Skip to content

Add gossip ban and rate limit policy#1263

Open
jjyr wants to merge 50 commits intonervosnetwork:developfrom
jjyr:fnn-gossip-ban-rate-limit
Open

Add gossip ban and rate limit policy#1263
jjyr wants to merge 50 commits intonervosnetwork:developfrom
jjyr:fnn-gossip-ban-rate-limit

Conversation

@jjyr
Copy link
Copy Markdown
Collaborator

@jjyr jjyr commented Apr 9, 2026
edited
Loading

This PR require #1217

Summary

This PR adds a gossip policy that temporarily bans misbehaving non-channel peers and rate-
limits gossip traffic to reduce spam, protect sync, and limit abuse.

Changes

  • add GossipPolicyConfig under FiberConfig as gossip_policy
  • add in-memory gossip scoring and 10-minute temporary bans for non-channel peers
  • add outbound gossip rate limiting at both global and per-peer levels
  • add inbound channel update rate limiting
  • add delayed outbound gossip delivery with per-peer queues
  • add tests for ban tracking, rate limiting, delayed sends, and related gossip flows

View diff

jjyr added 30 commits March 11, 2026 09:24
@jjyr
fix: add backoff reconnect for disconnected peers with active channels
a1605c7
@jjyr
test: replace fixed 30s sleep with state-based wait
234cd42
@jjyr
fix: clone peer_id in dialer error handling
84d447a
@jjyr
chore: resolve rebase conflicts and fix reconnect tests
147a000
@jjyr
test: extend ring restart wait timeout
95d6dda
@jjyr
fix: adapt reconnect branch to upstream pubkey helpers
f264a59
@jjyr
fix: address reconnect review feedback
5f69acb
@jjyr
test: split channel restart stress tests
10ab5ae
@jjyr
fix: persist preimage for deferred remove tlc
7adce32
@jjyr
test: add failing self-mpp reconnect repro
3c42224
@jjyr
Merge branch 'origin/pr/ring-restart-clean' into refactor/channel-act…
10dfcfb 
…or-stop-start
@jjyr
test: remove obsolete self-mpp reconnect stress cases
ef44899
@jjyr
channel: keep live actors across disconnects
d749c2d
@jjyr
Fix reestablish TLC recovery and reconnect bookkeeping
bcad11e
@jjyr
chore: remove debug logging noise
d96d092
@jjyr
graph: restore first-hop failure tracking semantics
69978c0
@jjyr
network: stop persisting gossip update addresses
5002a51
@jjyr
chore: trim leftover test helpers and formatting drift
0ea9d76
@jjyr
channel: add connectivity online offline events
b5e8232
@jjyr
Add peer to channal map
e31fe5f
@jjyr
Fix tests
88fb68b
@jjyr
update .schema.json
1558bb5
@jjyr
Fix channel_restart_stress ci
02823bc
@jjyr
Merge upstream/develop into refactor/channel-actor-stop-start
3d5fb1a
@jjyr
Remove unused default
fdf47d0
@jjyr
Fix retain in loop
b454c01
@jjyr
Fix lifetime of peer_channels_map
9020ebf
@jjyr
Fix backoff get pubkey with peer_id
4e2cf73
@jjyr
keep outpoint_channel_map accross peer disconnect
504890d
@jjyr
remove sessions_map
f218cf1
jjyr added 20 commits March 24, 2026 14:56
@jjyr
Read channels_ids from peer_channel_index
6a213fc
@jjyr
Return UnknownNextPeer when channel is offline
ead8864
@jjyr
Remove ProcessingChannelError::ChannelReestablishing
8f3aa25
@jjyr
test: move peer reconnect stress test into its own module
fa3db4b
@jjyr
Restore ready channel actors offline on startup
263d81e
@jjyr
test: cover on-chain settlement channel lifecycle
4da2237
@jjyr
feat: keep closing channel actors alive for settlement
cedbd44
@jjyr
feat: restore closing channels through on-chain settlement on startup
51afb76
@jjyr
feat: move closed-channel settlement ownership into channel actor
bdf5111
@jjyr
refactor: remove network-owned closed-channel settlement fallback
5954df5
@jjyr
feat: finalize on-chain settlement channel lifecycle
4ad3e0c
@jjyr
fix: keep on-chain settlement actors alive for pending relay work
faf1c20
@jjyr
Unify offline channel actor restoration
621ff00
@jjyr
Merge upstream/develop into refactor/channel-actor-stop-start
dfa0bbd
@jjyr
Fix clippy
4bd0b1d
@jjyr
Fix tests
48db394
@jjyr
Add test-only peer reconnect backoff toggle
ac2db19
@jjyr
Remove tlc check when save pre_image
f38b310
@jjyr
Stop auto reconnect after manual disconnect peer
38e9417
@jjyr
Add rate limit and ban to gossip
bb976fa
@jjyr jjyr requested review from chenyukang, doitian and quake April 9, 2026 13:04
@jjyr jjyr marked this pull request as ready for review April 9, 2026 13:05
chenyukang
chenyukang reviewed Apr 9, 2026
View reviewed changes
Comment thread crates/fiber-lib/src/fiber/gossip.rs
))),
_ => Err(Error::InvalidParameter(format!(
"Channel announcement transaction {:?} not found or not confirmed, the reason is unknown",
Ok(response) => Err(Error::InvalidParameter(format!(
Copy link
Copy Markdown
Collaborator

@chenyukang chenyukang Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CkbRpcClient::get_transaction returns a successful response with tx_status Unknown, Pending, or Proposed when the funding tx is not committed yet. This branch still maps those statuses to InvalidParameter, so an honest peer can be scored or banned whenever our local chain view lags behind theirs. The defer path only handles transport errors; non-committed statuses should be deferred too.

chenyukang
chenyukang reviewed Apr 10, 2026
View reviewed changes
Comment thread crates/fiber-lib/src/fiber/gossip.rs

ExtendedGossipMessageStoreMessage::SaveMessages(peer, messages) => {
let now_ms = now_timestamp_as_millis_u64();
for message in messages {
Copy link
Copy Markdown
Collaborator

@chenyukang chenyukang Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for BroadcastMessage like ChannelUpdate, seems save latest message is more meanningful than old ones.
here when we reached a limit, we drop those new ones?
maybe it's not a big issue, since we add limit here for extreme scenarios....

Copy link
Copy Markdown
Collaborator Author

@jjyr jjyr Apr 10, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, it is for preventing the milicious attack, the regular gossip message shouldn't reach the limitation.

chenyukang
chenyukang reviewed Apr 10, 2026
View reviewed changes
Comment thread crates/fiber-lib/src/fiber/config.rs
@chenyukang chenyukang mentioned this pull request Apr 15, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chenyukang chenyukang chenyukang left review comments

@quake quake Awaiting requested review from quake

@doitian doitian Awaiting requested review from doitian

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jjyr @chenyukang