diff options
Diffstat (limited to 'src/net.h')
-rw-r--r-- | src/net.h | 42 |
1 files changed, 36 insertions, 6 deletions
@@ -124,6 +124,13 @@ public: bool fDisconnect; protected: int nRefCount; + + // Denial-of-service detection/prevention + // Key is ip address, value is banned-until-time + static std::map<unsigned int, int64> setBanned; + static CCriticalSection cs_setBanned; + int nMisbehavior; + public: int64 nReleaseTime; std::map<uint256, CRequestTracker> mapRequests; @@ -148,7 +155,6 @@ public: // publish and subscription std::vector<char> vfSubscribe; - CNode(SOCKET hSocketIn, CAddress addrIn, bool fInboundIn=false) { nServices = 0; @@ -185,6 +191,7 @@ public: nStartingHeight = -1; fGetAddr = false; vfSubscribe.assign(256, false); + nMisbehavior = 0; // Be shy and don't send version until we hear if (!fInbound) @@ -282,9 +289,10 @@ public: nHeaderStart = vSend.size(); vSend << CMessageHeader(pszCommand, 0); nMessageStart = vSend.size(); - if (fDebug) + if (fDebug) { printf("%s ", DateTimeStrFormat("%x %H:%M:%S", GetTime()).c_str()); - printf("sending: %s ", pszCommand); + printf("sending: %s ", pszCommand); + } } void AbortMessage() @@ -295,7 +303,9 @@ public: nHeaderStart = -1; nMessageStart = -1; cs_vSend.Leave(); - printf("(aborted)\n"); + + if (fDebug) + printf("(aborted)\n"); } void EndMessage() @@ -324,8 +334,9 @@ public: memcpy((char*)&vSend[nHeaderStart] + offsetof(CMessageHeader, nChecksum), &nChecksum, sizeof(nChecksum)); } - printf("(%d bytes) ", nSize); - printf("\n"); + if (fDebug) { + printf("(%d bytes)\n", nSize); + } nHeaderStart = -1; nMessageStart = -1; @@ -564,6 +575,25 @@ public: void CancelSubscribe(unsigned int nChannel); void CloseSocketDisconnect(); void Cleanup(); + + + // Denial-of-service detection/prevention + // The idea is to detect peers that are behaving + // badly and disconnect/ban them, but do it in a + // one-coding-mistake-won't-shatter-the-entire-network + // way. + // IMPORTANT: There should be nothing I can give a + // node that it will forward on that will make that + // node's peers drop it. If there is, an attacker + // can isolate a node and/or try to split the network. + // Dropping a node for sending stuff that is invalid + // now but might be valid in a later version is also + // dangerous, because it can cause a network split + // between nodes running old code and nodes running + // new code. + static void ClearBanned(); // needed for unit testing + static bool IsBanned(unsigned int ip); + bool Misbehaving(int howmuch); // 1 == a little, 100 == a lot }; |