diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2011-09-28 21:52:32 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2011-09-28 21:52:32 +0200 |
| commit | 002a4dcad0c0f74b1063cf27f0a9550d5e56c3f0 (patch) | |
| tree | 58a16a226571a80537bfa7e3b1147aa4d0ee8767 /src/net.h | |
| parent | a8b95ce6ed5e84d34748ecdd0ff1db4d03377cf0 (diff) | |
| parent | 4dcad1d294e264a81280fd007d1508d9bd4f0273 (diff) | |
| download | bitcoin-002a4dcad0c0f74b1063cf27f0a9550d5e56c3f0.tar.xz | |
Merge branch 'master' of https://github.com/bitcoin/bitcoin
Conflicts:
.gitignore (used upstream version)
bitcoin-qt.pro
Diffstat (limited to 'src/net.h')
| -rw-r--r-- | src/net.h | 28 |
1 files changed, 27 insertions, 1 deletions
@@ -124,6 +124,13 @@ public: bool fDisconnect; protected: int nRefCount; + + // Denial-of-service detection/prevention + // Key is ip address, value is banned-until-time + static std::map<unsigned int, int64> setBanned; + static CCriticalSection cs_setBanned; + int nMisbehavior; + public: int64 nReleaseTime; std::map<uint256, CRequestTracker> mapRequests; @@ -148,7 +155,6 @@ public: // publish and subscription std::vector<char> vfSubscribe; - CNode(SOCKET hSocketIn, CAddress addrIn, bool fInboundIn=false) { nServices = 0; @@ -185,6 +191,7 @@ public: nStartingHeight = -1; fGetAddr = false; vfSubscribe.assign(256, false); + nMisbehavior = 0; // Be shy and don't send version until we hear if (!fInbound) @@ -568,6 +575,25 @@ public: void CancelSubscribe(unsigned int nChannel); void CloseSocketDisconnect(); void Cleanup(); + + + // Denial-of-service detection/prevention + // The idea is to detect peers that are behaving + // badly and disconnect/ban them, but do it in a + // one-coding-mistake-won't-shatter-the-entire-network + // way. + // IMPORTANT: There should be nothing I can give a + // node that it will forward on that will make that + // node's peers drop it. If there is, an attacker + // can isolate a node and/or try to split the network. + // Dropping a node for sending stuff that is invalid + // now but might be valid in a later version is also + // dangerous, because it can cause a network split + // between nodes running old code and nodes running + // new code. + static void ClearBanned(); // needed for unit testing + static bool IsBanned(unsigned int ip); + bool Misbehaving(int howmuch); // 1 == a little, 100 == a lot }; |