-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
swarm/: Never call Behaviour::inject_event without a previous Behaviour::inject_connection_established #2337
Comments
My preference is not to do 3. I think it would be counter-intuitive and lead to more bugs when people build new behaviours. I agree with your preferences :). |
Agree on crossing opt 3 out. |
Also, doing some tests I see that |
@divagant-martian Are you working on this? If not, do you mind if I pick this up? It sounds like we have a rough consensus on the solution here. But to be a bit clearer here's what I'm thinking: Laws (not sure if this is currently true, but I'd endeavor to make them true):
|
This issue is rather time-sensitive for us, because the current master-libp2p branch panics when using identify. I think @divagant-martian has made progress (i'll let her chime in) but this is something we'd like to remedy quickly (I'm not sure about how quickly you think you would resolve this one). |
That sounds good. This seems pretty important so I also wanted to make sure someone was working on it |
Capturing a conversation with @divagant-martian out-of-band. Most favorable option at the moment. When banning a peer:
This should uphold all laws listed above by @MarcoPolo. @divagant-martian will work on this 🙏. Please keep us posted on the progress here @divagant-martian. |
Since closing a connection is not immediate, tracking allowed connections for banned peers is still open to at least one other race condition that I can identify:
When suggesting to keep track of allowed connections, I would suggest doing it on a per-connection basis, instead on a per peer one. Tracking this can be done in a synchronous manner and it targets directly the root of the issue. Thoughts? |
I think that makes sense. To extend the laws above by one more constraint:
Tracking this per connection is probably the simplest way to implement these laws correctly. Abstractly:
Does that align with your thoughts? |
Yeah, I think we are on the same page. Seems straightforward to implement. I'll send a PR in a couple of hours |
Imagine the following scenario:
Swarm::ban_peer_id
for peer X.Swarm
receives aNetworkEvent::IncomingConnection
for a not-yet authenticated peer.Swarm
callsthis.network.accept
to accept the connection and thus starts the upgrade process.Swarm
receives aNetworkEvent::ConnectionEstablished
from the network for the previously accepted connection. The connection appears to be to peer X which is marked as banned and thus theSwarm
starts closing the connection. TheSwarm
does not callNetworkBehaviour::inject_connection_established
.Swarm
receives aNetworkEvent::ConnectionEvent
from the network from the now closing connection to peer X. TheSwarm
callsNetworkBehaviour::inject_event
.The above leads to
NetworkBehaviour::inject_event
being called without a previousNetworkBehaviour::inject_connection_established
. This violates the API contract betweenSwarm
andNetworkBehaviour
. E.g.libp2p-identify
expectsNetworkBehaviour::inject_event
to never be called without a previousNetworkBehaviour::inject_connection_established
.rust-libp2p/protocols/identify/src/identify.rs
Lines 330 to 333 in 8b68026
I see multiple ways moving forward, ordered by preference:
Established
andClosing
) inEstablishedConnectionInfo
(pool.rs
) and ignore anytask::EstablishedConnectionEvent::Notify
from the connection in case it is inClosing
state.Swarm::banned_peers
before forwarding an event from the network to the behaviour inSwarm
(NetworkEvent::ConnectionEvent
).Swarm
to never callNetworkBehaviour::inject_event
without a previousNetworkBehaviour::inject_connection_established
and adjustlibp2p-identify
accordingly.Credit goes to @divagant-martian for associating the
libp2p-identify
panic with theSwarm
banning system.//CC @AgeManning
What do folks think?
The text was updated successfully, but these errors were encountered: