Improve banning logic by grouping Ipv6 /56 prefixes #8199
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As we now support IPv6 and it is becomming more prevelant, this PR improves the security posture of Lighthouse by grouping /56 prefix'd IP addresses when counting bans.
What this means is that if a peer gets banned, they cannot just move to a new ipv6 address within their prefix and perform poorly again. We use our IP-colocation ban logic and classify all /56 prefix's as a single IP when counting bans. If the prefix accumulates enough bans we reject the entire prefix.
NOTE: While I was testing I noted a lot of logging and delays in the tests. So while I was there I removed the logging and attempted to improve the test speed for the property based peer pruning test.