Skip to content

p2p: Allow whitelisting manual connections#27114

Merged
achow101 merged 7 commits into
bitcoin:masterfrom
brunoerg:2023-02-outgoing-whitelist
Mar 12, 2024
Merged

p2p: Allow whitelisting manual connections#27114
achow101 merged 7 commits into
bitcoin:masterfrom
brunoerg:2023-02-outgoing-whitelist

Conversation

@brunoerg

@brunoerg brunoerg commented Feb 16, 2023

Copy link
Copy Markdown
Contributor

Revives #17167. It allows whitelisting manual connections. Fixes #9923

Since there are some PRs/issues around this topic, I'll list some motivations/comments for whitelisting outbound connections from them:

@DrahtBot

DrahtBot commented Feb 16, 2023

Copy link
Copy Markdown
Contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

Type Reviewers
ACK sr-gi, pinheadmz, achow101
Concept NACK luke-jr
Concept ACK furszy, RandyMcMillan
Approach ACK jonatack
Stale ACK pablomartin4btc, naumenkogs, stratospher

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #29415 (Broadcast own transactions only via short-lived Tor or I2P connections by vasild)
  • #28834 (net: attempts to connect to all resolved addresses when connecting to a node by sr-gi)
  • #28710 (Remove the legacy wallet and BDB dependency by achow101)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@DrahtBot DrahtBot added the P2P label Feb 16, 2023
@brunoerg

Copy link
Copy Markdown
Contributor Author

cc: @furszy @theStack

@naumenkogs

Copy link
Copy Markdown
Contributor

Concept ACK

@stratospher stratospher left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

concept ACK. whitelisting outgoing connections is a useful feature to have! went through the code and it looks good.

  • integration tests in p2p_permissions.py would be nice! (It’d be interesting to see the behaviour when different permissions are set in different connection directions.)
  • something i had trouble understanding was if we give a trusted peer special permissions, would it matter who initiated the connection?
  • micro nit: next time you rebase/update, maybe reword the 1st commit message to use NetPermissionFlags::Implicit instead of PF_ISIMPLICIT?

Comment thread src/init.cpp Outdated

@furszy furszy left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concept ACK

Could also add a test framework option to whitelist peers. So we don't have to add -whitelist flag everywhere.

@brunoerg

Copy link
Copy Markdown
Contributor Author

Could also add a test framework option to whitelist peers. So we don't have to add -whitelist flag everywhere.

Sounds good! Gonna implement it!

@brunoerg brunoerg force-pushed the 2023-02-outgoing-whitelist branch 2 times, most recently from 67b32c5 to 6ed6fca Compare March 14, 2023 23:24
@brunoerg

brunoerg commented Mar 15, 2023

Copy link
Copy Markdown
Contributor Author

force-pushed: Added self.whitelist_peers in test_framework to avoid having to add -whitelist flag everywhere. Also, I changed the 1st commit message as suggested by @stratospher.

@brunoerg

Copy link
Copy Markdown
Contributor Author

Rebased

@glozow

glozow commented Apr 20, 2023

Copy link
Copy Markdown
Member

linking #9923
perhaps also relevant: #10594, #10051

@jonatack jonatack left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 19f3f3a316660890f03d6ddcb4a4230eb2ff5e91 with some suggestions

Comment thread src/net.h Outdated
Comment thread src/net_permissions.cpp Outdated
Comment thread src/net_permissions.cpp Outdated
Comment thread src/net_permissions.cpp Outdated
Comment thread src/test/fuzz/net_permissions.cpp Outdated
Comment thread src/test/netbase_tests.cpp Outdated
Comment thread src/init.cpp Outdated
Comment thread test/functional/test_framework/test_framework.py Outdated
Comment thread test/functional/mempool_reorg.py Outdated

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

19f3f3a This doesn't seem to be a pure refactoring here and in mempool_packages.py and p2p_segwit.py

@luke-jr

luke-jr commented Jan 26, 2024

Copy link
Copy Markdown
Member

Concept NACK to restricting it to only manual connections. This will cause random breakage when automatic peering happens to connect to a manual peer first.

@mzumsande

Copy link
Copy Markdown
Contributor

Concept NACK to restricting it to only manual connections. This will cause random breakage when automatic peering happens to connect to a manual peer first.

did you see #28895? We don't make automatic connections to manually specified peers anymore.

@luke-jr

luke-jr commented Jan 26, 2024

Copy link
Copy Markdown
Member

Hmm, it's still weird, but I guess it's not terrible then.

@sr-gi sr-gi left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approach ACK 1d0216e

Comment thread src/net.h Outdated
Comment thread src/net_permissions.cpp Outdated
Comment thread src/net.cpp Outdated
Comment thread src/net.h Outdated
Comment thread src/net_permissions.cpp Outdated
Comment thread src/net_permissions.cpp Outdated

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may be worth documenting this in the method docs to prevent potential future footshots

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good

Comment thread src/net_processing.cpp Outdated
Comment thread test/functional/feature_fee_estimation.py Outdated
Comment thread src/init.cpp Outdated
@brunoerg

brunoerg commented Feb 9, 2024

Copy link
Copy Markdown
Contributor Author

@sr-gi

sr-gi commented Feb 9, 2024

Copy link
Copy Markdown
Member

tACK c10f528

@naumenkogs

Copy link
Copy Markdown
Contributor

ACK c10f528350152ca9248e8c167b67993fc7321ca3

@pinheadmz pinheadmz left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK c10f528350152ca9248e8c167b67993fc7321ca3

I left comments on a few nits but none are breaking for me. Happy to re-ACK if you update.

Built and ran all functional and unit tests locally on macOS/arm

Reviewed specific changes since my last ACK:

git range-diff abfc8c901d..d69747ab65 5883a8911a..c10f528350
  • Move relay flags to netpermissions from net
  • Only apply new logic to manual connections
  • Apply flag to new tests added since last review
Show Signature
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ACK c10f528350152ca9248e8c167b67993fc7321ca3
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE5hdzzW4BBA4vG9eM5+KYS2KJyToFAmXVHeAACgkQ5+KYS2KJ
yTqDMxAApyQUw15xZWgrgO+pvNMlRKensYTKTHvPUZK8MeLpM6MfBVruWAnZwxlC
2qj6qyAP+j7mOAOYqZqNo5fgwfD01ruNCL/bCpwAa51/hD3yPf9I/h1nA6AFNoVT
y9JvyknUKWHRWceNi1vBMa9lrkt5IkJ1o/padFaa52OO01OEBTf+ZJQ7FyHlFcQ2
nttow4AIXPM37mYFLil9DGOc90qn728fICC6QrUDXjLL2AGFCPJfysl4vv5FwX6E
92txS6FDh5P8z54DxTOiFSlTVemwOtmSZAtM5Kvs7tgeAiBlOmD9vsMC9BUwRs+c
7Swn9MUiIZ+kveh6oS7SGAQv3uj4kOyhyOPV3iKJKylEaFoivUN2YMtdhNUwUC8i
bz8p5nbkO397HvHuCQ3mEUcWfYeTXS2ozZfRcbvTXqnZMb5QCuM7CPkH+w5QG/hi
yGQDp+SbqDFLiEWejmFysIKhDeXuz110jhydgr77UuiCcTVjPTUCvrEw0hZ/PkZi
ev/tnL0xsC2Nm3gnsjY5ilE+kbkjEerf19qgJ45lweMI2pvT+BNSWxFYxSNbQpYm
ayYcnsYfHbHdoPlLJoTUO44yOyWSdsqu6tLBdYYuH1nDkoijaTl27O9SI5Cxe2E0
9BdBUPu2c9STB1VZzZLNOTiRgKyXq/rYloSyksiI6Jd4HK48zGI=
=rbZH
-----END PGP SIGNATURE-----

pinheadmz's public key is on keybase

Comment thread src/net.cpp Outdated
Comment thread src/net.h Outdated
Comment thread doc/release-notes-27114.md Outdated
@brunoerg

brunoerg commented Feb 26, 2024

Copy link
Copy Markdown
Contributor Author

Force-pushed addressing #27114 (comment). Just removed an unecessary variable.

cc: @naumenkogs @sr-gi @pinheadmz

@pinheadmz pinheadmz left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 231e1797023c3502e1605b263b24f29eb659ce55

Show Signature
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ACK 231e1797023c3502e1605b263b24f29eb659ce55
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE5hdzzW4BBA4vG9eM5+KYS2KJyToFAmXcuNkACgkQ5+KYS2KJ
yTq5oxAAyNHLUhXS4t6pe+5obxZMLEleSnZvMbq7ILrxCeNc0ke7KQKmy/sMFOT9
5pBN8Pc3e/LLtxlx+rNuspiooGqBKz3tRV0fEdAdBt4gQhoyaA7+KuFxfOZXjM5z
TnimlvgAxZk1bI8RWP/Pd/hvd5rMqWBKu5SLtyycVnZ+lQCObtAyMQVart9KjLpw
ORTCUPJgSZjc3OqcFvjyKkxKkZEQgmqd67h4j3+k6AoKRsJwauqPZMALYVtLFPb0
T7xf/6BPk51cyVhflNzv7J3MIOQE4ojlLvPRi+Q3bRZJCoEuPYtfzA8NWz/bKS8o
M4jMuHanvMiLUbBRWWYZ1nv1AlgB9PBcSODi0iU1C3ZBppAb3uG+AYR3xP0NVnBF
F2uheUGrKKsGgimdUFg8sjSTjwEZhAJOq0AwN/D1subNOfJl6jCMo3sF9NnECFBn
plvZoyU3rJSfdfukQOYeF7Q+xF/GxpUUZVSWKtgenpCoc4KvM6c+3aclfDmFKe1s
jgMal6sXkEGjjWIHeCs/fsdMg2PWK8iQqX0iuTDYc1RsD1XjIwiYdgO3oy5oDVjm
M7eDUd04ISsqFVDyY6j/F+jxKFZT1cZxzOj2ACZJegaWUW/xQrVBZ1CD64twtT7p
Ys8svqCF8JiKes0LSWZSG8aHEVz4yx53FukltCljdtbd3CBCM0g=
=yWJM
-----END PGP SIGNATURE-----

pinheadmz's public key is on keybase

Comment thread src/init.cpp Outdated
Comment thread src/net_permissions.h Outdated
Comment thread src/net_permissions.cpp Outdated
@brunoerg

Copy link
Copy Markdown
Contributor Author

@sr-gi sr-gi left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

re-ACK 0a53361

@pinheadmz pinheadmz left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 0a53361

confirmed minimal diff since last ack

Show Signature
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ACK 0a533613fb44207053796fd01a9f4b523a3153d4
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE5hdzzW4BBA4vG9eM5+KYS2KJyToFAmXg8cMACgkQ5+KYS2KJ
yTqb9BAAlsYlKQ6Umtb5FVctkQebcoO7F4P0cHseOl97Xlkcr+slqDGDnYNs19ft
6Ct9HJkB/faLzOQ2gyGq3cOxMevkuQEWBxAKti54uoHY5X5Ye51W5ejJz3BLT+Sw
pDhwlpXo2hSz7GhgpUeb6mj0+rHyA3pMXNvFGjcrjHCX4AeJdWLZEcau0avZ+Luj
5cl0cDxNztu6xWCSAdoooEDyHcpXifYafPOkMV2L6qefh94rZuHuc7gmCnff5geB
lb5DZJQm6lJiLLQBHQ6UUw5hLx4Myfn0Vdb3h937amiwZ+2RsTEHTT1RoZ0lT1Q4
qi/ehtXq+iLcqAA2FzHaiTc1IgZzG3ylJQMGov5rQ2irIpYBKyzPBgZcSloS49oK
lbMB3a3onyABtmmyCQGLG/ituxp8n1/MawyANaQj+uJF7aJrVoylkNctm7J5gb5T
6YYeYVEV/Dav+OqeJj+LZr+4zxvYHndTgrE7MgTZsGMoam/A7jzjZdS3Y0nceCIZ
Lm2d57+nzar/36pp2zzfS6yTjdIgK1NxGEYDLDSBSXdWV3YVaCbGezMzghAc2Wb1
l5JHH+SFvXhOY5WaciuhOUWF7wq726WtaNUeUGldIGHqJB0QrkJOB1IUqpkbaCOU
d4g4ePAXMkxIeo+m9QXwARLX9iFHr4AkW+qsytQoS3OgMQIQpdQ=
=N5cR
-----END PGP SIGNATURE-----

pinheadmz's public key is on keybase

@stratospher stratospher left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

concept ACK! it's useful to be able to whitelist and give special permissions to manual peers which are essentially peers you trust.

I've gone through all the commits but not leaving a code review/approach ACK since I don't understand why we'd need different permissions for each connection direction. (related comments - #17167 (comment), #27114 (comment), #27114 (comment))

def set_test_params(self):
self.num_nodes = 2
# whitelist peers to speed up tx relay / mempool sync
self.noban_tx_relay = True

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

c985eb8: isn't this a behaviour change in the functional test? now, the second node also has noban permission - previously it didn't. same situation happens in test/functional/p2p_segwit.py.

so maybe keep "-whitelist=noban@127.0.0.1" instead of self.noban_tx_relay = True in both these tests.

(haven't looked into how having noban permission for second node affects the functional test though.)

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I does not affect the behaviour of the tests since those tests does not test any misbehaviour. It is just to speed up tx relay.

@achow101

Copy link
Copy Markdown
Member

ACK 0a53361

Comment thread src/net_permissions.cpp
// By default, whitelist only applies to incoming connections
if (connection_direction == ConnectionDirection::None) {
connection_direction = ConnectionDirection::In;
} else if (flags == NetPermissionFlags::None) {

@sr-gi sr-gi Apr 10, 2024

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Going over this PR again, shouldn't this have been a separate if statement instead of an if/else (or not a condition at all)?

Right now we are accepting expressions of the type @ip:port (which were already accepted before), but not expressions of the type in/out@ip:port.

The former will pass and default to ConnectionDirection::In + NetPermissionFlags::Implicit, while the latter will be rejected. That feels inconsistent

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Whitelisting outgoing connections