Merge remote-tracking branch 'origin/master' into post-capella-block-verification

Author: acolytec3

packages/cli/src/rpc/modules/portal.ts

@@ -804,15 +804,15 @@ export class portal {
   }
   async statePutContent(params: [string, string]) {
     const [contentKey, content] = params.map((param) => hexToBytes(param))
-    const contentId = this._history.contentKeyToId(contentKey)
+    const contentId = this._state.contentKeyToId(contentKey)
     const d = distance(contentId, this._client.discv5.enr.nodeId)
     let storedLocally = false
     try {
-      if (d <= this._history.nodeRadius) {
-        await this._history.store(contentKey, content)
+      if (d <= this._state.nodeRadius) {
+        await this._state.store(contentKey, content)
         storedLocally = true
       }
-      const peerCount = await this._history.gossipContent(contentKey, content)
+      const peerCount = await this._state.gossipContent(contentKey, content)
       return {
         peerCount,
         storedLocally,
@@ -826,14 +826,19 @@ export class portal {
   }
   async beaconPutContent(params: [string, string]) {
     const [contentKey, content] = params.map((param) => hexToBytes(param))
-    const contentId = this._history.contentKeyToId(contentKey)
+    const contentId = this._beacon.contentKeyToId(contentKey)
     const d = distance(contentId, this._client.discv5.enr.nodeId)
     let storedLocally = false
     try {
-      if (d <= this._history.nodeRadius) {
-        await this._history.store(contentKey, content)
+      if (d <= this._beacon.nodeRadius) {
+        await this._beacon.store(contentKey, content)
         storedLocally = true
       }
+      const peerCount = await this._beacon.gossipContent(contentKey, content)
+      return {
+        peerCount,
+        storedLocally,
+      }
     } catch {
       return {
         peerCount: 0,
@@ -969,7 +974,6 @@ export class portal {
     this.logger.extend('stateGetContent')(`request received for ${contentKey}`)
     const lookup = new ContentLookup(this._state, hexToBytes(contentKey))
     const res = await lookup.startLookup()
-    this.logger.extend('stateGetContent')(`request returned ${JSON.stringify(res)}`)
     if (!res) {
       this.logger.extend('stateGetContent')(`request returned { enrs: [] }`)
       throw new Error('No content found')

packages/portalnetwork/src/client/client.ts

@@ -1,8 +1,9 @@
 import { EventEmitter } from 'eventemitter3'
-import { Discv5 } from '@chainsafe/discv5'
+import { Discv5, UDPTransportService } from '@chainsafe/discv5'
 import { ENR, SignableENR } from '@chainsafe/enr'
 import { bytesToHex, hexToBytes } from '@ethereumjs/util'
 import { keys } from '@libp2p/crypto'
+import type { Multiaddr } from '@multiformats/multiaddr'
 import { fromNodeAddress, multiaddr } from '@multiformats/multiaddr'
 import debug from 'debug'
 
@@ -32,6 +33,7 @@ import type {
   PortalNetworkOpts,
 } from './types.js'
 import { MessageCodes, PortalWireMessageType } from '../wire/types.js'
+import { RateLimiter } from '../transports/rateLimiter.js'
 
 export class PortalNetwork extends EventEmitter<PortalNetworkEvents> {
   eventLog: boolean
@@ -125,13 +127,18 @@ export class PortalNetwork extends EventEmitter<PortalNetworkEvents> {
     switch (opts.transport) {
       case TransportLayer.WEB: {
         opts.proxyAddress = opts.proxyAddress ?? 'ws://127.0.0.1:5050'
-        config.transport = new WebSocketTransportService(ma, config.enr.nodeId, opts.proxyAddress)
+        config.transport = new WebSocketTransportService(ma, config.enr.nodeId, opts.proxyAddress, new RateLimiter())
         break
       }
       case TransportLayer.MOBILE:
         config.transport = new CapacitorUDPTransportService(ma, config.enr.nodeId)
         break
       case TransportLayer.NODE:
+        config.transport = new UDPTransportService({
+          bindAddrs: config.bindAddrs,
+          nodeId: config.enr.nodeId,
+          rateLimiter: new RateLimiter(),
+        })
         break
     }
 
@@ -468,4 +475,22 @@ export class PortalNetwork extends EventEmitter<PortalNetworkEvents> {
       this.logger.extend('error')(`Error sending TALKRESP message: ${err}.  SrcId: ${src.nodeId} MultiAddr: ${src.socketAddr.toString()}`)
     }
   }
+
+  public addToBlackList = (ma: Multiaddr) => {
+    (<RateLimiter>(
+      (<any>this.discv5.sessionService.transport)['rateLimiter']
+    )).addToBlackList(ma.nodeAddress().address)
+  }
+
+  public isBlackListed = (ma: Multiaddr) => {
+    return (<RateLimiter>(
+      (<any>this.discv5.sessionService.transport)['rateLimiter']
+    )).isBlackListed(ma.nodeAddress().address)
+  }
+
+  public removeFromBlackList = (ma: Multiaddr) => {
+    (<RateLimiter>(
+      (<any>this.discv5.sessionService.transport)['rateLimiter']
+    )).removeFromBlackList(ma.nodeAddress().address)
+  }
 }

packages/portalnetwork/src/networks/beacon/beacon.ts

@@ -391,10 +391,10 @@ export class BeaconLightClientNetwork extends BaseNetwork {
           )
           if (value !== undefined) {
             const decoded = hexToBytes(value)
-            // const forkhash = decoded.slice(0, 4) as Uint8Array
-            // const forkname = this.beaconConfig.forkDigest2ForkName(forkhash) as LightClientForkName
+            const forkHash = decoded.slice(0, 4) as Uint8Array
+            const forkName = this.beaconConfig.forkDigest2ForkName(forkHash) as LightClientForkName
             if (
-              ssz[ForkName.capella].LightClientFinalityUpdate.deserialize(decoded.slice(4))
+              ssz[ForkName[forkName]].LightClientFinalityUpdate.deserialize(decoded.slice(4))
                 .finalizedHeader.beacon.slot < Number(key.finalitySlot)
             ) {
               // If what we have stored locally is older than the finality update requested, don't send it
@@ -732,9 +732,9 @@ export class BeaconLightClientNetwork extends BaseNetwork {
     if (typeof input === 'number') {
       period = input
     } else {
-      // const forkhash = input.slice(0, 4) as Uint8Array
-      // const forkname = this.beaconConfig.forkDigest2ForkName(forkhash) as LightClientForkName
-      const deserializedUpdate = ssz[ForkName.capella].LightClientUpdate.deserialize(
+      const forkhash = input.slice(0, 4) as Uint8Array
+      const forkName = this.beaconConfig.forkDigest2ForkName(forkhash) as LightClientForkName
+      const deserializedUpdate = ssz[ForkName[forkName]].LightClientUpdate.deserialize(
         input.slice(4),
       ) as LightClientUpdate
       period = computeSyncPeriodAtSlot(deserializedUpdate.attestedHeader.beacon.slot)

packages/portalnetwork/src/transports/capacitorUdp.ts

@@ -4,6 +4,7 @@ import { decodePacket, encodePacket } from '@chainsafe/discv5/packet'
 import { UDP } from '@frontall/capacitor-udp'
 import { multiaddr as ma } from '@multiformats/multiaddr'
 
+import type { IRateLimiter } from './rateLimiter.js'
 import type { SocketAddress } from '@chainsafe/discv5'
 import type { IPacket } from '@chainsafe/discv5/packet'
 import type {
@@ -33,11 +34,13 @@ export class CapacitorUDPTransportService
     ip4: true,
     ip6: false,
   }
-  public constructor(multiaddr: Multiaddr, srcId: string) {
+  private rateLimiter?: IRateLimiter
+  public constructor(multiaddr: Multiaddr, srcId: string, rateLimiter?: IRateLimiter) {
     //eslint-disable-next-line constructor-super
     super()
     this.bindAddrs = [multiaddr]
     this.srcId = srcId
+    this.rateLimiter = rateLimiter
   }
 
   public async start(): Promise<void> {
@@ -74,6 +77,9 @@ export class CapacitorUDPTransportService
   }
 
   public handleIncoming = (data: Uint8Array, rinfo: IRemoteInfo): void => {
+    if (this.rateLimiter && !this.rateLimiter.allowEncodedPacket(rinfo.address)) {
+      return
+    }
     const multiaddr = ma(
       `/${rinfo.family === 'IPv4' ? 'ip4' : 'ip6'}/${rinfo.address}/udp/${rinfo.port}`,
     )

packages/portalnetwork/src/transports/rateLimiter.ts

@@ -0,0 +1,51 @@
+type IPAddress = string
+
+export interface IRateLimiter {
+  allowEncodedPacket(ip: IPAddress): boolean
+  addExpectedResponse(ip: IPAddress): void
+  removeExpectedResponse(ip: IPAddress): void
+}
+
+const DEFAULT_BLACKLIST_DURATION = 1000 * 60 * 60 * 24 // 24 hours
+
+export class RateLimiter implements IRateLimiter {
+  private blackListed: Set<IPAddress> = new Set<IPAddress>()
+  private blackListTimeouts: Map<IPAddress, ReturnType<typeof setTimeout>> = new Map<
+    IPAddress,
+    ReturnType<typeof setTimeout>
+  >()
+  constructor() {}
+
+  public allowEncodedPacket(ip: IPAddress): boolean {
+    return !this.blackListed.has(ip)
+  }
+
+  public addExpectedResponse(_ip: IPAddress): void {
+    return
+  }
+
+  public removeExpectedResponse(_ip: IPAddress): void {
+    return
+  }
+
+  public addToBlackList(ip: IPAddress): void {
+    this.blackListed.add(ip)
+    this.blackListTimeouts.set(
+      ip,
+      setTimeout(() => {
+        this.blackListed.delete(ip)
+        this.blackListTimeouts.delete(ip)
+      }, DEFAULT_BLACKLIST_DURATION),
+    )
+  }
+
+  public removeFromBlackList(ip: IPAddress): void {
+    clearTimeout(this.blackListTimeouts.get(ip))
+    this.blackListTimeouts.delete(ip)
+    this.blackListed.delete(ip)
+  }
+
+  public isBlackListed(ip: IPAddress): boolean {
+    return this.blackListed.has(ip)
+  }
+}

packages/portalnetwork/src/transports/websockets.ts

@@ -18,7 +18,7 @@ import type { ENR } from '@chainsafe/enr'
 import type { Multiaddr } from '@multiformats/multiaddr'
 import type { Debugger } from 'debug'
 import type StrictEventEmitter from 'strict-event-emitter-types/types/src'
-
+import type { IRateLimiter } from './rateLimiter.js'
 const log = debug('discv5:transport')
 
 interface WebSocketTransportEvents extends ITransportEvents {
@@ -40,12 +40,13 @@ export class WebSocketTransportService
   private socket: WebSocketAsPromised
   private srcId: string
   private log: Debugger
+  private rateLimiter?: IRateLimiter
   ipMode: IPMode = {
     ip4: true,
     ip6: false,
   }
   bindAddrs: Multiaddr[] = []
-  public constructor(multiaddr: Multiaddr, srcId: string, proxyAddress: string) {
+  public constructor(multiaddr: Multiaddr, srcId: string, proxyAddress: string, rateLimiter?: IRateLimiter) {
     //eslint-disable-next-line constructor-super
     super()
     this.log = debug('Portal').extend('WebSocketTransportService')
@@ -58,6 +59,7 @@ export class WebSocketTransportService
       createWebSocket: (url) => new WebSocket(url),
       extractMessageData: (event) => event,
     })
+    this.rateLimiter = rateLimiter
   }
 
   public async start(): Promise<void> {
@@ -108,6 +110,9 @@ export class WebSocketTransportService
     const rinfo = JSON.parse(
       new TextDecoder().decode(data.slice(2, rinfoLength + 2)),
     ) as IRemoteInfo
+    if (this.rateLimiter && !this.rateLimiter.allowEncodedPacket(rinfo.address)) {
+      return;
+    }
     const multiaddr = ma(
       `/${rinfo.family === 'IPv4' ? 'ip4' : 'ip6'}/${rinfo.address}/udp/${rinfo.port}`,
     )

packages/portalnetwork/src/wire/utp/PortalNetworkUtp/requestManager.ts

@@ -6,9 +6,9 @@ import { Heap } from "heap-js";
 import { MAX_IN_FLIGHT_PACKETS, type RequestId } from "./types.js";
 
 const packetComparator: Comparator<Packet<PacketType>> = (a: Packet<PacketType>, b: Packet<PacketType>) => {
-    // If packets belong to the same connection, sort by sequence number
+    // If packets belong to the same connection, sort by sequence number (or ackNr for ST_STATE packets)
     if (a.header.connectionId === b.header.connectionId) {
-        return a.header.seqNr - b.header.seqNr;
+        return a.header.pType === PacketType.ST_STATE ? a.header.ackNr - b.header.ackNr : a.header.seqNr - b.header.seqNr;
     }
     // Otherwise, sort by timestamp
     return a.header.timestampMicroseconds - b.header.timestampMicroseconds;
@@ -90,7 +90,7 @@ export class RequestManager {
         } else {
             this.packetHeap.push(packet)
         }
-        this.logger.extend('HANDLE_PACKET')(`Adding ${PacketType[packet.header.pType]} [${packet.header.seqNr}] for Req:${packet.header.connectionId} to queue (size: ${this.packetHeap.size()} packets)`)
+        this.logger.extend('HANDLE_PACKET')(`Adding ${PacketType[packet.header.pType]} [${packet.header.pType === PacketType.ST_STATE ? packet.header.ackNr : packet.header.seqNr}] for Req:${packet.header.connectionId} to queue (size: ${this.packetHeap.size()} packets)`)
         if (this.currentPacket === undefined) {
             this.currentPacket = this.packetHeap.pop()
             await this.processCurrentPacket()
@@ -108,7 +108,7 @@ export class RequestManager {
             await this.processCurrentPacket()
             return
         }
-        this.logger.extend('PROCESS_CURRENT_PACKET')(`Processing ${PacketType[this.currentPacket.header.pType]} [${this.currentPacket.header.seqNr}] for Req:${this.currentPacket.header.connectionId}`)
+        this.logger.extend('PROCESS_CURRENT_PACKET')(`Processing ${PacketType[this.currentPacket.header.pType]} [${this.currentPacket.header.pType === PacketType.ST_STATE ? this.currentPacket.header.ackNr : this.currentPacket.header.seqNr}] for Req:${this.currentPacket.header.connectionId}`)
         const request = this.lookupRequest(this.currentPacket.header.connectionId)
         if (request === undefined) {
             this.logger.extend('PROCESS_CURRENT_PACKET')(`Request not found for current packet - connectionId: ${this.currentPacket.header.connectionId}`)

packages/portalnetwork/src/wire/utp/Socket/WriteSocket.ts

@@ -71,7 +71,7 @@ export class WriteSocket extends UtpSocket {
     this._clearTimeout()
   }
   logProgress() {
-    const needed = this.writer!.dataChunks.filter((n) => !this.ackNrs.includes(n[0]))
+    const needed = this.writer!.dataChunks.filter((n) => !this.ackNrs.includes(n[0])).map((n) => n[0])
     this.logger(
       `AckNr's received (${this.ackNrs.length}/${
         this.writer!.sentChunks.length

packages/portalnetwork/test/integration/blacklist.spec.ts

@@ -0,0 +1,67 @@
+import { SignableENR } from "@chainsafe/enr"
+import { keys } from "@libp2p/crypto"
+import { multiaddr } from "@multiformats/multiaddr"
+import { hexToBytes } from "ethereum-cryptography/utils"
+import { assert, describe, it } from "vitest"
+import type { HistoryNetwork } from "../../src";
+import { NetworkId, PortalNetwork, TransportLayer } from "../../src/index.js"
+const privateKeys = [
+    '0x0a2700250802122102273097673a2948af93317235d2f02ad9cf3b79a34eeb37720c5f19e09f11783c12250802122102273097673a2948af93317235d2f02ad9cf3b79a34eeb37720c5f19e09f11783c1a2408021220aae0fff4ac28fdcdf14ee8ecb591c7f1bc78651206d86afe16479a63d9cb73bd',
+    '0x0a27002508021221039909a8a7e81dbdc867480f0eeb7468189d1e7a1dd7ee8a13ee486c8cbd743764122508021221039909a8a7e81dbdc867480f0eeb7468189d1e7a1dd7ee8a13ee486c8cbd7437641a2408021220c6eb3ae347433e8cfe7a0a195cc17fc8afcd478b9fb74be56d13bccc67813130',
+  ]
+const pk1 = keys.privateKeyFromProtobuf(hexToBytes(privateKeys[0]).slice(-36))
+const enr1 = SignableENR.createFromPrivateKey(pk1)
+const pk2 = keys.privateKeyFromProtobuf(hexToBytes(privateKeys[1]).slice(-36))
+const enr2 = SignableENR.createFromPrivateKey(pk2)
+
+describe('black list test', async () => {
+  const initMa: any = multiaddr(`/ip4/127.0.0.1/udp/5030`)
+  enr1.setLocationMultiaddr(initMa)
+  const initMa2: any = multiaddr(`/ip4/127.0.0.1/udp/5031`)
+  enr2.setLocationMultiaddr(initMa2)
+  const node1 = await PortalNetwork.create({
+    transport: TransportLayer.NODE,
+    supportedNetworks: [{ networkId: NetworkId.HistoryNetwork }],
+    config: {
+      enr: enr1,
+      bindAddrs: {
+        ip4: initMa,
+      },
+      privateKey: pk1,
+    },
+  })
+  const node2 = await PortalNetwork.create({
+    transport: TransportLayer.NODE,
+    supportedNetworks: [{ networkId: NetworkId.HistoryNetwork }],
+    config: {
+      enr: enr2,
+      bindAddrs: {
+        ip4: initMa2,
+      },
+      privateKey: pk2,
+    },
+  })
+
+  await node1.start()
+  await node2.start()
+  const network1 = node1.networks.get(NetworkId.HistoryNetwork) as HistoryNetwork
+  const network2 = node2.networks.get(NetworkId.HistoryNetwork) as HistoryNetwork
+  const pong = await network1?.sendPing(network2?.enr!.toENR())
+  it('should ping peer', () => {
+    assert.isDefined(pong)
+  })
+  node1.addToBlackList(node2.discv5.enr.getLocationMultiaddr('udp')!)
+  it('should blacklist peer', () => {
+    assert.isTrue(node1.isBlackListed(node2.discv5.enr.getLocationMultiaddr('udp')!))
+  })
+  const pong2 = await network2?.sendPing(network1?.enr!.toENR())
+  it('blacklisted peer should not be able to ping', () => {
+    assert.isUndefined(pong2)
+  })
+  it('should remove peer from blacklist', async () => {
+    node1.removeFromBlackList(node2.discv5.enr.getLocationMultiaddr('udp')!)
+    assert.isFalse(node1.isBlackListed(node2.discv5.enr.getLocationMultiaddr('udp')!))
+    const pong3 = await network2?.sendPing(network1?.enr!.toENR())
+    assert.isDefined(pong3)
+  })
+})