Do not absolutely protect local peers and make eviction more aggressive. #7082

1. 
   gmaxwell commented at 3:54 am on November 23, 2015: contributor

   With automatic tor HS support in place we should probably not be providing absolute protection for local peers, since HS inbound could be used to attack pretty easily. Instead, this counts on the latency metric inside AttemptToEvictConnection to privilege actually local peers.

   This change also makes eviction generally more aggressive by making it willing to evict the unprotected peer in a netgroup, if the new connection comes from a netgroup where we have no unprotected peers.

   It also makes sure that in the case of tying group size to select the group with the newest member, since newest time is the final selection criteria.

   The third commit protects four peers that most recently sent us a valid transaction to our memory pool. This metric is costly for attackers to control since it requires sending acceptable transactions, and an attacker which is blocking transactions is inherently disadvantaged for this criteria.

2. 
   pstratem commented at 3:58 am on November 23, 2015: contributor

   concept ACK
3. 
   pstratem commented at 7:55 am on November 23, 2015: contributor

   I would split this into two commits:

   • removing the protection for localhost and adding the youngest member criteria
   • another adding the more aggressive disconnect based on peer groups
4. 
   gmaxwell commented at 10:05 am on November 23, 2015: contributor

   @pstratem Okay, I split it up and also added protection for tx relayers.

   I wanted to get something in that distinguishes good onion peers from bad; ultimately I want to add peer POW to this, but thats a non-trivial amount of work. So right now TXs are at least something.

   It would be good to add blocks too, though that block addition pipeline makes it a little hard to avoid crediting people from sending duplicate blocks.

5. Do not absolutely protect local peers; decide group ties based on time.

   With automatic tor HS support in place we should probably not be providing
    absolute protection for local peers, since HS inbound could be used to
    attack pretty easily.  Instead, this counts on the latency metric inside
    AttemptToEvictConnection to privilege actually local peers.
   
   This makes sure that in the case of tying group size to select the group
    with the newest member, since newest time is the final selection
    criteria.

   023bd5bced
6. Make eviction more aggressive.

   This makes eviction generally more aggressive by making it willing
    to evict the last unprotected peer in a netgroup if the new
    connection comes from a netgroup where we have no unprotected peers.

   db3f9560cc
7. gmaxwell added the label P2P on Nov 24, 2015
8. Make recently accepted transactions an anti-eviction criteria.

   This protects four peers that most recently sent us a valid transaction
    to our memory pool.  This metric is costly for attackers to control
    since it requires sending acceptable transactions, and an attacker
    which is blocking transactions is inherently disadvantaged for this
    criteria.

   fda09c838a
9. 
   petertodd commented at 7:39 pm on January 28, 2016: contributor

   Concept ACK

   Will look at code after rebase.

10. laanwj added this to the milestone 0.13.0 on Feb 1, 2016
11. 
    laanwj commented at 2:14 pm on February 1, 2016: member

    As #7438 was merged into 0.12, this needs to go in before 0.13, otherwise there will be a regression (no longer true as of #7453)
12. 
    MarcoFalke commented at 5:39 pm on March 25, 2016: member

    Needs rebase if still relevant. (c.f. #7453)
13. gmaxwell closed this on May 20, 2016

    ---

14. DrahtBot locked this on Sep 8, 2021

Contributors
gmaxwell pstratem petertodd laanwj MarcoFalke

Labels
P2P

Milestone
0.13.0