perf(p2p/conn): Use a read buffer on the secret connection#3419
perf(p2p/conn): Use a read buffer on the secret connection#3419
Conversation
| {"share bad ethimeral key", newEvilConn(true, true, false, false), func(err error) bool { return assert.Contains(t, err.Error(), "wrong wireType") }}, | ||
| {"refuse to share auth signature", newEvilConn(true, false, false, false), func(err error) bool { return errors.Is(err, io.EOF) }}, | ||
| {"share bad auth signature", newEvilConn(true, false, true, true), func(err error) bool { return errors.As(err, &ErrDecryptFrame{}) }}, | ||
| {"all good", newEvilConn(true, false, true, false), func(err error) bool { return err == nil }}, |
There was a problem hiding this comment.
I have spent over 12 hours attempting to fix this test, and it is incredibly complicated to do so. (The hardest test change out of everything I've done in comment) I do not think its worth investing in fixing the test.
And this is because this is mocking an invalid secret connection, and then a "final check" that we mocked the whole evil secret connection correctly. Which involves simulating all reads/writes to something internal.
After talking with @zmanian we both think this test is unneeded. This test is basically testing an evil secret connection peer, who sent bad signatures /deviated from protocol could not authenticate. We check the exact error at every step, so we are still matching every error case. So it seems fine to delete the test that the evil secret connection mocking, would work for the full connection.
We test that good handshakes complete in many ways (All E2E tests, other secret connection tests, many switch tests, etc) I have also tested this on mainnet on multiple occasions.
There was a problem hiding this comment.
cc @melekes if this sounds good to you. Your the one who wrote this set of tests!
There was a problem hiding this comment.
The produced error, which should be nil is:
SecretConnection: failed to decrypt the frame: chacha20poly1305: message authentication failed
There was a problem hiding this comment.
It is produced here:
cometbft/p2p/conn/secret_connection.go
Line 437 in 033f7bb
There was a problem hiding this comment.
Anyway, do you mind commenting this line out instead of removing it? And put a comment "fails with the introduction of changes PR #3419"?
There was a problem hiding this comment.
It's okay to comment out the test.
|
This is an improvement, but not nearly as good as the write buffer. Encryption open time vs IO.Read time So an ~8% speedup? |
cason
left a comment
There was a problem hiding this comment.
Ok with the changes, buffering is good in general.
| {"share bad ethimeral key", newEvilConn(true, true, false, false), func(err error) bool { return assert.Contains(t, err.Error(), "wrong wireType") }}, | ||
| {"refuse to share auth signature", newEvilConn(true, false, false, false), func(err error) bool { return errors.Is(err, io.EOF) }}, | ||
| {"share bad auth signature", newEvilConn(true, false, true, true), func(err error) bool { return errors.As(err, &ErrDecryptFrame{}) }}, | ||
| {"all good", newEvilConn(true, false, true, false), func(err error) bool { return err == nil }}, |
There was a problem hiding this comment.
The produced error, which should be nil is:
SecretConnection: failed to decrypt the frame: chacha20poly1305: message authentication failed
| {"share bad ethimeral key", newEvilConn(true, true, false, false), func(err error) bool { return assert.Contains(t, err.Error(), "wrong wireType") }}, | ||
| {"refuse to share auth signature", newEvilConn(true, false, false, false), func(err error) bool { return errors.Is(err, io.EOF) }}, | ||
| {"share bad auth signature", newEvilConn(true, false, true, true), func(err error) bool { return errors.As(err, &ErrDecryptFrame{}) }}, | ||
| {"all good", newEvilConn(true, false, true, false), func(err error) bool { return err == nil }}, |
There was a problem hiding this comment.
It is produced here:
cometbft/p2p/conn/secret_connection.go
Line 437 in 033f7bb
| {"share bad ethimeral key", newEvilConn(true, true, false, false), func(err error) bool { return assert.Contains(t, err.Error(), "wrong wireType") }}, | ||
| {"refuse to share auth signature", newEvilConn(true, false, false, false), func(err error) bool { return errors.Is(err, io.EOF) }}, | ||
| {"share bad auth signature", newEvilConn(true, false, true, true), func(err error) bool { return errors.As(err, &ErrDecryptFrame{}) }}, | ||
| {"all good", newEvilConn(true, false, true, false), func(err error) bool { return err == nil }}, |
There was a problem hiding this comment.
Anyway, do you mind commenting this line out instead of removing it? And put a comment "fails with the introduction of changes PR #3419"?
and comment it out
|
@mergify backport v1.x |
✅ Backports have been createdDetails
|
Closes #3198 Similar to #3346 , buffers the secret connection reads. This is a notable savings to CPU time. (25% of recvRoutine time, on Osmosis' version) --- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments - [x] Title follows the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) spec --------- Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com> (cherry picked from commit e1eabe0) # Conflicts: # p2p/conn/evil_secret_connection_test.go
…3419) (#3489) Closes #3198 Similar to #3346 , buffers the secret connection reads. This is a notable savings to CPU time. (25% of recvRoutine time, on Osmosis' version) --- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments - [x] Title follows the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) spec <hr>This is an automatic backport of pull request #3419 done by [Mergify](https://mergify.com). --------- Co-authored-by: Dev Ojha <ValarDragon@users.noreply.github.com> Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
Closes #3198 Similar to #3346 , buffers the secret connection reads. This is a notable savings to CPU time. (25% of recvRoutine time, on Osmosis' version) --- - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments - [x] Title follows the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) spec --------- Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
Closes #3198 Similar to #3346 , buffers the secret connection reads. This is a notable savings to CPU time. (25% of recvRoutine time, on Osmosis' version) --- - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments - [x] Title follows the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) spec --------- Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
Closes #3198
Similar to #3346 , buffers the secret connection reads. This is a notable savings to CPU time. (25% of recvRoutine time, on Osmosis' version)
PR checklist
.changelog(we use unclog to manage our changelog)docs/orspec/) and code comments