p2p, rpc: Manual block-relay-only connections with addnode #24170

[rajarshimaitra]

Session Details

• Date: 19-01-2023
• Time: IST 20:00 (UTC 14:30)
• Jitsi: https://meet.jit.si/BitshalaPRReviewClub
• PR: https://github.com/bitcoin/bitcoin/pull/24170
• Context: p2p, rpc
• Difficulty: medium
• Language: ['c++', 'python']
• Notes and Questions: https://bitcoincore.reviews/24170 [also check out previous chat recordings]

Summary

This PR adds a RPC option to connect to a block-relay-only peer manually.

Learning

• Bitcoin Core's RPC framework.
• How to modify the RPC code to add extra functionality.
• Different types of p2p node relay connections.
• Testing out specific p2p behavior in functional tests.

Note: Drop your PR and review related questions below. Note: Feel free to also put your review comment link below.

[kouloumos]

date should be 19-01-2023?

[rajarshimaitra]

PR: https://github.com/bitcoin/bitcoin/pull/24170

Summary

Manual-block-relay connections are manually added nodes (via -addnode) that behave like BLOCK_RELAY connections in that they don't participate in transaction and address relay, and also share the properties of MANUAL connections. When the node is connected to a privacy network such as Tor, manual block-relay-only connections to IPv4 or IPv6 nodes can be used for hardening against eclipse attacks, while at the same time making fingerprinting attacks more difficult and preserving a higher degree of privacy by not transmitting transactions and addresses over these links.

Why could peers that are only active on privacy networks such as Tor be more susceptible to eclipse attacks compared to clearnet-only peers?

• It's much easy to create fake nodes in privacy network than with real IP addresses.
• Sophisticated attacker can trick a node to ban a Tor exit node all together.

More details of involved attack on Tor only is in this paper Biryukov, Pustogarov: Bitcoin over Tor isn’t a good idea (2015)

What is the difference between the onetry and add modes in the addnode RPC?

• add: Add a node to the list
• remove: Remove a node from the list
• onetry: Attempts to connect once. Doesn't add in the list.

What are the different options of adding a manual-block-relay peer that this PR introduces? Did you try one out?

• addnode RPC
• -addnode bitcoind arg
• <IP>=manual-block-relay in bitcoin.conf

The PR introduces a new connection type MANUAL_BLOCK_RELAY that combines the properties of MANUAL and BLOCK_RELAY peers. What are the advantages and disadvantages of having an extra connection type, as opposed to combining the logic of the existing ones?

While its possible to maintain the behaviour, creating a dedicated structure makes the code more cleaner and reduces complexity.

BIP324, encrypted p2p traffic, is another privacy-enhancing feature currently under development and review. What types of attacks that this PR tries to mitigate are fixed by BIP324? Which ones aren’t?

By the general understanding of the club, it was concluded that BIP324 doesn't solve eclipse attack on a node, and thus doesn't mitigate the problem this PR tries to solve.

Bonus: Possible test extension in functional tests.

Currently, the functional test only asserts RPC calls. It could be useful to extend the functional test to assert network traffic of manual-blocks-relay-only nodes.

[rajarshimaitra]

Review submitted: https://github.com/bitcoin/bitcoin/pull/24170#pullrequestreview-1261754421