Aleth waits for 2 seconds after sending disconnect packet

[twinstar26]

Fixes #5650
Old PR #5658

[codecov-io]

Codecov Report

Merging #5707 into master will increase coverage by 0.07%.
The diff coverage is 73.33%.

@@            Coverage Diff             @@
##           master    #5707      +/-   ##
==========================================
+ Coverage   63.06%   63.14%   +0.07%     
==========================================
  Files         353      353              
  Lines       30196    30193       -3     
  Branches     3386     3386              
==========================================
+ Hits        19044    19064      +20     
+ Misses       9918     9896      -22     
+ Partials     1234     1233       -1

[halfalicious]

@twinstar26 Is this ready for review? If so, can you please request a review from myself / gumb0 / chfast?

[halfalicious]

Changelog should describe the behavior with your fix applied (e.g. "Aleth now waits for 2 seconds after sending disconnect to peer before closing socket")

[halfalicious]

Session::disconnect will still close the socket immediately (Session::drop closes the socket and you're calling it in both your timer handler and outside the handler if it hasn't already been called i.e. !m_dropped). Since what we want to do is delay the socket closure for 2 seconds, you should move the code which closes the socket out of Session::drop and into the timer handler and also not call drop inside of the timer handler.

[twinstar26]

@halfalicious
Thanks for the reviews!
Okay so I have to copy required logic of drop into disconnect and never call drop from inside of disconnect and its handler. Am I right??

[halfalicious]

You should move the socket closure code out of drop and into the handler. Don’t call drop inside of the handler but still call it in your else statement in disconnect (since we want to prevent further session operations after we have sent the disconnect, you can see that we check for m_drop in various places in session and return early)

[twinstar26]

@halfalicious
So pushed changes according to your suggested changes. But was curious what will happen to code thats calling drop() (apart from disconnect) separately??

[gumb0]

This still doesn't look right:

1. Changing drop() now breaks all the cases where it is called from other methods of Session. I guess those are reasonable cases where we wanted to just disconnect immediately without sending Disconnect packet (with current changes we won't disconnect)

2. Calling disconnect now doesn't ever set m_dropped to true. @halfalicious Maybe you meant calling current form of drop from inside if (!m_dropped) clause?

[halfalicious]

@gumb0 You're right we need to also call drop() inside of the !m_dropped clause.

I don't think this new form of drop breaks anything though...even if drop doesn't close the socket all shared_ptr Session instances will still go out of scope and therefore Session will be garbage collected by Host and the socket will be closed when the dtor is invoked. Note that functions in which we pass new shared_ptr instances (shared_from_this) to handlers check if (m_dropped) and then prematurely terminate before creating new handlers (e.g. doRead). In fact, after taking a closer look at the Session code, I don't think we need to explicitly close the socket at all in any place other than the dtor (unless there's some benefit to closing the socket sooner rather than later that I'm not aware of)? If we just call drop() without closing the socket the Session instance will be destroyed once all queued handlers which contain a shared_ptr instance are executed and the Host garbage collects the Session.

So, to summarize:

• I think we should call drop() in both the if (!m_dropped) and else cases...in fact, we can simplify this by removing the "else" case and always calling drop() after the if (!m_dropped) code block since drop returns early if m_dropped is true.
• I think we can remove all cases where we close the socket except for in the dtor.

@gumb0 : Thoughts?

[gumb0]

I don't think we need to explicitly close the socket at all in any place other than the dtor (unless there's some benefit to closing the socket sooner rather than later that I'm not aware of)?

@halfalicious The benefit I see is that we immediately stop answering any further requests on this connection, not waiting for all handlers to terminate, so maybe it's more efficient...

Also, what if some malicious peer keeps DOSing us with some invalid requests on this connection - it will be kept in the handler queue (because the new data keeps coming) and never disconnected, it seems so.

[gumb0]

@halfalicious pointed out to me:

I think that we will still stop reading packets from a peer if we call drop without closing the socket since we check for m_dropped at the beginning of Session::doRead before proceeding with the read:

aleth/libp2p/Session.cpp

Lines 318 to 322 in d8f4498

	void Session::doRead()
	{
	// ignore packets received while waiting to disconnect.
	if (m_dropped)
	return;

I think I agree with this reasoning.

[gumb0]

One corner case to check: spec requires that we disconnet immediately upon receiving Disconnect packet ourselves. My experiment confirms that this looks to be working correctly with current changes in this PR:

TRACE 08-08 11:54:24 p2p  p2pcap Disconnect from (##a8768590…@51.141.78.53:30303)
DEBUG 08-08 11:54:24 p2p  p2pcap Disconnect (reason: Peer had too many connections.) from (##a8768590…@51.141.78.53:30303)
DEBUG 08-08 11:54:24 p2p  net    Closing peer session with (##a8768590…@51.141.78.53:30303)

[halfalicious]

One corner case to check: spec requires that we disconnet immediately upon receiving Disconnect packet ourselves. My experiment confirms that this looks to be working correctly with current changes in this PR:

TRACE 08-08 11:54:24 p2p  p2pcap Disconnect from (##a8768590…@51.141.78.53:30303)
DEBUG 08-08 11:54:24 p2p  p2pcap Disconnect (reason: Peer had too many connections.) from (##a8768590…@51.141.78.53:30303)
DEBUG 08-08 11:54:24 p2p  net    Closing peer session with (##a8768590…@51.141.78.53:30303)

@gumb0 Confirmed by looking at the code - when we receive a disconnect packet we call drop immediately in Session::interpretP2pPacket:

aleth/libp2p/Session.cpp

Lines 142 to 154 in 78355a2

	case DisconnectPacket:
	{
	string reason = "Unspecified";
	auto r = (DisconnectReason)_r[0].toInt<int>();
	if (!_r[0].isInt())
	drop(BadProtocol);
	else
	{
	reason = reasonOf(r);
	LOG(m_capLogger) << "Disconnect (reason: " << reason << ") from";
	drop(DisconnectRequested);
	}
	break;

[gumb0]

I think this timer will be destroyed right after this function ends, and outstanding wait operation will be cancelled. (Probably should be made a member?)

[halfalicious]

@gumb0 Agreed, in my prototype I had captured the timer in the handler but making it a member works as well (and also enables us to make it unique_ptr rather than shared_ptr as I see you've done) 😄

[gumb0]

I moved the calls to timer's member inside createTimer() function to hide these lower-level details from Host's users and for better symmetry between postWork and createTimer

[gumb0]

Rebased.

[gumb0]

One thing I still don't like here is that we have the same code (closing the socket) here in the timer handler and then in destructor. And destructor is executed anyway, so perhaps we could avoid this duplication, maybe just posting empty handler? @halfalicious what do you think?

[halfalicious]

@gumb0 Yes I agree with this, in fact I suggested this earlier in this PR 😄

[halfalicious]

Confirmed that we wait for 2 seconds now:

TRACE 08-12 21:33:11 p2p  p2pcap Disconnecting (our reason: Peer had no use for this node.) from (##03957ecc…@51.75.127.66:30303)
TRACE 08-12 21:33:11 p2p  net    Disconnect to (##03957ecc…@51.75.127.66:30303)
...
DEBUG 08-12 21:33:13 p2p  net    Closing peer session with (##03957ecc…@51.75.127.66:30303)

[halfalicious]

@gumb0 I think this is ready to be merged, please give it a quick look when you get a chance

[gumb0]

That was doxygen syntax to refer to the parameter inside description
(http://www.doxygen.nl/manual/commands.html#cmda)

Suggested change

	/// Execute work on the network thread after an @_expiryDelay delay.
	/// Execute work on the network thread after an @a _expiryDelay delay.

[halfalicious]

@gumb0 That's what I suspected but I saw different syntax used in other parts of the project e.g.:

aleth/libethereum/Account.h

Lines 150 to 152 in 78355a2

	/// @returns account's original storage value corresponding to the @_key
	/// not taking into account overlayed modifications
	u256 originalStorageValue(u256 const& _key, OverlayDB const& _db) const;