public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Mike Hearn <mike@plan99.net>
To: Gavin Andresen <gavinandresen@gmail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Request review: drop misbehaving peers
Date: Thu, 15 Sep 2011 13:45:04 +0200	[thread overview]
Message-ID: <CANEZrP3FFEK0xrZqQkPyi8uoyb=XiPU7fSJDcGCLxiGH2uh3dQ@mail.gmail.com> (raw)
In-Reply-To: <CABsx9T2MKTYCeOqERXKBMYEqNEK4eo9jGt81gZE1=Fv=s3wEqA@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1730 bytes --]

Probabilistic disconnections could make it quite hard to debug protocol
implementations and increases the risk of flaky behaviour in the wild
significantly. I don't see why a simpler solution isn't better.

The most likely failure mode of this is not an attack but the same as
previous breakages - scaling or legitimate version skew that causes problems
as the network evolves.

Agree with Luke that non-standard transactions should not be considered an
attack.

If you stay with the scoring system I'd be tempted to have a flag (defaults
to 100) that sets a minimum threshold for the badness scores and ignores any
below that. Attacks based on sending transactions that aren't syntactically
valid don't seem likely to me, this isn't a good way to DoS somebody because
discarding them is so cheap. If it turns out later there is a problem,
people under attack could flip the flag until a new version is released.

The formula for the DoS score in the case of invalid signatures/merkle roots
seem unnecessarily elaborate. An invalid signature should never occur and
could always result in immediate disconnection.

Treating a block with too many sigops as invalid means legitimate relayers
might be treated as an attacker if/when the constant changes in future. I'd
suggest not treating this as an attacking situation at all.

Why use a mutable field with a const setter?

Unit tests that rely on sleeps like this can be flaky because the OS delay
isn't always precise, not to mention slow/irritating to run. It's better if
tests can override the clock, eg, if GetTime() did something like

   if (nMockTime) { return nMockTime} else { ... }

then unit tests could reliably modify and advance the clock in a
fast/efficient manner.

[-- Attachment #2: Type: text/html, Size: 2003 bytes --]

  parent reply	other threads:[~2011-09-15 11:45 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-15  1:57 [Bitcoin-development] Request review: drop misbehaving peers Gavin Andresen
2011-09-15  2:06 ` Luke-Jr
2011-09-15 10:43   ` Christian Decker
2011-09-15 12:56   ` kjj
2011-09-15 15:36     ` Luke-Jr
2011-09-15 16:04       ` kjj
2011-09-15 16:41         ` solar
2011-09-15 17:29         ` Luke-Jr
2011-09-15 16:19       ` Gavin Andresen
2011-09-15 17:41         ` Douglas Huff
     [not found]           ` <CABsx9T3HCVAn5ECuPWfAyZ4zt3WCbyKPF-7DV1HY2j2TKjavrg@mail.gmail.com>
2011-09-15 18:36             ` Douglas Huff
2011-09-15 19:07               ` Gavin Andresen
2011-09-15 11:45 ` Mike Hearn [this message]
2011-09-15 12:25   ` Gavin Andresen
2011-09-15 13:00     ` Stefan Thomas
2011-09-15 14:06       ` Gavin Andresen
2011-09-15 14:21         ` Gregory Maxwell
2011-09-15 16:21         ` Mike Hearn
2011-09-16 12:57         ` Joel Joonatan Kaartinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CANEZrP3FFEK0xrZqQkPyi8uoyb=XiPU7fSJDcGCLxiGH2uh3dQ@mail.gmail.com' \
    --to=mike@plan99.net \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=gavinandresen@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox