Changeset View
Changeset View
Standalone View
Standalone View
src/net.cpp
Show First 20 Lines • Show All 922 Lines • ▼ Show 20 Lines | static bool CompareNodeBlockRelayOnlyTime(const NodeEvictionCandidate &a, | ||||
if (a.fRelevantServices != b.fRelevantServices) { | if (a.fRelevantServices != b.fRelevantServices) { | ||||
return b.fRelevantServices; | return b.fRelevantServices; | ||||
} | } | ||||
return a.nTimeConnected > b.nTimeConnected; | return a.nTimeConnected > b.nTimeConnected; | ||||
} | } | ||||
static bool CompareNodeAvailabilityScore(const NodeEvictionCandidate &a, | |||||
const NodeEvictionCandidate &b) { | |||||
if (a.fAvalanche != b.fAvalanche) { | |||||
return b.fAvalanche; | |||||
} | |||||
// Equality can happen if the score has not been computed yet. | |||||
if (a.availabilityScore != b.availabilityScore) { | |||||
return a.availabilityScore < b.availabilityScore; | |||||
} | |||||
return a.nTimeConnected > b.nTimeConnected; | |||||
} | |||||
//! Sort an array by the specified comparator, then erase the last K elements. | //! Sort an array by the specified comparator, then erase the last K elements. | ||||
template <typename T, typename Comparator> | template <typename T, typename Comparator> | ||||
static void EraseLastKElements(std::vector<T> &elements, Comparator comparator, | static void EraseLastKElements(std::vector<T> &elements, Comparator comparator, | ||||
size_t k) { | size_t k) { | ||||
std::sort(elements.begin(), elements.end(), comparator); | std::sort(elements.begin(), elements.end(), comparator); | ||||
size_t eraseSize = std::min(k, elements.size()); | size_t eraseSize = std::min(k, elements.size()); | ||||
elements.erase(elements.end() - eraseSize, elements.end()); | elements.erase(elements.end() - eraseSize, elements.end()); | ||||
} | } | ||||
//! Sort an array by the specified comparator, then erase up to K last elements | |||||
//! which verify the condition. | |||||
template <typename T, typename Comparator> | |||||
static void | |||||
EraseLastKElementsIf(std::vector<T> &elements, Comparator comparator, size_t k, | |||||
std::function<bool(const NodeEvictionCandidate &)> cond) { | |||||
std::sort(elements.begin(), elements.end(), comparator); | |||||
size_t eraseSize = std::min(k, elements.size()); | |||||
elements.erase( | |||||
std::remove_if(elements.end() - eraseSize, elements.end(), cond), | |||||
elements.end()); | |||||
} | |||||
[[nodiscard]] std::optional<NodeId> | [[nodiscard]] std::optional<NodeId> | ||||
SelectNodeToEvict(std::vector<NodeEvictionCandidate> &&vEvictionCandidates) { | SelectNodeToEvict(std::vector<NodeEvictionCandidate> &&vEvictionCandidates) { | ||||
// Protect connections with certain characteristics | // Protect connections with certain characteristics | ||||
// Deterministically select 4 peers to protect by netgroup. | // Deterministically select 4 peers to protect by netgroup. | ||||
// An attacker cannot predict which netgroups will be protected | // An attacker cannot predict which netgroups will be protected | ||||
EraseLastKElements(vEvictionCandidates, CompareNetGroupKeyed, 4); | EraseLastKElements(vEvictionCandidates, CompareNetGroupKeyed, 4); | ||||
// Protect the 8 nodes with the lowest minimum ping time. | // Protect the 8 nodes with the lowest minimum ping time. | ||||
// An attacker cannot manipulate this metric without physically moving nodes | // An attacker cannot manipulate this metric without physically moving nodes | ||||
// closer to the target. | // closer to the target. | ||||
EraseLastKElements(vEvictionCandidates, ReverseCompareNodeMinPingTime, 8); | EraseLastKElements(vEvictionCandidates, ReverseCompareNodeMinPingTime, 8); | ||||
// Protect 4 nodes that most recently sent us novel transactions accepted | // Protect 4 nodes that most recently sent us novel transactions accepted | ||||
// into our mempool. An attacker cannot manipulate this metric without | // into our mempool. An attacker cannot manipulate this metric without | ||||
// performing useful work. | // performing useful work. | ||||
EraseLastKElements(vEvictionCandidates, CompareNodeTXTime, 4); | EraseLastKElements(vEvictionCandidates, CompareNodeTXTime, 4); | ||||
// Protect 4 nodes that most recently sent us novel proofs accepted | // Protect 4 nodes that most recently sent us novel proofs accepted | ||||
// into our proof pool. An attacker cannot manipulate this metric without | // into our proof pool. An attacker cannot manipulate this metric without | ||||
// performing useful work. | // performing useful work. | ||||
// TODO this filter must happen before the last tx time once avalanche is | // TODO this filter must happen before the last tx time once avalanche is | ||||
// enabled for pre-consensus. | // enabled for pre-consensus. | ||||
EraseLastKElements(vEvictionCandidates, CompareNodeProofTime, 4); | EraseLastKElements(vEvictionCandidates, CompareNodeProofTime, 4); | ||||
// Protect up to 8 non-tx-relay peers that have sent us novel blocks. | // Protect up to 8 non-tx-relay peers that have sent us novel blocks. | ||||
std::sort(vEvictionCandidates.begin(), vEvictionCandidates.end(), | EraseLastKElementsIf(vEvictionCandidates, CompareNodeBlockRelayOnlyTime, 8, | ||||
CompareNodeBlockRelayOnlyTime); | |||||
size_t erase_size = std::min(size_t(8), vEvictionCandidates.size()); | |||||
vEvictionCandidates.erase( | |||||
std::remove_if(vEvictionCandidates.end() - erase_size, | |||||
vEvictionCandidates.end(), | |||||
[](NodeEvictionCandidate const &n) { | [](NodeEvictionCandidate const &n) { | ||||
return !n.fRelayTxes && n.fRelevantServices; | return !n.fRelayTxes && n.fRelevantServices; | ||||
}), | }); | ||||
vEvictionCandidates.end()); | |||||
// Protect 4 nodes that most recently sent us novel blocks. | // Protect 4 nodes that most recently sent us novel blocks. | ||||
// An attacker cannot manipulate this metric without performing useful work. | // An attacker cannot manipulate this metric without performing useful work. | ||||
EraseLastKElements(vEvictionCandidates, CompareNodeBlockTime, 4); | EraseLastKElements(vEvictionCandidates, CompareNodeBlockTime, 4); | ||||
// Protect up to 16 nodes that have the highest avalanche availability | |||||
// score. | |||||
EraseLastKElementsIf( | |||||
vEvictionCandidates, CompareNodeAvailabilityScore, 16, | |||||
[](NodeEvictionCandidate const &n) { return n.fAvalanche; }); | |||||
// Protect the half of the remaining nodes which have been connected the | // Protect the half of the remaining nodes which have been connected the | ||||
// longest. This replicates the non-eviction implicit behavior, and | // longest. This replicates the non-eviction implicit behavior, and | ||||
// precludes attacks that start later. | // precludes attacks that start later. | ||||
// Reserve half of these protected spots for localhost peers, even if | // Reserve half of these protected spots for localhost peers, even if | ||||
// they're not longest-uptime overall. This helps protect tor peers, which | // they're not longest-uptime overall. This helps protect tor peers, which | ||||
// tend to be otherwise disadvantaged under our eviction criteria. | // tend to be otherwise disadvantaged under our eviction criteria. | ||||
size_t initial_size = vEvictionCandidates.size(); | size_t initial_size = vEvictionCandidates.size(); | ||||
size_t total_protect_size = initial_size / 2; | size_t total_protect_size = initial_size / 2; | ||||
// Pick out up to 1/4 peers that are localhost, sorted by longest uptime. | // Pick out up to 1/4 peers that are localhost, sorted by longest uptime. | ||||
std::sort(vEvictionCandidates.begin(), vEvictionCandidates.end(), | EraseLastKElementsIf( | ||||
CompareLocalHostTimeConnected); | vEvictionCandidates, CompareLocalHostTimeConnected, | ||||
size_t local_erase_size = total_protect_size / 2; | total_protect_size / 2, | ||||
vEvictionCandidates.erase( | [](NodeEvictionCandidate const &n) { return n.m_is_local; }); | ||||
std::remove_if( | |||||
vEvictionCandidates.end() - local_erase_size, | |||||
vEvictionCandidates.end(), | |||||
[](NodeEvictionCandidate const &n) { return n.m_is_local; }), | |||||
vEvictionCandidates.end()); | |||||
// Calculate how many we removed, and update our total number of peers that | // Calculate how many we removed, and update our total number of peers that | ||||
// we want to protect based on uptime accordingly. | // we want to protect based on uptime accordingly. | ||||
total_protect_size -= initial_size - vEvictionCandidates.size(); | total_protect_size -= initial_size - vEvictionCandidates.size(); | ||||
EraseLastKElements(vEvictionCandidates, ReverseCompareNodeTimeConnected, | EraseLastKElements(vEvictionCandidates, ReverseCompareNodeTimeConnected, | ||||
total_protect_size); | total_protect_size); | ||||
if (vEvictionCandidates.empty()) { | if (vEvictionCandidates.empty()) { | ||||
return std::nullopt; | return std::nullopt; | ||||
▲ Show 20 Lines • Show All 65 Lines • ▼ Show 20 Lines | std::vector<NodeEvictionCandidate> vEvictionCandidates; | ||||
} | } | ||||
bool peer_relay_txes = false; | bool peer_relay_txes = false; | ||||
bool peer_filter_not_null = false; | bool peer_filter_not_null = false; | ||||
if (node->m_tx_relay != nullptr) { | if (node->m_tx_relay != nullptr) { | ||||
LOCK(node->m_tx_relay->cs_filter); | LOCK(node->m_tx_relay->cs_filter); | ||||
peer_relay_txes = node->m_tx_relay->fRelayTxes; | peer_relay_txes = node->m_tx_relay->fRelayTxes; | ||||
peer_filter_not_null = node->m_tx_relay->pfilter != nullptr; | peer_filter_not_null = node->m_tx_relay->pfilter != nullptr; | ||||
} | } | ||||
double availabilityScore = std::numeric_limits<double>::lowest(); | |||||
bool fAvalanche = node->m_avalanche_state != nullptr; | |||||
if (fAvalanche) { | |||||
availabilityScore = | |||||
node->m_avalanche_state->getAvailabilityScore(); | |||||
} | |||||
NodeEvictionCandidate candidate = { | NodeEvictionCandidate candidate = { | ||||
node->GetId(), | node->GetId(), | ||||
node->nTimeConnected, | node->nTimeConnected, | ||||
node->nMinPingUsecTime, | node->nMinPingUsecTime, | ||||
node->nLastBlockTime, | node->nLastBlockTime, | ||||
node->nLastProofTime, | node->nLastProofTime, | ||||
node->nLastTXTime, | node->nLastTXTime, | ||||
HasAllDesirableServiceFlags(node->nServices), | HasAllDesirableServiceFlags(node->nServices), | ||||
peer_relay_txes, | peer_relay_txes, | ||||
peer_filter_not_null, | peer_filter_not_null, | ||||
node->nKeyedNetGroup, | node->nKeyedNetGroup, | ||||
node->m_prefer_evict, | node->m_prefer_evict, | ||||
node->addr.IsLocal()}; | node->addr.IsLocal(), | ||||
fAvalanche, | |||||
availabilityScore}; | |||||
vEvictionCandidates.push_back(candidate); | vEvictionCandidates.push_back(candidate); | ||||
} | } | ||||
} | } | ||||
const std::optional<NodeId> node_id_to_evict = | const std::optional<NodeId> node_id_to_evict = | ||||
SelectNodeToEvict(std::move(vEvictionCandidates)); | SelectNodeToEvict(std::move(vEvictionCandidates)); | ||||
if (!node_id_to_evict) { | if (!node_id_to_evict) { | ||||
return false; | return false; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 2,164 Lines • Show Last 20 Lines |