Zebra has pre-handshake buffer capacity reservation based on attacker-claimed body length
The P2P codec's Codec::decode() method calls src.reserve(body_len + HEADER_LEN) after parsing a 24-byte protocol header, using the attacker-claimed body_len field. This reserves up to MAX_PROTOCOL_MESSAGE_LEN (~2 MiB) of virtual buffer capacity per connection before any body bytes arrive and before the handshake completes. However, BytesMut::reserve() sets virtual capacity without committing physical memory pages. The operating system does not allocate physical RAM until bytes are actually written into the buffer. Since …