aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@protonmail.com>2020-12-17 12:05:55 +0100
committerWladimir J. van der Laan <laanwj@protonmail.com>2020-12-17 12:10:00 +0100
commitcfbfd389f6dd21cf4a78554ffe23fe2c54e0a8e4 (patch)
tree9d9080934a75d4684669141d54440ac2512b0e59
parentf0913f2f950c7a3e0a14d32216bd6ce4e19d85df (diff)
parent010eed3ce03cf4fc622a48f40fc4d589383f7a44 (diff)
Merge #20668: doc: warn that incoming conns are unlikely when not using default ports
010eed3ce03cf4fc622a48f40fc4d589383f7a44 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes #5150. This was mostly copied from #5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3ce03cf4fc622a48f40fc4d589383f7a44 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
Diffstat
-rw-r--r--src/init.cpp2
-rw-r--r--src/net.cpp6
2 files changed, 6 insertions, 2 deletions
diff --git a/src/init.cpp b/src/init.cpp
index 46dce6aa97..1220f39b14 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -450,7 +450,7 @@ void SetupServerArgs(NodeContext& node)
argsman.AddArg("-peerbloomfilters", strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)", DEFAULT_PEERBLOOMFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-peerblockfilters", strprintf("Serve compact block filters to peers per BIP 157 (default: %u)", DEFAULT_PEERBLOCKFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-permitbaremultisig", strprintf("Relay non-P2SH multisig (default: %u)", DEFAULT_PERMIT_BAREMULTISIG), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
- argsman.AddArg("-port=<port>", strprintf("Listen for connections on <port> (default: %u, testnet: %u signet: %u, regtest: %u)", defaultChainParams->GetDefaultPort(), testnetChainParams->GetDefaultPort(), signetChainParams->GetDefaultPort(), regtestChainParams->GetDefaultPort()), ArgsManager::ALLOW_ANY | ArgsManager::NETWORK_ONLY, OptionsCategory::CONNECTION);
+ argsman.AddArg("-port=<port>", strprintf("Listen for connections on <port>. Nodes not using the default ports (default: %u, testnet: %u, signet: %u, regtest: %u) are unlikely to get incoming connections.", defaultChainParams->GetDefaultPort(), testnetChainParams->GetDefaultPort(), signetChainParams->GetDefaultPort(), regtestChainParams->GetDefaultPort()), ArgsManager::ALLOW_ANY | ArgsManager::NETWORK_ONLY, OptionsCategory::CONNECTION);
argsman.AddArg("-proxy=<ip:port>", "Connect through SOCKS5 proxy, set -noproxy to disable (default: disabled)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-proxyrandomize", strprintf("Randomize credentials for every proxy connection. This enables Tor stream isolation (default: %u)", DEFAULT_PROXYRANDOMIZE), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-seednode=<ip>", "Connect to a node to retrieve peer addresses, and disconnect. This option can be specified multiple times to connect to multiple nodes.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
diff --git a/src/net.cpp b/src/net.cpp
index af2afa218e..b3c521116b 100644
--- a/src/net.cpp
+++ b/src/net.cpp
@@ -2074,7 +2074,11 @@ void CConnman::ThreadOpenConnections(const std::vector<std::string> connect)
continue;
}
- // do not allow non-default ports, unless after 50 invalid addresses selected already
+ // Do not allow non-default ports, unless after 50 invalid
+ // addresses selected already. This is to prevent malicious peers
+ // from advertising themselves as a service on another host and
+ // port, causing a DoS attack as nodes around the network attempt
+ // to connect to it fruitlessly.
if (addr.GetPort() != Params().GetDefaultPort() && nTries < 50)
continue;
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-10 08:56:06 +0000