Conversation
I was thinking that listing seed_nodes, along with turning off Other than the connection database, is there another way that connections are built? Do peers automatically ask each other for peers and attempt to connect? Or must they be prompted? I haven't looked, but will do so. |
Peers do talk to each other about possible new peers and try to connect to each other. I don't remember whether one peer will ask other peers for more peers though. |
|
I can either add code to clear the database, or add code to not use it. Any opinion on which is better? I am thinking clearing the database is better. Who wants a stale database sitting around? Or perhaps someone has a better idea to allow a node operator to only connect to the nodes he wants to. |
|
The program will add new entries to the in-memory database when running, but not only load data when starting, so only clearing on start doesn't make much sense. Actually we're digging into the details now. I think you can find more from the code. IIRC, according to the p2p protocol, your connected peers may
|
I will add code to not connect if accept-incoming-connections is false.
I will have to research if a response is required, or if I can simply ignore the request without consequences.
That can now be controlled by the ToDo:
|
IMHO, these are outgoing connections but not incoming connections. |
Please use a different flag. These should be two distinct settings. (A node operator might want to have his own internal network of interconnected nodes that only connect to each other, and to some trusted public nodes.) |
How about a new parameter:
|
|
I began to think about dropped connections to nodes. As it stands now, the parameters could be set up to where they will not get reconnected. I believe that if seed nodes are passed, and I believe that in such a situation, we must store the seed nodes (in memory?), and sort-of "replace" the currently implemented database of addresses with that list. That way reconnects (or perhaps initial connections) can happen if they are on the list. As often happens, the implementation goes deeper than I expected. To make things clear, I will attempt to spec-out the parameters as I see how they should work, and let others review and adjust. |
|
Posted a spec here: #659 (comment) Please comment there, we'll hammer out the details, and then I'll attempt to implement. Thanks all for the input! |
abitmore
left a comment
There was a problem hiding this comment.
At a glance the code looks good. However the coding style is not the best, sometime indentation is 2, sometimes it's 3, sometimes it's 4.
|
@abitmore thank you for the critiques. My apologies for the sloppy spacing. I believe I have corrected that and improved the readability of the code. No real functionality changes, the biggest change here is the moving of the node utility functions into its own file. Please scrutinize. |
|
I just noticed a thing: if a peer is in our exclude list, we shouldn't ask another peer to check this peer's firewall status, otherwise we'll expose this peer's address. Is this the current behavior? |
Scenario 1: Peer A is in Peer B's "exclude from advertising" list. Peer C connects to Peer B. Peer B should not ask Peer A to do the firewall check, as this would expose Peer A's address. I believe the above is the desired behaviour, and code does not do this. Scenario 2: Peer A is in Peer B's "exclude from advertising" list. Peer A connects. Peer B should not ask anyone for a firewall check for Peer A. I believe the above is the desired behaviour, and code does not do this. I will review the code to verify what I believe is happening, and see where adjustments could/should be made. Logic: |
|
commit 5ce4ffe modifies the firewall check to consider the include/exclude lists when deciding how to respond, and which other peers to ask for assistance. |
libraries/net/node.cpp
Outdated
| !peer->firewall_check_state && // the peer isn't already performing a check for another node | ||
| firewall_check_state->nodes_already_tested.find(peer->node_id) == firewall_check_state->nodes_already_tested.end() && | ||
| _address_builder != nullptr && | ||
| peer->get_remote_endpoint().valid() && |
There was a problem hiding this comment.
Is there a scenario that it's not valid?
There was a problem hiding this comment.
There were actually two instances of this validity check, both based on entries in the _active_connections list. There is no reason to check this, as there is no way an invalid endpoint could be placed in the collection.
There was a problem hiding this comment.
Where is the code that initializes the remote_endpoint variable?
IIRC there is code to update a remote endpoint's IP address from an internal adress to an external address. Not sure if it's related.
|
I've found some entries about firewall check in my log files. While we're on it, please update log level of (maybe) all firewall check messages, don't use |
... from successfully bound local port. BTW add logging.
|
Kudos, SonarCloud Quality Gate passed! |
Fixes #659
This PR adds startup options (available via both command line and the
config.iniconfiguration file) towitness_node:p2p-accept-incoming-connectionswill allow peers to request a connection to your node (default istrue). Set tofalse, your node will not listen for incoming connections. The "accept-incoming-connections" is an existing field in the node configuration file (p2p/node_config.json), now accessible from the command line and theconfig.iniconfiguration file.p2p-inbound-endpoint, used to specify the node's "external" IP address and listening port when it is behind DNAT or a reverse proxy.p2p-connect-to-new-peerswill allow the node to connect to new peers advertised by other peers (default istrue). Set tofalse, the node will ignore all peer advertisements.p2p-advertise-peer-algorithmdetermines how peers are selected to be advertised.p2p-advertise-peer-endpointandp2p-exclude-peer-endpointwork in conjunction with some of the peer algorithms.The peer algorithms that can be used are:
nothingwhich will respond to the requesting peer with an empty listlistwhich will respond with a list of connected peers which are also in the list provided byp2p-advertise-peer-endpointexclude_listwhich will respond with a list of connected peers which are not in the list provided byp2p-exclude-peer-endpointall, or any other value, or if no peer algorithm is provided, all connected peers are advertised as they were before this enhancement.Other changes and improvements:
1776) by default, rather than a random port. Ifp2p-endpointoption is not specified, when the default port is unavailable, the node will listen on a random port.address_messageif it has just requested one200addresses for eachaddress_messagenumber_of_failed_connection_attemptswill be halved on successful outbound connectionnetwork_mapperprogramfc::ip::address::is_loopback_address()(127.*.*.*), fixedis_public_address()to detect loopback addresses