ineiti
commented
4 years ago If you're happy with it, as this is onet, you can ask Gaylor or Jeff to give his final blessing for this PR.
Closed cgrigis closed 4 years ago
ineiti
commented
4 years ago If you're happy with it, as this is onet, you can ask Gaylor or Jeff to give his final blessing for this PR.
This PR implements a filtering of the input and output connections, allowing to mitigate possible DoS/amplification attacks.
It adds a data structure in
Routerthat manages the valid peers, organized in subsets identified by a key. This allows to group the subsets by a logical entity (e.g. a service), which can evolve individually. For example, the ByzCoin service will update a set (specific to the ByzCoin service and a SkipChainID) every time a new block is added, with the peers corresponding to the added block's roster.The data structure is used before the router opens an outgoing connection or accepts an incoming connection. At the router level, a peer is valid if it is present in any of the subsets (i.e. if it belongs to the union of the subsets).
See #620 and dedis/cothority#2204 for the motivation.
Closes #620