zebra-network 5.0.1

Networking code for Zebra
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325

//! Zcash `addrv2` message node address serialization.
//!
//! Zebra parses received IPv4 and IPv6 addresses in the [`AddrV2`] format.
//! But it ignores all other address types.
//!
//! Zebra never sends `addrv2` messages, because peers still accept `addr` (v1) messages.

use std::{
    io::Read,
    net::{IpAddr, SocketAddr},
};

use byteorder::{BigEndian, ReadBytesExt};
use thiserror::Error;

use zebra_chain::serialization::{
    zcash_deserialize_bytes_external_count, CompactSize64, CompactSizeMessage, DateTime32,
    SerializationError, TrustedPreallocate, ZcashDeserialize, ZcashDeserializeInto,
};

use crate::{meta_addr::MetaAddr, protocol::external::types::PeerServices, PeerSocketAddr};

use super::canonical_peer_addr;

#[cfg(any(test, feature = "proptest-impl"))]
use proptest_derive::Arbitrary;

#[cfg(test)]
use byteorder::WriteBytesExt;
#[cfg(test)]
use std::io::Write;
#[cfg(test)]
use zebra_chain::serialization::{zcash_serialize_bytes, ZcashSerialize};

/// The maximum permitted size of the `addr` field in `addrv2` messages.
///
/// > Field addr has a variable length, with a maximum of 512 bytes (4096 bits).
/// > Clients MUST reject messages with a longer addr field, irrespective of the network ID.
///
/// <https://zips.z.cash/zip-0155#specification>
pub const MAX_ADDR_V2_ADDR_SIZE: usize = 512;

/// The network ID of [`Ipv4Addr`]s in `addrv2` messages.
///
/// > 0x01  IPV4  4   IPv4 address (globally routed internet)
///
/// <https://zips.z.cash/zip-0155#specification>
///
/// [`Ipv4Addr`]: std::net::Ipv4Addr
pub const ADDR_V2_IPV4_NETWORK_ID: u8 = 0x01;

/// The size of [`Ipv4Addr`]s in `addrv2` messages.
///
/// <https://zips.z.cash/zip-0155#specification>
///
/// [`Ipv4Addr`]: std::net::Ipv4Addr
pub const ADDR_V2_IPV4_ADDR_SIZE: usize = 4;

/// The network ID of [`Ipv6Addr`]s in `addrv2` messages.
///
/// > 0x02  IPV6  16  IPv6 address (globally routed internet)
///
/// <https://zips.z.cash/zip-0155#specification>
///
/// [`Ipv6Addr`]: std::net::Ipv6Addr
pub const ADDR_V2_IPV6_NETWORK_ID: u8 = 0x02;

/// The size of [`Ipv6Addr`]s in `addrv2` messages.
///
/// <https://zips.z.cash/zip-0155#specification>
///
/// [`Ipv6Addr`]: std::net::Ipv6Addr
pub const ADDR_V2_IPV6_ADDR_SIZE: usize = 16;

/// The second format used for Bitcoin node addresses.
/// Contains a node address, its advertised services, and last-seen time.
/// This struct is serialized and deserialized into `addrv2` messages.
///
/// [ZIP 155](https://zips.z.cash/zip-0155#specification)
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
#[cfg_attr(any(test, feature = "proptest-impl"), derive(Arbitrary))]
pub(in super::super) enum AddrV2 {
    /// An IPv4 or IPv6 node address, in `addrv2` format.
    IpAddr {
        /// The unverified "last seen time" gossiped by the remote peer that sent us
        /// this address.
        ///
        /// See the [`MetaAddr::last_seen`] method for details.
        untrusted_last_seen: DateTime32,

        /// The unverified services for the peer at `ip_addr`:`port`.
        ///
        /// These services were advertised by the peer at that address,
        /// then gossiped via another peer.
        ///
        /// ## Security
        ///
        /// `untrusted_services` on gossiped peers may be invalid due to outdated
        /// records, older peer versions, or buggy or malicious peers.
        untrusted_services: PeerServices,

        /// The peer's canonical IP address and port.
        ///
        /// Unlike [`AddrV1`], this can be an IPv4 or IPv6 address.
        ///
        /// [`AddrV1`]: super::v1::AddrV1
        addr: PeerSocketAddr,
    },

    /// A node address with an unsupported `networkID`, in `addrv2` format.
    //
    // TODO: when we add more address types, make sure their addresses aren't logged,
    //       in a similar way to `PeerSocketAddr`
    Unsupported,
}

// Just serialize in the tests for now.
//
// We can't guarantee that peers support addrv2 until it activates,
// and outdated peers are excluded from the network by a network upgrade.
// (Likely NU5 on mainnet, and NU6 on testnet.)
// https://zips.z.cash/zip-0155#deployment
//
// And Zebra doesn't use different codecs for different peer versions.
#[cfg(test)]
impl From<MetaAddr> for AddrV2 {
    fn from(meta_addr: MetaAddr) -> Self {
        let untrusted_services = meta_addr.services.expect(
            "unexpected MetaAddr with missing peer services: \
             MetaAddrs should be sanitized before serialization",
        );
        let untrusted_last_seen = meta_addr.last_seen().expect(
            "unexpected MetaAddr with missing last seen time: \
             MetaAddrs should be sanitized before serialization",
        );

        AddrV2::IpAddr {
            untrusted_last_seen,
            untrusted_services,
            addr: canonical_peer_addr(meta_addr.addr()),
        }
    }
}

/// The error returned when converting `AddrV2::Unsupported` fails.
#[derive(Error, Copy, Clone, Debug, Eq, PartialEq, Hash)]
#[cfg_attr(any(test, feature = "proptest-impl"), derive(Arbitrary))]
#[error("can not parse this addrv2 variant: unimplemented or unrecognised AddrV2 network ID")]
pub struct UnsupportedAddrV2NetworkIdError;

impl TryFrom<AddrV2> for MetaAddr {
    type Error = UnsupportedAddrV2NetworkIdError;

    fn try_from(addr: AddrV2) -> Result<MetaAddr, UnsupportedAddrV2NetworkIdError> {
        if let AddrV2::IpAddr {
            untrusted_last_seen,
            untrusted_services,
            addr,
        } = addr
        {
            Ok(MetaAddr::new_gossiped_meta_addr(
                addr,
                untrusted_services,
                untrusted_last_seen,
            ))
        } else {
            Err(UnsupportedAddrV2NetworkIdError)
        }
    }
}

impl AddrV2 {
    /// Deserialize `addr_bytes` as an IPv4 or IPv6 address, using the `addrv2` format.
    /// Returns the corresponding [`IpAddr`].
    ///
    /// The returned IP version is chosen based on `IP_ADDR_SIZE`,
    /// which should be [`ADDR_V2_IPV4_ADDR_SIZE`] or [`ADDR_V2_IPV6_ADDR_SIZE`].
    #[allow(clippy::unwrap_in_result)]
    fn ip_addr_from_bytes<const IP_ADDR_SIZE: usize>(
        addr_bytes: Vec<u8>,
    ) -> Result<IpAddr, SerializationError>
    where
        IpAddr: From<[u8; IP_ADDR_SIZE]>,
    {
        // > Clients MUST reject messages that contain addresses that have
        // > a different length than specified in this table for a specific network ID,
        // > as these are meaningless.
        if addr_bytes.len() != IP_ADDR_SIZE {
            let error_msg = if IP_ADDR_SIZE == ADDR_V2_IPV4_ADDR_SIZE {
                "IP address field length did not match expected IPv4 address size in addrv2 message"
            } else if IP_ADDR_SIZE == ADDR_V2_IPV6_ADDR_SIZE {
                "IP address field length did not match expected IPv6 address size in addrv2 message"
            } else {
                unreachable!("unexpected IP address size when converting from bytes");
            };

            return Err(SerializationError::Parse(error_msg));
        };

        // > The IPV4 and IPV6 network IDs use addresses encoded in the usual way
        // > for binary IPv4 and IPv6 addresses in network byte order (big endian).
        let ip: [u8; IP_ADDR_SIZE] = addr_bytes.try_into().expect("just checked length");

        Ok(IpAddr::from(ip))
    }
}

// Just serialize in the tests for now.
//
// See the detailed note about ZIP-155 activation above.
#[cfg(test)]
impl ZcashSerialize for AddrV2 {
    fn zcash_serialize<W: Write>(&self, mut writer: W) -> Result<(), std::io::Error> {
        if let AddrV2::IpAddr {
            untrusted_last_seen,
            untrusted_services,
            addr,
        } = self
        {
            // > uint32  Time that this node was last seen as connected to the network.
            untrusted_last_seen.zcash_serialize(&mut writer)?;

            // > Service bits. A CompactSize-encoded bit field that is 64 bits wide.
            let untrusted_services: CompactSize64 = untrusted_services.bits().into();
            untrusted_services.zcash_serialize(&mut writer)?;

            match addr.ip() {
                IpAddr::V4(ip) => {
                    // > Network identifier. An 8-bit value that specifies which network is addressed.
                    writer.write_u8(ADDR_V2_IPV4_NETWORK_ID)?;

                    // > The IPV4 and IPV6 network IDs use addresses encoded in the usual way
                    // > for binary IPv4 and IPv6 addresses in network byte order (big endian).
                    let ip: [u8; ADDR_V2_IPV4_ADDR_SIZE] = ip.octets();
                    // > CompactSize      The length in bytes of addr.
                    // > uint8[sizeAddr]  Network address. The interpretation depends on networkID.
                    zcash_serialize_bytes(&ip.to_vec(), &mut writer)?;

                    // > uint16  Network port. If not relevant for the network this MUST be 0.
                    writer.write_u16::<BigEndian>(addr.port())?;
                }
                IpAddr::V6(ip) => {
                    writer.write_u8(ADDR_V2_IPV6_NETWORK_ID)?;

                    let ip: [u8; ADDR_V2_IPV6_ADDR_SIZE] = ip.octets();
                    zcash_serialize_bytes(&ip.to_vec(), &mut writer)?;

                    writer.write_u16::<BigEndian>(addr.port())?;
                }
            }
        } else {
            unreachable!("unexpected AddrV2 variant: {:?}", self);
        }

        Ok(())
    }
}

/// Deserialize an `addrv2` entry according to:
/// <https://zips.z.cash/zip-0155#specification>
///
/// Unimplemented and unrecognised addresses are deserialized as [`AddrV2::Unsupported`].
/// (Deserialization consumes the correct number of bytes for unsupported addresses.)
impl ZcashDeserialize for AddrV2 {
    fn zcash_deserialize<R: Read>(mut reader: R) -> Result<Self, SerializationError> {
        // > uint32  Time that this node was last seen as connected to the network.
        let untrusted_last_seen = (&mut reader).zcash_deserialize_into()?;

        // > Service bits. A CompactSize-encoded bit field that is 64 bits wide.
        let untrusted_services: CompactSize64 = (&mut reader).zcash_deserialize_into()?;
        let untrusted_services = PeerServices::from_bits_truncate(untrusted_services.into());

        // > Network identifier. An 8-bit value that specifies which network is addressed.
        //
        // See the list of reserved network IDs in ZIP 155.
        let network_id = reader.read_u8()?;

        // > CompactSize  The length in bytes of addr.
        let addr_len: CompactSizeMessage = (&mut reader).zcash_deserialize_into()?;
        let addr_len: usize = addr_len.into();
        if addr_len > MAX_ADDR_V2_ADDR_SIZE {
            return Err(SerializationError::Parse(
                "addr field longer than MAX_ADDR_V2_ADDR_SIZE in addrv2 message",
            ));
        }

        // > uint8[sizeAddr]  Network address. The interpretation depends on networkID.
        let addr: Vec<u8> = zcash_deserialize_bytes_external_count(addr_len, &mut reader)?;

        // > uint16  Network port. If not relevant for the network this MUST be 0.
        let port = reader.read_u16::<BigEndian>()?;

        let ip = if network_id == ADDR_V2_IPV4_NETWORK_ID {
            AddrV2::ip_addr_from_bytes::<ADDR_V2_IPV4_ADDR_SIZE>(addr)?
        } else if network_id == ADDR_V2_IPV6_NETWORK_ID {
            AddrV2::ip_addr_from_bytes::<ADDR_V2_IPV6_ADDR_SIZE>(addr)?
        } else {
            // unimplemented or unrecognised network ID, just consume the bytes
            //
            // > Clients MUST NOT gossip addresses from unknown networks,
            // > because they have no means to validate those addresses
            // > and so can be tricked to gossip invalid addresses.

            return Ok(AddrV2::Unsupported);
        };

        Ok(AddrV2::IpAddr {
            untrusted_last_seen,
            untrusted_services,
            addr: canonical_peer_addr(SocketAddr::new(ip, port)),
        })
    }
}

impl TrustedPreallocate for AddrV2 {
    fn max_allocation() -> u64 {
        // The protocol caps addrv2 messages at 1,000 entries.
        // <https://zips.z.cash/zip-0155#specification>
        //
        // Previously this was derived from MAX_PROTOCOL_MESSAGE_LEN / ADDR_V2_MIN_SIZE = 233,016,
        // which allowed a remote peer to force a ~10.7 MiB heap allocation before the cap
        // was checked. See GHSA-xr93-pcq3-pxf8.
        crate::constants::MAX_ADDRS_IN_MESSAGE as u64
    }
}