[p2p] Limit Block Duration #2570
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Deploying monorepo with
|
| Latest commit: |
f7f6369
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://65f89e6f.monorepo-eu0.pages.dev |
| Branch Preview URL: | https://bounded-block.monorepo-eu0.pages.dev |
patrick-ogrady
commented
Dec 19, 2025
| pub fn listen(&mut self, peer: &C) -> Option<Reservation<C>> { | ||
| /// Returns `Ok(Reservation)` on success, or an error indicating why the reservation failed. | ||
| pub fn listen(&mut self, peer: &C) -> Result<Reservation<C>, super::ingress::ListenError> { | ||
| use super::ingress::ListenError; |
patrick-ogrady
commented
Dec 19, 2025
patrick-ogrady
force-pushed
the
bounded-block
branch
from
2ec666d to
27860f7
Compare
patrick-ogrady
commented
Dec 19, 2025
| context, | ||
| |peer| tracker.acceptable(peer), | ||
| |peer| { | ||
| let mut tracker = tracker.clone(); |
Contributor
Author
There was a problem hiding this comment.
this is jank but technically this the way you'd need to do this given the interface of listen
patrick-ogrady
commented
Dec 19, 2025
| /// - We are not already connected or reserved | ||
| /// - The ingress address is allowed (DNS enabled, Socket IP is global or private IPs allowed) | ||
| /// | ||
| /// Note: Blocked peers are never dialable regardless of expiry since we don't retain |
Contributor
Author
There was a problem hiding this comment.
We should change this?
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
commonware-mcp | f7f6369 | Jan 01 2026, 11:28 PM |
Codecov Report❌ Patch coverage is @@ Coverage Diff @@
## main #2570 +/- ##
==========================================
- Coverage 92.63% 92.62% -0.01%
==========================================
Files 355 355
Lines 102890 103042 +152
==========================================
+ Hits 95314 95446 +132
- Misses 7576 7596 +20
... and 3 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
patrick-ogrady
commented
Jan 1, 2026
| |peer| tracker.acceptable(peer), | ||
| |peer| { | ||
| let mut tracker = tracker.clone(); | ||
| async move { tracker.acceptable(peer).await == tracker::Acceptable::Yes } |
Contributor
Author
There was a problem hiding this comment.
Can we just make this async?
| .await | ||
| { | ||
| Ok(x) => x, | ||
| Err(StreamError::PeerRejected(bytes)) => { |
Contributor
Author
There was a problem hiding this comment.
Make error generic over key?
| Err(StreamError::PeerRejected(bytes)) => { | ||
| // Decode the peer public key and query for rejection reason | ||
| if let Ok(peer) = C::PublicKey::read(&mut bytes.as_slice()) { | ||
| match tracker.acceptable(peer).await { |
Contributor
Author
There was a problem hiding this comment.
This is super racy and inefficient.
| /// Attempt to block a peer, updating the metrics accordingly. | ||
| pub fn block(&mut self, peer: &C) { | ||
| if self.peers.get_mut(peer).is_some_and(|r| r.block()) { | ||
| let blocked_until = self.context.current() + self.block_duration; |
Contributor
Author
There was a problem hiding this comment.
saturating add
| self.peers.get(peer).is_some_and(|r| r.acceptable()) | ||
| /// Returns the acceptance status for a peer. | ||
| pub fn acceptable(&self, peer: &C) -> super::ingress::Acceptable { | ||
| use super::ingress::Acceptable; |
Contributor
Author
There was a problem hiding this comment.
remove inline import
| pub fn block(&mut self) -> bool { | ||
| if matches!(self.address, Address::Blocked | Address::Myself) { | ||
| pub fn block(&mut self, blocked_until: SystemTime) -> bool { | ||
| if matches!(self.address, Address::Blocked(_) | Address::Myself) { |
Contributor
Author
There was a problem hiding this comment.
Should use later of block times?
| /// IPs of eligible peers we should accept connections from. | ||
| pub registered_ips: HashSet<IpAddr>, | ||
| /// IPs of blocked peers with their expiry times. | ||
| pub blocked_ips: std::collections::HashMap<IpAddr, SystemTime>, |
| // Send the updated listenable IPs to the listener. | ||
| let _ = self.listener.send(self.directory.listenable()).await; | ||
| // Send the updated filter to the listener. | ||
| let filter = ListenerFilter { |
Contributor
Author
There was a problem hiding this comment.
send just blocked IPs here (don't need to resend listenable?)
|
|
||
| // Check whether the IP is registered | ||
| if !self.attempt_unregistered_handshakes && !self.registered_ips.contains(&ip) { | ||
| self.handshakes_blocked.inc(); |
Contributor
Author
There was a problem hiding this comment.
Add metrics for different block reasons.
# Conflicts: # p2p/src/authenticated/lookup/actors/tracker/actor.rs # p2p/src/authenticated/lookup/actors/tracker/directory.rs # p2p/src/authenticated/lookup/actors/tracker/mod.rs # p2p/src/authenticated/lookup/actors/tracker/record.rs # p2p/src/authenticated/lookup/network.rs
This was referenced Jan 2, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes: #2556
Closes: #2557
TODO
Summary
This PR adds time-based block expiry for p2p peers. When a peer is blocked, the block automatically expires after a configurable duration (default: 1 hour for production, 1 minute for tests). This allows nodes that were blocked due to temporary issues (misconfiguration, one-off bugs) to reconnect without requiring restarts of all other nodes.
Changes
Discovery Module
block_durationconfiguration fieldAddress::Blockednow storesSystemTime(block expiry time) instead of being a unit variantnow: SystemTimeparameter to check block expiry:blocked(now),eligible(now),want(now, ...),dialable(now, ...),acceptable(now),reserve(now),update(now, ...)Acceptableenum (Yes,Blocked,Unknown) for detailed rejection loggingLookup Module
block_durationconfiguration fieldAddress::Blockednow storesSystemTime(block expiry time)ListenerFilterstruct carries blocked IPs with expiry times to listenerBehavior
block_duration