@@ -1721,19 +1721,22 @@ void CConnman::ThreadOpenConnections(const std::vector<std::string> connect)
17211721 if (pnode->IsFullOutboundConn ()) nOutboundFullRelay++;
17221722 if (pnode->IsBlockOnlyConn ()) nOutboundBlockRelay++;
17231723
1724- // Netgroups for inbound and manual peers are not excluded because our goal here
1725- // is to not use multiple of our limited outbound slots on a single netgroup
1726- // but inbound and manual peers do not use our outbound slots. Inbound peers
1727- // also have the added issue that they could be attacker controlled and used
1728- // to prevent us from connecting to particular hosts if we used them here.
1724+ // Make sure our persistent outbound slots belong to different netgroups.
17291725 switch (pnode->m_conn_type ) {
1726+ // We currently don't take inbound connections into account. Since they are
1727+ // free to make, an attacker could make them to prevent us from connecting to
1728+ // certain peers.
17301729 case ConnectionType::INBOUND:
1730+ // Manually selected connections should not affect how we select outbound
1731+ // peers from addrman.
17311732 case ConnectionType::MANUAL:
1733+ // Short-lived outbound connections should not affect how we select outbound
1734+ // peers from addrman.
1735+ case ConnectionType::ADDR_FETCH:
1736+ case ConnectionType::FEELER:
17321737 break ;
17331738 case ConnectionType::OUTBOUND_FULL_RELAY:
17341739 case ConnectionType::BLOCK_RELAY:
1735- case ConnectionType::ADDR_FETCH:
1736- case ConnectionType::FEELER:
17371740 setConnected.insert (m_netgroupman.GetGroup (pnode->addr ));
17381741 } // no default case, so the compiler can warn about missing cases
17391742 }
0 commit comments