aboutsummaryrefslogtreecommitdiff
path: root/src/net_processing.cpp
AgeCommit message (Collapse)Author
2018-08-10Merge #13907: Introduce a maximum size for locators.Wladimir J. van der Laan
e254ff5d53b79bee29203b965fca572f218bff54 Introduce a maximum size for locators. (Gregory Maxwell) Pull request description: The largest sensible size for a locator is log in the number of blocks. But, as noted by Coinr8d on BCT a maximum size message could encode a hundred thousand locators. If height were used to limit the messages that could open new attacks where peers on long low diff forks would get disconnected and end up stuck. Ideally, nodes first first learn to limit the size of locators they send before limiting what would be processed, but common implementations back off with an exponent of 2 and have an implicit limit of 2^32 blocks, so they already cannot produce locators over some size. Locators are cheap to process so allowing a few more is harmless, so this sets the maximum to 64-- which is enough for blockchains with 2^64 blocks before the get overhead starts increasing. Tree-SHA512: da28df9c46c988980da861046c62e6e7f93d0eaab3083d32e408d1062f45c00316d5e1754127e808c1feb424fa8e00e5a91aea2cc3b80326b71c148696f7cdb3
2018-08-09Introduce a maximum size for locators.Gregory Maxwell
The largest sensible size for a locator is log in the number of blocks. But, as noted by Coinr8d on BCT a maximum size message could encode a hundred thousand locators. If height were used to limit the messages that could open new attacks where peers on long low diff forks would get disconnected and end up stuck. Ideally, nodes first first learn to limit the size of locators they send before limiting what would be processed, but common implementations back off with an exponent of 2 and have an implicit limit of 2^32 blocks, so they already cannot produce locators over some size. This sets the limit to an absurdly high amount of 101 in order to maximize compatibility with existing software.
2018-07-27Update copyright headers to 2018DrahtBot
2018-07-25[net_processing] Add thread safety annotationsJesse Cohen
2018-07-20Merge #11637: p2p: Remove dead service bits codeWladimir J. van der Laan
fa4bf92be9420919c74cdde9a973f7327d01ac88 Remove dead service bits code (MarcoFalke) Pull request description: Seems fine to remove for the upcoming 0.17 release Fixes #10993 Tree-SHA512: 3a4664b787e3da399bcaaba693619bd384826df14f469dbdfbbfffc540d9da3f2b322cda262b43388376785f77907c2540541c239ab0fca82bd7eb69d02b6b7a
2018-07-16Merge #13298: Net: Bucketing INV delays (1 bucket) for incoming connections ↵Pieter Wuille
to hide tx time d45b344ffd Bucket for inbound when scheduling invs to hide tx time (Gleb) Pull request description: It has been brought up to my attention that current random delays mechanism (originally intended to obfuscate transaction metadata) allows to easily estimate the time a transaction was received by a node. It may be done by connecting multiple observer nodes to the same node. Each of those nodes will generate its own schedule of delays. Combined metadata regarding those events from different sources allows an observer to estimate transaction time. After this patch a spy won't gain additional information by just creating multiple connections to a target. Tree-SHA512: c71dae5ff350b614cb40a8e201fd0562d3e03e3e72a5099718cd451f0d84c66d5e52bbaf0d5b4b75137514c8efdedcc6ef4df90142b360153f04ad0721545ab1
2018-07-13Bucket for inbound when scheduling invs to hide tx timeGleb
2018-07-13Merge #13417: [net] Tighten scope in net_processingPieter Wuille
3339ba28e9 Make g_enable_bip61 a member variable of PeerLogicValidation (Jesse Cohen) 6690a28606 Restrict as much as possible in net_processing to translation unit (Jesse Cohen) 1d4df02b7e [move-only] Move things only referenced in net_processing out of header file (Jesse Cohen) 02bbc05310 Rescope g_enable_bip61 to net_processing (Jesse Cohen) Pull request description: As part of a larger effort to decouple net_processing and validation a bit, these are a bunch of simple scope cleanups. I've moved things out of the header file that are only referenced in net_processing and added static (or anonymous namespace) modifiers to everything possible in net_processing. There are a handful of functions which could be static except that they are exposed for the sake of unit testing - these are explicitly commented. There has been some discussion of a compile time annotation, but no conclusion has been reached on that yet. This is somewhat related to other prs #12934 #13413 #13407 and will be followed by prs that reduce reliance on cs_main to synchronize data structures which are translation unit local to net_processing Tree-SHA512: 46c9660ee4e06653feb42ba92189565b0aea17aac2375c20747c0d091054c63829cbf66d2daddf65682b58ce1d6922e23aefea051a7f2c8abbb6db253a609082
2018-07-11Remove dead service bits codeMarcoFalke
2018-07-09Make g_enable_bip61 a member variable of PeerLogicValidationJesse Cohen
2018-07-09Remove useless mapRequest tracking that just effects Qt display.Matt Corallo
I thought we had removed this a long time ago, TBH, its really confusing feedback to users that we display whether a tx was broadcast to immediate neighbor nodes, given that has little indication of whether the tx propagated very far.
2018-07-08Remove unused argument to ProcessGetBlockData(...)practicalswift
2018-07-08net: Remove unused interrupt from SendMessagesfanquake
2018-07-05Merge #13096: [Policy] Fix MAX_STANDARD_TX_WEIGHT checkWladimir J. van der Laan
2f1a30c63 Fix MAX_STANDARD_TX_WEIGHT check (Johnson Lau) Pull request description: As suggested by the constant name and its comment in policy.h, a transaction with a weight of exactly MAX_STANDARD_TX_WEIGHT should be allowed. Users could be confused. Tree-SHA512: af417de1c6a2e6796ebbb39aa0caad8764302ded155cb1bbfbe457e4567c199cc53256189832b17d4aeec369e190b3edd4c6116d5f0b8cf0ede6dfb4ed83bdd3
2018-06-25Drop unused init.h includesBen Woosley
These were entirely unused, as based on successful compilation and a grep for: \bStartShutdown\(\)|\bShutdownRequested\(\)|\bInterrupt\(\)|\bShutdown\(\)|\bInitLogging\(\)|\bInitParameterInteraction\(\)|\bAppInitBasicSetup\(\)|\bAppInitParameterInteraction\(\)|\bAppInitSanityChecks\(\)|\bAppInitLockDataDirectory\(\)|\bAppInitMain\(\)|\bSetupServerArgs\(\)|\bLicenseInfo\(\)|g_wallet_init_interface|init.h
2018-06-20Restrict as much as possible in net_processing to translation unitJesse Cohen
Mark everything else static or in an anonymous namespace.
2018-06-19[move-only] Move things only referenced in net_processing out of header fileJesse Cohen
2018-06-19Rescope g_enable_bip61 to net_processingJesse Cohen
2018-06-12Merge #13312: docs: Add a note about the source code filename naming conventionMarcoFalke
e56771365b Do not use uppercase characters in source code filenames (practicalswift) 419a1983ca docs: Add a note about the source code filename naming convention (practicalswift) Pull request description: Add a note about the source code filename naming convention. Tree-SHA512: 8d329bd9e19bcd26e74b0862fb0bc2369b46095dbd3e69d34859908632763abd7c3d00ccc44ee059772ad4bae4460c2bcc1c0e22fd9d8876d57e5fcd346cea4b
2018-05-29Merge #13134: net: Add option `-enablebip61` to configure sending of BIP61 ↵Wladimir J. van der Laan
notifications 87fe292d897e09e176ac7e254144466c319cc9ac doc: Mention disabling BIP61 in bips.md (Wladimir J. van der Laan) fe16dd8226d924f44432c5b5014aa49ff45c82ff net: Add option `-enablebip61` to configure sending of BIP61 notifications (Wladimir J. van der Laan) Pull request description: This commit adds a boolean option `-peersendreject`, defaulting to `1`, that can be used to disable the sending of [BIP61](https://github.com/bitcoin/bips/blob/master/bip-0061.mediawiki) `reject` messages. This functionality has been requested for various reasons: - security (DoS): reject messages can reveal internal state that can be used to target certain resources such as the mempool more easily. - bandwidth: a typical node sends lots of reject messages; this counts against upstream bandwidth. Also the reject messages tend to be larger than the message that was rejected. On the other hand, reject messages can be useful while developing client software (I found them indispensable while creating bitcoin-submittx), as well as for our own test cases, so whatever the default becomes on the long run, IMO the functionality should be retained as option. But that's a discussion for later, for now it's simply a node operator decision. Also adds a RPC test that checks the functionality. Tree-SHA512: 9488cc53e13cd8e5c6f8eb472a44309572673405c1d1438c3488f627fae622c95e2198bde5ed7d29e56b948e2918bf1920239e9f865889f4c37c097c37a4d7a9
2018-05-23Merge #13151: net: Serve blocks directly from disk when possibleWladimir J. van der Laan
0bf431870e45d8e20c4671e51a782ebf97b75fac net: Serve blocks directly from disk when possible (Wladimir J. van der Laan) Pull request description: In `ProcessGetBlockData`, send the block data directly from disk if type MSG_WITNESS_BLOCK is requested. This is a valid shortcut as the on-disk format matches the network format. This is expected to increase performance because a deserialization and subsequent serialization roundtrip is avoided. Tree-SHA512: 9a9500b4c1354eaae1a6f1c6ef2416c1c1985029852589266f3a70e808f6c7482c135e9ab251a527566935378ab7c32dba4ed43ba5451e802d8e72b77d1ba472
2018-05-23Do not use uppercase characters in source code filenamespracticalswift
2018-05-15net: Serve blocks directly from disk when possibleWladimir J. van der Laan
In `ProcessGetBlockData`, send the block data directly from disk if type MSG_WITNESS_BLOCK is requested. This is a valid shortcut as the on-disk format matches the network format. This is expected to increase performance because a deserialization and subsequent serialization roundtrip is avoided.
2018-05-13net: Add option `-enablebip61` to configure sending of BIP61 notificationsWladimir J. van der Laan
This commit adds a boolean option `-enablebip61`, defaulting to `1`, that can be used to disable the sending of BIP61 `reject` messages. This functionality has been requested for various reasons: - security (DoS): reject messages can reveal internal state that can be used to target certain resources such as the mempool more easily. - bandwidth: a typical node sends lots of reject messages; this counts against upstream bandwidth. Also the reject messages tend to be larger than the message that was rejected. On the other hand, reject messages can be useful while developing client software (I found them indispensable while creating bitcoin-submittx), as well as for our own test cases, so whatever the default becomes on the long run, IMO the functionality should be retained as option. But that's a discussion for later.
2018-05-07Merge #13162: [net] Don't incorrectly log that REJECT messages are unknown.Wladimir J. van der Laan
fad63eb [logging] Don't incorrectly log that REJECT messages are unknown. (John Newbery) Pull request description: Reject messages are logged to debug.log if NET debug logging is enabled. Because of the way the `ProcessMessages()` function is structured, processing for REJECT messages will also drop through to the default branch and incorrectly log `Unknown command "reject" from peer-?`. Fix that by exiting from `ProcessMessages()` early. without this PR: ``` 2018-05-03T17:37:00.930600Z received: reject (21 bytes) peer=0 2018-05-03T17:37:00.930620Z Reject message code 16: spammy spam 2018-05-03T17:37:00.930656Z Unknown command "reject" from peer=0 ``` with this PR: ``` 2018-05-03T17:35:04.751246Z received: reject (21 bytes) peer=0 2018-05-03T17:35:04.751274Z Reject message code 16: spammy spam ``` Tree-SHA512: 5c84c98433ab99e0db2dd481f9c2db6f87ff0d39022ff317a791737e918714bbcb4a23e81118212ed8e594ebcf098ab7f52f7fd5e21ebc3f07b1efb279b9b30b
2018-05-05Fix MAX_STANDARD_TX_WEIGHT checkJohnson Lau
As suggested by the constant name and its comment in policy.h, a transaction with a weight of exactly MAX_STANDARD_TX_WEIGHT should be allowed
2018-05-03Make it clear which functions that are intended to be translation unit localpracticalswift
Do not share functions that are meant to be translation unit local with other translation units. Use internal linkage for those consistently.
2018-05-03[logging] Don't incorrectly log that REJECT messages are unknown.John Newbery
Reject messages are logged to debug.log if NET debug logging is enabled. Because of the way the `ProcessMessages()` function is structured, processing for REJECT messages will also drop through to the default branch and incorrectly log `Unknown command "reject" from peer-?`. Fix that by exiting from `ProcessMessages()` early. without this PR: ``` 2018-05-03T17:37:00.930600Z received: reject (21 bytes) peer=0 2018-05-03T17:37:00.930620Z Reject message code 16: spammy spam 2018-05-03T17:37:00.930656Z Unknown command "reject" from peer=0 ``` with this PR: ``` 2018-05-03T17:35:04.751246Z received: reject (21 bytes) peer=0 2018-05-03T17:35:04.751274Z Reject message code 16: spammy spam ```
2018-05-02Add missing newlines to LogPrint debug loggingWladimir J. van der Laan
The linter only checked `LogPrintf`, not `LogPrint`. Fix the remaining cases.
2018-04-18Consistently log CValidationState on failureBen Woosley
Seems providing at least minimal visibility to the failure is a good practice. The only remaining ignored state is in LoadExternalBlockFile, where logging would likely be spammy.
2018-04-05Merge #12859: Bugfix: Include <memory> for std::unique_ptrWladimir J. van der Laan
a5bca13 Bugfix: Include <memory> for std::unique_ptr (Luke Dashjr) Pull request description: Not sure why all these includes were missing, but it's breaking builds for some users: https://bugs.gentoo.org/show_bug.cgi?id=652142 (Added to all files with a reference to `std::unique_ptr`) Tree-SHA512: 8a2c67513ca07b9bb52c34e8a20b15e56f8af2530310d9ee9b0a69694dd05e02e7a3683f14101a2685d457672b56addec591a0bb83900a0eb8e2a43d43200509
2018-04-02Bugfix: Include <memory> for std::unique_ptrLuke Dashjr
2018-03-21Fix typosDimitris Apostolou
2018-03-13Merge #11041: Add LookupBlockIndexWladimir J. van der Laan
92fabcd44 Add LookupBlockIndex function (João Barbosa) 43a32b739 Add missing cs_lock in CreateWalletFromFile (João Barbosa) f814a3e8f Fix cs_main lock in LoadExternalBlockFile (João Barbosa) c651df8b3 Lock cs_main while loading block index in AppInitMain (João Barbosa) 02de6a6bc Assert cs_main is held when accessing mapBlockIndex (João Barbosa) Pull request description: Replace all `mapBlockIndex` lookups with the new `LookupBlockIndex()`. In some cases it avoids a second lookup. Tree-SHA512: ca31118f028a19721f2191d86f2dd398144d04df345694575a64aeb293be2f85785201480c3c578a0ec99690516205708558c0fd4168b09313378fd4e60a8412
2018-03-06Add LookupBlockIndex functionJoão Barbosa
2018-03-06Add documentation to PeerLogicValidation interface and related functionsJames O'Beirne
2018-03-01Merge #10387: Eventually connect to NODE_NETWORK_LIMITED peersWladimir J. van der Laan
eb91835 Add setter for g_initial_block_download_completed (Jonas Schnelli) 3f56df5 [QA] add NODE_NETWORK_LIMITED address relay and sync test (Jonas Schnelli) 158e1a6 [QA] fix mininode CAddress ser/deser (Jonas Schnelli) fa999af [QA] Allow addrman loopback tests (add debug option -addrmantest) (Jonas Schnelli) 6fe57bd Connect to peers signaling NODE_NETWORK_LIMITED when out-of-IBD (Jonas Schnelli) 31c45a9 Accept addresses with NODE_NETWORK_LIMITED flag (Jonas Schnelli) Pull request description: Eventually connect to peers signalling NODE_NETWORK_LIMITED if we are out of IBD. Accept and relay NODE_NETWORK_LIMITED peers in addrman. Tree-SHA512: 8a238fc97f767f81cae1866d6cc061390f23a72af4a711d2f7158c77f876017986abb371d213d1c84019eef7be4ca951e8e6f83fda36769c4e1a1d763f787037
2018-02-17Add setter for g_initial_block_download_completedJonas Schnelli
2018-02-09Connect to peers signaling NODE_NETWORK_LIMITED when out-of-IBDJonas Schnelli
2018-02-09Accept addresses with NODE_NETWORK_LIMITED flagJonas Schnelli
2018-02-08Fix ignoring tx data requests when fPauseSend is set on a peerMatt Corallo
This resolves a bug introduced in 66aa1d58a158991a8014a91335b5bc9c00062f56 where, if when responding to a series of transaction requests in a getdata we hit the send buffer limit and set fPauseSend, we will skip one transaction per call to ProcessGetData. Bug found by Cory Fields (@theuni).
2018-02-07Merge #10498: Use static_cast instead of C-style casts for non-fundamental typesMarcoFalke
9ad6746ccd Use static_cast instead of C-style casts for non-fundamental types (practicalswift) Pull request description: A C-style cast is equivalent to try casting in the following order: 1. `const_cast(...)` 2. `static_cast(...)` 3. `const_cast(static_cast(...))` 4. `reinterpret_cast(...)` 5. `const_cast(reinterpret_cast(...))` By using `static_cast<T>(...)` explicitly we avoid the possibility of an unintentional and dangerous `reinterpret_cast`. Furthermore `static_cast<T>(...)` allows for easier grepping of casts. For a more thorough discussion, see ["ES.49: If you must use a cast, use a named cast"](https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#es49-if-you-must-use-a-cast-use-a-named-cast) in the C++ Core Guidelines (Stroustrup & Sutter). Tree-SHA512: bd6349b7ea157da93a47b8cf238932af5dff84731374ccfd69b9f732fabdad1f9b1cdfca67497040f14eaa85346391404f4c0495e22c467f26ca883cd2de4d3c
2018-01-24net: Move misbehaving logging to net logging categoryWladimir J. van der Laan
This moves the error messages for misbehavior (when available) into the line that reports the misbehavior, as well as moves the logging to the `net` category. This is a continuation of #11583 and avoids serious-looking errors due to misbehaving peers. To do this, Misbehaving() gains an optional `message` argument. E.g. change: 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED 2018-01-18 16:02:27 ERROR: non-continuous headers sequence to 2018-01-18 16:02:27 Misbehaving: x.x.x.x:62174 peer=164603 (80 -> 100) BAN THRESHOLD EXCEEDED: non-continuous headers sequence
2018-01-03Increment MIT Licence copyright header year on files modified in 2017Akira Takizawa
2017-12-24Avoid cs_main in net_processing ActivateBestChain callsMatt Corallo
2017-12-24Refactor ProcessGetData in anticipation of avoiding cs_main for ABCMatt Corallo
2017-12-15Create new mutex for orphans, no cs_main in PLV::BlockConnectedMatt Corallo
This should (marginally) speed up validationinterface queue draining by avoiding a cs_main lock in one client.
2017-12-13Merge #11558: Minimal code changes to allow msvc compilationWladimir J. van der Laan
fbf327b Minimal code changes to allow msvc compilation. (Aaron Clauson) Pull request description: These changes are required to allow the Bitcoin source to build with Microsoft's C++ compiler (#11562 is also required). I looked around for a better place for the typedef of ssize_t which is in random.h. The best candidate looks like src/compat.h but I figured including that header in random.h is a bigger change than the typedef. Note that the same typedef is in at least two other places including the OpenSSL and Berkeley DB headers so some of the Bitcoin code already picks it up. Tree-SHA512: aa6cc6283015e08ab074641f9abdc116c4dc58574dc90f75e7a5af4cc82946d3052370e5cbe855fb6180c00f8dc66997d3724ff0412e4b7417e51b6602154825
2017-12-12Merge #10574: Remove includes in .cpp files for things the corresponding .h ↵Wladimir J. van der Laan
file already included a720b92 Remove includes in .cpp files for things the corresponding .h file already included (practicalswift) Pull request description: Remove includes in .cpp files for things the corresponding .h file already included. Example case: * `addrdb.cpp` includes `addrdb.h` and `fs.h` * `addrdb.h` includes `fs.h` Then remove the direct inclusion of `fs.h` in `addrman.cpp` and rely on the indirect inclusion of `fs.h` via the included `addrdb.h`. In line with the header include guideline (see #10575). Tree-SHA512: 8704b9de3011a4c234db336a39f7d2c139e741cf0f7aef08a5d3e05197e1e18286b863fdab25ae9638af4ff86b3d52e5cab9eed66bfa2476063aa5c79f9b0346
2017-12-11Merge #11583: Do not make it trivial for inbound peers to generate log entriesWladimir J. van der Laan
be9f38c Do not make it trivial for inbound peers to generate log entries (Matt Corallo) Pull request description: Based on #11580 because I'm lazy. We should generally avoid writing to debug.log unconditionally for inbound peers which misbehave (the peer being about to be banned being an exception, since they cannot do this twice). Tree-SHA512: 8e59c8d08d00b1527951b30f4842d010a4c2fc440503ade112baa2c1b9afd0e0d1c5c2df83dde25183a242af45089cf9b9f873b71796771232ffb6c5fc6cc0cc