Stop relaying non-mempool txs, improve tx privacy slightly (p2p)

https://github.com/bitcoin/bitcoin/pull/17303

Host: MarcoFalke  -  PR author: MarcoFalke

Notes

  • Transactions in Bitcoin are gossiped by inv messages (a list of tx hashes) after they have been validated by the node. Peers can respond to these inv messages with a getdata message to request the transaction.
  • Bitcoin Core keeps a “relay memory” of all transactions that were sent out as invs for 15 minutes. getdata requests are answered from this relay memory.
  • A recent change (#16851) in the master branch of Bitcoin Core enables relay of transactions that have been removed from the relay memory. The motivation for this change was that low fee transactions that either didn’t make the inital relay or were evicted later on can now be requested. This allows for example to bump a low fee transaction higher in the mempool with a CPFP transaction. Also, it makes it possible for nodes to catch up on parent transaction when the node has been started with an empty mempool.
  • Transactions that made it into the relay memory stay there for 15 minutes, even if they have been included in a block or have been replaced by a higher fee transaction in the mempool. The proposed change (#17303)) removes the relay memory and uses the mempool exclusively as the relay memory. The change claims to improve privacy.

Questions

  1. Did you review the PR? Concept ACK, approach ACK, tested ACK, or NACK? (Don’t forget to put your PR review on GitHub.)

  2. What steps did you take, beyond reading the code?

  3. What is a shared pointer and why are transactions in Bitcoin Core generally managed as a shared pointer (CTransactionRef)?

  4. What is the difference between the memory pool (mempool) and the relay memory (mapRelay)?

  5. Is there an upper bound on the memory usage of the relay memory (mapRelay)? Under what circumstances is the expected memory usage low, under what circumstances is the memory usage high? (Hint: CTransactionRef is a shared pointer)

  6. Transactions are added to mapRelay when they are announced via an inv. Does mapRelay keep track of which peers it announced a transaction to? If no, how does that affect transaction relay privacy?

  7. Are there any remaining transaction relay privacy issues after this change?

  8. Do you think this change can be tested efficiently with unit or functional tests and why?

Meeting Log

  113:00 <@jnewbery> #startmeeting
  213:00 <MarcoFalke> ping
  313:00 <kanzure> hi
  413:00 <amiti> hi
  513:00 <ajonas> Hi
  613:00 <coma-shuffling> hi
  713:00 <MarcoFalke> hi
  813:00 <fjahr> hi
  913:00 <jonatack> hi
 1013:00 <@jnewbery> hi
 1113:00 <pinheadmz> hi
 1213:00 <@jnewbery> Hi folks. MarcoFalke has very kindly offered to host this week. I'll say a few words and then hand over to him.
 1313:00 <@jnewbery> First, I wanted to repeat what I said last week about using this channel.
 1413:00 <@jnewbery> Please just jump right in! The host will prompt the conversation with the questions at https://bitcoincore.reviews/, but don't feel like you need to wait until after those questions to make your comment or ask your question.
 1513:01 <b10c> hi
 1613:01 <@jnewbery> You're not being rude if the host asks a question and you make an unrelated comment!
 1713:01 <@jnewbery> We can have multiple threads going at the same time. If it gets too confusing the host can step in and ask people to address one topic first, but in general just go for it.
 1813:01 <@jnewbery> Also, don't ask to ask questions. There's no need to say things like "I have a question that I think might be off topic" or "is it ok if I ask my question now?". Just jump right in and ask. If it's off-topic, then people will tell you!
 1913:01 <fanquake> hi
 2013:01 <ariard> hi
 2113:01 <@jnewbery> There were a couple of questions asked before the meeting. I'll repeat them here so they make it to the meeting log.
 2213:01 <@jnewbery> < pinheadmz> 1 why is the loglevel for the testframework not `debug` (or even `spam`) by default? Today's PR modifies a test where I found the `debug` level output especially helpful
 2313:01 <@jnewbery> < pinheadmz> 2 the python tests often have random elements or non-deterministic elements. Today's test runs 100 times and breaks once a certain case is found -- 100 iterations make the expected behavior very likely, but couldn't the tests be written more acutely?
 2413:01 <@jnewbery> < MarcoFalke> re 1) log level of debug by default would be a bit spammy in the normal case (no failures expected). If you debug a test, you are assumed to either set -l DEBUG or combine the logs after a failure has been detected, in which case the debug messages are included as well
 2513:01 <@jnewbery> < MarcoFalke> re 2) let's discuss that in the meeting
 2613:01 <@jnewbery> ok, that's all I had to say. Over to Marco...
 2713:02 <MarcoFalke> hi, so let's get started with the basics. Everyone is familiar with how tx relay works in Bitcoin?
 2813:02 <MarcoFalke> Any questions about the gossip protocol?
 2913:02 <jkczyz> hi
 3013:03 <jasonzhouu> hi
 3113:03 <MarcoFalke> Ok, jumping into the questions, then
 3213:04 <MarcoFalke> So let's start by the general goal of this pull request
 3313:04 <MarcoFalke> Anyone want to take a try at giving a brief summary?
 3413:05 <pinheadmz> ok
 3513:05 <pinheadmz> seems like, there is this mapRelay where we kinda buffer TXs even after theyve been evicted from the mempool, for up to 15 minutes
 3613:05 <pinheadmz> This PR takes that out - so if a peer requests a tx that isnt STILL in the mempool, they get a notfound back
 3713:05 <coma-shuffling> reduce resource load, some privacy improvments?
 3813:06 <MarcoFalke> both correct
 3913:06 <pinheadmz> I dont understand what the mapRelay was used for beore this PR - the change makes so much sense !
 4013:06 <ajonas> So relay transaction seems like sort of an odd thing (was added for caching purposes?) and generally removing it simplifies the logic but also I'm a little unclear as to why this was added in the beginning
 4113:06 <@jnewbery> I had the same question. Why didn't we always just relay from the mempool? Privacy/fingerprinting concerns?
 4213:07 <jasonzhouu> +1
 4313:07 <MarcoFalke> mapRelay has been introduced before I was around, so I might not be able to answer that question with certainty
 4413:08 <jasonzhouu> Is relay momory mainly used to increase privacy, comparing to memery pool?
 4513:08 <@jnewbery> as a tip for code excavation, `git log -S <string>` shows all commits where that string is part of the diff
 4613:08 <@jnewbery> if I run `git log -SmapRelay`, I see that it was there in the first commit
 4713:09 <MarcoFalke> Previously transactions have been copied around in full, and CTransactionRef was introduced later on
 4813:09 <pinheadmz> jnewbery: cool trick tnx! and interesting its so old
 4913:09 <pinheadmz> who's sirius-m ?!
 5013:09 <MarcoFalke> It might have been neccessary in the early design of Bitcoin Core to have a copy of the tx around
 5113:10 <MarcoFalke> I think sirius has transformed the svn repo into a git repo
 5213:10 <ariard> isn't mapRelay a reason to be a useful tx relay peer if you have a mempool set to 0?
 5313:10 <ariard> or before than mempool was operational?
 5413:10 <@jnewbery> sirius is Martii Malmi. I think he was the second contributor to Bitcoin after Satoshi
 5513:11 <MarcoFalke> ariard: transactions are only added to mapRelay after they made it into the mempool
 5613:11 <fjahr> I did not dig deeper into this but on some level it made sense to me to decouple mempool behavior from relay behavior for privacy reasons.
 5713:11 <coma-shuffling> jnewbery correct
 5813:11 <@jnewbery> ariard: you can't relay transactions without a mempool
 5913:12 <@jnewbery> AcceptToMemoryPool is where we do our standardness checks
 6013:12 <ariard> jnewbery, MarcoFalke: looking on first git commit, seems mapRelay was already there
 6113:13 <MarcoFalke> fjahr: Good point. However, I think mempool and relay are too closely coupled to achieve good tx-origin privacy . There are a lot of tricks you can play to leak privacy
 6213:13 <pinheadmz> also interesting that the old txs in the maprelay arent pruned on a timeout or anything, just when sendMessages() is called
 6313:13 <pinheadmz> (IIUC)
 6413:14 <@jnewbery> pinheadmz: right, it's lazy deletion
 6513:14 <MarcoFalke> pinheadmz: The send messages function is called in a tight loop anyway, so it is close enough to a timeout
 6613:16 <coma-shuffling> FYI mapRelay is in the bitcoin-0.1.0 source code https://bitcointalk.org/index.php?topic=68121.0
 6713:16 <MarcoFalke> I think the main goal of the mapRelay expiry is to have some upper bound on its memory usage, which is achieved by the tight loop. (To some extend)
 6813:17 <MarcoFalke> Ok, my first question:
 6913:17 <MarcoFalke> What is a shared pointer and why are transactions in Bitcoin Core generally managed as a shared pointer (CTransactionRef)?
 7013:17 <coma-shuffling> It's referenced in relation to "CRITICAL_BLOCK" parts
 7113:18 <ajonas> shared_ptr is a smart pointer that retains shared ownership of an object through a pointer.
 7213:18 <ajonas> google!!
 7313:18 <jkczyz> It is a smart pointer that uses reference counting to determine when the memory can be deleted
 7413:19 <MarcoFalke> Yes, so why are transactions in bitcoin core managed that way?
 7513:19 <ajonas> because they are managed in a few different places
 7613:19 <jonatack> MarcoFalke: with a shared_ptr as opposed to a unique_ptr?
 7713:20 <fjahr> and because it saves memory
 7813:20 <MarcoFalke> fjahr: Yes
 7913:20 <jkczyz> Someone decided to punt on ownership :P
 8013:20 <jonatack> yes, when you heap-allocate a resource that needs to be shared among multiple objects
 8113:20 <MarcoFalke> jonatack: Good question! any takers?
 8213:21 <jonatack> there was a PR review discussion on this between sipa/gmax and jonas schnelli recently
 8313:21 <jkczyz> jonatack: Do you have a reference? I'd be intereted in reading
 8413:22 <jonatack> shared = more flexibility but more going on so slight perf hit, iirc
 8513:22 <jonatack> wrt unique
 8613:22 <MarcoFalke> jonatack: It is a shared_ptr to minimize mental load. I think a unique_ptr makes most sense when there is exaclty one owner, but in Bitcoin Core there can be many owners of a single transaction: E.g. (1) the most recent block, (2) the mempool, (3) mapRelay, (4) anything I forgot?
 8713:22 <@jnewbery> jonatack: this one: https://github.com/bitcoin/bitcoin/pull/14046#issuecomment-415814511 ?
 8813:23 <ajonas> am I right with a unique pointer once it's destroyed in one place it is reclaimed, but shared is all have to destroy it in order to deallocate?
 8913:23 <jonatack> jnewbery: yes, ty!
 9013:23 <MarcoFalke> (4) the miner
 9113:23 <jonatack> jnewbery: please give a masterclass on finding things quickly in GH :)
 9213:24 <@jnewbery> https://github.com/bitcoin/bitcoin/pulls?utf8=%E2%9C%93&q=is%3Apr+is%3Aopen+sipa+gmaxwell+jonasschnelli+shared
 9313:24 <MarcoFalke> ajonas: The shared pointer uses a reference count as pointed out by jkczyz. This is a slight overhead over unique_ptr, but gives more flexibility
 9413:24 <MarcoFalke> The shared pointer releases the memory when the count goes to 0
 9513:25 <jonatack> jnewbery: oh ty, using the PR filters in the GH web interface. will use that more.
 9613:25 <ajonas> marcofalke: OK. Guess I didn't quite get that.
 9713:26 <MarcoFalke> so unique_ptr is like a shared_ptr where the count can only be 0 or 1 exactly
 9813:26 <MarcoFalke> ok, going to the next question
 9913:26 <MarcoFalke> What is the difference between the memory pool (mempool) and the relay memory (mapRelay)?
10013:27 <pinheadmz> one thing for sure, made clear by this PR: mempool txs can be evicted for several reasons. the maprealy just expires after a set time
10113:27 <MarcoFalke> pinheadmz: Correct
10213:27 <MarcoFalke> Any other ideas what is different between them?
10313:28 <ariard> the mempool is a storage for unconf txn to help block construction
10413:28 <MarcoFalke> Or rather: What is common between them?
10513:28 <jasonzhouu> relay memory needs `inv`
10613:28 <ariard> it also serves for fee estimation and tx relay
10713:28 <MarcoFalke> jasonzhouu: Right. Transactions are only added to the relay memory after the first inv for the tx has been sent out
10813:28 <MarcoFalke> ariard: Correct
10913:29 <fjahr> mempool can be restricted in size and maprelay not I think
11013:29 <ariard> so there is an overlap between goals of both rn
11113:29 <MarcoFalke> fjahr: Good point. Can you explain why?
11213:29 <pinheadmz> i wonder if the original design was mempool would just be for cooking up blocks, and maprelay was for p2p ?
11313:30 <MarcoFalke> Or let's start easy: Can it be that the mempool and mapRelay have the same transactions in them?
11413:30 <ariard> there is a maxmempool option to restrict size
11513:30 <fjahr> yes
11613:30 <amiti> mapRelay will only have txns that have been previously accepted to the mempool, but they might no longer be there..
11713:30 <ariard> pinheadmz: yep was my wonder earlier
11813:30 <jasonzhouu> If mempool don't has limit size, then there is posibility of DoS attack.
11913:30 <fjahr> during the first 15min after startup anyway
12013:30 <amiti> I think the reason theres no explicit constraint on mapRelay is bc its implicit with size of mempool + time out ?
12113:31 <MarcoFalke> amiti: Yes, sort of
12213:31 <@jnewbery> It might surprise you all to know that mempool limiting was only added in v0.12.0: https://bitcoincore.org/en/releases/0.12.0/#memory-pool-limiting
12313:32 <MarcoFalke> Good old days when 0.11.0 nodes ran OOM
12413:32 <@jnewbery> prior to that you could OOM a node by filling up its mempool
12513:32 <MarcoFalke> Even with txs that pay no fee :)
12613:32 <fjahr> the point of the maprelay is to help with relay and so restricting it would hinder it so that would work against that goal
12713:33 <pinheadmz> jnewbery: no surprise, there was no volume back then :-)
12813:33 <MarcoFalke> ok, next question: Is there an upper bound on the memory usage of the relay memory (mapRelay)? Under what circumstances is the expected memory usage low, under what circumstances is the memory usage high? (Hint: CTransactionRef is a shared pointer)
12913:33 <@jnewbery> At a high level, I'd answer the question by saying that the mempool has a lot more structure than mapRelay
13013:33 <jonatack> jnewbery: was that the vuln demoed live onstage in 2016 at Breaking Bitcoin in Paris?
13113:34 <MarcoFalke> jnewbery: Also good point
13213:34 <@jnewbery> jonatack: no, that was something different
13313:34 <amiti> MarcoFalke: could you elaborate on "Yes, sort of"? what is correct / what am I missing ?
13413:34 <MarcoFalke> amiti: You are correct
13513:34 <@jnewbery> the mempool should always be consistent (ie the entire mempool can be made into a valid block if we ignore block weight limits)
13613:35 <@jnewbery> the mempool is also indexed in various ways that are useful for its clients
13713:35 <MarcoFalke> ok, let's move on to the next question
13813:35 <MarcoFalke> Is there an upper bound on the memory usage of the relay memory (mapRelay)?
13913:36 <ajonas> so Suhas said that "mapRelay is bounded by our rate-limited transaction relay algorithm" https://github.com/bitcoin/bitcoin/pull/14220#issuecomment-430710707
14013:36 <MarcoFalke> amiti already gave an answer, but could someone elaborate the point
14113:36 <ariard> there is an upper bound based on time and not on size, compare to the mempool
14213:37 <MarcoFalke> ajonas: Good point. That is one way to look at it. Does that give us nice estimates about the memory usage of mapRelay?
14313:38 <MarcoFalke> ariard: Good point. But why is it not on size? Note that transactions are only added to mapRelay after they entered the mempool?
14413:39 <pinheadmz> hmm all this talk about sahred pointers - maprealy shouldn't increase mem usage at all except in the case that mempool evicts a tx that maprelay still hangs on to
14513:39 <amiti> could mapRelay theoretically increase memory usage a lot if theres a lot of churn in the mempool? eg. small mempool and txns are getting INVed but then kicked out really rapidly
14613:40 <jasonzhouu> The max of relay memory is txs that have ever been included in mempool?
14713:40 <jasonzhouu> in the last 15 minutes
14813:40 <MarcoFalke> pinheadmz: Yes. Though, we store the txid and expiry time.
14913:40 <MarcoFalke> amiti: Yes.
15013:41 <MarcoFalke> jasonzhouu: Yes
15113:41 <ariard> MarcoFalke: because there is an assumption than size of mapRelay can't be bigger than mempool one due to dependency of former on latter ?
15213:42 <@jnewbery> ariard: I'm not sure if there's any such assumption (and if there were, it'd be invalid because of the reason amiti said)
15313:42 <MarcoFalke> So under what circumstances are txs evicted from the memory?
15413:42 <MarcoFalke> *mempool
15513:42 <amiti> for the reasons you listed in the PR description ... :)
15613:42 <MarcoFalke> amiti: heh
15713:42 <amiti> expiry, size limit, reorg, block, conflict, replaced
15813:42 <pinheadmz> RBF, blcok inclusion, mempool size limit
15913:43 <amiti> I have some questions about concerns that reviewers brought up...
16013:43 <jasonzhouu> 1. be included in block
16113:43 <amiti> sdaftuar mentions these changes can turn nodes with small mempools into "accidental DoSers", which I didn't fully understand.. so a node would send an INV to its peer, peer asks for GETDATA, during that time the txn has been evicted from the node's mempool so then it responds with NOTFOUND. why is this a DoS though? is it bc the peer waits until the request times out before asking another node for the tx?
16213:43 <jasonzhouu> 2. be replaced by higher fee tx
16313:44 <MarcoFalke> On a high level I found that rbfed txs and txs included in blocks were the primary reason that mapRelay uses more memory than the mempool
16413:44 <MarcoFalke> (Assuming the mempool does not operate on its size limit)
16513:44 <MarcoFalke> amiti: Good question!
16613:44 <pinheadmz> That alone is a great reason for this PR - why relay a tx that has already been RBF'd
16713:45 <amiti> ^ maybe because of privacy reasons, as mentioned from naumenkogs review
16813:45 <MarcoFalke> amiti: You answered that question yourself: "the peer waits until the request times out before asking another node for the tx"
16913:45 <jonatack> MarcoFalke: how did you find that?
17013:46 <MarcoFalke> jonatack: Run a Bitcoin Core full node with some added LogPrintf calls
17113:46 <jonatack> "net" logging too?
17213:46 <MarcoFalke> amiti: more specifically, we ignore NOTFOUND from peers to the extend that we don't use them to reschedule the tx download from a different peer
17313:47 <@jnewbery> amiti: also look at https://github.com/bitcoin/bitcoin/pull/15834. Before that, there was a bug that if a node INVed us a transaction and then didn't respond to the GETDATA, it wouldn't clear from our tx-in-flight map
17413:47 <MarcoFalke> amiti: See https://github.com/bitcoin/bitcoin/pull/15505
17513:47 <MarcoFalke> Ok, moving to the next question
17613:47 <MarcoFalke> Transactions are added to mapRelay when they are announced via an inv. Does mapRelay keep track of which peers it announced a transaction to? If no, how does that affect transaction relay privacy?
17713:48 <amiti> jnewbery, MarcoFalke: thanks :)
17813:49 <pinheadmz> we dont
17913:49 <ajonas> MarcoFalke: I don't believe it does keep track, which is what Gleb is proposing with a bloom filter to track it.
18013:49 <pinheadmz> mapRelay.insert(std::make_pair(hash, std::move(txinfo.tx)));
18113:49 <amiti> I believe this PR added the param `m_last_inv_sent` to keep track of the time the last set of INVs was announced to a peer, but doesn't keep track of specifically which one
18213:49 <amiti> *ones
18313:50 <MarcoFalke> pinheadmz: ajonas: Is the issue in the current code or is that introduced in my change?
18413:50 <MarcoFalke> And how does it affect privacy?
18513:50 <ajonas> current
18613:50 <MarcoFalke> I.e. what is the attack scenario?
18713:50 <pinheadmz> yeah maprealy is kinda dumb, just a list of txs, no peer info
18813:51 <ajonas> means it's still vulnerable to inferring your location in the tx relay network topology
18913:51 <MarcoFalke> How would you leak that?
19013:51 <pinheadmz> but i feel like i must be missing something, bc we woldnt send the same tx to a peer twice, or if it was the peer that sent it to us in the first place...
19113:52 <MarcoFalke> pinheadmz: We do (if they send a GETDATA twice)
19213:52 <ajonas> Gleb spells it out here: https://github.com/bitcoin/bitcoin/pull/17303#issuecomment-550460346
19313:52 <jonatack> flooding with the same tx iiuc
19413:52 <ajonas> basically flood network with tx_a and then selectively announce tx_b (RBF of tx_a). Start querying for tx_a - whoever responds with NOTFOUND received tx_b which means the node is closer to the node target.
19513:53 <pinheadmz> ajonas: wouldnt that be the behavior AFTER this is merged?
19613:53 <MarcoFalke> ajonas: Yes. And the privacy leak that allows us to infer the source of a transaction? (current master code)
19713:53 <MarcoFalke> Yeah, sorry. I was asking about BEFORE this is merged
19813:54 <pinheadmz> because the maprelay would still send tx_a to anyone who asked, even if the replacement was in the mempool
19913:54 <pinheadmz> heh, well I guess you could send a MEMPOOL request ?
20013:54 <amiti> I think currently the attack would be to have lots of connections to nodes on the network & send out GETDATAs for any new txn to identify which nodes already have the txn
20113:55 <amiti> and they would respond even though they didnt send you an INV message yet
20213:55 <MarcoFalke> amiti: Correct!
20313:55 <MarcoFalke> amiti: How many connections do you need per node on the network?
20413:56 <amiti> uhhh... I'm guessing more than one bc otherwise you wouldn't ask this question?
20513:56 <amiti> but I don't see why
20613:56 <ajonas> just 1
20713:56 <MarcoFalke> Yes, just one inbound cnnection is enough
20813:56 <amiti> oh lol
20913:56 <MarcoFalke> Ok, to wrap up...
21013:57 <coma-shuffling> wasn't such an attack presented at Scaling Bitcoin Tel Aviv?
21113:57 <MarcoFalke> Any questions left?
21213:57 <pinheadmz> coma-shuffling: that involved orphan txs i think
21313:57 <coma-shuffling> ah
21413:57 <pinheadmz> MarcoFalke: yeah i was just wondering about testing
21513:57 <MarcoFalke> < pinheadmz> 2 the python tests often have random elements or non-deterministic elements. Today's test runs 100 times and breaks once a certain case is found -- 100 iterations make the expected behavior very likely, but couldn't the tests be written more acutely?
21613:58 <amiti> ya- question around naumenkogs review. MarcoFalke: what do you think about the concern?
21713:58 <pinheadmz> i downloaded the PR and tried the test with and without the change. also tried the new test against the current code (without PR) nothing really changes there
21813:58 <pinheadmz> I see in the test you are being explicit that if a node did relay the tx back, you check that they got it in an inv or tx message
21913:58 <@jnewbery> suhas suggests that improving our NOTFOUND behaviour should be a precondition for this (https://github.com/bitcoin/bitcoin/pull/17303#issuecomment-547589047). Do you agree?
22013:58 <MarcoFalke> amiti: I think that my set of changes should be kept to a minimum that is still an improvement. I don't claim to fix all privacy issues and I think even fixing one is reason enough
22113:58 <amiti> ya I agree
22213:59 <MarcoFalke> amiti: Also the memory improvements might be worth it
22313:59 <MarcoFalke> amiti: Not to mention bandwidth
22413:59 <MarcoFalke> jnewbery: I disagree
22513:59 <ajonas> but reintroducing mapRelay again seems like a lot of churn
22613:59 <ajonas> as Gleb is suggesting
22714:00 <MarcoFalke> jnewbery: I think that suhas DOS case is an edge case and should not happen very often in the network.
22814:00 <jonatack> MarcoFalke: do you think the new tests cover the change of behavior sufficiently? What do you think about the current state of our p2p testing?
22914:00 <MarcoFalke> INV("endmeeting")
23014:00 <amiti> lol!
23114:00 <fjahr> NOTFOUND
23214:00 <MarcoFalke> lets keep going for two more minutes
23314:01 <jonatack> e.g. Suhas' issue here: https://github.com/bitcoin/bitcoin/issues/14210
23414:01 <jonatack> "Test coverage of our networking code"
23514:01 <MarcoFalke> jnewbery: And we do handle the case (even though it takes 120 secs or so to timeout)
23614:02 <MarcoFalke> jnewbery: Though, I'd like to see suhas fix as well. Assuming it doesn't itself result in a CPU DOS vector
23714:02 <MarcoFalke> ajonas: I don't think reintroducing mapRelay should be done
23814:02 <MarcoFalke> ajonas: If it is necessary, I'd rather have a limited map of map_recently_rbfd_txs
23914:03 <MarcoFalke> jonatack: pinheadmz: Good question about testing!
24014:03 <amiti> ya, I was wondering that .... if the attack is just about RBF txns, we'd hypothetically only have to keep track of those
24114:03 <MarcoFalke> What are the complications to test such a change? I.e. how to test the privacy guarantees?
24214:03 <MarcoFalke> amiti: Yes, agree.
24314:04 <MarcoFalke> Has anyone seen my test changes? What is the test doing before and what is it doing after my changes?
24414:04 <MarcoFalke> We will wrap up in one minute :)
24514:05 <MarcoFalke> #endmeeting
24614:05 <pinheadmz> all you added to the test was checking that if the tx was already announced to us, the txid exists in a inv or tx message
24714:05 <@jnewbery> Thanks MarcoFalke. Great meeting!
24814:05 <coma-shuffling> thanks MarcoFalke
24914:05 <MarcoFalke> jnewbery: Thanks for suggesting it to me
25014:06 <jasonzhouu> Thanks MacroFalke
25114:06 <jonatack> thanks everyone
25214:06 <MarcoFalke> Happy to do more of these
25314:06 <ariard> thanks MarcoFalke!
25414:06 <pinheadmz> thanks everyone!
25514:06 <amiti> thank you !
25614:06 <jonatack> thank you MarcoFalke for hosting]
25714:06 <ajonas> thanks Marco
25814:06 <MarcoFalke> thanks everyone for the answers and questions. Really high quality today
25914:06 <@jnewbery> I'll try to get notes and questions up for next week's meeting before the weekend. I'm travelling so I might not be able to attend but I think I have a host lined up
26014:07 <jonatack> jasonzhouu: MacroFalke, i like that +1
26114:07 <pinheadmz> !!!