aboutsummaryrefslogtreecommitdiff
path: root/src/net_processing.cpp
AgeCommit message (Collapse)Author
2017-10-30net: Add missing lock in ProcessHeadersMessage(...)practicalswift
Reading the variable mapBlockIndex requires holding the mutex cs_main. The new "Disconnect outbound peers relaying invalid headers" code added in commit 37886d5e2f9992678dea4b1bd893f4f10d61d3ad and merged as part of #11568 two days ago did not lock cs_main prior to accessing mapBlockIndex.
2017-10-27Disconnect outbound peers relaying invalid headersSuhas Daftuar
2017-10-26moveonly: factor out headers processing into separate functionSuhas Daftuar
ProcessMessages will now return earlier when processing headers messages, rather than continuing on (and do nothing).
2017-10-26Merge #11490: Disconnect from outbound peers with bad headers chainsWladimir J. van der Laan
e065249 Add unit test for outbound peer eviction (Suhas Daftuar) 5a6d00c Permit disconnection of outbound peers on bad/slow chains (Suhas Daftuar) c60fd71 Disconnecting from bad outbound peers in IBD (Suhas Daftuar) Pull request description: The first commit will disconnect an outbound peer that serves us a headers chain with insufficient work while we're in IBD. The second commit introduces a way to disconnect outbound peers whose chains fall out of sync with ours: For a given outbound peer, we check whether their best known block (which is known from the blocks they announce to us) has at least as much work as our tip. If it doesn't, we set a 20 minute timeout, and if we still haven't heard about a block with as much work as our tip had when we set the timeout, then we send a single getheaders message, and wait 2 more minutes. If after two minutes their best known block has insufficient work, we disconnect that peer. We protect 4 of our outbound peers (who provide some "good" headers chains, ie a chain with at least as much work as our tip at some point) from being subject to this logic, to prevent excessive network topology changes as a result of this algorithm, while still ensuring that we have a reasonable number of nodes not known to be on bogus chains. We also don't require our peers to be on the same chain as us, to prevent accidental partitioning of the network in the event of a chain split. Note that if our peers are ever on a more work chain than our tip, then we will download and validate it, and then either reorg to it, or learn of a consensus incompatibility with that peer and disconnect. This PR is designed to protect against peers that are on a less work chain which we may never try to download and validate. Tree-SHA512: 2e0169a1dd8a7fb95980573ac4a201924bffdd724c19afcab5efcef076fdbe1f2cec7dc5f5d7e0a6327216f56d3828884f73642e00c8534b56ec2bb4c854a656
2017-10-26Permit disconnection of outbound peers on bad/slow chainsSuhas Daftuar
Currently we have no rotation of outbound peers. If an outbound peer stops serving us blocks, or is on a consensus-incompatible chain with less work than our tip (but otherwise valid headers), then we will never disconnect that peer, even though that peer is using one of our 8 outbound connection slots. Because we rely on our outbound peers to find an honest node in order to reach consensus, allowing an incompatible peer to occupy one of those slots is undesirable, particularly if it is possible for all such slots to be occupied by such peers. Protect against this by always checking to see if a peer's best known block has less work than our tip, and if so, set a 20 minute timeout -- if the peer is still not known to have caught up to a chain with as much work as ours after 20 minutes, then send a single getheaders message, wait 2 more minutes, and if a better header hasn't been received by then, disconnect that peer. Note: - we do not require that our peer sync to the same tip as ours, just an equal or greater work tip. (Doing otherwise would risk partitioning the network in the event of a chain split, and is also unnecessary.) - we pick 4 of our outbound peers and do not subject them to this logic, to be more conservative. We don't wish to permit temporary network issues (or an attacker) to excessively disrupt network topology.
2017-10-26Disconnecting from bad outbound peers in IBDSuhas Daftuar
When in IBD, we'd like to use all our outbound peers to help us sync the chain. Disconnect any outbound peers whose headers have insufficient work.
2017-10-19Add comment explaining forced processing of compact blocksSuhas Daftuar
2017-10-13Merge #11456: Replace relevant services logic with a function suite.Pieter Wuille
15f5d3b17 Switch DNSSeed-needed metric to any-automatic-nodes, not services (Matt Corallo) 5ee88b4bd Clarify docs for requirements/handling of addnode/connect nodes (Matt Corallo) 57edc0b0c Rename fAddnode to a more-descriptive "manual_connection" (Matt Corallo) 44407100f Replace relevant services logic with a function suite. (Matt Corallo) Pull request description: This was mostly written as a way to clean things up so that the NETWORK_LIMITED PR (#10387) can be simplified a ton, but its also a nice standalone cleanup that will also require a bit of review because it tweaks a lot of stuff across net. The new functions are fine in protocol.h right now since they're straight-forward, but after NETWORK_LIMITED will really want to move elsewhere after @theuni moves the nServices-based selection to addrman from connman. Adds HasAllRelevantServices and GetRelevantServices, which check for NETWORK|WITNESS. This changes the following: * Removes nRelevantServices from CConnman, disconnecting it a bit more from protocol-level logic. * Replaces our sometimes-connect-to-!WITNESS-nodes logic with simply always requiring WITNESS|NETWORK for outbound non-feeler connections (feelers still only require NETWORK). * This has the added benefit of removing nServicesExpected from CNode - instead letting net_processing's VERSION message handling simply check HasAllRelevantServices. * This implies we believe WITNESS nodes to continue to be a significant majority of nodes on the network, but also because we cannot sync properly from !WITNESS nodes, it is strange to continue using our valuable outbound slots on them. * In order to prevent this change from preventing connection to -connect= nodes which have !WITNESS, -connect nodes are now given the "addnode" flag. This also allows outbound connections to !NODE_NETWORK nodes for -connect nodes (which was already true of addnodes). * Has the (somewhat unintended) consequence of changing one of the eviction metrics from the same sometimes-connect-to-!WITNESS-nodes metric to requiring HasRelevantServices. This should make NODE_NETWORK_LIMITED much simpler to implement. Tree-SHA512: 90606896c86cc5da14c77843b16674a6a012065e7b583d76d1c47a18215358abefcbab44ff4fab3fadcd39aa9a42d4740c6dc8874a58033bdfc8ad3fb5c649fc
2017-10-13Rename fAddnode to a more-descriptive "manual_connection"Matt Corallo
2017-10-13Replace relevant services logic with a function suite.Matt Corallo
Adds HasAllRelevantServices and GetRelevantServices, which check for NETWORK|WITNESS. This changes the following: * Removes nRelevantServices from CConnman, disconnecting it a bit more from protocol-level logic. * Replaces our sometimes-connect-to-!WITNESS-nodes logic with simply always requiring WITNESS|NETWORK for outbound non-feeler connections (feelers still only require NETWORK). * This has the added benefit of removing nServicesExpected from CNode - instead letting net_processing's VERSION message handling simply check HasAllRelevantServices. * This implies we believe WITNESS nodes to continue to be a significant majority of nodes on the network, but also because we cannot sync properly from !WITNESS nodes, it is strange to continue using our valuable outbound slots on them. * In order to prevent this change from preventing connection to -connect= nodes which have !WITNESS, -connect nodes are now given the "addnode" flag. This also allows outbound connections to !NODE_NETWORK nodes for -connect nodes (which was already true of addnodes). * Has the (somewhat unintended) consequence of changing one of the eviction metrics from the same sometimes-connect-to-!WITNESS-nodes metric to requiring HasRelevantServices. This should make NODE_NETWORK_LIMITED much simpler to implement.
2017-10-12Merge #10898: Fix invalid checks (NULL checks after dereference, redundant ↵Wladimir J. van der Laan
checks, etc.) 76fed83 Avoid NULL pointer dereference when _walletModel is NULL (which is valid) (practicalswift) 4971a9a Use two boolean literals instead of re-using variable (practicalswift) b5fb339 Remove duplicate uriParts.size() > 0 check (practicalswift) 7466991 Remove redundant check (!ecc is always true) (practicalswift) 55224af Remove redundant NULL checks after new (practicalswift) Pull request description: Contains: * Remove redundant `NULL` checks after throwing `new` * Remove redundant check (`!ecc` is always true) * Remove duplicate `uriParts.size() > 0` check * Use two boolean literals instead of re-using variable Tree-SHA512: 30e9af8a9d5c8184836f8267b492aeb4e26eca171a3be08f634b3f39b3055b9fa9f06623f6c69b294ca13bf99743f7645cfac2b25e014ff74687bd085a997895
2017-10-03[net] Ignore getheaders requests for very old side blocksJim Posen
Sending a getheaders message with an empty locator and a stop hash is a request for a single header by hash. The node will respond with headers for blocks not in the main chain as well as those in the main chain. To avoid fingerprinting, the node should, however, ignore requests for headers on side branches that are too old.
2017-10-02Use two boolean literals instead of re-using variablepracticalswift
2017-09-22Use static_cast instead of C-style casts for non-fundamental typespracticalswift
A C-style cast is equivalent to try casting in the following order: 1. const_cast(...) 2. static_cast(...) 3. const_cast(static_cast(...)) 4. reinterpret_cast(...) 5. const_cast(reinterpret_cast(...)) By using static_cast<T>(...) explicitly we avoid the possibility of an unintentional and dangerous reinterpret_cast. Furthermore static_cast<T>(...) allows for easier grepping of casts.
2017-09-12Change AcceptToMemoryPool function signatureAlex Morcos
Combine fLimitFree and fOverrideMempoolLimit into a single boolean: bypass_limits. This is used to indicate that mempool limiting based on feerate should be bypassed. It is used when readding transactions from a reorg and then the mempool is trimmed to size after all transactions are added and they can be evaluated in the context of their descendants. No changes to behavior.
2017-09-06net: drop unused connman paramCory Fields
The copy in PeerLogicValidation can be used instead.
2017-09-06net: use an interface class rather than signals for message processingCory Fields
Drop boost signals in favor of a stateful class. This will allow the message processing loop to actually move to net_processing in a future step.
2017-09-06net: pass CConnman via pointer rather than referenceCory Fields
There are a few too many edge-cases here to make this a scripted diff. The following commits will move a few functions into PeerLogicValidation, where the local connman instance can be used. This change prepares for that usage.
2017-09-06Merge #11238: Add assertions before potential null deferencesWladimir J. van der Laan
c00199244 Fix potential null dereferences (MeshCollider) Pull request description: Picked up by the static analyzer [Facebook Infer](http://fbinfer.com/) which I was playing around with for another research project. Just adding some asserts before dereferencing potentially null pointers. Tree-SHA512: 9c01dab2d21bce75c7c7ef867236654ab538318a1fb39f96f09cdd2382a05be1a6b2db0a1169a94168864e82ffeae0686a383db6eba799742bdd89c37ac74397
2017-09-05Allow setting nMinimumChainWork on command lineSuhas Daftuar
2017-08-23Fix potential null dereferencesMeshCollider
2017-08-16Declare single-argument (non-converting) constructors "explicit"practicalswift
In order to avoid unintended implicit conversions.
2017-08-14scripted-diff: stop using the gArgs wrappersMarko Bencun
They were temporary additions to ease the transition. -BEGIN VERIFY SCRIPT- find src/ -name "*.cpp" ! -wholename "src/util.h" ! -wholename "src/util.cpp" | xargs perl -i -pe 's/(?<!\.)(ParseParameters|ReadConfigFile|IsArgSet|(Soft|Force)?(Get|Set)(|Bool|)Arg(s)?)\(/gArgs.\1(/g' -END VERIFY SCRIPT-
2017-08-14Merge #10483: scripted-diff: Use the C++11 keyword nullptr to denote the ↵Wladimir J. van der Laan
pointer literal instead of the macro NULL 90d4d89 scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL (practicalswift) Pull request description: Since C++11 the macro `NULL` may be: * an integer literal with value zero, or * a prvalue of type `std::nullptr_t` By using the C++11 keyword `nullptr` we are guaranteed a prvalue of type `std::nullptr_t`. For a more thorough discussion, see "A name for the null pointer: nullptr" (Sutter & Stroustrup), http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2431.pdf With this patch applied there are no `NULL` macro usages left in the repo: ``` $ git grep NULL -- "*.cpp" "*.h" | egrep -v '(/univalue/|/secp256k1/|/leveldb/|_NULL|NULLDUMMY|torcontrol.*NULL|NULL cert)' | wc -l 0 ``` The road towards `nullptr` (C++11) is split into two PRs: * `NULL` → `nullptr` is handled in PR #10483 (scripted, this PR) * `0` → `nullptr` is handled in PR #10645 (manual) Tree-SHA512: 3c395d66f2ad724a8e6fed74b93634de8bfc0c0eafac94e64e5194c939499fefd6e68f047de3083ad0b4eff37df9a8a3a76349aa17d55eabbd8e0412f140a297
2017-08-14Merge #11012: Make sure to clean up mapBlockSource if we've already seen the ↵Wladimir J. van der Laan
block 3f8fa7f Make sure to clean up mapBlockSource if we've already seen the block (Cory Fields) Pull request description: Otherwise we may leave them dangling. Credit TheBlueMatt. Tree-SHA512: 8be77e08ebfc4f5b206d5ee7cfbe87f92c1eb5bc2b412471993658fe210306789aaf0f3d1454c635508a7d8effede2cf5ac144d622b0157b872733d9661d65c3
2017-08-08Make sure to clean up mapBlockSource if we've already seen the blockCory Fields
Credit TheBlueMatt
2017-08-07scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal ↵practicalswift
instead of the macro NULL -BEGIN VERIFY SCRIPT- sed -i 's/\<NULL\>/nullptr/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h src/qt/*/*.cpp src/qt/*/*.h src/wallet/*/*.cpp src/wallet/*/*.h src/support/allocators/*.h sed -i 's/Prefer nullptr, otherwise SAFECOOKIE./Prefer NULL, otherwise SAFECOOKIE./g' src/torcontrol.cpp sed -i 's/tor: Using nullptr authentication/tor: Using NULL authentication/g' src/torcontrol.cpp sed -i 's/METHODS=nullptr/METHODS=NULL/g' src/test/torcontrol_tests.cpp src/torcontrol.cpp sed -i 's/nullptr certificates/NULL certificates/g' src/qt/paymentserver.cpp sed -i 's/"nullptr"/"NULL"/g' src/torcontrol.cpp src/test/torcontrol_tests.cpp -END VERIFY SCRIPT-
2017-08-06Disconnect network service bits 6 and 8 until Aug 1, 2018Matt Corallo
These have been used to indicate incompatible consensus rules instead of changing network magic, so we're stuck disconnecting them.
2017-07-04Merge #10193: scripted-diff: Remove #include <boost/foreach.hpp>Wladimir J. van der Laan
b1268a1 clang-format: Delete ForEachMacros (Jorge Timón) 5995735 scripted-diff: Remove #include <boost/foreach.hpp> (Jorge Timón) 3eff827 scripted-diff: Remove BOOST_REVERSE_FOREACH (Jorge Timón) 33aed5b Fix const_reverse_iterator constructor (pass const ptr) (Jorge Timón) 300851e Introduce src/reverse_iterator.hpp and include it... (Jorge Timón) Tree-SHA512: df3405328e9602d0a433ac134ba59a5c9a6202ef64188df2f94a59b2ce58dec7c988b25d0671c7937de516a96b2e6daeb9d04c82fa363b616ee4cf6e9cb0fac6
2017-06-26[MOVEONLY] Move LastCommonAncestor to chainPieter Wuille
2017-06-26Merge #9544: [trivial] Add end of namespace comments. Improve consistency.Wladimir J. van der Laan
5a9b508 [trivial] Add end of namespace comments (practicalswift) Tree-SHA512: 92b0fcae4d1d3f4da9e97569ae84ef2d6e09625a5815cd0e5f0eb6dd2ecba9852fa85c184c5ae9de5117050330ce995e9867b451fa8cd5512169025990541a2b
2017-06-22scripted-diff: Remove BOOST_REVERSE_FOREACHJorge Timón
-BEGIN VERIFY SCRIPT- sed -i 's/BOOST_REVERSE_FOREACH(\(.*\), \(.*\))/for (\1 : reverse_iterate(\2))/' ./src/*.h ./src/*.cpp ./src/*/*.h ./src/*/*.cpp ; -END VERIFY SCRIPT-
2017-06-22Introduce src/reverse_iterator.hpp and include it...Jorge Timón
...where it will be needed Taken from https://gist.github.com/arvidsson/7231973 with small modifications to fit the bitcoin core project
2017-06-20Merge #9549: [net] Avoid possibility of NULL pointer dereference in ↵Pieter Wuille
MarkBlockAsInFlight(...) 95543d874 [net] Avoid possibility of NULL pointer dereference in MarkBlockAsInFlight(...) (practicalswift) Tree-SHA512: 80fd4f2712f20377185bd8d319255f2c54ae47b54c706f7e0d384a0a6ade1465ceb6e2a4a7f7b51987a659524474a954eddf228865ebb3fc513948b5b6d7ab6d
2017-06-13Merge #10502: scripted-diff: Remove BOOST_FOREACH, Q_FOREACH and PAIRTYPEPieter Wuille
1238f13cf scripted-diff: Remove PAIRTYPE (Jorge Timón) 18dc3c396 scripted-diff: Remove Q_FOREACH (Jorge Timón) 7c00c2672 scripted-diff: Fully remove BOOST_FOREACH (Jorge Timón) a5410ac5e Small preparations for Q_FOREACH, PAIRTYPE and #include <boost/foreach.hpp> removal (Jorge Timón) Tree-SHA512: d3ab4a173366402e7dcef31608977b757d4aa07abbbad2ee1bcbcfa311e994a4552f24e5a55272cb22c2dcf89a4b0495e02e9d9aceae4b08c0bab668f20e324c
2017-06-09Remove unused Boost includespracticalswift
2017-06-06Merge #10345: [P2P] Timeout for headers syncWladimir J. van der Laan
76f7481 Add timeout for headers sync (Suhas Daftuar) e265200 Delay parallel block download until chain has sufficient work (Suhas Daftuar) Tree-SHA512: e7f5468b7defe67d4d2d5c976bc129dba2b32b2ea52d3ff33b9cbff5c3b5b799be867653f1bcd354340d707d76dcadf2da4588abf6d6ec4a06672cdc5e1101eb
2017-06-05Add timeout for headers syncSuhas Daftuar
At startup, we choose one peer to serve us the headers chain, until our best header is close to caught up. Disconnect this peer if more than 15 minutes + 1ms/expected_header passes and our best header is still more than 1 day away from current time.
2017-06-05scripted-diff: Fully remove BOOST_FOREACHJorge Timón
-BEGIN VERIFY SCRIPT- sed -i 's/BOOST_FOREACH *(\(.*\),/for (\1 :/' ./src/*.h ./src/*.cpp ./src/*/*.h ./src/*/*.cpp ./src/*/*/*.h ./src/*/*/*.cpp ; -END VERIFY SCRIPT-
2017-06-01scripted-diff: various renames for per-utxo consistencyPieter Wuille
Thanks to John Newberry for pointing these out. -BEGIN VERIFY SCRIPT- sed -i 's/\<GetCoins\>/GetCoin/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<HaveCoins\>/HaveCoin/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<HaveCoinsInCache\>/HaveCoinInCache/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<IsPruned\>/IsSpent/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<FetchCoins\>/FetchCoin/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<CoinsEntry\>/CoinEntry/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<vHashTxnToUncache\>/coins_to_uncache/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<vHashTxToUncache\>/coins_to_uncache/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<fHadTxInCache\>/had_coin_in_cache/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<coinbaseids\>/coinbase_coins/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<disconnectedids\>/disconnected_coins/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<duplicateids\>/duplicate_coins/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h sed -i 's/\<oldcoins\>/old_coin/g' src/test/coins_tests.cpp sed -i 's/\<origcoins\>/orig_coin/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h -END VERIFY SCRIPT-
2017-06-01Switch CCoinsView and chainstate db from per-txid to per-txoutPieter Wuille
This patch makes several related changes: * Changes the CCoinsView virtual methods (GetCoins, HaveCoins, ...) to be COutPoint/Coin-based rather than txid/CCoins-based. * Changes the chainstate db to a new incompatible format that is also COutPoint/Coin based. * Implements reconstruction code for hash_serialized_2. * Adapts the coins_tests unit tests (thanks to Russell Yanofsky). A side effect of the new CCoinsView model is that we can no longer use the (unreliable) test for transaction outputs in the UTXO set to determine whether we already have a particular transaction.
2017-05-31[trivial] Add end of namespace commentspracticalswift
2017-05-19Use range-based for loops (C++11) when looping over vector elementspracticalswift
2017-05-17Merge #10319: Remove unused argument from MarkBlockAsInFlight(...)Wladimir J. van der Laan
6345f0b Remove unused argument from MarkBlockAsInFlight(...) (practicalswift) Tree-SHA512: c07616aac1a2e00d269ffd62861bb0fe3addc60c7a601ec4f9c212727697cf82d41d237cce8e043df02b7733d553bd99d9c999ebb299d376dbc63483ce182219
2017-05-15Add logging to FinalizeNode()Suhas Daftuar
2017-05-08Delay parallel block download until chain has sufficient workSuhas Daftuar
nMinimumChainWork is an anti-DoS threshold; wait until we have a proposed tip with more work than that before downloading blocks towards that tip.
2017-05-07Merge #10351: removed unused code in INV messagePieter Wuille
c707ca8 removed unused code in INV message (Greg Griffith) Tree-SHA512: 8152e9bfb7e1e8a321e7c05ea46826b3ecea6fa5e176727a9c944db170cb134ba1adfa0251bece9683a68d52266291bca58240929337aba6328b915931e60eb9
2017-05-07Merge #10189: devtools/net: add a verifier for scriptable changes. Use it to ↵Wladimir J. van der Laan
make CNode::id private. 0f3471f net: make CNode's id private (Cory Fields) 9ff0a51 scripted-diff: net: Use accessor rather than node's id directly (Cory Fields) e50c33e devtools: add script to verify scriptable changes (Cory Fields) Tree-SHA512: a0ff50f4e1d38a2b63109b4996546c91b3e02e00d92c0bf04f48792948f78b1f6d9227a15d25c823fd4723a0277fc6a32c2c1287c7abbb7e50fd82ffb0f8d994
2017-05-07removed unused code in INV messageGreg Griffith
vToFetch is never used after declaration. When checked if not empty, evaluation is always false. Best case scenario this is optimized by the compiler, worst case it wastes cpu cycles. It should be removed either way.
2017-05-04scripted-diff: net: Use accessor rather than node's id directlyCory Fields
-BEGIN VERIFY SCRIPT- sed -i "s/\(node\|to\|from\)->id/\1->GetId()/" src/net.cpp src/net_processing.cpp -END VERIFY SCRIPT-