Garbage collect incompatible peers in Host::run()

[halfalicious]

Garbage collect peers in Host::run() which are deemed incompatible - an incompatible peer is one with which we will never be able to successfully peer with (e.g. on a different chain or network, not running any capabilities).

[gumb0]

m_failedAttempts seems to affect only the value of fallbackSeconds currently. Maybe we should use it now to retry several times and then go to "critical error, disconnect" state.
(at least for some cases of failures)

[halfalicious]

@gumb0 Good idea - what do you think of this being taken care of in another PR? I'd like to limit the amount of changes I make to the peer gc logic in this PR so if something ends up breaking it will be easier to debug.

[gumb0]

Ok for another PR, but it seems to be the matter of only adding condition like m_failedAttempts >= 20 to uselessPeer function.

[gumb0]

Additional thought is that we could make all this change more conservative if we leave fallbackSeconds() as it was before (so that we do the same reconnects as before) and have just this check for failed attempts count in uselessPeer (plus the new check for handshake failures)
This way it would reconnect with the same intervals for each case as before, but stop after limited number of attempts.

But I'm fine with it if you think it's better to immediately stop in some cases.

[codecov-io]

Codecov Report

Merging #5624 into master will increase coverage by <.01%.
The diff coverage is 59.42%.

@@            Coverage Diff             @@
##           master    #5624      +/-   ##
==========================================
+ Coverage   62.62%   62.63%   +<.01%     
==========================================
  Files         350      350              
  Lines       29690    29742      +52     
  Branches     3344     3350       +6     
==========================================
+ Hits        18593    18628      +35     
- Misses       9889     9901      +12     
- Partials     1208     1213       +5

[gumb0]

Some minor comments and a small bug in the loop iterating over peers.

[gumb0]

Maybe better onHandshakeFailed

[gumb0]

Also I would make it public and declare close to startPeerSession

[halfalicious]

@gumb0 : Why make this public, does it make sense to expose the concept of a handshake to consumers of Host?

[gumb0]

Well it looks to me like a callback similar to startPeerSession, the callback called by RLPXHandshake when handshake is finished. One is for success another one is for failure.

It works as private, because RLPXHandshake is a friend of Host, but idealluy we should get rid of this friend declarations at some point.

Exposing it to the clients of Host is of course not great, but the proper way to deal with it could be to create a separate interface with these callbacks only, don't expose it to Host clients, but pass it only to RLPXHandshake. That's a bit complicated change, at least it's not for this PR.

(In other words, we won't make it much worse, because startPeerSession is already public)

[halfalicious]

Well it looks to me like a callback similar to startPeerSession, the callback called by RLPXHandshake when handshake is finished. One is for success another one is for failure.

It works as private, because RLPXHandshake is a friend of Host, but idealluy we should get rid of this friend declarations at some point.

Exposing it to the clients of Host is of course not great, but the proper way to deal with it could be to create a separate interface with these callbacks only, don't expose it to Host clients, but pass it only to RLPXHandshake. That's a bit complicated change, at least it's not for this PR.

(In other words, we won't make it much worse, because startPeerSession is already public)

Ah that makes sense, thank you for clarifying! 😄 I'll make the change before merging.

[gumb0]

Not sure about UserReason - this could in theory be any kind of reason specific to subprotocol, including some temporary reasons, maybe it makes sense to try to reconnect

[halfalicious]

I chose to treat UserReason as terminal because we only use it in 2 cases - if status validation fails:

aleth/libethereum/BlockChainSync.cpp

Lines 190 to 202 in 505aead

	std::string disconnectReason;
	if (peerSessionInfo->clientVersion.find("/v0.7.0/") != string::npos)
	disconnectReason = "Blacklisted client version.";
	else
	disconnectReason = _peer.validate(
	host().chain().genesisHash(), host().protocolVersion(), host().networkId());
	if (!disconnectReason.empty())
	{
	LOG(m_logger) << "Peer " << _peer.id() << " not suitable for sync: " << disconnectReason;
	m_host.capabilityHost().disconnect(_peer.id(), p2p::UserReason);
	return;
	}

Here's where we perform the actual validation in EthereumPeer::validate:

aleth/libethereum/EthereumPeer.cpp

Lines 58 to 68 in 505aead

	if (m_networkId != _hostNetworkId)
	error << "Network identifier mismatch. Host network id: " << _hostNetworkId
	<< ", peer network id: " << m_networkId;
	else if (m_protocolVersion != _hostProtocolVersion)
	error << "Protocol version mismatch. Host protocol version: " << _hostProtocolVersion
	<< ", peer protocol version: " << m_protocolVersion;
	else if (m_genesisHash != _hostGenesisHash)
	error << "Genesis hash mismatch. Host genesis hash: " << _hostGenesisHash.abridged()
	<< ", peer genesis hash: " << m_genesisHash.abridged();
	else if (m_asking != Asking::State && m_asking != Asking::Nothing)
	error << "Peer banned for unexpected status message.";

• If there's a bug in our network code and Session read validation fails:

  aleth/libp2p/Session.cpp

  Lines 409 to 418 in 505aead

  	else if (_length != _expected)
  	{
  	// with static m_data-sized buffer this shouldn't happen unless there's a regression
  	// sec recommends checking anyways (instead of assert)
  	LOG(m_netLoggerError)
  	<< "Error reading - TCP read buffer length differs from expected frame size ("
  	<< _length << " != " << _expected << ")";
  	disconnect(UserReason);
  	return false;
  	}

You bring up a good point though, technically it can be any reason specific to a subprotocol and other clients can also choose to send it to us for reasons specific to their implementation. I think that rather than treating it as immediately critical we should use it in some sort of reconnection count threshold.

[halfalicious]

@gumb0 I've decided to change UserReason -> UselessPeer when status message validation fails for a peer (since if that happens the peer is effectively useless to us i.e. we can't sync with it). I've also added in logic in Peer::isUseless to take the number of failed connection attempts into account when the last disconnect isn't critical.

[gumb0]

Looks good, feel free to make onHandshakeFailed public, if you agree with my reasoning, but it's not critical