Protect against flood of addresses (#1718)

substrate/core/network-libp2p/src/behaviour.rs

@@ -233,7 +233,7 @@ impl<TSubstream> NetworkBehaviourEventProcess<CustomProtosOut> for Behaviour<TSu
 impl<TSubstream> NetworkBehaviourEventProcess<IdentifyEvent> for Behaviour<TSubstream> {
 	fn inject_event(&mut self, event: IdentifyEvent) {
 		match event {
-			IdentifyEvent::Identified { peer_id, info, .. } => {
+			IdentifyEvent::Identified { peer_id, mut info, .. } => {
 				trace!(target: "sub-libp2p", "Identified {:?} => {:?}", peer_id, info);
 				// TODO: ideally we would delay the first identification to when we open the custom
 				//	protocol, so that we only report id info to the service about the nodes we
@@ -245,6 +245,11 @@ impl<TSubstream> NetworkBehaviourEventProcess<IdentifyEvent> for Behaviour<TSubs
 					warn!(target: "sub-libp2p", "Received identify response with empty list of \
 						addresses");
 				}
+				if info.listen_addrs.len() > 30 {
+					warn!(target: "sub-libp2p", "Node {:?} id reported more than 30 addresses",
+						peer_id);
+					info.listen_addrs.truncate(30);
+				}
 				for addr in &info.listen_addrs {
 					self.discovery.kademlia.add_address(&peer_id, addr.clone());
 				}

substrate/core/network-libp2p/src/custom_proto/topology.rs

@@ -235,6 +235,11 @@ impl NetTopology {
 
 		let mut addrs: Vec<_> = addrs.collect();
 
+		if addrs.len() > 40 {
+			warn!(target: "sub-libp2p", "Attempt to add more than 40 addresses for {:?}", peer_id);
+			addrs.truncate(40);
+		}
+
 		let now_systime = SystemTime::now();
 		let now = Instant::now();
 
@@ -246,9 +251,7 @@ impl NetTopology {
 				if a.expires < now_systime && !a.is_connected() {
 					return false
 				}
-				while let Some(pos) = addrs.iter().position(|&(ref addr, _)| addr == &a.addr) {
+				addrs.retain(|(addr, _)| *addr != a.addr);
-					addrs.remove(pos);
-				}
 				true
 			})
 			.collect();