Package Relay and child-with-unconfirmed-parents + tx-with-unconfirmed-ancestors Packages #1324
Conversation
sdaftuar
left a comment
There was a problem hiding this comment.
Thanks for working on this! Just some initial questions to try to make sure I'm understanding this proposal right (will do my best to save broader feedback for the mailing list!).
|
|
||
| # '''Sorted topologically.''' For every transaction t in the package, if any of t's parents are present in the package, the parent must appear somewhere in the list before t. In other words, the transactions must be sorted in ascending order of number of ancestors present in the package. | ||
|
|
||
| # '''Only 1 child with unconfirmed parents.''' The package must consist of one transaction and its unconfirmed parents. There must not be any other transactions in the package. Other dependency relationships may exist within the package (e.g. one parent may spend the output of another parent) provided that topological order is respected. |
There was a problem hiding this comment.
One thing I overlooked when I first read this over -- by "unconfirmed parents" you mean direct parents, ie transactions which contain an outpoint being spent in the child transaction, is that right? (I was trying to figure out exactly what you meant by the 2-generation limit further down, and then I realized I might have misunderstood the language here.)
I'd suggest defining this language more explicitly somehow, since I think "unconfirmed parent" can read a lot like "unconfirmed ancestor" (and at any rate I don't think these words have meanings well defined across the developer community).
Also, if a GETDATA(PCKG1, wtxid) comes in for a transaction that has unconfirmed ancestors outside the set of unconfirmed direct parents, how is software supposed to respond?
There was a problem hiding this comment.
by "unconfirmed parents" you mean direct parents, ie transactions which contain an outpoint being spent in the child transaction, is that right?
Yes, exactly.
I'd suggest defining this language more explicitly somehow, since I think "unconfirmed parent" can read a lot like "unconfirmed ancestor" (and at any rate I don't think these words have meanings well defined across the developer community).
Ah, noted. How about something like this:
"Given any two transactions Tx0 and Tx1 where Tx1 spends an output of Tx0, Tx0 is a parent of Tx1 and Tx1 is a child of Tx0. A transaction's ancestors include, recursively, its parents, the parents of its parents, etc. A transaction's descendants include, recursively, its children, the children of its children, etc."
Also, if a GETDATA(PCKG1, wtxid) comes in for a transaction that has unconfirmed ancestors outside the set of unconfirmed direct parents, how is software supposed to respond?
It should send only the direct parents, and no other ancestors.
|
|
||
| # A new inv type (MSG_PCKG1 == 0x6) is added, for use in inv messages and getdata requests pertaining to version 1 packages. | ||
|
|
||
| # As an inv type, it indicates that both transaction data and version 1 package information are available for the transaction. The transaction is referenced by its wtxid. As a getdata request type, it indicates that the sender wants package information for the transaction. |
There was a problem hiding this comment.
Does using MSG_PCKG1 as an inv-type imply that the transaction's unconfirmed ancestors are exactly equal to its unconfirmed parents? (See my other questions below)
bip-v1-packages.mediawiki
Outdated
|
|
||
| # As an inv type, it indicates that both transaction data and version 1 package information are available for the transaction. The transaction is referenced by its wtxid. As a getdata request type, it indicates that the sender wants package information for the transaction. | ||
|
|
||
| # Upon receipt of a "getdata" request for "MSG_PCKG1", the node should respond with the version 1 package corresponding to the requested transaction and its current chain tip, or with NOTFOUND. The node should not assume that the sender is requesting the transaction data as well. |
There was a problem hiding this comment.
Is it permitted to send a GETDATA(MSG_PCKG1, wtxid) if the peer didn't send an INV(MSG_PCKG1, wtxid)? Ie could software use this message to reconstruct the parents of an orphan transaction?
There was a problem hiding this comment.
Yes absolutely! This kind of "half solves" the orphan fetching use case if there's only direct parents missing, but I actually think it would make sense to create another type of package for tx-with-unconfirmed-ancestors:
To answer the likely question of "why wasn't v1 packages tx-with-unconfirmed-ancestors?" I have two primary reasons:
-
The mempool policy created for child-with-unconfirmed-parents packages is insufficient to ensure that a the fees of a tx-with-ancestors package would be evaluated correctly. I noticed you had some consideration for that in #16401. Probably the best algorithm is to sort topologically, then submit each transaction with its ancestor subset within the package. But it doesn't seem like anyone is asking for more than 2 generations of fee-bumping, and I haven't really figured out what RBF would look like.
-
It seems like the orphan-processing and fee-bumping use cases can be thought of separately. For instance, fee-bumping should be a sender-initiated "I'm telling you about extra info you need" and orphan-fetching is more appropriate as a receiver-initiated "hey I'm new here, so I don't know the ancestors of this transaction."
dee1711 to
20fe00b
Compare
|
Based on email discussion, I'd request that the spec makes it explicit that you do not request packages from peers when they report a different chaintip blockhash(and disconnect them right after...) it's possible I missed it, but I keep looking and not seeing it |
Thanks @instagibbs I will add this. Also, if a peer sends us a "pckginfo1" with a blockhash that's different from ours, we should probably just drop it and re-request when they catch up (I think nowadays we usually have an accurate idea of what our peer's best block is). We're definitely not going to disconnect a peer for sending a "pckginfo1" with a different blockhash from ours. |
20fe00b to
66b050a
Compare
There was a problem hiding this comment.
First read through. Looks great thus far. Just some nits (feel free to ignore).
I know this hasn't been done in the past but in the spirit of trying to make BIPs more understandable (and precise when it comes to references to particular attacks) I wonder if a glossary of terms (e.g. pinning attacks and the different varieties of such attacks) could be a good idea (maybe footnotes rather than a glossary, they have been used in the past). I guess the top priority is to clearly go into what attacks/vulns package relay addresses (including on higher layers), what attacks/vulns package relay potentially opens up on the base layer with their introduction and how the design of package relay has minimized the scope of those attacks/vulns on the base layer. My gut feel is that the current draft is still a little light on these details but it was just a first readthrough and it clearly doesn't ignore them.
edit: Was looking at the BIP118 draft for inspiration on what a BIP should cover that is primarily targeted towards higher layer use cases (but with base layer implications). That has a Security section which may be a good idea for this BIP.
|
|
||
| # Download and validate packages of transactions together. | ||
|
|
||
| # Provide information to help peers decide whether to request and/or how validate transactions which are part of a package. |
There was a problem hiding this comment.
nit: s/how validate/how to validate
| once, avoid downloading transactions that are eventually rejected, and minimize storage allocated | ||
| for not-yet-validated transactions. | ||
|
|
||
| Consider these scenarios specifically transaction relay: |
There was a problem hiding this comment.
nit: s/specifically transaction relay/specifically for transaction relay
bip-package-relay.mediawiki
Outdated
| ===P2P Message Design=== | ||
|
|
||
| These p2p messages are added for communication efficiency and, as such, one should measure | ||
| alternative solutions based on the resources used to communicate (not necessarily trustworthy) |
There was a problem hiding this comment.
nit: s/not necessarily trustworthy/in the presence of possibly malicious peers
bip-package-relay.mediawiki
Outdated
|
|
||
| # The "sendpackages" message has the structure defined above, with pchCommand == "sendpackages". | ||
|
|
||
| # During version handshake, nodes should send a "sendpackages" message indicate they support package relay and may request packages. |
There was a problem hiding this comment.
nits: s/During version handshake/During the version handshake, s/message indicate/ message to indicate
|
|
||
| ''Diagram: A receiver-initiated dialogue.'' | ||
|
|
||
| Sometimes, no matter what order transactions are received by a node, validating them individually is |
There was a problem hiding this comment.
nit: s/no matter what order transactions are received by a node/regardless of the order in which transactions are received by a node
66b050a to
c833fd6
Compare
|
Added tx-with-unconfirmed-ancestors packages as a second type of package dedicated to orphan-fetching. |
c833fd6 to
5c73c62
Compare
|
Last push (thanks @ajtowns)
Thanks for the feedback @michaelfolkson, I'll get to the style/wording comments later when the design is more finalized. |
|
Sorry for also leaving a style nit, but as someone also mentioned on the mailing list, |
5c73c62 to
9a85fef
Compare
|
Last push:
|
|
|
||
| A version 1 or '''child-with-unconfirmed-parents''' package can be defined for any transaction that spends | ||
| unconfirmed inputs. The child can be thought of as the "representative" of the package. This package | ||
| can be uniquely identified by the transaction's wtxid and the current chain tip block hash. |
There was a problem hiding this comment.
The child's wtxid does not commit to the wtxids of its ancestors (just the txids), so I don't think it's correct to say that a package is uniquely identified by the child transaction's wtxid and the current chain tip. (I tried to bring this point up in the mailing list thread as well, in the context of package de-duplication.)
There was a problem hiding this comment.
Yes sorry, I think I should have said the package can be easily reconstructed using the transaction's wtxid and current chain tip block hash.
| Status: Draft | ||
| Type: Standards Track | ||
| Created: 2022-04-14 | ||
| License: PD |
There was a problem hiding this comment.
Before taking this out of draft, please license it under one of the acceptable licenses
There was a problem hiding this comment.
Thanks will do! I'm still working on a few changes based on feedback, and then will take this out of draft.
|
Closing as the updated proposal is going to be significantly different from this one, which has no number assigned, and I think it would be confusing. |
Please leave concept/approach feedback on the mailing list thread so that people can follow the discussion in one place. Feel free to leave a review comment if you find typos or incorrect wording.