p2p: limit node per single IP

[r8d8]

Countermeasure 2 for eclipse attack

[tzdybal]

Reviewed 3 of 3 files at r1.
Review status: all files reviewed at latest revision, 6 unresolved discussions, some commit checks failed.

---

p2p/discover/table.go, line 148 at r1 (raw file):

		}
	}
	for i := range tab.buckets {

Old loop needs to be removed, as it overwrites the buckets with initialized ips.

---

p2p/discover/table.go, line 148 at r1 (raw file):

		}
	}
	for i := range tab.buckets {

I can't see the initialization of tab.buckets - where is it? what's the size of the slice?

---

p2p/discover/table_test.go, line 173 at r1 (raw file):

		n := nodeAtDistance(tab.self.sha, d)
		n.IP = net.IP{172, 0, 1, byte(i)}
		tab.add(n)

what about the "ping" functionality from tab.add?

---

p2p/distip/net.go, line 23 at r1 (raw file):

// number of existing IPs in the defined range exceeds the limit.
func (s *DistinctNetSet) Add(ip net.IP) bool {
	key := s.key(ip)

stringify key here, once. We don't need key in original form.

---

p2p/distip/net.go, line 34 at r1 (raw file):

// Remove removes an IP from the set.
func (s *DistinctNetSet) Remove(ip net.IP) {
	key := s.key(ip)

Same here. We can convert key to string once, before assigning to variable.

---

p2p/distip/net.go, line 53 at r1 (raw file):

// Len returns the number of tracked IPs.
func (s DistinctNetSet) Len() int {
	n := uint(0)

Why uint and int?

---

Comments from Reviewable

[r8d8]

Review status: 1 of 3 files reviewed at latest revision, 6 unresolved discussions.

---

p2p/discover/table.go, line 148 at r1 (raw file):

Previously, tzdybal (Tomasz Zdybał) wrote…

Old loop needs to be removed, as it overwrites the buckets with initialized ips.

Done.

---

p2p/distip/net.go, line 23 at r1 (raw file):

Previously, tzdybal (Tomasz Zdybał) wrote…

stringify key here, once. We don't need key in original form.

Done.

---

p2p/distip/net.go, line 34 at r1 (raw file):

Previously, tzdybal (Tomasz Zdybał) wrote…

Same here. We can convert key to string once, before assigning to variable.

Done.

---

p2p/distip/net.go, line 53 at r1 (raw file):

Previously, tzdybal (Tomasz Zdybał) wrote…

Why uint and int?

Done.

---

Comments from Reviewable

[r8d8]

Review status: 1 of 3 files reviewed at latest revision, 6 unresolved discussions, some commit checks failed.

---

p2p/discover/table.go, line 148 at r1 (raw file):

Previously, tzdybal (Tomasz Zdybał) wrote…

I can't see the initialization of tab.buckets - where is it? what's the size of the slice?

https://github.com/ethereumproject/go-ethereum/pull/537/files#diff-a59ccf33a2c8693dad1b9532841a894bR45

---

Comments from Reviewable

[tzdybal]

Reviewed 2 of 2 files at r2.
Review status: all files reviewed at latest revision, 1 unresolved discussion, some commit checks failed.

---

Comments from Reviewable

[whilei]

It is not clear to me what the difference should be between this test and TestTable_BucketIPLimit..?

FYI My proposed changes from whilei@dfbe261 fix the panic currently causing these tests to fail, but still this test fails because table ip limit is exceeded.

[whilei]

😕 Where are the other CI builds?

[r8d8]

yeap, have the same question. @tzdybal, @ia do you have admin access to check hooks in Settings tab?

---

Review status: all files reviewed at latest revision, 2 unresolved discussions, some commit checks failed.

---

Comments from Reviewable

[tzdybal]

I changed settings right now, to enable running CI on PR's from forks. I'll try to trigger the build.

[whilei]

@r8d8 negatory, captain. Maybe try pushing the branch to upstream and changing the source branch for the PR?

[whilei]

And just bumping this question since it got "outdated" from merge -- #537 (comment)

[r8d8]

Review status: all files reviewed at latest revision, 2 unresolved discussions, some commit checks failed.

---

p2p/discover/table_test.go, line 148 at r2 (raw file):

Previously, whilei (ia) wrote…

It is not clear to me what the difference should be between this test and TestTable_BucketIPLimit..?

FYI My proposed changes from whilei@dfbe261 fix the panic currently causing these tests to fail, but still this test fails because table ip limit is exceeded.

it calls nodeAtDistance, with d=3, which calculates Kamelia's distance (logdist(base, n.sha) == ld.)

---

Comments from Reviewable

[tzdybal]

Reviewed 49 of 50 files at r3.
Review status: 51 of 52 files reviewed at latest revision, 5 unresolved discussions, some commit checks failed.

---

coverage.tmp, line 1 at r3 (raw file):

mode: atomic

I think we should remove this file.

---

accounts/testdata/keystore/accounts.db, line 0 at r3 (raw file):
Safe to remove?

---

p2p/distip/net_test.go, line 39 at r3 (raw file):

		t.Errorf("got: %v, want: %v", len, 0)
	}
}

Test with more then one IP would be cool.

---

Comments from Reviewable

[whilei]

accounts/testdata/keystore/accounts.db, line at r3 (raw file):

Previously, tzdybal (Tomasz Zdybał) wrote…

Safe to remove?

affirmative

~/gocode/src/github.com/ethereumproject/go-ethereum/.git/info GIT_DIR! ⟠ cat exclude
/.idea
/i
/accounts/testdata/benchmark_keystore*
/accounts/testdata/keystore/accounts.db

---

Comments from Reviewable

[r8d8]

Review status: 0 of 5 files reviewed at latest revision, 5 unresolved discussions.

---

accounts/testdata/keystore/accounts.db, line at r3 (raw file):

Previously, whilei (ia) wrote…

affirmative

~/gocode/src/github.com/ethereumproject/go-ethereum/.git/info GIT_DIR! ⟠ cat exclude
/.idea
/i
/accounts/testdata/benchmark_keystore*
/accounts/testdata/keystore/accounts.db

Done

---

Comments from Reviewable

[r8d8]

Review status: 0 of 5 files reviewed at latest revision, 5 unresolved discussions.

---

coverage.tmp, line 1 at r3 (raw file):

Previously, tzdybal (Tomasz Zdybał) wrote…

I think we should remove this file.

Done.

---

Comments from Reviewable

[r8d8]

Reviewed 1 of 3 files at r1.
Review status: 0 of 5 files reviewed at latest revision, 5 unresolved discussions.

---

Comments from Reviewable

[whilei]

can we get rid of this?

[whilei]

Except for this questionable commented code hunk, LGTM

[tzdybal]

---

Reviewed 1 of 50 files at r3, 2 of 4 files at r4, 5 of 6 files at r5, 2 of 2 files at r6, 1 of 1 files at r7.
Review status: all files reviewed at latest revision, 6 unresolved discussions, some commit checks failed.

---

p2p/discover/udp.go, line 165 at r7 (raw file):

func (t *udp) nodeFromRPC(sender *net.UDPAddr, rn rpcNode) (*Node, error) {
	if rn.UDP <= 1024 {
		return nil, errors.New("low port")

Why error? This is definitely not common config, but restriction looks quite arbitral.

---

Comments from Reviewable

[whilei]

p2p/discover/udp.go, line 165 at r7 (raw file):

Previously, tzdybal (Tomasz Zdybał) wrote…

Why error? This is definitely not common config, but restriction looks quite arbitral.

Because ports <1024 are "reserved", see https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

---

Comments from Reviewable

[whilei]

p2p/discover/udp.go, line 165 at r7 (raw file):

Previously, whilei (ia) wrote…

Because ports <1024 are "reserved", see https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

*"many ports <1024"... but not all

---

Comments from Reviewable