New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
whiteconnections should be re-added #8798
Comments
I also run into this with armory. |
@EthanHeilman Can you please look at this issue? |
@paveljanik I'll take a look. I am not familiar with the new connection exhaustion countermeasure code and I should be. |
I'm hitting this issue now as I have an SPV node running on limited hardware that connects to a trusted full node on another machine. The full node accepts public connections as well and sometimes doesn't have a slot for my SPV node even though the IP it's connecting from is whitelisted. It'd be nice if the full node would eject some other non-whitelisted node to make room for my SPV node when it's trying to connect. |
@asoltys As a temporary measure, I believe that these iptables rules will limit the number of incoming connections:
Note that the (This is largely untested.) |
@theymos thanks I hadn't even thought of using iptables but that should do the trick! |
@theymos thanks for raising this - I was wondering why my whitelisted SPV node had stopped being able to connect to my full-node - this would explain why. I don't think reverting #6374 is the best solution though - at least, not in a way that available inbound connections are reduced while the white connections are not in use. Ideally I would like to see the feature where when a white connection comes in, an existing low-rating inbound connection is evicted to make room for it. This way it's simply a case of white connections having priority over other inbound connections, without needing to state how many slots to reserve. |
it would be helpful, with a |
Possible solution WIP: #27600 looking for concept ACKs ! |
Proposed alternative to #27600 is a setting such that bitcoind listens for inbound connections but does not advertise itself |
The
whiteconnections
option was added in 0.12 but later removed in #6374 because it was viewed as being redundant. While whitelisted connections can no longer be evicted as of that PR,whiteconnections
is still useful because it allows for new connections. For example, you could have a full node that you use as a gateway for several of your lightweight nodes, and in this case it may be impossible for you to connect to your gateway due to insufficient connection slots. whiteconnections solved this, but it is now removed.Here's a real-world complaint about this issue: https://www.reddit.com/r/Bitcoin/comments/540hoj/can_whitelistnetmask_free_up_a_connection/
Perhaps it would be more elegant to detect when a whitelisted peer is trying to connect when we have no more connection slots, and trigger the eviction of a non-whitelisted inbound peer in this case. But it's probably easier to just re-add
whiteconnections
.The text was updated successfully, but these errors were encountered: