Relax punishment for peers relaying invalid blocks and headers #10593

pull luke-jr wants to merge 7 commits into bitcoin:master from luke-jr:relax_invblk_punishment changing 10 files +101 −55
  1. luke-jr commented at 9:42 PM on June 14, 2017: member

    Supercedes #10512 by simply restricting punishments to our outgoing non-feeler connections, and only punishing with a disconnect, not a ban.

    This is necessary to avoid banning peers that merely run old formerly-full nodes, after a softfork. We disconnect primary peers because we want compatible full nodes for that role, but allow non-full nodes to remain connected to inbound slots so they can sync the correct chain from us.

  2. fanquake added the label P2P on Jun 15, 2017
  3. luke-jr referenced this in commit 09566ee288 on Jun 15, 2017
  4. luke-jr referenced this in commit 0071ebe100 on Jun 15, 2017
  5. luke-jr referenced this in commit 73ad56d70d on Jun 15, 2017
  6. luke-jr referenced this in commit cf65248000 on Jun 15, 2017
  7. ajtowns commented at 11:39 AM on June 20, 2017: member

    This seems like a reasonable approach to me; any idea why stop_node in the zapwallettxes test isn't getting a 0 exit code?

  8. luke-jr commented at 6:32 AM on July 4, 2017: member

    @ajtowns Not sure what you're asking? The tests are passing...

  9. luke-jr referenced this in commit 92a61e2cd3 on Jul 4, 2017
  10. luke-jr referenced this in commit 1ca3a2c70c on Jul 4, 2017
  11. ajtowns commented at 2:56 AM on July 5, 2017: member

    I guess whatever I saw was a transient error then (or I was just confused)...

  12. luke-jr referenced this in commit e2728bc748 on Jul 17, 2017
  13. luke-jr referenced this in commit 78b04b779b on Jul 17, 2017
  14. luke-jr referenced this in commit 69a742b04f on Jul 17, 2017
  15. karelbilek referenced this in commit deb729b124 on Sep 15, 2017
  16. in src/net_processing.cpp:1170 in ba51652610 outdated 
     888 | @@ -865,10 +889,16 @@ void PeerLogicValidation::BlockChecked(const CBlock& block, const CValidationSta
 889 |      if (state.IsInvalid(nDoS)) {
 890 |          // Don't send reject message with code 0 or an internal reject code.
 891 |          if (it != mapBlockSource.end() && State(it->second.first) && state.GetRejectCode() > 0 && state.GetRejectCode() < REJECT_INTERNAL) {
 892 | +            const NodeId node_id = it->second.first;
 893 | +            CNodeState * const nodestate = State(node_id);
 894 |              CBlockReject reject = {(unsigned char)state.GetRejectCode(), state.GetRejectReason().substr(0, MAX_REJECT_MESSAGE_LENGTH), hash};
 895 |              State(it->second.first)->rejects.push_back(reject);
    jimpo commented at 9:49 PM on October 5, 2017:

    nit: Use nodestate instead of State(it->second.first)

  17. TheBlueMatt commented at 10:16 PM on October 5, 2017: member

    Have we considered preferring a relatively short-time-period ban instead of purely disconnecting? If the peer is somehow braindead and tries to reconnect immediately we may prefer to keep them gone for 30 minutes or an hour instead of letting them get into some loop of connect-relay-disconnect.

  18. sdaftuar commented at 6:48 PM on October 6, 2017: member

    It seems like this reverts #8305 with no mechanism to replace that functionality. Rationale? This looks like a regression. NACK.

  19. achow101 commented at 4:16 PM on October 7, 2017: member

    It was mentioned during the IRC meeting that this already did what I am planning on doing in #11446. However this doesn't seem to cover the case that I am concerned about: receiving a header for a block we have already marked as invalid. In such a case, nDos will be 0 and thus the peer won't be punished for relaying us the duplicate header.

  20. laanwj added this to the milestone 0.15.1 on Oct 12, 2017
  21. laanwj removed this from the milestone 0.15.1 on Oct 12, 2017
  22. laanwj added this to the milestone 0.15.0.2 on Oct 12, 2017
  23. laanwj added this to the "Review priority 0.15.0.2" column in a project
  24. in test/functional/sendheaders.py:529 in ba51652610 outdated 
     525 | @@ -526,21 +526,6 @@ def run_test(self):
 526 |          # Remove the first two entries (blocks[1] would connect):
 527 |          blocks = blocks[2:]
 528 |  
 529 | -        # Now try to see how many unconnecting headers we can send
    promag commented at 4:04 PM on October 16, 2017:

    Test passes with the above changes.

  25. laanwj added the label Needs backport on Oct 19, 2017
  26. laanwj removed this from the milestone 0.15.0.2 on Oct 26, 2017
  27. laanwj removed the label Needs backport on Oct 26, 2017
  28. laanwj removed this from the "Review priority 0.15.0.2" column in a project
  29. luke-jr commented at 7:33 PM on October 26, 2017: member

    It seems like this reverts #8305 with no mechanism to replace that functionality.

    I don't see how. The conditions this disconnects peers is a superset of the conditions #8305 did.

  30. luke-jr force-pushed on Nov 6, 2017
  31. luke-jr force-pushed on Nov 6, 2017
  32. luke-jr force-pushed on Mar 12, 2018
  33. luke-jr force-pushed on Mar 12, 2018
  34. MarcoFalke added the label Needs rebase on Jun 6, 2018
  35. luke-jr force-pushed on Nov 3, 2018
  36. DrahtBot removed the label Needs rebase on Nov 3, 2018
  37. in test/functional/test_framework/mininode.py:135 in dff2b8dd4c outdated 
     101 | +            listen_sock = socket.socket()
 102 | +            listen_sock.bind(('127.0.0.1', 0))
 103 | +            listen_sock.listen(1)
 104 | +            listen_port = listen_sock.getsockname()[1]
 105 | +            self.rpc.addnode('127.0.0.1:%u' % (listen_port,), 'onetry', False)
 106 | +            (sock, addr) = listen_sock.accept()
    practicalswift commented at 9:43 PM on November 4, 2018:

    Use (sock, _) = listen_sock.accept() to clarify that the second element in the tuple is discarded intentionally

  38. sdaftuar changes_requested
  39. sdaftuar commented at 7:06 PM on November 5, 2018: member

    Re-NACK. While I generally agree with the high-level goals described in the OP, it's not clear what changes here are still necessary to achieve that goal -- several related PRs have been merged in the year it's been since this was originally opened. This PR also seems to break the bugfix made in #8305, without explanation or other handling, which seems unnecessary and unrelated to the overall goal of the PR. And the changes included in this PR seem disjointed (with comments not being updated to reflect new behavior, old nonsensical behavior left in cases that don't make sense, etc) -- presumably because the code changes here have gotten stale? I didn't bother leaving detailed comments in all those cases because after reviewing this, it's not at all clear to me what you're trying to accomplish.

    I suggest this PR be closed; if there are any remaining changes that are still relevant and worth proposing, we can evaluate fresh in a new PR. If you think I'm mistaken, please give more detailed documentation and explanation of the reasoning behind these changes (for instance, why does the headers processing logic need to change at all? what cases are you trying to cover, and which cases are still left out?).

    Also some of the testing-related changes are separately useful/interesting and warrant their own discussion. In particular I think supporting outbound peers that are not treated as "manual connections" for net processing purposes would be great, but I think those changes should be reviewed on their own -- I'd prefer we split those out into their own PR, rather than have them be an afterthought to support a test in a single PR.

  40. luke-jr commented at 2:01 AM on November 6, 2018: member

    #10593 (comment) ... you never explained how you think it breaks #8305

  41. sdaftuar commented at 1:10 PM on November 6, 2018: member

    @luke-jr The point of #8305 was to avoid giving DoS points to peers for the occasional unconnecting header. This PR would immediately disconnect an outbound peer when it announces a header that doesn't connect.

  42. DrahtBot commented at 3:51 AM on November 9, 2018: member

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #15141 (Rewrite DoS interface between validation and net_processing by sdaftuar)
    • #14918 (RPCHelpMan: Check default values are given at compile-time by MarcoFalke)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  43. DrahtBot added the label Needs rebase on Nov 13, 2018
  44. luke-jr force-pushed on Feb 12, 2019
  45. DrahtBot removed the label Needs rebase on Feb 12, 2019
  46. MarcoFalke added the label Needs rebase on Feb 12, 2019
  47. MarcoFalke commented at 11:59 PM on February 12, 2019: member

    feature_block.py fails on all travis jobs that run it

  48. RPC: Support addnode onetry without making the connection priviliged cd961a4bab
  49. QA/Mininode: Support node-to-test connections 2aa06bbda1
  50. QA: p2p_unrequested_blocks: Use node-to-test / outgoing connection to check invalid header disconnection b27caacd3b
  51. Bugfix: Don't ban peers just because they have header chains we consider invalid 271e2b24ef
  52. Instead of DoS banning for invalid blocks, merely disconnect nodes if we're relying on them as a primary node 0715007a80
  53. test/functional/p2p_sendheaders: Don't test for undesirable behaviour e0699c0cb6
  54. QA/feature_block: Adapt disconnection tests for relaxed behaviour 2fff121ac1
  55. luke-jr force-pushed on Apr 25, 2019
  56. ajtowns commented at 3:32 PM on September 5, 2019: member

    Probably should close this PR; it needs a pretty serious rebase, the RECENT_CONSENSUS_CHANGE stuff from #15141 probably warrants some more thought about the approach which might not happen until we've got a consensus change to go with it, and the current approach has a NACK...

    #12674 and the "nodo-to-test connections" support for mininode are probably relevant for #14210 though.

  57. jnewbery closed this on Oct 10, 2019
  58. luke-jr commented at 2:48 AM on October 16, 2019: member

    it needs a pretty serious rebase

    Rebase is now complete. Push needs to wait for the PR to be reopened, but @sdaftuar is right that it should probably be split up and smaller changes merged first.

    the RECENT_CONSENSUS_CHANGE stuff from #15141 probably warrants some more thought about the approach which might not happen until we've got a consensus change to go with it,

    Recent consensus changes shouldn't be (at least in this context) treated any differently than other consensus rules. You're looking at it in the limited scenario of a softfork, but it needs to be broader to ensure we overwrite/reorg any attempts to hardfork without consensus too.

  59. laanwj removed the label Needs rebase on Oct 24, 2019
  60. MarcoFalke locked this on Dec 16, 2021
Contributors
luke-jrajtownsjimpoTheBlueMattsdaftuarachow101promagpracticalswiftDrahtBotMarcoFalke
Labels
P2P
Linked (view graph)
#10512 Rework same-chain from abusing DoS banning, to explicit checks
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 15:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me