Discv5 Protocol: Add support for banning nodes (#769)

* Add banned nodes to routing table. * Filter out banned nodes in lookups and cleanup expired bans in refreshLoop. * Don't respond to messages from banned nodes. * Prevent sending messages to banned nodes.
2025-02-09 04:43:41 +00:00 · 2025-01-30 19:28:10 +08:00 · 2025-01-30 19:28:10 +08:00 · c640d3c444
commit c640d3c444
parent e589cc0288
4 changed files with 190 additions and 18 deletions
--- a/eth/p2p/discoveryv5/protocol.nim
+++ b/eth/p2p/discoveryv5/protocol.nim
@ -124,6 +124,9 @@ const
  defaultResponseTimeout* = 4.seconds ## timeout for the response of a request-response
  ## call
  ## Ban durations for banned nodes in the routing table
  NodeBanDurationInvalidResponse = 15.minutes
 type
  OptAddress* = object
    ip*: Opt[IpAddress]
@ -142,6 +145,7 @@ type
    bindAddress: OptAddress ## UDP binding address
    pendingRequests: Table[AESGCMNonce, PendingRequest]
    routingTable*: RoutingTable
    banNodes: bool
    codec*: Codec
    awaitedMessages: Table[(NodeId, RequestId), Future[Opt[Message]]]
    refreshLoop: Future[void]
@ -157,6 +161,7 @@ type
    responseTimeout: Duration
    rng*: ref HmacDrbgContext
  PendingRequest = object
    node: Node
    message: seq[byte]
@ -192,10 +197,13 @@ proc addNode*(d: Protocol, node: Node): bool =
  ##
  ## Returns true only when `Node` was added as a new entry to a bucket in the
  ## routing table.
-  if d.routingTable.addNode(node) == Added:
+  let r = d.routingTable.addNode(node)
  if r == Added:
    return true
-  else:
+
-    return false
+  if r == Banned:
    debug "Banned node not added to routing table", nodeId = node.id
  return false
 proc addNode*(d: Protocol, r: Record): bool =
  ## Add `Node` from a `Record` to discovery routing table.
@ -429,6 +437,30 @@ proc sendWhoareyou(d: Protocol, toId: NodeId, a: Address,
  else:
    debug "Node with this id already has ongoing handshake, ignoring packet"
 proc replaceNode(d: Protocol, n: Node) =
  if n.record notin d.bootstrapRecords:
    d.routingTable.replaceNode(n)
  else:
    # For now we never remove bootstrap nodes. It might make sense to actually
    # do so and to retry them only in case we drop to a really low amount of
    # peers in the routing table.
    debug "Message request to bootstrap node failed", enr = toURI(n.record)
 proc banNode*(d: Protocol, n: Node, banPeriod: chronos.Duration) =
  if n.record notin d.bootstrapRecords:
    if d.banNodes:
      d.routingTable.banNode(n.id, banPeriod) # banNode also replaces the node
    else:
      d.routingTable.replaceNode(n)
  else:
    # For now we never remove bootstrap nodes. It might make sense to actually
    # do so and to retry them only in case we drop to a really low amount of
    # peers in the routing table.
    debug "Message request to bootstrap node failed", enr = toURI(n.record)
 proc isBanned*(d: Protocol, nodeId: NodeId): bool =
  d.banNodes and d.routingTable.isBanned(nodeId)
 proc receive*(d: Protocol, a: Address, packet: openArray[byte]) =
  discv5_network_bytes.inc(packet.len.int64, labelValues = [$Direction.In])
@ -437,6 +469,10 @@ proc receive*(d: Protocol, a: Address, packet: openArray[byte]) =
    let packet = decoded[]
    case packet.flag
    of OrdinaryMessage:
      if d.isBanned(packet.srcId):
        trace "Ignoring received OrdinaryMessage from banned node", nodeId = packet.srcId
        return
      if packet.messageOpt.isSome():
        let message = packet.messageOpt.get()
        trace "Received message packet", srcId = packet.srcId, address = a,
@ -464,6 +500,10 @@ proc receive*(d: Protocol, a: Address, packet: openArray[byte]) =
      else:
        debug "Timed out or unrequested whoareyou packet", address = a
    of HandshakeMessage:
      if d.isBanned(packet.srcIdHs):
        trace "Ignoring received HandshakeMessage from banned node", nodeId = packet.srcIdHs
        return
      trace "Received handshake message packet", srcId = packet.srcIdHs,
        address = a, kind = packet.message.kind
      d.handleMessage(packet.srcIdHs, a, packet.message, packet.node)
@ -494,14 +534,7 @@ proc processClient(transp: DatagramTransport, raddr: TransportAddress):
  proto.receive(Address(ip: raddr.toIpAddress(), port: raddr.port), buf)
-proc replaceNode(d: Protocol, n: Node) =
+
  if n.record notin d.bootstrapRecords:
    d.routingTable.replaceNode(n)
  else:
    # For now we never remove bootstrap nodes. It might make sense to actually
    # do so and to retry them only in case we drop to a really low amount of
    # peers in the routing table.
    debug "Message request to bootstrap node failed", enr = toURI(n.record)
 # TODO: This could be improved to do the clean-up immediately in case a non
 # whoareyou response does arrive, but we would need to store the AuthTag
@ -546,9 +579,11 @@ proc waitNodes(d: Protocol, fromNode: Node, reqId: RequestId):
          break
      return ok(res)
    else:
      d.banNode(fromNode, NodeBanDurationInvalidResponse)
      discovery_message_requests_outgoing.inc(labelValues = ["invalid_response"])
      return err("Invalid response to find node message")
  else:
    d.replaceNode(fromNode)
    discovery_message_requests_outgoing.inc(labelValues = ["no_response"])
    return err("Nodes message not received in time")
@ -574,6 +609,10 @@ proc ping*(d: Protocol, toNode: Node):
  ## Send a discovery ping message.
  ##
  ## Returns the received pong message or an error.
  if d.isBanned(toNode.id):
    return err("toNode is banned")
  let reqId = d.sendMessage(toNode,
    PingMessage(enrSeq: d.localNode.record.seqNum))
  let resp = await d.waitMessage(toNode, reqId)
@ -583,7 +622,7 @@ proc ping*(d: Protocol, toNode: Node):
      d.routingTable.setJustSeen(toNode)
      return ok(resp.get().pong)
    else:
-      d.replaceNode(toNode)
+      d.banNode(toNode, NodeBanDurationInvalidResponse)
      discovery_message_requests_outgoing.inc(labelValues = ["invalid_response"])
      return err("Invalid response to ping message")
  else:
@ -597,15 +636,18 @@ proc findNode*(d: Protocol, toNode: Node, distances: seq[uint16]):
  ##
  ## Returns the received nodes or an error.
  ## Received ENRs are already validated and converted to `Node`.
  if d.isBanned(toNode.id):
    return err("toNode is banned")
  let reqId = d.sendMessage(toNode, FindNodeMessage(distances: distances))
  let nodes = await d.waitNodes(toNode, reqId)
  if nodes.isOk:
    let res = verifyNodesRecords(nodes.get(), toNode, findNodeResultLimit, distances)
    d.routingTable.setJustSeen(toNode)
-    return ok(res)
+    return ok(res.filterIt(not d.isBanned(it.id)))
  else:
    d.replaceNode(toNode)
    return err(nodes.error)
 proc talkReq*(d: Protocol, toNode: Node, protocol, request: seq[byte]):
@ -613,6 +655,10 @@ proc talkReq*(d: Protocol, toNode: Node, protocol, request: seq[byte]):
  ## Send a discovery talkreq message.
  ##
  ## Returns the received talkresp message or an error.
  if d.isBanned(toNode.id):
    return err("toNode is banned")
  let reqId = d.sendMessage(toNode,
    TalkReqMessage(protocol: protocol, request: request))
  let resp = await d.waitMessage(toNode, reqId)
@ -622,7 +668,7 @@ proc talkReq*(d: Protocol, toNode: Node, protocol, request: seq[byte]):
      d.routingTable.setJustSeen(toNode)
      return ok(resp.get().talkResp.response)
    else:
-      d.replaceNode(toNode)
+      d.banNode(toNode, NodeBanDurationInvalidResponse)
      discovery_message_requests_outgoing.inc(labelValues = ["invalid_response"])
      return err("Invalid response to talk request message")
  else:
@ -797,6 +843,12 @@ proc resolve*(d: Protocol, id: NodeId): Future[Opt[Node]] {.async: (raises: [Can
  if id == d.localNode.id:
    return Opt.some(d.localNode)
  # No point in trying to resolve a banned node because it won't exist in the
  # routing table and it will be filtered out of any respones in the lookup call
  if d.isBanned(id):
    debug "Not resolving banned node", nodeId = id
    return Opt.none(Node)
  let node = d.getNode(id)
  if node.isSome():
    let request = await d.findNode(node.get(), @[0'u16])
@ -882,6 +934,9 @@ proc refreshLoop(d: Protocol) {.async: (raises: []).} =
        trace "Discovered nodes in random target query", nodes = randomQuery.len
        debug "Total nodes in discv5 routing table", total = d.routingTable.len()
      # Remove the expired bans from routing table to limit memory usage
      d.routingTable.cleanupExpiredBans()
      await sleepAsync(refreshInterval)
  except CancelledError:
    trace "refreshLoop canceled"
@ -985,6 +1040,7 @@ proc newProtocol*(
    bindPort: Port,
    bindIp = IPv4_any(),
    enrAutoUpdate = false,
    banNodes = false,
    config = defaultDiscoveryConfig,
    rng = newRng()):
    Protocol =
@ -1034,6 +1090,7 @@ proc newProtocol*(
    enrAutoUpdate: enrAutoUpdate,
    routingTable: RoutingTable.init(
      node, config.bitsPerHop, config.tableIpLimits, rng),
    banNodes: banNodes,
    handshakeTimeout: config.handshakeTimeout,
    responseTimeout: config.responseTimeout,
    rng: rng)
--- a/eth/p2p/discoveryv5/routing_table.nim
+++ b/eth/p2p/discoveryv5/routing_table.nim
@ -195,7 +195,7 @@ func ipLimitDec(r: var RoutingTable, b: KBucket, n: Node) =
  r.ipLimits.dec(ip)
 func getNode*(r: RoutingTable, id: NodeId): Opt[Node]
-proc replaceNode*(r: var RoutingTable, n: Node)
+proc replaceNode*(r: var RoutingTable, n: Node) {.gcsafe.}
 proc banNode*(r: var RoutingTable, nodeId: NodeId, period: chronos.Duration) =
  ## Ban a node from the routing table for the given period. The node is removed
--- a/tests/p2p/discv5_test_helper.nim
+++ b/tests/p2p/discv5_test_helper.nim
@ -22,7 +22,8 @@ proc initDiscoveryNode*(
    address: Address,
    bootstrapRecords: openArray[Record] = [],
    localEnrFields: openArray[(string, seq[byte])] = [],
-    previousRecord = Opt.none(enr.Record)):
+    previousRecord = Opt.none(enr.Record),
    banNodes = false):
    discv5_protocol.Protocol =
  # set bucketIpLimit to allow bucket split
  let config = DiscoveryConfig.init(1000, 24, 5)
@ -36,7 +37,8 @@ proc initDiscoveryNode*(
    localEnrFields = localEnrFields,
    previousRecord = previousRecord,
    config = config,
-    rng = rng)
+    rng = rng,
    banNodes = banNodes)
  protocol.open()
--- a/tests/p2p/test_discoveryv5.nim
+++ b/tests/p2p/test_discoveryv5.nim
@ -926,3 +926,116 @@ suite "Discovery v5 Tests":
    await node1.closeWait()
    await node2.closeWait()
  asyncTest "Banned nodes are removed and cannot be added":
    let
      node = initDiscoveryNode(rng, PrivateKey.random(rng[]), localAddress(20302), banNodes = true)
      targetNode = generateNode(PrivateKey.random(rng[]))
    # add the node
    check:
      node.addNode(targetNode) == true
      node.getNode(targetNode.id).isSome()
    # banning the node should remove it from the routing table
    node.banNode(targetNode, 1.minutes)
    check node.getNode(targetNode.id).isNone()
    # cannot add a banned node
    check:
      node.addNode(targetNode) == false
      node.getNode(targetNode.id).isNone()
    await node.closeWait()
  asyncTest "FindNode filters out banned nodes":
    let
      mainNode = initDiscoveryNode(rng, PrivateKey.random(rng[]), localAddress(20301),
          banNodes = true)
      testNode = initDiscoveryNode(rng, PrivateKey.random(rng[]), localAddress(20302),
          @[mainNode.localNode.record], banNodes = true)
    # Generate 100 random nodes and add to our main node's routing table
    for i in 0 ..< 100:
      discard mainNode.addSeenNode(generateNode(PrivateKey.random(rng[])))
    let
      neighbours = mainNode.neighbours(mainNode.localNode.id)
      closest = neighbours[0]
      closestDistance = logDistance(closest.id, mainNode.localNode.id)
    block:
      # the closest node is returned
      let discovered = await testNode.findNode(mainNode.localNode, @[closestDistance])
      check discovered.isOk
      check closest in discovered[]
    # ban the closest node
    mainNode.banNode(closest, 1.minutes)
    block:
      # the banned node is not returned
      let discovered = await testNode.findNode(mainNode.localNode, @[closestDistance])
      check discovered.isOk
      check closest notin discovered[]
    await mainNode.closeWait()
    await testNode.closeWait()
  asyncTest "Cannot send messages to banned nodes":
    let
      node1 = initDiscoveryNode(rng, PrivateKey.random(rng[]), localAddress(20302),
          banNodes = true)
      node2 = initDiscoveryNode(rng, PrivateKey.random(rng[]), localAddress(20301),
          banNodes = true)
    # ban node2 in node1's routing table
    node1.banNode(node2.localNode, 1.minutes)
    block:
      let pong = await node1.ping(node2.localNode)
      check:
        pong.isErr()
        pong.error() == "toNode is banned"
    block:
      let nodes = await node1.findNode(node2.localNode, @[0.uint16])
      check:
        nodes.isErr()
        nodes.error() == "toNode is banned"
    block:
      let node = await node1.resolve(node2.localNode.id)
      check node.isNone()
    await node2.closeWait()
    await node1.closeWait()
  asyncTest "Ignore messages from banned nodes":
    let
      node1 = initDiscoveryNode(rng, PrivateKey.random(rng[]), localAddress(20302),
          banNodes = true)
      node2 = initDiscoveryNode(rng, PrivateKey.random(rng[]), localAddress(20301),
          banNodes = true)
    # ban node1 in node2's routing table
    node2.banNode(node1.localNode, 1.minutes)
    block:
      let pong = await node1.ping(node2.localNode)
      check:
        pong.isErr()
        pong.error() == "Pong message not received in time"
    block:
      let nodes = await node1.findNode(node2.localNode, @[0.uint16])
      check:
        nodes.isErr()
        nodes.error() == "Nodes message not received in time"
    block:
      let node = await node1.resolve(node2.localNode.id)
      check node.isNone()
    await node2.closeWait()
    await node1.closeWait()