It might be possible for a malicious adversary to consume all your inbound connection slots. So it's important to select a diverse set of IP addresses for your outbound connections in order to be more resilient against eclipse attacks.
#27264 changed the logic of how peers from diverse netgroups were selected for establishing outbound connections.
before, we used to open persistent outbound connections to peers which have different netgroups compared to outbound full relay, block relay, addrfetch and feeler connection peers.
now, we open persistent outbound connections to peers which have different netgroups compared to outbound full relay, block relay and manual connection peers.
However, Tor/I2P/CJDNS networks have only 16 possible distinct network groups. Network groups for Tor/I2P/CJDNS networks don't make sense since they are public key based network and not routing based. Also, they use only 4 variable bits in the GetGroup() logic resulting in 2**4 possibilities for netgroups.
Bitcoin core allows 8 manual connections maximum and 8 outbound full relay connections maximum by default.
So problem happens when you run a bitcoin core node on Tor-only (or I2P, CJDNS). If all these 8 + 8 connections have distinct netgroups, we don't have netgroups remaining for block relay only connections.
Moreover, netgroup diversity when opening persitent outbound connections doesn't conceptually make sense in Tor/I2P/CJDNS since their IP addresses are not route-based.
Conceptual Questions
What are different types of outbound connections? Can you point region in code where these connections are established? hint: look in ThreadOpenConnections()
What's a netgroup? Why is netgroup diversity important when making an outbound connection?
How is netgroup diversity maintained when establishing outbound connections? hint: #27264
PR related Questions
Did you review the PR? Concept ACK, approach ACK, tested ACK, or NACK? What was your review approach?
What problem does this PR solve?
Why skip netgroup diversity checks when establishing outbound connections to Tor/I2P/CJDNS networks?
What does fCountFailure do?
What would happen if outbound_privacy_network_peers was absent in the code?
optional: why increasing 4 bits to 5 bits in GetGroup() logic (to increase total number of possible netgroups for Tor/I2P/CJDNS from 16 possibilities to 2**5 possibilities) isn't desirable.
Learning
Net
In/OutBound connections
Net Grouping
Note: Drop your PR and review related questions below
Session Details
[Net][P2P]
[python][c++]
Notes
GetGroup()
insrc/netgroup.h
.GetGroup()
logic resulting in 2**4 possibilities for netgroups.Conceptual Questions
ThreadOpenConnections()
PR related Questions
fCountFailure
do?outbound_privacy_network_peers
was absent in the code?Learning