This also solves the bug where when appending a dublicated proposal, a new duplicate fork being created, resulting in never finalizing, as forks of same height existed
This is also a protocol-breaking change. We now have a bit looser
certificate verification that does not append the base32-encoded
public key into the altName.
because of the refinery running in the background, if we remove a peer
from the white or greylist on upgrade it can create an index error in
when seperate threads execute this code at the same time:
refinery:
upgrades node to whitelist, removes from greylist
upgrade_host:
upgrades node to anchorlist, removes from greylist
leaving a "safe" peer on the grey or whitelist is not a problem. the
only impact is that we risk selecting a peer from the whitelist that we
are already connected as an anchor, but p2p checks exist to protect
from this.
equally, if we remove from the greylist or whitelist on upgrade_host this can
happen:
upgrade_host:
upgrades node to anchorlist, removes from greylist
protocol_addr:
recv Addr
do we have this node? no, add to greylist
refinery: promotes to whitelist, etc
the above scenario makes removing the host in this case redundant.
Previously we were shuffling hosts that we select to avoid trying to
connect to them in a deterministic order. However, this contradicts the
protocol of ordering hostlists by last_seen.
Instead, we should try to connect to addresses stored at the top of the
hostlists first, as they are most likely to be active.
The problem of multiple slots competing for the same peer should be
solved by the various locking checks in check_address_with_lock().
Lilith now periodically pings nodes on its whitelist, updating their
last_seen field if they are active, otherwise downgrading them to
greylist.
This is to prevent Lilith from sharing inactive peers with other hosts
when it shares its whitelist.
This commit introduces a new Session method called downgrade_host().
It gets called on two occasions:
* if we receive a stop signal on a channel (Inbound, Outbound, Manual sessions)
* if we cannot establish a connection (Outbound and Manual session)
This commit deprecates the "rejected" vector inside Outbound session
that prevented us from instantly reconnecting to an inactive host.
