New banning misbehavior handling and Peers Tab on Debug Console #1537
Conversation
Also implement misbehavior increment check.
|
Note that I have tested this on testnet and a crippled node on mainnet with good results. The DoS BOOST unit tests have also been expanded to cover the new functionality. |
cyrossignol
left a comment
cyrossignol
left a comment
There was a problem hiding this comment.
This looks great so far. Will do some more in-depth testing tomorrow.
|
I wonder if the default decay rate is too rapid? I should probably put a tunable in there for the rate, with a default value. |
jamescowens
changed the title
jamescowens
force-pushed
the
new_banning_system_time_decay
branch
from
c8ff963 to
f2ce505
Compare
|
Would like to see this for more testing and testing on a heavy node. |
jamescowens
force-pushed
the
new_banning_system_time_decay
branch
from
f2ce505 to
30eb261
Compare
|
The latest force push looks really good to me. Compiles and runs well on all my devices... I don't have a Mac to check that. I am running on my scraper node for mainnet with good results. |
|
Here is a screenshot of this running on my Windows testnet node... |
|
yup ipv6 is a growing in usage. my big node has ipv6 as well. ipv6 also reduces nat issues and also ipv6 is preferred over ipv4 if both available. |
cyrossignol
left a comment
cyrossignol
left a comment
There was a problem hiding this comment.
Seems like everything is working and the new tab looks great 🙂
src/net.cpp
Outdated
| // Allow newbies to connect easily | ||
| int64_t nTime = GetAdjustedTime(); | ||
| if (nTime - pnode->nTimeConnected > 24) | ||
| if (nTime - pnode->nTimeConnected > 45) |
There was a problem hiding this comment.
Just curious... what's the reason for this change?
There was a problem hiding this comment.
due to our older net code, bignodes sometimes do not send a version message within that period of connecting, so I upped it. #1548 optimizes this portion of net processing and actually gets rid of that setting altogether.
|
This is to prevent conflicts with #1538. |
Added - Add testnet desktop launcher action for Linux #1516 (@caraka) - Shuffle vSideStakeAlloc if necessary to support sidestaking to more than 6 destinations #1532 (@jamescowens) - New Superblock format preparations for Fern #1526, #1542 (@jamescowens, @cyrossignol) - Multisigtools - Consolidate multisig unspent #1529 (@iFoggz) - Scanforunspent #1547 (@iFoggz) - consolidatemsunspent and scanforunspent bug fix #1561 (@iFoggz) - New banning misbehavior handling and Peers Tab on Debug Console #1537 (@jamescowens) - Reimplement getunconfirmedbalance rpc #1548 (@jamescowens) - Add CLI switch to display binary version #1553 (@cyrossignol) Changed - Select smallest coins for contracts #1519 (@iFoggz) - Move some functionality from miner to SelectCoinsForStaking + Respect the coin reserve setting + Randomize UTXO order #1525 (@iFoggz) - For voting - if url does not contain http then add it #1531 (@iFoggz) - Backport newer serialization facilities from Bitcoin #1535 (@cyrossignol) - Refactor ThreadSocketHandler2() Inactivity checks #1538 (@iFoggz) - Update outdated checkpoints #1539 (@barton2526) - Change needed to build Gridcoin for OSX using homebrew #1540 (@Git-Jiro) - Optimize scraper traffic for expiring manifests #1542 (@jamescowens) - Move legacy neural vote warnings to debug log level #1560 (@cyrossignol) - Change banlist save interval to 5 minutes #1564 (@jamescowens) - Change default rpcconsole.ui window size to better support new Peers tab #1566 (@jamescowens) Removed - Remove deprecated RSA weight and legacy kernel #1507 (@cyrossignol) Fixed - Clean up compiler warnings #1521 (@cyrossignol) - Handle missing external CPID in client_state.xml #1530 (@cyrossignol) - Support boost 1.70+ #1533 (@iFoggz) - Fix diagnostics failed to make connection to NTP server #1545 (@Git-Jiro) - Install manpages in correct system location #1546 (@Git-Jiro) - Fix ability to show help and version without a config file #1553 (@cyrossignol) - Refactor QT UI variable names to be more consistent, Fix Difficulty default #1563 (@barton2526) - Fix two regressions in previous UI refactor #1565 (@barton2526) - Fix "Owed" amount in output of "magnitude" RPC method #1569 (@cyrossignol)
3 participants
The design is a sparse map keyed by CAddress, where no entry means a misbehavior of zero.
If a node is banned, the misbehavior entry is left in place. It is erased (meaning zeroed...) when the node is unbanned, or the banlist is cleared. This is done by match to sub_net, because manual bans can be placed on individual addresses or entire subnets. Automatic bans are always on individual addresses (subnets with /32 mask) and misbehaviors are also on individual addresses and the service port number (CAddress).
I have debated whether the banlist should be indexed by CNetAddr rather than CAddress, and have decided CAddress (which includes the remote port number) is the right one. Someone could have several nodes running on the same address through port forwarding/NAT, and if we use CNetAddr only, if one node misbhehaves, it would result in banning all nodes behind the address. The disadvantage of CAddress is that a node that disconnects and reconnects using different port numbers can evade banning for moderate misbehavior by spreading out the misbehavior to multiple CAddress entries corresponding to different ports with the same IP.
misbehavior also decays linearly by default banscore (100) / 86400 every second.
This also implements the peers tab on the debug console, which allows GUI users to interact with the nodes and ban/unban by right-clicking.