Commit graph

29743 commits

Author SHA1 Message Date
Sebastian Falbesoner
9550dffa0c fuzz: Assert roundtrip equality for CPubKey 2021-06-17 17:03:03 +02:00
James O'Beirne
615c1adfb0
refactor: wrap CCoinsViewCursor in unique_ptr
Specifically with CCoinsViewDB, if a raw cursor is allocated and
not freed, a cryptic leveldb assertion failure occurs on
CCoinsViewDB destruction.

See: https://github.com/google/leveldb/issues/142#issuecomment-414418135
2021-06-17 09:47:08 -04:00
MarcoFalke
922abe8ca3
Merge bitcoin/bitcoin#22268: fuzz: Add temporary debug assert for oss-fuzz issue
faf1af58f8 fuzz: Add Temporary debug assert for oss-fuzz issue (MarcoFalke)

Pull request description:

  oss-fuzz is acting weird, so add an earlier assert to help troubleshooting

ACKs for top commit:
  practicalswift:
    cr ACK faf1af58f8

Tree-SHA512: 85830d7d47cf6b4edfe91a07bd5aa8f7110db0bade8df93868cf276ed04d5dd17e671f769e6a0fb5092012b86aa82bb411fb171411f15746981104ce634c88c1
2021-06-17 14:57:09 +02:00
MarcoFalke
6eafa81b32
Merge bitcoin/bitcoin#22267: fuzz: Speed up crypto fuzz target
fa483e9f68 fuzz: Speed up crypto fuzz target (MarcoFalke)

Pull request description:

  May fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34962

  Similar solution to https://github.com/bitcoin/bitcoin/pull/22005

ACKs for top commit:
  practicalswift:
    cr ACK fa483e9f68: patch looks correct and rationale makes sense

Tree-SHA512: 3788cf9f6ba0f7a0a217cd3a6a825839689425e99e4d6d657981d291a001b0da7c5abb50a68b4ee1c2a8300b87fb92e4e3ccc1171907792b40251e467c33bd53
2021-06-17 12:54:27 +02:00
MarcoFalke
faf1af58f8
fuzz: Add Temporary debug assert for oss-fuzz issue 2021-06-17 10:55:39 +02:00
MarcoFalke
fa483e9f68
fuzz: Speed up crypto fuzz target 2021-06-17 10:32:59 +02:00
MarcoFalke
dd24567a24
Merge bitcoin/bitcoin#22120: test: p2p_invalid_block: Check that a block rejected due to too-new tim…
754e802274 test: check rejected future block later accepted (Luke Dashjr)

Pull request description:

  (Luke) was unsure if the code sufficiently avoided caching a
  time-too-new rejection, so wrote this test to check it.  It looks like
  despite only exempting BLOCK_MUTATED, it is still okay because header
  failures never cache block invalidity.  This test will help ensure that
  if this ever changes, BLOCK_TIME_FUTURE gets excluded at the same time.

  This PR re-opens https://github.com/bitcoin/bitcoin/pull/17872 which went stale and addresses the nits raised by reviewers there.

ACKs for top commit:
  MarcoFalke:
    review ACK 754e802274

Tree-SHA512: a2bbc8fffb523cf2831e1ecb05f20868e30106a38cc2e369e4973fa549cca06675a668df16f76c49cc4ce3a22925404255e5c53c4232d63ba1b9fca878509aa0
2021-06-17 09:05:52 +02:00
fanquake
d50302625e
Merge bitcoin/bitcoin#22182: guix: Overhaul how guix-{attest,verify} works and hierarchy
e2c40a4ed5 guix-attest: Error out if SHA256SUMS is unexpected (Carl Dong)
4cc35daed5 Rewrite guix-{attest,verify} for new hier (Carl Dong)
28a9c9b839 Make SHA256SUMS fragment right after build (Carl Dong)

Pull request description:

  Based on:  #22075
  Code reviewers: I recommend reading the new `guix-{attest,verify}` files instead of trying to read the diff

  The following changes resolve many usability improvements which were pointed out to me:
  1. Some maintainers like to extract their "uncodesigned tarball" inside the `output/` directory, resulting in the older `guix-attest` mistakenly attesting to the extracted contents
  2. Maintainers whose GPG keys reside on an external smartcard often need to physically interact with the smartcard as a way to approve the signing operation, having one signature per platform means a lot of fidgeting
  3. Maintainers wishing to sign on a separate machine now has the option of transferring only a subtree of `output/`, namely `output/*/SHA256SUMS.part`, in order to perform a signature (you may need to specify an `$OUTDIR_BASE` env var)
  4. An `all.SHA256SUMS` file should be usable as the base `SHA256SUMS` in bitcoin core torrents and on the release server.

  For those who sign on an separate machine than the one you do builds on, the following steps will work:
  1. `env GUIX_SIGS_REPO=/home/achow101/guix.sigs SIGNER=achow101 NO_SIGN=1 ./contrib/guix/guix-attest`
  2. Copy `/home/achow101/guix.sigs/<tag>/achow101` (which does not yet have signatures) to signing machine
  3. Sign the `SHA256SUMS` files:
      ```bash
      for i in "<path-to-achow101>/*.SHA256SUMS"; do
          gpg --detach-sign --local-user "<your-key-here>" --armor --output "$i"{.asc,}
      done
      ```
  5. Upload `<path-to-achow101>` (now with signatures) to `guix.sigs`

  -----

  After this change, output directories will now include a `SHA256SUMS.part` fragment, created immediately after a successful build:
  ```
  output
  └── x86_64-w64-mingw32
      ├── bitcoin-4e069f7589da-win64-debug.zip
      ├── bitcoin-4e069f7589da-win64-setup-unsigned.exe
      ├── bitcoin-4e069f7589da-win64.zip
      ├── bitcoin-4e069f7589da-win-unsigned.tar.gz
      └── SHA256SUMS.part
  ```

  These `SHA256SUMS.part` fragments look something like:
  ```
  3ebd7262b1a0a5bb757fef1f70e7e14033c70f98c059bc4dbfee5d1992b25825  dist-archive/bitcoin-4e069f7589da.tar.gz
  def2e7d3de5ab3e3f955344e75151df4f33713f9101f5295bd13c9375bdf633b  x86_64-w64-mingw32/bitcoin-4e069f7589da-win64-debug.zip
  643049fe3ee4a4e83a1739607e67b11b7c9b1a66208a6f35a9ff634ba795500e  x86_64-w64-mingw32/bitcoin-4e069f7589da-win64-setup-unsigned.exe
  a247a1ccec0ccc2e138c648284bd01f6a761f2d8d6d07d91b5b4a6670ec3f288  x86_64-w64-mingw32/bitcoin-4e069f7589da-win-unsigned.tar.gz
  fab76a836dcc592e39c04fd2396696633fb6eb56e39ecbf6c909bd173ed4280c  x86_64-w64-mingw32/bitcoin-4e069f7589da-win64.zip
  ```

  Meaning that they are valid `SHA256SUMS` files when `sha256sum --check`'d at the `guix-build-*/output` directory level

  When `guix-attest` is invoked, these `SHA256SUMS.part` files are combined and sorted (by `-k2`, `LC_ALL=C`) to create:

  1. `noncodesigned.SHA256SUMS` for a manifest of all non-codesigned outputs, and
  3. `all.SHA256SUMS` for a manifest of all outputs including non-codesigned outputs

  Then both files are signed, resulting in the following `guix.sigs` hierarchy:
  ```
  4e069f7589da/
  └── dongcarl
      ├── all.SHA256SUMS
      ├── all.SHA256SUMS.asc
      ├── noncodesigned.SHA256SUMS
      └── noncodesigned.SHA256SUMS.asc
  ```

ACKs for top commit:
  achow101:
    ACK e2c40a4ed5
  hebasto:
    ACK e2c40a4ed5, tested on Linux Mint 20.1 (x86_64) with and w/o `NO_SIGN=1`. Changes in `contrib/guix/libexec/codesign.sh` and `contrib/guix/guix-verify` are reviewed only.

Tree-SHA512: 618aacefb0eb6595735a9ab6a98ea6598fce65f9ccf33fa1e7ef93bf140c0f6cfc16e34870c6aa3e4777dd3f004b92a82a994141879870141742df948ec59c1f
2021-06-17 13:10:37 +08:00
fanquake
7c561bea52
Merge bitcoin/bitcoin#21935: Enable external signer support by default, reduce #ifdef
2f5bdcbc31 gui: misc external signer fixes and translation hints (Sjors Provoost)
d672404466 refactor: make ExternalSigner NetworkArg() and m_chain private (Sjors Provoost)
4455145e26 refactor: reduce #ifdef ENABLE_EXTERNAL_SIGNER usage (Sjors Provoost)
5be90c907e build: enable external signer by default (Sjors Provoost)
7d9453041b refactor: clean up external_signer.h includes (Sjors Provoost)
fc0eca31b3 fuzz: fix fuzz binary linking order (Sjors Provoost)

Pull request description:

  This follows the introduction of GUI support in https://github.com/bitcoin-core/gui/pull/4

  I don't think we should expect GUI users to self compile. This also enables external signer support by default for RPC users.

  In addition this PR reduces the number of `#ifdef ENABLE_EXTERNAL_SIGNER`, which also fixes #21919. When compiled with `--disable-external-signer` such wallets can't be created in RPC or GUI, but they can be loaded. Attempting any action that calls HWI will trigger an error.

  Side-note: this PR may or may not (currently) break CI for the GUI repository, as explained here: https://github.com/bitcoin-core/gui/pull/4#issuecomment-769859001

ACKs for top commit:
  achow101:
    ACK 2f5bdcbc31
  hebasto:
    re-ACK 2f5bdcbc31

Tree-SHA512: 1b71c5a8bea2be077ee9fa33a01130c957a0cf90951d4b7b04d3d0ef826bb77e474c3963abddfef2e2c1ea99d9c72cd2302d1eb9b5fcb7ba0bd2a625f006aa05
2021-06-17 12:47:37 +08:00
fanquake
65c4a36e57
Merge bitcoin/bitcoin#22258: build: Disable deprecated-copy warning only when external warnings are enabled
1111457d74 build: Disable deprecated-copy warning only when external warnings are enabled (MarcoFalke)

Pull request description:

  Fixes https://github.com/bitcoin/bitcoin/issues/18967

  Alternative to https://github.com/bitcoin/bitcoin/pull/22240

ACKs for top commit:
  fanquake:
    tACK 1111457d74

Tree-SHA512: 0fc826f26ebbeab662fa7eed2a5cc1630c6c4e612deb91734885fc8bae0352be657ec48ae94ff55a984ac36d27b95cea8d947cc5cf408231d56addecf79db83f
2021-06-17 11:44:18 +08:00
sanket1729
55311197c4 Added new test for future blocks reacceptance
Adds a test case for checking reacceptance a previously rejected block
that was too far in the future.
2021-06-16 16:43:20 -07:00
sanket1729
511a5af462 Fixed inconsistencies between code and comments
1) Makes the code for block 44 consistent with  the expected figure in
the comment above it by adding a transaction to the block
2) Fixed comment describing sign_tx() function
2021-06-16 16:43:20 -07:00
MarcoFalke
1111457d74
build: Disable deprecated-copy warning only when external warnings are enabled 2021-06-16 15:44:27 +02:00
Sjors Provoost
2f5bdcbc31
gui: misc external signer fixes and translation hints 2021-06-16 10:48:58 +02:00
Sjors Provoost
d672404466
refactor: make ExternalSigner NetworkArg() and m_chain private 2021-06-16 10:48:58 +02:00
Sjors Provoost
4455145e26
refactor: reduce #ifdef ENABLE_EXTERNAL_SIGNER usage
In particular this make the node interface independent on whether external signer support is compiled.
2021-06-16 10:48:58 +02:00
Sjors Provoost
5be90c907e
build: enable external signer by default 2021-06-16 10:48:57 +02:00
Sjors Provoost
7d9453041b
refactor: clean up external_signer.h includes
Co-Authored-By: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
2021-06-16 10:48:38 +02:00
Sjors Provoost
fc0eca31b3
fuzz: fix fuzz binary linking order
We encountered a linking error when attempting to include external_signer_scriptpubkeyman.cpp when configured with --disable-external-signer.

Everywhere else we have LIBBITCOIN_WALLET, it is always before LIBBITCOIN_COMMON. But if you go up to where FUZZ_SUITE_LD_COMMON is first set, you see that we will end up having LIBBITCOIN_COMMON set before LIBBITCOIN_WALLET which means that the linker will have problems linking things common things that the wallet uses. Because the order is correct for the other targets, we only see a linker error for test/fuzz/fuzz.

In this diff, LIBTEST_UTIL and LIBTEST_FUZZ are moved to the top because they include LIBBITCOIN_SERVER and LIBBITCOIN_COMMON. LIBBITCOIN_SERVER always needs to be the first item in the linker order since it has the most dependencies.

The makefiles for making the fuzz and test binaries should be revisited so that the linking order is made consistent with the rest of the code and to avoid other linker order issues that may crop up in the future.

Co-Authored-By: Andrew Chow <achow101-github@achow101.com>
2021-06-16 10:41:24 +02:00
fanquake
6bc1eca01b
Merge bitcoin/bitcoin#22144: Randomize message processing peer order
79c02c88b3 Randomize message processing peer order (Pieter Wuille)

Pull request description:

  Right now, the message handling loop iterates the list of nodes always in the same order: the order they were connected in (see the `vNodes` vector). For some parts of the net processing logic, this order matters. Transaction requests are assigned explicitly to peers since #19988, but many other parts of processing work on a "first-served-by-loop-first" basis, such as block downloading. If peers can predict this ordering, it may be exploited to cause delays.

  As there isn't anything particularly optimal about the current ordering, just make it unpredictable by randomizing.

  Reported by Crypt-iQ.

ACKs for top commit:
  jnewbery:
    ACK 79c02c88b3
  Crypt-iQ:
    ACK 79c02c88b3
  sdaftuar:
    utACK 79c02c88b3
  achow101:
    Code Review ACK 79c02c88b3
  jamesob:
    crACK 79c02c88b3
  jonatack:
    ACK 79c02c88b3
  vasild:
    ACK 79c02c88b3
  theStack:
    ACK 79c02c88b3

Tree-SHA512: 9a87c4dcad47c2d61b76c4f37f59674876b78f33f45943089bf159902a23e12de7a5feae1a73b17cbc3f2e37c980ecf0f7fd86af9e6fa3a68099537a3c82c106
2021-06-16 11:27:16 +08:00
fanquake
8f7704d032
build: improve detection of eBPF support
Just checking for the `sys/sdt.h` header isn't enough, as systems like
macOS have the header, but it doesn't actually have the dtrace probes,
which leads to compile failures.
2021-06-16 10:16:03 +08:00
Luke Dashjr
754e802274
test: check rejected future block later accepted
(Luke) was unsure if the code sufficiently avoided caching a
time-too-new rejection, so wrote this test to check it.  It looks like
despite only exempting BLOCK_MUTATED, it is still okay because header
failures never cache block invalidity.  This test will help ensure that
if this ever changes, BLOCK_TIME_FUTURE gets excluded at the same time.

Co-authored-by: Will Clark <will8clark@gmail.com>
2021-06-15 21:35:29 +01:00
S3RK
451b96f7d2 test: kill process group to avoid dangling processes 2021-06-15 09:37:58 +02:00
fanquake
eb63b1db2c
Merge bitcoin/bitcoin#22247: Switch Appveyor CI to VS2019 stable image
aab7fd0f8d Switch Appveyor CI to VS2019 stable image (Aaron Clauson)

Pull request description:

  The current appveyor config is using the VS2019 preview image so the latest prebuilt Qt5.12.11 binaries can be used, see #22224.

  Appveyor updated the Visual Studio 2019 image to msbuild v16.10.1 on 14th of June. This is the version used to build the latest Qt binaries and removes the need to use the Appveyor VS2019 preview image.

ACKs for top commit:
  MarcoFalke:
    review ACK aab7fd0f8d if green
  practicalswift:
    cr ACK aab7fd0f8d: patch looks correct
  hebasto:
    ACK aab7fd0f8d

Tree-SHA512: 42ea4e6e27a2099ddeed99a3352e8ff014df1e93fbcb1f0f2ebd6f22ec2fb71212275a2adb2a7858516203e566c6ba053367b4ac7e0b74457f7a35e941d6fdd4
2021-06-15 09:25:58 +08:00
Hennadii Stepanov
3f68f02db9
Merge bitcoin-core/gui#362: Add keyboard shortcuts to context menus
e4c916a0ea Bugfix: GUI: Use a different shortcut for "1 d&ay" banning, due to conflict with "&Disconnect" (Luke Dashjr)
94e7cdd7e0 GUI: Add keyboard shortcuts for other context menus (Luke Dashjr)
02b5263cd4 GUI: Restore keyboard shortcuts for context menu entries (Luke Dashjr)

Pull request description:

  Various keyboard shortcuts were lost in #263; this restores them, and also adds new ones for other context menus.

  Note that with a context menu open, simply the shortcut by itself (no Alt) is used.

ACKs for top commit:
  jarolrod:
    Code Review ACK e4c916a
  hebasto:
    ACK e4c916a0ea, tested on Linux Mint 20.1 (Qt 5.12.8).

Tree-SHA512: 949461acf7aac592bc48a1c5abad41b167365830e0cedb3aa11b6a87bd347e16126830ea87936f9c9efc4b7df5b09d3833fae784964d6d119ed45703cfba2ffd
2021-06-15 00:57:18 +03:00
Carl Dong
e2c40a4ed5 guix-attest: Error out if SHA256SUMS is unexpected 2021-06-14 17:05:26 -04:00
Aaron Clauson
aab7fd0f8d
Switch Appveyor CI to VS2019 stable image
The current appveyor config is using the VS2019 preview image so the latest prebuilt Qt5.12.11 binaries can be used, see #22224.

Appveyor updated the Visual Studio 2019 image to msbuild v16.10.1 on 14th of June. This is the version used to build the latest Qt binaries and removes the need to use the Appveyor VS2019 preview image.
2021-06-14 20:35:00 +01:00
W. J. van der Laan
a33381acf5 devtools: Add xkb version to symbol-check
xkb versions symbols (using the prefix `V`), as this library is used by
bitcoin-qt, add it to the valid versions in `symbol-check.py`.
2021-06-14 20:32:09 +02:00
W. J. van der Laan
19e598bab0 devtools: Fix verneed section parsing in pixie
I misunderstood the ELF specification for version symbols (verneed):
The `vn_aux` pointer is relative to the main verneed record, not the
start of the section.

This caused many symbols to not be versioned properly in the return
value of `elf.dyn_symbols`. This was discovered in #21454.

Fix it by correcting the offset computation.
2021-06-14 20:31:58 +02:00
MarcoFalke
3a2c84a6b5
Merge bitcoin/bitcoin#19238: refactor: Make CAddrMan::cs non-recursive
ae98aec9c0 refactor: Make CAddrMan::cs non-recursive (Hennadii Stepanov)
f5d1c7fac7 Add AssertLockHeld to CAddrMan private functions (Hennadii Stepanov)
5ef1d0b698 Add thread safety annotations to CAddrMan public functions (Hennadii Stepanov)
b138973a8b refactor: Avoid recursive locking in CAddrMan::Clear (Hennadii Stepanov)
f79a664314 refactor: Apply consistent pattern for CAddrMan::Check usage (Hennadii Stepanov)
187b7d2bb3 refactor: Avoid recursive locking in CAddrMan::Check (Hennadii Stepanov)
f77d9c79aa refactor: Fix CAddrMan::Check style (Hennadii Stepanov)
06703973c7 Make CAddrMan::Check private (Hennadii Stepanov)
efc6fac951 refactor: Avoid recursive locking in CAddrMan::size (Hennadii Stepanov)
2da95545ea test: Drop excessive locking in CAddrManTest::SimConnFail (Hennadii Stepanov)

Pull request description:

  This PR replaces `RecursiveMutex CAddrMan::cs` with `Mutex CAddrMan::cs`.

  All of the related code branches are covered by appropriate lock assertions to insure that the mutex locking policy has not been changed by accident.

  Related to #19303.

  Based on #22025, and first three commits belong to it.

ACKs for top commit:
  vasild:
    ACK ae98aec9c0

Tree-SHA512: c3a2d3d955a75befd7e497a802b8c10730e393be9111ca263ad0464d32fae6c7edf9bd173ffb6bc9bb61c4b39073a74eba12979d47f26b0b7b4a861d100942df
2021-06-14 16:41:14 +02:00
Hennadii Stepanov
ae98aec9c0
refactor: Make CAddrMan::cs non-recursive 2021-06-14 17:28:38 +03:00
Hennadii Stepanov
f5d1c7fac7
Add AssertLockHeld to CAddrMan private functions 2021-06-14 17:28:38 +03:00
Hennadii Stepanov
5ef1d0b698
Add thread safety annotations to CAddrMan public functions 2021-06-14 17:28:38 +03:00
Hennadii Stepanov
b138973a8b
refactor: Avoid recursive locking in CAddrMan::Clear
Co-authored-by: John Newbery <john@johnnewbery.com>
2021-06-14 17:28:37 +03:00
Hennadii Stepanov
f79a664314
refactor: Apply consistent pattern for CAddrMan::Check usage
Co-authored-by: John Newbery <john@johnnewbery.com>
2021-06-14 17:28:37 +03:00
Hennadii Stepanov
187b7d2bb3
refactor: Avoid recursive locking in CAddrMan::Check 2021-06-14 17:28:37 +03:00
Hennadii Stepanov
f77d9c79aa
refactor: Fix CAddrMan::Check style
This change improves readability, and follows Developer Notes.
2021-06-14 17:28:36 +03:00
Hennadii Stepanov
06703973c7
Make CAddrMan::Check private
Change in the addrman.h header is move-only.
2021-06-14 17:28:30 +03:00
Hennadii Stepanov
efc6fac951
refactor: Avoid recursive locking in CAddrMan::size 2021-06-14 17:21:28 +03:00
Hennadii Stepanov
2da95545ea
test: Drop excessive locking in CAddrManTest::SimConnFail
The unit test is single threaded, so there's no need to hold the mutex
between Good() and Attempt().

This change avoids recursive locking in the CAddrMan::Attempt function.

Co-authored-by: John Newbery <john@johnnewbery.com>
2021-06-14 17:21:22 +03:00
W. J. van der Laan
5c4f0c4d46
Merge bitcoin/bitcoin#21261: p2p: update inbound eviction protection for multiple networks, add I2P peers
1b1088d52f test: add combined I2P/onion/localhost eviction protection tests (Jon Atack)
7c2284eda2 test: add tests for inbound eviction protection of I2P peers (Jon Atack)
ce02dd1ef1 p2p: extend inbound eviction protection by network to I2P peers (Jon Atack)
70bbc62711 test: add combined onion/localhost eviction protection coverage (Jon Atack)
045cb40192 p2p: remove unused m_is_onion member from NodeEvictionCandidate struct (Jon Atack)
310fab4928 p2p: remove unused CompareLocalHostTimeConnected() (Jon Atack)
9e889e8a5c p2p: remove unused CompareOnionTimeConnected() (Jon Atack)
787d46bb2a p2p: update ProtectEvictionCandidatesByRatio() doxygen docs (Jon Atack)
1e15acf478 p2p: make ProtectEvictionCandidatesByRatio() fully ratio-based (Jon Atack)
3f8105c4d2 test: remove combined onion/localhost eviction protection tests (Jon Atack)
38a81a8e20 p2p: add CompareNodeNetworkTime() comparator struct (Jon Atack)
4ee7aec47e p2p: add m_network to NodeEvictionCandidate struct (Jon Atack)
7321e6f2fe p2p, refactor: rename vEvictionCandidates to eviction_candidates (Jon Atack)
ec590f1d91 p2p, refactor: improve constness in ProtectEvictionCandidatesByRatio() (Jon Atack)
4a19f501ab test: add ALL_NETWORKS to test utilities (Jon Atack)
519e76bb64 test: speed up and simplify peer_eviction_test (Jon Atack)
1cde800523 p2p, refactor: rm redundant erase_size calculation in SelectNodeToEvict() (Jon Atack)

Pull request description:

  Continuing the work in #20197 and #20685, this pull updates and abstracts our inbound eviction protection to make it fully ratio-based and easily extensible to peers connected via high-latency privacy networks that we newly support, like I2P and perhaps others soon, as these peers are disadvantaged by the latency criteria of our eviction logic.

  It then adds eviction protection for peers connected over I2P.  As described in https://github.com/bitcoin/bitcoin/pull/20685#issuecomment-767486499, we've observed over the past few months that I2P peers have a min ping latency similar to or greater than that of onion peers.

  The algorithm is a basically a multi-pass knapsack:

  - Count the number of eviction candidates in each of the disadvantaged
    privacy networks.

  - Sort the networks from lower to higher candidate counts, so that
    a network with fewer candidates will have the first opportunity
    for any unused slots remaining from the previous iteration.  In
    the case of a tie in candidate counts, priority is given by array
    member order from first to last, guesstimated to favor more unusual
    networks.

  - Iterate through the networks in this order.  On each iteration,
    allocate each network an equal number of protected slots targeting
    a total number of candidates to protect, provided any slots remain
    in the knapsack.

  - Protect the candidates in that network having the longest uptime,
    if any in that network are present.

  - Continue iterating as long as we have non-allocated slots
    remaining and candidates available to protect.

  The goal of this logic is to favorise the diversity of our peer connections.

  The individual commit messages describe each change in more detail.

  Special thank you to Vasil Dimov for the excellent review feedback and the algorithm improvement that made this change much better than it would have been otherwise. Thanks also to Antoine Riard, whose review feedback nudged this change to protect disadvantaged networks having fewer, rather than more, eviction candidates.

ACKs for top commit:
  laanwj:
    Code review re-ACK 1b1088d52f
  vasild:
    ACK 1b1088d52f

Tree-SHA512: 722f790ff11f2969c79e45a5e0e938d94df78df8687e77002f32e3ef5c72a9ac10ebf8c7a9eb7f71882c97ab0e67b2778191effdb747d9ca54d7c23c2ed19a90
2021-06-14 15:04:32 +02:00
Jon Atack
1b1088d52f
test: add combined I2P/onion/localhost eviction protection tests 2021-06-14 14:02:15 +02:00
Jon Atack
7c2284eda2
test: add tests for inbound eviction protection of I2P peers 2021-06-14 14:01:44 +02:00
Jon Atack
ce02dd1ef1
p2p: extend inbound eviction protection by network to I2P peers
This commit extends our inbound eviction protection to I2P peers to
favorise the diversity of peer connections, as peers connected
through the I2P network are otherwise disadvantaged by our eviction
criteria for their higher latency (higher min ping times) relative
to IPv4 and IPv6 peers, as well as relative to Tor onion peers.

The `networks` array is order-dependent in the case of a tie in
candidate counts between networks (earlier array members receive
priority in the case of a tie).

Therefore, we place I2P candidates before localhost and onion ones
in terms of opportunity to recover unused remaining protected slots
from the previous iteration, guesstimating that most nodes allowing
both onion and I2P inbounds will have more onion peers, followed by
localhost, then I2P, as I2P support is only being added in the
upcoming v22.0 release.
2021-06-14 14:01:35 +02:00
Jon Atack
70bbc62711
test: add combined onion/localhost eviction protection coverage 2021-06-14 14:00:12 +02:00
Jon Atack
045cb40192
p2p: remove unused m_is_onion member from NodeEvictionCandidate struct 2021-06-14 13:58:05 +02:00
Jon Atack
310fab4928
p2p: remove unused CompareLocalHostTimeConnected() 2021-06-14 13:58:03 +02:00
Jon Atack
9e889e8a5c
p2p: remove unused CompareOnionTimeConnected() 2021-06-14 13:58:01 +02:00
Jon Atack
787d46bb2a
p2p: update ProtectEvictionCandidatesByRatio() doxygen docs 2021-06-14 13:57:59 +02:00
Jon Atack
1e15acf478
p2p: make ProtectEvictionCandidatesByRatio() fully ratio-based
with a more abstract framework to allow easily extending inbound
eviction protection to peers connected through new higher-latency
networks that are disadvantaged by our inbound eviction criteria,
such as I2P and perhaps other BIP155 networks in the future like
CJDNS.  This is a change in behavior.

The algorithm is a basically a multi-pass knapsack:

- Count the number of eviction candidates in each of the disadvantaged
  privacy networks.

- Sort the networks from lower to higher candidate counts, so that
  a network with fewer candidates will have the first opportunity
  for any unused slots remaining from the previous iteration.  In
  the case of a tie in candidate counts, priority is given by array
  member order from first to last, guesstimated to favor more unusual
  networks.

- Iterate through the networks in this order.  On each iteration,
  allocate each network an equal number of protected slots targeting
  a total number of candidates to protect, provided any slots remain
  in the knapsack.

- Protect the candidates in that network having the longest uptime,
  if any in that network are present.

- Continue iterating as long as we have non-allocated slots
  remaining and candidates available to protect.

Localhost peers are treated as a network like Tor or I2P by aliasing
them to an unused Network enumerator: Network::NET_MAX.

The goal is to favorise diversity of our inbound connections.

Credit to Vasil Dimov for improving the algorithm from single-pass
to multi-pass to better allocate unused protection slots.

Co-authored-by: Vasil Dimov <vd@FreeBSD.org>
2021-06-14 13:57:49 +02:00