From b2ad6ede95ea66e8677b31d614e183953966db54 Mon Sep 17 00:00:00 2001
From: 0xb10c <0xb10c@gmail.com>
Date: Mon, 2 May 2022 16:30:15 +0200
Subject: [PATCH] tracing: add misbehaving conn tracepoint

---
 doc/tracing.md                        |  9 ++++
 src/net_processing.cpp                |  5 ++
 test/functional/interface_usdt_net.py | 69 ++++++++++++++++++++++++++-
 3 files changed, 81 insertions(+), 2 deletions(-)

diff --git a/doc/tracing.md b/doc/tracing.md
index 5f7f80c1d99..a092ece9c7e 100644
--- a/doc/tracing.md
+++ b/doc/tracing.md
@@ -128,6 +128,15 @@ Arguments passed:
 4. Network the peer connects from as `uint32` (1 = IPv4, 2 = IPv6, 3 = Onion, 4 = I2P, 5 = CJDNS). See `Network` enum in `netaddress.h`.
 5. Connection established UNIX epoch timestamp in seconds as `uint64`.
 
+#### Tracepoint `net:misbehaving_connection`
+
+Is called when a connection is misbehaving. Passes the peer id and a
+reason for the peers misbehavior.
+
+Arguments passed:
+1. Peer ID as `int64`.
+2. Reason why the peer is misbehaving as `pointer to C-style String` (max. length 128 characters).
+
 ### Context `validation`
 
 #### Tracepoint `validation:block_connected`
diff --git a/src/net_processing.cpp b/src/net_processing.cpp
index 8b7f737a98b..1da3ec9d211 100644
--- a/src/net_processing.cpp
+++ b/src/net_processing.cpp
@@ -58,6 +58,7 @@
 using namespace util::hex_literals;
 
 TRACEPOINT_SEMAPHORE(net, inbound_message);
+TRACEPOINT_SEMAPHORE(net, misbehaving_connection);
 
 /** Headers download timeout.
  *  Timeout = base + per_header * (expected number of headers) */
@@ -1752,6 +1753,10 @@ void PeerManagerImpl::Misbehaving(Peer& peer, const std::string& message)
     const std::string message_prefixed = message.empty() ? "" : (": " + message);
     peer.m_should_discourage = true;
     LogDebug(BCLog::NET, "Misbehaving: peer=%d%s\n", peer.m_id, message_prefixed);
+    TRACEPOINT(net, misbehaving_connection,
+        peer.m_id,
+        message.c_str()
+    );
 }
 
 void PeerManagerImpl::MaybePunishNodeForBlock(NodeId nodeid, const BlockValidationState& state,
diff --git a/test/functional/interface_usdt_net.py b/test/functional/interface_usdt_net.py
index 00ddf498491..3cddd340c8a 100755
--- a/test/functional/interface_usdt_net.py
+++ b/test/functional/interface_usdt_net.py
@@ -14,7 +14,7 @@ try:
     from bcc import BPF, USDT  # type: ignore[import]
 except ImportError:
     pass
-from test_framework.messages import msg_version
+from test_framework.messages import CBlockHeader, MAX_HEADERS_RESULTS, msg_headers, msg_version
 from test_framework.p2p import P2PInterface
 from test_framework.test_framework import BitcoinTestFramework
 from test_framework.util import assert_equal
@@ -23,6 +23,7 @@ from test_framework.util import assert_equal
 MAX_PEER_ADDR_LENGTH = 68
 MAX_PEER_CONN_TYPE_LENGTH = 20
 MAX_MSG_TYPE_LENGTH = 20
+MAX_MISBEHAVING_MESSAGE_LENGTH = 128
 # We won't process messages larger than 150 byte in this test. For reading
 # larger messanges see contrib/tracing/log_raw_p2p_msgs.py
 MAX_MSG_DATA_LENGTH = 150
@@ -40,11 +41,13 @@ net_tracepoints_program = """
 #define MAX_PEER_CONN_TYPE_LENGTH {}
 #define MAX_MSG_TYPE_LENGTH {}
 #define MAX_MSG_DATA_LENGTH {}
+#define MAX_MISBEHAVING_MESSAGE_LENGTH {}
 """.format(
     MAX_PEER_ADDR_LENGTH,
     MAX_PEER_CONN_TYPE_LENGTH,
     MAX_MSG_TYPE_LENGTH,
-    MAX_MSG_DATA_LENGTH
+    MAX_MSG_DATA_LENGTH,
+    MAX_MISBEHAVING_MESSAGE_LENGTH,
 ) + """
 // A min() macro. Prefixed with _TRACEPOINT_TEST to avoid collision with other MIN macros.
 #define _TRACEPOINT_TEST_MIN(a,b) ({ __typeof__ (a) _a = (a); __typeof__ (b) _b = (b); _a < _b ? _a : _b; })
@@ -79,6 +82,12 @@ struct ClosedConnection
     u64                 time_established;
 };
 
+struct MisbehavingConnection
+{
+    u64     id;
+    char    message[MAX_MISBEHAVING_MESSAGE_LENGTH];
+};
+
 BPF_PERF_OUTPUT(inbound_messages);
 int trace_inbound_message(struct pt_regs *ctx) {
     struct p2p_message msg = {};
@@ -150,6 +159,16 @@ int trace_evicted_inbound_connection(struct pt_regs *ctx) {
     return 0;
 };
 
+BPF_PERF_OUTPUT(misbehaving_connections);
+int trace_misbehaving_connection(struct pt_regs *ctx) {
+    struct MisbehavingConnection misbehaving = {};
+    void *message_pointer = NULL;
+    bpf_usdt_readarg(1, ctx, &misbehaving.id);
+    bpf_usdt_readarg(2, ctx, &message_pointer);
+    bpf_probe_read_user_str(&misbehaving.message, sizeof(misbehaving.message), message_pointer);
+    misbehaving_connections.perf_submit(ctx, &misbehaving, sizeof(misbehaving));
+    return 0;
+};
 """
 
 
@@ -183,6 +202,17 @@ class ClosedConnection(ctypes.Structure):
     def __repr__(self):
         return f"ClosedConnection(conn={self.conn}, time_established={self.time_established})"
 
+
+class MisbehavingConnection(ctypes.Structure):
+    _fields_ = [
+        ("id", ctypes.c_uint64),
+        ("message", ctypes.c_char * MAX_MISBEHAVING_MESSAGE_LENGTH),
+    ]
+
+    def __repr__(self):
+        return f"MisbehavingConnection(id={self.id}, message={self.message})"
+
+
 class NetTracepointTest(BitcoinTestFramework):
     def set_test_params(self):
         self.num_nodes = 1
@@ -199,6 +229,7 @@ class NetTracepointTest(BitcoinTestFramework):
         self.inbound_conn_tracepoint_test()
         self.outbound_conn_tracepoint_test()
         self.evicted_inbound_conn_tracepoint_test()
+        self.misbehaving_conn_tracepoint_test()
 
     def p2p_message_tracepoint_test(self):
         # Tests the net:inbound_message and net:outbound_message tracepoints
@@ -392,5 +423,39 @@ class NetTracepointTest(BitcoinTestFramework):
         for node in testnodes:
             node.peer_disconnect()
 
+    def misbehaving_conn_tracepoint_test(self):
+        self.log.info("hook into the net:misbehaving_connection tracepoint")
+        ctx = USDT(pid=self.nodes[0].process.pid)
+        ctx.enable_probe(probe="net:misbehaving_connection",
+                         fn_name="trace_misbehaving_connection")
+        bpf = BPF(text=net_tracepoints_program, usdt_contexts=[ctx], debug=0, cflags=["-Wno-error=implicit-function-declaration"])
+
+        EXPECTED_MISBEHAVING_CONNECTIONS = 2
+        misbehaving_connections = []
+
+        def handle_misbehaving_connection(_, data, __):
+            event = ctypes.cast(data, ctypes.POINTER(MisbehavingConnection)).contents
+            self.log.info(f"handle_misbehaving_connection(): {event}")
+            misbehaving_connections.append(event)
+
+        bpf["misbehaving_connections"].open_perf_buffer(handle_misbehaving_connection)
+
+        self.log.info("connect a misbehaving P2P test nodes to our bitcoind node")
+        msg = msg_headers([CBlockHeader()] * (MAX_HEADERS_RESULTS + 1))
+        for _ in range(EXPECTED_MISBEHAVING_CONNECTIONS):
+            testnode = P2PInterface()
+            self.nodes[0].add_p2p_connection(testnode)
+            testnode.send_message(msg)
+            bpf.perf_buffer_poll(timeout=500)
+            testnode.peer_disconnect()
+
+        assert_equal(EXPECTED_MISBEHAVING_CONNECTIONS, len(misbehaving_connections))
+        for misbehaving_connection in misbehaving_connections:
+            assert misbehaving_connection.id > 0
+            assert len(misbehaving_connection.message) > 0
+            assert misbehaving_connection.message == b"headers message size = 2001"
+
+        bpf.cleanup()
+
 if __name__ == '__main__':
     NetTracepointTest(__file__).main()