aboutsummaryrefslogtreecommitdiff
path: root/src/net_permissions.h
AgeCommit message (Collapse)Author
2024-02-28Accept "in" and "out" flags to -whitelist to allow whitelisting manual ↵Luke Dashjr
connections
2024-02-28net: Move `NetPermissionFlags::Implicit` verification to ↵Luke Dashjr
`AddWhitelistPermissionFlags`
2022-12-24scripted-diff: Bump copyright headersHennadii Stepanov
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT- Commits of previous years: - 2021: f47dda2c58b5d8d623e0e7ff4e74bc352dfa83d7 - 2020: fa0074e2d82928016a43ca408717154a1c70a4db - 2019: aaaaad6ac95b402fe18d019d67897ced6b316ee0
2022-11-07doc: clarify that NetPermissionFlags::Implicit is only about whitelistsVasil Dimov
Co-authored-by: Jon Atack <jon@atack.com>
2021-12-30scripted-diff: Bump copyright headersHennadii Stepanov
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT- Commits of previous years: * 2020: fa0074e2d82928016a43ca408717154a1c70a4db * 2019: aaaaad6ac95b402fe18d019d67897ced6b316ee0
2021-07-15Rate limit the processing of incoming addr messagesPieter Wuille
While limitations on the influence of attackers on addrman already exist (affected buckets are restricted to a subset based on incoming IP / network group), there is no reason to permit them to let them feed us addresses at more than a multiple of the normal network rate. This commit introduces a "token bucket" rate limiter for the processing of addresses in incoming ADDR and ADDRV2 messages. Every connection gets an associated token bucket. Processing an address in an ADDR or ADDRV2 message from non-whitelisted peers consumes a token from the bucket. If the bucket is empty, the address is ignored (it is not forwarded or processed). The token counter increases at a rate of 0.1 tokens per second, and will accrue up to a maximum of 1000 tokens (the maximum we accept in a single ADDR or ADDRV2). When a GETADDR is sent to a peer, it immediately gets 1000 additional tokens, as we actively desire many addresses from such peers (this may temporarily cause the token count to exceed 1000). The rate limit of 0.1 addr/s was chosen based on observation of honest nodes on the network. Activity in general from most nodes is either 0, or up to a maximum around 0.025 addr/s for recent Bitcoin Core nodes. A few (self-identified, through subver) crawler nodes occasionally exceed 0.1 addr/s.
2021-05-19p2p: pass strings to NetPermissions::TryParse functions by const refJon Atack
2021-05-12scripted-diff: rename NetPermissionFlags enumeratorsJon Atack
- drop redundant PF_ permission flags prefixes - drop ALL_CAPS naming per https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#Renum-caps - rename IsImplicit to Implicit -BEGIN VERIFY SCRIPT- s() { git grep -l "$1" src | xargs sed -i "s/$1/$2/g"; } s 'PF_NONE' 'None' s 'PF_BLOOMFILTER' 'BloomFilter' s 'PF_RELAY' 'Relay' s 'PF_FORCERELAY' 'ForceRelay' s 'PF_DOWNLOAD' 'Download' s 'PF_NOBAN' 'NoBan' s 'PF_MEMPOOL' 'Mempool' s 'PF_ADDR' 'Addr' s 'PF_ISIMPLICIT' 'Implicit' s 'PF_ALL' 'All' -END VERIFY SCRIPT-
2021-05-12p2p, refactor: make NetPermissionFlags a uint32 enum classJon Atack
and define/update operation methods to handle type conversions explicitly. See https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#Renum-oper for more info.
2021-05-12p2p: NetPermissions::HasFlag() pass flags param by valueJon Atack
2021-04-18p2p: allow NetPermissions::ClearFlag() only with PF_ISIMPLICITJon Atack
NetPermissions::ClearFlag() is currently only called in the codebase with an `f` value of NetPermissionFlags::PF_ISIMPLICIT. If that should change in the future, ClearFlag() should not be called with `f` being a subflag of a multiflag, e.g. NetPermissionFlags::PF_RELAY or NetPermissionFlags::PF_DOWNLOAD, as that would leave `flags` in an invalid state corresponding to none of the existing NetPermissionFlags. Therefore, allow only calling ClearFlag with the implicit flag for now. Co-authored-by: Vasil Dimov <vd@FreeBSD.org>
2020-10-12Reduce MAX_PEER_TX_ANNOUNCEMENTS for non-PF_RELAY peersPieter Wuille
Maintaining up to 100000 INVs per peer is excessive, as that is far more than fits in a typical mempool. Also disable the "overload" penalty for PF_RELAY peers.
2020-07-30Add addr permission flag enabling non-cached addr sharingGleb Naumenko
2020-07-09net: Extract download permission from nobanMarcoFalke
2020-07-03Clean up separated ban/discourage interfacePieter Wuille
2020-06-09refactor: Error message bilingual_str consistencyWladimir J. van der Laan
- Move the decision whether to translate an error message to where it is defined. This simplifies call sites: no more `InitError(Untranslated(...))`. - Make all functions in `util/error.h` consistently return a `bilingual_str`. We've decided to use this as error message type so let's roll with it. This has no functional changes: no messages are changed, no new translation messages are defined.
2020-06-08doc: Extract net permissions docMarcoFalke
2020-04-16scripted-diff: Bump copyright headersMarcoFalke
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
2020-02-11net: Remove forcerelay of rejected txsMarcoFalke
2019-12-30scripted-diff: Bump copyright of files changed in 2019MarcoFalke
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
2019-08-11Make whitebind/whitelist permissions more flexiblenicolas.dorier