p2p: skip netgroup diversity of new connections for tor/i2p/cjdns #27374

[rajarshimaitra]

Session Details

• Date: 13-04-2023
• Time: IST 20:00 (UTC 14:30)
• PR: https://github.com/bitcoin/bitcoin/pull/27374
• Context: [Net][P2P]
• Difficulty: Moderate
• Language: [python][c++]

Notes

• There are 2 main types of P2P connections
  • Inbound connections = if your peer initiates the connection
  • Outbound connection = if you initiate the connection to your peer
• See all P2P connection types here.
• It might be possible for a malicious adversary to consume all your inbound connection slots. So it's important to select a diverse set of IP addresses for your outbound connections in order to be more resilient against eclipse attacks.
• Netgroups/Network groups are used to understand IP address diversity. See GetGroup() in src/netgroup.h.
• #27264 changed the logic of how peers from diverse netgroups were selected for establishing outbound connections.
  • before, we used to open persistent outbound connections to peers which have different netgroups compared to outbound full relay, block relay, addrfetch and feeler connection peers.
  • now, we open persistent outbound connections to peers which have different netgroups compared to outbound full relay, block relay and manual connection peers.
• However, Tor/I2P/CJDNS networks have only 16 possible distinct network groups. Network groups for Tor/I2P/CJDNS networks don't make sense since they are public key based network and not routing based. Also, they use only 4 variable bits in the GetGroup() logic resulting in 2**4 possibilities for netgroups.
• Bitcoin core allows 8 manual connections maximum and 8 outbound full relay connections maximum by default.
• So problem happens when you run a bitcoin core node on Tor-only (or I2P, CJDNS). If all these 8 + 8 connections have distinct netgroups, we don't have netgroups remaining for block relay only connections.
• Moreover, netgroup diversity when opening persitent outbound connections doesn't conceptually make sense in Tor/I2P/CJDNS since their IP addresses are not route-based.

Conceptual Questions

1. What are different types of outbound connections? Can you point region in code where these connections are established? hint: look in ThreadOpenConnections()
2. What's a netgroup? Why is netgroup diversity important when making an outbound connection?
3. How is netgroup diversity maintained when establishing outbound connections? hint: #27264

PR related Questions

1. Did you review the PR? Concept ACK, approach ACK, tested ACK, or NACK? What was your review approach?
2. What problem does this PR solve?
3. Why skip netgroup diversity checks when establishing outbound connections to Tor/I2P/CJDNS networks?
4. What does fCountFailure do?
5. What would happen if outbound_privacy_network_peers was absent in the code?
6. optional: why increasing 4 bits to 5 bits in GetGroup() logic (to increase total number of possible netgroups for Tor/I2P/CJDNS from 16 possibilities to 2**5 possibilities) isn't desirable.

Learning

• Net
• In/OutBound connections
• Net Grouping

  Note: Drop your PR and review related questions below