Facility to use multiple message channels (including IRC servers or other) #568
Conversation
Changes Unknown when pulling a7a09df on AdamISZ:mc-collection into * on JoinMarket-Org:develop*. |
Thanks. I will review the code soon. From a quick skim of it, I think making the irc options a csv list in joinmarket.cfg is a bad idea. IMO it's better to move them to a separate file (maybe in json format). It's what I did in the old multiirc branch. It's far more extensible, we may thank ourselves later for doing it when adding matrix or another msgchan. |
It's not so much that it's a bad idea, as that I put it off. I wanted to use subsections in the config, but then found out that ConfigParser doesn't support that, surprisingly. So I just used something minimal that works OK for now. So yeah, flexible config is a TODO. I hadn't intended to go as far as a separate file, but sure, that works. |
These are managed by a MessageChannelCollection object implemented in message_channel.py. Broadcast messages are to all channels, private messaging occurs over one (per side). Disconnects handled dynamically, optimistically switching to other viable channels where possible. Another step added to callback chain for some callbacks to manage global state such as trigger of on_welcome() or on_disconnect(). Added db lock to OrderbookWatch (applies in ultra-fast testing scenarios) Testing features added to test with multiple message channels, and allowing injection of disconnects during the run. Has been tested successfully with multiple IRC servers but can allow other message channel types with minimal changes. Update user level scripts to use collection of IRC servers.
Changes Unknown when pulling 088ca1d on AdamISZ:mc-collection into * on JoinMarket-Org:develop*. |
I started running on cyberguerrilla (normal pit) and freenode #joinmarket-pit If anyone wants to join me in testing it, do the usual trick (I'm posting this assuming there are other git ignoramuses out there, or people with equally bad memories): Edit the
If you connect over Tor instead to cyberg (not freenode, you can't apparently), it ought to work just as well as before, so if it doesn't, that's an important bug report. |
… mc status as (re)connected
Changes Unknown when pulling 65bb4de on AdamISZ:mc-collection into * on JoinMarket-Org:develop*. |
Been running for several days on the latest version with apparently no problems, including a lot of transactions. But since I'm the only one on the freenode channel, it's a bit artificial. Anyone could give it a go? |
Could we go to another IRC server instead of freenode? Because freenode doesn't scramble the hostnames so anybody can see the bots IP addresses. I suggest maybe Rizon, QuakeNet or EFNet. |
Will run a YG using this later today. And I'd prefer not to leak IP adress info as well. |
Even if yield-generators don't care about their IP, takers almost certainly will. I've got a list somewhere of good IRC servers to use that I wrote when I coded the multiirc branch a few months ago. |
Good stuff, thanks. I remember a suggestion on IRC: https://www.oftc.net/Tor/ didn't really look into it though. |
Somehow I was not happy with any particular way of doing the config, but I paid attention to your advice @chris-belcher and I agree that the extra file is probably best due to being extensible. The problem is it's not really as human editable as it should be (most would rightly balk at editing json by hand) and so we should really create a "add msgchan" py script, which is a bit of a shame. Or did I miss a better way? I'll start from your template config, looks like a good layout. |
maybe XML ? |
Both json and XML are human editable, but aren't intended to be used like that, right. Maybe I'll just add a |
Just to document this here as well: |
I realised it's only very rarely that we'd want the actual users to edit the IRC servers to connect to. So I'd say it doesn't have to be a very human-editable file format, it could be json. |
…first, control welcome with lock
Changes Unknown when pulling eda7c64 on AdamISZ:mc-collection into * on JoinMarket-Org:develop*. |
Thanks to @AlexCato a few days ago for the keen eye, see above, added code to "see" a counterparty if their first communication is via privmsg (fill) rather than only if via pubmsg. Live testing it some more. |
tACK Edit: Maybe something like: If that message is even needed at all. |
Still up an running for several days in a row without any problems. |
The moment I say everything's fine...
I have 2 IRC servers configured, and since there's still an "!orderbook" coming through (so that will be CgAn), the one to irc.rizon.net probably broke but does not/cannot be re-established? I still had coinjoins after that time, so this doesnt break the whole system/other irc connection. Edit: |
Hmm. The "errored while trying to quit" is not particularly indicative; we've always had those. The tests in the test suite test cases of one channel going down and having transactions continue/complete. The case of a channel going down and then restarting correctly is more difficult to figure out. The specific scenario you described: it dropped from CgAn, failed for a long time, but didn't manage to restart, does indeed suggest there's a problem. Could you email me the log of that yg? (scrub it if you like). Thanks. |
A brief look at the code suggests it ought to work (see MessageChannelCollection.on_connect_trigger and .on_disconnect_trigger). I'll try to find a way to create that scenario in a test. I thought I had already seen it work. |
(Edit: for clarification, I did this test) Test: start 4 ygs on 2 local miniircd servers. Check they respond to !orderbook. Then, manually kill one of the irc servers and tail -f the log of one of the ygs. see the on_disconnect fire, see the connect attempts (every 30 seconds). !orderbook still works OK on the non-shutdown server. Then, manually restart the (second) irc server. See the bots reconnect OK. Then, !orderbook them on that IRC server, and they respond on that server. Seems basically correct. I guess looking at the log might help. |
Did a sendpayment with manual picking of our running bots on the 3 channels. It seems OK, at least I can't see anything wrong in the log. Removed the inappropriately scary error message. |
Yeah, it's the best kind of error, an undeterministic one (/s)... because my ISP disconnects every 24h automatically for a second, it usually does recover just fine. Just sometimes it does not. Will send you the logs later when I'm back home. |
@AlexCato you could take a look at that transaction I made too, in that log. Easy to find, the amount is 1000000 ; what is interesting is this: I was watching the channels, and while both your and my yg bot participated successfully, your bot did not send out any orderbook updates after either the unconfirmed or the confirmed event (while mine did). |
The non-update is intended: And if you request to join 0.5 btc, it moves those from mix0 to mix1. But the published amounts available for coinjoining are not changing, that's still 3 btc. So no update will be sent out. |
Oh my mistake, I forgot, thanks. |
check for existence of callbacks friendlier nick leave message
Changes Unknown when pulling c3646f0 on AdamISZ:mc-collection into * on JoinMarket-Org:develop*. |
@AlexCato The above includes a bugfix: on_disconnect_trigger calls the on_disconnect callback in the bot (such as yieldgenerator). If this is set to None (which it is by default, and is for yg), then it would crash before because I didn't check that it was not None. So that's fixed and similarly for other callbacks. Also un-scarified the debug for nicks leaving. I believe this was the cause of both your and my case of "dying after disconnect". I tested manually that that specific code change allowed reconnection after all channels were lost (that's what seemed to happen in both your and my cases). I think one thing remains: on_nick_change, need to check that it doesn't do anything naughty. I'll look at that soon. |
@AdamISZ thanks for fixing this and sorry for the late answer, busy times lately. I'll get the updated version tonight and keep an eye on it the next few days. |
Latest commit 6b8fcce is intended as a proposal for discussion, and note it is a protocol break. Do not merge as of now. What is implemented is:
With this arrangement, it is safe for participants to dynamically switch channels at any point in the conversation, because we ignore messages that are not correctly signed. Current approach: pubmsgs are still allowed without verification. The entry point to private messages is I'm going to review the logic of the above, feel free to chime in on how it should work. What should be fixed/improved, at least my current thoughts:
I don't think an extra ~100 bytes per message is going to change much; at the margin there will be a little more throttling, but that is mainly happening with messages that are between 1000-5000 bytes. (Passed build test locally, but there is a merge conflict apparently) |
I do not see any more weaknesses in this approach when "TODO make sure it chooses the channels on which the taker !ob was seen" is implemented. Since we're talking just a few bytes back and forth in IRC channels here, I dont see a need to optimized the hash to the absolute minimum effective length; why not just use at least an order of magnitude more of what you deem safe? This data will not be stored forever, contrary to data on the blockchain, so there should be some safety margin imho. Some makers probably will use the same ephemeral key for several weeks. What's the identifier byte good for? Overall, this seems like a good change to make. |
I'm worrying about maximum nick length enforced on IRC servers. We might need to find the most compact encoding to fit a reasonable entropy in ~ 14 characters (pure guess as to what is reasonable there).
I don't have a strong argument for it; I was thinking of dropping it too. I think it first entered my head thinking "there might be different rules for different messaging servers", plus "some messaging servers won't allow a number as first character". I can imagine other arguments for it too, e.g. "different bot types in the future might need it".
Yes, sorry this was tacitly assumed. It seemed most sensible to keep developing this on this branch, but at some point we should have all updates on one new branch (I think we already have a 'newprotocol', but probably a new one). |
e8ad6fa , after some chat on IRC: most (all?) IRC servers allow NICK_LEN >> 20, so we seem safe to have a system like: 1 type byte, 1 joinmarket_version byte, 14 bytes base58 encoding (but not b58check) of first 10 bytes of sha256 of pubkey. This b58 encoding is right padded with 'O' to its max len (since b58 is not a fixed length encoding). Base58 chosen due to alphanumeric requirements of message channel usernames/nicks. This should leave room for nick cycling. Build test passes. NICK_HASH_LENGTH and NICK_MAX_ENCODED are set as module vars in message channel; any change to the former needs the corresponding change in the latter. 10 bytes is considered an adequate defence against brute force (considering this doesn't have anywhere near the requirements of a private key). |
Had another think about this part, and I believe what is currently coded is the right approach. In detail:
|
DO NOT MERGE - this is now a protocol break as of 6b8fcce
The goal is to make it transparent to current users - existing config files will still work the same. Adding a new server should be as simple as adding another item in comma separated lists to the config MESSAGING section.
The commit comments give the basic gist of it. Any code review would be great.
I will add some more details later here.
I'll start running it on freenode and cyberguerrilla myself today, probably.