fuzz: extend ConsumeNetAddr() to return I2P and CJDNS addresses #26859
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsNo conflicts as of last run. |
0c8daaf to
46a7c30
Compare
|
|
mzumsande
left a comment
There was a problem hiding this comment.
Concept ACK
It would be good to also update the netaddress fuzz target with the added networks. At the minimum, we could check / assert IsI2P() for Network::NET_I2P there, maybe we could also assert that addresses from Tor, I2P and CJDNS are always valid, which I believe is guaranteed by the creation process?
46a7c30 to
74fea1e
Compare
|
|
|
Don't merge this before the problems it uncovered are fixed by #27071 (the CI is failing anyway). |
|
Concept ACK. Reviewed prerequisite PR #27071. |
|
Concept ACK |
74fea1e to
8acdbb5
Compare
|
This PR extends the tests which uncovers a bug. The CI will likely fail due to that bug. The fix of the bug is pending review at #27071. |
0e6f6eb net: remove unused CConnman::FindNode(const CSubNet&) (Vasil Dimov) 9482cb7 netbase: possibly change the result of LookupSubNet() to CJDNS (Vasil Dimov) 53afa68 net: move MaybeFlipIPv6toCJDNS() from net to netbase (Vasil Dimov) 6e30865 net: move IsReachable() code to netbase and encapsulate it (Vasil Dimov) c42ded3 fuzz: ConsumeNetAddr(): avoid IPv6 addresses that look like CJDNS (Vasil Dimov) 64d6f77 net: put CJDNS prefix byte in a constant (Vasil Dimov) Pull request description: `LookupSubNet()` would treat addresses that start with `fc` as IPv6 even if `-cjdnsreachable` is set. This creates the following problems where it is called: * `NetWhitelistPermissions::TryParse()`: otherwise `-whitelist=` fails to white list CJDNS addresses: when a CJDNS peer connects to us, it will be matched against IPv6 `fc...` subnet and the match will never succeed. * `BanMapFromJson()`: CJDNS bans are stored as just IPv6 addresses in `banlist.json`. Upon reading from disk they have to be converted back to CJDNS, otherwise, after restart, a ban entry like (`fc00::1`, IPv6) would not match a peer (`fc00::1`, CJDNS). * `RPCConsole::unbanSelectedNode()`: in the GUI the ban entries go through `CSubNet::ToString()` and back via `LookupSubNet()`. Then it must match whatever is stored in `BanMan`, otherwise it is impossible to unban via the GUI. These were uncovered by bitcoin/bitcoin#26859. Thus, flip the result of `LookupSubNet()` to CJDNS if the network base address starts with `fc` and `-cjdnsreachable` is set. Since subnetting/masking does not make sense for CJDNS (the address is "random" bytes, like Tor and I2P, there is no hierarchy) treat `fc.../mask` as an invalid `CSubNet`. To achieve that, `MaybeFlipIPv6toCJDNS()` has to be moved from `net` to `netbase` and thus also `IsReachable()`. In the process of moving `IsReachable()`, `SetReachable()` and `vfLimited[]` encapsulate those in a class. ACKs for top commit: jonatack: Code review ACK 0e6f6eb achow101: ACK 0e6f6eb mzumsande: re-ACK 0e6f6eb Tree-SHA512: 4767a60dc882916de4c8b110ce8de208ff3f58daaa0b560e6547d72e604d07c4157e72cf98b237228310fc05c0a3922f446674492e2ba02e990a272d288bd566
8acdbb5 to
722fdf1
Compare
|
|
|
To reproduce: @mzumsande, right! What about this fix ( --- i/src/test/fuzz/banman.cpp
+++ w/src/test/fuzz/banman.cpp
@@ -67,18 +67,20 @@ FUZZ_TARGET(banman, .init = initialize_banman)
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 300)
{
CallOneOf(
fuzzed_data_provider,
[&] {
CNetAddr net_addr{ConsumeNetAddr(fuzzed_data_provider)};
+ if (!net_addr.IsCJDNS()) {
const std::optional<CNetAddr>& addr{LookupHost(net_addr.ToStringAddr(), /*fAllowLookup=*/false
if (addr.has_value() && addr->IsValid()) {
net_addr = *addr;
} else {
contains_invalid = true;
}
+ }
ban_man.Ban(net_addr, ConsumeBanTimeOffset(fuzzed_data_provider), fuzzed_data_provider.ConsumeBool
},
[&] {
CSubNet subnet{ConsumeSubNet(fuzzed_data_provider)}; |
|
Concept ACK |
|
Sounds good to me. I didn't check the code yet but is the CJDNS address from |
In the process of doing so, refactor `ConsumeNetAddr()` to generate the addresses from IPv4, IPv6, Tor, I2P and CJDNS networks in the same way - by preparing some random stream and deserializing from it. Similar code was already found in `RandAddr()`.
790f0cb to
b851c53
Compare
|
Yes, I think so. Anyway, for safety wrt future changes I added |
|
ACK b851c53 |
| /** | ||
| * BIP155 network ids recognized by this software. | ||
| */ | ||
| enum BIP155Network : uint8_t { |
There was a problem hiding this comment.
Nice, making BIP155Network a public enum facilitates updating #27385.
In the process of doing so, refactor
ConsumeNetAddr()to generate the addresses from IPv4, IPv6, Tor, I2P and CJDNS networks in the same way - by preparing some random stream and deserializing from it. Similar code was already found inRandAddr().