diff options
| author | Jon Atack <jon@atack.com> | 2021-02-20 17:17:26 +0100 |
|---|---|---|
| committer | Jon Atack <jon@atack.com> | 2021-03-19 20:13:04 +0100 |
| commit | caa21f586f951d626a67f391050c3644f1057f57 (patch) | |
| tree | 22f586682a41742f4d39b6194981b5ae6bec4257 /src/net.h | |
| parent | 8f1a53eb027727a4c0eaac6d82f0a8279549f638 (diff) | |
| download | bitcoin-caa21f586f951d626a67f391050c3644f1057f57.tar.xz | |
Protect onion+localhost peers in ProtectEvictionCandidatesByRatio()
Now that we have a reliable way to detect inbound onion peers, this commit
updates our existing eviction protection of 1/4 localhost peers to instead
protect up to 1/4 onion peers (connected via our tor control service), sorted by
longest uptime. Any remaining slots of the 1/4 are then allocated to protect
localhost peers, or 2 localhost peers if no slots remain and 2 or more onion
peers are protected, sorted by longest uptime.
The goal is to avoid penalizing onion peers, due to their higher min ping times
relative to IPv4 and IPv6 peers, and improve our diversity of peer connections.
Thank you to Gregory Maxwell, Suhas Daftuar, Vasil Dimov and Pieter Wuille
for valuable review feedback that shaped the direction.
Diffstat (limited to 'src/net.h')
| -rw-r--r-- | src/net.h | 16 |
1 files changed, 10 insertions, 6 deletions
@@ -1288,9 +1288,9 @@ struct NodeEvictionCandidate /** * Select an inbound peer to evict after filtering out (protecting) peers having * distinct, difficult-to-forge characteristics. The protection logic picks out - * fixed numbers of desirable peers per various criteria, followed by ratios of - * desirable or disadvantaged peers. If any eviction candidates remain, the - * selection logic chooses a peer to evict. + * fixed numbers of desirable peers per various criteria, followed by (mostly) + * ratios of desirable or disadvantaged peers. If any eviction candidates + * remain, the selection logic chooses a peer to evict. */ [[nodiscard]] std::optional<NodeId> SelectNodeToEvict(std::vector<NodeEvictionCandidate>&& vEvictionCandidates); @@ -1300,9 +1300,13 @@ struct NodeEvictionCandidate * longest, to replicate the non-eviction implicit behavior and preclude attacks * that start later. * - * Half of these protected spots (1/4 of the total) are reserved for localhost - * peers, if any, sorted by longest uptime, even if they're not longest uptime - * overall. + * Half of these protected spots (1/4 of the total) are reserved for onion peers + * connected via our tor control service, if any, sorted by longest uptime, even + * if they're not longest uptime overall. Any remaining slots of the 1/4 are + * then allocated to protect localhost peers, if any (or up to 2 localhost peers + * if no slots remain and 2 or more onion peers were protected), sorted by + * longest uptime, as manually configured hidden services not using + * `-bind=addr[:port]=onion` will not be detected as inbound onion connections. * * This helps protect onion peers, which tend to be otherwise disadvantaged * under our eviction criteria for their higher min ping times relative to IPv4 |