Make whitebind/whitelist permissions more flexible#16248
Make whitebind/whitelist permissions more flexible#16248laanwj merged 4 commits intobitcoin:masterfrom
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
NicolasDorier
force-pushed
the
feature/permissions
branch
26 times, most recently
from
c3fa8ca to
5306e3f
Compare
NicolasDorier
changed the title
|
IMO improving the tests can be done in a follow-up PR |
|
Agree with @laanwj. Lets switch to the new logic in tests in a follow up. I am happy to do that, but I'd rather not have this pull grow even more. |
|
@Sjors if you look the C++ tests I am testing it very strongly with all kind of edge cases. It does not make sense to test the parse flag in isolation as it is not used in the code that way. I should have fixed the warnings now. I am unsure though because I am developing on windows and msvc says it is good. |
NicolasDorier
force-pushed
the
feature/permissions
branch
from
2ca0190 to
c5b404e
Compare
|
re-ACK c5b404e |
c5b404e Add functional tests for flexible whitebind/list (nicolas.dorier) d541fa3 Replace the use of fWhitelisted by permission checks (nicolas.dorier) ecd5cf7 Do not disconnect peer for asking mempool if it has NO_BAN permission (nicolas.dorier) e5b26de Make whitebind/whitelist permissions more flexible (nicolas.dorier) Pull request description: # Motivation In 0.19, bloom filter will be disabled by default. I tried to make [a PR](#16176) to enable bloom filter for whitelisted peers regardless of `-peerbloomfilters`. Bloom filter have non existent privacy and server can omit filter's matches. However, both problems are completely irrelevant when you connect to your own node. If you connect to your own node, bloom filters are the most bandwidth efficient way to synchronize your light client without the need of some middleware like Electrum. It is also a superior alternative to BIP157 as it does not require to maintain an additional index and it would work well on pruned nodes. When I attempted to allow bloom filters for whitelisted peer, my proposal has been NACKed in favor of [a more flexible approach](#16176 (comment)) which should allow node operator to set fine grained permissions instead of a global `whitelisted` attribute. Doing so will also make follow up idea very easy to implement in a backward compatible way. # Implementation details The PR propose a new format for `--white{list,bind}`. I added a way to specify permissions granted to inbound connection matching `white{list,bind}`. The following permissions exists: * ForceRelay * Relay * NoBan * BloomFilter * Mempool Example: * `[email protected]/32`. * `-whitebind=bloomfilter,relay,[email protected]:10020`. If no permissions are specified, `NoBan | Mempool` is assumed. (making this PR backward compatible) When we receive an inbound connection, we calculate the effective permissions for this peer by fetching the permissions granted from `whitelist` and add to it the permissions granted from `whitebind`. To keep backward compatibility, if no permissions are specified in `white{list,bind}` (e.g. `--whitelist=127.0.0.1`) then parameters `-whitelistforcerelay` and `-whiterelay` will add the permissions `ForceRelay` and `Relay` to the inbound node. `-whitelistforcerelay` and `-whiterelay` are ignored if the permissions flags are explicitly set in `white{bind,list}`. # Follow up idea Based on this PR, other changes become quite easy to code in a trivially review-able, backward compatible way: * Changing `connect` at rpc and config file level to understand the permissions flags. * Changing the permissions of a peer at RPC level. ACKs for top commit: laanwj: re-ACK c5b404e Tree-SHA512: adfefb373d09e68cae401247c8fc64034e305694cdef104bdcdacb9f1704277bd53b18f52a2427a5cffdbc77bda410d221aed252bc2ece698ffbb9cf1b830577
maflcko
left a comment
maflcko
left a comment
There was a problem hiding this comment.
Concept ACK.
Some dumb questions, since I have difficulties understanding the code.
|
|
||
| // Check whether periodic sends should happen | ||
| bool fSendTrickle = pto->fWhitelisted; | ||
| bool fSendTrickle = pto->HasPermission(PF_NOBAN); |
There was a problem hiding this comment.
Why is this noban and not relay?
There was a problem hiding this comment.
To keep backward compatibility.
Before, if the peer was whitelisted, it did not matter whether he was also in whitelistrelay, this would be still be true in all cases.
There was a problem hiding this comment.
But relay is also set to true for backward compatibility, no?
There was a problem hiding this comment.
only if the peer is also in -whitelistrelay , else it is not.
There was a problem hiding this comment.
Which is enabled by default for exactly that reason, no?
There was a problem hiding this comment.
Well, regardless, the old code does not look -whitelistrelay is 1 or 0 to determine fSendTrickle.
This would be a breaking change to make it depends on it.
I am quite neutral to that, I am unsure what fSendTrickle is doing, but I think for this PR it should preserve the old behavior.
Another alternative is to have a specific permission just for that and turn it on if no specific permission are set regardless of -whitelistrelay
There was a problem hiding this comment.
I just encountered this piece of code and found this to be pretty confusing. It seems to me that the behavior of relaying transactions immediately without waiting for our poisson timers to fire should be its own "net permission", and not piggy-backed onto NOBAN.
There was a problem hiding this comment.
According to @NicolasDorier it is needed for backward compatibility. However, it should still be possible to split up into its own permission while retaining backward compatibility.
There was a problem hiding this comment.
If we want to spilt this permission, it's best to do that before 0.19 is final.
There was a problem hiding this comment.
Splitting it would be a new feature, so it might be a bit late for 0.19
|
There should be a followup to document the new syntax in |
|
@Sjors I can do that, though I am unsure where is the best place for me to document properly this. I think the full description might be too long for the command line? |
|
There are other command line arguments with multi-line explanations, so I don't think that's a huge issue: |
fa27c55 util: Move ResolveErrMsg to util/error (MarcoFalke) Pull request description: Pull request #16248 (comment) duplicated the body of this util function. The whole point of the util function is to be shared, so do that here as a fixup to #16248 ACKs for top commit: Sjors: utACK fa27c55 ryanofsky: utACK fa27c55 Tree-SHA512: e2b25ae05082fe9d0ee94bdc7d51f801bd9f78e8fc2b141e9a313e008dbb8a77653fe876e111c802c676859c6b76c37a673d1f8cfbe7ad25607a5ffcffde19fd
d117f45 Add test for setban (nicolas.dorier) dc7529a [Fix] Allow connection of a noban banned peer (nicolas.dorier) Pull request description: Reported by @MarcoFalke on bitcoin#16248 (comment) The bug would mean that if the peer connecting to you is banned, but whitelisted without specific permissions, it would not be able to connect to the node. The solution is just to move the same line below. ACKs for top commit: Sjors: Agree inline is more clear. utACK d117f45 MarcoFalke: ACK d117f45 Tree-SHA512: 0fed39acb1e8db67bb0bf4c4de3ad034ae776f38d55bd661f1ae0e1a4c6becaf1824ab46ed8279f2f31df3f4b29ff56461d8b167d3e9cece62cfe58b5a912811
…missions 66ad754 [Doc] Add documentation for the new whitelist permissions (nicolas.dorier) Pull request description: Documenting the new feature bitcoin#16248 . Ping Sjors . ACKs for top commit: Sjors: Indeed, re-ACK 66ad754 Tree-SHA512: e6860bb6fae921287da7920a8db534e6a1a23871dd78dd6da030f00adf23e204cd23b194d67361bf34d4ef5a7815fc3fd7c81a3f2f35e4cfbe6ee2f2e6daec25
…missions 66ad754 [Doc] Add documentation for the new whitelist permissions (nicolas.dorier) Pull request description: Documenting the new feature bitcoin#16248 . Ping Sjors . ACKs for top commit: Sjors: Indeed, re-ACK 66ad754 Tree-SHA512: e6860bb6fae921287da7920a8db534e6a1a23871dd78dd6da030f00adf23e204cd23b194d67361bf34d4ef5a7815fc3fd7c81a3f2f35e4cfbe6ee2f2e6daec25
Github-Pull: bitcoin#16248 Rebased-From: e5b26de
Github-Pull: bitcoin#16248 Rebased-From: ecd5cf7
Github-Pull: bitcoin#16248 Rebased-From: d541fa3
Github-Pull: bitcoin#16248 Rebased-From: c5b404e
|
This PR introduced the field |
14 participants
Motivation
In 0.19, bloom filter will be disabled by default. I tried to make a PR to enable bloom filter for whitelisted peers regardless of
-peerbloomfilters.Bloom filter have non existent privacy and server can omit filter's matches. However, both problems are completely irrelevant when you connect to your own node. If you connect to your own node, bloom filters are the most bandwidth efficient way to synchronize your light client without the need of some middleware like Electrum.
It is also a superior alternative to BIP157 as it does not require to maintain an additional index and it would work well on pruned nodes.
When I attempted to allow bloom filters for whitelisted peer, my proposal has been NACKed in favor of a more flexible approach which should allow node operator to set fine grained permissions instead of a global
whitelistedattribute.Doing so will also make follow up idea very easy to implement in a backward compatible way.
Implementation details
The PR propose a new format for
--white{list,bind}. I added a way to specify permissions granted to inbound connection matchingwhite{list,bind}.The following permissions exists:
Example:
[email protected]/32.-whitebind=bloomfilter,relay,[email protected]:10020.If no permissions are specified,
NoBan | Mempoolis assumed. (making this PR backward compatible)When we receive an inbound connection, we calculate the effective permissions for this peer by fetching the permissions granted from
whitelistand add to it the permissions granted fromwhitebind.To keep backward compatibility, if no permissions are specified in
white{list,bind}(e.g.--whitelist=127.0.0.1) then parameters-whitelistforcerelayand-whiterelaywill add the permissionsForceRelayandRelayto the inbound node.-whitelistforcerelayand-whiterelayare ignored if the permissions flags are explicitly set inwhite{bind,list}.Follow up idea
Based on this PR, other changes become quite easy to code in a trivially review-able, backward compatible way:
connectat rpc and config file level to understand the permissions flags.