The use of mocktime in test logic means that comparisons between
GetTime() and GetTimeMicros()/1000000 are unreliable since the former
can use mocktime values while the latter always gets the system clock;
this changes the networking code's inactivity checks to consistently
use the system clock for inactivity comparisons.
Also remove some hacks from setmocktime() that are no longer needed,
now that we're using the system clock for nLastSend and nLastRecv.
* fixed an issue with MasternodeRateCheck always returns true
* additioanal fixes and refactoring (rebase)
* slightly improved CRateBuffer synchronization for newly started nodes
* IBD check uses minimumchain work instead of checkpoints.
This introduces a 'minimum chain work' chainparam which is intended
to be the known amount of work in the chain for the network at the
time of software release. If you don't have this much work, you're
not yet caught up.
This is used instead of the count of blocks test from checkpoints.
This criteria is trivial to keep updated as there is no element of
subjectivity, trust, or position dependence to it. It is also a more
reliable metric of sync status than a block count.
* Remove GetTotalBlocksEstimate and checkpoint tests that test nothing.
GetTotalBlocksEstimate is no longer used and it was the only thing
the checkpoint tests were testing.
Since checkpoints are on their way out it makes more sense to remove
the test file than to cook up a new pointless test.
# Conflicts:
# src/Makefile.test.include
# src/test/Checkpoints_tests.cpp
* IsInitialBlockDownload no longer uses header-only timestamps.
This avoids a corner case (mostly visible on testnet) where bogus
headers can keep nodes in IsInitialBlockDownload.
* Delay parallel block download until chain has sufficient work
nMinimumChainWork is an anti-DoS threshold; wait until we have a proposed
tip with more work than that before downloading blocks towards that tip.
* Add timeout for headers sync
At startup, we choose one peer to serve us the headers chain, until
our best header is close to caught up. Disconnect this peer if more
than 15 minutes + 1ms/expected_header passes and our best header
is still more than 1 day away from current time.
* Introduce assumevalid setting to skip presumed valid scripts.
This disentangles the script validation skipping from checkpoints.
A new option is introduced "assumevalid" which specifies a block whos
ancestors we assume all have valid scriptsigs and so we do not check
them when they are also burried under the best header by two weeks
worth of work.
Unlike checkpoints this has no influence on consensus unless you set
it to a block with an invalid history. Because of this it can be
easily be updated without risk of influencing the network consensus.
This results in a massive IBD speedup.
This approach was independently recommended by Peter Todd and Luke-Jr
since POW based signature skipping (see PR#9180) does not have the
verifiable properties of a specific hash and may create bad incentives.
The downside is that, like checkpoints, the defaults bitrot and older
releases will sync slower. On the plus side users can provide their
own value here, and if they set it to something crazy all that will
happen is more time will be spend validating signatures.
Checkblocks and checklevel are also moved to the hidden debug options:
Especially now that checkblocks has a low default there is little need
to change these settings, and users frequently misunderstand them as
influencing security or IBD speed. By hiding them we offset the
space added by this new option.
* Add consensusParams to FindNextBlocksToDownload
* Adjust check in headers timeout logic to align with 144 blocks in Dash
* net: fix typo causing the wrong receive buffer size
Surprisingly this hasn't been causing me any issues while testing, probably
because it requires lots of large blocks to be flying around.
Send/Recv corks need tests!
* net: make vRecvMsg a list so that we can use splice()
* net: make GetReceiveFloodSize public
This will be needed so that the message processor can cork incoming messages
* net: only disconnect if fDisconnect has been set
These conditions are problematic to check without locking, and we shouldn't be
relying on the refcount to disconnect.
* net: wait until the node is destroyed to delete its recv buffer
when vRecvMsg becomes a private buffer, it won't make sense to allow other
threads to mess with it anymore.
* net: set message deserialization version when it's actually time to deserialize
We'll soon no longer have access to vRecvMsg, and this is more intuitive anyway.
* net: handle message accounting in ReceiveMsgBytes
This allows locking to be pushed down to only where it's needed
Also reuse the current time rather than checking multiple times.
* net: record bytes written before notifying the message processor
* net: Add a simple function for waking the message handler
This may be used publicly in the future
* net: remove useless comments
* net: remove redundant max sendbuffer size check
This is left-over from before there was proper accounting. Hitting 2x the
sendbuffer size should not be possible.
* net: rework the way that the messagehandler sleeps
In order to sleep accurately, the message handler needs to know if _any_ node
has more processing that it should do before the entire thread sleeps.
Rather than returning a value that represents whether ProcessMessages
encountered a message that should trigger a disconnnect, interpret the return
value as whether or not that node has more work to do.
Also, use a global fProcessWake value that can be set by other threads,
which takes precedence (for one cycle) over the messagehandler's decision.
Note that the previous behavior was to only process one message per loop
(except in the case of a bad checksum or invalid header). That was changed in
PR #3180.
The only change here in that regard is that the current node now falls to the
back of the processing queue for the bad checksum/invalid header cases.
* net: add a new message queue for the message processor
This separates the storage of messages from the net and queued messages for
processing, allowing the locks to be split.
* net: add a flag to indicate when a node's process queue is full
Messages are dumped very quickly from the socket handler to the processor, so
it's the depth of the processing queue that's interesting.
The socket handler checks the process queue's size during the brief message
hand-off and pauses if necessary, and the processor possibly unpauses each time
a message is popped off of its queue.
* net: add a flag to indicate when a node's send buffer is full
Similar to the recv flag, but this one indicates whether or not the net's send
buffer is full.
The socket handler checks the send queue when a new message is added and pauses
if necessary, and possibly unpauses after each message is drained from its buffer.
* net: remove cs_vRecvMsg
vRecvMsg is now only touched by the socket handler thread.
The accounting vars (nRecvBytes/nLastRecv/mapRecvBytesPerMsgCmd) are also
only used by the socket handler thread, with the exception of queries from
rpc/gui. These accesses are not threadsafe, but they never were. This needs to
be addressed separately.
Also, update comment describing data flow
* Dont deserialize nVersion into CNode, should fix#9212
* net: deserialize the entire version message locally
This avoids having some vars set if the version negotiation fails.
Also copy it all into CNode at the same site. nVersion and
fSuccessfullyConnected are set last, as they are the gates for the other vars.
Make them atomic for that reason.
* net: don't run callbacks on nodes that haven't completed the version handshake
Since ForEach* are can be used to send messages to all nodes, the caller may
end up sending a message before the version handshake is complete. To limit
this, filter out these nodes. While we're at it, may as well filter out
disconnected nodes as well.
Delete unused methods rather than updating them.
* net: Disallow sending messages until the version handshake is complete
This is a change in behavior, though it's much more sane now than before.
* net: log an error rather than asserting if send version is misused
Also cleaned up the comments and moved from the header to the .cpp so that
logging headers aren't needed from net.h
* Implement conditions for ForEachNode() and ForNode() methods of CConnman.
A change making ForEachNode() and ForNode() methods ignore nodes that
have not completed initial handshake have been backported from Bitcoin.
Unfortunately, some Dash-specific code needs to iterate over all nodes.
This change introduces additional condition argument to these methods.
This argument is a functional object that should return true for nodes
that should be taken into account, not ignored.
Two functional objects are provided in CConnman namespace:
* FullyConnectedOnly returns true for nodes that have handshake completed,
* AllNodes returns true for all nodes.
Overloads for ForEachNode() and ForNode() methods without condition argument
are left for compatibility with non-Dash-specific code.
They use FullyConnectedOnly functional object for condition.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
* Iterate over all nodes in Dash-specific code using AllNodes condition.
Use AllNodes functional object as newly introduced condition argument for
ForEachNode() and ForNode() methods of CConnman to iterate over all nodes
where needed in Dash-specific code.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
* Remove un-needed #includes (what is the policy?)
Data was duplicated in masternode_info_t and CMasternode classes:
* CMasternode is changed to inherit from masternode_info_t
so the data members are inherited rather than repeated
(also inherits unrepeated nTimeLastPing and fInfoValid members;
this slight intrusiveness made up for in simplicity).
* Use in-class member initializers (C++11) for defaults,
so only non-default initializers are required in the lists.
Allows to shorten repetitous constructor initializer lists.
This makes checking for uninitialized data simpler.
* Default constructors are defined as "= default;" if possible.
* masternode_info_t is changed to behave like an aggregate
(but requires over-complicated constructors until c++14).
There are pros and cons here - aggregate initialization
is convenient but implicit).
* Removed user-defined swap functions.
They appear to only be used in operator= definitions,
using the copy-in,swap-and-return idiom:
* Default operator=, where possible.
* Move in class `friend bool operator==` out-of-class.
* Change sync process:
- IsBlockchainSynced(): drop CheckNodeHeight() and all complicated code, use fInitialDownload in UpdatedBlockTip() to switch initial states
- ProcessTick(): detect sleep mode like it was in IsBlockchainSynced(), not by number of masternodes
* Changes for sync in governance:
- do not keep sync alive on ConfirmInventoryRequest()
- skip some governance actions until we are synced to some level
* do not run CMasternodeMan::UpdateLastPaid() until winners list is synced
* start syncing mn list on the same node right after requesting sporks
* replace nTimeLast<Asset> with the unified nTimeLastBumped, bump on UpdatedBlockTip
* fix comments and LogPrintf-s
* remove excessive MASTERNODE_SYNC_IBD
* a bit more descriptive BumpAssetLastTime in few cases
* net: a few small cleanups before replacing boost threads
- Drop the interruption point directly after the pnode allocation. This would
be leaky if hit.
- Rearrange thread creation so that the socket handler comes first
* net: add CThreadInterrupt and InterruptibleSleep
* net: make net interruptible
Also now that net threads are interruptible, switch them to use std
threads/binds/mutexes/condvars.
* net: make net processing interruptible
* net: remove thread_interrupted catch
This is now a std::thread, so there's no hope of catching a boost interruption
point.
* net: make proxy receives interruptible
* net: misc header cleanups
* Remove orphan state wipe from UnloadBlockIndex.
As orphan state is now "network state", like in
d6ea737be19a0001e69e4e854eb1cef21523ea7a,
UnloadBlockIndex is only used during init if we end up reindexing
to clear our block state so that we can start over. However, at
that time no connections have been brought up as CConnman hasn't
been started yet, so all of the network processing state logic is
empty when its called.
* Move network-msg-processing code out of main to its own file
* Rename the remaining main.{h,cpp} to validation.{h,cpp}
* net: Consistent checksum handling
In principle, the checksums of P2P packets are simply 4-byte blobs which
are the first four bytes of SHA256(SHA256(payload)).
Currently they are handled as little-endian 32-bit integers half of the
time, as blobs the other half, sometimes copying the one to the other,
resulting in somewhat confused code.
This PR changes the handling to be consistent both at packet creation
and receiving, making it (I think) easier to understand.
* net: Hardcode protocol sizes and use fixed-size types
The P2P network uses a fixed protocol, these sizes shouldn't change
based on what happens to be the architecture.
* Expose AcceptBlockHeader through main.h
* Split ::HEADERS processing into two separate cs_main locks
This will allow NotifyHeaderTip to be called from an
AcceptBlockHeader wrapper function without holding cs_main.
* Use exposed ProcessNewBlockHeaders from ProcessMessages
* Remove pfrom parameter from ProcessNewBlock
This further decouples ProcessNewBlock from networking/peer logic.
* Replace CValidationState param in ProcessNewBlock with BlockChecked
* Move MarkBlockAsReceived out of ProcessNewMessage
* Remove network state wipe from UnloadBlockIndex.
UnloadBlockIndex is only used during init if we end up reindexing
to clear our block state so that we can start over. However, at
that time no connections have been brought up as CConnman hasn't
been started yet, so all of the network processing state logic is
empty when its called.
Additionally, the initialization of the recentRejects set is moved
to InitPeerLogic.
* Move all calls to CheckBlockIndex out of net-processing logic
This will result in many more calls to CheckBlockIndex when
connecting a list of headers (eg in ::HEADERS messages processing)
but its only enabled in debug mode, and that should mostly just be
during IBD, so it should be OK.
* Move FlushStateToDisk call out of ProcessMessages::TX into ATMP
* Move nTimeBestReceived updating into net processing code
* Make validationinterface.UpdatedBlockTip more verbose
In anticipation of making all the callbacks out of block processing
flow through it. Note that vHashes will always have something in it
since pindexFork != pindexNewTip.
* Remove duplicate nBlocksEstimate cmp (we already checked IsIBD())
* Remove CConnman parameter from ProcessNewBlock/ActivateBestChain
* Remove SyncWithWallets wrapper function
* Move net-processing logic definitions together in main.h
* Use CValidationInterface from chain logic to notify peer logic
This adds a new CValidationInterface subclass, defined in main.h,
to receive notifications of UpdatedBlockTip and use that to push
blocks to peers, instead of doing it directly from
ActivateBestChain.
* Always call UpdatedBlockTip, even if blocks were only disconnected
* Use BlockChecked signal to send reject messages from mapBlockSource
In the case of (for example) an already-running bitcoind, the shutdown sequence
begins before CConnman has been created, leading to a null-pointer dereference
when g_connman->Stop() is called.
Instead, Just let the CConnman dtor take care of stopping.
* serialization: teach serializers variadics
Also add a variadic CDataStream ctor for ease-of-use.
* connman is in charge of pushing messages
The changes here are dense and subtle, but hopefully all is more explicit
than before.
- CConnman is now in charge of sending data rather than the nodes themselves.
This is necessary because many decisions need to be made with all nodes in
mind, and a model that requires the nodes calling up to their manager quickly
turns to spaghetti.
- The per-node-serializer (ssSend) has been replaced with a (quasi-)const
send-version. Since the send version for serialization can only change once
per connection, we now explicitly tag messages with INIT_PROTO_VERSION if
they are sent before the handshake. With this done, there's no need to lock
for access to nSendVersion.
Also, a new stream is used for each message, so there's no need to lock
during the serialization process.
- This takes care of accounting for optimistic sends, so the
nOptimisticBytesWritten hack can be removed.
- -dropmessagestest and -fuzzmessagestest have not been preserved, as I suspect
they haven't been used in years.
* net: switch all callers to connman for pushing messages
Drop all of the old stuff.
* drop the optimistic write counter hack
This is now handled properly in realtime.
* net: remove now-unused ssSend and Fuzz
* net: construct CNodeStates in place
* net: handle version push in InitializeNode
* net: Add fRelayTxes flag
Add a fRelayTxes to keep track of the relay transaction flag
we send to other peers.
* rpc: Add `relaytxes` flag to `getnetworkinfo`
Re-work of PR #7841 by dragongem45.
Closes#7771.
* net: move CBanDB and CAddrDB out of net.h/cpp
This will eventually solve a circular dependency
* net: Create CConnman to encapsulate p2p connections
* net: Move socket binding into CConnman
* net: move OpenNetworkConnection into CConnman
* net: move ban and addrman functions into CConnman
* net: Add oneshot functions to CConnman
* net: move added node functions to CConnman
* net: Add most functions needed for vNodes to CConnman
* net: handle nodesignals in CConnman
* net: Pass CConnection to wallet rather than using the global
* net: Add rpc error for missing/disabled p2p functionality
* net: Pass CConnman around as needed
* gui: add NodeID to the peer table
* net: create generic functor accessors and move vNodes to CConnman
* net: move whitelist functions into CConnman
* net: move nLastNodeId to CConnman
* net: move nLocalHostNonce to CConnman
This behavior seems to have been quite racy and broken.
Move nLocalHostNonce into CNode, and check received nonces against all
non-fully-connected nodes. If there's a match, assume we've connected
to ourself.
* net: move messageHandlerCondition to CConnman
* net: move send/recv statistics to CConnman
* net: move SendBufferSize/ReceiveFloodSize to CConnman
* net: move nLocalServices/nRelevantServices to CConnman
These are in-turn passed to CNode at connection time. This allows us to offer
different services to different peers (or test the effects of doing so).
* net: move semOutbound and semMasternodeOutbound to CConnman
* net: SocketSendData returns written size
* net: move max/max-outbound to CConnman
* net: Pass best block known height into CConnman
CConnman then passes the current best height into CNode at creation time.
This way CConnman/CNode have no dependency on main for height, and the signals
only move in one direction.
This also helps to prevent identity leakage a tiny bit. Before this change, an
attacker could theoretically make 2 connections on different interfaces. They
would connect fully on one, and only establish the initial connection on the
other. Once they receive a new block, they would relay it to your first
connection, and immediately commence the version handshake on the second. Since
the new block height is reflected immediately, they could attempt to learn
whether the two connections were correlated.
This is, of course, incredibly unlikely to work due to the small timings
involved and receipt from other senders. But it doesn't hurt to lock-in
nBestHeight at the time of connection, rather than letting the remote choose
the time.
* net: pass CClientUIInterface into CConnman
* net: Drop StartNode/StopNode and use CConnman directly
* net: Introduce CConnection::Options to avoid passing so many params
* net: add nSendBufferMaxSize/nReceiveFloodSize to CConnection::Options
* net: move vNodesDisconnected into CConnman
* Made the ForEachNode* functions in src/net.cpp more pragmatic and self documenting
* Convert ForEachNode* functions to take a templated function argument rather than a std::function to eliminate std::function overhead
* net: move MAX_FEELER_CONNECTIONS into connman
* lock cs_main for chainActive
ActivateBestChain uses chainActive after releasing the lock; reorder operations
to move all access to synchronized object into existing LOCK(cs_main) block.
* lock cs_main for State/Misbehaving
ProcessMessage calls State(...) and Misbehaving(...) without holding the
required lock; add LOCK(cs_main) blocks.
Tests if addresses are online or offline by briefly connecting to them. These short lived connections are referred to as feeler connections. Feeler connections are designed to increase the number of fresh online addresses in tried by selecting and connecting to addresses in new. One feeler connection is attempted on average once every two minutes.
This change was suggested as Countermeasure 4 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
As per meeting 2016-03-31
https://bitcoincore.org/en/meetings/2016/03/31/#bad-chain-alerts
The partition checker was producing huge number of false-positives
and was disabled in 0.12.1 on the understanding it would either be
fixed in 0.13 or removed entirely from master if not.
*** Dash specific note: ***
This check was disabled in Dash already.
* Rework addnode behaviour
* Use CNode::addeName to track whether a connection to a name is already open
* A new connection to a previously-connected by-name addednode is only opened when
the previous one closes (even if the name starts resolving to something else)
* At most one connection is opened per addednode (even if the name resolves to multiple)
* Unify the code between ThreadOpenAddedNodeConnections and getaddednodeinfo
* Information about open connections is always returned, and the dns argument becomes a dummy
* An IP address and inbound/outbound is only reported for the (at most 1) open connection
* Prevent duplicate connections where one is by name and another by ip
* Randomize name lookup result in ConnectSocketByName
* fix vulnerability with mapMasternodeOrphanObjects
The vulnerability is that a malicious node can send a lot of NetMsgType::MNGOVERNANCEOBJECT messages which refer to many arbitrary MN's. In this case, mapMasternodeOrphanObjects will grow unrestrictedly.
* MN collateral moved to governance-object.cpp; ban score applied to misbehaving nodes
* recursive locks removed
* check for the mn collateral code segregated to a separate function
* CheckCollateral implementation moved to cpp
This reverts commit 1f828f45ec.
The commit being reverted changed FindNode(const CService& addr)
to make no difference between nodes with the same IP address,
but different ports, but only for regtest network.
As functional tests run several nodes on different ports or the same
IP address (127.0.0.1), this eventually started breaking functional tests.
The only use for regtest network I know is for functional tests,
so it's time to revert that commit.
* fix issues with mapSeenGovernanceObjects
Removed seen-governance-objects optimization except for deleted objects. Otherwise some nodes can permanently lost proposals if they received them too early.
Beside of that there is a vulnerability with seen-governance-objects mechanism if malicious node send us a lot of invalid governance objects.
* mapSeenGovernanceObjects renamed to mapErasedGovernanceObjects
* current fixes
* use int64_t for expiration timestamp
* Add recently accepted blocks and txn to AttemptToEvictConnection.
This protects any not-already-protected peers who were the most
recent four to relay transactions and most recent four to send
blocks to us.
* Allow disconnecting a netgroup with only one member in eviction.
With the latest additions there are enough protective measures that
we can take the training wheels off.
* net: don't import std namespace
This file is about to be broken up into chunks and moved around. Drop the
namespace now rather than requiring other files to use it.
* net: remove unused set
* net: use the exposed GetNodeSignals() rather than g_signals directly
* net: make Ban/Unban/ClearBan functionality consistent
- Ban/Unban/ClearBan call uiInterface.BannedListChanged() as necessary
- Ban/Unban/ClearBan sync to disk if the operation is user-invoked
- Mark node for disconnection automatically when banning
- Lock cs_vNodes while setting disconnected
- Don't spin in a tight loop while setting disconnected
* net: No need to export DumpBanlist
DumpBanList currently does this:
- with lock: take a copy of the banmap
- perform I/O (write out the banmap)
- with lock: mark the banmap non-dirty
If a new ban is added during the I/O operation, it may never be persisted to
disk.
Reorder operations so that the data to be persisted cannot be older than the
time at which the banmap was marked non-dirty.
* Make ProcessNewBlock dbp const and update comment
* Switch reindexing to AcceptBlock in-loop and ActivateBestChain afterwards
* Optimize ActivateBestChain for long chains
* Add -reindex-chainstate that does not rebuild block index
* Report reindexing progress in GUI
* Only store and connect to NODE_NETWORK nodes
* Keep addrman's nService bits consistent with outbound observations
* Verify that outbound connections have expected services
* Don't require services in -addnode
* Introduce enum ServiceFlags for service flags
* Introduce REQUIRED_SERVICES constant
* CAddrDB modified so that when de-serialization code throws an exception Addrman is reset to a clean state
* CAddrDB modified to make unit tests possible
* Regression test created to ensure bug is fixed
* StartNode modifed to clear adrman if CAddrDB::Read returns an error code.
* process governance objects in CheckMasternodeOrphanObjects as usual
* code refactoring: SetRateChecksHelper class added
* fixed race condition issues with propagation of governance objects
* change GetCollateralConfirmations signature
* code refactoring
* reduced minimum number of collateral confirmations required for relaying proposals
* bug fixes and improvements
* banlist: update set dirty to be more fine grained
- move the SetBannedSetDirty(false) call from DumpData() into DumpBanlist()
- ensure we only set false, if the write succeeded
* banlist: better handling of banlist in StartNode()
- only start working on/with banlist data, if reading in the banlist from
disk didn't fail
- as CNode::setBannedIsDirty is false (default) when reading fails, we
don't need to explicitly set it to false to prevent writing
banlist.dat in that case either
* banlist: add more banlist infos to log / add GUI signal
- to match the peers.dat handling also supply a debug.log entry for how
many entries were loaded from banlist.dat and how long it took
- add a GUI init message for loading the banlist (same as with peers.dat)
- move the same message for peers.dat upwards in the code, to be able to
reuse the timing variable nStart and also just log, if our read from
peers.dat didn't fail
* banlist (bugfix): allow CNode::SweepBanned() to run on interval
- allows CNode::SweepBanned() to run, even if !CNode::BannedSetIsDirty(),
because if nBanUntil is over we want the ban to be disabled for these
nodes
* Add hassentinelping to governanceinfo
* sentinelping rpc call
* additional fields in mnp
* sentinel ping implementation
* change sentinel state to byte in mnp
* use adjusted time in sentinel ping
* update nTimeLastWatchdogVote if sentinel ping is actual
* remove unused fields
* bump protocol to 70207
* Fix small issues
- fix the error message text in CActivbeMasternodeUpdateSentinelPing;
- add empty string before public: in CActiveMasternode class declaration;
- rename field sentinelPing in CMasternodePing to sentinelIsActual and change $
- decrease sentinelVersion field size to uint16_t;
* revert proto bump for MIN_... consts
* revert changes in getgovernanceinfo
* Update mn vote time for remote masternodes
- call UpdateWatchdogVoteTime in CMasternodeMan::ProcessMessage
- deserialize masternodeping from the previous version archive without exception
- add ability to set time in UpdateWatchdogVoteTime
- set nTimeLastWatchdogVote to masternode ping sigTime if sentinel is actual
- bump CMasternodeMan::SERIALIZATION_VERSION_STRING
* remove mn state checks and add correct rpc param convertion
* fix var names
* Helper class for version in string and integer form
* String version in sentinel ping
Version format is "x.x.x"
* test for bacward compatibility in serialization
* Change VersionInfo class to convert functions
* Build against system UniValue when available
* doc: Add UniValue to build instructions
* Bugfix: The var is LIBUNIVALUE,not LIBBITCOIN_UNIVALUE
* Change default configure option --with-system-univalue to "no"
* Bugfix: Always include univalue in DIST_SUBDIRS
* LDADD dependency order shuffling
* build-unix: Update UniValue build conditions
ProcessNewBlock would return failure early if CheckBlock failed, before
calling AcceptBlock. AcceptBlock also calls CheckBlock, and upon failure
would update mapBlockIndex to indicate that a block was failed. By returning
early in ProcessNewBlock, we were not marking blocks that fail a check in
CheckBlock as permanently failed, and thus would continue to re-request and
reprocess them.
Adds several unittests for CAddrMan and CAddrInfo.
Increases the accuracy of addrman tests.
Removes non-determinism in tests by overriding the random number generator.
Extracts testing code from addrman class to test class.
* log bytes recv/sent per command
* net: Account for `sendheaders` `verack` messages
Looks like these were forgotten in #6589.
* Backport remaining part of Bitcoin PR bitcoin/bitcoin#7181.
Most of this PR is already merged, but a small part remaining
that makes per-command byte counts in CNode working.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
Fixes: #1345
The actual problem is that GetDataDir has the side effect of creating the
datadir, even if it is not known yet where it really is. This is only
known after reading the config file or when explicitly specified in the
cmd line.
Thus, if GetDataDir gets called before the datadir value from the config
is read, it tries to create it at the default location.
* Implement proposal validation
Includes commits:
Implemented CProposalValidator
Use CProposalValidator to check proposals at prepare and submit stages
Modify proposal validator to support numerical data in string format
Multiple bug fixes in governance-validators.cpp
Fixed bug in CheckURL
Fixed stream state check
Increase strictness of payment address validation for compatibility with sentinel
Improved error reporting
Implemented "check" rpc command to validate proposals
Fixes to RPC check command
Fix error message
Unit test and data files for proposal validator
Added test cases
Removed debugging code
* Fix name validation
* Changes to address code review comments
* HD wallet
Minimal set of changes (no refactoring) backported from Bitcoin upstream to make HD wallets work in Dash 0.12.1.x+
* minimal bip44 (hardcoded account and change)
* minimal bip39
Additional cmd-line options for new wallet:
-mnemonic
-mnemonicpassphrase
* Do not recreate HD wallet on encryption
Adjusted keypool.py test
* Do not store any private keys for hd wallet besides the master one
Derive all keys on the fly.
Original idea/implementation - btc PR9298, backported and improved
* actually use bip39
* pbkdf2 test
* backport wallet-hd.py test
* Allow specifying hd seed, add dumphdseed rpc, fix bugs
- -hdseed cmd-line param to specify HD seed on wallet creation
- dumphdseed rpc to dump HD seed
- allow seed of any size
- fix dumpwallet rpc bug (wasn't decrypting HD seed)
- print HD seed and extended public masterkey on dumpwallet
* top up keypool on HD wallet encryption
* split HD chain: external/internal
* add missing cs_wallet lock in init.cpp
* fix `const char *` issues (use strings)
* default mnemonic passphrase is an empty string in all cases
* store mnemonic/mnemonicpassphrase
replace dumphdseed with dumphdinfo
* Add fCrypted flag to CHDChain
* prepare internal structures for multiple HD accounts
(plus some code cleanup)
* use secure allocator for storing sensitive HD data
* use secure strings for mnemonic(passphrase)
* small fix in GenerateNewHDChain
* use 24 words for mnemonic by default
* make sure mnemonic passphrase provided by user does not exceed 256 symbols
* more usage of secure allocators and memory_cleanse
* code cleanup
* rename: CSecureVector -> SecureVector
* add missing include
* fix warning in rpcdump.cpp
* refactor mnemonic_check (also fix a bug)
* move bip39 functions to CMnemonic
* Few fixes for CMnemonic:
- use `SecureVector` for data, bits, seed
- `Check` should return bool
* init vectors with desired size where possible
* dont waste keys from keypool on failure in CreateDenominated
* bug fix - log actual number of total outputs, comment error
* log number of total outputs as separate value
* add lock so no one can spend outputs used for denominations
* clear trafficgraph on clear button click
* set default sample height
set default sample height so after clearing traffic graph have some
scale
* reduce available traffic graph ranges, add optimized graph data storage
reduce available traffic graph ranges to 10
(5m,10m,15m,30m,1h,2h,3h,6h,12h,24h),
store graph data so range change is possible,
data storage contains only necessary data to create graphs for all
supported ranges
eg. for 10m range storage only half of 10m samples - the second half is
calculated from 5m range samples,
encapsulate all traffic graph related data into one class
* code formatting corrections
The rpcserver.h header file is included twice as a result of
changes merged from Bitcoin 2 years ago
(commit 64eebc3316).
Include this file just once.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
Change the few occurrences of the deprecated `auto_ptr` to c++11 `unique_ptr`.
Silences the deprecation warnings.
Also add a missing `std::` for consistency.
* build: Enable C++11 build, require C++11 compiler
Implements #6211.
* depends: use c++11
* build: update ax_cxx_compile_stdcxx to serial 4
* build: force a c++ standard to be specified
Newer compilers may switch to newer standards by default. For example, gcc6
uses std=gnu++14 by default.
* c++11: fix libbdb build against libc++ in c++11 mode
atomic_init clashes with
* c++11: CAccountingEntry must be defined before use in a list
c++11ism. This fixes builds against libc++.
* PS should limit entry size, not mixing amount
* There should be no fee in mixing tx
* make sure pwalletMain is not null in PrepareDenominate
* no need for "double" in GetAverageAnonymizedRounds, "float" should be enough
* add strErrorRet
All names containing bitcoinconsensus remaned to contain dashconsensus.
This is needed to avoid conflicts with real bitcoinconsensus library
shipped with Bitcoin Core.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
noexcept is default for destructors as of c++11. By throwing in reverselock's
destructor if it's lock has been tampered with, the likely result is
std::terminate being called. Indeed that happened before this change.
Once reverselock has taken another lock (its ctor didn't throw), it makes no
sense to try to grab or lock the parent lock. That is be broken/undefined
behavior depending on the parent lock's implementation, but it shouldn't cause
the reverselock to fail to re-lock when destroyed.
To avoid those problems, simply swap the parent lock's contents with a dummy
for the duration of the lock. That will ensure that any undefined behavior is
caught at the call-site rather than the reverse lock's destruction.
Barring a failed mutex unlock which would be indicative of a larger problem,
the destructor should now never throw.
* Implement BIP 9 GBT changes
- BIP9DeploymentInfo struct for static deployment info
- VersionBitsDeploymentInfo: Avoid C++11ism by commenting parameter names
- getblocktemplate: Make sure to set deployments in the version if it is LOCKED_IN
- In this commit, all rules are considered required for clients to support
* qa/rpc-tests: bip9-softforks: Add tests for getblocktemplate versionbits updates
* getblocktemplate: Explicitly handle the distinction between GBT-affecting softforks vs not
* getblocktemplate: Use version/force mutation to support pre-BIP9 clients
* Don't use floating point
Github-Pull: #8317
Rebased-From: 477777f2503e3a56a267556f0fc5091042d93340
* Send tip change notification from invalidateblock
This change is needed to prevent sync_blocks timeouts in the mempool_reorg
test after the sync_blocks update in the upcoming commit
"[qa] Change sync_blocks to pick smarter maxheight".
This change was initially suggested by Suhas Daftuar <sdaftuar@chaincode.com>
in https://github.com/bitcoin/bitcoin/pull/8680#r78209060
Github-Pull: #9196
Rebased-From: 67c6326abd1788e6f411feb4f44b69774e76aae2
* torcontrol: Explicitly request RSA1024 private key
When generating a new service key, explicitly request a RSA1024 one.
The bitcoin P2P protocol has no support for the longer hidden service names
that will come with ed25519 keys, until it does, we depend on the old
hidden service type so make this explicit.
See #9214.
Github-Pull: #9234
Rebased-From: 7d3b627395582ae7c9d54ebdbc68096d7042162b
* Bugfix: FRT: don't terminate when keypool is empty
Github-Pull: #9295
Rebased-From: c24a4f5981d47d55aa9e4eb40294832a4d38fb80
* add fundrawtransaction test on a locked wallet with empty keypool
Github-Pull: #9295
Rebased-From: 1a6eacbf3b7e3d5941fec1154079bbc4678ce861
* Disable salvagewallet in GUI
salvagewallet is known to cause problems and
it's way to powerful to let it be accessible in GUI
https://github.com/bitcoin/bitcoin/issues/7463
I have few reports from different users as well,
would be a disaster for them, glad we have autobackup...
* typo
* Overhaul of coin selection for mixing
DoAutomaticDenominating logic should be:
- check pre-conditions,
- check denominations and collaterals,
- try using existing queue,
- try creating new queue.
Currently coins are selected too early and conditions are not quite right.
This is partially due to the fact that we no longer merge old inputs
and thus we are no longer able to calculate thresholds correctly using
SelectCoinsDark. To do this in a proper way we should use balances i.e.
GetAnonymizableBalance etc. Another issue is that we should take fee into
account when we calculate such balancies and when we select coins we should
ask for a correct denom, not just the smallest one as a minimum value.
And finally there are two bugs.
SelectCoinsGrouppedByAddresses: shouldn't push items smaller than
the smallest denom into resulting vector.
SelectCoinsDark: should allow small inputs in where "small" is defined
by nValueMin, not by some arbitrary amount.
* apply fee assumption for non-denoms only
* fix
* remove const
If daemon crashes, it can't save latest block sometimes, so querying daemon
for presumably best/last hash would result in a list of all txes recognized by
this wallet as its own since genesis block which could be confusing,
to say at least. Same applies for typos etc. This should fix it.
Not sure why but such weird behaviour was the case since listsinceblock rpc was
initially introduced in Bitcoin 0.5 (Oct 5, 2011)
3a6e468d9a
* Implement RequestOrphanObjects
* Ensure governance objects are only requested from peers once per call
* Add gobject log messages
* Implemented CleanOrphanObjects
* Move governance maintenance functions from NewBlock to a time-based function
* Remove unused delcaration for mapAskedForGovernanceObject
* Only accept wd's that are more recent or have a higher hash than the current best
* Fix whitespace typo
* Relay current watchdog when lower priority ones are received
* Fix nHashWatchdogCurrent reset conditions
* expire previous current wd when a new one is found in UpdateCurrentWatchdog
* fail to process votes for expired or deleted object
* Add "enough data" stop conditions for gov sync
* fix:
- make sure condition is checked only once per tick
- let condition be fully used on resync (reset nTimeNoObjectsLeft)
* fix verification network behaviour:
- use up to 10 connections only
- save state (do not ask same nodes after restart)
- initiate on time based intervals (every 5 minutes), based not on new blocks (should keep connections alive longer)
* revert mWeAskedForVerification serialization
* send verify requests using MAX_POSE_CONNECTIONS as a step
* fix watchdogs:
- do not accept if CreationTime is out of bounds (using CreationTime, not local time now)
- do not sync expired
- fix disk serialization
* drop watchdogs early, avoid adding//removing
* clean mapWatchdogObjects when object is deleted via votes
* Few networking fixes:
- skip "masternode"/inbound connections for sync related processes
- do not sync gov data to other nodes until fully synced ourselves
- do not accept incoming connections until fully synced
* inbound connections could be harmful only if our node is a masternode
* same for CGovernanceManager::Sync
* Update for OpenSSL 1.1 API.
* Update qt/paymentrequestplus.cpp for OpenSSL 1.1 API.
* Fix missing # in if for qt/paymentrequestplus.cpp fix for OpenSSL 1.1 API change.
* Fix indentation in src/qt/paymentrequestplus.cpp.
* Fix crash on initial mixing step:
- skip nodes marked to be disconnected
- add/release ref to make sure pnode is not deleted in the middle of the process
* - fix copy/paste mistake (nTries)
- let ConnectNode manage ref for non-mn pnodeFound
* Add last ping time to masternode_info_t
* Use thread safe functions to access mnodeman in masternodelist.cpp
* Fix masternodelist widget locking
* Protect access to widget data from StartAlias button
- vote should be removed when corresponding orphan vote expires
- fix CInstantSend::SyncTransaction: mapTxLockVotes is indexed by vote hash, not by tx hash (use votes from candidates and from orhpan vote map to avoid looping through the whole vote map)
* Adjust gov sync:
- simulate mainnet gov obj sync conditions on testnet
- add redundancy: ask up to 3 peers for the same obj
* stop loop if max number of peers per obj was asked
* protect mapRejectedBlocks by cs_main
* few block reprocessing fixes:
- DisconnectBlock should fail on DisconnectTip failure
- ResolveConflicts should fail on DisconnectBlock failure
- ReprocessBlocks cleanup
* don't ban on IsBlockValueValid/IsBlockPayeeValid failure
* Multi-quorum InstantSend, complete refactoring
+ cleanup for IS and partial protobump
* more changes:
- allow InstantSend tx to have 10 inputs max
- store many unique tx hashes in mapVotedOutpoints
- more checks in AcceptToMemoryPoolWorker (moved from ProcessMessage + CTxLockRequest(tx).IsValid() )
* More changes:
- let multiple lock candidates compete for votes
- fail to vote on the same outpoint twice early
* More changes:
- notify CInstantSend on UpdatedBlockTip -> remove cs_main from CheckAndRemove()
- notify CInstantSend on SyncTransaction -> count expiration block starting from the block corresponding tx was confirmed instead of the block lock candidate/vote was created
- fixed few locks
* add comments about nConfirmedHeight
* Fix "Block vs Lock" edge case
* Fix "Block vs Lock" edge case, p2
* Fix issues:
- fix logic for locking inputs and notifying - see UpdateLockedTransaction, TryToFinalizeLockCandidate
- add missing hash inserting in ProcessTxLockVote
- add nMaxBlocks param to ResolveConflicts to limit max depth allowed to disconnect blocks recursively
- fix false positive mempool conflict
- add missing mutex locks
- fix fRequireUnspent logic in CTxLockRequest::IsValid
* Flag governance items when MN's are removed
* Remove old broken update mechanism
* Do not flag MN state changes which are irrelevant to validity
* Call AddGovernanceVote
* Remove vote count check from IsValidLocally
* Do not check voted validity flag when syncing
* Do not send objects marked for deletion during syncing
* Remove node penalty for unrequested objects.
We should remove hash from setAskFor when the message corresponding to previous inv arrives, otherwise it's stays there forever and setAskFor overflows (i.e. AskFor returns immediately without processing).
* On gov sync first sync objs, then ask for votes on per-obj basis from different peers.
This should help to sync obj list initially and split the load among many peers. Also adds ability to catch up votes later after the sync.
* ask for all objects, do this in cycles
* Fix Sync() code, better readability
* ask multiple nodes at once when possible, perf boost for large numper of objs
* Addressed comments: pass reference, more peer version check
Verification creates new conections, which we also use to sync but then we disconnect on ProcessMasternodeConnections every minute which at least could lead to excessive node load (for our peers). But could also interfere with sync process itself and we'd better keep them separate.
* Fix for incorrect locking in GetPubKey() (keystore.cpp)
* Fix Cmd-Q / Menu Quit shutdown on OSX
* Addition of ImmatureCreditCached to MarkDirty()
To protect against possible invalidation and to bring conformity to the code.
Fixing this https://bitslog.wordpress.com/2017/01/08/a-bitcoin-transaction-that-takes-5-hours-to-verify/
* Unit test for CScript::FindAndDelete
* Replace memcmp with std::equal in CScript::FindAndDelete
Function is stl; std::equal just makes more sense.
* Replace c-style cast with c++ style static_cast.
* Improve worst-case behavior of CScript::FindAndDelete
Thanks to Sergio Lerner for identifying this issue and suggesting this kind of solution.
* Store time we saw mnb last time, bump sync timeout
if we received seen mnb but we are too close to MASTERNODE_NEW_START_REQUIRED_SECONDS
* Reset blockchain sync status if new blocks were accepted during sync
* Add some debug log output
* wait for at least one new block to be accepted
* bump CGovernanceManager-Version
* Few mn list sync changes:
- add more mn states
- only remove spent
- send mn ping in addition to mn announce on sync
- manage mn announces more carefully
- expire mns created from broadcasts with invalid ping
- old fWaitForPing logic for old nodes, should be helpful during migration period
This also adjusts active mn auto-start logic accordingly.
Should also store/check node we asked for mn list entry, not outpoint only. This should help to get mn list in sync when some nodes refuse to answer thus blocking such requests for the same outpoint for the next 3h and increasing mn list inconsistency.
- some were not used, some were included twice, some were in the wrong place, some were missing (but it compiled because some were in the wrong place)
- organized a bit better, grouped dash specific includes in original bitcoin files, should save some time solving conflicts when/if merging patches later
* Revert behaviour introduced in 5e1a6afe7f, make nLastDsq local variable instead of being network-wide one. Should fix mixing for new clients and for those who was offline for too long.
* fix docs
* Make local address discovery more robust in CActiveMasternode
* parameter interaction: -masternode=1 -> setting -listen=1
* slightly postpone first run to give net thread a chance to connect to some peers
* make sure local address detected in CActiveMasternode::ManageStateInitial is valid
* Simplified address detection logic
- added description for 'deserialize'
- added 'type' filter to 'list'
- added 'count' command (changed CGovernanceManager::ToString to output a bit more detailed info)
* Change rate check logic to avoid DoS attacks
* Convert rate check to use object timestamp instead of arrival time
* Update cached variables before checking for superblocks
* Ensure that last times are monotonically non-decreasing
* Bump governance manager serialization format
* Improved rate check error reporting
- make script verification a part of IsInstantSendTxValid()
- relax nLockTime for IS txes since we don't have compatibility with 12.0 IS txes anyway now (fee is lower in 12.1)
* Vote relaying changes
- Remove vote relaying from ProcessVote
- Remove vote relaying from orphan vote processing
- Relay vote in ProcessMessages (only)
* Do not relay governance objects during orphan processing
* Restore relaying of local votes
* Changed overloaded function name: ProcessVote->ProcessVoteAndRelay
* Added logging to PushInventory
* Fix LogPrint format
* Log errors found during governance syncing
* Turn off rate checks during syncing
* Turn off rate check during maintenance
- avoid processing same vote multiple times
- do not relay votes until synced
- do not ban for wrong signature of old votes
- do not check masternode ranks for old votes on regular (non-MN) nodes
* refactor IsBlockValueValid to return actual error string, use it in error message for bad-cb-amount
* make error messages in IsBlockValueValid even more verbose
* Since we send all mnb's now regardless of mn state, ping check for sigTime being too old is obsolete (and wrong).
Also removing fRequireEnabled, this logic is deprecated too it seems.
* remove (pre-)enabled check in CMasternodeMan::Add
* locks in PS
* lock in governance
* locks in IS
* lock in ProcessGetData
* locks in CMasternodeSync
* centralize mnodeman.Check call
* locks order in mnpayments
* use current block chainTip when possible (less locks)
* add missing lock in CountInputsWithAmount
* fix deadlock RequestLowDataPaymentBlocks/IsTransactionValid
* LOCK2 in CheckMnbAndUpdateMasternodeList, CheckAndUpdate, SendVerifyRequest
* LOCK(cs) is not needed here
* Decouple governance init actions from serialization
Should fix this:
```
Assertion failed: lock governance.cs not held in governance-classes.cpp:117; locks held:
cs_Shutdown init.cpp:200 (TRY)
cs ./governance.h:195
cs governance.cpp:835
Abort trap: 6
```
* Increase quorum for object deletion to 2/3 of MN network
* Implement expiration of watchdog objects
* Remove objects from the watchdog map itself
* Message fix for invalid objects
- TXLOCKREQUEST should be processed as normal tx plus some custom logic, should not "fake" inventory
- should not create "fake" local lock, should instead keep track of orphan votes and reprocess them when corresponding TXLOCKREQUEST arrives
- orphan vote time map should be indexed by full outpoint, not by txid of mn collateral
bump MIN_INSTANTSEND_PROTO_VERSION
* slightly refactor IS:
- the only place where logic is changed: `ProcessTxLockVote()` - it should first try to find mn and fail if none was found and only then try to call `GetMasternodeRank()` (which is heavy)
- fixed few `cs_main`
- slightly optimized number of `tx.GetHash()` calls
- lots of `const` (fixed few related functions in main.cpp)
- few smaller fixes: iterators, log output, comments, etc
- use thread safe methods of mnodeman
- safety check in GetAverageUnknownVoteTime
* Fix CGovernanceManager initialization problem
* Added logging messages for cases where CGovernanceManager receives a message while not synced
* Prevent potential NULL pointer dereference
* Fix exit codes:
- `--help`, `--version` etc should exit with `0` i.e. no error ("not enough args" case should still trigger an error)
- error reading config file should exit with error
- slightly refactor AppInitRPC/AppInitRawTx to return standard exit codes (EXIT_FAILURE/EXIT_SUCCESS) or CONTINUE_EXECUTION (-1)
- every main()/exit() should return/use one of EXIT_ codes instead of magic numbers
Refactoring:
- IsDenomCompatibleWithSession, split in 3 - CreateNewSession, AddUserToExistingSession and IsAcceptableDenomAndCollateral
- CheckTimeout:
- should not rely on CDarkSendEntry nTimeAdded to clear entries, instead should rely on time of the last successful step i.e. nLastTimeChanged
- nLastTimeChanged should only be set when mixing moved forward in some way
State related:
- local pool should be in POOL_STATE_IDLE initially
- local pool should switch to POOL_STATE_QUEUE when connected to mn
- local pool should set session id only when in POOL_STATE_QUEUE
- SetState should set state local only, no relaying
- mixing wallets should rely on local logic and expected set of state switches rather then updates from masternodes
- deprecate STATUS_SET_STATE, POOL_STATE_UNKNOWN, POOL_STATE_TRANSMISSION, POOL_STATE_FINALIZE_TRANSACTION
Session related:
- deprecate fSessionFoundMasternode, use nSessionID instead
- deprecate nSessionUsers, use vecSessionCollaterals.size() instead
Other:
- deprecate IsNull()
- move few things to private
- remove deprecated
- bump min ps peer proto
- fail to process dsa when session is already ready
- fail to process dsvin if session is not ready yet
- fail to process any message on the wrong side (mn/client)
- fail in PrepareDenominate if pool already has entries
- fail if can't sign anything in final tx, also reset local pool in such case
- fix "number of entries" pushed on DSSTATUSUPDATE
* Added net logging messages in main.cpp
* Added logging for trigger removal
* Improved log message for CGovernanceManager::UpdatedBlockTip
* Improved log messages in CGovernanceManager::UpdateCachesAndClean
* Added more logging to CGovernanceTriggerManager
* Check vote validity before pushing inventory during sync
* Add triggers to map after loading governance.dat file
* PoSe changes:
- use helpers to alter nPoSeBanScore within predefined range only
- use nPoSeBanHeight instead of timeout of inactivity to ban masternodes till some block in the future (currently should block for the whole payment cycle)
- add log output on pose score increase in CheckSameAddr
* [UI] Fix for empty Masternode list when mncache.dat exists [review changes]
* [UI] Fix for empty Masternode list when mncache.dat exists [review changes]
* add GetStateString and static CMasternode::StateToString helpers
* Fix CActiveMasternode:
- should run `ManageStateLocal` only when `eType == MASTERNODE_LOCAL`
- should set `nState = ACTIVE_MASTERNODE_NOT_CAPABLE` in `ManageStateInitial` to let `GetStatus` return proper message
- more/better log output
* Allow MN broadcasts to update MN information regardless of state
* Add masternode public keys to log output for debugging
* Moved log message from start-alias to CMasternodeBroadcast::Create
* Fixed log message
* fix dstx acceptance
* two more fixes:
- do not re-verify dstx once accepted
- fix dstx prioritization
* return early for dstx conditions, more log verbosity
* Fix deadlocks by reducing scope of cs_main locks in rpcgovernance.cpp
* Remove unnecessary mutex lock in GetMasternodeVinAndKeys which can cause a deadlock
* Zmq sequence (#1)
* Fixes ZMQ startup with bad arguments.
pr 7621
* [ZMQ] append a message sequence number to every ZMQ notification
- pr 7762
- contrib/zmq/zmq_sub.py to python 3 compatible
* typo in MSG_RAWTXLOCK
MMSG_RAWTXLOCK to MSG_RAWTXLOCK
* s/Bitcoind/dashd/
Squashed:
* Replaced unsafe mnodeman.Find function with Get in governance-vote.cpp
* Reject unparsable governance objects
* Implemented sentinel watchdog objects (separated out from locking changes)
* Added WATCHDOG support to rpcgovernance.cpp
* Implemented WATCHDOG_EXPIRED state for masternodes
* Added serialization of watchdog timestamps
* Masternode fixes
- Added version check to CMasternodeMan deserialization
- Added several missing locking calls in CMasternodeMan
* Fixed missing member initialization in CMasternode constructor and added more logging
* Added MASTERNODE_WATCHDOG_MAX_SECONDS to governanceinfo
* Added masternodewatchdogmaxseconds info to getgovernanceinfo help
* Make masternodes remain in WATCHDOG_EXPIRED state unless removed or collateral expires
* Allow watchdog object creation by WATCHDOG_EXPIRED MN
* Fixed MN validation logic for governance object creation
* Count total masternodes instead of enabled masternodes in masternode-sync
* Transition out of WATCHDOG_EXPIRED state if the watchdog is inactive
* Fixed IsWatchdogExpired bug
* Fixed rate check for watchdog objects and no longer check MN state when validating governance objects
* Applied PR #1061 patch
* Ported locking changes from other branch
* Require only 1 block between new watchdog objects
* Accept pings for WATCHDOG_EXPIRED masternodes
* Lock CmasternodeMan::cs in CmasternodeMan::ProcessMessage
* Several governance changes
- Fixed uninitialized value in CGovernancePayment class
- Return an error on submission if any superblock payment cannot be parsed
- Added logging more statements
* Explicitly initialize all governance object members
* Fix deadlock
* Fixed non-threadsafe access to masternode in activemasternode.cpp
* Revert added wallet lock
* Changed CActiveMasternode so that watchdog expired nodes can still send pings
* Modified CActiveMasternode to run pinger regardless of state when MN is in list
* Added voter and time information to getvotes command
* Improved CActiveMasternode state management
* Implemented GetInfo functions for more efficient thread-safe access to masternode information
* Added CActiveMasternode debug logging messages
* Fixed initial type setting and error message for incorrect protocol version
* Changes based on code review comments
* Set active state for local mode
There is a bug AddOrUpdateVote function in CGovernanceManager. If a new vote has been arrived it is checked if a corresponding parent object are present in the mapObjects. If it is not we need to sync the parent object and return false. But the syncing is never performed because the corresponding code is placed after return statement. So we need to sync and then return.
* rpcgovernance improvements
- Modified govject get to return full object data along with vote counts
- Cleaned up vote count reporting code
* Added cached flags to gobject get output
* GetMinCollateralFee should not validate object type, it should be IsValidLocally's job
* Explicitly set 0 fee for known free objects, set fee to MAX_MONEY for unknown one
Followup for the recent winner_block PR (#1028) and name confusion discovered during code review.
"Mostly" because also:
- CMasternodeBlockPayees::GetPayee -> CMasternodeBlockPayees::GetBestPayee which describes what this function is actually doing a bit better imo;
- fixing constructor CMasternodePaymentVote empty constructor
* store vote hashes in CMasternodePayee and use them in CMasternodePayments::Sync
* Request low data payment blocks in batches directly from some node instead of/after preliminary Sync.
* remove nVotes
* Fixes to rpcgovernance.cpp
- Replaced use of non-unique public key with vin in vote-conf, vote-alias and vote-many
- Replaced use of non-threadsafe CmasternodeMan::Find function with Get
- Added LOCK(cs_main) to getgovernanceinfo
* Fixed rpcgovernance.cpp voting error messages
* Implemented several governance changes
- Limit strData size to avoid propagation of very large messages
- Remove unused CGovernanceObject::SetData method
- Remove CGovernanceObject::strName field to avoid data redundancy
* Fixed parameter count bug in gobject prepare
* deprecate start-many
* remove outdated "enforce" rpc and enforceMasternodePaymentsTime
* "count" should lock cs_main and call GetNextMasternodeInQueueForPayment only when needed
* "masternodelist" fixes:
- rename "pubkey" -> payee", fix description
- fix "filter" description
- change "full" format: add lastpaidblock, move IP to the end of string to make it more table-ish
- fix "status" description
- fix "addr" filter, wasn't working
- trivial refactoring
* fix "start-alias" and "create-alias" error message - should be a bit more descriptive now
* rpcmasternode trivial cleanup
- add "spork" debug category
- move "seen" and "unknown" to new "spork" debug category to reduce log spam
- new/updated/seen messages should not overlap
* refactor CMasternodePaymentWinner::CheckSignature
* refactor CMasternodePaymentWinner::Sign - can only be signed by active masternode
* hold cs_mapMasternodeBlocks till the end of CMasternodePayments::AddWinningMasternode
* refactor CMasternodePaymentWinner::ToString
* use GetStorageLimit() in CMasternodePayments::CheckAndRemove
* refactor CMasternodePaymentWinner
* refactor CMasternodePayments::ProcessBlock
* trivial cleanup, adjusted few log messages
* fix error message returned by CMasternodePaymentWinner::IsValid to include actual bounds that were violated
* Remove unnecessary call to IsCollateralValid and hence allow superblocks
to propagate
* Added CMasternodeMan::Get overload for masternode vin
* Use vin as masternode identifier instead of public key
* Fixed missing member in copy constructor, improved logging
* Added logging for MasternodeRateCheck failures
* Removed pubkeyMasternode field from CGovernanceObject
* Impose MN trigger creation rate limit only when MN info is synced
* Improve rpcgovernance error handling
- Prevent attempts to prepare trigger objects (and waste the collateral)
- Improve clarity of gobject submit error messages
* trivial governance cleanup:
- spaces
- names
- no "using namespace std;"
- few log and rpc messages adjusted
- remove unused
- use defined types
- move few members to private
* fixing after code review
* consistent JSON return value for failed vote
* make JSON output for voting results consistent
* result should be either 'success' or 'failed'
* error message belongs in 'errorMessage' field
* Wallet passphrase lock fixes:
- wallet should not allow cli commands to bypass lock validation
- wallet should lock again in mixing mode if it was unlocked for mixing and next unlock (e.g. for sending funds) happened
- removed AnonymizeOnlyUnlocked status, it's never going to be reached anymore
- "For anonymization only" checkbox:
- should be available only when user click "Start Mixing"
- should be set on by default when available
- adjusted title
- adjust error messages in walletpassphrase for unlocked wallets
* Add comment about IsLocked() usage
* Final safety check for locked wallet in WalletModel::prepareTransaction
* Added more specific error message about attempts to submit superblocks by
non-masternodes
* Fixed governance object validation bug
* Fixed logic bug in governance object submission
* Decouple min mnw versions from version.h, drop MIN_MNW_PEER_PROTO_VERSION in fav of GetMinMasternodePaymentsProto()
* Split min protocol validation for new and old winners in IsValid
* Improved exception handling
- Removed attempts to catch exceptions in intermediate helper function calls
- Made helper functions for JSON parsing private
* Governance voting fixes
- Converted voting defines to enums for better type safety
- Enabled gobject voteraw rpc command
- Removed unused parameter from gobject getvotes rpc command
* Fixed help message for gobject get
* Improved encapsulation of CGovernanceVote objects
- CGovernanceVote data members are now private
- Necessary to ensure that enum values are used for signals and outcomes since data members remain int's for compatibility with serialiation code
* Removed unused cs_budget mutex (has been replaced with governance.cs)
* Fix code review issues
- Restored early return in ConvertVoteSignal
- Removed special case for "none" string to make clear that NONE is
for invalid strings
- Removed commented defines (informational comments preserved)
* Fixed code review issues
- Fixed error messages for vote-conf, vote-alias and voteraw
- Removed voteraw from gobject command list and help messages because
it is actually a top-level command
- Fixed parameter indices for voteraw
* Bug fixes for the governance rpc interface
- Allow use of the gobject getvotes command
- Fix order of arguments to CGovernanceVote constructor
* Added getvotes to gobject help message and fixed parameter name in the
error/usage message.
* Implemented different fees for different types of governance objects
* Added fee amounts to object returned by getgovernanceinfo
* Implement new requireents for Superblock creation
- Superblocks creation requires a valid masternode signature
- Superblock creation no longer requires a collateral fee
- Superblock creation rate is limited to roughly 1 per masternode per cycle
* Fixed getgovernanceinfo help message
* Removed old governance fee constant
* Fixed bug in IsSignatureValid and added debugging code
* Fixed parent hash variable index and added debugging code
* Modified GetBudgetSystemCollateralTX to take fee amount parameter
* Changes due to code review comments
- Naming changes
- Removed confusing comment
As a client, submit part of a future mixing transaction to a Masternode to start the process (SubmitDenominate):
step 1: prepare denominated inputs and outputs (PrepareDenominate, code moved from wallet.cpp, slightly refactored)
step 2: send denominated inputs and outputs (SendDenominate, slightly refactored)
- rename all 3 instantsend sporks
- remove SPORK_7_MASTERNODE_SCANNING (not used anymore)
- change `_DEFAULT` for spork 2 and 3, adjust comments for for them
- fix GetSporkNameByID() (should not return smth_DEFAULT)
6debbe6 Refactor CDarkSendEntry
- make it serializable, use constructor, pass objects of CDarkSendEntry type to functions (instead of separate variables
da406e3 Masternode sync improvements
- add simple helpers for few more sync states (use them where appropriate instead of old code + rpc output)
- use new helpers to avoid meaningless message processing
- actually fail if sync shouldn't continue due to lack of info, make sure Reset is used to quit failed state
* Improve JSON error reporting in CGovernanceObject::LoadData
* Changed JSON parsing to match current version of sentinel which now sends
correct JSON integers instead of quoting them as strings
* Changes for getblocktemplate, CreateNewBlock, FillBlockPayee, CreateSuperblock:
- Add support for superblocks in getblocktemplate (+fix miner reward - it was missing)
- Refactor the way masternode payments are passed around, change getblocktemplate format for them too.
b6b6d6c Added nSuperblockStartBlock, adjusted testnet/regtest params
15a3c64 More for governance block checks, p1 (non-compilable):
- add GetPaymentsLimit() and GetPaymentsTotalAmount()
- IsValidBlockHeight() should check nSuperblockStartBlock
- CSuperblock::IsValid should check payment limit and miner payout
- no cs_main
- slightly refactored related things
e8f9e5d More for governance checks, p2 (compilable):
- IsBlockValueValid(), IsBlockPayeeValid() and FillBlockPayee() rewritten, no cs_main for them
- CreateNewBlock adjusted, need more work on CBlockTemplate (see TODO)
- moved (and simplified) IsBlockPayeeValid() call from CheckBlock() to ConnectBlock()
51434cf Add ability to calculate only superblock part of subsidy in GetBlockSubsidy()
aa74200 Fix GetPaymentsLimit()
f7b6234 braces and comment
ade8f64 more checks for IsValidBlockHeight()
13316a4 Return true from IsBlockValueValid when masternode data is not synced
- This restores behavior very close to that in 12.0
- Needed to prevent the forking problem currently being seen on
testnet between online and offline nodes
- This is expected to be a temporary fix while we develop a
long-term solution for this problem
427086e Restore miner payments for superblocks
794b90d Added IsSynced field to JSON output of mnsync status RPC command
- This is needed to allow fixing RPC tests so that they wait until
the nodes are fully synced before performing tests
a9ddf6f Wait for nodes to sync masternode data during p2p-fullblocktest
f0ed400 darkSendSigner.SignMessage() should not return error message
154f1b6 darkSendSigner.VerifyMessage() should return non-localized message, its callers should populate error to debug.log
b130c32 darkSendSigner.GetKeysFromSecret() should not return error message, its callers should handle it
068c178 Added DBG macro in util.h to facilitate debugging
- This macro allows debugging statements (typically printf's or cout's) to
be activated or deactivated with a single comment. Uncomment the line:
//#define ENABLE_DASH_DEBUG
in util.h to enable debugging statements.
- When commented any code wrapped with the DBG() macro will simply be removed
by the preprocessor. When not commented all such wrapped statements will
be present.
- For maximum effectiveness it is best that util.h be the first effective include
in all source files. It is also possible to enable the macro for a single file
by temporarily adding #define ENABLE_DASH_DEBUG to the top of the file.
- Code committed to non-development branches should always have the define
commented.
d125d9b V0.12.1.x -- merging trigger/generic object/superblock changes for testnet phase II
- This commit contains the core governance system changes for 0.12.1. Any unrelated
changes have either been removed or moved to separate commits.
120724c File mode fixes
- Changed mode 0755->0644 on several source files.
c7f9e11 Updated todo reminders
- Added reminder to revert temporary reduction of number of votes
required to trigger superblock to 1 for testing
92adc98 Made CSuperblockManager::IsValidSuperblockHeight an inline function
- This is for efficiency since this function is called often and is
only 1 line of code.
c050ed7 Added comment explaining rationale for no LOCK(cs) in CSuperblock::IsValid
dc933fe Removed unused CSuperblockManager::IsBlockValid function
decec88 Moved calls to SuperblockManager::IsValidSuperblockHeight into IsSuperblockTriggered.
- Since calls to the later function are always protected by the former there's
no reason to keep these separate and this simplifies the code in
masternode-payments.cpp.
8672885 Reestablished expected value check for non-superblocks in IsBlockValueValid
b01cbe0 Changes to IsBlockValueValid to fix rpc test failure
a937c76 Changed include order to allow per file activation of the DBG macro
d116aa5 Fixed IsValidSuperblockHeight logic
- Note this has an effect on testing because we can now only create
1 superblock per day. Devs may need to temporarily change testnet params
for easier testing.
2d0c2de Convert superblock payments to CAmount
- We assume that payment values in JSON are in units of DASH
for consistency with other RPC functions, such as
createrawtransaction.
376b833 Revert temporary testing value for nAbsVoteReq
- Also ensure that number of votes required is never smaller than 1
8c89f4b Cleaned up CSuperblock error handling
- Exceptions are now thrown consistently rather than using a mix of
exceptions and return code checking. Exceptions are now caught only
in AddNewTrigger when the CSuperblock constructor is called. Unnecessary object
status members have been removed.
d7c8a6b Removed utilstrencodings header
- This appears to help with travis tests, for unknown reasons.
c4dfc7a Fixed some minor code review issues
63c3580 Reverted locking change in miner.
- This should have been done in the original PR but was overlooked.
4ab72de Fixed variable name to match common practice and bracket formatting
886a678 Improvements to vote conversion code
- Replaced redundantly defined function with inclusion of governance-vote.h
- Replaced magic numbers with their corresponding constant symbols
0a37966 Reordered governance message handling
5bb8dca Fixed non-deterministic CSporkMessage hash function
CSporkMessage::GetHash() was including random data
in the hash due to 4 bytes of structure padding between the 32 bit
nSporkID and the following 64 bit nValue members.
This has been fixed by using CHashWriter which serializes the structure
data properly before hashing rather than relying on compiler defined behavior
such as structure alignment. The underlying hash function is CHash256 which is
bitcoin's double SHA-256 hash. HashX11 is not necessary here
because the hash is only used to identify distinct spork messages.
86d8505 Refactor CActiveMasternode
+ move strMasterNodeAddr to CActiveMasternode
a005c79 Refactor InstantSend
+ new lock cs_instantsend to protect maps on CleanTransactionLocksList()
+ new DEFAULT_INSTANTSEND_DEPTH constant
+ rename MIN_INSTANTX_PROTO_VERSION to MIN_INSTANTSEND_PROTO_VERSION and bump it
d24182c Refactor Privatesend
+ decouple from util.h and version.h
+ more functions for CDarksendBroadcastTx: constructors, signing, serialization
+ move from rand() to insecure_rand() in general but to GetRand() for session id
+ fix defaults
2b1c567 To prevent high cpu usage we should update list only once in MASTERNODELIST_UPDATE_SECONDS seconds or MASTERNODELIST_FILTER_COOLDOWN_SECONDS seconds after filter was last changed. Also changing date/time format - QDateTime ToString() is way to slow for a list of thousands items, using DateTimeStrFormat instead. UI should work much smoother on mainnet now.
- mn hash compatibility with 70103
- ignore some requests while syncing
- fix locking/initializing in sync
- do not ban for old mnw
- split budget/governance messages/invs
513506f Fixing AddRef() usage
Using AddRef() in ConnectNode() for existing connections doesn't feel right considering how refs are released in ThreadSocketHandler(). I guess this could be the reason that sometimes refs stay >0 no matter what and nodes stuck in vNodesDisconnected forever which means that node never get deleted and FinalizeNode signal is never fired which in its turn means that for example mapBlocksInFlight can't be cleaned properly and then blocks stuck.
This commit should solve the issue by:
- removing AddRef() for existing connections
- adding AddRef() in CNode's constructor using the same conditions as in ThreadSocketHandler()
- addding AddRef() in ConnectNode() and Release() in ThreadSocketHandler() for mixing nodes
- removing explicit calls to Release() (back to `pnode->fDisconnect = true` in `CMasternodeMan::ProcessMasternodeConnections`)
9da4a83 fix names/comments
42bdf42 Refactor/fix spork:
- move ProcessSpork, GetSporkValue, IsSporkActive, ExecuteSpork and mapSporksActive to CSporkManager
- move Sign, CheckSignature, Relay to CSporkMessage
- move ReprocessBlocks out of sporks to main.cpp / rename DisconnectBlocksAndReprocess to DisconnectBlocks
- rename SporkKey to SporkPubKey
- bugfix: only set strMasterPrivKey if spork signature produced by that key was verified successfully
- few log format changes, cleaned up includes
swap was using an incorrect condition to determine when to apply an optimization
(not swapping the full direct[] when swapping two indirect prevectors).
Rather than correct the optimization I'm removing it for simplicity. Removing
this optimization minutely improves performance in the typical (currently only)
usage of member swap(), which is swapping with a freshly value-initialized
object.