14ceddd290
3bd67ba5a4ef3c20ef1f873b63c9f53a6c8608b6 Test addr response caching (Gleb Naumenko)
cf1569e074505dbbb9d29422803dd31bb62072d4 Add addr permission flag enabling non-cached addr sharing (Gleb Naumenko)
acd6135b43941fa51d52f5fcdb2ce944280ad01e Cache responses to addr requests (Gleb Naumenko)
7cc0e8101f01891aa8be093a00d993bb7579c385 Remove useless 2500 limit on AddrMan queries (Gleb Naumenko)
ded742bc5b96e3215d69c11fb3628d224e7ae034 Move filtering banned addrs inside GetAddresses() (Gleb Naumenko)
Pull request description:
This is a very simple code change with a big p2p privacy benefit.
It’s currently trivial to scrape any reachable node’s AddrMan (a database of all nodes known to them along with the timestamps).
We do have a limit of one GETADDR per connection, but a spy can disconnect and reconnect even from the same IP, and send GETADDR again and again.
Since we respond with 1,000 random records at most, depending on the AddrMan size it takes probably up to 100 requests for an spy to make sure they scraped (almost) everything.
I even have a script for that. It is totally doable within couple minutes.
Then, with some extra protocol knowledge a spy can infer the direct peers of the victim, and other topological stuff.
I suggest to cache responses to GETADDR on a daily basis, so that an attacker gets at most 1,000 records per day, and can’t track the changes in real time. I will be following up with more improvements to addr relay privacy, but this one alone is a very effective. And simple!
I doubt any of the real software does *reconnect to get new addrs from a given peer*, so we shouldn’t be cutting anyone.
I also believe it doesn’t have any negative implications on the overall topology quality. And the records being “outdated” for at most a day doesn’t break any honest assumptions either.
ACKs for top commit:
jnewbery:
reACK 3bd67ba5a4ef3c20ef1f873b63c9f53a6c8608b6
promag:
Code review ACK 3bd67ba5a4ef3c20ef1f873b63c9f53a6c8608b6.
ariard:
Code Review ACK 3bd67ba
Tree-SHA512: dfa5d03205c2424e40a3f8a41af9306227e1ca18beead3b3dda44aa2a082175bb1c6d929dbc7ea8e48e01aed0d50f0d54491caa1147471a2b72a46c3ca06b66f
Functional tests
Writing Functional Tests
Example test
The file test/functional/example_test.py is a heavily commented example of a test case that uses both the RPC and P2P interfaces. If you are writing your first test, copy that file and modify to fit your needs.
Coverage
Running test/functional/test_runner.py with the --coverage argument tracks which RPCs are
called by the tests and prints a report of uncovered RPCs in the summary. This
can be used (along with the --extended argument) to find out which RPCs we
don't have test cases for.
Style guidelines
- Where possible, try to adhere to PEP-8 guidelines
- Use a python linter like flake8 before submitting PRs to catch common style nits (eg trailing whitespace, unused imports, etc)
- The oldest supported Python version is specified in doc/dependencies.md. Consider using pyenv, which checks .python-version, to prevent accidentally introducing modern syntax from an unsupported Python version. The Travis linter also checks this, but possibly not in all cases.
- See the python lint script that checks for violations that could lead to bugs and issues in the test code.
- Use type hints in your code to improve code readability and to detect possible bugs earlier.
- Avoid wildcard imports
- Use a module-level docstring to describe what the test is testing, and how it is testing it.
- When subclassing the BitcoinTestFramework, place overrides for the
set_test_params(),add_options()andsetup_xxxx()methods at the top of the subclass, then locally-defined helper methods, then therun_test()method. - Use
'{}'.format(x)for string formatting, not'%s' % x.
Naming guidelines
- Name the test
<area>_test.py, where area can be one of the following:featurefor tests for full features that aren't wallet/mining/mempool, egfeature_rbf.pyinterfacefor tests for other interfaces (REST, ZMQ, etc), eginterface_rest.pymempoolfor tests for mempool behaviour, egmempool_reorg.pyminingfor tests for mining features, egmining_prioritisetransaction.pyp2pfor tests that explicitly test the p2p interface, egp2p_disconnect_ban.pyrpcfor tests for individual RPC methods or features, egrpc_listtransactions.pytoolfor tests for tools, egtool_wallet.pywalletfor tests for wallet features, egwallet_keypool.py
- Use an underscore to separate words
- exception: for tests for specific RPCs or command line options which don't include underscores, name the test after the exact RPC or argument name, eg
rpc_decodescript.py, notrpc_decode_script.py
- exception: for tests for specific RPCs or command line options which don't include underscores, name the test after the exact RPC or argument name, eg
- Don't use the redundant word
testin the name, eginterface_zmq.py, notinterface_zmq_test.py
General test-writing advice
- Instead of inline comments or no test documentation at all, log the comments to the test log, e.g.
self.log.info('Create enough transactions to fill a block'). Logs make the test code easier to read and the test logic easier to debug. - Set
self.num_nodesto the minimum number of nodes necessary for the test. Having additional unrequired nodes adds to the execution time of the test as well as memory/CPU/disk requirements (which is important when running tests in parallel). - Avoid stop-starting the nodes multiple times during the test if possible. A stop-start takes several seconds, so doing it several times blows up the runtime of the test.
- Set the
self.setup_clean_chainvariable inset_test_params()to control whether or not to use the cached data directories. The cached data directories contain a 200-block pre-mined blockchain and wallets for four nodes. Each node has 25 mature blocks (25x50=1250 BTC) in its wallet. - When calling RPCs with lots of arguments, consider using named keyword arguments instead of positional arguments to make the intent of the call clear to readers.
- Many of the core test framework classes such as
CBlockandCTransactiondon't allow new attributes to be added to their objects at runtime like typical Python objects allow. This helps prevent unpredictable side effects from typographical errors or usage of the objects outside of their intended purpose.
RPC and P2P definitions
Test writers may find it helpful to refer to the definitions for the RPC and P2P messages. These can be found in the following source files:
/src/rpc/*for RPCs/src/wallet/rpc*for wallet RPCsProcessMessage()in/src/net_processing.cppfor parsing P2P messages
Using the P2P interface
-
messages.py contains all the definitions for objects that pass over the network (
CBlock,CTransaction, etc, along with the network-level wrappers for them,msg_block,msg_tx, etc). -
P2P tests have two threads. One thread handles all network communication with the bitcoind(s) being tested in a callback-based event loop; the other implements the test logic.
-
P2PConnectionis the class used to connect to a bitcoind.P2PInterfacecontains the higher level logic for processing P2P payloads and connecting to the Bitcoin Core node application logic. For custom behaviour, subclass the P2PInterface object and override the callback methods. -
Can be used to write tests where specific P2P protocol behavior is tested. Examples tests are p2p_unrequested_blocks.py, p2p_compactblocks.py.
Prototyping tests
The TestShell class exposes the BitcoinTestFramework
functionality to interactive Python3 environments and can be used to prototype
tests. This may be especially useful in a REPL environment with session logging
utilities, such as
IPython.
The logs of such interactive sessions can later be adapted into permanent test
cases.
Test framework modules
The following are useful modules for test developers. They are located in test/functional/test_framework/.
authproxy.py
Taken from the python-bitcoinrpc repository.
test_framework.py
Base class for functional tests.
util.py
Generally useful functions.
mininode.py
Basic code to support P2P connectivity to a bitcoind.
script.py
Utilities for manipulating transaction scripts (originally from python-bitcoinlib)
key.py
Test-only secp256k1 elliptic curve implementation
blocktools.py
Helper functions for creating blocks and transactions.
Benchmarking with perf
An easy way to profile node performance during functional tests is provided
for Linux platforms using perf.
Perf will sample the running node and will generate profile data in the node's
datadir. The profile data can then be presented using perf report or a graphical
tool like hotspot.
There are two ways of invoking perf: one is to use the --perf flag when
running tests, which will profile each node during the entire test run: perf
begins to profile when the node starts and ends when it shuts down. The other
way is the use the profile_with_perf context manager, e.g.
with node.profile_with_perf("send-big-msgs"):
# Perform activity on the node you're interested in profiling, e.g.:
for _ in range(10000):
node.p2p.send_message(some_large_message)
To see useful textual output, run
perf report -i /path/to/datadir/send-big-msgs.perf.data.xxxx --stdio | c++filt | less
See also:
- Installing perf
- Perf examples
- Hotspot: a GUI for perf output analysis