-
-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
p2p: fix back ping to discover healthy peers to connect to #8640
Conversation
@selsta and I just ran the following test:
|
This implies that autodetecting SSL does not work, right ? If so, this seems to be the real problem, and disabling SSL just bodges it. |
I don't think it would make sense to call While I think a fix for autodetect in To fix autodetect in Synchronous monero/contrib/epee/include/net/abstract_tcp_server2.inl Lines 1752 to 1769 in 365fd45
monero/contrib/epee/include/net/abstract_tcp_server2.inl Lines 1636 to 1657 in 365fd45
I believe the fact that Circling back to my original point: I think this PR is still justified as is toward preventing the back ping because SSL should be disabled for p2p connections. I think it's worth a separate PR to make sure |
Clarifying: when a wallet initiates an outbound connection to a daemon, SSL autodetect is handled correctly in this totally separate area of the code: monero/contrib/epee/include/net/net_helper.h Lines 158 to 248 in 365fd45
I don't see how a "server" would ever initiate an outbound SSL connection using the And circling back again: regardless, I'm not seeing why |
And FWIW I read the backlog of discussion here, and had my cup of coffee. The |
@j-berman one thing for maintenance - should the parameter positions be flipped? The string default here, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ugh. Wrong PR.
@vtnerd agree with the above :) Will submit a new maintenance PR with SSL fixed in EDIT: I might have misunderstood that you were suggesting the param change for this PR. I also think this PR needs to be merged sooner rather than later, so would prefer to keep this PR as small and simple as possible, and will do the maintenance PR separately |
Sounds good. |
Does a node ever attempt to back-ping on a loopback address? |
@j-berman That's exactly what I was looking for, thank you! I was looking for the reason why the back-ping test wasn't working locally. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was able to confirm this patch fixed the node so that back pings work 👍🏻
Overview
When Node A receives an incoming connection from Node B, Node A will attempt to "back ping" Node B to see if Node B would be a healthy peer to connect to in the future. #8426 introduced a bug that causes Node A to fail to back ping Node B: Node A attempts to read Node B's response over an SSL stream, which errors out (looks like because Node A does not establish an SSL connection with Node B ... see more on this here).
The back ping seems to be a critical component of the p2p protocol for getting incoming connections (also see this comment). As such, I think fixing the back ping in this PR should help resolve or alleviate the lack of incoming peers issue reported in #8520 once enough nodes on the network start running it. To be clear, if you run this PR with your node, this PR wouldn't help you get incoming connections directly -- the nodes your node connects to must also run this update in order to help you get incoming connections.
The fix
The fix matches
connect_async
's logic to this synchronous call to connect(), ensuring that a node attempting to back ping its incoming connection will use the expected SSL setting (as the code is structured today, this specificm_ssl_support
appears to always be disabled since SSL isn't supported for p2p connections).How to manually test
Run 2 nodes, pointing one to the other. Start Node A normally with
--log-level 2
and ensure that Node A can receive incoming connections. Start Node B with the flag--add-priority-node <Node A>
and also make sure that Node B can receive incoming connections.Once Node B initiates the connection to Node A, make sure that Node A successfully back pings Node B. In order to make sure this happens, grep Node A's logs for "PING SUCCESS" and you should see Node B's <IP:port number>.
If you try repeating the above test without this PR, there should be no "PING SUCCESS" in the logs. A lack of "PING SUCCESS" indicates that Node A does not add Node B to its white list, which means that neither Node A nor the rest of the network will know that Node B is a healthy peer to connect to right off the bat.
Note: I plan on writing an explicit test for this behavior to ensure we don't end up breaking back ping behavior again in the future.