I stand corrected

Wait, so the tx hash does not cover the signature?

The tx hash includes the signatures.

The signature scheme was updated from a straight data hash to a two level hash to allow calculating the hash of a pruned tx.

The hash of the pruned data is one of the inputs to the second hashing level.

So if you don't have the pruned data, you can still do it if you have that hash (which is a lot smaller than the pruned data).

Which of these two hashes is used as txid in the block info, and to calculate the merkle root of the block?

The final one :)

And there are not two but 4. First level has 3, second level has 1.

So without the signature data (lost to pruning), I assume that one would not be able to calculate the second-level hash - and therefore, they would not be able to verify that a given transaction matches a specific txid in a pruned block. Correct?

Yes, unless you have the hash of the pruned data.

Oooh I see, so a pruned node just keeps that hash and can thus compute the txid. Neat!

lnd (go) strikes again, c-lightning fine

I need some help. I hosted mainnet monero node behind NAT, forwarded ports (18080, 18089), but have only one incoming connection(I seen many before_handshake connections, but only one normal connection). Why is this happening and how to fix it??

llacqie[m]: monero-project/monero #8520

you might also have this issue

But I also host stagenet node(which is not behind NAT, but on node which provide NAT(server that acts as router) so they have same IP address) and everything is fine

And I thought it might be some kind of restriction on connections from a single IP

Because all incoming connections to the node come from the same IP (because the node is behind NAT)

llacqie[m]: there's a `--max-connections-per-ip` flag

which defaults to 1

selsta: Thank you, it helped, now there are more than one connections)

But, no, I can have more than one connection only when I add my peer to another node as exclusive peer((

And the only node that isn't mine isn't syncing, maybe it's a bot, so there's probably another reason why peers don't want to connect to my node.

So now I think this issue describes my case too monero-project/monero #8520

Other nodes are trying to connect, but after the handshake they disconnect((

16:24 <llacqie[m]> But, no, I can have more than one connection only when I add my peer to another node as exclusive peer(( <-- what do you mean with this?

selsta: When I run monerod on another host with "--add-priority-node <ip_of_my_node>:18080 --no-sync" it connects successfully and I have 2 incoming connections

right but that's what doesn't make sense to me

i have seen the same behavior with other nodes on the linked github issue

manually connecting works fine

llacqie[m]: is this your home internet connection?

selsta: No, it's a VPS

To be more precise, these are two VPS, each with ipv4, but one of them nevertheless goes online through the second

try it without NAT and see if you still have the same issue

I just tried to disable redirecting all traffic through the second host. And it turns out quite interesting behavior. I still have an incoming connection from my second host (NAT is working) and no other incoming (although the IP has changed)

*disable forwarding

you'll have to wait a bit

But it really looks like the incoming connection from this bot does not let other peers connect.

but then manually connecting also wouldn't work

Manually connecting works through NAT and directly

Now I have up to 3 incoming connections

One of this nodes is monero(dot)fail node, another one is a bot with peer_id ffdad98ead103705, and third one maybe bot too

third one also have peer_id ffdad98ead103705

If I ban that bot, another bot with similar id connects

ip from 162.218.65.0/24 subnet

Exactly as specified in the issue

If I ban subnet, bot from 209.222.252.0/24 connects

and if you ban that too?

But bots from the subnet 209.222.252.0/24 behave differently

I know these bots exist but so far I'm not convinced they are related to your issue

I banned these subnets, restarted monerod and deleted p2pstate. And I got more than 3 incoming connections for a short time

Ah, this is probably because when I delete the p2p state, the bans are reset

bans reset on monerod restart

unless you specify a --ban-list

Added really big banlist(popular banlist + all subnets of bot's AS), and anyway 0 incoming connections

Also blocked these 3 subnets by firewall

[ 2220.227234] [UFW ALLOW] IN=ens3 OUT= MAC=52:54:00:11:3b:af:02:00:00:00:00:01:08:00 SRC=103.231.91.232 DST=<my_ip> LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=26728 DF PROTO=TCP SPT=38334 DPT=18080 WINDOW=42780 RES=0x00 SYN URGP=0

There are lots of incoming connections to 18080 port, according to the firewall

fwiw, the sybil nodes in the three listed ip ranges are very aggressive... they show up thousands of times in node network scans, and each ip shows up with like 5 different p2p ports

I am analyzing traffic using wireshark. And so far I have seen the following behavior: our node (node A) connects to node B(port n to 18080), they communicate. And at some point node B decides to connect to node A(port n to our 18080), a handshake occurs, but instead of communicating over this connection node B immediately closes it.

Yes, all connections, except those that are started manually by me, behave like this.

And does anyone host a node here without these problems, what parameters do you use?

llacqie[m]: if you ban all 3 subnets you get zero incoming peers?

apart from manual connections?

<selsta> "llacqie: if you ban all 3..." <- Yes

even after restart?

in the linked issue someone had the same issue on stagenet / testnet

I banned all subnet's from bots' AS

restarted

*banned by adding to banlist

removed p2pstate

I wrote above how the nodes behave, I think the problem is in this, and not in these bots

llacqie[m]: you said you don't have this issue on your stagenet node, what happens when you run a mainnet node on this exact machine?

selsta: 25 gigabytes of storage

Stupidly there is not enough space to synchronize

llacqie[m]: I'm just trying to see if we can isolate the issue somehow

The nodes don't even try to request anything from my node, they just connect and disconnect, it's really weird.

Why do they connect at all? Are there any checks that run only after connection and make the node disconnect?

Or do they check that the port is open?

If yes, then this is a very weird check, it can also be an open port of any other service running over tcp