Skip to content

p2p: Ensure transaction announcements are only queued for fully connected peers #26569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fanquake merged 3 commits into from
Dec 2, 2022
Merged

p2p: Ensure transaction announcements are only queued for fully connected peers #26569

fanquake merged 3 commits into from
Dec 2, 2022

Conversation

@dergoegge
Copy link
Member

@dergoegge dergoegge commented Nov 24, 2022
edited
Loading

TxRelay::m_next_inv_send_time is initialized to 0, which means that any txids in TxRelay::m_tx_inventory_to_send will be announced on the first call to PeerManagerImpl::SendMessages for a fully connected peer (i.e. it completed the version handshake).

Prior to #21160, TxRelay::m_tx_inventory_to_send was guaranteed to be empty on the first SendMessages call, as transaction announcements were only queued for fully connected peers. #21160 replaced a CConnman::ForEachNode call with a loop over PeerManagerImpl::m_peer_map, in which the txid for a transaction to be relayed is added to TxRelay::m_tx_inventory_to_send for all peers. Even for those peers that have not completed the version handshake. Prior to the PR this was not the case as ForEachNode has a "fully connected check" before calling a function for each node.

@DrahtBot
Copy link
Contributor

DrahtBot commented Nov 24, 2022
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Reviews

See the guideline for information on the review process.

Type Reviewers
ACK MarcoFalke, jnewbery
Concept ACK naumenkogs, 1440000bytes
Stale ACK mzumsande, luke-jr, glozow

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #24125 (p2p: Replace RecursiveMutex m_tx_inventory_mutex with Mutex and rename it by w0xlt)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@DrahtBot DrahtBot added the P2P label Nov 24, 2022
@dergoegge dergoegge force-pushed the 2022-11-foreachnode-txrelay- branch 4 times, most recently from 8ea1f7d to c51d8b9 Compare November 24, 2022 20:34
maflcko
maflcko reviewed Nov 24, 2022
View reviewed changes
Copy link
Member

@maflcko maflcko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch

@dergoegge dergoegge force-pushed the 2022-11-foreachnode-txrelay- branch from c51d8b9 to 4dc67b2 Compare November 24, 2022 20:52
@jnewbery
Copy link
Contributor

jnewbery commented Nov 24, 2022

Concept ACK.

Did you consider setting m_next_inv_send_time to a time point in the future inside SetTxRelay()? That seems like a simpler change, and avoids adding a new instance of ForEachNode() which we'd like to get rid off eventually.

@DrahtBot DrahtBot mentioned this pull request Nov 25, 2022
Closed
@dergoegge
Copy link
Member Author

dergoegge commented Nov 25, 2022

@jnewbery Really good question! I should have put my reasoning for this in the PR description.

Did you consider setting m_next_inv_send_time to a time point in the future inside SetTxRelay()? That seems like a simpler change, and avoids adding a new instance of ForEachNode() which we'd like to get rid off eventually.

This actually was my initial approach, however I ended up going with ForEachNode for a couple reasons:

  • If we initialize m_next_inv_send_time to a time point in the future then we will still announce transactions that were received during the handshake which seems fine from a privacy perspective given the random delay. However,
    • I could see how that leads to a followup bug in which the spy is able to tell which of the announced transactions were received during the handshake (e.g. see point below). We can eliminate the possibility entirely by going with the ForEachNode approach.
    • A node can't know if a peer enables wtxid relay until the handshake completes and it might add txids to m_tx_inventory_to_send but announce them as MSG_WTX after the handshake. (Didn't test but i think) This again leaks which transactions were received between the spy sending version and wtxidrelay.
  • Storing the txids pre-handshake completion feels a bit weird from a resource consumption perspective. We rely on the 60 second p2p timeout (-peertimeout) to clear m_tx_inventory_to_send for peers that do not complete the handshake. Again not really an issue now but this doesn't feel robust w.r.t. to future changes to me.

glozow
glozow reviewed Nov 28, 2022
View reviewed changes
Copy link
Member

@glozow glozow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 4dc67b2a82cc71fc8b11247bd0f3028a6cae5494

Agree with the approach to not add to m_tx_inventory_to_send until the handshake completes, and that not knowing wtxidrelay yet is also a good reason. Likewise not a fan of ForEachNode here but don't see a way around it given only CNode knows whether it's fully connected.

maflcko
maflcko reviewed Nov 28, 2022
View reviewed changes
@dergoegge dergoegge force-pushed the 2022-11-foreachnode-txrelay- branch from 4dc67b2 to 959cc24 Compare November 28, 2022 16:43
luke-jr
luke-jr approved these changes Nov 29, 2022
View reviewed changes
Copy link
Member

@luke-jr luke-jr left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 959cc24fcd19270d7d851dfde572c4d5848f2579

mzumsande
mzumsande reviewed Nov 29, 2022
View reviewed changes
Copy link
Contributor

@mzumsande mzumsande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concept ACK

maflcko
maflcko approved these changes Nov 29, 2022
View reviewed changes
Copy link
Member

@maflcko maflcko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

naumenkogs
naumenkogs reviewed Nov 29, 2022
View reviewed changes
@naumenkogs
Copy link
Contributor

naumenkogs commented Nov 29, 2022

Concept ACK.

Looking forward to resolving the comments :)

@dergoegge dergoegge force-pushed the 2022-11-foreachnode-txrelay- branch 2 times, most recently from 8c7d192 to 1220dfa Compare November 29, 2022 14:06
@fanquake fanquake added this to the 24.0.1 milestone Nov 29, 2022
mzumsande
mzumsande reviewed Nov 29, 2022
View reviewed changes
Copy link
Contributor

@mzumsande mzumsande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review ACK 1220dfaf7c64f2eebe7c8061634d1f3fd2100a61

If you touch again, could run flake8 or similar over the test (it complains about an unused p2p_lock import and some blank lines)

@dergoegge dergoegge force-pushed the 2022-11-foreachnode-txrelay- branch from 1220dfa to 152a42a Compare November 29, 2022 16:22
jnewbery
jnewbery reviewed Nov 29, 2022
View reviewed changes
Copy link
Contributor

@jnewbery jnewbery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. A couple of minor suggestions inline in the functional test.

luke-jr
luke-jr approved these changes Nov 29, 2022
View reviewed changes
Copy link
Member

@luke-jr luke-jr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

re-ACK 152a42a3344b473c838b94f2ec07b25d6739bd2d

@dergoegge
[net processing] Assume that TxRelay::m_tx_inventory_to_send is empty…
ce63fca 
… pre-verack

This commit documents our assumption about
TxRelay::m_tx_inventory_to_send being empty prior to version handshake
completion.

The added Assume acts as testing oracle for our fuzzing tests to
potentially detect if the assumption is violated.
@dergoegge dergoegge force-pushed the 2022-11-foreachnode-txrelay- branch from 152a42a to fbcd991 Compare November 30, 2022 12:27
glozow
glozow reviewed Nov 30, 2022
View reviewed changes
Copy link
Member

@glozow glozow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK fbcd991f8c9fe6ecdac181b09f04756cab99f47d

maflcko
maflcko reviewed Nov 30, 2022
View reviewed changes
@dergoegge dergoegge force-pushed the 2022-11-foreachnode-txrelay- branch from fbcd991 to 8f2dac5 Compare November 30, 2022 16:42
@ghost
Copy link

ghost commented Nov 30, 2022

Concept ACK

maflcko
maflcko approved these changes Dec 1, 2022
View reviewed changes
Copy link
Member

@maflcko maflcko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 8f2dac5 🔝

Show signature

Signature:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

ACK 8f2dac54096c20afd8fd12c21a2ee5465fea085e 🔝
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEE+rVPoUahrI9sLGYTzit1aX5ppUgFAlwqrYAACgkQzit1aX5p
pUghBAwAyGNtXO8fvuygZ5qpYaJJCN8updyEfpF8Q//EHzHYtA7gyW1HhZKTXASV
7/R41rYKVtSE6XqJ8piivfuYNNTDZmpa1/LX030yZnSJsUGfr28bWPkXxrcUmdNE
CsiwIUbrPAzwfiPciowfipA/7d894Ado8X54ESkADJFZvYMuZ63aUuby/aPa/lCC
4GotuNiYjXJpC8FfeR6VL7yJORVdgMav8jNPzvUYM5DNfGex39Uzh1kACtXrtXTn
zeT3zqrVf/rhr9izKqQKN5utGt3vcK9+8F8zh82NOr4heNG8ZufPWHP8F+D/uQPY
h/qNQhvT47NOODa4KKurLYWSEQXYaYRdOVLXq40lZOPMbU5ByAGwMjNWusemAb4/
Af+Xt7UlK4irsQQOj+D9EClqzllVL0gfqPvDmYYutgr/6co2rgg+MJSg8LHN9t+X
rTe2pwtee+wvLTYZGgKg7uJrcanmrUL87sSFvXutOy0TXbnJ67FR3B5fGCFkXnbJ
wYTAXZpf
=/QGZ
-----END PGP SIGNATURE-----

@maflcko maflcko requested review from luke-jr and mzumsande December 1, 2022 18:33
jnewbery
jnewbery reviewed Dec 2, 2022
View reviewed changes
Copy link
Contributor

@jnewbery jnewbery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK 8f2dac5

src/net_processing.cpp
Assume(WITH_LOCK(
tx_relay->m_tx_inventory_mutex,
return tx_relay->m_tx_inventory_to_send.empty() &&
tx_relay->m_next_inv_send_time == 0s));
Copy link
Contributor

@jnewbery jnewbery Dec 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(not in this PR) it might be nice to set explicitly set m_next_inv_send_time to a future time here. It's slightly odd that we go through the transaction sending logic on the first pass through SendMessages() even though m_tx_inventory_to_send will be empty.

@fanquake fanquake merged commit 78aee0f into bitcoin:master Dec 2, 2022
fanquake pushed a commit to fanquake/bitcoin that referenced this pull request Dec 2, 2022
@dergoegge @fanquake
[net processing] Ensure transaction announcements are only queued for…
e15b306 
… fully connected peers

Github-Pull: bitcoin#26569
Rebased-From: 845e3a3
fanquake pushed a commit to fanquake/bitcoin that referenced this pull request Dec 2, 2022
@dergoegge @fanquake
[net processing] Assume that TxRelay::m_tx_inventory_to_send is empty…
c842670 
… pre-verack

This commit documents our assumption about
TxRelay::m_tx_inventory_to_send being empty prior to version handshake
completion.

The added Assume acts as testing oracle for our fuzzing tests to
potentially detect if the assumption is violated.

Github-Pull: bitcoin#26569
Rebased-From: ce63fca
fanquake pushed a commit to fanquake/bitcoin that referenced this pull request Dec 2, 2022
@dergoegge @fanquake
[test] Add p2p_tx_privacy.py
e5d097b 
Github-Pull: bitcoin#26569
Rebased-From: 8f2dac5
@fanquake fanquake mentioned this pull request Dec 2, 2022
Merged
@fanquake
Copy link
Member

fanquake commented Dec 2, 2022

Added this for backport in #26616.

sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Dec 2, 2022
@fanquake
Merge bitcoin#26569: p2p: Ensure transaction announcements are only q…
ac5bdf6 
…ueued for fully connected peers
@ghost
Copy link

ghost commented Dec 3, 2022

Love that it was merged in less than 10 days, improves bitcoin and reviewed by more than 6 devs :)

maflcko pushed a commit that referenced this pull request Dec 6, 2022
Merge #26616: [24.x] Backports for 24.0.1
3afbc7d 
8b726bf test: Coin Selection, duplicated preset inputs selection (furszy)
9d73176 test: wallet, coverage for CoinsResult::Erase function (furszy)
195f0df wallet: bugfix, 'CoinsResult::Erase' is erasing only one output of the set (furszy)
e5d097b [test] Add p2p_tx_privacy.py (dergoegge)
c842670 [net processing] Assume that TxRelay::m_tx_inventory_to_send is empty pre-verack (dergoegge)
e15b306 [net processing] Ensure transaction announcements are only queued for fully connected peers (dergoegge)
95fded1 wallet: Explicitly say migratewallet on encrypted wallets is unsupported (Andrew Chow)
d464b2a tests: Test for migrating encrypted wallets (Andrew Chow)
7a97a56 wallet: Avoid null pointer deref when cleaning up migratewallet (Andrew Chow)

Pull request description:

  Backports remaining changes on the 24.0.1 milestone.

  Currently backports:
  * #26594
  * #26569
  * #26560

ACKs for top commit:
  josibake:
    ACK 8b726bf

Tree-SHA512: db77ec1a63a7b6a4412750a0f4c0645681fc346a5df0a7cd38d5d27384e1d0fa95f3953af90042afe131ddbd4b6a6e009527095f13e9f58c0190cd378738a9e5
@ajtowns ajtowns mentioned this pull request Jan 23, 2023
Closed
@bitcoin bitcoin locked and limited conversation to collaborators Dec 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@glozow glozow glozow left review comments

@luke-jr luke-jr Awaiting requested review from luke-jr

@mzumsande mzumsande Awaiting requested review from mzumsande

+3 more reviewers

@jnewbery jnewbery jnewbery left review comments

@naumenkogs naumenkogs naumenkogs left review comments

@maflcko maflcko maflcko approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

P2P

Projects

None yet

Milestone

24.0.1

Development

Successfully merging this pull request may close these issues.

9 participants

@dergoegge @DrahtBot @jnewbery @naumenkogs @fanquake @luke-jr @maflcko @glozow @mzumsande