feat(debug): Log a privacy preserving hash of IP and UserAgent to assist in rate limiting debugging

[ryanschneider]

📝 Summary

We are seeing abuse of our endpoint that is bypassing our firewall rules. To help determine how they are getting past the firewall we need to log the "source" of the traffic in a privacy-preserving way.

What I came up with is the xxhash( x-forwarded-for + user-agent ) or more specifically the left-most non-private IP in the X-Forwarded-For and the User-Agent headers.

However, after discussing w/ @0x416e746f6e he made the good point that User-Agent can be gamed by randomly generating a new UA w/ each request. Furthermore, the fingerprint should not be long-term stable, as that would allow a malicious actor with access to Flashbot logs the ability to track user behavior long-term. So now the hash is salted w/ the current timestamp truncated to the hour, and the UA is removed. And finally, the truncated timestamp is XOR'ed w/ a random uint64 at startup to prevent "rainbow table" attacks where a malicious RPC operator exhaustively hashes all IP/timestamp combinations to determine the source IP of a fingerprint.

In addition, we currently use proxyd as our upstream which by default uses the X-Forwarded-For header for rate limiting. Since xxhash is a uint64 it actually fits perfectly in an IPv6 address, so we convert the fingerprint to a fake IPv6 address in the reserved "example address" documentation prefix from https://datatracker.ietf.org/doc/html/rfc3849 and insert this "IP" as the X-Forwarded-For field.

⛱ Motivation and Context

Give us to means to perform log aggregation to see if the offending traffic is coming from a single or multiple sources.

📚 References

• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent

---

✅ I have run these commands

• make lint
• make test
• go mod tidy

[metachris]

code looks great. left a few minor comment but nothing important