[Feature] feat: allow-external-peers #3163
Conversation
|
Ok, so if |
|
@vicsn ? |
Yes, I did not have this logic in mind. @joske can you analyse and update the PR? Depending on the scope of required changes, we may also need to rename the flag to make it sound appropriate. Can you also test the behavior manually? One suggested approach: start a network of e.g. 10 validators each having the new flag and the same 10 hardcoded client peers, and after half an hour you can check if all validators still have all client peers connected. Feel free to suggest another approach. Soon™️ this will be an automated integration test in CI, but that will take a few weeks still. :) |
joske
force-pushed
the
feat/nopeergossip
branch
2 times, most recently
from
514bb7e
to
f8274d2
Compare
There was a problem hiding this comment.
For clarity, can you share with how many validators and clients you tested?
I just tested using the devnet.sh script, without the --allow-outside-peers flag, and the clients still connect, is that expected behaviour? Or is there extra code we need so we can easily test in devnet.sh if this feature works?
Can you also confirm this is not an issue? https://github.com/AleoHQ/snarkOS/pull/3163#issuecomment-1980505760
joske
force-pushed
the
feat/nopeergossip
branch
2 times, most recently
from
db5a291
to
2485f0a
Compare
|
I would advocate for |
This PR ensures default behaviour WITHOUT flag is to NOT connect with peers. Therefore calling the flag |
|
@joske can you update this PR to reflect this change? |
|
Yes, was waiting for confirmation on the final name :) |
Please see above: --allow-external-peers is confirmed |
node/src/client/mod.rs
Outdated
| @@ -117,6 +117,7 @@ impl<N: Network, C: ConsensusStorage<N>> Client<N, C> { | |||
| trusted_peers, | |||
| Self::MAXIMUM_NUMBER_OF_PEERS as u16, | |||
| matches!(storage_mode, StorageMode::Development(_)), | |||
| false, | |||
There was a problem hiding this comment.
I should have spotted this sooner, but this is a bug. I think this should be true, and we should set it true for all the other invocations of Router::new as well, except for the validator where its set by a parameter. Because clients/provers are expected to always do peer discovery.
node/src/prover/mod.rs
Outdated
| @@ -110,6 +110,7 @@ impl<N: Network, C: ConsensusStorage<N>> Prover<N, C> { | |||
| trusted_peers, | |||
| Self::MAXIMUM_NUMBER_OF_PEERS as u16, | |||
| matches!(storage_mode, StorageMode::Development(_)), | |||
| false, | |||
There was a problem hiding this comment.
https://github.com/AleoHQ/snarkOS/pull/3163/files#r1525287483
@vicsn Should this be true as well according to your comment above?
|
@joske can you update all instances of |
node/router/src/handshake.rs
Outdated
| @@ -264,6 +264,12 @@ impl<N: Network> Router<N> { | |||
| if self.is_connected(&peer_ip) { | |||
| bail!("Dropping connection request from '{peer_ip}' (already connected)") | |||
| } | |||
| // Only allow trusted peers to connect if we are a validator | |||
| // (unless allow_external_peers is set) | |||
| let is_validator = self.node_type().is_validator(); | |||
There was a problem hiding this comment.
nit: is_validator is no longer necessary as part of the check (because allow_external_peers takes precedence)
node/router/src/heartbeat.rs
Outdated
| @@ -107,6 +107,12 @@ pub trait Heartbeat<N: Network>: Outbound<N> { | |||
| return; | |||
| } | |||
|
|
|||
| let is_validator = self.router().node_type().is_validator(); | |||
| // Skip if the node is not requesting peers. | |||
| if is_validator && !self.router().allow_external_peers() { | |||
There was a problem hiding this comment.
nit: is_validator is no longer necessary as part of the check (because allow_external_peers takes precedence)
node/router/src/heartbeat.rs
Outdated
| for peer_ip in self.router().connected_peers().into_iter().choose_multiple(rng, 3) { | ||
| self.send(peer_ip, Message::PeerRequest(PeerRequest)); | ||
| let is_validator = self.router().node_type().is_validator(); | ||
| if !is_validator || self.router().allow_external_peers() { |
There was a problem hiding this comment.
nit: is_validator is no longer necessary as part of the check (because allow_external_peers takes precedence)
node/router/src/inbound.rs
Outdated
| @@ -125,6 +125,9 @@ pub trait Inbound<N: Network>: Reading + Outbound<N> { | |||
| if !self.router().cache.contains_outbound_peer_request(peer_ip) { | |||
| bail!("Peer '{peer_ip}' is not following the protocol (unexpected peer response)") | |||
| } | |||
| if self.router().node_type().is_validator() && !self.router().allow_external_peers() { | |||
There was a problem hiding this comment.
nit: is_validator is no longer necessary as part of the check (because allow_external_peers takes precedence)
cli/src/commands/start.rs
Outdated
| #[clap(long = "allow-external-peers")] | ||
| /// If the flag is set, the validator will allow untrusted peers to connect |
There was a problem hiding this comment.
| #[clap(long = "allow-external-peers")] | |
| /// If the flag is set, the validator will allow untrusted peers to connect | |
| /// If the flag is set, the validator will allow untrusted peers to connect | |
| #[clap(long = "allow-external-peers")] |
howardwu
changed the title
Feature https://github.com/AleoHQ/snarkOS/issues/3155