Implement peer blacklist #149
Conversation
ghost
assigned 
vyzo
force-pushed
the
feat/blacklist
branch
4 times, most recently
from
157a7dd
to
7f6f0f1
Compare
|
sorry for the force pushing mess, i was trying to get the test coverage right... it should be ready for review now. |
|
there is a hole currently in that the incoming stream is not tracked; this allows a blacklisted peer to replay old valid messages from other peers. |
|
actually it's ok, we do the blacklist check on the node that forwarded the message. but we should also check the message origin as well, as it might be blacklisted. |
|
the issue is that the validator can't see the peer that forwarded the message, so it can't make blacklist decisions for that peer. |
|
follow up in #150. |
pubsub.go
Outdated
| @@ -179,6 +183,8 @@ func NewPubSub(ctx context.Context, h host.Host, rt PubSubRouter, opts ...Option | |||
| topics: make(map[string]map[peer.ID]struct{}), | |||
| peers: make(map[peer.ID]chan *RPC), | |||
| topicVals: make(map[string]*topicVal), | |||
| blacklist: make(map[peer.ID]struct{}), | |||
There was a problem hiding this comment.
May want to use an LRU. This could turn into a DoS vector.
There was a problem hiding this comment.
Good point. As we discussed with why, let's make it an interface the user can pass with a default implementation using a map.
|
Added a blacklist type, with map and lru cache backed implementations. |
Adds a peer blacklist, which is checked before doing any processing on an incoming message.