diff --git a/src/net.cpp b/src/net.cpp index 77f95a2b87..b2fb0a7ff1 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -2482,19 +2482,20 @@ void CConnman::ThreadOpenConnections(const std::vector connect, CDe if (pnode->IsBlockOnlyConn()) nOutboundBlockRelay++; if (pnode->IsFullOutboundConn() && pnode->ConnectedThroughNetwork() == Network::NET_ONION) nOutboundOnionRelay++; - // Netgroups for inbound and manual peers are not excluded because our goal here - // is to not use multiple of our limited outbound slots on a single netgroup - // but inbound and manual peers do not use our outbound slots. Inbound peers - // also have the added issue that they could be attacker controlled and used - // to prevent us from connecting to particular hosts if we used them here. + // Make sure our persistent outbound slots belong to different netgroups. switch (pnode->m_conn_type) { + // We currently don't take inbound connections into account. Since they are + // free to make, an attacker could make them to prevent us from connecting to + // certain peers. case ConnectionType::INBOUND: - case ConnectionType::MANUAL: - break; - case ConnectionType::OUTBOUND_FULL_RELAY: - case ConnectionType::BLOCK_RELAY: + // Short-lived outbound connections should not affect how we select outbound + // peers from addrman. case ConnectionType::ADDR_FETCH: case ConnectionType::FEELER: + break; + case ConnectionType::MANUAL: + case ConnectionType::OUTBOUND_FULL_RELAY: + case ConnectionType::BLOCK_RELAY: setConnected.insert(m_netgroupman.GetGroup(pnode->addr)); } // no default case, so the compiler can warn about missing cases }