diff options
| author | zugz <mbays+tox@sdf.org> | 2018-07-25 08:43:48 +0100 |
|---|---|---|
| committer | zugz (tox) <mbays+tox@sdf.org> | 2018-09-05 20:56:26 +0200 |
| commit | 1b2322284f0b688af3a349fe4331be15a565084c (patch) | |
| tree | 7651c11b4ec1edd927151e9655727fb0b2365a7c /docs | |
| parent | 6872c14e1a02445d945623ee6e85230c5d7ecbce (diff) | |
Add mechanism for recovering from disconnections in conferences
* add freezing and unfreezing of peers
* add rejoin packet
* revise handling of temporary invited connections
* rename "peer kill" packet to "peer leave" packet
* test rejoining in conference test
* use custom clock in conference test
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/minpgc.md | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/docs/minpgc.md b/docs/minpgc.md new file mode 100644 index 00000000..aa2ed1dc --- /dev/null +++ b/docs/minpgc.md | |||
| @@ -0,0 +1,128 @@ | |||
| 1 | # Persistent conferences | ||
| 2 | |||
| 3 | This document describes the "minpgc" simple persistent conferences | ||
| 4 | implementation of PR #1069. | ||
| 5 | |||
| 6 | Many of the ideas derive from isotoxin's persistent conferences | ||
| 7 | implementation, PR #826. | ||
| 8 | |||
| 9 | ## Specification of changes from pre-existing conference specification | ||
| 10 | We add one new packet type: | ||
| 11 | |||
| 12 | Rejoin Conference packet | ||
| 13 | |||
| 14 | | Length | Contents | | ||
| 15 | |:-------|:--------------------------------| | ||
| 16 | | `1` | `uint8_t` (0x64) | | ||
| 17 | | `33` | Group chat identifier | | ||
| 18 | |||
| 19 | |||
| 20 | A peer times out from a group if it has been inactive for 60s. When a peer | ||
| 21 | times out, we flag it as _frozen_. Frozen peers are disregarded for all | ||
| 22 | purposes except those discussed below - in particular no packets are sent to | ||
| 23 | them except as described below, they are omitted from the peer lists sent to | ||
| 24 | the client or in a Peer Response packet, and they are not considered when | ||
| 25 | determining closest peers for establishing direct connections. | ||
| 26 | |||
| 27 | A peer is considered to be active if we receive a group message or Rejoin | ||
| 28 | packet from it, or a New Peer message for it. | ||
| 29 | |||
| 30 | If a frozen peer is seen to be active, we remove its 'frozen' flag and send a | ||
| 31 | Name group message. (We can hold off on sending this message until the next | ||
| 32 | tox\_iterate, and only send one message if many frozen peers become active at | ||
| 33 | once). | ||
| 34 | |||
| 35 | If we receive a New Peer message for a peer, we update its DHT pubkey. | ||
| 36 | |||
| 37 | If we receive a group message originating from an unknown peer, we drop the | ||
| 38 | message but send a Peer Query packet back to the peer who directly sent us the | ||
| 39 | message. (This is current behaviour; it's mentioned here because it's important | ||
| 40 | and not currently mentioned in the spec.) | ||
| 41 | |||
| 42 | If we receive a Rejoin packet from a peer we update its DHT pubkey, add a | ||
| 43 | temporary groupchat connection for the peer, and, once the connection is | ||
| 44 | online, send out a New Peer message announcing the peer, and a Name message. | ||
| 45 | |||
| 46 | Whenever we make a new friend connection, we check if the public key is that | ||
| 47 | of any frozen peer. If so, we send it a Rejoin packet, add a temporary | ||
| 48 | groupchat connection for it, and, once the connection is online, send the | ||
| 49 | peer a Peer Query packet. | ||
| 50 | |||
| 51 | We do the same with a peer when we are setting it as frozen if we have a | ||
| 52 | friend connection to it. | ||
| 53 | |||
| 54 | The temporary groupchat connections established in sending and handling Rejoin | ||
| 55 | packets are not immediately operational (because group numbers are not known); | ||
| 56 | rather, an Online packet is sent when we handle a Rejoin packet. | ||
| 57 | |||
| 58 | When a connection is set as online as a result of an Online packet, we ping | ||
| 59 | the group. | ||
| 60 | |||
| 61 | When processing the reply to a Peer Query, we update the DHT pubkey of an | ||
| 62 | existing peer if and only if it is frozen or has not had its DHT pubkey | ||
| 63 | updated since it last stopped being frozen. | ||
| 64 | |||
| 65 | When we receive a Title Response packet, we set the title if it has never been | ||
| 66 | set or if at some point since it was last set, there were no unfrozen peers | ||
| 67 | (except us). | ||
| 68 | |||
| 69 | ## Discussion | ||
| 70 | ### Overview | ||
| 71 | The intention is to recover seamlessly from splits in the group, the most | ||
| 72 | common form of which is a single peer temporarily losing all connectivity. | ||
| 73 | |||
| 74 | To see how this works, first note that groups (even before the changes | ||
| 75 | discussed here) have the property that for a group to be connected in the | ||
| 76 | sense that any peer will receive the messages of any other peer and have them | ||
| 77 | in their peerlist, it is necessary and sufficient that there is a path of | ||
| 78 | direct group connections between any two peers. | ||
| 79 | |||
| 80 | Now suppose the group is split into two connected components, with each member | ||
| 81 | of one component frozen according to the members of the other. Suppose there | ||
| 82 | are two peers, one in each component, which are using the above protocol, and | ||
| 83 | suppose they establish a friend connection. Then each will rejoin the other, | ||
| 84 | forming a direct group connection. Hence the whole group will become connected | ||
| 85 | (even if all other peers are using the unmodified protocol). | ||
| 86 | |||
| 87 | The Peer Query packet sent on rejoining hastens this process. | ||
| 88 | |||
| 89 | Peers who leave the group during a split will not be deleted by all peers | ||
| 90 | after the merge - but they will be set as frozen due to ping timeouts, which | ||
| 91 | is sufficient. | ||
| 92 | |||
| 93 | ### Titles | ||
| 94 | If we have a split into components each containing multiple peers, and the | ||
| 95 | title is changed in one component, then peers will continue to disagree on the | ||
| 96 | title after the split. Short of a complicated voting system, this seems the | ||
| 97 | only reasonable behaviour. | ||
| 98 | |||
| 99 | ### Implementation notes | ||
| 100 | Although I've described the logic in terms of an 'frozen' flag, it might | ||
| 101 | actually make more sense in the implementation to have a separate list for | ||
| 102 | frozen peers. | ||
| 103 | |||
| 104 | ## Saving | ||
| 105 | Saving could be implemented by simply saving all live groups with their group | ||
| 106 | numbers and full peer info for all peers. On reload, all peers would be set as | ||
| 107 | frozen. | ||
| 108 | |||
| 109 | The client would need to support this by understanding that these groups exist | ||
| 110 | on start-up (e.g. starting windows for them), and by not automatically killing | ||
| 111 | groups on closing the client. | ||
| 112 | |||
| 113 | ## Limitations | ||
| 114 | If a peer disconnects from the group for a period short enough that group | ||
| 115 | timeouts do not occur, and a name change occurs during this period, then the | ||
| 116 | name change will never be propagated. | ||
| 117 | |||
| 118 | One way to deal with this would be a general mechanism for storing and | ||
| 119 | requesting missed group messages. But this is considered out of scope of this | ||
| 120 | PR. | ||
| 121 | |||
| 122 | If a peer changes its DHT pubkey, the change might not be properly propagated | ||
| 123 | under various circumstances - in particular, if connections do not go down | ||
| 124 | long enough for the peer to become frozen. | ||
| 125 | |||
| 126 | One way to deal with this would be to add a group message announcing the | ||
| 127 | sending peer's current DHT pubkey, and treat it analogously to the Name | ||
| 128 | message. | ||