net: gracefully handle NodeId wrapping #10176
Conversation
|
I'm a bit ambivalent about going to 64 bit ints for the node id. I think it is a good temporary workaround for the wrap-around problem, but as you do want to handle wrapping, it seems a double measure. At the least please add a regression test for the wrapping code, as with 64 bits is so unlikely to ever trigger that the code will rot. |
|
We could take a tip from the linux kernel counter handling and cause it to immediately wrap shortly after start by starting shortly below the wrap point, but esp with 64-bit IDs, the really long IDs would be kind of obnoxious. (also this wouldn't test the skipping code) |
src/net.cpp
Outdated
There was a problem hiding this comment.
Not -1? (or =0 and having the ++ in an else?) Why should it fail to reconsider reusing 0?
There was a problem hiding this comment.
The theoretical infinite loop is perhaps unfortunate, perhaps there should be an assert if size of the set is => max. (the reason for doing that would be more obvious if you imagine someone deciding to reduce the id to a s16 since its more than enough for current connections. :) )... or an exception.
There was a problem hiding this comment.
Thanks, I'll address both of those.
Edit: No need to address these if we're not going to worry about wrapping.
|
utACK 17c93bf4f6cdf259c735becffd2e319ecc222dd4 , although I'd prefer NodeID to by a uint32_t EDIT: I'd prefer either using a uint32_t with this wrapping logic or a uint64_t without the new logic. Perhaps just add an assert in GetNewNodeId that we haven't reached std::numeric_limits::max(). |
|
I'd kinda prefer we /just/ switch it to a int64_t and drop all the wrap logic. With a 64-bit ID you'd need billions of connections per second for years. |
|
Agree with @TheBlueMatt.
585 years of 1 billion connections per second. I think that's sufficient. |
|
Hmm. This originally switched to int32_t and addressed the wrapping as a non-theoretical problem. @TheBlueMatt pointed out that it may be possible that a user could mistakenly assume that the post-wrap nodeid "0" today is the same nodeid "0" that was connected 3 months ago, and take an action on the wrong node. Bumping to an int64_t solves that, so it seemed like a reasonable change. Thinking about this again after that change, yea, I suppose there's now no need to worry about wrapping at all. |
This should make occurances of NodeId wrapping essentially impossible for real-world usage.
|
Updated after discussion here. |
|
utACK c851be4 |
|
Looks good. ACK c851be4 Did you consider asserting in GetNewNodeID(): |
|
utACK c851be4 |
Yes, restarting your node every century at least is a good precaution in any case. Some JSON implementations will start to lose precision at 52 bits (due to using doubles for numbers). But not worried about that here. utACK c851be4 (also for 0.14) |
c851be4 net: define NodeId as an int64_t (Cory Fields) Tree-SHA512: 2ccc931cfcdc555313b9434d8de2f6cea759b31891212ca62f962208f60157d4fc593010e3ca61265d1a20d6f78c6ca79103600b85df77983d5509d192875b96
c851be4 net: define NodeId as an int64_t (Cory Fields) Tree-SHA512: 2ccc931cfcdc555313b9434d8de2f6cea759b31891212ca62f962208f60157d4fc593010e3ca61265d1a20d6f78c6ca79103600b85df77983d5509d192875b96
c851be4 net: define NodeId as an int64_t (Cory Fields) Tree-SHA512: 2ccc931cfcdc555313b9434d8de2f6cea759b31891212ca62f962208f60157d4fc593010e3ca61265d1a20d6f78c6ca79103600b85df77983d5509d192875b96
c851be4 net: define NodeId as an int64_t (Cory Fields) Tree-SHA512: 2ccc931cfcdc555313b9434d8de2f6cea759b31891212ca62f962208f60157d4fc593010e3ca61265d1a20d6f78c6ca79103600b85df77983d5509d192875b96
8 participants
As discussed in #10143.
Explicitly define NodeId's size as an int64_t. This keeps the range uniform so that it may be exposed to external APIs. Signed ints are allowed in order to represent special values.