2019-07-08 14:07:09 +00:00
package sub
import (
2020-05-12 18:05:29 +00:00
"bytes"
2019-07-08 14:07:09 +00:00
"context"
2020-05-12 19:26:25 +00:00
"fmt"
2020-05-12 18:13:30 +00:00
"sync"
2019-12-07 10:49:05 +00:00
"time"
2019-09-18 02:50:03 +00:00
2020-04-01 01:34:23 +00:00
"golang.org/x/xerrors"
2020-05-12 18:05:29 +00:00
address "github.com/filecoin-project/go-address"
2020-05-12 19:26:25 +00:00
amt "github.com/filecoin-project/go-amt-ipld/v2"
2020-05-12 18:05:29 +00:00
miner "github.com/filecoin-project/specs-actors/actors/builtin/miner"
2020-02-17 05:51:18 +00:00
lru "github.com/hashicorp/golang-lru"
"github.com/ipfs/go-cid"
2020-05-12 19:26:25 +00:00
dstore "github.com/ipfs/go-datastore"
bstore "github.com/ipfs/go-ipfs-blockstore"
2020-05-12 18:05:29 +00:00
cbor "github.com/ipfs/go-ipld-cbor"
2020-01-08 19:10:57 +00:00
logging "github.com/ipfs/go-log/v2"
2019-12-17 07:06:48 +00:00
connmgr "github.com/libp2p/go-libp2p-core/connmgr"
2020-05-05 14:12:06 +00:00
"github.com/libp2p/go-libp2p-core/peer"
2019-07-08 14:07:09 +00:00
pubsub "github.com/libp2p/go-libp2p-pubsub"
2020-05-12 19:26:25 +00:00
cbg "github.com/whyrusleeping/cbor-gen"
2020-03-02 00:26:09 +00:00
"go.opencensus.io/stats"
"go.opencensus.io/tag"
2019-07-08 15:14:36 +00:00
2020-01-07 20:41:26 +00:00
"github.com/filecoin-project/lotus/build"
2019-10-18 04:47:41 +00:00
"github.com/filecoin-project/lotus/chain"
2019-12-01 23:11:43 +00:00
"github.com/filecoin-project/lotus/chain/messagepool"
2020-05-12 18:05:29 +00:00
"github.com/filecoin-project/lotus/chain/state"
"github.com/filecoin-project/lotus/chain/stmgr"
"github.com/filecoin-project/lotus/chain/store"
2019-10-18 04:47:41 +00:00
"github.com/filecoin-project/lotus/chain/types"
2020-05-12 18:05:29 +00:00
"github.com/filecoin-project/lotus/lib/bufbstore"
2020-05-12 19:26:25 +00:00
"github.com/filecoin-project/lotus/lib/sigs"
2020-03-02 00:26:09 +00:00
"github.com/filecoin-project/lotus/metrics"
2019-07-08 14:07:09 +00:00
)
var log = logging . Logger ( "sub" )
2020-05-12 16:29:06 +00:00
func HandleIncomingBlocks ( ctx context . Context , bsub * pubsub . Subscription , s * chain . Syncer , cmgr connmgr . ConnManager ) {
2019-07-08 14:07:09 +00:00
for {
msg , err := bsub . Next ( ctx )
if err != nil {
2019-09-17 14:23:08 +00:00
if ctx . Err ( ) != nil {
log . Warn ( "quitting HandleIncomingBlocks loop" )
return
}
2019-07-28 05:35:32 +00:00
log . Error ( "error from block subscription: " , err )
2019-07-08 14:07:09 +00:00
continue
}
2020-02-17 05:51:18 +00:00
blk , ok := msg . ValidatorData . ( * types . BlockMsg )
if ! ok {
log . Warnf ( "pubsub block validator passed on wrong type: %#v" , msg . ValidatorData )
2020-05-05 13:35:03 +00:00
return
2020-01-07 20:41:26 +00:00
}
2020-05-05 14:12:06 +00:00
//nolint:golint
2020-05-05 13:49:43 +00:00
src := peer . ID ( msg . GetFrom ( ) )
2019-07-08 14:07:09 +00:00
go func ( ) {
2019-12-11 20:41:24 +00:00
log . Infof ( "New block over pubsub: %s" , blk . Cid ( ) )
start := time . Now ( )
2019-08-27 18:45:21 +00:00
log . Debug ( "about to fetch messages for block from pubsub" )
2019-08-01 20:40:47 +00:00
bmsgs , err := s . Bsync . FetchMessagesByCids ( context . TODO ( ) , blk . BlsMessages )
2019-07-08 14:07:09 +00:00
if err != nil {
2020-05-12 16:29:06 +00:00
log . Errorf ( "failed to fetch all bls messages for block received over pubusb: %s; source: %s" , err , src )
2019-07-08 14:07:09 +00:00
return
}
2019-08-01 20:40:47 +00:00
smsgs , err := s . Bsync . FetchSignedMessagesByCids ( context . TODO ( ) , blk . SecpkMessages )
if err != nil {
2020-05-12 16:29:06 +00:00
log . Errorf ( "failed to fetch all secpk messages for block received over pubusb: %s; source: %s" , err , src )
2019-08-01 20:40:47 +00:00
return
}
2019-12-11 20:41:24 +00:00
took := time . Since ( start )
log . Infow ( "new block over pubsub" , "cid" , blk . Header . Cid ( ) , "source" , msg . GetFrom ( ) , "msgfetch" , took )
2019-12-07 10:49:05 +00:00
if delay := time . Now ( ) . Unix ( ) - int64 ( blk . Header . Timestamp ) ; delay > 5 {
log . Warnf ( "Received block with large delay %d from miner %s" , delay , blk . Header . Miner )
}
2019-12-17 07:06:48 +00:00
2019-12-19 06:19:15 +00:00
if s . InformNewBlock ( msg . ReceivedFrom , & types . FullBlock {
2019-08-01 20:40:47 +00:00
Header : blk . Header ,
BlsMessages : bmsgs ,
SecpkMessages : smsgs ,
2019-12-17 07:06:48 +00:00
} ) {
2019-12-19 06:19:15 +00:00
cmgr . TagPeer ( msg . ReceivedFrom , "blkprop" , 5 )
2019-12-17 07:06:48 +00:00
}
2019-07-08 14:07:09 +00:00
} ( )
}
}
2020-02-17 05:51:18 +00:00
type BlockValidator struct {
peers * lru . TwoQueueCache
killThresh int
recvBlocks * blockReceiptCache
blacklist func ( peer . ID )
2020-05-12 18:05:29 +00:00
// necessary for block validation
chain * store . ChainStore
stmgr * stmgr . StateManager
2020-05-12 18:13:30 +00:00
mx sync . Mutex
keycache map [ string ] address . Address
2020-02-17 05:51:18 +00:00
}
2020-05-12 18:05:29 +00:00
func NewBlockValidator ( chain * store . ChainStore , stmgr * stmgr . StateManager , blacklist func ( peer . ID ) ) * BlockValidator {
2020-02-17 05:51:18 +00:00
p , _ := lru . New2Q ( 4096 )
return & BlockValidator {
peers : p ,
2020-05-05 13:49:43 +00:00
killThresh : 10 ,
2020-02-17 05:51:18 +00:00
blacklist : blacklist ,
recvBlocks : newBlockReceiptCache ( ) ,
2020-05-12 18:05:29 +00:00
chain : chain ,
stmgr : stmgr ,
2020-02-17 05:51:18 +00:00
}
}
func ( bv * BlockValidator ) flagPeer ( p peer . ID ) {
v , ok := bv . peers . Get ( p )
if ! ok {
bv . peers . Add ( p , int ( 1 ) )
return
}
val := v . ( int )
if val >= bv . killThresh {
2020-05-05 13:49:43 +00:00
log . Warnf ( "blacklisting peer %s" , p )
2020-02-17 05:51:18 +00:00
bv . blacklist ( p )
2020-05-05 13:49:43 +00:00
return
2020-02-17 05:51:18 +00:00
}
bv . peers . Add ( p , v . ( int ) + 1 )
}
2020-05-05 13:35:03 +00:00
func ( bv * BlockValidator ) Validate ( ctx context . Context , pid peer . ID , msg * pubsub . Message ) pubsub . ValidationResult {
2020-03-02 00:57:16 +00:00
stats . Record ( ctx , metrics . BlockReceived . M ( 1 ) )
2020-05-12 18:05:29 +00:00
2020-05-12 19:26:25 +00:00
recordFailure := func ( what string ) {
ctx , _ = tag . New ( ctx , tag . Insert ( metrics . FailureType , what ) )
stats . Record ( ctx , metrics . BlockValidationFailure . M ( 1 ) )
bv . flagPeer ( pid )
}
2020-05-12 18:05:29 +00:00
// make sure the block can be decoded
2020-02-17 05:51:18 +00:00
blk , err := types . DecodeBlockMsg ( msg . GetData ( ) )
if err != nil {
log . Error ( "got invalid block over pubsub: " , err )
2020-05-12 19:26:25 +00:00
recordFailure ( "invalid" )
2020-05-05 13:35:03 +00:00
return pubsub . ValidationReject
2020-02-17 05:51:18 +00:00
}
2020-05-12 18:05:29 +00:00
// check the message limit constraints
2020-02-17 05:51:18 +00:00
if len ( blk . BlsMessages ) + len ( blk . SecpkMessages ) > build . BlockMessageLimit {
log . Warnf ( "received block with too many messages over pubsub" )
2020-05-12 19:26:25 +00:00
recordFailure ( "too_many_messages" )
return pubsub . ValidationReject
}
// make sure we have a signature
if blk . Header . BlockSig == nil {
log . Warnf ( "received block without a signature over pubsub" )
recordFailure ( "missing_signature" )
return pubsub . ValidationReject
}
// validate the block meta: the Message CID in the header must match the included messages
err = bv . validateMsgMeta ( ctx , blk )
if err != nil {
log . Warnf ( "error validating message metadata: %s" , err )
recordFailure ( "invalid_block_meta" )
2020-05-05 13:35:03 +00:00
return pubsub . ValidationReject
2020-02-17 05:51:18 +00:00
}
2020-05-12 18:05:29 +00:00
// we want to ensure that it is a block from a known miner; we reject blocks from unknown miners
// to prevent spam attacks.
// the logic works as follows: we lookup the miner in the chain for its key.
// if we can find it then it's a known miner and we can validate the signature.
// if we can't find it, we check whether we are (near) synced in the chain.
// if we are not synced we cannot validate the block and we must ignore it.
2020-05-12 19:26:25 +00:00
// if we are synced and the miner is unknown, then the block is rejcected.
key , err := bv . getMinerWorkerKey ( ctx , blk )
if err != nil {
if bv . isChainNearSynced ( ) {
log . Warnf ( "received block message from unknown miner over pubsub; rejecting message" )
recordFailure ( "unknown_miner" )
return pubsub . ValidationReject
} else {
log . Warnf ( "cannot validate block message; unknown miner in unsynced chain" )
return pubsub . ValidationIgnore
}
}
2020-05-12 18:05:29 +00:00
2020-05-12 19:26:25 +00:00
blob , err := blk . Header . SigningBytes ( )
if err != nil {
// this shouldn't happen; it's an encoding error of the object we just decoded sans the
// signature...
log . Errorf ( "error retrieving signing bytes for block header: %s" , err )
return pubsub . ValidationIgnore
}
err = sigs . Verify ( blk . Header . BlockSig , key , blob )
if err != nil {
log . Errorf ( "block signature verification failed: %s" , err )
recordFailure ( "signature_verification_failed" )
return pubsub . ValidationReject
}
2020-05-12 18:05:29 +00:00
// it's a good block! make sure we've only seen it once
2020-02-17 05:51:18 +00:00
if bv . recvBlocks . add ( blk . Header . Cid ( ) ) > 0 {
// TODO: once these changes propagate to the network, we can consider
// dropping peers who send us the same block multiple times
2020-05-05 13:35:03 +00:00
return pubsub . ValidationIgnore
2020-02-17 05:51:18 +00:00
}
2020-05-12 18:05:29 +00:00
// all good, accept the block
2020-02-17 05:51:18 +00:00
msg . ValidatorData = blk
2020-03-02 00:57:16 +00:00
stats . Record ( ctx , metrics . BlockValidationSuccess . M ( 1 ) )
2020-05-05 13:35:03 +00:00
return pubsub . ValidationAccept
2020-02-17 05:51:18 +00:00
}
2020-05-12 19:26:25 +00:00
func ( bv * BlockValidator ) isChainNearSynced ( ) bool {
ts := bv . chain . GetHeaviestTipSet ( )
timestamp := ts . MinTimestamp ( )
now := time . Now ( ) . UnixNano ( )
cutoff := uint64 ( now ) - uint64 ( 6 * time . Hour )
return timestamp > cutoff
}
func ( bv * BlockValidator ) validateMsgMeta ( ctx context . Context , msg * types . BlockMsg ) error {
var bcids , scids [ ] cbg . CBORMarshaler
for _ , m := range msg . BlsMessages {
c := cbg . CborCid ( m )
bcids = append ( bcids , & c )
}
for _ , m := range msg . SecpkMessages {
c := cbg . CborCid ( m )
scids = append ( scids , & c )
}
// TODO there has to be a simpler way to do this without the blockstore dance
bs := cbor . NewCborStore ( bstore . NewBlockstore ( dstore . NewMapDatastore ( ) ) )
bmroot , err := amt . FromArray ( ctx , bs , bcids )
if err != nil {
return err
}
smroot , err := amt . FromArray ( ctx , bs , scids )
if err != nil {
return err
}
mrcid , err := bs . Put ( ctx , & types . MsgMeta {
BlsMessages : bmroot ,
SecpkMessages : smroot ,
} )
if err != nil {
return err
}
if msg . Header . Messages != mrcid {
return fmt . Errorf ( "messages didn't match root cid in header" )
}
return nil
}
2020-05-12 18:05:29 +00:00
func ( bv * BlockValidator ) getMinerWorkerKey ( ctx context . Context , msg * types . BlockMsg ) ( address . Address , error ) {
addr := msg . Header . Miner
2020-05-12 18:13:30 +00:00
bv . mx . Lock ( )
key , ok := bv . keycache [ addr . String ( ) ]
bv . mx . Unlock ( )
if ok {
return key , nil
}
2020-05-12 18:05:29 +00:00
// TODO I have a feeling all this can be simplified by cleverer DI to use the API
ts := bv . chain . GetHeaviestTipSet ( )
st , _ , err := bv . stmgr . TipSetState ( ctx , ts )
if err != nil {
return address . Undef , err
}
buf := bufbstore . NewBufferedBstore ( bv . chain . Blockstore ( ) )
cst := cbor . NewCborStore ( buf )
state , err := state . LoadStateTree ( cst , st )
if err != nil {
return address . Undef , err
}
act , err := state . GetActor ( addr )
if err != nil {
return address . Undef , err
}
blk , err := bv . chain . Blockstore ( ) . Get ( act . Head )
if err != nil {
return address . Undef , err
}
aso := blk . RawData ( )
var mst miner . State
err = mst . UnmarshalCBOR ( bytes . NewReader ( aso ) )
if err != nil {
return address . Undef , err
}
worker := mst . Info . Worker
2020-05-12 18:13:30 +00:00
key , err = bv . stmgr . ResolveToKeyAddress ( ctx , worker , ts )
2020-05-12 18:05:29 +00:00
if err != nil {
return address . Undef , err
}
2020-05-12 18:13:30 +00:00
bv . mx . Lock ( )
bv . keycache [ addr . String ( ) ] = key
bv . mx . Unlock ( )
2020-05-12 18:05:29 +00:00
return key , nil
}
2020-02-17 05:51:18 +00:00
type blockReceiptCache struct {
blocks * lru . TwoQueueCache
}
func newBlockReceiptCache ( ) * blockReceiptCache {
c , _ := lru . New2Q ( 8192 )
return & blockReceiptCache {
blocks : c ,
}
}
func ( brc * blockReceiptCache ) add ( bcid cid . Cid ) int {
val , ok := brc . blocks . Get ( bcid )
if ! ok {
brc . blocks . Add ( bcid , int ( 1 ) )
return 0
}
brc . blocks . Add ( bcid , val . ( int ) + 1 )
return val . ( int )
}
2020-02-28 01:39:07 +00:00
type MessageValidator struct {
mpool * messagepool . MessagePool
}
func NewMessageValidator ( mp * messagepool . MessagePool ) * MessageValidator {
return & MessageValidator { mp }
}
2020-05-05 13:35:03 +00:00
func ( mv * MessageValidator ) Validate ( ctx context . Context , pid peer . ID , msg * pubsub . Message ) pubsub . ValidationResult {
2020-03-02 00:57:16 +00:00
stats . Record ( ctx , metrics . MessageReceived . M ( 1 ) )
2020-02-28 01:39:07 +00:00
m , err := types . DecodeSignedMessage ( msg . Message . GetData ( ) )
if err != nil {
log . Warnf ( "failed to decode incoming message: %s" , err )
2020-03-02 00:57:16 +00:00
ctx , _ = tag . New ( ctx , tag . Insert ( metrics . FailureType , "decode" ) )
stats . Record ( ctx , metrics . MessageValidationFailure . M ( 1 ) )
2020-05-05 13:35:03 +00:00
return pubsub . ValidationReject
2020-02-28 01:39:07 +00:00
}
if err := mv . mpool . Add ( m ) ; err != nil {
2020-03-01 04:15:02 +00:00
log . Debugf ( "failed to add message from network to message pool (From: %s, To: %s, Nonce: %d, Value: %s): %s" , m . Message . From , m . Message . To , m . Message . Nonce , types . FIL ( m . Message . Value ) , err )
2020-03-02 00:26:09 +00:00
ctx , _ = tag . New (
ctx ,
2020-03-02 00:57:16 +00:00
tag . Insert ( metrics . FailureType , "add" ) ,
2020-03-02 00:26:09 +00:00
)
2020-03-02 00:57:16 +00:00
stats . Record ( ctx , metrics . MessageValidationFailure . M ( 1 ) )
2020-05-05 13:35:03 +00:00
if xerrors . Is ( err , messagepool . ErrBroadcastAnyway ) {
return pubsub . ValidationAccept
}
2020-05-05 14:12:06 +00:00
return pubsub . ValidationIgnore
2020-02-28 01:39:07 +00:00
}
2020-03-02 00:57:16 +00:00
stats . Record ( ctx , metrics . MessageValidationSuccess . M ( 1 ) )
2020-05-05 13:35:03 +00:00
return pubsub . ValidationAccept
2020-02-28 01:39:07 +00:00
}
2019-12-01 23:11:43 +00:00
func HandleIncomingMessages ( ctx context . Context , mpool * messagepool . MessagePool , msub * pubsub . Subscription ) {
2019-07-08 14:07:09 +00:00
for {
2020-02-28 01:39:07 +00:00
_ , err := msub . Next ( ctx )
2019-07-08 14:07:09 +00:00
if err != nil {
2019-09-17 14:23:08 +00:00
log . Warn ( "error from message subscription: " , err )
if ctx . Err ( ) != nil {
log . Warn ( "quitting HandleIncomingMessages loop" )
return
}
2019-07-08 14:07:09 +00:00
continue
}
2020-02-28 01:39:07 +00:00
// Do nothing... everything happens in validate
2019-07-08 14:07:09 +00:00
}
}