diff options
author | zugz <mbays+tox@sdf.org> | 2018-07-25 08:43:48 +0100 |
---|---|---|
committer | zugz (tox) <mbays+tox@sdf.org> | 2018-09-05 20:56:26 +0200 |
commit | 1b2322284f0b688af3a349fe4331be15a565084c (patch) | |
tree | 7651c11b4ec1edd927151e9655727fb0b2365a7c /docs | |
parent | 6872c14e1a02445d945623ee6e85230c5d7ecbce (diff) |
Add mechanism for recovering from disconnections in conferences
* add freezing and unfreezing of peers
* add rejoin packet
* revise handling of temporary invited connections
* rename "peer kill" packet to "peer leave" packet
* test rejoining in conference test
* use custom clock in conference test
Diffstat (limited to 'docs')
-rw-r--r-- | docs/minpgc.md | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/docs/minpgc.md b/docs/minpgc.md new file mode 100644 index 00000000..aa2ed1dc --- /dev/null +++ b/docs/minpgc.md | |||
@@ -0,0 +1,128 @@ | |||
1 | # Persistent conferences | ||
2 | |||
3 | This document describes the "minpgc" simple persistent conferences | ||
4 | implementation of PR #1069. | ||
5 | |||
6 | Many of the ideas derive from isotoxin's persistent conferences | ||
7 | implementation, PR #826. | ||
8 | |||
9 | ## Specification of changes from pre-existing conference specification | ||
10 | We add one new packet type: | ||
11 | |||
12 | Rejoin Conference packet | ||
13 | |||
14 | | Length | Contents | | ||
15 | |:-------|:--------------------------------| | ||
16 | | `1` | `uint8_t` (0x64) | | ||
17 | | `33` | Group chat identifier | | ||
18 | |||
19 | |||
20 | A peer times out from a group if it has been inactive for 60s. When a peer | ||
21 | times out, we flag it as _frozen_. Frozen peers are disregarded for all | ||
22 | purposes except those discussed below - in particular no packets are sent to | ||
23 | them except as described below, they are omitted from the peer lists sent to | ||
24 | the client or in a Peer Response packet, and they are not considered when | ||
25 | determining closest peers for establishing direct connections. | ||
26 | |||
27 | A peer is considered to be active if we receive a group message or Rejoin | ||
28 | packet from it, or a New Peer message for it. | ||
29 | |||
30 | If a frozen peer is seen to be active, we remove its 'frozen' flag and send a | ||
31 | Name group message. (We can hold off on sending this message until the next | ||
32 | tox\_iterate, and only send one message if many frozen peers become active at | ||
33 | once). | ||
34 | |||
35 | If we receive a New Peer message for a peer, we update its DHT pubkey. | ||
36 | |||
37 | If we receive a group message originating from an unknown peer, we drop the | ||
38 | message but send a Peer Query packet back to the peer who directly sent us the | ||
39 | message. (This is current behaviour; it's mentioned here because it's important | ||
40 | and not currently mentioned in the spec.) | ||
41 | |||
42 | If we receive a Rejoin packet from a peer we update its DHT pubkey, add a | ||
43 | temporary groupchat connection for the peer, and, once the connection is | ||
44 | online, send out a New Peer message announcing the peer, and a Name message. | ||
45 | |||
46 | Whenever we make a new friend connection, we check if the public key is that | ||
47 | of any frozen peer. If so, we send it a Rejoin packet, add a temporary | ||
48 | groupchat connection for it, and, once the connection is online, send the | ||
49 | peer a Peer Query packet. | ||
50 | |||
51 | We do the same with a peer when we are setting it as frozen if we have a | ||
52 | friend connection to it. | ||
53 | |||
54 | The temporary groupchat connections established in sending and handling Rejoin | ||
55 | packets are not immediately operational (because group numbers are not known); | ||
56 | rather, an Online packet is sent when we handle a Rejoin packet. | ||
57 | |||
58 | When a connection is set as online as a result of an Online packet, we ping | ||
59 | the group. | ||
60 | |||
61 | When processing the reply to a Peer Query, we update the DHT pubkey of an | ||
62 | existing peer if and only if it is frozen or has not had its DHT pubkey | ||
63 | updated since it last stopped being frozen. | ||
64 | |||
65 | When we receive a Title Response packet, we set the title if it has never been | ||
66 | set or if at some point since it was last set, there were no unfrozen peers | ||
67 | (except us). | ||
68 | |||
69 | ## Discussion | ||
70 | ### Overview | ||
71 | The intention is to recover seamlessly from splits in the group, the most | ||
72 | common form of which is a single peer temporarily losing all connectivity. | ||
73 | |||
74 | To see how this works, first note that groups (even before the changes | ||
75 | discussed here) have the property that for a group to be connected in the | ||
76 | sense that any peer will receive the messages of any other peer and have them | ||
77 | in their peerlist, it is necessary and sufficient that there is a path of | ||
78 | direct group connections between any two peers. | ||
79 | |||
80 | Now suppose the group is split into two connected components, with each member | ||
81 | of one component frozen according to the members of the other. Suppose there | ||
82 | are two peers, one in each component, which are using the above protocol, and | ||
83 | suppose they establish a friend connection. Then each will rejoin the other, | ||
84 | forming a direct group connection. Hence the whole group will become connected | ||
85 | (even if all other peers are using the unmodified protocol). | ||
86 | |||
87 | The Peer Query packet sent on rejoining hastens this process. | ||
88 | |||
89 | Peers who leave the group during a split will not be deleted by all peers | ||
90 | after the merge - but they will be set as frozen due to ping timeouts, which | ||
91 | is sufficient. | ||
92 | |||
93 | ### Titles | ||
94 | If we have a split into components each containing multiple peers, and the | ||
95 | title is changed in one component, then peers will continue to disagree on the | ||
96 | title after the split. Short of a complicated voting system, this seems the | ||
97 | only reasonable behaviour. | ||
98 | |||
99 | ### Implementation notes | ||
100 | Although I've described the logic in terms of an 'frozen' flag, it might | ||
101 | actually make more sense in the implementation to have a separate list for | ||
102 | frozen peers. | ||
103 | |||
104 | ## Saving | ||
105 | Saving could be implemented by simply saving all live groups with their group | ||
106 | numbers and full peer info for all peers. On reload, all peers would be set as | ||
107 | frozen. | ||
108 | |||
109 | The client would need to support this by understanding that these groups exist | ||
110 | on start-up (e.g. starting windows for them), and by not automatically killing | ||
111 | groups on closing the client. | ||
112 | |||
113 | ## Limitations | ||
114 | If a peer disconnects from the group for a period short enough that group | ||
115 | timeouts do not occur, and a name change occurs during this period, then the | ||
116 | name change will never be propagated. | ||
117 | |||
118 | One way to deal with this would be a general mechanism for storing and | ||
119 | requesting missed group messages. But this is considered out of scope of this | ||
120 | PR. | ||
121 | |||
122 | If a peer changes its DHT pubkey, the change might not be properly propagated | ||
123 | under various circumstances - in particular, if connections do not go down | ||
124 | long enough for the peer to become frozen. | ||
125 | |||
126 | One way to deal with this would be to add a group message announcing the | ||
127 | sending peer's current DHT pubkey, and treat it analogously to the Name | ||
128 | message. | ||