p2p: peer connection bug fixes #28248

Good catch with this deficiency!

If m_added_nodes is changed to std::unordered_set, then this can be a simple m_added_nodes.count() > 0 and CConnman::AddNode() and CConnman::RemoveAddedNode() could be simplified (and made faster since they are now O(number of added nodes) and will become O(1), I guess performance is irrelevant in practice because of the small number of elements).

Maybe this is worth a separate PR since it is distinct from other commits (one commit to change it to std::unordered_set and one to add this check).

Good idea, simpler and faster. Done (thanks!)

Before this it would compare just the address and after this change it would compare the address and the port. I think that is undesirable because for inbound connections we see the peer as e.g. 1.2.3.4:somerandomport and when we try to connect to 1.2.3.4:8333 we should assume we are already connected to that peer.

Changed FindNode(service) to FindNode(static_cast<CNetAddr>(service)).

The existent code in master seems to be comparing the ports. Is there another bug that an inbound connection from 1.2.3.4 would not be considered as "we are connected to 1.2.3.4:8333"?

Yes, I think that is currently an issue as well.

I mean, if we already have an inbound connection from 1.2.3.4 (ie we are connected to 1.2.3.4:somerandomport) and this code checks whether we are connected to 1.2.3.4:8333 it would wrongly assume that we are not and would open an outbound connection to that address.

Good call. I've reproduced that bug and am looking at a fix.

Updated with a fix, along with several additional issues found and possibly fixed now while looking into this (thanks!)

Or this:

return m_added_nodes.insert(strNode).second;

Thank you, done.

Why not use LogPrintLevel(BCLog::NET, BCLog::Level::Debug?

I didn't change the level from the current LogPrintf since 236618061a445d2cb11e722cfac5fdae5be26abb in 2017. Since this shouldn't normally occur, unconditionally logging seems helpful (the net category is currently much too busy to leave on and see this happen unless you proactively grep for it -- finishing the logging severity level upgrade should solve that. I personally test this branch with the added logging changed to unconditional).

On second thought, taking your suggestion as the goal is to migrate to severity level logging. Thanks!

Could this lead to disambiguities? Say if you want to addnode different localhost peers with different ports (but the same IP 127.0.0.1), would getaddednode() now say you are connected to all of them, even when you are only connected to 1 in reality?

Right. Comparing ports for incoming connections is problematic also. I think the right approach for determining if we are connected to addr:port, for the purposes of making an outbound connection:

• For incoming connections, compare just addr and ignore port
• For outgoing connections, compare both addr and port.

This can't be done with a single map of either CService or CNetAddr. I guess two containers are needed, as this:

<details> <summary>[patch] compare differently inbound and outbound addresses</summary>

diff --git i/src/net.cpp w/src/net.cpp
index 91282d927d..0eb0023112 100644
--- i/src/net.cpp
+++ w/src/net.cpp
@@ -2809,41 +2809,49 @@ std::vector<AddedNodeInfo> CConnman::GetAddedNodeInfo() const
         LOCK(m_added_nodes_mutex);
         ret.reserve(m_added_node_params.size());
         std::copy(m_added_node_params.cbegin(), m_added_node_params.cend(), std::back_inserter(lAddresses));
     }
 
 
-    // Build a map of all already connected addresses (by IP:port and by name) to inbound/outbound and resolved CService
-    std::map<CNetAddr, bool> mapConnected;
+    // Collect all addresses to which we are already connected.
+    std::unordered_set<CNetAddr, CNetAddrHash> connected_to_inbound;
+    std::unordered_set<CService, CServiceHash> connected_to_outbound;
     std::map<std::string, std::pair<bool, CService>> mapConnectedByName;
     {
         LOCK(m_nodes_mutex);
         for (const CNode* pnode : m_nodes) {
             if (pnode->addr.IsValid()) {
-                mapConnected[static_cast<CNetAddr>(pnode->addr)] = pnode->IsInboundConn();
+                if (pnode->IsInboundConn()) {
+                    connected_to_inbound.insert(pnode->addr);
+                } else {
+                    connected_to_outbound.insert(pnode->addr);
+                }
             }
             std::string addrName{pnode->m_addr_name};
             if (!addrName.empty()) {
                 mapConnectedByName[std::move(addrName)] = std::make_pair(pnode->IsInboundConn(), static_cast<const CService&>(pnode->addr));
             }
         }
     }
 
     for (const auto& addr : lAddresses) {
         CService service(LookupNumeric(addr.m_added_node, GetDefaultPort(addr.m_added_node)));
         AddedNodeInfo addedNode{addr, CService(), false, false};
         if (service.IsValid()) {
-            // strAddNode is an IP:port
-            auto it = mapConnected.find(static_cast<CNetAddr>(service));
-            if (it != mapConnected.end()) {
+            // addr.m_added_node is an addr:port
+            if (connected_to_outbound.count(service) > 0) {
+                addedNode.resolvedAddress = service;
+                addedNode.fConnected = true;
+                addedNode.fInbound = false;
+            } else if (connected_to_inbound.count(service) > 0) {
                 addedNode.resolvedAddress = service;
                 addedNode.fConnected = true;
-                addedNode.fInbound = it->second;
+                addedNode.fInbound = true;
             }
         } else {
-            // strAddNode is a name
+            // addr.m_added_node is a name
             auto it = mapConnectedByName.find(addr.m_added_node);
             if (it != mapConnectedByName.end()) {
                 addedNode.resolvedAddress = it->second.second;
                 addedNode.fConnected = true;
                 addedNode.fInbound = it->second.first;
             }
diff --git i/src/netaddress.h w/src/netaddress.h
index ad09f16799..99a3b0fc22 100644
--- i/src/netaddress.h
+++ w/src/netaddress.h
@@ -254,12 +254,13 @@ public:
             UnserializeV2Stream(s);
         } else {
             UnserializeV1Stream(s);
         }
     }
 
+    friend class CNetAddrHash;
     friend class CSubNet;
 
 private:
     /**
      * Parse a Tor address and set this object to it.
      * [@param](/bitcoin-bitcoin/contributor/param/)[in] addr Address to parse, must be a valid C string, for example
@@ -473,12 +474,36 @@ private:
         // will not be gossiped, but continue reading next addresses from the stream.
         m_net = NET_IPV6;
         m_addr.assign(ADDR_IPV6_SIZE, 0x0);
     }
 };
 
+class CNetAddrHash
+{
+public:
+    CNetAddrHash()
+        : m_salt_k0{GetRand<uint64_t>()},
+          m_salt_k1{GetRand<uint64_t>()}
+    {
+    }
+
+    CNetAddrHash(uint64_t salt_k0, uint64_t salt_k1) : m_salt_k0{salt_k0}, m_salt_k1{salt_k1} {}
+
+    size_t operator()(const CNetAddr& a) const noexcept
+    {
+        CSipHasher hasher(m_salt_k0, m_salt_k1);
+        hasher.Write(a.m_net);
+        hasher.Write(a.m_addr);
+        return static_cast<size_t>(hasher.Finalize());
+    }
+
+private:
+    const uint64_t m_salt_k0;
+    const uint64_t m_salt_k1;
+};
+
 class CSubNet
 {
 protected:
     /// Network (base) address
     CNetAddr network;
     /// Netmask, in network byte order

</details>

@vasild Thanks! I agree with your bimodal approach and replaced 71528aeaba2fbb3141693b000f2ec7799074bfdf with your suggestion above credited to you.

Similar question here: Could this make some local network setups no longer viable? Probably no one should mainnet for those if it's just for testing, but possibly some setups with multiple nodes sharing the same IP exist?

Good question. I've rewritten AlreadyConnectedToAddress() with the suggestions in #28248 (review). Do you think that resolves the possible issue you describe?

Updated to only apply this check to inbound I2P peers we're already connected to, due to the resource cost of creating new tunnels.

Two concerns about this interface change:

1. The pointer could become stale as soon as this method returns. It is good that this method is private which somewhat limits the danger that somebody will dereference a stale pointer, but does not eliminate it. FindNode() already has such an unsafe interface where it locks m_nodes_mutex, fetches a pointer to an element inside m_nodes, releases the mutex and returns the (possibly stale) pointer. In master, all places where FindNode() is called either only check if the returned pointer is null without dereferencing it (ok), or lock the mutex, call FindNode() (requiring the mutex to be recursive), dereference the pointer, unlock the mutex. But this PR in commit cb3f5a805caa2d42fdab57b42e6aee820ccd347d p2p, bugfix: correctly detect already connected peers in ConnectNode() adds calls where the pointer is dereferenced after releasing the mutex. I would rather have less such unsafe interfaces than more. Maybe log the message from inside AlreadyConnectedToAddress() or have it return the message as a string, to be optionally logged by the caller?

2. (minor) optional from a pointer is redundant - if the pointer will never be null, then it can be reference. If the pointer can be null, then the optional can be dropped and null pointer to mean "not connected".

Good points. Changed AlreadyConnectedToAddress() back to return a bool and log the message from inside it.

cb3f5a805caa2d42fdab57b42e6aee820ccd347d p2p, bugfix: correctly detect already connected peers in ConnectNode()

• Remove an AlreadyConnectedToAddress() check in CConnman::OpenNetworkConnection, as it is now redundant to the checks added in this commit, and it is preferable to log if it occurs.

It might happen that CConnman::ConnectNode() skips the call to AlreadyConnectedToAddress() and connects - if pszDest is null and Lookup(pszDest returns empty result. Then it will go here:

https://github.com/bitcoin/bitcoin/blob/4a5aae9330780c3740e27cc511f7cba1fab745b9/src/net.cpp#L549-L558

So maybe keep the call to AlreadyConnectedToAddress() from CConnman::OpenNetworkConnection().

Keeping the call (thanks).

    // Skip this check for inbound Tor connections because all of them seem to come from the IP address of the Tor router (usually 127.0.0.1).

Done.

This needs to know whether to ignore the port or not in order to do the check properly:

• if we are about to make an outbound connection and wonder whether we are already connected to the peer we intend to connect to
  • for all existent outbound connections, compare the prospect's address and port and if both match, then we are already connected
  • for all existent inbound connections, compare only the address and ignore the port, if a match is found, then we are already connected
  • otherwise we are not connected
• if we are accepting in inbound connection, for all existent inbound and outbound connections, compare only the address and if a match is found then we are already connected, otherwise we are not connected.

I think that makes sense. Done -- thanks!

nit, feel free to ignore: for consistency with CServiceHash this better end in Hash. Given that it operates on AddedNodeParams better use that name verbatim instead of shortening it to AddedNode. I.e. consider renaming this to AddedNodeParamsHash.

Done

Why << 1?

It's adapted from the struct MyHash code example in https://en.cppreference.com/w/cpp/utility/hash, and I've updated it in the latest push to be more like that example. I'd be very happy for advice on how to improve that hashing function or use our time-tested existing ones.

struct MyHash
{
    std::size_t operator()(const S& s) const noexcept
    {
        std::size_t h1 = std::hash<std::string>{}(s.first_name);
        std::size_t h2 = std::hash<std::string>{}(s.last_name);
        return h1 ^ (h2 << 1);
    }
};

I am not sure why they used << 1. It seems to be useless and also it drops one bit from h2. Maybe to avoid returning 0 if first name and last name happen to be equal?

I think for the purposes of hashing m_added_node_params this suffices:

    size_t operator()(const AddedNodeParams& p) const noexcept
    {
        return std::hash<std::string>()(p.m_added_node) ^ p.m_use_v2transport;
    }

However std::hash is not used anywhere in the code (modulo in some tests and benchmarks). CServiceHash uses CSipHasher, but there are security concerns with an outsider being able to fiddle with the hashing, maybe this is an overkill for AddedNodeParams. If that is to be used here, then it would look like:

        CSipHasher hasher(m_salt_k0, m_salt_k1);
        hasher.Write(MakeUCharSpan(p.m_added_node));
        hasher.Write(p.m_use_v2transport);
        return static_cast<size_t>(hasher.Finalize());

Or use some of the stateless Hash* functions from src/hash.h.

I guess @sipa can give us an advice?

Maybe to avoid returning 0 if first name and last name happen to be equal?

Indeed, makes sense.

I think for the purposes of hashing m_added_node_params this suffices:

        return std::hash<std::string>()(p.m_added_node) ^ p.m_use_v2transport;

👍

However std::hash is not used anywhere in the code (modulo in some tests and benchmarks). CServiceHash uses CSipHasher. If that is to be used here, then it would look like:

        CSipHasher hasher(m_salt_k0, m_salt_k1);
        hasher.Write(MakeUCharSpan(p.m_added_node));
        hasher.Write(p.m_use_v2transport);
        return static_cast<size_t>(hasher.Finalize());

Or use some of the stateless Hash* functions from src/hash.h.

👍

<strike>Updated with the CSipHasher version (thanks!)</strike>

Edit: the addnode test in test/functional/rpc_net.py failed with the CSipHasher version suggestion (implemented like CServiceHash or CNetAddrHash).

Using return std::hash<std::string>()(p.m_added_node) ^ p.m_use_v2transport; in the latest push.

If we have the address for manual connections (given to addnode) here we should ignore whether v1 or v2 is going to be used. It is the same peer after all, regardless of p2p encryption. I guess this better be something like:

bool in_added_nodes;
{
    const std::string addr_str{addr.ToStringAddr()};
    const std::string addr_port_str{addr.ToStringAddrPort()};
    LOCK(m_added_nodes_mutex);
    in_added_nodes =
        m_added_node_params.count({addr_str, /*m_use_v2transport=*/true}) > 0 ||
        m_added_node_params.count({addr_str, /*m_use_v2transport=*/false}) > 0 ||
        m_added_node_params.count({addr_port_str, /*m_use_v2transport=*/true}) > 0 ||
        m_added_node_params.count({addr_port_str, /*m_use_v2transport=*/false}) > 0;
}
if (in_added_nodes) {

Thanks. I hesitated on this point. Done.

nit:

    LogPrintLevel(BCLog::NET, BCLog::Level::Debug, "Trying v%i %s connection to net=%s%s, lastseen=%.1fh ago\n",

Done

nit: I find "...connection accepted from peer=5" a bit confusing. Maybe:

    LogPrintLevel(BCLog::NET, BCLog::Level::Debug, "New %s connection accepted, peer=%d, net=%s%s\n",

Done

Can use CConnman::FindNode(const CService& addr) here?

        pnode = FindNode(service, /*inbound=*/false);

but then we will not be comparing against CNode::m_addr_name. I wonder if we should compare against both CNode::addr and CNode::m_addr_name?

Proposed an implementation:

pnode = FindNode(service, /*inbound=*/false);
if (!pnode || !pnode->addr.IsValid()) pnode = FindNode(service.ToStringAddrPort(), /*inbound=*/false);
if (!pnode || !pnode->addr.IsValid()) pnode = FindNode(static_cast<CNetAddr>(service), /*inbound=*/true);

Looks good. Can CNode::addr ever be invalid?

Not sure, so keeping as belt and suspenders.

Dereferencing pnode after FindNode() has released m_nodes_mutex is not safe. I don't like adding recursive mutex calls, but without altering FindNode() we have to do that - this code has to acquire the mutex before any call to FindNode(), dereference the returned pointer and then release the mutex:

 bool CConnman::AlreadyConnectedToAddress(const CAddress& addr, ConnectionType conn_type, bool log)
 {
     if (Params().IsTestChain()) return false; // allow bilateral connections on test chains
     const CService service{MaybeFlipIPv6toCJDNS(addr)};
     const bool inbound{conn_type == ConnectionType::INBOUND};
     CNode* pnode{nullptr};
+    LOCK(m_nodes_mutex);
     if (inbound) {
         // For accepting an inbound connection, check all existing connections by addr only.
         pnode = FindNode(static_cast<CNetAddr>(service));
     } else {
         // For making an outbound connection, check the existing outbound connections
         // by addr and port, and if none, then inbound connections by addr only.
         pnode = FindNode(service.ToStringAddrPort(), /*inbound=*/false);
         if (!pnode) pnode = FindNode(static_cast<CNetAddr>(service), /*inbound=*/true);
     }
     if (pnode && log) {
         LogPrintLevel(BCLog::NET, inbound ? BCLog::Level::Debug : BCLog::Level::Info,
                       "Not %s new %s connection%s, already connected to %s %s %s peer=%d%s, version=%d, subver=%s\n",
                       inbound ? "accepting" : "opening", ConnectionTypeAsString(conn_type),
                       fLogIPs ? strprintf(" %s %s", inbound ? "from" : "to", addr.ToStringAddrPort()) : "",
                       TransportTypeAsString(pnode->m_transport->GetInfo().transport_type),
                       pnode->ConnectionTypeAsString(), GetNetworkName(pnode->ConnectedThroughNetwork()),
                       pnode->GetId(), fLogIPs ? strprintf(", peeraddr=%s", pnode->addr.ToStringAddrPort()) : "",
                       pnode->nVersion.load(), WITH_LOCK(pnode->m_subver_mutex, return pnode->cleanSubVer));
     }
-    return pnode;
+    return pnode != nullptr;
 }

Good point. (Several times I've been tempted to move the locking inside the FindNode methods to their callers.)

Dereferencing pnode after FindNode() has released m_nodes_mutex is not safe. I don't like adding recursive mutex calls, but without altering FindNode() we have to do that.

Done, and moved the locking from the FindNode* methods to their callers.

Here and in the other FindNode() using std::optional<bool> as a boolean is a bit unclear whether we are checking if the optional has a value or whether the value is true. I find this more clear:

        if (static_cast<CNetAddr>(pnode->addr) == ip && (!inbound.has_value() || pnode->IsInboundConn() == inbound.value())) {

<strike>Added new FindNode methods with 2 params rather than modifying the existing ones.</strike>

Done.

Just because the connections come from the same IP does no mean it is the same peer, e.g. multiple peers could be connecting to you through the same Tor exit relay.

This does not seem like a bug fix and more like a behavior change. Our inbound eviction logic should handle stuff like this and it probably already does.

Inbound tor peers are exempted from this check. I do see many such redundant connection attempts logged when running this branch. In the case of I2P peers, needlessly accepting to build these tunnels can be expensive. As mentioned in the commit message, the other fixes in this PR may mitigate this behavior by our peers, but not for nodes running earlier versions of Bitcoin Core.

Inbound tor peers are exempted from this check.

We don't have logic for detecting if someone is using Tor as a proxy to connect to the IPv4 network. Our "inbound Tor" classification simply refers to someone connecting to our hidden service.

Another example would be multiple peers connecting to us through the same VPN provider.

Ok, this could be dropped and deferred until later, to see if the other fixes resolve the behavior seen from peers (I think it's likely).

Updated to only apply this check to inbound I2P peers we're already connected to, due to the resource cost of creating new tunnels.

Yes, different peers can be connecting to us through the same NAT box, Tor exit node, or VPN server. Or it might be the same peer indeed. I think that the pros of assuming it is the same peer out-weight the pros of assuming it is not. However, I can see how this can be arguable and without having some solid numbers to back either argument maybe best to keep this unchanged.

Yes, I've been running this branch with its logging on for several months, and grepping the log turns up dozens, sometimes hundreds, of connection attempts per day from one or two inbound I2P peers on a given day that are already connected. I'm not sure at the moment of writing whether the behavior is malicious or due to buggy outbound logic (which would only be fixed in future releases and not existing releases connecting to us, though).

    if (Params().IsTestChain()) return false; // allow bilateral connections on test chains

This seems very out of place to me, and would also prevent writing certain types of tests?

This is required currently for several of our p2p functional tests. They would need to be updated not to make bilateral connections.

Which tests?

They would need to be updated not to make bilateral connections.

I would suggest updating the tests to account for the behaviour you've changed (it may also help to make the bug fixes clearer for reviewers); rather than introducing per-chain, networking functionality. This seems generally dangerous, and mostly unintuitive.

Good points. Tests like rpc_net.py, p2p_blockfilters.py, wallet_groups and others, are making bilateral connections using connect_nodes(). For instance, from rpc_net.py:

        # By default, the test framework sets up an addnode connection from
        # node 1 --> node0. By connecting node0 --> node 1, we're left with
        # the two nodes being connected both ways.
        # Topology will look like: node0 <--> node1

Behind the scenes, the test framework is calling RPC addnode "onetry" for the connect_nodes calls. Our peer detection looked like it was intended to find already connected inbound peers, but in practice it did not in some cases, and one is when we make addnode connections in our testing. Perhaps it is an expected use case.

For now, I updated AlreadyConnectedToAddress() to <strike>explicitly allow bilateral connections for manual peers</strike> and dropped the IsTestChain() check.

Edit: the AlreadyConnectedToAddress() commit is too strict, which accounts for some of the test issues. Am updating and adding test coverage.

MaybeFlipIPv6toCJDNS

Is there any way to better encapsulate this MaybeFlipIPv6toCJDNS() usage? This seems to be a frequent pattern (a number of additional calls were added in #27071), and it seems like something that would be better handled at a lower level, rather than having to continually remember to wrap various networking-related calls.

I guess this is also able to remain broken is various ways because we don't have any specific tests for this functionality?

Yes, there are more than a dozen of these. Perhaps it can be part of a CNetAddr ctor after adding test coverage.

commit d746231809814f52695a376bd77f4d06622289a4 (p2p, bugfix: detect all inbound connections in GetAddedNodeInfo()):

I'm not sure if this fixes a bug - comparing on the level of CNetAddr seems rather strict to me. For example, I think that in the current form, we will not attempt to make a manual connection to an addnode localhost peer 127.0.0.1:XXXX if we have any inbound tor peer. Or we wouldn't be able to be part of a larger local network built from manual connections that has both incoming and outgoing connections to different local peers.

More generally speaking, I think that it is very hard (impossible?) to ensure that there are no bidirectional connections without restricting legitimate use cases - and maybe not really necessary after all?

Thanks for your feedback. Yes, it's too strict -- am updating and working today on writing tests to demonstrate and specify our needs.

https://github.com/bitcoin/bitcoin/commit/d746231809814f52695a376bd77f4d06622289a4 aims to resolve issues like RPC getaddednodeinfo not detecting inbound peers that have different port numbers from the same peer connected as an outbound.

For instance, a cjdns addnode peer already connected in our inbounds as

[fc70:704d:b268:cdbf:d622:ea9f:db12:859e]:45594

isn't detected as connected and returned as such by the getaddednodeinfo RPC

  {
    "addednode": "fc70:704d:b268:cdbf:d622:ea9f:db12:859e",
    "connected": false,
    "addresses": [
    ]
  },

when we would expect it to return

  {
    "addednode": "fc70:704d:b268:cdbf:d622:ea9f:db12:859e",
    "connected": true,
    "addresses": [
      {
        "address": "[fc70:704d:b268:cdbf:d622:ea9f:db12:859e]:8333",
        "connected": "inbound"
      }
    ]
  },

A case like that could also lead to our addednodes thread continually attempting to connect to the inbound peer without detecting that we're already connected to it.

After adding unit tests, this CNetAddr logic seems needed not in GetAddedNodeInfo() but only in AddNode(), where it is simpler and may be sufficient to compare by CNetAddr for cjdns entries only, in order to handle them correctly.

 bool CConnman::AddNode(const AddedNodeParams& add)
 {
-    const CService resolved(LookupNumeric(add.m_added_node, GetDefaultPort(add.m_added_node)));
+    const CService resolved{MaybeFlipIPv6toCJDNS(LookupNumeric(add.m_added_node, GetDefaultPort(add.m_added_node)))};
     const bool resolved_is_valid{resolved.IsValid()};
 
     LOCK(m_added_nodes_mutex);
     for (const auto& it : m_added_node_params) {
-        if (add.m_added_node == it.m_added_node || (resolved_is_valid && resolved == LookupNumeric(it.m_added_node, GetDefaultPort(it.m_added_node)))) return false;
+        if (add.m_added_node == it.m_added_node) return false;
+        if (!resolved_is_valid) continue;
+        const CService service{MaybeFlipIPv6toCJDNS(LookupNumeric(it.m_added_node, GetDefaultPort(it.m_added_node)))};
+        if (resolved == service) return false;
+        if (resolved.IsCJDNS() && static_cast<CNetAddr>(resolved) == static_cast<CNetAddr>(service)) return false;
     }

commit: p2p, bugfix: correctly detect connected peers in AlreadyConnectedToAddress() Could you list some examples of scenarios that are not working correctly currently and are improved by this? I'm trying to understand the impact of this commit better.

Agree, am updating this commit and writing tests to demonstrate and specify our needs.

Isn't the tunnel already created at this point? Afaik the tunnel creation is handled by the i2p gateway (e.g. i2pd) not on our side.

I'm also not sure what we are protecting against here. Assuming tunnel creation is sufficiently DoSy (which it shouldn't be), this isn't enough to prevent attacks as an attacker could just not connect from the same address.

Yes, I'm going to punt on this commit for now. Seeing dozens to hundreds of connection attempts per day from, say, 1-2 inbound I2P peers that are already connected. However, I'm not sure these peers are malicious, and the behavior might be due to other issues in our already connected detection or outbound logic addressed in this PR.