aboutsummaryrefslogtreecommitdiff
path: root/src/net_processing.cpp
AgeCommit message (Collapse)Author
2018-11-07Merge #14436: doc: add comment explaining recentRejects-DoS behaviorMarcoFalke
b191c7dfb7 doc: add comment explaining recentRejects-DoS behavior (James O'Beirne) Pull request description: When we receive invalid txs for the first time, we mark the sender as misbehaving. If we receive the same tx before a new block is seen, we *don't* punish the second sender (in the same way we do the original sender). It wasn't initially clear to me that this is intentional, so add a clarifying comment. Tree-SHA512: d12c674db137ed3ad83e0b941bffe6ddcd2982238048742afa574a4235881f0e58cfc0a4a576a0503e74c5c5240c270b9520fa30221e8b43a371fb3e0b37066b
2018-11-04scripted-diff: Move util files to separate directory.Jim Posen
-BEGIN VERIFY SCRIPT- mkdir -p src/util git mv src/util.h src/util/system.h git mv src/util.cpp src/util/system.cpp git mv src/utilmemory.h src/util/memory.h git mv src/utilmoneystr.h src/util/moneystr.h git mv src/utilmoneystr.cpp src/util/moneystr.cpp git mv src/utilstrencodings.h src/util/strencodings.h git mv src/utilstrencodings.cpp src/util/strencodings.cpp git mv src/utiltime.h src/util/time.h git mv src/utiltime.cpp src/util/time.cpp sed -i 's/<util\.h>/<util\/system\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp') sed -i 's/<utilmemory\.h>/<util\/memory\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp') sed -i 's/<utilmoneystr\.h>/<util\/moneystr\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp') sed -i 's/<utilstrencodings\.h>/<util\/strencodings\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp') sed -i 's/<utiltime\.h>/<util\/time\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp') sed -i 's/BITCOIN_UTIL_H/BITCOIN_UTIL_SYSTEM_H/g' src/util/system.h sed -i 's/BITCOIN_UTILMEMORY_H/BITCOIN_UTIL_MEMORY_H/g' src/util/memory.h sed -i 's/BITCOIN_UTILMONEYSTR_H/BITCOIN_UTIL_MONEYSTR_H/g' src/util/moneystr.h sed -i 's/BITCOIN_UTILSTRENCODINGS_H/BITCOIN_UTIL_STRENCODINGS_H/g' src/util/strencodings.h sed -i 's/BITCOIN_UTILTIME_H/BITCOIN_UTIL_TIME_H/g' src/util/time.h sed -i 's/ util\.\(h\|cpp\)/ util\/system\.\1/g' src/Makefile.am sed -i 's/utilmemory\.\(h\|cpp\)/util\/memory\.\1/g' src/Makefile.am sed -i 's/utilmoneystr\.\(h\|cpp\)/util\/moneystr\.\1/g' src/Makefile.am sed -i 's/utilstrencodings\.\(h\|cpp\)/util\/strencodings\.\1/g' src/Makefile.am sed -i 's/utiltime\.\(h\|cpp\)/util\/time\.\1/g' src/Makefile.am sed -i 's/-> util ->/-> util\/system ->/' test/lint/lint-circular-dependencies.sh sed -i 's/src\/util\.cpp/src\/util\/system\.cpp/g' test/lint/lint-format-strings.py test/lint/lint-locale-dependence.sh sed -i 's/src\/utilmoneystr\.cpp/src\/util\/moneystr\.cpp/g' test/lint/lint-locale-dependence.sh sed -i 's/src\/utilstrencodings\.\(h\|cpp\)/src\/util\/strencodings\.\1/g' test/lint/lint-locale-dependence.sh sed -i 's/src\\utilstrencodings\.cpp/src\\util\\strencodings\.cpp/' build_msvc/libbitcoinconsensus/libbitcoinconsensus.vcxproj -END VERIFY SCRIPT-
2018-10-16doc: add comment explaining recentRejects-DoS behaviorJames O'Beirne
When we receive invalid txs for the first time, we mark the sender as misbehaving. If we receive the same tx before a new block is seen, we *don't* punish the second sender (in the same way we do the original sender). It wasn't initially clear to me that this is intentional, so add a clarifying comment.
2018-09-27Merge #14027: Skip stale tip checking if outbound connections are off or if ↵MarcoFalke
reindexing. 66b3fc5437 Skip stale tip checking if outbound connections are off or if reindexing. (Gregory Maxwell) Pull request description: I got tired of the pointless stale tip notices in reindex and on nodes with connections disabled. Tree-SHA512: eb07d9c5c787ae6dea02cdd1d67a48a36a30adc5ccc74d6f1c0c7364d404dc8848b35d2b8daf5283f7c8f36f1a3c463aacb190d70a22d1fe796a301bb1f03228
2018-09-04Merge #13249: Make objects in range declarations immutable by default. Avoid ↵Wladimir J. van der Laan
unnecessary copying of objects in range declarations. f34c8c466a0e514edac2e8683127b4176ad5d321 Make objects in range declarations immutable by default. Avoid unnecessary copying of objects in range declarations. (practicalswift) Pull request description: Make objects in range declarations immutable by default. Rationale: * Immutable objects are easier to reason about. * Prevents accidental or hard-to-notice change of value. Tree-SHA512: cad69d35f0cf8a938b848e65dd537c621d96fe3369be306b65ef0cd1baf6cc0a9f28bc230e1e383d810c555a6743d08cb6b2b0bd51856d4611f537a12e5abb8b
2018-08-30tests: Add missing locking annotations and lockspracticalswift
2018-08-27Make objects in range declarations immutable by default. Avoid unnecessary ↵practicalswift
copying of objects in range declarations.
2018-08-26Add compile time checking for all cs_main runtime locking assertionspracticalswift
2018-08-25Merge #13946: p2p: Clarify control flow in ProcessMessageWladimir J. van der Laan
fa6c3dea420b6c50c164ccc34f4e9e8a7d9a8022 p2p: Clarify control flow in ProcessMessage() (MarcoFalke) Pull request description: `ProcessMessage` is effectively a massive switch case construct. In the past there were attempts to clarify the control flow in `ProcessMessage()` by moving each case into a separate static function (see #9608). It was closed because it wasn't clear if moving each case into a function was the right approach. Though, we can quasi treat each case as a function by adding a return statement to each case. (Can be seen as a continuation of bugfix #13162) This patch does exactly that. Also note that this patch is a subset of previous approaches such as #9608 and #10145. Review suggestion: `git diff HEAD~ --function-context` Tree-SHA512: 91f6106840de2f29bb4f10d27bae0616b03a91126e6c6013479e1dd79bee53f22a78902b631fe85517dd5dc0fa7239939b4fefc231851a13c819458559f6c201
2018-08-23Skip stale tip checking if outbound connections are off or if reindexing.Gregory Maxwell
2018-08-22p2p: Remove dead code for nVersion=10300MarcoFalke
2018-08-12p2p: Clarify control flow in ProcessMessage()MarcoFalke
2018-08-10Merge #13907: Introduce a maximum size for locators.Wladimir J. van der Laan
e254ff5d53b79bee29203b965fca572f218bff54 Introduce a maximum size for locators. (Gregory Maxwell) Pull request description: The largest sensible size for a locator is log in the number of blocks. But, as noted by Coinr8d on BCT a maximum size message could encode a hundred thousand locators. If height were used to limit the messages that could open new attacks where peers on long low diff forks would get disconnected and end up stuck. Ideally, nodes first first learn to limit the size of locators they send before limiting what would be processed, but common implementations back off with an exponent of 2 and have an implicit limit of 2^32 blocks, so they already cannot produce locators over some size. Locators are cheap to process so allowing a few more is harmless, so this sets the maximum to 64-- which is enough for blockchains with 2^64 blocks before the get overhead starts increasing. Tree-SHA512: da28df9c46c988980da861046c62e6e7f93d0eaab3083d32e408d1062f45c00316d5e1754127e808c1feb424fa8e00e5a91aea2cc3b80326b71c148696f7cdb3
2018-08-09Introduce a maximum size for locators.Gregory Maxwell
The largest sensible size for a locator is log in the number of blocks. But, as noted by Coinr8d on BCT a maximum size message could encode a hundred thousand locators. If height were used to limit the messages that could open new attacks where peers on long low diff forks would get disconnected and end up stuck. Ideally, nodes first first learn to limit the size of locators they send before limiting what would be processed, but common implementations back off with an exponent of 2 and have an implicit limit of 2^32 blocks, so they already cannot produce locators over some size. This sets the limit to an absurdly high amount of 101 in order to maximize compatibility with existing software.
2018-07-27Update copyright headers to 2018DrahtBot
2018-07-25[net_processing] Add thread safety annotationsJesse Cohen
2018-07-20Merge #11637: p2p: Remove dead service bits codeWladimir J. van der Laan
fa4bf92be9420919c74cdde9a973f7327d01ac88 Remove dead service bits code (MarcoFalke) Pull request description: Seems fine to remove for the upcoming 0.17 release Fixes #10993 Tree-SHA512: 3a4664b787e3da399bcaaba693619bd384826df14f469dbdfbbfffc540d9da3f2b322cda262b43388376785f77907c2540541c239ab0fca82bd7eb69d02b6b7a
2018-07-16Merge #13298: Net: Bucketing INV delays (1 bucket) for incoming connections ↵Pieter Wuille
to hide tx time d45b344ffd Bucket for inbound when scheduling invs to hide tx time (Gleb) Pull request description: It has been brought up to my attention that current random delays mechanism (originally intended to obfuscate transaction metadata) allows to easily estimate the time a transaction was received by a node. It may be done by connecting multiple observer nodes to the same node. Each of those nodes will generate its own schedule of delays. Combined metadata regarding those events from different sources allows an observer to estimate transaction time. After this patch a spy won't gain additional information by just creating multiple connections to a target. Tree-SHA512: c71dae5ff350b614cb40a8e201fd0562d3e03e3e72a5099718cd451f0d84c66d5e52bbaf0d5b4b75137514c8efdedcc6ef4df90142b360153f04ad0721545ab1
2018-07-13Bucket for inbound when scheduling invs to hide tx timeGleb
2018-07-13Merge #13417: [net] Tighten scope in net_processingPieter Wuille
3339ba28e9 Make g_enable_bip61 a member variable of PeerLogicValidation (Jesse Cohen) 6690a28606 Restrict as much as possible in net_processing to translation unit (Jesse Cohen) 1d4df02b7e [move-only] Move things only referenced in net_processing out of header file (Jesse Cohen) 02bbc05310 Rescope g_enable_bip61 to net_processing (Jesse Cohen) Pull request description: As part of a larger effort to decouple net_processing and validation a bit, these are a bunch of simple scope cleanups. I've moved things out of the header file that are only referenced in net_processing and added static (or anonymous namespace) modifiers to everything possible in net_processing. There are a handful of functions which could be static except that they are exposed for the sake of unit testing - these are explicitly commented. There has been some discussion of a compile time annotation, but no conclusion has been reached on that yet. This is somewhat related to other prs #12934 #13413 #13407 and will be followed by prs that reduce reliance on cs_main to synchronize data structures which are translation unit local to net_processing Tree-SHA512: 46c9660ee4e06653feb42ba92189565b0aea17aac2375c20747c0d091054c63829cbf66d2daddf65682b58ce1d6922e23aefea051a7f2c8abbb6db253a609082
2018-07-11Remove dead service bits codeMarcoFalke
2018-07-09Make g_enable_bip61 a member variable of PeerLogicValidationJesse Cohen
2018-07-09Remove useless mapRequest tracking that just effects Qt display.Matt Corallo
I thought we had removed this a long time ago, TBH, its really confusing feedback to users that we display whether a tx was broadcast to immediate neighbor nodes, given that has little indication of whether the tx propagated very far.
2018-07-08Remove unused argument to ProcessGetBlockData(...)practicalswift
2018-07-08net: Remove unused interrupt from SendMessagesfanquake
2018-07-05Merge #13096: [Policy] Fix MAX_STANDARD_TX_WEIGHT checkWladimir J. van der Laan
2f1a30c63 Fix MAX_STANDARD_TX_WEIGHT check (Johnson Lau) Pull request description: As suggested by the constant name and its comment in policy.h, a transaction with a weight of exactly MAX_STANDARD_TX_WEIGHT should be allowed. Users could be confused. Tree-SHA512: af417de1c6a2e6796ebbb39aa0caad8764302ded155cb1bbfbe457e4567c199cc53256189832b17d4aeec369e190b3edd4c6116d5f0b8cf0ede6dfb4ed83bdd3
2018-06-25Drop unused init.h includesBen Woosley
These were entirely unused, as based on successful compilation and a grep for: \bStartShutdown\(\)|\bShutdownRequested\(\)|\bInterrupt\(\)|\bShutdown\(\)|\bInitLogging\(\)|\bInitParameterInteraction\(\)|\bAppInitBasicSetup\(\)|\bAppInitParameterInteraction\(\)|\bAppInitSanityChecks\(\)|\bAppInitLockDataDirectory\(\)|\bAppInitMain\(\)|\bSetupServerArgs\(\)|\bLicenseInfo\(\)|g_wallet_init_interface|init.h
2018-06-20Restrict as much as possible in net_processing to translation unitJesse Cohen
Mark everything else static or in an anonymous namespace.
2018-06-19[move-only] Move things only referenced in net_processing out of header fileJesse Cohen
2018-06-19Rescope g_enable_bip61 to net_processingJesse Cohen
2018-06-12Merge #13312: docs: Add a note about the source code filename naming conventionMarcoFalke
e56771365b Do not use uppercase characters in source code filenames (practicalswift) 419a1983ca docs: Add a note about the source code filename naming convention (practicalswift) Pull request description: Add a note about the source code filename naming convention. Tree-SHA512: 8d329bd9e19bcd26e74b0862fb0bc2369b46095dbd3e69d34859908632763abd7c3d00ccc44ee059772ad4bae4460c2bcc1c0e22fd9d8876d57e5fcd346cea4b
2018-05-29Merge #13134: net: Add option `-enablebip61` to configure sending of BIP61 ↵Wladimir J. van der Laan
notifications 87fe292d897e09e176ac7e254144466c319cc9ac doc: Mention disabling BIP61 in bips.md (Wladimir J. van der Laan) fe16dd8226d924f44432c5b5014aa49ff45c82ff net: Add option `-enablebip61` to configure sending of BIP61 notifications (Wladimir J. van der Laan) Pull request description: This commit adds a boolean option `-peersendreject`, defaulting to `1`, that can be used to disable the sending of [BIP61](https://github.com/bitcoin/bips/blob/master/bip-0061.mediawiki) `reject` messages. This functionality has been requested for various reasons: - security (DoS): reject messages can reveal internal state that can be used to target certain resources such as the mempool more easily. - bandwidth: a typical node sends lots of reject messages; this counts against upstream bandwidth. Also the reject messages tend to be larger than the message that was rejected. On the other hand, reject messages can be useful while developing client software (I found them indispensable while creating bitcoin-submittx), as well as for our own test cases, so whatever the default becomes on the long run, IMO the functionality should be retained as option. But that's a discussion for later, for now it's simply a node operator decision. Also adds a RPC test that checks the functionality. Tree-SHA512: 9488cc53e13cd8e5c6f8eb472a44309572673405c1d1438c3488f627fae622c95e2198bde5ed7d29e56b948e2918bf1920239e9f865889f4c37c097c37a4d7a9
2018-05-23Merge #13151: net: Serve blocks directly from disk when possibleWladimir J. van der Laan
0bf431870e45d8e20c4671e51a782ebf97b75fac net: Serve blocks directly from disk when possible (Wladimir J. van der Laan) Pull request description: In `ProcessGetBlockData`, send the block data directly from disk if type MSG_WITNESS_BLOCK is requested. This is a valid shortcut as the on-disk format matches the network format. This is expected to increase performance because a deserialization and subsequent serialization roundtrip is avoided. Tree-SHA512: 9a9500b4c1354eaae1a6f1c6ef2416c1c1985029852589266f3a70e808f6c7482c135e9ab251a527566935378ab7c32dba4ed43ba5451e802d8e72b77d1ba472
2018-05-23Do not use uppercase characters in source code filenamespracticalswift
2018-05-15net: Serve blocks directly from disk when possibleWladimir J. van der Laan
In `ProcessGetBlockData`, send the block data directly from disk if type MSG_WITNESS_BLOCK is requested. This is a valid shortcut as the on-disk format matches the network format. This is expected to increase performance because a deserialization and subsequent serialization roundtrip is avoided.
2018-05-13net: Add option `-enablebip61` to configure sending of BIP61 notificationsWladimir J. van der Laan
This commit adds a boolean option `-enablebip61`, defaulting to `1`, that can be used to disable the sending of BIP61 `reject` messages. This functionality has been requested for various reasons: - security (DoS): reject messages can reveal internal state that can be used to target certain resources such as the mempool more easily. - bandwidth: a typical node sends lots of reject messages; this counts against upstream bandwidth. Also the reject messages tend to be larger than the message that was rejected. On the other hand, reject messages can be useful while developing client software (I found them indispensable while creating bitcoin-submittx), as well as for our own test cases, so whatever the default becomes on the long run, IMO the functionality should be retained as option. But that's a discussion for later.
2018-05-07Merge #13162: [net] Don't incorrectly log that REJECT messages are unknown.Wladimir J. van der Laan
fad63eb [logging] Don't incorrectly log that REJECT messages are unknown. (John Newbery) Pull request description: Reject messages are logged to debug.log if NET debug logging is enabled. Because of the way the `ProcessMessages()` function is structured, processing for REJECT messages will also drop through to the default branch and incorrectly log `Unknown command "reject" from peer-?`. Fix that by exiting from `ProcessMessages()` early. without this PR: ``` 2018-05-03T17:37:00.930600Z received: reject (21 bytes) peer=0 2018-05-03T17:37:00.930620Z Reject message code 16: spammy spam 2018-05-03T17:37:00.930656Z Unknown command "reject" from peer=0 ``` with this PR: ``` 2018-05-03T17:35:04.751246Z received: reject (21 bytes) peer=0 2018-05-03T17:35:04.751274Z Reject message code 16: spammy spam ``` Tree-SHA512: 5c84c98433ab99e0db2dd481f9c2db6f87ff0d39022ff317a791737e918714bbcb4a23e81118212ed8e594ebcf098ab7f52f7fd5e21ebc3f07b1efb279b9b30b
2018-05-05Fix MAX_STANDARD_TX_WEIGHT checkJohnson Lau
As suggested by the constant name and its comment in policy.h, a transaction with a weight of exactly MAX_STANDARD_TX_WEIGHT should be allowed
2018-05-03Make it clear which functions that are intended to be translation unit localpracticalswift
Do not share functions that are meant to be translation unit local with other translation units. Use internal linkage for those consistently.
2018-05-03[logging] Don't incorrectly log that REJECT messages are unknown.John Newbery
Reject messages are logged to debug.log if NET debug logging is enabled. Because of the way the `ProcessMessages()` function is structured, processing for REJECT messages will also drop through to the default branch and incorrectly log `Unknown command "reject" from peer-?`. Fix that by exiting from `ProcessMessages()` early. without this PR: ``` 2018-05-03T17:37:00.930600Z received: reject (21 bytes) peer=0 2018-05-03T17:37:00.930620Z Reject message code 16: spammy spam 2018-05-03T17:37:00.930656Z Unknown command "reject" from peer=0 ``` with this PR: ``` 2018-05-03T17:35:04.751246Z received: reject (21 bytes) peer=0 2018-05-03T17:35:04.751274Z Reject message code 16: spammy spam ```
2018-05-02Add missing newlines to LogPrint debug loggingWladimir J. van der Laan
The linter only checked `LogPrintf`, not `LogPrint`. Fix the remaining cases.
2018-04-18Consistently log CValidationState on failureBen Woosley
Seems providing at least minimal visibility to the failure is a good practice. The only remaining ignored state is in LoadExternalBlockFile, where logging would likely be spammy.
2018-04-05Merge #12859: Bugfix: Include <memory> for std::unique_ptrWladimir J. van der Laan
a5bca13 Bugfix: Include <memory> for std::unique_ptr (Luke Dashjr) Pull request description: Not sure why all these includes were missing, but it's breaking builds for some users: https://bugs.gentoo.org/show_bug.cgi?id=652142 (Added to all files with a reference to `std::unique_ptr`) Tree-SHA512: 8a2c67513ca07b9bb52c34e8a20b15e56f8af2530310d9ee9b0a69694dd05e02e7a3683f14101a2685d457672b56addec591a0bb83900a0eb8e2a43d43200509
2018-04-02Bugfix: Include <memory> for std::unique_ptrLuke Dashjr
2018-03-21Fix typosDimitris Apostolou
2018-03-13Merge #11041: Add LookupBlockIndexWladimir J. van der Laan
92fabcd44 Add LookupBlockIndex function (João Barbosa) 43a32b739 Add missing cs_lock in CreateWalletFromFile (João Barbosa) f814a3e8f Fix cs_main lock in LoadExternalBlockFile (João Barbosa) c651df8b3 Lock cs_main while loading block index in AppInitMain (João Barbosa) 02de6a6bc Assert cs_main is held when accessing mapBlockIndex (João Barbosa) Pull request description: Replace all `mapBlockIndex` lookups with the new `LookupBlockIndex()`. In some cases it avoids a second lookup. Tree-SHA512: ca31118f028a19721f2191d86f2dd398144d04df345694575a64aeb293be2f85785201480c3c578a0ec99690516205708558c0fd4168b09313378fd4e60a8412
2018-03-06Add LookupBlockIndex functionJoão Barbosa
2018-03-06Add documentation to PeerLogicValidation interface and related functionsJames O'Beirne
2018-03-01Merge #10387: Eventually connect to NODE_NETWORK_LIMITED peersWladimir J. van der Laan
eb91835 Add setter for g_initial_block_download_completed (Jonas Schnelli) 3f56df5 [QA] add NODE_NETWORK_LIMITED address relay and sync test (Jonas Schnelli) 158e1a6 [QA] fix mininode CAddress ser/deser (Jonas Schnelli) fa999af [QA] Allow addrman loopback tests (add debug option -addrmantest) (Jonas Schnelli) 6fe57bd Connect to peers signaling NODE_NETWORK_LIMITED when out-of-IBD (Jonas Schnelli) 31c45a9 Accept addresses with NODE_NETWORK_LIMITED flag (Jonas Schnelli) Pull request description: Eventually connect to peers signalling NODE_NETWORK_LIMITED if we are out of IBD. Accept and relay NODE_NETWORK_LIMITED peers in addrman. Tree-SHA512: 8a238fc97f767f81cae1866d6cc061390f23a72af4a711d2f7158c77f876017986abb371d213d1c84019eef7be4ca951e8e6f83fda36769c4e1a1d763f787037
2018-02-17Add setter for g_initial_block_download_completedJonas Schnelli