p2p: ip bucketing in addrman via asmap #3229
Conversation
|
@xanimo am I correct in my assumption that this PR also has a peer.dat downgrade issue as we discussed in #3149 (comment)? I think this PR would give us an additional reason to make sure that we release a patch to 1.14.6 once we're done with the build system upgrade - correct? |
|
@patricklodder i've not tested that actually so will need to do that when I get home however yes I agree on the patch post build system upgrade. |
672455c to
cf79f16
Compare
|
@patricklodder Hmm not certain if I'm doing it right but it would appear there are no errors from 1.14.6 to 1.14.7 and vice versa with regards to the peers.dat issue found in #3149. |
|
Thank you, that is hopeful. I'll make it part of testing to be sure. |
|
Tested from this branch: to 1.14.6 with debugging: and vice versa (1.14.6): to this branch: Am still not sure if I'm doing it right though 🤷 anyway hope this helps. |
|
Initial tests with |
|
Are you resubmitting this later? I was still reviewing this and trying to find solutions for observed problems. Spent over a month on it so far. |
Ah my apologies. I'll reopen and rebase on the next applicable dev branch later. |
|
No worries. Apologies from my end for not giving quick feedback. The puzzle on this one has been real. I'm currently at the point of backtracking everything I did to make it work because I was all over the place. Will comment when I've untangled my mess. |
|
Sounds good to me, keep me posted. I'll reopen shortly. |
patricklodder
left a comment
There was a problem hiding this comment.
Test results
I tested this extensively and there are a number of bugs that Bitcoin Core has fixed that need to be backported, because the proposed code contains a bug that jumps too far sometimes, with the result that I saw AWS nodes reported as if they are ran by the US military (which is how I spotted this because I was wondering why Naval bases on both the East and West coast were running dogecoind.)
There are also some known vulnerabilities in the code as ported still.
Commits from upstream that I'd like to see back ported into this, so that we're not in limbo with bad AS detection (that peering decisions are made upon):
Prereqs
At least 2 things backported here should be separated out, I think:
|
|
||
| BOOST_AUTO_TEST_CASE(addrman_serialization) | ||
| { | ||
| std::vector<bool> asmap1 = FromBytes(asmap, sizeof(asmap) * 8); |
There was a problem hiding this comment.
asmap here has a scope issue with gcc 12 / boost 1.74, should be: asmap_raw
| uint256 nKey2 = (uint256)(CHashWriter(SER_GETHASH, 0) << 2).GetHash(); | ||
|
|
||
| BOOST_CHECK(info1.GetNewBucket(nKey1) == 786); | ||
| std::vector<bool> asmap1 = FromBytes(asmap, sizeof(asmap) * 8); |
There was a problem hiding this comment.
asmap here has a scope issue with gcc 12 / boost 1.74, should be: asmap_raw
| uint256 nKey1 = (uint256)(CHashWriter(SER_GETHASH, 0) << 1).GetHash(); | ||
| uint256 nKey2 = (uint256)(CHashWriter(SER_GETHASH, 0) << 2).GetHash(); | ||
|
|
||
| std::vector<bool> asmap1 = FromBytes(asmap, sizeof(asmap) * 8); |
There was a problem hiding this comment.
asmap here has a scope issue with gcc 12 / boost 1.74, should be: asmap_raw
|
Awesome I'll get to work on this over the weekend. Thanks! Also very interesting re east/west coast naval bases/military running dogecoind... |
|
If you like, I can pick up the |
dff6167 to
f1f6062
Compare
f1f6062 to
ffe68e0
Compare
|
I don't believe there are any remaining prerequisites. Going to rebase off #3521 and upstream/1.15.0-dev to verify. |
|
Just passed unit tests on x86_64-pc-linux-gnu so I think we're good to go 🤞 |
|
Test plan:
I'll share files/results. |
We currently do two resolves for dns seeds: one for the results, and one to serve in addrman as the source for those addresses. There's no requirement that the source hostname resolves to the stored identifier, only that the mapping is unique. So rather than incurring the second lookup, combine a private subnet with a hash of the hostname. The resulting v6 ip is guaranteed not to be publicy routable, and has only a negligible chance of colliding with a user's internal network (which would be of no consequence anyway). Cherry-picked from: 7f31762
Cherry-picked from: 92528c2
The scripts for creating a compact IP->ASN mapping are here: https://github.com/sipa/asmap Co-authored-by: Pieter Wuille <pieter.wuille@gmail.com> Cherry-picked from: 8feb4e4
Instead of using /16 netgroups to bucket nodes in Addrman for connection diversification, ASN, which better represents an actor in terms of network-layer infrastructure, is used. For testing, asmap.raw is used. It represents a minimal asmap needed for testing purposes. Cherry-picked from: ec45646
If ASN bucketing is used, return a corresponding AS used in bucketing for a given peer. Cherry-picked from: e4658aa
Cherry-picked from: 3c1bc40
This is a backport of bitcoin's 16702 pull request with a minimal subset of other cherry-picks needed in order to get it up and running.