Replace relevant services logic with a function suite. #11456
Conversation
I really disliked that flag anyway, as it's not obvious who should care and why. This change makes sense imo. Mind renaming this to "m_manual_connection", or "!m_from_addrman" (or hopefully something better) ? |
|
@theuni done in a new commit, that is much more descriptive, indeed. |
src/protocol.h
Outdated
| * If the peer is missing any of the returned service flags, they aren't | ||
| * interesting to us - we probably shouldn't conenct outbound to them. | ||
| */ | ||
| static ServiceFlags GetRelevantServiceFlags(ServiceFlags services) { |
There was a problem hiding this comment.
Can you document what the parameter represents? Hard to tell since it's unused. I assume it's for future compatibility.
There was a problem hiding this comment.
Indeed, its for use in #10387. Will it be clearer when the function reads
GetRelevantServiceFlags(services) {
if (services & NODE_NETWORK_LIMITED && !in_ibd) return NODE_NETWORK_LIMITED | NODE_WITNESS;
return NODE_NETWORK | NODE_WITNESS;
or should I document it further?
There was a problem hiding this comment.
Yeah, parameter documentation would be nice because I still find its purpose confusing. Especially since as a parameter of HasAllRelevantServiceFlags it represents both the service flags you want to test and a modifier on what you want to test against. Like, why is the future code not just:
GetRelevantServiceFlags() {
if (!in_ibd) return NODE_NETWORK_LIMITED | NODE_WITNESS;
else return NODE_NETWORK | NODE_WITNESS;There was a problem hiding this comment.
I like jimpo's suggestion above for getting rid of the service argument, since this code seems more vague and confusing than it needs to be. Other suggestions for making it clearer could be:
- Rename "Relevant" to "Required" or "RequiredForOutbound." "Relevant" doesn't suggest what the return value will be used for, while "Required" does.
- Rename "services" argument to "peer_service_flags" if it can't be eliminated so it is clearer where the argument value is coming from.
There was a problem hiding this comment.
You need the NODE_NETWORK_LIMITED check as a proxy for whether the node is new - eg if the node announces NODE_NETWORK_LIMITED (and you're out of IBD) then you're fine with NODE_NETWORK_LIMITED, but if the node only announces NODE_NETWORK they may be an 0.15.X node and you're perfectly OK with them having only NODE_NETWORK and not NODE_NETWORK_LIMITED.
There was a problem hiding this comment.
Oh, ok, I figured that would work because NODE_NETWORK would be a superset of NODE_NETWORK_LIMITED. But if NODE_NETWORK without NODE_NETWORK_LIMITED is a meaningful flag combination then it makes sense that you need the services argument.
In any case, I mostly wanted to suggest the renames here.
There was a problem hiding this comment.
NODE_NETWORK without NODE_NETWORK_LIMITED is not meaningful generally, but old nodes will (obviously) be using that, so it is important that we still treat it correctly.
|
I was thinking of opening a PR soon to require WITNESS for outbounds in any case, so ACK on that. |
8f50b87 to
12524dd
Compare
|
Rewrote the function description. Sufficiently descriptive, @jimpo? |
There was a problem hiding this comment.
utACK 12524dd366306ea59ec8019e076b9a843d55bcf0, though for some reason I really dislike use of word "relevant" here.
It would be good if the -connect help string mentioned the fact that it loosens requirements for peers, since the current -connect help seems to imply that it only restricts connections. Release notes could also mention the change in behavior if you don't think it's too much of an internal detail.
src/protocol.h
Outdated
| * If the peer is missing any of the returned service flags, they aren't | ||
| * interesting to us - we probably shouldn't conenct outbound to them. | ||
| */ | ||
| static ServiceFlags GetRelevantServiceFlags(ServiceFlags services) { |
There was a problem hiding this comment.
I like jimpo's suggestion above for getting rid of the service argument, since this code seems more vague and confusing than it needs to be. Other suggestions for making it clearer could be:
- Rename "Relevant" to "Required" or "RequiredForOutbound." "Relevant" doesn't suggest what the return value will be used for, while "Required" does.
- Rename "services" argument to "peer_service_flags" if it can't be eliminated so it is clearer where the argument value is coming from.
src/protocol.h
Outdated
| * Checks if a peer with the given service flags may be capable of having a | ||
| * robust address-storage DB. Currently an alias for checking NODE_NETWORK. | ||
| */ | ||
| static inline bool MayHaveRelevantAddressDB(ServiceFlags services) { |
There was a problem hiding this comment.
"Relevant" doesn't seem like the right word here either, because it doesn't imply anything about the addressdb. Maybe "Robust"? "Good"? "Usable"?
src/protocol.h
Outdated
| * == GetRelevantServiceFlags(services), ie determines whether the given | ||
| * set of service flags are sufficient for a peer to be "relevant". | ||
| */ | ||
| static inline bool HasAllRelevantServiceFlags(ServiceFlags services) { |
There was a problem hiding this comment.
Again could consider "Required" / "peer_service_flags" renames suggested above.
|
Concept Ack and a light CR-Ack. I agree with @ryanofsky about naming -- I didn't find the new function names you introduced to be particularly elucidating, so maybe you can pick something better. Also, I don't think we want to introduce new hungarian notation member variables (unless the m_ stands for 'matt_' ;) ). |
|
@ryanofsky I'm not sure what your comment about -connect is about. The help text still reads correct to me (it still limits you to only that one connection), the only thing it changes is that previously we would disconnect-on-VERSION-message for -connect peers which do not set NODE_NETWORK, now we will keep it connected just the same as -addnode peers. If you think thats a critical change to document I'm happy to do so, but I think thats a rather esoteric case for -connect. |
src/protocol.h
Outdated
| * Relevant service flags may be peer- and state-specific in that the | ||
| * version of the peer may determine which flags are required (eg in the | ||
| * case of NODE_NETWORK_LIMITED where we seek out NODE_NETWORK peers | ||
| * unless they set NODE_NETWORK_LIMITED and we our out of IBD, in which |
|
Yeah, I wasn't saying the help text is incorrect, I was saying it was incomplete. Help text says |
| @@ -1602,7 +1601,7 @@ void CConnman::ThreadDNSAddressSeed() | |||
| LOCK(cs_vNodes); | |||
| int nRelevant = 0; | |||
| for (auto pnode : vNodes) { | |||
| nRelevant += pnode->fSuccessfullyConnected && ((pnode->nServices & nRelevantServices) == nRelevantServices); | |||
There was a problem hiding this comment.
I think services are just acting as a proxy here. Since we enforce service checking for (non-manual) outgoing connections already, and should probably consider incoming nodes as insignificant for the sake of this check, don't we really just want to tally fSuccessfullyConnected && !fInbound && !m_manual_connection ?
There was a problem hiding this comment.
Agreed, though I went ahead and added OneShot and Feeler into the mix.
12524dd to
4189656
Compare
|
OK, addressed all the feedback except the desire to rename Relevant to something else. I'm not a fan of Required or RequiredForOutbound, as neither really caputures its full user (its also used in eviction logic). I admit Relevant isnt so descriptive either, but it also doesn't give a false impression (and is documented), so I'm open to other suggestions but not a fan of the current options. |
src/rpc/net.cpp
Outdated
| @@ -201,6 +201,8 @@ UniValue addnode(const JSONRPCRequest& request) | |||
| "addnode \"node\" \"add|remove|onetry\"\n" | |||
| "\nAttempts to add or remove a node from the addnode list.\n" | |||
| "Or try a connection to a node once.\n" | |||
| "Nodes added using addnode (or -connect) are protected from DoS disconnection andare not required to be\n" | |||
4189656 to
989d2fe
Compare
|
Changed to "Desirable" instead of "Relevant" at @JeremyRubin's suggestion. |
| * | ||
| * Thus, generally, avoid calling with peerServices == NODE_NONE. | ||
| */ | ||
| static ServiceFlags GetDesirableServiceFlags(ServiceFlags services) { |
There was a problem hiding this comment.
Nit, unused services, comment?
There was a problem hiding this comment.
See #11456 (comment), this function should get much more complicated soon, and hopefully move out of protocol.h at the same time.
|
Concept ACK. Though, I believe that these lines demonstrate why "Desirable" is so awkward: if (!fFeeler && !HasAllDesirableServiceFlags(addr.nServices)) {
continue;
} else if (fFeeler && !MayHaveUsefulAddressDB(addr.nServices)) {
continue;
}
I'd be much more comfortable with this (and I think it'd be much more straightforward) if After all, that's what we're really trying to figure out, right? Then the flag checks aren't dependent on app state, because those checks are done in a straightforward way by the caller instead: if ((in_ibd && MayServeAllWitnessBlocks(services))
|| (!in_ibd && MayServeSomeWitnessBlocks(services))) {
request()
...
}That also means that "Desirable" doesn't have to share the same meaning everywhere. The obvious example where that's useful is the eviction logic. So... basically just a glorified version of the previous binary logic, except that the functions understand cases where multiple flags may be suitable. |
|
The goal with the naming was to allow the place that owns network logic to have a function which captures whether a peer is interesting to us. Point being you want some function which captures everything net wants to avoid knowing about, even if that's some crazy wrapper for MayServe*WitnessBlocks, that wrapper should still exist outside of CConnman/net. Ideally, eventually, this will be in net_processing.h (ie the place where we know about what stuff we want out of our peers), but the circular deps right now make that a mess. Lacking net_processing being able to take it, protocol.h or some new header seems most reasonable to me. |
|
The reason for Many of our assumptions on partition resistance and privacy are based on the fact that outgoing connections are more under our control. If we're making an outgoing connection, and the node we end up connecting to has different service flags than what we expect - even if they're 'better' - we're likely not connected to who we thought we were. If that's the case, I believe it's better to disconnect and pick another node we want to connect to, rather than accepting wasting an outbound connection slot on an unknown peer. |
|
@sipa I think this logic would roughly mimic that of nExpected, as we only attempt connections with preferred flags anyway. Though disconnecting upon receiving preferred but not expected flags would mean that if a node goes from full -> pruned (or the reverse), it would see a bunch of disconnects for a while. Post bip159, that is. I think it would also open us up to issues if someone was handing out phony addr's? |
|
@theuni My view is that at connection time, we're making a certain determination of what to connect to, with biases based on (among other things) the service flags of all things in addrman. Disconnecting if you see that what you connected to was based on wrong information just gives everything a new chance (including the peer you just connected to). In the end, what node you end up connecting to has the same probability distribution to the one you'd have if you had perfect information (about the nodes you tried) from the start. Using nExpected means all the biasing logic can be encapsulated inside the outgoing-connection-logic, without needing to reason about corrections afterwards. Talking to @TheBlueMatt about this, I agree that this pretty abstract, as we don't actually want to bias based on service flags anymore (at least for the time being), and even after BIP159, it will likely be a boolean acceptable or not, instead of a complicated bias. So, I withdraw my objection. |
src/protocol.h
Outdated
| * set of service flags are sufficient for a peer to be "relevant". | ||
| */ | ||
| static inline bool HasAllDesirableServiceFlags(ServiceFlags services) { | ||
| return (GetDesirableServiceFlags(services) & services) == GetDesirableServiceFlags(services); |
There was a problem hiding this comment.
Slightly easier expression !(GetDesirableServiceFlags(services) & ~services).
989d2fe to
b4809fc
Compare
src/net.cpp
Outdated
| @@ -1601,7 +1601,7 @@ void CConnman::ThreadDNSAddressSeed() | |||
| LOCK(cs_vNodes); | |||
| int nRelevant = 0; | |||
| for (auto pnode : vNodes) { | |||
| nRelevant += pnode->fSuccessfullyConnected && HasAllDesirableServiceFlags(pnode->nServices); | |||
| nRelevant += pnode->fSuccessfullyConnected && !pnode->fFeeler && !pnode->fOneShot && !pnode->m_manual_connection && !pnode->fInbound; | |||
There was a problem hiding this comment.
Are you sure you wouldn't want MayHaveUsefulAddressDB at least here?
There was a problem hiding this comment.
fSuccessfullyConnected && !special_peer_flag implies the peer is useful (and really want to have as few service-bit-aware pieces of logic in net as possible).
src/protocol.h
Outdated
| * set of service flags are sufficient for a peer to be "relevant". | ||
| */ | ||
| static inline bool HasAllDesirableServiceFlags(ServiceFlags services) { | ||
| return GetDesirableServiceFlags(services) & (~services); |
|
Commit 'Rename fAddnode to a more-descriptive "manual_connection"': convert to scripted diff? |
|
utACK after fixing the incorrect |
Adds HasAllRelevantServices and GetRelevantServices, which check for NETWORK|WITNESS. This changes the following: * Removes nRelevantServices from CConnman, disconnecting it a bit more from protocol-level logic. * Replaces our sometimes-connect-to-!WITNESS-nodes logic with simply always requiring WITNESS|NETWORK for outbound non-feeler connections (feelers still only require NETWORK). * This has the added benefit of removing nServicesExpected from CNode - instead letting net_processing's VERSION message handling simply check HasAllRelevantServices. * This implies we believe WITNESS nodes to continue to be a significant majority of nodes on the network, but also because we cannot sync properly from !WITNESS nodes, it is strange to continue using our valuable outbound slots on them. * In order to prevent this change from preventing connection to -connect= nodes which have !WITNESS, -connect nodes are now given the "addnode" flag. This also allows outbound connections to !NODE_NETWORK nodes for -connect nodes (which was already true of addnodes). * Has the (somewhat unintended) consequence of changing one of the eviction metrics from the same sometimes-connect-to-!WITNESS-nodes metric to requiring HasRelevantServices. This should make NODE_NETWORK_LIMITED much simpler to implement.
b4809fc to
15f5d3b
Compare
|
Fixed missing |
|
@ryanofsky nice spot. I'm still not a big fan of keeping the relevant concept around, but this is an improvement regardless. utACK 15f5d3b. |
I missed that. The change looks fine without. |
|
utACK 15f5d3b |
15f5d3b Switch DNSSeed-needed metric to any-automatic-nodes, not services (Matt Corallo) 5ee88b4 Clarify docs for requirements/handling of addnode/connect nodes (Matt Corallo) 57edc0b Rename fAddnode to a more-descriptive "manual_connection" (Matt Corallo) 4440710 Replace relevant services logic with a function suite. (Matt Corallo) Pull request description: This was mostly written as a way to clean things up so that the NETWORK_LIMITED PR (#10387) can be simplified a ton, but its also a nice standalone cleanup that will also require a bit of review because it tweaks a lot of stuff across net. The new functions are fine in protocol.h right now since they're straight-forward, but after NETWORK_LIMITED will really want to move elsewhere after @theuni moves the nServices-based selection to addrman from connman. Adds HasAllRelevantServices and GetRelevantServices, which check for NETWORK|WITNESS. This changes the following: * Removes nRelevantServices from CConnman, disconnecting it a bit more from protocol-level logic. * Replaces our sometimes-connect-to-!WITNESS-nodes logic with simply always requiring WITNESS|NETWORK for outbound non-feeler connections (feelers still only require NETWORK). * This has the added benefit of removing nServicesExpected from CNode - instead letting net_processing's VERSION message handling simply check HasAllRelevantServices. * This implies we believe WITNESS nodes to continue to be a significant majority of nodes on the network, but also because we cannot sync properly from !WITNESS nodes, it is strange to continue using our valuable outbound slots on them. * In order to prevent this change from preventing connection to -connect= nodes which have !WITNESS, -connect nodes are now given the "addnode" flag. This also allows outbound connections to !NODE_NETWORK nodes for -connect nodes (which was already true of addnodes). * Has the (somewhat unintended) consequence of changing one of the eviction metrics from the same sometimes-connect-to-!WITNESS-nodes metric to requiring HasRelevantServices. This should make NODE_NETWORK_LIMITED much simpler to implement. Tree-SHA512: 90606896c86cc5da14c77843b16674a6a012065e7b583d76d1c47a18215358abefcbab44ff4fab3fadcd39aa9a42d4740c6dc8874a58033bdfc8ad3fb5c649fc
Github-Pull: bitcoin#11456 Rebased-From: 57edc0b
…suite. 15f5d3b Switch DNSSeed-needed metric to any-automatic-nodes, not services (Matt Corallo) 5ee88b4 Clarify docs for requirements/handling of addnode/connect nodes (Matt Corallo) 57edc0b Rename fAddnode to a more-descriptive "manual_connection" (Matt Corallo) 4440710 Replace relevant services logic with a function suite. (Matt Corallo) Pull request description: This was mostly written as a way to clean things up so that the NETWORK_LIMITED PR (bitcoin#10387) can be simplified a ton, but its also a nice standalone cleanup that will also require a bit of review because it tweaks a lot of stuff across net. The new functions are fine in protocol.h right now since they're straight-forward, but after NETWORK_LIMITED will really want to move elsewhere after @theuni moves the nServices-based selection to addrman from connman. Adds HasAllRelevantServices and GetRelevantServices, which check for NETWORK|WITNESS. This changes the following: * Removes nRelevantServices from CConnman, disconnecting it a bit more from protocol-level logic. * Replaces our sometimes-connect-to-!WITNESS-nodes logic with simply always requiring WITNESS|NETWORK for outbound non-feeler connections (feelers still only require NETWORK). * This has the added benefit of removing nServicesExpected from CNode - instead letting net_processing's VERSION message handling simply check HasAllRelevantServices. * This implies we believe WITNESS nodes to continue to be a significant majority of nodes on the network, but also because we cannot sync properly from !WITNESS nodes, it is strange to continue using our valuable outbound slots on them. * In order to prevent this change from preventing connection to -connect= nodes which have !WITNESS, -connect nodes are now given the "addnode" flag. This also allows outbound connections to !NODE_NETWORK nodes for -connect nodes (which was already true of addnodes). * Has the (somewhat unintended) consequence of changing one of the eviction metrics from the same sometimes-connect-to-!WITNESS-nodes metric to requiring HasRelevantServices. This should make NODE_NETWORK_LIMITED much simpler to implement. Tree-SHA512: 90606896c86cc5da14c77843b16674a6a012065e7b583d76d1c47a18215358abefcbab44ff4fab3fadcd39aa9a42d4740c6dc8874a58033bdfc8ad3fb5c649fc
…suite. 15f5d3b Switch DNSSeed-needed metric to any-automatic-nodes, not services (Matt Corallo) 5ee88b4 Clarify docs for requirements/handling of addnode/connect nodes (Matt Corallo) 57edc0b Rename fAddnode to a more-descriptive "manual_connection" (Matt Corallo) 4440710 Replace relevant services logic with a function suite. (Matt Corallo) Pull request description: This was mostly written as a way to clean things up so that the NETWORK_LIMITED PR (bitcoin#10387) can be simplified a ton, but its also a nice standalone cleanup that will also require a bit of review because it tweaks a lot of stuff across net. The new functions are fine in protocol.h right now since they're straight-forward, but after NETWORK_LIMITED will really want to move elsewhere after @theuni moves the nServices-based selection to addrman from connman. Adds HasAllRelevantServices and GetRelevantServices, which check for NETWORK|WITNESS. This changes the following: * Removes nRelevantServices from CConnman, disconnecting it a bit more from protocol-level logic. * Replaces our sometimes-connect-to-!WITNESS-nodes logic with simply always requiring WITNESS|NETWORK for outbound non-feeler connections (feelers still only require NETWORK). * This has the added benefit of removing nServicesExpected from CNode - instead letting net_processing's VERSION message handling simply check HasAllRelevantServices. * This implies we believe WITNESS nodes to continue to be a significant majority of nodes on the network, but also because we cannot sync properly from !WITNESS nodes, it is strange to continue using our valuable outbound slots on them. * In order to prevent this change from preventing connection to -connect= nodes which have !WITNESS, -connect nodes are now given the "addnode" flag. This also allows outbound connections to !NODE_NETWORK nodes for -connect nodes (which was already true of addnodes). * Has the (somewhat unintended) consequence of changing one of the eviction metrics from the same sometimes-connect-to-!WITNESS-nodes metric to requiring HasRelevantServices. This should make NODE_NETWORK_LIMITED much simpler to implement. Tree-SHA512: 90606896c86cc5da14c77843b16674a6a012065e7b583d76d1c47a18215358abefcbab44ff4fab3fadcd39aa9a42d4740c6dc8874a58033bdfc8ad3fb5c649fc
…suite. 15f5d3b Switch DNSSeed-needed metric to any-automatic-nodes, not services (Matt Corallo) 5ee88b4 Clarify docs for requirements/handling of addnode/connect nodes (Matt Corallo) 57edc0b Rename fAddnode to a more-descriptive "manual_connection" (Matt Corallo) 4440710 Replace relevant services logic with a function suite. (Matt Corallo) Pull request description: This was mostly written as a way to clean things up so that the NETWORK_LIMITED PR (bitcoin#10387) can be simplified a ton, but its also a nice standalone cleanup that will also require a bit of review because it tweaks a lot of stuff across net. The new functions are fine in protocol.h right now since they're straight-forward, but after NETWORK_LIMITED will really want to move elsewhere after @theuni moves the nServices-based selection to addrman from connman. Adds HasAllRelevantServices and GetRelevantServices, which check for NETWORK|WITNESS. This changes the following: * Removes nRelevantServices from CConnman, disconnecting it a bit more from protocol-level logic. * Replaces our sometimes-connect-to-!WITNESS-nodes logic with simply always requiring WITNESS|NETWORK for outbound non-feeler connections (feelers still only require NETWORK). * This has the added benefit of removing nServicesExpected from CNode - instead letting net_processing's VERSION message handling simply check HasAllRelevantServices. * This implies we believe WITNESS nodes to continue to be a significant majority of nodes on the network, but also because we cannot sync properly from !WITNESS nodes, it is strange to continue using our valuable outbound slots on them. * In order to prevent this change from preventing connection to -connect= nodes which have !WITNESS, -connect nodes are now given the "addnode" flag. This also allows outbound connections to !NODE_NETWORK nodes for -connect nodes (which was already true of addnodes). * Has the (somewhat unintended) consequence of changing one of the eviction metrics from the same sometimes-connect-to-!WITNESS-nodes metric to requiring HasRelevantServices. This should make NODE_NETWORK_LIMITED much simpler to implement. Tree-SHA512: 90606896c86cc5da14c77843b16674a6a012065e7b583d76d1c47a18215358abefcbab44ff4fab3fadcd39aa9a42d4740c6dc8874a58033bdfc8ad3fb5c649fc
This was mostly written as a way to clean things up so that the NETWORK_LIMITED PR (#10387) can be simplified a ton, but its also a nice standalone cleanup that will also require a bit of review because it tweaks a lot of stuff across net. The new functions are fine in protocol.h right now since they're straight-forward, but after NETWORK_LIMITED will really want to move elsewhere after @theuni moves the nServices-based selection to addrman from connman.
Adds HasAllRelevantServices and GetRelevantServices, which check
for NETWORK|WITNESS.
This changes the following:
more from protocol-level logic.
simply always requiring WITNESS|NETWORK for outbound non-feeler
connections (feelers still only require NETWORK).
CNode - instead letting net_processing's VERSION message
handling simply check HasAllRelevantServices.
significant majority of nodes on the network, but also because
we cannot sync properly from !WITNESS nodes, it is strange to
continue using our valuable outbound slots on them.
-connect= nodes which have !WITNESS, -connect nodes are now
given the "addnode" flag. This also allows outbound connections
to !NODE_NETWORK nodes for -connect nodes (which was already true
of addnodes).
eviction metrics from the same
sometimes-connect-to-!WITNESS-nodes metric to requiring
HasRelevantServices.
This should make NODE_NETWORK_LIMITED much simpler to implement.