication factor ([#371](paritytech/litep2p#371)) - codec: Decode smaller payloads for identity to None ([#362](paritytech/litep2p#362)) ### Added - bitswap: Add write timeout for sending frames ([#361](paritytech/litep2p#361)) - notif/tests: check test state ([#360](paritytech/litep2p#360)) - SRLabs: Introduce simple fuzzing harness ([#367](paritytech/litep2p#367)) - SRLabs: Introduce Fuzzing Harness ([#365](paritytech/litep2p#365)) ### Changed - features: Move quic related dependencies under feature flag ([#359](paritytech/litep2p#359)) - tests/substrate: Remove outdated substrate specific conformace testing ([#370](paritytech/litep2p#370)) - ci: Update stable dependencies ([#375](paritytech/litep2p#375)) - build(deps): bump hex-literal from 0.4.1 to 1.0.0 ([#381](paritytech/litep2p#381)) - build(deps): bump tokio from 1.44.1 to 1.44.2 in /fuzz/structure-aware ([#378](paritytech/litep2p#378)) - build(deps): bump Swatinem/rust-cache from 2.7.7 to 2.7.8 ([#363](paritytech/litep2p#363)) - build(deps): bump tokio from 1.43.0 to 1.43.1 ([#368](paritytech/litep2p#368)) - build(deps): bump openssl from 0.10.70 to 0.10.72 ([#366](paritytech/litep2p#366)) --------- Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io> Co-authored-by: Dmitry Markin <dmitry@markin.tech>
castillax
pushed a commit
to paritytech/polkadot-sdk
that referenced
this pull request
May 12, 2025
# Litep2p Release This release brings several improvements and fixes to litep2p, advancing its stability and readiness for production use. ### Performance Improvements This release addresses an issue where notification protocols failed to exit on handle drop, lowering CPU usage in scenarios like minimal-relay-chains from 7% to 0.1%. ### Robustness Improvements - Kademlia: - Optimized address store by sorting addresses based on dialing score, bounding memory consumption and improving efficiency. - Limited `FIND_NODE` responses to the replication factor, reducing data stored in the routing table. - Address store improvements enhance robustness against routing table alterations. - Identify Codec: - Enhanced message decoding to manage malformed or unexpected messages gracefully. - Bitswap: - Introduced a write timeout for sending frames, preventing protocol hangs or delays. ### Testing and Reliability - Fuzzing Harness: Added a fuzzing harness by SRLabs to uncover and resolve potential issues, improving code robustness. Thanks to @R9295 for the contribution! - Testing Enhancements: Improved notification state machine testing. Thanks to Dominique (@Imod7) for the contribution! ### Dependency Management - Updated all dependencies for stable feature flags (default and "websocket") to their latest versions. - Reorganized dependencies under specific feature flags, shrinking the default feature set and avoiding exposure of outdated dependencies from experimental features. ### Fixed - notifications: Exit protocols on handle drop to save up CPU of `minimal-relay-chains` ([#376](paritytech/litep2p#376)) - identify: Improve identify message decoding ([#379](paritytech/litep2p#379)) - crypto/noise: Set timeout limits for the noise handshake ([#373](paritytech/litep2p#373)) - kad: Improve robustness of addresses from the routing table ([#369](paritytech/litep2p#369)) - kad: Bound kademlia messages to the replication factor ([#371](paritytech/litep2p#371)) - codec: Decode smaller payloads for identity to None ([#362](paritytech/litep2p#362)) ### Added - bitswap: Add write timeout for sending frames ([#361](paritytech/litep2p#361)) - notif/tests: check test state ([#360](paritytech/litep2p#360)) - SRLabs: Introduce simple fuzzing harness ([#367](paritytech/litep2p#367)) - SRLabs: Introduce Fuzzing Harness ([#365](paritytech/litep2p#365)) ### Changed - features: Move quic related dependencies under feature flag ([#359](paritytech/litep2p#359)) - tests/substrate: Remove outdated substrate specific conformace testing ([#370](paritytech/litep2p#370)) - ci: Update stable dependencies ([#375](paritytech/litep2p#375)) - build(deps): bump hex-literal from 0.4.1 to 1.0.0 ([#381](paritytech/litep2p#381)) - build(deps): bump tokio from 1.44.1 to 1.44.2 in /fuzz/structure-aware ([#378](paritytech/litep2p#378)) - build(deps): bump Swatinem/rust-cache from 2.7.7 to 2.7.8 ([#363](paritytech/litep2p#363)) - build(deps): bump tokio from 1.43.0 to 1.43.1 ([#368](paritytech/litep2p#368)) - build(deps): bump openssl from 0.10.70 to 0.10.72 ([#366](paritytech/litep2p#366)) --------- Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io> Co-authored-by: Dmitry Markin <dmitry@markin.tech>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR improves the decoding of the identify messages by checking the following:
Testing Done
cc @paritytech/networking