Stebalien
commented
3 years ago We should be backing off on specific addresses. Unfortunately, I think we may be clearing those backoffs on success?
Open marten-seemann opened 3 years ago
Stebalien
commented
3 years ago We should be backing off on specific addresses. Unfortunately, I think we may be clearing those backoffs on success?
We're currently re-dailing peers, even if the handshake failed for reasons other than connection timeout. For example, there are a bunch of peers around that present invalid certificates (where the certificate doesn't match the peer ID).
One way to solve this would be to remove the address from the address book. While this would help us prevent redials in the short term, we still might end up re-adding this address back to the address book later.
Another option would be to mark an address as "broken, do not redial" in the address book: This would blacklist this address for future dial attempts from our side. It would also make sure that we don't accidentally re-add this address later.
Depending on exactly how the address is broken, we might also want to not share this address with other peers. If we discover a mismatch between peer ID and the certificate, there's no point for other peers to even attempt a handshake. On the other hand, if our handshake failed e.g. due to an incompatibility of supported stream muxers, we'd still want to share this address. I'm not sure how this will interact with signed peer records though.