From 2086449fe5985bcf2a8d3853cf62ccc0a707bb41 Mon Sep 17 00:00:00 2001 From: Enrico Del Fante Date: Mon, 30 Sep 2024 12:29:19 +0200 Subject: [PATCH 1/2] disable flood publish by default --- CHANGELOG.md | 2 +- .../tech/pegasys/teku/networking/eth2/P2PConfig.java | 7 +++---- .../networking/p2p/gossip/config/GossipConfig.java | 10 +++++----- .../tech/pegasys/teku/cli/options/P2POptionsTest.java | 5 ++--- 4 files changed, 11 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ebbe83d5d7..f00bb633755 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ - Implemented [PostAggregateAndProofsV2](https://ethereum.github.io/beacon-APIs/?urls.primaryName=dev#/Validator/publishAggregateAndProofsV2) (adding support for Electra) - Added support for [Ephemery Testnet](https://github.com/ephemery.dev) `--network=ephemery` - Updated bootnodes for Holesky network -- Added new `--p2p-flood-publish-enabled` parameter to control whenever flood publishing behaviour is enabled (applies to all subnets). Previous teku versions always had this behaviour enabled. Default is `true`. +- Disabled flood publish behaviour on all p2p subnets. New `--p2p-flood-publish-enabled` parameter can be used to re-enable it, restoring previous behaviour. - Add a fix for [CVE-2024-7254](https://avd.aquasec.com/nvd/2024/cve-2024-7254/) - Updated LUKSO configuration with Deneb fork scheduled for epoch 123075 (November 20, 2024, 16:20:00 UTC) - Support for `IDONTWANT` libp2p protocol messages diff --git a/networking/eth2/src/main/java/tech/pegasys/teku/networking/eth2/P2PConfig.java b/networking/eth2/src/main/java/tech/pegasys/teku/networking/eth2/P2PConfig.java index 21b7a06e9f7..619bcbfa33f 100644 --- a/networking/eth2/src/main/java/tech/pegasys/teku/networking/eth2/P2PConfig.java +++ b/networking/eth2/src/main/java/tech/pegasys/teku/networking/eth2/P2PConfig.java @@ -14,6 +14,7 @@ package tech.pegasys.teku.networking.eth2; import static com.google.common.base.Preconditions.checkNotNull; +import static tech.pegasys.teku.networking.p2p.gossip.config.GossipConfig.DEFAULT_FLOOD_PUBLISH_ENABLED; import java.time.Duration; import java.util.OptionalInt; @@ -23,7 +24,6 @@ import tech.pegasys.teku.networking.eth2.gossip.config.GossipConfigurator; import tech.pegasys.teku.networking.eth2.gossip.encoding.GossipEncoding; import tech.pegasys.teku.networking.p2p.discovery.DiscoveryConfig; -import tech.pegasys.teku.networking.p2p.gossip.config.GossipConfig; import tech.pegasys.teku.networking.p2p.network.config.NetworkConfig; import tech.pegasys.teku.spec.Spec; import tech.pegasys.teku.spec.config.NetworkingSpecConfig; @@ -175,7 +175,7 @@ public static class Builder { private boolean batchVerifyStrictThreadLimitEnabled = DEFAULT_BATCH_VERIFY_STRICT_THREAD_LIMIT_ENABLED; private boolean allTopicsFilterEnabled = DEFAULT_PEER_ALL_TOPIC_FILTER_ENABLED; - private Boolean isFloodPublishEnabled = GossipConfig.DEFAULT_FLOOD_PUBLISH_ENABLED; + private boolean isFloodPublishEnabled = DEFAULT_FLOOD_PUBLISH_ENABLED; private Builder() {} @@ -287,8 +287,7 @@ public Builder peerRequestLimit(final Integer peerRequestLimit) { return this; } - public Builder isFloodPublishEnabled(final Boolean floodPublishEnabled) { - checkNotNull(floodPublishEnabled); + public Builder isFloodPublishEnabled(final boolean floodPublishEnabled) { this.isFloodPublishEnabled = floodPublishEnabled; return this; } diff --git a/networking/p2p/src/main/java/tech/pegasys/teku/networking/p2p/gossip/config/GossipConfig.java b/networking/p2p/src/main/java/tech/pegasys/teku/networking/p2p/gossip/config/GossipConfig.java index 4f7711beb1d..10b7099b794 100644 --- a/networking/p2p/src/main/java/tech/pegasys/teku/networking/p2p/gossip/config/GossipConfig.java +++ b/networking/p2p/src/main/java/tech/pegasys/teku/networking/p2p/gossip/config/GossipConfig.java @@ -36,7 +36,7 @@ public class GossipConfig { // After EIP-7045, attestations are valid for up to 2 full epochs, so TTL is 65 // slots 1115 * HEARTBEAT = 1115 * 0.7 / 12 = 65.125 static final Duration DEFAULT_SEEN_TTL = DEFAULT_HEARTBEAT_INTERVAL.multipliedBy(1115); - public static final Boolean DEFAULT_FLOOD_PUBLISH_ENABLED = Boolean.TRUE; + public static final Boolean DEFAULT_FLOOD_PUBLISH_ENABLED = false; private final int d; private final int dLow; @@ -47,7 +47,7 @@ public class GossipConfig { private final int history; private final Duration heartbeatInterval; private final Duration seenTTL; - private final Boolean floodPublishEnabled; + private final boolean floodPublishEnabled; private final GossipScoringConfig scoringConfig; private GossipConfig( @@ -60,7 +60,7 @@ private GossipConfig( final int history, final Duration heartbeatInterval, final Duration seenTTL, - final Boolean floodPublishEnabled, + final boolean floodPublishEnabled, final GossipScoringConfig scoringConfig) { this.d = d; this.dLow = dLow; @@ -139,7 +139,7 @@ public static class Builder { private Integer history = DEFAULT_HISTORY; private Duration heartbeatInterval = DEFAULT_HEARTBEAT_INTERVAL; private Duration seenTTL = DEFAULT_SEEN_TTL; - private Boolean floodPublishEnabled = DEFAULT_FLOOD_PUBLISH_ENABLED; + private boolean floodPublishEnabled = DEFAULT_FLOOD_PUBLISH_ENABLED; private Builder() {} @@ -227,7 +227,7 @@ public Builder seenTTL(final Duration seenTTL) { return this; } - public Builder floodPublishEnabled(final Boolean floodPublishEnabled) { + public Builder floodPublishEnabled(final boolean floodPublishEnabled) { this.floodPublishEnabled = floodPublishEnabled; return this; } diff --git a/teku/src/test/java/tech/pegasys/teku/cli/options/P2POptionsTest.java b/teku/src/test/java/tech/pegasys/teku/cli/options/P2POptionsTest.java index b32a6e29217..0afbc3add4e 100644 --- a/teku/src/test/java/tech/pegasys/teku/cli/options/P2POptionsTest.java +++ b/teku/src/test/java/tech/pegasys/teku/cli/options/P2POptionsTest.java @@ -340,9 +340,8 @@ public void allSubnetsShouldNotOverrideQueuesIfExplicitlySet() { } @Test - public void floodPublishEnabled_isSetCorrectly() { - final TekuConfiguration config = - getTekuConfigurationFromArguments("--p2p-flood-publish-enabled"); + public void floodPublishEnabled_defaultIsSetCorrectly() { + final TekuConfiguration config = getTekuConfigurationFromArguments(); assertThat(config.network().getGossipConfig().isFloodPublishEnabled()) .isEqualTo(DEFAULT_FLOOD_PUBLISH_ENABLED); } From e61fbac2b9281b9bd9ea606dcdb4cb93a736a624 Mon Sep 17 00:00:00 2001 From: Enrico Del Fante Date: Mon, 30 Sep 2024 14:43:37 +0200 Subject: [PATCH 2/2] hide param --- CHANGELOG.md | 2 +- .../main/java/tech/pegasys/teku/cli/options/P2POptions.java | 3 ++- .../java/tech/pegasys/teku/cli/options/P2POptionsTest.java | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f00bb633755..df8de0f05c0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ - Implemented [PostAggregateAndProofsV2](https://ethereum.github.io/beacon-APIs/?urls.primaryName=dev#/Validator/publishAggregateAndProofsV2) (adding support for Electra) - Added support for [Ephemery Testnet](https://github.com/ephemery.dev) `--network=ephemery` - Updated bootnodes for Holesky network -- Disabled flood publish behaviour on all p2p subnets. New `--p2p-flood-publish-enabled` parameter can be used to re-enable it, restoring previous behaviour. +- Disabled flood publish behaviour on all p2p subnets. `--Xp2p-flood-publish-enabled` experimental parameter can be used to re-enable it, restoring previous behaviour. - Add a fix for [CVE-2024-7254](https://avd.aquasec.com/nvd/2024/cve-2024-7254/) - Updated LUKSO configuration with Deneb fork scheduled for epoch 123075 (November 20, 2024, 16:20:00 UTC) - Support for `IDONTWANT` libp2p protocol messages diff --git a/teku/src/main/java/tech/pegasys/teku/cli/options/P2POptions.java b/teku/src/main/java/tech/pegasys/teku/cli/options/P2POptions.java index d08cfd6ecc5..1eb119ff67a 100644 --- a/teku/src/main/java/tech/pegasys/teku/cli/options/P2POptions.java +++ b/teku/src/main/java/tech/pegasys/teku/cli/options/P2POptions.java @@ -370,11 +370,12 @@ The network interface(s) on which the node listens for P2P communication. // More about flood publishing // https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md#flood-publishing @Option( - names = {"--p2p-flood-publish-enabled"}, + names = {"--Xp2p-flood-publish-enabled"}, paramLabel = "", showDefaultValue = Visibility.ALWAYS, description = "Enables gossip 'floodPublish' feature", arity = "0..1", + hidden = true, fallbackValue = "true") private boolean floodPublishEnabled = GossipConfig.DEFAULT_FLOOD_PUBLISH_ENABLED; diff --git a/teku/src/test/java/tech/pegasys/teku/cli/options/P2POptionsTest.java b/teku/src/test/java/tech/pegasys/teku/cli/options/P2POptionsTest.java index 0afbc3add4e..474e4377725 100644 --- a/teku/src/test/java/tech/pegasys/teku/cli/options/P2POptionsTest.java +++ b/teku/src/test/java/tech/pegasys/teku/cli/options/P2POptionsTest.java @@ -349,21 +349,21 @@ public void floodPublishEnabled_defaultIsSetCorrectly() { @Test public void floodPublishEnabled_shouldNotRequireAValue() { final TekuConfiguration config = - getTekuConfigurationFromArguments("--p2p-flood-publish-enabled"); + getTekuConfigurationFromArguments("--Xp2p-flood-publish-enabled"); assertThat(config.network().getGossipConfig().isFloodPublishEnabled()).isTrue(); } @Test public void floodPublishEnabled_true() { final TekuConfiguration config = - getTekuConfigurationFromArguments("--p2p-flood-publish-enabled=true"); + getTekuConfigurationFromArguments("--Xp2p-flood-publish-enabled=true"); assertThat(config.network().getGossipConfig().isFloodPublishEnabled()).isTrue(); } @Test public void floodPublishEnabled_false() { final TekuConfiguration config = - getTekuConfigurationFromArguments("--p2p-flood-publish-enabled=false"); + getTekuConfigurationFromArguments("--Xp2p-flood-publish-enabled=false"); assertThat(config.network().getGossipConfig().isFloodPublishEnabled()).isFalse(); }