WIP: Throw error for RGS data that's more than two weeks old, fixing #1785

Author: arik-so

lightning-rapid-gossip-sync/src/processing.rs

@@ -16,6 +16,9 @@ use lightning::io;
 use crate::error::GraphSyncError;
 use crate::RapidGossipSync;
 
+#[cfg(feature = "std")]
+use std::time::{SystemTime, UNIX_EPOCH};
+
 #[cfg(not(feature = "std"))]
 use alloc::{vec::Vec, borrow::ToOwned};
 
@@ -29,6 +32,10 @@ const GOSSIP_PREFIX: [u8; 4] = [76, 68, 75, 1];
 /// avoid malicious updates being able to trigger excessive memory allocation.
 const MAX_INITIAL_NODE_ID_VECTOR_CAPACITY: u32 = 50_000;
 
+/// We remove disallow gossip data that's more than two weeks old, per BOLT 7's
+/// suggestion.
+const STALE_CHANNEL_UPDATE_AGE_LIMIT_SECS: u64 = 60 * 60 * 24 * 14;
+
 impl<NG: Deref<Target=NetworkGraph<L>>, L: Deref> RapidGossipSync<NG, L> where L::Target: Logger {
 	pub(crate) fn update_network_graph_from_byte_stream<R: io::Read>(
 		&self,
@@ -46,6 +53,16 @@ impl<NG: Deref<Target=NetworkGraph<L>>, L: Deref> RapidGossipSync<NG, L> where L
 		// backdate the applied timestamp by a week
 		let backdated_timestamp = latest_seen_timestamp.saturating_sub(24 * 3600 * 7);
 
+		#[cfg(all(feature = "std", not(test), not(feature = "_test_utils")))]
+		{
+			// Note that many tests rely on being able to set arbitrarily old timestamps, thus we
+			// disable this check during tests!
+			let time = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time must be > 1970").as_secs();
+			if (msg.timestamp as u64) < time - STALE_CHANNEL_UPDATE_AGE_LIMIT_SECS {
+				return Err(LightningError{err: "Rapid Gossip Sync data is more than two weeks old".to_owned(), action: ErrorAction::IgnoreError}.into());
+			}
+		}
+
 		let node_id_count: u32 = Readable::read(read_cursor)?;
 		let mut node_ids: Vec<PublicKey> = Vec::with_capacity(core::cmp::min(
 			node_id_count,