Turbine needs to be more deterministic

[sagar-solana]

Problem

The computed Turbine tree is not deterministic.
It uses the gossip peer list to decide where shreds are transmitted.
This peer list might be different on different nodes and can cause issues if gossip has been partitioned in a more targeted manner.

Proposed Solution

Instead of using the gossip list to filter down the broadcast set. Do the following in broadcast and in retransmit

• Use the list of staked nodes in the epoch as the peer list
• For any missing peers hold off on sending the shred (more on this later)
• Potentially dial up erasure codes if shreds are skipped because of missing peers (does this solve anything? signatures might still cause shreds to point at missing peers)
• In a separate thread/task broadcast the collected shreds (missing peers) and take on the role of each missing peer and complete the broadcast on their behalf.

[aeyakovenko]

DOS prevention/security depends on a determistic Turbine. Retransmits can only occur if the shred path as derived from the signature + epoch staked nodes indicates that the packet arrived from the leader for the node.

[sagar-solana]

@aeyakovenko should I not dive into this right away?
If I don't should I make it so that we are only allowed to pull from these "old" contact infos instead of treating them as if they're live?

[aeyakovenko]

@sagar-solana up to you, unless there is a better slp1 issue to take on. Ask @mvines :)

[aeyakovenko]

tag: @pgarg66

[behzadnouri]

Fixed by #18238, #18971 and #20480
Pending feature activation for the last one.

[ryoqun]

@behzadnouri finally ripe time to close this old issue, right? (context: I'm doing spring cleaning for security issues)

[behzadnouri]

@behzadnouri finally ripe time to close this old issue, right? (context: I'm doing spring cleaning for security issues)

yes, all related features are active on mainnet.