Closed blacktemplar closed 4 years ago
There is some slack time already; the backoffs are cleared every few ticks, so we won't try to send a GRAFT immediately after expiration.
That is not a real slack in my opinion. In the extreme case it might happen that the next tick that clears the backoffs gets executed directly after the 60 seconds are over in which case again peer B
would punish peer A
.
Fair enough, we could add an explicit slack of 1s or something before attempting the next GRAFT.
You also need to consider the time it gets for the GRAFT to get there, which should roughly match the time it takes for the backoff to expire in the other side if we initiated the PRUNE. But RTTs can be variable, so agreed this could be problematic in the edge case.
fix in #374.
Consider the following scenario:
A
sends aPRUNE
to peerB
with a backoff time of 60 seconds. It stores the 60 second backoff time in its internal data structure.B
receives thePRUNE
message after a short delay of lets say one second and stores the 60 second backoff in its internal data structure.A
sent thePRUNE
it might decide toGRAFT
to peerB
again and sends aGRAFT
.B
in less than a second and therefore for peerB
the backoff is still active and it declines theGRAFT
and punishes peerA
.To circumvent such punishments peer
A
should consider some slack time before it sends aGRAFT
to peer B. So I propose adding some slack times to backoffs after sending aPRUNE
. Note that this slack time should only be considered for sendingGRAFT
s and not for checking if an incomingGRAFT
is allowed (in this case we consider the real backoff time without the additional slack).