Make whitebind/whitelist permissions more flexible #16248
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
c3fa8ca to
5306e3f
Compare
|
There should be a followup to document the new syntax in |
|
@Sjors I can do that, though I am unsure where is the best place for me to document properly this. I think the full description might be too long for the command line? |
|
There are other command line arguments with multi-line explanations, so I don't think that's a huge issue: |
maflcko
pushed a commit
that referenced
this pull request
Aug 16, 2019
fa27c55 util: Move ResolveErrMsg to util/error (MarcoFalke) Pull request description: Pull request #16248 (comment) duplicated the body of this util function. The whole point of the util function is to be shared, so do that here as a fixup to #16248 ACKs for top commit: Sjors: utACK fa27c55 ryanofsky: utACK fa27c55 Tree-SHA512: e2b25ae05082fe9d0ee94bdc7d51f801bd9f78e8fc2b141e9a313e008dbb8a77653fe876e111c802c676859c6b76c37a673d1f8cfbe7ad25607a5ffcffde19fd
maflcko
pushed a commit
to maflcko/bitcoin-core
that referenced
this pull request
Aug 16, 2019
d117f45 Add test for setban (nicolas.dorier) dc7529a [Fix] Allow connection of a noban banned peer (nicolas.dorier) Pull request description: Reported by @MarcoFalke on bitcoin#16248 (comment) The bug would mean that if the peer connecting to you is banned, but whitelisted without specific permissions, it would not be able to connect to the node. The solution is just to move the same line below. ACKs for top commit: Sjors: Agree inline is more clear. utACK d117f45 MarcoFalke: ACK d117f45 Tree-SHA512: 0fed39acb1e8db67bb0bf4c4de3ad034ae776f38d55bd661f1ae0e1a4c6becaf1824ab46ed8279f2f31df3f4b29ff56461d8b167d3e9cece62cfe58b5a912811
maflcko
pushed a commit
to maflcko/bitcoin-core
that referenced
this pull request
Aug 26, 2019
…missions 66ad754 [Doc] Add documentation for the new whitelist permissions (nicolas.dorier) Pull request description: Documenting the new feature bitcoin#16248 . Ping Sjors . ACKs for top commit: Sjors: Indeed, re-ACK 66ad754 Tree-SHA512: e6860bb6fae921287da7920a8db534e6a1a23871dd78dd6da030f00adf23e204cd23b194d67361bf34d4ef5a7815fc3fd7c81a3f2f35e4cfbe6ee2f2e6daec25
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Aug 27, 2019
…missions 66ad754 [Doc] Add documentation for the new whitelist permissions (nicolas.dorier) Pull request description: Documenting the new feature bitcoin#16248 . Ping Sjors . ACKs for top commit: Sjors: Indeed, re-ACK 66ad754 Tree-SHA512: e6860bb6fae921287da7920a8db534e6a1a23871dd78dd6da030f00adf23e204cd23b194d67361bf34d4ef5a7815fc3fd7c81a3f2f35e4cfbe6ee2f2e6daec25
luke-jr
pushed a commit
to bitcoinknots/bitcoin
that referenced
this pull request
Sep 3, 2019
Github-Pull: bitcoin#16248 Rebased-From: e5b26de
luke-jr
pushed a commit
to bitcoinknots/bitcoin
that referenced
this pull request
Sep 3, 2019
Github-Pull: bitcoin#16248 Rebased-From: ecd5cf7
luke-jr
pushed a commit
to bitcoinknots/bitcoin
that referenced
this pull request
Sep 3, 2019
Github-Pull: bitcoin#16248 Rebased-From: d541fa3
luke-jr
pushed a commit
to bitcoinknots/bitcoin
that referenced
this pull request
Sep 3, 2019
Github-Pull: bitcoin#16248 Rebased-From: c5b404e
deadalnix
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
May 2, 2020
Summary: This is a partial backport of Core [[bitcoin/bitcoin#16248 | PR16248]] : bitcoin/bitcoin@e5b26de Test Plan: ninja all check-all Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Subscribers: Fabien Differential Revision: https://reviews.bitcoinabc.org/D5928
deadalnix
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
May 2, 2020
Summary: This is a partial backport of Core [[bitcoin/bitcoin#16248 | PR16248]] : bitcoin/bitcoin@ecd5cf7 Depends on D5928 Test Plan: ninja all check-all Reviewers: #bitcoin_abc, nakihito Reviewed By: nakihito Differential Revision: https://reviews.bitcoinabc.org/D5929
deadalnix
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
May 2, 2020
Summary: This is a partial backport of Core [[bitcoin/bitcoin#16248 | PR16248]] : bitcoin/bitcoin@d541fa3 Depends on D5928 Test Plan: ninja all check-all Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Subscribers: Fabien Differential Revision: https://reviews.bitcoinabc.org/D5932
deadalnix
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
May 2, 2020
Summary: This is a partial backport of Core [[bitcoin/bitcoin#16248 | PR16248]] : bitcoin/bitcoin@c5b404e Test Plan: ninja all check-all Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D5934
deadalnix
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Jul 28, 2020
Summary: Pull request description: Pull request bitcoin/bitcoin#16248 (comment) duplicated the body of this util function. The whole point of the util function is to be shared, so do that here as a fixup to #16248 bitcoin/bitcoin@fa27c55 --- Backport of Core [[bitcoin/bitcoin#16620 | PR16620]] Test Plan: ninja check check-functional Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7045
monstrobishi
pushed a commit
to DeFiCh/ain
that referenced
this pull request
Jul 30, 2020
66ad754 [Doc] Add documentation for the new whitelist permissions (nicolas.dorier) Pull request description: Documenting the new feature bitcoin/bitcoin#16248 . Ping Sjors . ACKs for top commit: Sjors: Indeed, re-ACK 66ad754 Tree-SHA512: e6860bb6fae921287da7920a8db534e6a1a23871dd78dd6da030f00adf23e204cd23b194d67361bf34d4ef5a7815fc3fd7c81a3f2f35e4cfbe6ee2f2e6daec25
ftrader
pushed a commit
to bitcoin-cash-node/bitcoin-cash-node
that referenced
this pull request
Aug 17, 2020
Summary: This is a partial backport of Core [[bitcoin/bitcoin#16248 | PR16248]] : bitcoin/bitcoin@e5b26de Test Plan: ninja all check-all Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Subscribers: Fabien Differential Revision: https://reviews.bitcoinabc.org/D5928
ftrader
pushed a commit
to bitcoin-cash-node/bitcoin-cash-node
that referenced
this pull request
Aug 17, 2020
Summary: This is a partial backport of Core [[bitcoin/bitcoin#16248 | PR16248]] : bitcoin/bitcoin@c5b404e Test Plan: ninja all check-all Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D5934
ftrader
pushed a commit
to bitcoin-cash-node/bitcoin-cash-node
that referenced
this pull request
Aug 17, 2020
Summary: This is a partial backport of Core [[bitcoin/bitcoin#16248 | PR16248]] : bitcoin/bitcoin@ecd5cf7 Depends on D5928 Test Plan: ninja all check-all Reviewers: #bitcoin_abc, nakihito Reviewed By: nakihito Differential Revision: https://reviews.bitcoinabc.org/D5929
ShengguangXiao
pushed a commit
to DeFiCh/ain
that referenced
this pull request
Aug 28, 2020
7160c34 util: Move ResolveErrMsg to util/error (MarcoFalke) Pull request description: Pull request bitcoin/bitcoin#16248 (comment) duplicated the body of this util function. The whole point of the util function is to be shared, so do that here as a fixup to #16248 ACKs for top commit: Sjors: utACK 7160c34 ryanofsky: utACK 7160c34 Tree-SHA512: e2b25ae05082fe9d0ee94bdc7d51f801bd9f78e8fc2b141e9a313e008dbb8a77653fe876e111c802c676859c6b76c37a673d1f8cfbe7ad25607a5ffcffde19fd
ShengguangXiao
pushed a commit
to DeFiCh/ain
that referenced
this pull request
Aug 28, 2020
05066cf Add test for setban (nicolas.dorier) 48e0bd3 [Fix] Allow connection of a noban banned peer (nicolas.dorier) Pull request description: Reported by @MarcoFalke on bitcoin/bitcoin#16248 (comment) The bug would mean that if the peer connecting to you is banned, but whitelisted without specific permissions, it would not be able to connect to the node. The solution is just to move the same line below. ACKs for top commit: Sjors: Agree inline is more clear. utACK 05066cf MarcoFalke: ACK 05066cf Tree-SHA512: 0fed39acb1e8db67bb0bf4c4de3ad034ae776f38d55bd661f1ae0e1a4c6becaf1824ab46ed8279f2f31df3f4b29ff56461d8b167d3e9cece62cfe58b5a912811
ShengguangXiao
pushed a commit
to DeFiCh/ain
that referenced
this pull request
Aug 28, 2020
ba801ba [Doc] Add documentation for the new whitelist permissions (nicolas.dorier) Pull request description: Documenting the new feature bitcoin/bitcoin#16248 . Ping Sjors . ACKs for top commit: Sjors: Indeed, re-ACK ba801ba Tree-SHA512: e6860bb6fae921287da7920a8db534e6a1a23871dd78dd6da030f00adf23e204cd23b194d67361bf34d4ef5a7815fc3fd7c81a3f2f35e4cfbe6ee2f2e6daec25
|
This PR introduced the field |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
In 0.19, bloom filter will be disabled by default. I tried to make a PR to enable bloom filter for whitelisted peers regardless of
-peerbloomfilters.Bloom filter have non existent privacy and server can omit filter's matches. However, both problems are completely irrelevant when you connect to your own node. If you connect to your own node, bloom filters are the most bandwidth efficient way to synchronize your light client without the need of some middleware like Electrum.
It is also a superior alternative to BIP157 as it does not require to maintain an additional index and it would work well on pruned nodes.
When I attempted to allow bloom filters for whitelisted peer, my proposal has been NACKed in favor of a more flexible approach which should allow node operator to set fine grained permissions instead of a global
whitelistedattribute.Doing so will also make follow up idea very easy to implement in a backward compatible way.
Implementation details
The PR propose a new format for
--white{list,bind}. I added a way to specify permissions granted to inbound connection matchingwhite{list,bind}.The following permissions exists:
Example:
-whitelist=bloomfilter@127.0.0.1/32.-whitebind=bloomfilter,relay,noban@127.0.0.1:10020.If no permissions are specified,
NoBan | Mempoolis assumed. (making this PR backward compatible)When we receive an inbound connection, we calculate the effective permissions for this peer by fetching the permissions granted from
whitelistand add to it the permissions granted fromwhitebind.To keep backward compatibility, if no permissions are specified in
white{list,bind}(e.g.--whitelist=127.0.0.1) then parameters-whitelistforcerelayand-whiterelaywill add the permissionsForceRelayandRelayto the inbound node.-whitelistforcerelayand-whiterelayare ignored if the permissions flags are explicitly set inwhite{bind,list}.Follow up idea
Based on this PR, other changes become quite easy to code in a trivially review-able, backward compatible way:
connectat rpc and config file level to understand the permissions flags.