p2p: Allow whitelisting manual connections #27114
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
This was referenced Feb 16, 2023
cf19251 to
4a2aa6c
Compare
|
Concept ACK |
stratospher
reviewed
Mar 10, 2023
There was a problem hiding this comment.
concept ACK. whitelisting outgoing connections is a useful feature to have! went through the code and it looks good.
- integration tests in
p2p_permissions.pywould be nice! (It’d be interesting to see the behaviour when different permissions are set in different connection directions.) - something i had trouble understanding was if we give a trusted peer special permissions, would it matter who initiated the connection?
- micro nit: next time you rebase/update, maybe reword the 1st commit message to use
NetPermissionFlags::Implicitinstead of PF_ISIMPLICIT?
furszy
reviewed
Mar 13, 2023
Sounds good! Gonna implement it! |
67b32c5 to
6ed6fca
Compare
|
force-pushed: Added |
6ed6fca to
19f3f3a
Compare
|
Rebased |
jonatack
reviewed
May 5, 2023
test/functional/mempool_reorg.py
Outdated
| ], | ||
| [] | ||
| ] | ||
| self.whitelist_peers = True |
There was a problem hiding this comment.
19f3f3a This doesn't seem to be a pure refactoring here and in mempool_packages.py and p2p_segwit.py
|
Force-pushed addressing:
thanks, @stratospher |
sr-gi
reviewed
Feb 28, 2024
pinheadmz
approved these changes
Feb 29, 2024
There was a problem hiding this comment.
ACK 0a53361
confirmed minimal diff since last ack
Show Signature
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
ACK 0a533613fb44207053796fd01a9f4b523a3153d4
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE5hdzzW4BBA4vG9eM5+KYS2KJyToFAmXg8cMACgkQ5+KYS2KJ
yTqb9BAAlsYlKQ6Umtb5FVctkQebcoO7F4P0cHseOl97Xlkcr+slqDGDnYNs19ft
6Ct9HJkB/faLzOQ2gyGq3cOxMevkuQEWBxAKti54uoHY5X5Ye51W5ejJz3BLT+Sw
pDhwlpXo2hSz7GhgpUeb6mj0+rHyA3pMXNvFGjcrjHCX4AeJdWLZEcau0avZ+Luj
5cl0cDxNztu6xWCSAdoooEDyHcpXifYafPOkMV2L6qefh94rZuHuc7gmCnff5geB
lb5DZJQm6lJiLLQBHQ6UUw5hLx4Myfn0Vdb3h937amiwZ+2RsTEHTT1RoZ0lT1Q4
qi/ehtXq+iLcqAA2FzHaiTc1IgZzG3ylJQMGov5rQ2irIpYBKyzPBgZcSloS49oK
lbMB3a3onyABtmmyCQGLG/ituxp8n1/MawyANaQj+uJF7aJrVoylkNctm7J5gb5T
6YYeYVEV/Dav+OqeJj+LZr+4zxvYHndTgrE7MgTZsGMoam/A7jzjZdS3Y0nceCIZ
Lm2d57+nzar/36pp2zzfS6yTjdIgK1NxGEYDLDSBSXdWV3YVaCbGezMzghAc2Wb1
l5JHH+SFvXhOY5WaciuhOUWF7wq726WtaNUeUGldIGHqJB0QrkJOB1IUqpkbaCOU
d4g4ePAXMkxIeo+m9QXwARLX9iFHr4AkW+qsytQoS3OgMQIQpdQ=
=N5cR
-----END PGP SIGNATURE-----
pinheadmz's public key is on keybase
stratospher
reviewed
Mar 6, 2024
There was a problem hiding this comment.
concept ACK! it's useful to be able to whitelist and give special permissions to manual peers which are essentially peers you trust.
I've gone through all the commits but not leaving a code review/approach ACK since I don't understand why we'd need different permissions for each connection direction. (related comments - #17167 (comment), #27114 (comment), #27114 (comment))
| @@ -27,10 +27,11 @@ | |||
| class MempoolPackagesTest(BitcoinTestFramework): | |||
| def set_test_params(self): | |||
| self.num_nodes = 2 | |||
| # whitelist peers to speed up tx relay / mempool sync | |||
| self.noban_tx_relay = True | |||
There was a problem hiding this comment.
c985eb8: isn't this a behaviour change in the functional test? now, the second node also has noban permission - previously it didn't. same situation happens in test/functional/p2p_segwit.py.
so maybe keep "-whitelist=noban@127.0.0.1" instead of self.noban_tx_relay = True in both these tests.
(haven't looked into how having noban permission for second node affects the functional test though.)
There was a problem hiding this comment.
I does not affect the behaviour of the tests since those tests does not test any misbehaviour. It is just to speed up tx relay.
|
ACK 0a53361 |
kevkevinpal
pushed a commit
to kevkevinpal/bitcoin
that referenced
this pull request
Mar 13, 2024
kevkevinpal
pushed a commit
to kevkevinpal/bitcoin
that referenced
this pull request
Mar 13, 2024
sr-gi
pushed a commit
to sr-gi/bitcoin
that referenced
this pull request
Mar 25, 2024
Retropex
pushed a commit
to Retropex/bitcoin
that referenced
this pull request
Mar 28, 2024
Github-Pull: bitcoin#27114 Rebased-From: 2863d7d
Retropex
pushed a commit
to Retropex/bitcoin
that referenced
this pull request
Mar 28, 2024
…tPermissionFlags` Github-Pull: bitcoin#27114 Rebased-From: 9133fd6
Retropex
pushed a commit
to Retropex/bitcoin
that referenced
this pull request
Mar 28, 2024
Github-Pull: bitcoin#27114 Rebased-From: 8e06be3
Retropex
pushed a commit
to Retropex/bitcoin
that referenced
this pull request
Mar 28, 2024
…l connections Github-Pull: bitcoin#27114 Rebased-From: 66bc6e2
Retropex
pushed a commit
to Retropex/bitcoin
that referenced
this pull request
Mar 28, 2024
Github-Pull: bitcoin#27114 Rebased-From: e6b8f19
Retropex
pushed a commit
to Retropex/bitcoin
that referenced
this pull request
Mar 28, 2024
Github-Pull: bitcoin#27114 Rebased-From: 1bae3b2 (partial)
theStack
added a commit
to theStack/bitcoin
that referenced
this pull request
Apr 6, 2024
Reverts commit ab4efad (PR bitcoin#26970). This workaround is not needed anymore, as since bitcoin#27114 the test sets the noban permission for both in- and outbound connections via the `noban_tx_relay` setting, and we don't have to rely on these topology hacks anymore. See commit c985eb8.
fanquake
added a commit
that referenced
this pull request
Apr 7, 2024
…oups.py 93fae5a test: remove immediate tx relay workaround in wallet_groups.py (Sebastian Falbesoner) Pull request description: Reverts commit ab4efad (PR #26970). This workaround is not needed anymore, as since #27114 the test sets the noban permission for both in- and outbound connections via the `noban_tx_relay` setting, and we don't have to rely on this topology hack anymore. See commit c985eb8 (kudos to brunoerg!). Can be tested by executing `$ time ./test/functional/wallet_groups.py` both on master and PR and verifying that the execution time is roughly equal. ACKs for top commit: maflcko: lgtm ACK 93fae5a brunoerg: utACK 93fae5a Tree-SHA512: b949fd05b4308815ba02d0ee4d1318f642b930288dd03223f46db7db745177af1c070bc7058743ac27963c5ad90564089867cc12f31fee94812a16919c353bab
sr-gi
reviewed
Apr 10, 2024
| // By default, whitelist only applies to incoming connections | ||
| if (connection_direction == ConnectionDirection::None) { | ||
| connection_direction = ConnectionDirection::In; | ||
| } else if (flags == NetPermissionFlags::None) { |
There was a problem hiding this comment.
Going over this PR again, shouldn't this have been a separate if statement instead of an if/else (or not a condition at all)?
Right now we are accepting expressions of the type @ip:port (which were already accepted before), but not expressions of the type in/out@ip:port.
The former will pass and default to ConnectionDirection::In + NetPermissionFlags::Implicit, while the latter will be rejected. That feels inconsistent
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Oct 25, 2024
…llet_groups.py 93fae5a test: remove immediate tx relay workaround in wallet_groups.py (Sebastian Falbesoner) Pull request description: Reverts commit ab4efad (PR bitcoin#26970). This workaround is not needed anymore, as since bitcoin#27114 the test sets the noban permission for both in- and outbound connections via the `noban_tx_relay` setting, and we don't have to rely on this topology hack anymore. See commit c985eb8 (kudos to brunoerg!). Can be tested by executing `$ time ./test/functional/wallet_groups.py` both on master and PR and verifying that the execution time is roughly equal. ACKs for top commit: maflcko: lgtm ACK 93fae5a brunoerg: utACK 93fae5a Tree-SHA512: b949fd05b4308815ba02d0ee4d1318f642b930288dd03223f46db7db745177af1c070bc7058743ac27963c5ad90564089867cc12f31fee94812a16919c353bab
Fabcien
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Nov 12, 2024
Summary:
> net: store `-whitelist{force}relay` values in `CConnman`
> net: Move NetPermissionFlags::Implicit verification to `AddWhitelistPermissionFlags`
> net_processing: Move extra service flag into InitializeNode
> Accept "in" and "out" flags to -whitelist to allow whitelisting manual connections
> test: add coverage for whitelisting manual connections
This is a partial backport of [[bitcoin/bitcoin#27114 | core#27114]]
bitcoin/bitcoin@2863d7d
bitcoin/bitcoin@9133fd6
bitcoin/bitcoin@8e06be3
bitcoin/bitcoin@66bc6e2
bitcoin/bitcoin@e6b8f19
bitcoin/bitcoin@0a53361
Depends on D17112
Note that CNode::m_permissionFlags was made public by core in [[bitcoin/bitcoin#20881 | core#20881]] which we are missing so it had to be made public in this diff.
Test Plan: `ninja all check-all`
Reviewers: #bitcoin_abc, Fabien
Reviewed By: #bitcoin_abc, Fabien
Subscribers: Fabien
Differential Revision: https://reviews.bitcoinabc.org/D17114
Fabcien
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Nov 12, 2024
Summary: when `self.noban_tx_relay=True`, the following flag `-whitelist=noban,in,out@127.0.0.1`is added to `extra_args` to speed up tx relay/mempool sync. Before (all functional tests): ``` ALL | ✓ Passed | 1465 s (accumulated) Runtime: 163 s ``` After: ``` ALL | ✓ Passed | 1350 s (accumulated) Runtime: 150 s ``` This makes test duration shorter and hopefully solves some rare timeouts in interface_rest.py This concludes backport of [[bitcoin/bitcoin#27114 | core#27114]] bitcoin/bitcoin@c985eb8 Bypasses [[bitcoin/bitcoin#26970 | core#26970]] and [[bitcoin/bitcoin#29822 | core#29822]] Depends on D17114 Test Plan: `ninja check-functional` Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Subscribers: Fabien Differential Revision: https://reviews.bitcoinabc.org/D17115
roqqit
pushed a commit
to doged-io/doged
that referenced
this pull request
Nov 21, 2024
Summary:
> net: store `-whitelist{force}relay` values in `CConnman`
> net: Move NetPermissionFlags::Implicit verification to `AddWhitelistPermissionFlags`
> net_processing: Move extra service flag into InitializeNode
> Accept "in" and "out" flags to -whitelist to allow whitelisting manual connections
> test: add coverage for whitelisting manual connections
This is a partial backport of [[bitcoin/bitcoin#27114 | core#27114]]
bitcoin/bitcoin@2863d7d
bitcoin/bitcoin@9133fd6
bitcoin/bitcoin@8e06be3
bitcoin/bitcoin@66bc6e2
bitcoin/bitcoin@e6b8f19
bitcoin/bitcoin@0a53361
Depends on D17112
Note that CNode::m_permissionFlags was made public by core in [[bitcoin/bitcoin#20881 | core#20881]] which we are missing so it had to be made public in this diff.
Test Plan: `ninja all check-all`
Reviewers: #bitcoin_abc, Fabien
Reviewed By: #bitcoin_abc, Fabien
Subscribers: Fabien
Differential Revision: https://reviews.bitcoinabc.org/D17114
roqqit
pushed a commit
to doged-io/doged
that referenced
this pull request
Nov 21, 2024
Summary: when `self.noban_tx_relay=True`, the following flag `-whitelist=noban,in,out@127.0.0.1`is added to `extra_args` to speed up tx relay/mempool sync. Before (all functional tests): ``` ALL | ✓ Passed | 1465 s (accumulated) Runtime: 163 s ``` After: ``` ALL | ✓ Passed | 1350 s (accumulated) Runtime: 150 s ``` This makes test duration shorter and hopefully solves some rare timeouts in interface_rest.py This concludes backport of [[bitcoin/bitcoin#27114 | core#27114]] bitcoin/bitcoin@c985eb8 Bypasses [[bitcoin/bitcoin#26970 | core#26970]] and [[bitcoin/bitcoin#29822 | core#29822]] Depends on D17114 Test Plan: `ninja check-functional` Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Subscribers: Fabien Differential Revision: https://reviews.bitcoinabc.org/D17115
luke-jr
pushed a commit
to bitcoinknots/bitcoin
that referenced
this pull request
Feb 22, 2025
Github-Pull: bitcoin#27114 Rebased-From: 1bae3b2 (partial)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Revives #17167. It allows whitelisting manual connections. Fixes #9923
Since there are some PRs/issues around this topic, I'll list some motivations/comments for whitelisting outbound connections from them:
node0 <--- node1 <---- node2 <--- ... <-- nodeN, if a tx is submitted from any node other than node0, the mempool synchronization can take quite long.