aboutsummaryrefslogtreecommitdiff
path: root/src/net.cpp
AgeCommit message (Collapse)Author
2019-09-23Merge #15558: Don't query all DNS seeds at oncefanquake
6170ec5d3ac2bc206068b270e5722a7ecd3a8f26 Do not query all DNS seed at once (Pieter Wuille) Pull request description: Before this PR, when we don't have enough connections after 11 seconds, we proceed to query all DNS seeds in a fixed order, loading responses from all of them. Change this to to only query three randomly-selected DNS seed. If 11 seconds later we still don't have enough connections, try again with another one, and so on. This reduces the amount of information DNS seeds can observe about the requesters by spreading the load over all of them. ACKs for top commit: Sjors: ACK 6170ec5d3 sdaftuar: ACK 6170ec5d3ac2bc206068b270e5722a7ecd3a8f26 jonasschnelli: utACK 6170ec5d3ac2bc206068b270e5722a7ecd3a8f26 - I think the risk of a single seeder codebase is orthogonal to this PR. Such risks could also be interpreted differently (diversity could also increase the risk based on the threat model). fanquake: ACK 6170ec5d3ac2bc206068b270e5722a7ecd3a8f26 - Agree with the reasoning behind the change. Did some testing with and without `-forcednsseed` and/or a `peers.dat` and monitored the DNS activity. Tree-SHA512: 33f6be5f924a85d312303ce272aa8f8d5e04cb616b4b492be98832e3ff37558d13d2b16ede68644ad399aff2bf5ff0ad33844e55eb40b7f8e3fddf9ae43add57
2019-09-07Merge #15759: p2p: Add 2 outbound block-relay-only connectionsfanquake
0ba08020c9791f7caf5986ad6490c16a2b66cd83 Disconnect peers violating blocks-only mode (Suhas Daftuar) 937eba91e1550bc3038dc541c236ac83e0a0e6d5 doc: improve comments relating to block-relay-only peers (Suhas Daftuar) 430f489027f15c1e4948ea4378954df24e3fee88 Don't relay addr messages to block-relay-only peers (Suhas Daftuar) 3a5e885306ea954d7eccdc11502e91a51dab8ec6 Add 2 outbound block-relay-only connections (Suhas Daftuar) b83f51a4bbe29bf130a2b0c0e85e5bffea107f75 Add comment explaining intended use of m_tx_relay (Suhas Daftuar) e75c39cd425f8c4e5b6bbb2beecb9c80034fefe1 Check that tx_relay is initialized before access (Suhas Daftuar) c4aa2ba82211ea5988ed7fe21e1b08bc3367e6d4 [refactor] Change tx_relay structure to be unique_ptr (Suhas Daftuar) 4de0dbac9b286c42a9b10132b7c2d76712f1a319 [refactor] Move tx relay state to separate structure (Suhas Daftuar) 26a93bce29fd813e1402b013f402869c25b656d1 Remove unused variable (Suhas Daftuar) Pull request description: Transaction relay is optimized for a combination of redundancy/robustness as well as bandwidth minimization -- as a result transaction relay leaks information that adversaries can use to infer the network topology. Network topology is better kept private for (at least) two reasons: (a) Knowledge of the network graph can make it easier to find the source IP of a given transaction. (b) Knowledge of the network graph could be used to split a target node or nodes from the honest network (eg by knowing which peers to attack in order to achieve a network split). We can eliminate the risks of (b) by separating block relay from transaction relay; inferring network connectivity from the relay of blocks/block headers is much more expensive for an adversary. After this commit, bitcoind will make 2 additional outbound connections that are only used for block relay. (In the future, we might consider rotating our transaction-relay peers to help limit the effects of (a).) ACKs for top commit: sipa: ACK 0ba08020c9791f7caf5986ad6490c16a2b66cd83 ajtowns: ACK 0ba08020c9791f7caf5986ad6490c16a2b66cd83 -- code review, ran tests. ran it on mainnet for a couple of days with MAX_BLOCKS_ONLY_CONNECTIONS upped from 2 to 16 and didn't observe any unexpected behaviour: it disconnected a couple of peers that tried sending inv's, and it successfully did compact block relay with some block relay peers. TheBlueMatt: re-utACK 0ba08020c9791f7caf5986ad6490c16a2b66cd83. Pointed out that stats.fRelayTxes was sometimes uninitialized for blocksonly peers (though its not a big deal and only effects RPC), which has since been fixed here. Otherwise changes are pretty trivial so looks good. jnewbery: utACK 0ba08020c9791f7caf5986ad6490c16a2b66cd83 jamesob: ACK https://github.com/bitcoin/bitcoin/commit/0ba08020c9791f7caf5986ad6490c16a2b66cd83 Tree-SHA512: 4c3629434472c7dd4125253417b1be41967a508c3cfec8af5a34cad685464fbebbb6558f0f8f5c0d4463e3ffa4fa3aabd58247692cb9ab8395f4993078b9bcdf
2019-09-04Don't relay addr messages to block-relay-only peersSuhas Daftuar
We don't want relay of addr messages to leak information about these network links.
2019-09-04Add 2 outbound block-relay-only connectionsSuhas Daftuar
Transaction relay is primarily optimized for balancing redundancy/robustness with bandwidth minimization -- as a result transaction relay leaks information that adversaries can use to infer the network topology. Network topology is better kept private for (at least) two reasons: (a) Knowledge of the network graph can make it easier to find the source IP of a given transaction. (b) Knowledge of the network graph could be used to split a target node or nodes from the honest network (eg by knowing which peers to attack in order to achieve a network split). We can eliminate the risks of (b) by separating block relay from transaction relay; inferring network connectivity from the relay of blocks/block headers is much more expensive for an adversary. After this commit, bitcoind will make 2 additional outbound connections that are only used for block relay. (In the future, we might consider rotating our transaction-relay peers to help limit the effects of (a).)
2019-09-04Check that tx_relay is initialized before accessSuhas Daftuar
2019-08-28[refactor] Change tx_relay structure to be unique_ptrSuhas Daftuar
2019-08-28[refactor] Move tx relay state to separate structureSuhas Daftuar
2019-08-17[Fix] The default whitelistrelay should be truenicolas.dorier
2019-08-15[Fix] Allow connection of a noban banned peernicolas.dorier
2019-08-11Replace the use of fWhitelisted by permission checksnicolas.dorier
2019-08-11Make whitebind/whitelist permissions more flexiblenicolas.dorier
2019-08-06Do not query all DNS seed at oncePieter Wuille
Instead, when necessary, query 3. If that leads to a sufficient number of connects, stop. If not, query 3 more, and so on.
2019-07-29Merge #15993: net: Drop support of the insecure miniUPnPc versionsWladimir J. van der Laan
59cb722fd050393a69f1e0df97d857c893d19d80 Update configure to reject unsafe miniUPnPc API ver (Hennadii Stepanov) ab2190557ec2757fa48b52855b05561854af49af doc: Add release notes for 15993 (Hennadii Stepanov) 02709e95601c6020a87a6a05ee1d00c13fc38f9b Align formatting with clang-format (Hennadii Stepanov) 91a1b8508358d04685391651aea303ebce1c3d05 Use PACKAGE_NAME in UPnP description (Hennadii Stepanov) 9f76e45b9d6671e2074fb7a3885db703045a791f Drop support of insecure miniUPnPc versions (Hennadii Stepanov) Pull request description: 1. Minimum supported miniUPnPc API version is set to 10: - https://packages.ubuntu.com/xenial/libminiupnpc-dev - https://packages.debian.org/jessie/libminiupnpc-dev Refs: - #6583 - #6789 - #10414 2. The hardcoded "Bitcoin" replaced with `PACKAGE_NAME`: ![Screenshot from 2019-05-06 23-10-29](https://user-images.githubusercontent.com/32963518/57253178-afc60780-7056-11e9-83c9-e85670c58c1e.png) 3. Also style-only commit applied. Pardon: could not reopen my previous PR #15966. ACKs for top commit: ryanofsky: utACK 59cb722fd050393a69f1e0df97d857c893d19d80. Changes since last review: adding a new commit which updates configure script to fall back to disabling upnp if version is too old, adding a requested comment explaining static_assert condition, and fixing a spelling (jessy/jessie) Tree-SHA512: 42ed11bc2fb2ec83d5dd58e2383da5444a24fd572707f6cf10b622cb8943e28adfcca4750d06801024c4472625b5ea9279516fbd9d2ccebc9bbaafe1d148e80d
2019-07-24scripted-diff: Make translation bilingualHennadii Stepanov
-BEGIN VERIFY SCRIPT- sed -i 's/inline std::string _(const char\* psz)/inline bilingual_str _(const char\* psz)/' src/util/translation.h sed -i 's/return G_TRANSLATION_FUN ? (G_TRANSLATION_FUN)(psz) : psz;/return bilingual_str{psz, G_TRANSLATION_FUN ? (G_TRANSLATION_FUN)(psz) : psz};/' src/util/translation.h sed -i 's/\b_("\([^"]\|\\"\)*")/&.translated/g' $(git grep --files-with-matches '\b_("' src) echo Hard cases - multiline strings. sed -i 's/"Visit %s for further information about the software.")/&.translated/g' src/init.cpp sed -i "s/\"Only rebuild the block database if you are sure that your computer's date and time are correct\")/&.translated/g" src/init.cpp sed -i 's/" restore from a backup.")/&.translated/g' src/wallet/db.cpp sed -i 's/" or address book entries might be missing or incorrect.")/&.translated/g' src/wallet/wallet.cpp echo Special case. sed -i 's/_(COPYRIGHT_HOLDERS)/&.translated/' src/util/system.cpp test/lint/lint-format-strings.py -END VERIFY SCRIPT-
2019-07-24Refactor out translation.hHennadii Stepanov
This is a prerequisite for introducing bilingual error messages. Note: #includes are arranged by clang-format-diff.py script.
2019-06-26scripted-diff: Avoid passing PACKAGE_NAME for translationMarcoFalke
-BEGIN VERIFY SCRIPT- sed -i --regexp-extended -e 's/\<\w+(::\w+)?\(PACKAGE_NAME\)/PACKAGE_NAME/g' $(git grep -l --extended-regexp '\<\w+(::\w+)?\(PACKAGE_NAME\)' src) -END VERIFY SCRIPT-
2019-06-07Align formatting with clang-formatHennadii Stepanov
2019-06-07Use PACKAGE_NAME in UPnP descriptionHennadii Stepanov
2019-06-07Drop support of insecure miniUPnPc versionsHennadii Stepanov
The minimum supported miniUPnPc API version is set to 10.
2019-06-06Don't use global (external) symbols for symbols that are used in only one ↵practicalswift
translation unit
2019-05-09net: Rename ::fRelayTxes to ::g_relay_txesMarcoFalke
This helps to distinguish it from CNode::fRelayTxes and avoid bugs like 425278d17bd0edf8a3a7cc81e55016f7fd8e7726
2019-03-23net: Remove unused unsanitized user agent string CNode::strSubVerMarcoFalke
2019-03-01[addrman] Improve collision logging and address nitsSuhas Daftuar
2019-02-27[net] feeler connections can be made to outbound peers in same netgroupSuhas Daftuar
Fixes a bug where feelers could be stuck trying to resolve a collision in the tried table that is to an address in the same netgroup as an existing outbound peer. Thanks to Muoi Tran for the original bug report and detailed debug logs to track this down.
2019-02-06Change in transaction pull scheduling to prevent InvBlock-related attacksGleb Naumenko
Co-authored-by: Suhas Daftuar <sdaftuar@gmail.com>
2019-02-05Merge #14922: windows: Set _WIN32_WINNT to 0x0601 (Windows 7)Wladimir J. van der Laan
0164b0f5cf80cd00a4914d9fea0bcb9508cb7607 build: Remove WINVER pre define in Makefile.leveldb.inlcude (Chun Kuan Lee) d0522ec94ebbaa564f5f6b31236d4df032664411 Drop defunct Windows compat fixes (Ben Woosley) d8a299206780b38959d732cbe40ba1dd25834f0e windows: Call SetProcessDEPPolicy directly (Chun Kuan Lee) 1bd9ffdd44000b208d29d35451f4dc9f1ac9318f windows: Set _WIN32_WINNT to 0x0601 (Windows 7) (Chun Kuan Lee) Pull request description: The current minimum support Windows version is Vista. So set it to 0x0600 https://github.com/mirror/mingw-w64/blob/5a88def8ad862ef8f4e5f2e69661bfb2d07f1ce2/mingw-w64-headers/include/sdkddkver.h#L19 Tree-SHA512: 38e2afc79426ae547131c8ad3db2e0a7f54a95512f341cfa0c06e4b2fe79521ae67d2795ef96b0192e683e4f1ba6183c010d7b4b8d6b3e68b9bf48c374c59e7d
2019-02-04net: Correct comparison of addr countCarl Dong
LOCAL_NONE is supposed to be an enum indicating the score of a LocalServiceInfo rather than the count of an addr in mapLocalHost.
2019-01-24Drop defunct Windows compat fixesBen Woosley
"The AI_ADDRCONFIG flag is defined on the Windows SDK for Windows Vista and later. The AI_ADDRCONFIG flag is supported on Windows Vista and later." https://docs.microsoft.com/en-us/windows/desktop/api/ws2tcpip/nf-ws2tcpip-getaddrinfo However, the version of MinGW we use on Travis is not current and does not carry the relevant definition, as such I defined it in compat. https://github.com/wine-mirror/wine/blob/master/include/ws2tcpip.h Testing confirms that the PROTECTION_LEVEL_UNRESTRICTED, IPV6_PROTECTION_LEVEL, PROCESS_DEP_ENABLE, AI_ADDRCONFIG, are now supported by the version of Windows that we test against, so can be removed. https://travis-ci.org/bitcoin/bitcoin/jobs/483255439 https://travis-ci.org/Empact/bitcoin/jobs/484123087
2019-01-22Allow connections from misbehavior banned peers.Gregory Maxwell
This allows incoming connections from peers which are only banned due to an automatic misbehavior ban if doing so won't fill inbound. These peers are preferred for eviction when inbound fills, but may still be kept if they fall into the protected classes. This eviction preference lasts the entire life of the connection even if the ban expires. If they misbehave again they'll still get disconnected. The main purpose of banning on misbehavior is to prevent our connections from being wasted on unhelpful peers such as ones running incompatible consensus rules. For inbound peers this can be better accomplished with eviction preferences. A secondary purpose was to reduce resource waste from repeated abuse but virtually any attacker can get a nearly unlimited supply of addresses, so disconnection is about the best we can do.
2019-01-16net: move BanMan to its own filesCory Fields
2019-01-16banman: pass in default ban time as a parameterCory Fields
Removes the dependency on arg parsing.
2019-01-16banman: pass the banfile path inCory Fields
There's no need to hard-code the path here. Passing it in means that there are no ordering concerns wrt establishing the datadir.
2019-01-16banman: create and split out banmanCory Fields
Some say he has always been.
2019-01-16net: split up addresses/ban dumps in preparation for moving themCory Fields
2019-01-16net: Break disconnecting out of Ban()Cory Fields
These are separate events which need to be carried out by separate subsystems. This also cleans up some whitespace and tabs in qt to avoid getting flagged by the linter. Current behavior is preserved.
2019-01-14Merge #15144: [refactor] CNode: Use C++11 default member initializersWladimir J. van der Laan
fac2f5ecae96dd11057977ce988501e18bb162c6 Use C++11 default member initializers (MarcoFalke) Pull request description: The second and last change on this topic (c.f. #15109). Split up because the diff would otherwise interleave, making review harder than necessary. This is not a stylistic change, but a change that avoids bugs such as: * fix uninitialized read when stringifying an addrLocal #14728 * qt: Initialize members in WalletModel #12426 * net: correctly initialize nMinPingUsecTime #6636 * ... Tree-SHA512: 547ae72b87aeaed5890eb5fdcff612bfc93354632b238d89e1e1c0487187f39609bcdc537ef21345e0aea8cfcf1ea48da432d672c5386dd87cf58742446a86b1
2019-01-13Drop IsLimited in favor of IsReachableBen Woosley
These two methods have had the same meaning, but inverted, since 110b62f06992d0fb989153afff2dc3aea62a674f. Having one name for a single concept simplifies the code.
2019-01-10Use C++11 default member initializersMarcoFalke
2019-01-09Merge #15051: Tests: IsReachable is the inverse of IsLimited (DRY). Includes ↵Wladimir J. van der Laan
unit tests 6dc4593db1ccfb8745b2daa42f457981ae08dba9 IsReachable is the inverse of IsLimited (DRY). Includes unit tests (marcaiaf) Pull request description: IsReachable is the inverse of IsLimited, but the implementation is duplicated (DRY) - Changed the implementation accordingly. - Added unit tests to document behavior and relationship - My modification in net.cpp applies only to IsReachable. - Applied clang-format-diffpy Created new pull request to avoid the mess with: https://github.com/bitcoin/bitcoin/pull/15044 Checked with supposedly conflicting PRs mentioned in the old PR. No conflicts with the specific changes in this PR. Tree-SHA512: b132dec6cc2c788ebe4f63f228d78f441614e156743b17adebc990de0180a5872874d2724c86eeaa470b4521918bd137b0e33ebcaae77c5efc1f0d56104f6c87
2019-01-09Merge #15109: refactor: Use C++11 default member initializersWladimir J. van der Laan
fa2510d5c1cdf9c2cd5cc9887302ced4378c7202 Use C++11 default member initializers (MarcoFalke) Pull request description: Changes: * Remove unused constructors that leave some members uninitialized * Remove manual initialization in each constructor and prefer C++11 default member initializers This is not a stylistic change, but a change that avoids bugs such as: * fix uninitialized read when stringifying an addrLocal #14728 * qt: Initialize members in WalletModel #12426 * net: correctly initialize nMinPingUsecTime #6636 * ... Tree-SHA512: 0f896f3b9fcc464d5fc7525f7c86343ef9ce9fb13425fbc68e9a9728fd8710c2b4e2fd039ee08279ea41ff20fd92b7185cf5cca95a0bcb6a5340a1e6f03cae6b
2019-01-05Use C++11 default member initializersMarcoFalke
2019-01-03rpc: Document bytessent_per_msg and bytesrecv_per_msgMarcoFalke
2019-01-02Merge #14336: net: implement pollWladimir J. van der Laan
4927bf2f257ac53569978980eaf1f61c2c6b04cc Increase maxconnections limit when using poll. (Patrick Strateman) 11cc491a288a73e911be24a285e12abd57df7d04 Implement poll() on systems which support it properly. (Patrick Strateman) 28211a4bc9c65859b641b81a0541726a0e01988f Move SocketEvents logic to private method. (Patrick Strateman) 7e403c0ae705455aa66f7df9a9a99f462fd4e9a8 Move GenerateSelectSet logic to private method. (Patrick Strateman) 1e6afd0dbc1c581435588e1e9bb419a035b81028 Introduce and use constant SELECT_TIMEOUT_MILLISECONDS. (Patrick Strateman) Pull request description: Implement poll() on systems which support it properly. This eliminates the restriction on maximum socket descriptor number. Tree-SHA512: b945cd9294afdafcce96d547f67679d5cdd684cf257904a239cd1248de3b5e093b8d6d28d8d1b7cc923dc0b2b5723faef9bc9bf118a9ce1bdcf357c2323f5573
2018-12-28IsReachable is the inverse of IsLimited (DRY). Includes unit testsmarcaiaf
2018-12-12Use a local FastRandomContext in a few more places in netPieter Wuille
2018-12-04Merge #14733: P2P: Make peer timeout configurable, speed up very slow test ↵Wladimir J. van der Laan
and ensure correct code path tested. 48b37db50 make peertimeout a debug argument, remove error message translation (Zain Iqbal Allarakhia) 8042bbfbf p2p: allow p2ptimeout to be configurable, speed up slow test (Zain Iqbal Allarakhia) Pull request description: **Summary:** 1. _Primary_: Adds a `debug_only=true` flag for peertimeout, defaults to 60 sec., the current hard-coded setting. 2. _Secondary_: Drastically speeds up `p2p_timeout.py` test. 3. _Secondary_: Tests that the correct code path is being tested by adding log assertions to the test. **Rationale:** - P2P timeout was hard-coded: make it explicitly specified and configurable, instead of a magic number. - Addresses #13518; `p2p_timeout.py` takes 4 sec. to run instead of 61 sec. - Makes `p2p_timeout.py` more explicit. Previously, we relied on a comment to inform us of the timeout amount being tested. Now it is specified directly in the test via passing in the new arg; `-peertimeout=3`. - Opens us up to testing more P2P scenarios; oftentimes slow tests are the reason we don't test. **Locally verified changes:** _With Proposed Change (4.7 sec.):_ ``` $ time ./test/functional/p2p_timeouts.py 2018-11-19T00:04:19.077000Z TestFramework (INFO): Initializing test directory /tmp/testhja7g2n7 2018-11-19T00:04:23.479000Z TestFramework (INFO): Stopping nodes 2018-11-19T00:04:23.683000Z TestFramework (INFO): Cleaning up /tmp/testhja7g2n7 on exit 2018-11-19T00:04:23.683000Z TestFramework (INFO): Tests successful real 0m4.743s ``` _Currently on master (62.8 sec.):_ ``` $ time ./test/functional/p2p_timeouts.py 2018-11-19T00:06:10.948000Z TestFramework (INFO): Initializing test directory /tmp/test6mo6k21h 2018-11-19T00:07:13.376000Z TestFramework (INFO): Stopping nodes 2018-11-19T00:07:13.631000Z TestFramework (INFO): Cleaning up /tmp/test6mo6k21h on exit 2018-11-19T00:07:13.631000Z TestFramework (INFO): Tests successful real 1m2.836s ``` _Error message demonstrated for new argument `-peertimeout`:_ ``` $ ./bitcoind -peertimeout=-5 ... Error: peertimeout cannot be configured with a negative value. ``` Tree-SHA512: ff7a244ebea54c4059407bf4fb86465714e6a79cef5d2bcaa22cfe831a81761aaf597ba4d5172fc2ec12266f54712216fc41b5d24849e5d9dab39ba6f09e3a2a
2018-12-03Implement poll() on systems which support it properly.Patrick Strateman
This eliminates the restriction on maximum socket descriptor number.
2018-11-30Move SocketEvents logic to private method.Patrick Strateman
This separates the select() logic from the socket handling logic, setting up for a switch to poll().
2018-11-30Move GenerateSelectSet logic to private method.Patrick Strateman
This separates the socket event collection logic from the logic deciding which events we're interested in at all.
2018-11-30Introduce and use constant SELECT_TIMEOUT_MILLISECONDS.Patrick Strateman