Skip to content
This repository has been archived by the owner on May 26, 2022. It is now read-only.

sync: update CI config files #248

Merged
merged 5 commits into from
Apr 30, 2021
Merged

sync: update CI config files #248

merged 5 commits into from
Apr 30, 2021

Conversation

web3-bot
Copy link
Collaborator

@web3-bot web3-bot commented Mar 30, 2021

Syncing to commit protocol/.github@137ffc6.

@web3-bot web3-bot changed the title sync: only create a single PR per target repo sync: run go mod tidy (and set Go 1.15) and gofmt -s in copy workflow Apr 1, 2021
@web3-bot web3-bot changed the title sync: run go mod tidy (and set Go 1.15) and gofmt -s in copy workflow sync: remove Travis and CircleCI configs on first deployment of test workflow Apr 2, 2021
@web3-bot web3-bot changed the title sync: remove Travis and CircleCI configs on first deployment of test workflow sync: update CI config files Apr 6, 2021
@web3-bot web3-bot force-pushed the web3-bot/sync branch 2 times, most recently from 52ee1f2 to 941f1f2 Compare April 9, 2021 03:50
@marten-seemann marten-seemann force-pushed the web3-bot/sync branch 2 times, most recently from abe00cb to bf675a9 Compare April 20, 2021 17:57
@Stebalien
Copy link
Member

@marten-seemann the error here appears to be an actual bug somewhere adjacent to the connection gater. It looks like this may be failing in QUIC, but it could also be more generalized.

@marten-seemann
Copy link
Contributor

@Stebalien will investigate

@marten-seemann
Copy link
Contributor

marten-seemann commented Apr 21, 2021

@Stebalien Indeed, this is because in QUIC, we don't distinguish between InterceptAccept and InterceptSecured: https://github.com/libp2p/go-libp2p-quic-transport/blob/6f581f3da03a00073b292098e7b7259fd072ee00/listener.go#L73-L76
In both cases, we only check the connection gater after handshake completion. When implementing this, we had the following 3 options:

  1. Drop packets from the blacklisted mutliaddr before they even reach quic-go.
  2. Send a CONNECTION_CLOSE with a "you've been blacklisted" error code before starting the handshake (see add a callback to allow filtering of incoming connections by IP address quic-go/quic-go#2558).
  3. Complete the handshake and then reject the connection.

We decided for 3. because:

  • Option 1 makes the peer run into a handshake timeout (5s), which is not a very friendly thing to do
  • Option 2 is an unauthenticated signal, and could be used by an attacker to prevent two peers from connecting to each other for an extended period of time

How should we proceed here? Should we disable this test case when using QUIC (and, in general, be explicit which transport we run the connection gater tests on)?

@Stebalien
Copy link
Member

Yeah, I think it's reasonable to disable (or limit) these tests on QUIC. This should also fix #251.

Read can return both bytes and an EOF at the same time.
@github-actions github-actions bot merged commit 6b6e765 into master Apr 30, 2021
@github-actions github-actions bot deleted the web3-bot/sync branch April 30, 2021 22:29
@aschmahmann aschmahmann mentioned this pull request Aug 23, 2021
62 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants