Integrate zstd compression into chain exchange #842
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #842 +/- ##
==========================================
- Coverage 67.38% 67.32% -0.07%
==========================================
Files 83 83
Lines 9017 9024 +7
==========================================
- Hits 6076 6075 -1
- Misses 2408 2412 +4
- Partials 533 537 +4
|
|
Can we add a compression bomb test? I think we're fine, but it would be nice to have a test.
|
| } | ||
|
|
||
| func NewPubSubChainExchange(o ...Option) (*PubSubChainExchange, error) { | ||
| opts, err := newOptions(o...) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| zstd, err := encoding.NewZSTD[*Message]() |
There was a problem hiding this comment.
Are we going with ZSTD by default?
There was a problem hiding this comment.
For chain exchange yes. For GPBFT it's configurable via manifest.
Happy to make it configurable for chain exchange too if you think it's worth doing.
Sure. Captured #843 |
|
@Stebalien the message encoding decoding off Gossipsub does not function in streaming manner. Instead, both the publisher and subscriber hand over The default maximum message size in pubsub is set to 1 MiB, which as far as I can tell has not been overridden in Lotus. This limit is large enough for the purposes of F3. So, what I have done in 05bc578 is to explicitly set the maximum decoded value in zstd to 1 MiB. For sanity, I have also restricted encoder to refuse to encode values that would hit that limit. Does this cover your concern re expansion attack vector in the context of zstd compression? |
|
That's good but isn't the zstd coder streaming? Looking at the docs in: https://pkg.go.dev/github.com/klauspost/compress/zstd#WithDecoderMaxMemory That restricts the max memory held at any point in time while streaming, not the max that can be read from the stream in total (unless I'm misreading it). |
It has two modes: streaming where one needs to allocate a decoder per io.reader, or nonstreaming where one declares a reader with nil io.reader and uses
The documentation reads: "WithDecoderMaxMemory allows to set a maximum decoded size for in-memory non-streaming operations or maximum window size for streaming operations. This can be used to control memory usage of potentially hostile content. ". Right? |
Oh, I see. I assumed we used streaming decoding. Then yeah, it should work (and is actually required). |
The GPBFT message exchange over pubsub already uses zstd compression on top of CBOR encoded messages. The work here integrates the same style of compression for chain exchange messages, with additional unification of the encoding mechanism across the two. The work refactors the root level encoding implementation into a generic encoder decoder that both chain exchange and gpbft used. Tests and benchmarks are updated to reflect this. The benchmarking of partial gmessage encoding is also adjusted to fix a few redundant statements and bugs in testing. Fixes #819
The default message size limit in GossipSub is 1 MiB, which is unchanged in Lotus. This means when decompressing values, we can never have a valid compressed message that expands to larger than 1 MiB. Set this limit explicitly in the zstd decoder.
masih
force-pushed
the
masih/chainex-zstd-compression
branch
from
05bc578 to
13487e2
Compare
|
@Kubuxu @Stebalien Can I get a review on this PR please? |
| } | ||
|
|
||
| func (c *ZSTD[T]) Decode(v []byte, t T) error { | ||
| cborEncoded, err := c.decompressor.DecodeAll(v, make([]byte, 0, len(v))) |
There was a problem hiding this comment.
Future change: we should use a buffer pool for these short-lived buffers (https://pkg.go.dev/sync#Pool). If we do that, we can also allocate these buffers with 1MiB capacities and use WithDecodeAllCapLimit to avoid any allocations.
The GPBFT message exchange over pubsub already uses zstd compression on top of CBOR encoded messages. The work here integrates the same style of compression for chain exchange messages, with additional unification of the encoding mechanism across the two.
The work refactors the root level encoding implementation into a generic encoder decoder that both chain exchange and gpbft used. Tests and benchmarks are updated to reflect this.
The benchmarking of partial gmessage encoding is also adjusted to fix a few redundant statements and bugs in testing.
Fixes #819 #843