Allow NODE_BLOOM services for whitelisted peers #16176

pull NicolasDorier wants to merge 1 commits into bitcoin:master from NicolasDorier:feature/node-bloom-whitelisted changing 1 files +6 −1
  1. NicolasDorier commented at 12:46 pm on June 9, 2019: contributor

    As mentioned here, I believe that there should be no reason to not support bloom filter for whitelisted peers.

    There is no protocol more efficient than this, working as well in pruned mode to sync a light client from your own full node without the need of some middleware like Electrum.

    Even BIP157 comes short for this usecase as it needlessly waste bandwidth. (and I think BIP157, as implemented now does not work in pruned mode -might be wrong here-)

  2. Allow NODE_BLOOM services for whitelisted peers 618ea1161b
  3. fanquake added the label P2P on Jun 9, 2019
  4. jnewbery commented at 1:04 pm on June 9, 2019: member

    This was attempted previously in #8587

    I think this comment: #8587 (comment) still stands. We should try to reduce the overloading of -whitelist rather than increase it.

  5. NicolasDorier commented at 1:13 pm on June 9, 2019: contributor
    So what about --peerbloomfilters=whitelisted-only ?
  6. laanwj commented at 3:08 pm on June 9, 2019: member

    I think this comment: #8587 (comment) still stands. We should try to reduce the overloading of -whitelist rather than increase it.

    I tend to agree.

    Do you have a specific use-case for this @NicolasDorier ? If so, I guess it makes sense to be able to whitelist nodes for this functionality. There has been discussion in the past of specific whitelist flags instead of a blanket ‘whitelist’ with ever changing meaning.

  7. NicolasDorier commented at 3:22 pm on June 9, 2019: contributor

    @laanwj yes I have. BTCPay Server is exposing a the full node via a whitebound connection behind a Torv3 hidden service, so the whitebind interface can’t be discovered.

    I want to make a simple light wallet connecting to this hosted full node (or just slightly modifying Breadwallet to support Tor).

    BIP157/full blocks are bad because it consumes lot’s of bandwidth. However, I don’t want to expose NODE_BLOOM services to node which are not whitelisted because of DDoS concerns.

    BIP37 is a fine protocol, just terrible privacy wise and as a DDoS vector. But for connecting to your light wallet to your trusted node, this is the best thing in town.

  8. MarcoFalke commented at 6:34 am on June 10, 2019: member
    What is wrong with a new option -whitelistbloomfilter=168.0.0.3? Everything else seems to have drawbacks.
  9. MarcoFalke commented at 6:34 am on June 10, 2019: member

    See also:

    • Remove global whitelist flags and replace them with per-peer flags #16058
    • Disable bloom filtering by default. #16152
  10. NicolasDorier commented at 6:38 am on June 10, 2019: contributor
    @MarcoFalke I am using whitebind…
  11. NicolasDorier commented at 6:39 am on June 10, 2019: contributor
    We could duplicate both whitebind/whitelist but I think this is not really useful.
  12. MarcoFalke commented at 6:45 am on June 10, 2019: member
    I do think there is a usecase to offer a peer bloom filter, but not re-relay their consensus invalid transactions.
  13. laanwj commented at 10:41 am on June 10, 2019: member

    We could duplicate both whitebind/whitelist but I think this is not really useful.

    I think adding a [flags] per whitelist range (both per bind and per IP range) would be more general, and less cluttering than duplicating the option. It’s also much more flexible than changing the meaning of whitelist throughout the entire daemon.

  14. MarcoFalke commented at 7:47 pm on June 10, 2019: member
    So yeah. Concept ACK. Approach NACK.
  15. NicolasDorier commented at 6:04 am on June 11, 2019: contributor

    I do think there is a usecase to offer a peer bloom filter, but not re-relay their consensus invalid transactions.

    I agree.

    So basically you would Concept ACK for a --whitebindbloomfilter, --whitelistbloomfilter? I think it makes sense to have it, but at the same time if my peer is in --whitebind --whitelist, I would expect it to be able to use BloomFilter, but not to relay invalid transactions.

    Said in another way, is there a scenario where you would like to whitelist a peer, but not let him get bloom filters?

  16. MarcoFalke commented at 9:27 am on June 11, 2019: member

    So basically you would Concept ACK for a –whitebindbloomfilter, –whitelistbloomfilter?

    I think @laanwj suggested to use -white{bind,list}=bloomfilter${SEPARATOR}${ADDR_PORT}, so that the options are not duplicated in the command line help.

  17. laanwj commented at 10:55 am on June 11, 2019: member

    I think @laanwj suggested to use -white{bind,list}=bloomfilter${SEPARATOR}${ADDR_PORT}, so that the options are not duplicated in the command line help.

    Yes, ideally I’d like a extensible, flexible mechanism for whitelisting (a set of) peers for special things, instead of a single amorphous “whitelist”. Adding, say, “bloomfilter” into the option name causes a blowup in number of options in the help if more things get added. So I prefer a syntax that moves the kind of whitelisting to the value instead, like that. Currently this is based on IP range (-whitelist) or incoming port (-whitebind). Say, in the future when authentication is added these flags could be set based on authenticated identity (maybe the wallet on your phone etc…). Each of these should be able to have a set of flags attached instead of the default.

  18. NicolasDorier commented at 6:38 am on June 12, 2019: contributor

    @laanwj I think this is a good idea.

    But still, “the amorphous whitelist” is very useful, please do not remove it, its consequence are very clear: Consider what is whitelisted as friendly (ie, does not want to deanonymise us, or DDoS us)

    The fine grained options should be reserved for more specific use case.

    If we keep amorphous whitelist/whitebind, then it makes sense to allow Bloom filters for them: What good reason there would be to no allow bloom filter to a friend?

    For transaction relay, there is clear good reason: This friend likely does not validate himself the transaction, so we need to validate for him. But for bloom filter?

  19. ajtowns commented at 9:48 am on June 12, 2019: member
    Concept ACK. Could consider “whitelisting” to take a pair of information: the node(s) to whitelist and what to whitelist them for, with the latter having some default value. Writing -whitebind=bloom,forcerelay@127.0.0.1:9999 or similar to say “whitelist anyone who connects to blah for bloom filters and forced relaying” seems plausible to me.
  20. NicolasDorier commented at 12:45 pm on June 12, 2019: contributor

    @ajtowns I like your format whitebind=bloom,forcerelay@127.0.0.1:9999. If people seems OK with it, I will work on that.

    Syntax being: white{bind,list}=({bloom,forcerelay},@)*IP(:Port)?. This would have the nice benefit of not breaking existing stuff.

  21. laanwj commented at 8:10 am on June 18, 2019: member

    @ajtowns I like your format whitebind=bloom,forcerelay@127.0.0.1:9999. If people seems OK with it, I will work on that.

    Sounds good to me! Nice to fit it into something compatible with the current format.

  22. NicolasDorier commented at 9:45 am on June 20, 2019: contributor
    Closing in favor of https://github.com/bitcoin/bitcoin/pull/16248
  23. NicolasDorier closed this on Jun 20, 2019
  24. NicolasDorier commented at 5:00 pm on June 21, 2019: contributor
    The PR there is finally ready to be reviewed for those interested.
  25. laanwj referenced this in commit 67be6d7a17 on Aug 14, 2019
  26. ShengguangXiao referenced this in commit ce07b27e28 on Aug 28, 2020
  27. PastaPastaPasta referenced this in commit 166d862f1e on Jul 18, 2021
  28. PastaPastaPasta referenced this in commit 37a6bd03ef on Jul 18, 2021
  29. PastaPastaPasta referenced this in commit 7b358c8f7a on Jul 19, 2021
  30. PastaPastaPasta referenced this in commit ae9bd6e11c on Jul 19, 2021
  31. PastaPastaPasta referenced this in commit 6c75d20277 on Jul 20, 2021
  32. PastaPastaPasta referenced this in commit 47b7541f5a on Jul 20, 2021
  33. DrahtBot locked this on Dec 16, 2021


NicolasDorier jnewbery laanwj MarcoFalke ajtowns

Labels
P2P

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-07-05 22:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me