netcraft
/
litecoin
mirror of https://github.com/litecoin-project/litecoin
6
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '201a4596d9'
${ noResults }
litecoin/test/functional/p2p_invalid_messages.py

177 lines
7.3 KiB
Raw Normal View History Unescape

tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
#!/usr/bin/env python3
scripted-diff: Bump copyright headers -BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
5 years ago
# Copyright (c) 2015-2020 The Bitcoin Core developers
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
# Distributed under the MIT software license, see the accompanying
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
"""Test node responses to invalid network messages."""
Test buffered valid message A message can be broken across two buffers, with the split inside its header. Usually this will occur when sending many messages, such that the first buffer fills. This test uses the RPC to verify that the message is actually being received in two pieces. There is a very rare chance of a race condition where the test framework sends a message in between the two halves of the message under test. In this case the peer will almost certainly disconnect and the test will fail. An assert has been added to help debugging that rare case.
4 years ago
test: explicit imports from test_framework.messages in p2p_invalid_messages.py
5 years ago
from test_framework.messages import (
CBlockHeader,
CInv,
test: hoist p2p values to test framework constants
4 years ago
MAX_HEADERS_RESULTS,
MAX_INV_SIZE,
MAX_PROTOCOL_MESSAGE_LENGTH,
test: explicit imports from test_framework.messages in p2p_invalid_messages.py
5 years ago
msg_getdata,
msg_headers,
msg_inv,
Test buffered valid message A message can be broken across two buffers, with the split inside its header. Usually this will occur when sending many messages, such that the first buffer fills. This test uses the RPC to verify that the message is actually being received in two pieces. There is a very rare chance of a race condition where the test framework sends a message in between the two halves of the message under test. In this case the peer will almost certainly disconnect and the test will fail. An assert has been added to help debugging that rare case.
4 years ago
msg_ping,
test: explicit imports from test_framework.messages in p2p_invalid_messages.py
5 years ago
MSG_TX,
ser_string,
)
scripted-diff: Rename mininode to p2p -BEGIN VERIFY SCRIPT- sed -i 's/\.mininode/\.p2p/g' $(git grep -l "mininode") git mv test/functional/test_framework/mininode.py test/functional/test_framework/p2p.py -END VERIFY SCRIPT-
4 years ago
from test_framework.p2p import (
test: Add various low-level p2p tests
5 years ago
P2PDataStore,
P2PInterface,
)
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
from test_framework.test_framework import BitcoinTestFramework
test: Check that invalid peer traffic is accounted for
4 years ago
from test_framework.util import assert_equal
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
test: hoist p2p values to test framework constants
4 years ago
VALID_DATA_LIMIT = MAX_PROTOCOL_MESSAGE_LENGTH - 5 # Account for the 5-byte length prefix
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
test: Check that invalid peer traffic is accounted for
4 years ago
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
class msg_unrecognized:
"""Nonsensical message. Modeled after similar types in test_framework.messages."""
scripted-diff: test: replace command with msgtype This is the functional test framework pendant for 7777e3624fabe4718675b2be8b088697b7ad4d0d, which renamed "strCommand" with "msg_type" in the network processing code. -BEGIN VERIFY SCRIPT- # Rename in test framework sed -i 's/command/msgtype/g' ./test/functional/test_framework/messages.py ./test/functional/test_framework/mininode.py # Rename in individual tests sed -i 's/command/msgtype/g' ./test/functional/p2p_invalid_messages.py ./test/functional/p2p_leak.py -END VERIFY SCRIPT-
5 years ago
msgtype = b'badmsg'
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
qa: Add tests for invalid message headers
6 years ago
def __init__(self, *, str_data):
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
self.str_data = str_data.encode() if not isinstance(str_data, bytes) else str_data
def serialize(self):
test: explicit imports from test_framework.messages in p2p_invalid_messages.py
5 years ago
return ser_string(self.str_data)
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
def __repr__(self):
scripted-diff: test: replace command with msgtype This is the functional test framework pendant for 7777e3624fabe4718675b2be8b088697b7ad4d0d, which renamed "strCommand" with "msg_type" in the network processing code. -BEGIN VERIFY SCRIPT- # Rename in test framework sed -i 's/command/msgtype/g' ./test/functional/test_framework/messages.py ./test/functional/test_framework/mininode.py # Rename in individual tests sed -i 's/command/msgtype/g' ./test/functional/p2p_invalid_messages.py ./test/functional/p2p_leak.py -END VERIFY SCRIPT-
5 years ago
return "{}(data={})".format(self.msgtype, self.str_data)
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
class InvalidMessagesTest(BitcoinTestFramework):
def set_test_params(self):
self.num_nodes = 1
self.setup_clean_chain = True
def run_test(self):
Test buffered valid message A message can be broken across two buffers, with the split inside its header. Usually this will occur when sending many messages, such that the first buffer fills. This test uses the RPC to verify that the message is actually being received in two pieces. There is a very rare chance of a race condition where the test framework sends a message in between the two halves of the message under test. In this case the peer will almost certainly disconnect and the test will fail. An assert has been added to help debugging that rare case.
4 years ago
self.test_buffer()
qa: Add tests for invalid message headers
6 years ago
self.test_magic_bytes()
self.test_checksum()
self.test_size()
scripted-diff: test: replace command with msgtype This is the functional test framework pendant for 7777e3624fabe4718675b2be8b088697b7ad4d0d, which renamed "strCommand" with "msg_type" in the network processing code. -BEGIN VERIFY SCRIPT- # Rename in test framework sed -i 's/command/msgtype/g' ./test/functional/test_framework/messages.py ./test/functional/test_framework/mininode.py # Rename in individual tests sed -i 's/command/msgtype/g' ./test/functional/p2p_invalid_messages.py ./test/functional/p2p_leak.py -END VERIFY SCRIPT-
5 years ago
self.test_msgtype()
test: refactor test_large_inv() into 3 tests with common method
4 years ago
self.test_oversized_inv_msg()
self.test_oversized_getdata_msg()
self.test_oversized_headers_msg()
Refactor resource exhaustion test This is a simple refactor of the specified test. It is now brought in line with the rest of the tests in the module. This should make things easier to debug, as all of the tests are now grouped together at the top.
5 years ago
self.test_resource_exhaustion()
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
Test buffered valid message A message can be broken across two buffers, with the split inside its header. Usually this will occur when sending many messages, such that the first buffer fills. This test uses the RPC to verify that the message is actually being received in two pieces. There is a very rare chance of a race condition where the test framework sends a message in between the two halves of the message under test. In this case the peer will almost certainly disconnect and the test will fail. An assert has been added to help debugging that rare case.
4 years ago
def test_buffer(self):
test: add p2p_invalid_messages logging
4 years ago
self.log.info("Test message with header split across two buffers is received")
Test buffered valid message A message can be broken across two buffers, with the split inside its header. Usually this will occur when sending many messages, such that the first buffer fills. This test uses the RPC to verify that the message is actually being received in two pieces. There is a very rare chance of a race condition where the test framework sends a message in between the two halves of the message under test. In this case the peer will almost certainly disconnect and the test will fail. An assert has been added to help debugging that rare case.
4 years ago
conn = self.nodes[0].add_p2p_connection(P2PDataStore())
# Create valid message
msg = conn.build_message(msg_ping(nonce=12345))
test: Remove confusing cast to same type (int to int)
4 years ago
cut_pos = 12 # Chosen at an arbitrary position within the header
Test buffered valid message A message can be broken across two buffers, with the split inside its header. Usually this will occur when sending many messages, such that the first buffer fills. This test uses the RPC to verify that the message is actually being received in two pieces. There is a very rare chance of a race condition where the test framework sends a message in between the two halves of the message under test. In this case the peer will almost certainly disconnect and the test will fail. An assert has been added to help debugging that rare case.
4 years ago
# Send message in two pieces
test: Remove confusing cast to same type (int to int)
4 years ago
before = self.nodes[0].getnettotals()['totalbytesrecv']
Test buffered valid message A message can be broken across two buffers, with the split inside its header. Usually this will occur when sending many messages, such that the first buffer fills. This test uses the RPC to verify that the message is actually being received in two pieces. There is a very rare chance of a race condition where the test framework sends a message in between the two halves of the message under test. In this case the peer will almost certainly disconnect and the test will fail. An assert has been added to help debugging that rare case.
4 years ago
conn.send_raw_message(msg[:cut_pos])
# Wait until node has processed the first half of the message
test: Remove confusing cast to same type (int to int)
4 years ago
self.wait_until(lambda: self.nodes[0].getnettotals()['totalbytesrecv'] != before)
middle = self.nodes[0].getnettotals()['totalbytesrecv']
Test buffered valid message A message can be broken across two buffers, with the split inside its header. Usually this will occur when sending many messages, such that the first buffer fills. This test uses the RPC to verify that the message is actually being received in two pieces. There is a very rare chance of a race condition where the test framework sends a message in between the two halves of the message under test. In this case the peer will almost certainly disconnect and the test will fail. An assert has been added to help debugging that rare case.
4 years ago
# If this assert fails, we've hit an unlikely race
# where the test framework sent a message in between the two halves
assert_equal(middle, before + cut_pos)
conn.send_raw_message(msg[cut_pos:])
conn.sync_with_ping(timeout=1)
self.nodes[0].disconnect_p2ps()
qa: Add tests for invalid message headers
6 years ago
def test_magic_bytes(self):
test: add p2p_invalid_messages logging
4 years ago
self.log.info("Test message with invalid magic bytes disconnects peer")
qa: Add tests for invalid message headers
6 years ago
conn = self.nodes[0].add_p2p_connection(P2PDataStore())
Remove header checks out of net_processing This moves header size and netmagic checking out of net_processing and into net. This check now runs in ReadHeader, so that net can exit early out of receiving bytes from the peer. IsValid is now slimmed down, so it no longer needs a MessageStartChars& parameter. Additionally this removes the rest of the m_valid_* members from CNetMessage.
5 years ago
with self.nodes[0].assert_debug_log(['HEADER ERROR - MESSAGESTART (badmsg, 2 bytes), received ffffffff']):
[tests] Don't import asyncio to test magic bytes
4 years ago
msg = conn.build_message(msg_unrecognized(str_data="d"))
# modify magic bytes
msg = b'\xff' * 4 + msg[4:]
conn.send_raw_message(msg)
qa: Add tests for invalid message headers
6 years ago
conn.wait_for_disconnect(timeout=1)
test: improve msg sends and p2p disconnections in p2p_invalid_messages - call disconnect_p2ps() outside of the assert_debug_log scopes - send messages directly from the p2p conn rather than via nodes[0].p2p - add an assertion
4 years ago
self.nodes[0].disconnect_p2ps()
qa: Add tests for invalid message headers
6 years ago
def test_checksum(self):
test: add p2p_invalid_messages logging
4 years ago
self.log.info("Test message with invalid checksum logs an error")
qa: Add tests for invalid message headers
6 years ago
conn = self.nodes[0].add_p2p_connection(P2PDataStore())
Refactor: split network transport deserializing from message container
6 years ago
with self.nodes[0].assert_debug_log(['CHECKSUM ERROR (badmsg, 2 bytes), expected 78df0a04 was ffffffff']):
qa: Add tests for invalid message headers
6 years ago
msg = conn.build_message(msg_unrecognized(str_data="d"))
[tests] Don't import asyncio to test magic bytes
4 years ago
# Checksum is after start bytes (4B), message type (12B), len (4B)
cut_len = 4 + 12 + 4
qa: Add tests for invalid message headers
6 years ago
# modify checksum
msg = msg[:cut_len] + b'\xff' * 4 + msg[cut_len + 4:]
test: improve msg sends and p2p disconnections in p2p_invalid_messages - call disconnect_p2ps() outside of the assert_debug_log scopes - send messages directly from the p2p conn rather than via nodes[0].p2p - add an assertion
4 years ago
conn.send_raw_message(msg)
qa: Add tests for invalid message headers
6 years ago
conn.sync_with_ping(timeout=1)
test: Check that invalid peer traffic is accounted for
4 years ago
# Check that traffic is accounted for (24 bytes header + 2 bytes payload)
assert_equal(self.nodes[0].getpeerinfo()[0]['bytesrecv_per_msg']['*other*'], 26)
test: improve msg sends and p2p disconnections in p2p_invalid_messages - call disconnect_p2ps() outside of the assert_debug_log scopes - send messages directly from the p2p conn rather than via nodes[0].p2p - add an assertion
4 years ago
self.nodes[0].disconnect_p2ps()
qa: Add tests for invalid message headers
6 years ago
def test_size(self):
test: add p2p_invalid_messages logging
4 years ago
self.log.info("Test message with oversized payload disconnects peer")
qa: Add tests for invalid message headers
6 years ago
conn = self.nodes[0].add_p2p_connection(P2PDataStore())
Remove header checks out of net_processing This moves header size and netmagic checking out of net_processing and into net. This check now runs in ReadHeader, so that net can exit early out of receiving bytes from the peer. IsValid is now slimmed down, so it no longer needs a MessageStartChars& parameter. Additionally this removes the rest of the m_valid_* members from CNetMessage.
5 years ago
with self.nodes[0].assert_debug_log(['HEADER ERROR - SIZE (badmsg, 4000001 bytes)']):
[tests] Don't import asyncio to test magic bytes
4 years ago
msg = msg_unrecognized(str_data="d" * (VALID_DATA_LIMIT + 1))
Fix "invalid message size" test This test originally made a message with an invalid stated length, and an invalid checksum. This was because only the header was changed, but the checksum stayed the same. This was fine for now because we check the header first to see if it has a valid stated size, and we disconnect if it does not, so we never end up checking for the checksum. If this behavior was to change, this test would become a problem. (Indeed I discovered this when playing around with this behavior). By instead creating a message with an oversized payload from the start, we create a message with an invalid stated length but a valid checksum, as intended. Additionally, this takes advantage to the newly module-global VALID_DATA_LIMIT as opposed to the magic 0x02000000. Yes, 4MB < 32MiB, but at the moment when receiving a message we check both, so this makes the test tighter.
5 years ago
msg = conn.build_message(msg)
test: improve msg sends and p2p disconnections in p2p_invalid_messages - call disconnect_p2ps() outside of the assert_debug_log scopes - send messages directly from the p2p conn rather than via nodes[0].p2p - add an assertion
4 years ago
conn.send_raw_message(msg)
qa: Add tests for invalid message headers
6 years ago
conn.wait_for_disconnect(timeout=1)
test: improve msg sends and p2p disconnections in p2p_invalid_messages - call disconnect_p2ps() outside of the assert_debug_log scopes - send messages directly from the p2p conn rather than via nodes[0].p2p - add an assertion
4 years ago
self.nodes[0].disconnect_p2ps()
qa: Add tests for invalid message headers
6 years ago
scripted-diff: test: replace command with msgtype This is the functional test framework pendant for 7777e3624fabe4718675b2be8b088697b7ad4d0d, which renamed "strCommand" with "msg_type" in the network processing code. -BEGIN VERIFY SCRIPT- # Rename in test framework sed -i 's/command/msgtype/g' ./test/functional/test_framework/messages.py ./test/functional/test_framework/mininode.py # Rename in individual tests sed -i 's/command/msgtype/g' ./test/functional/p2p_invalid_messages.py ./test/functional/p2p_leak.py -END VERIFY SCRIPT-
5 years ago
def test_msgtype(self):
test: add p2p_invalid_messages logging
4 years ago
self.log.info("Test message with invalid message type logs an error")
qa: Add tests for invalid message headers
6 years ago
conn = self.nodes[0].add_p2p_connection(P2PDataStore())
Remove header checks out of net_processing This moves header size and netmagic checking out of net_processing and into net. This check now runs in ReadHeader, so that net can exit early out of receiving bytes from the peer. IsValid is now slimmed down, so it no longer needs a MessageStartChars& parameter. Additionally this removes the rest of the m_valid_* members from CNetMessage.
5 years ago
with self.nodes[0].assert_debug_log(['HEADER ERROR - COMMAND']):
qa: Add tests for invalid message headers
6 years ago
msg = msg_unrecognized(str_data="d")
msg = conn.build_message(msg)
scripted-diff: test: replace command with msgtype This is the functional test framework pendant for 7777e3624fabe4718675b2be8b088697b7ad4d0d, which renamed "strCommand" with "msg_type" in the network processing code. -BEGIN VERIFY SCRIPT- # Rename in test framework sed -i 's/command/msgtype/g' ./test/functional/test_framework/messages.py ./test/functional/test_framework/mininode.py # Rename in individual tests sed -i 's/command/msgtype/g' ./test/functional/p2p_invalid_messages.py ./test/functional/p2p_leak.py -END VERIFY SCRIPT-
5 years ago
# Modify msgtype
qa: Add tests for invalid message headers
6 years ago
msg = msg[:7] + b'\x00' + msg[7 + 1:]
test: improve msg sends and p2p disconnections in p2p_invalid_messages - call disconnect_p2ps() outside of the assert_debug_log scopes - send messages directly from the p2p conn rather than via nodes[0].p2p - add an assertion
4 years ago
conn.send_raw_message(msg)
qa: Add tests for invalid message headers
6 years ago
conn.sync_with_ping(timeout=1)
test: Check that invalid peer traffic is accounted for
4 years ago
# Check that traffic is accounted for (24 bytes header + 2 bytes payload)
assert_equal(self.nodes[0].getpeerinfo()[0]['bytesrecv_per_msg']['*other*'], 26)
test: improve msg sends and p2p disconnections in p2p_invalid_messages - call disconnect_p2ps() outside of the assert_debug_log scopes - send messages directly from the p2p conn rather than via nodes[0].p2p - add an assertion
4 years ago
self.nodes[0].disconnect_p2ps()
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
test: refactor test_large_inv() into 3 tests with common method
4 years ago
def test_oversized_msg(self, msg, size):
msg_type = msg.msgtype.decode('ascii')
self.log.info("Test {} message of size {} is logged as misbehaving".format(msg_type, size))
with self.nodes[0].assert_debug_log(['Misbehaving', '{} message size = {}'.format(msg_type, size)]):
self.nodes[0].add_p2p_connection(P2PInterface()).send_and_ping(msg)
test: Add various low-level p2p tests
5 years ago
self.nodes[0].disconnect_p2ps()
test: refactor test_large_inv() into 3 tests with common method
4 years ago
def test_oversized_inv_msg(self):
test: hoist p2p values to test framework constants
4 years ago
size = MAX_INV_SIZE + 1
self.test_oversized_msg(msg_inv([CInv(MSG_TX, 1)] * size), size)
test: refactor test_large_inv() into 3 tests with common method
4 years ago
def test_oversized_getdata_msg(self):
test: hoist p2p values to test framework constants
4 years ago
size = MAX_INV_SIZE + 1
self.test_oversized_msg(msg_getdata([CInv(MSG_TX, 1)] * size), size)
test: refactor test_large_inv() into 3 tests with common method
4 years ago
def test_oversized_headers_msg(self):
test: hoist p2p values to test framework constants
4 years ago
size = MAX_HEADERS_RESULTS + 1
self.test_oversized_msg(msg_headers([CBlockHeader()] * size), size)
test: refactor test_large_inv() into 3 tests with common method
4 years ago
Refactor resource exhaustion test This is a simple refactor of the specified test. It is now brought in line with the rest of the tests in the module. This should make things easier to debug, as all of the tests are now grouped together at the top.
5 years ago
def test_resource_exhaustion(self):
test: add p2p_invalid_messages logging
4 years ago
self.log.info("Test node stays up despite many large junk messages")
Refactor resource exhaustion test This is a simple refactor of the specified test. It is now brought in line with the rest of the tests in the module. This should make things easier to debug, as all of the tests are now grouped together at the top.
5 years ago
conn = self.nodes[0].add_p2p_connection(P2PDataStore())
conn2 = self.nodes[0].add_p2p_connection(P2PDataStore())
msg_at_size = msg_unrecognized(str_data="b" * VALID_DATA_LIMIT)
test: hoist p2p values to test framework constants
4 years ago
assert len(msg_at_size.serialize()) == MAX_PROTOCOL_MESSAGE_LENGTH
Refactor resource exhaustion test This is a simple refactor of the specified test. It is now brought in line with the rest of the tests in the module. This should make things easier to debug, as all of the tests are now grouped together at the top.
5 years ago
test: add p2p_invalid_messages logging
4 years ago
self.log.info("(a) Send 80 messages, each of maximum valid data size (4MB)")
Refactor resource exhaustion test This is a simple refactor of the specified test. It is now brought in line with the rest of the tests in the module. This should make things easier to debug, as all of the tests are now grouped together at the top.
5 years ago
for _ in range(80):
conn.send_message(msg_at_size)
# Check that, even though the node is being hammered by nonsense from one
# connection, it can still service other peers in a timely way.
test: add p2p_invalid_messages logging
4 years ago
self.log.info("(b) Check node still services peers in a timely way")
Refactor resource exhaustion test This is a simple refactor of the specified test. It is now brought in line with the rest of the tests in the module. This should make things easier to debug, as all of the tests are now grouped together at the top.
5 years ago
for _ in range(20):
conn2.sync_with_ping(timeout=2)
test: add p2p_invalid_messages logging
4 years ago
self.log.info("(c) Wait for node to drop junk messages, while remaining connected")
Refactor resource exhaustion test This is a simple refactor of the specified test. It is now brought in line with the rest of the tests in the module. This should make things easier to debug, as all of the tests are now grouped together at the top.
5 years ago
conn.sync_with_ping(timeout=400)
test: add p2p_invalid_messages logging
4 years ago
test: improve msg sends and p2p disconnections in p2p_invalid_messages - call disconnect_p2ps() outside of the assert_debug_log scopes - send messages directly from the p2p conn rather than via nodes[0].p2p - add an assertion
4 years ago
# Despite being served up a bunch of nonsense, the peers should still be connected.
Refactor resource exhaustion test This is a simple refactor of the specified test. It is now brought in line with the rest of the tests in the module. This should make things easier to debug, as all of the tests are now grouped together at the top.
5 years ago
assert conn.is_connected
test: improve msg sends and p2p disconnections in p2p_invalid_messages - call disconnect_p2ps() outside of the assert_debug_log scopes - send messages directly from the p2p conn rather than via nodes[0].p2p - add an assertion
4 years ago
assert conn2.is_connected
Refactor resource exhaustion test This is a simple refactor of the specified test. It is now brought in line with the rest of the tests in the module. This should make things easier to debug, as all of the tests are now grouped together at the top.
5 years ago
self.nodes[0].disconnect_p2ps()
tests: add tests for invalid P2P messages E.g., ensure that we can't DoS a node by sending it a bunch of large, unrecognized messages.
6 years ago
if __name__ == '__main__':
InvalidMessagesTest().main()