Do not absolutely protect local peers and make eviction more aggressive. #7082
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
concept ACK |
|
I would split this into two commits:
|
|
@pstratem Okay, I split it up and also added protection for tx relayers. I wanted to get something in that distinguishes good onion peers from bad; ultimately I want to add peer POW to this, but thats a non-trivial amount of work. So right now TXs are at least something. It would be good to add blocks too, though that block addition pipeline makes it a little hard to avoid crediting people from sending duplicate blocks. |
With automatic tor HS support in place we should probably not be providing absolute protection for local peers, since HS inbound could be used to attack pretty easily. Instead, this counts on the latency metric inside AttemptToEvictConnection to privilege actually local peers. This makes sure that in the case of tying group size to select the group with the newest member, since newest time is the final selection criteria.
This makes eviction generally more aggressive by making it willing to evict the last unprotected peer in a netgroup if the new connection comes from a netgroup where we have no unprotected peers.
This protects four peers that most recently sent us a valid transaction to our memory pool. This metric is costly for attackers to control since it requires sending acceptable transactions, and an attacker which is blocking transactions is inherently disadvantaged for this criteria.
|
Concept ACK Will look at code after rebase. |
|
Needs rebase if still relevant. (c.f. #7453) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With automatic tor HS support in place we should probably not be providing
absolute protection for local peers, since HS inbound could be used to
attack pretty easily. Instead, this counts on the latency metric inside
AttemptToEvictConnection to privilege actually local peers.
This change also makes eviction generally more aggressive by making it
willing to evict the unprotected peer in a netgroup, if the new
connection comes from a netgroup where we have no unprotected peers.
It also makes sure that in the case of tying group size to select the
group with the newest member, since newest time is the final selection
criteria.
The third commit protects four peers that most recently sent us a valid
transaction to our memory pool. This metric is costly for attackers to
control since it requires sending acceptable transactions, and an
attacker which is blocking transactions is inherently disadvantaged for this
criteria.