Age | Commit message (Collapse) | Author |
|
Conflicts:
src/net.cpp
|
|
|
|
|
|
Fixed upstream in 8f10a2889089af1b2ac64802360494b54c8c7ff1.
|
|
Conflicts:
src/key.h
src/keystore.h
src/net.h
src/protocol.cpp
src/qt/guiutil.h
src/test/DoS_tests.cpp
|
|
Conflicts:
src/net.cpp
|
|
(PARTIAL: Left out anything changing debug.log)
|
|
|
|
Bitcoin will not make an outbound connection to a network group
(/16 for IPv4) that it is already connected to. This means that
if an attacker wants good odds of capturing all a nodes outbound
connections he must have hosts on a a large number of distinct
groups.
Previously both inbound and outbound connections were used to
feed this exclusion. The use of inbound connections, which can be
controlled by the attacker, actually has the potential of making
sibyl attacks _easier_: An attacker can start up hosts in groups
which house many honest nodes and make outbound connections to
the victim to exclude big swaths of honest nodes. Because the
attacker chooses to make the outbound connection he can always
beat out honest nodes for the consumption of inbound slots.
At _best_ the old behavior increases attacker costs by a single
group (e.g. one distinct group to use to fill up all your inbound
slots), but at worst it allows the attacker to select whole
networks you won't connect to.
This commit makes the nodes use only outbound links to exclude
network groups for outbound connections. Fancier things could
be done, like weaker exclusion for inbound groups... but
simplicity is good and I don't believe more complexity is
currently needed.
|
|
Bitcoin will not make an outbound connection to a network group
(/16 for IPv4) that it is already connected to. This means that
if an attacker wants good odds of capturing all a nodes outbound
connections he must have hosts on a a large number of distinct
groups.
Previously both inbound and outbound connections were used to
feed this exclusion. The use of inbound connections, which can be
controlled by the attacker, actually has the potential of making
sibyl attacks _easier_: An attacker can start up hosts in groups
which house many honest nodes and make outbound connections to
the victim to exclude big swaths of honest nodes. Because the
attacker chooses to make the outbound connection he can always
beat out honest nodes for the consumption of inbound slots.
At _best_ the old behavior increases attacker costs by a single
group (e.g. one distinct group to use to fill up all your inbound
slots), but at worst it allows the attacker to select whole
networks you won't connect to.
This commit makes the nodes use only outbound links to exclude
network groups for outbound connections. Fancier things could
be done, like weaker exclusion for inbound groups... but
simplicity is good and I don't believe more complexity is
currently needed.
|
|
(this fixes a Mac OS X gitian build error for 0.5.x)
|
|
(this fixes a Mac OS X gitian build error for 0.5.x)
|
|
Conflicts:
src/main.h
src/net.cpp
src/serialize.h
|
|
Conflicts:
doc/release-process.txt
src/serialize.h
|
|
(Partial/merge of upstream 9247134eaba9a1d0fa74f22de238af1476663005, 1a3f0da9229a8e524d1010cdc8bd3b9da71fe529, and 3e343522226e6c249f5cb05436eec347b87c6361)
|
|
|
|
I originally created a pull to replace the "COPYING" in crypter.cpp and
crypter.h, but it turned out that COPYING was actually the correct
file.
|
|
I originally created a pull to replace the "COPYING" in crypter.cpp and
crypter.h, but it turned out that COPYING was actually the correct
file.
|
|
I originally created a pull to replace the "COPYING" in crypter.cpp and
crypter.h, but it turned out that COPYING was actually the correct
file.
|
|
|
|
|
|
|
|
Conflicts:
src/main.h
src/net.cpp
src/util.cpp
|
|
Conflicts:
src/main.cpp
|
|
foo.size() typically returns an unsigned integral type; make loop variables
match those types' signedness.
|
|
foo.size() typically returns an unsigned integral type; make loop variables
match those types' signedness.
|
|
Noticed when sign-comparison warnings were enabled.
|
|
|
|
|
|
This speeds up initial connections with an old/large addr.dat a lot.
|
|
not process any already received messages.
The primary reason to do this is if a node spams hundreds of messages
and we ban them, we don't want to continue processing the rest of it.
|
|
|
|
not process any already received messages.
The primary reason to do this is if a node spams hundreds of messages
and we ban them, we don't want to continue processing the rest of it.
|
|
|
|
|
|
|
|
Design goals:
* Only keep a limited number of addresses around, so that addr.dat does not grow without bound.
* Keep the address tables in-memory, and occasionally write the table to addr.dat.
* Make sure no (localized) attacker can fill the entire table with his nodes/addresses.
See comments in addrman.h for more detailed information.
|
|
Also moved RecvLine to net.cpp.
|
|
|
|
* do not let vnThreadsRunning[1] go negative
* do not perform locking operations while vnThreadsRunning[1] is decreased
* check vnThreadsRunning[1] at exit
|
|
|
|
Introduce an enum threadId, and use symbolic indices when accessing
vnThreadsRunning.
|
|
Several shutdown-related fixes
|
|
* do not let vnThreadsRunning[1] go negative
* do not perform locking operations while vnThreadsRunning[1] is decreased
* check vnThreadsRunning[1] at exit
|
|
|
|
|
|
This fixes a potential bug where some NATs may replace the node's
interal IP with its external IP in version messages, causing
incorrect checksums when version messages begin being checksummed
on February 14, 2012.
|
|
This fixes a potential bug where some NATs may replace the node's
interal IP with its external IP in version messages, causing
incorrect checksums when version messages begin being checksummed
on February 14, 2012.
|
|
|
|
|