Commit Graph

906 Commits

Author SHA1 Message Date
Pieter Wuille
aeb9279228
Better fingerprinting protection for non-main-chain getdatas.
With headers-first we can compare against the best header timestamp, rather
than using checkpoints which require code updates to maintain.

Rebased-From: 85da07a5a0
Github-Pull: #5820
2015-02-26 17:14:14 +01:00
Gregory Maxwell
23126a0a09 Sanitize command strings before logging them.
Normally bitcoin core does not display any network originated strings without
 sanitizing or hex encoding.  This wasn't done for strcommand in many places.

This could be used to play havoc with a terminal displaying the logs,
 especially with printtoconsole in use.

Thanks to Evil-Knievel for reporting this issue.

Conflicts:
	src/main.cpp
2015-02-24 08:40:07 +01:00
Gregory Maxwell
1eb14af28f
Increase block download timeout base from 10 to 20 minutes.
This harmonizes the block fetch timeout with the existing ping timeout
 and eliminates a guaranteed eventual failure from congestion collapse
 for a network operating right at its limit.

It's unlikely that we wouldn't suffer other failures if we were really
 anywhere near the network's limit, and a complete avoidance of congestion
 collapse risk requires (I think) an exponential back-off. So this isn't
 a major concern, but I think it's also useful for reducing the complexity
 of understanding out timeouts.

Github-Pull: #5647
Rebased-From: 3ff735c99a
2015-02-03 10:37:30 +01:00
Wladimir J. van der Laan
336f9fbd30
Merge pull request #5714
3916a81 Increase coverage of DERSIG edge cases (Pieter Wuille)
6da2028 Add RPC test for DERSIG BIP switchover logic (Pieter Wuille)
773c30d BIP66 changeover logic (Pieter Wuille)
18695f0 Example unit tests from BIP66 (Pieter Wuille)
abfbeaf Change IsDERSignature to BIP66 implementation (Pieter Wuille)
2015-02-03 10:33:58 +01:00
Pieter Wuille
2448d34298
Avoid storing a reference passed to SignatureChecker constructors
Rebased-From: 9fddceda44
Github-Pull: #5719
2015-02-03 08:52:13 +01:00
Pieter Wuille
1bbad80bf4
Use separate SignatureChecker for CMutableTransaction
Conflicts:
	src/main.cpp
	src/script/bitcoinconsensus.cpp

Rebased-From: 858809a33e
Github-Pull: #5719
2015-02-03 08:48:04 +01:00
Pieter Wuille
773c30d756 BIP66 changeover logic 2015-02-01 17:57:38 -04:00
Pieter Wuille
a3a73170a9
Introduce 10 minute block download timeout
This will disconnect peers that do not transfer a block in 10 minutes, plus
5 minutes for every previously queued block with validated headers
(accomodating downstream bandwidth down to a few kilobytes per second - below
that the node would have trouble staying synchronized anyway).

Github-Pull: #5608
Rebased-From: 916130348c
2015-01-12 11:28:23 +01:00
Pieter Wuille
867c600c29
Catch LevelDB errors during flush
Rebased-From: e41345790f
Github-Pull: #5597
2015-01-07 13:11:58 +01:00
Pieter Wuille
3022e7df2a
Require sufficent priority for relay of free transactions
Rebased-From: 1c52aad540
Github-Pull: #5535
2015-01-07 13:11:49 +01:00
Thomas Zander
94b362dbd6
On close of splashscreen interrupt verifyDB
With the splashscreen being able to be closed it is possible to
shutdown during the lengthy verifyDB method. (Takes about a minute
on my machine). This change allows us to shutdown much sooner.

Github-Pull: #5557
Rebased-From: 70477a0bdf
2015-01-03 10:22:48 +01:00
Adam Weiss
d10a9015ad
DOS: Respect max per-peer blocks in flight limit
Don't allow immediate inv driven block downloads if
a peer already has MAX_BLOCKS_IN_TRANSIT_PER_PEER
active downloads.  Prevents bogus inv spam from
blowing up block transfer tracking data structures.

Rebased-From: c90770430d
Github-Pull: #5507
2014-12-23 12:36:26 +01:00
Pieter Wuille
8446262597
Reject headers that build on an invalid parent
Rebased-From: 3497022347
Github-Pull: #5459
2014-12-23 12:01:09 +01:00
Peter Todd
0cb8763cbb
Check against MANDATORY flags prior to accepting to mempool
Previously transactions were only tested again the
STANDARD_SCRIPT_VERIFY_FLAGS prior to mempool acceptance, so any bugs in
those flags that allowed actually-invalid transactions to pass would
result in allowing invalid transactions into the mempool. Fortunately
there is a second check in CreateNewBlock() that would prevent those
transactions from being mined, resulting in an invalid block, however
this could still be exploited as a DoS attack.

Rebased-From: 7c041b3b91
2014-12-22 12:42:58 +01:00
Philip Kaufmann
b03632a671
add missing CAutoFile::IsNull() check in main
Rebased-From: 84857e87e4
Github-Pull: #5437
2014-12-19 18:49:57 +01:00
Matt Corallo
723d12c098 Remove txn which are invalidated by coinbase maturity during reorg 2014-12-08 14:05:42 -08:00
Matt Corallo
868d041622 Remove coinbase-dependant transactions during reorg.
This still leaves transactions in mempool that are potentially
invalid if the maturity period has been reorged out of, but at
least they're not missing inputs entirely.
2014-12-08 14:05:42 -08:00
Wladimir J. van der Laan
b5fa132329
Merge pull request #5181
afd4b94 Move CMerkleBlock and CPartialMerkleTree to their own file (Matt Corallo)
2014-12-05 16:50:48 +01:00
Wladimir J. van der Laan
c78a18087f
Merge pull request #5308
60d1ecd change nSubsidy's type from int64_t to CAmount (HarryWu)
2014-12-05 11:11:24 +01:00
Matt Corallo
afd4b94b6d Move CMerkleBlock and CPartialMerkleTree to their own file 2014-12-05 01:57:40 -08:00
Wladimir J. van der Laan
9ddc8c63ab
Merge pull request #5394
307f7d4 Report script evaluation failures in log and reject messages (Pieter Wuille)
2014-12-04 16:43:35 +01:00
Pieter Wuille
307f7d48d4 Report script evaluation failures in log and reject messages 2014-12-02 22:05:03 +01:00
Michael Ford
c5b390b6b9 Make comments in main an init doxygen compatible
Fix typos where appropriate
Update license/copyright
2014-12-02 15:50:58 +08:00
Wladimir J. van der Laan
d7c8a830c4
Merge pull request #5316
f86a24b Move `setmocktime` to hidden category (Wladimir J. van der Laan)
bd9aebf Introduce a hidden category (Pieter Wuille)
0dd06b2 Delay writing block indexes in invalidate/reconsider (Pieter Wuille)
9b0a8d3 Add 'invalidateblock' and 'reconsiderblock' RPC commands. (Pieter Wuille)
2014-11-28 11:19:15 +01:00
Pieter Wuille
57be955ba0 Remove -printblock, -printblocktree, and -printblockindex 2014-11-27 09:50:20 +01:00
Pieter Wuille
0dd06b2515 Delay writing block indexes in invalidate/reconsider 2014-11-26 16:36:26 +01:00
Pieter Wuille
9b0a8d3152 Add 'invalidateblock' and 'reconsiderblock' RPC commands.
These can be used for testing reorganizations or for manual intervention in case of
chain forks.
2014-11-26 16:36:25 +01:00
Wladimir J. van der Laan
9ff0bc9beb
Merge pull request #5158
9ec75c5 Add a locking mechanism to IsInitialBlockDownload to ensure it never goes from false to true. (Ruben Dario Ponticelli)
a2d0fc6 Fix IsInitialBlockDownload which was broken by headers first. (Ruben Dario Ponticelli)
2014-11-26 15:09:03 +01:00
Wladimir J. van der Laan
53a87c0355
Merge pull request #5321
34559c7 Make PruneBlockIndexCandidates safer (Pieter Wuille)
cca48f6 Reset setBlockIndexCandidates once block index db loaded (21E14)
2014-11-26 13:31:03 +01:00
Wladimir J. van der Laan
397b9011c9
Merge pull request #5241
a206950 Introduce separate flushing modes (Pieter Wuille)
51ce901 Improve chainstate/blockindex disk writing policy (Pieter Wuille)
2014-11-25 12:18:00 +01:00
Wladimir J. van der Laan
1ee685f984
Merge pull request #5154
730b1ed Check pindexBestForkBase for null (21E14)
2014-11-24 15:29:52 +01:00
Pieter Wuille
a206950016 Introduce separate flushing modes 2014-11-24 15:15:41 +01:00
Pieter Wuille
51ce901aa3 Improve chainstate/blockindex disk writing policy
There are 3 pieces of data that are maintained on disk. The actual block
and undo data, the block index (which can refer to positions on disk),
and the chainstate (which refers to the best block hash).

Earlier, there was no guarantee that blocks were written to disk before
block index entries referring to them were written. This commit introduces
dirty flags for block index data, and delays writing entries until the actual
block data is flushed.

With this stricter ordering in writes, it is now safe to not always flush
after every block, so there is no need for the IsInitialBlockDownload()
check there - instead we just write whenever enough time has passed or
the cache size grows too large. Also updating the wallet's best known block
is delayed until this is done, otherwise the wallet may end up referring to an
unknown block.

In addition, only do a write inside the block processing loop if necessary
(because of cache size exceeded). Otherwise, move the writing to a point
after processing is done, after relaying.
2014-11-24 15:15:40 +01:00
Wladimir J. van der Laan
f24bcce2ac
Merge pull request #1816
b867e40 CreateNewBlock: Stick height in coinbase so we pass template sanity check (Luke Dashjr)
60755db submitblock: Check for duplicate submissions explicitly (Luke Dashjr)
bc6cb41 QA RPC tests: Add tests block block proposals (Luke Dashjr)
9765a50 Implement BIP 23 Block Proposal (Luke Dashjr)
3dcbb9b Abstract DecodeHexBlk and BIP22ValidationResult functions out of submitblock (Luke Dashjr)
132ea9b miner_tests: Disable checkpoints so they don't fail the subsidy-change test (Luke Dashjr)
df08a62 TestBlockValidity function for CBlock proposals (used by CreateNewBlock) (Luke Dashjr)
4ea1be7 CreateNewBlock and miner_tests: Also check generated template is valid by CheckBlockHeader, ContextualCheckBlockHeader, CheckBlock, and ContextualCheckBlock (Luke Dashjr)
a48f2d6 Abstract context-dependent block checking from acceptance (Luke Dashjr)
2014-11-24 14:43:10 +01:00
dexX7
7357893396
Prioritize and display -testsafemode status in UI
Like in a real world situation, a safe mode test should also be visible in the
UI. A test of safe mode is furthermore mostly relevant for developers, so it
should not be overwritten by a warning about a pre-release test build.
2014-11-23 13:10:31 +01:00
21E14
730b1ed1a0 Check pindexBestForkBase for null 2014-11-22 00:12:41 -05:00
Wladimir J. van der Laan
f2ada138c2
Merge pull request #5170
092b58d CBlockIndex::GetBlockWork() + GetProofIncrement(nBits) -> GetBlockProof(CBlockIndex) (jtimon)
22c4272 MOVEONLY: Move void UpdateTime() from pow.o to miner.o (plus fix include main.h -> chain.h) (jtimon)
2014-11-21 14:33:22 +01:00
Pieter Wuille
34559c7c73 Make PruneBlockIndexCandidates safer 2014-11-20 12:43:50 +01:00
Daniel Kraft
57425a2425 Check block header before accepting it.
Previously, AcceptBlockHeader did not check the header (in particular
PoW).  This made the client accept invalid-PoW-headers from peers in
headers-first sync.
2014-11-20 08:28:19 +01:00
HarryWu
60d1ecd378 change nSubsidy's type from int64_t to CAmount 2014-11-19 14:01:18 +08:00
Luke Dashjr
df08a626e0 TestBlockValidity function for CBlock proposals (used by CreateNewBlock) 2014-11-18 19:20:10 +00:00
Luke Dashjr
a48f2d6ddd Abstract context-dependent block checking from acceptance 2014-11-18 19:20:10 +00:00
Wladimir J. van der Laan
0c7862e968
Merge pull request #5161
845c86d Do not use third party services for IP detection. (Gregory Maxwell)
2014-11-12 18:35:45 +01:00
21E14
cca48f69b0 Reset setBlockIndexCandidates once block index db loaded 2014-11-12 00:35:24 -05:00
Gregory Maxwell
845c86d128 Do not use third party services for IP detection.
This is a simplified re-do of closed pull #3088.

This patch eliminates the privacy and reliability problematic use
of centralized web services for discovering the node's addresses
for advertisement.

The Bitcoin protocol already allows your peers to tell you what
IP they think you have, but this data isn't trustworthy since
they could lie. So the challenge is using it without creating a
DOS vector.

To accomplish this we adopt an approach similar to the one used
by P2Pool: If we're announcing and don't have a better address
discovered (e.g. via UPNP) or configured we just announce to
each peer the address that peer told us. Since peers could
already replace, forge, or drop our address messages this cannot
create a new vulnerability... but if even one of our peers is
giving us a good address we'll eventually make a useful
advertisement.

We also may randomly use the peer-provided address for the
daily rebroadcast even if we otherwise have a seemingly routable
address, just in case we've been misconfigured (e.g. by UPNP).

To avoid privacy problems, we only do these things if discovery
is enabled.
2014-11-07 12:13:46 -08:00
Ruben Dario Ponticelli
9ec75c5ef4
Add a locking mechanism to IsInitialBlockDownload to ensure it never goes from false to true. 2014-11-07 08:09:31 -03:00
Wladimir J. van der Laan
0778333b8c
Merge pull request #5173
50b43fd Be a bit more verbose during -loadblock if we already have blocks (Matt Corallo)
8375e22 Fix -loadblock after shutdown during IBD (Matt Corallo)
4ead850 Fix for crash during block download (Matt Corallo)
2014-11-05 09:40:25 +01:00
Wladimir J. van der Laan
7f7fede0eb
Merge pull request #5157
b4ee0bd Introduce preferred download peers (Pieter Wuille)
2014-11-03 16:40:36 +01:00
Wladimir J. van der Laan
84d26d3a36
Merge pull request #5106
1bea2bb Rename ProcessBlock to ProcessNewBlock to indicate change of behaviour, and document it (Luke Dashjr)
d29a291 Rename RPC_TRANSACTION_* errors to RPC_VERIFY_* and use RPC_VERIFY_ERROR for submitblock (Luke Dashjr)
f877aaa Bugfix: submitblock: Use a temporary CValidationState to determine accurately the outcome of ProcessBlock, now that it no longer does the full block validity check (Luke Dashjr)
24e8896 Add CValidationInterface::BlockChecked notification (Luke Dashjr)
2014-11-03 12:22:45 +01:00
Matt Corallo
50b43fda08 Be a bit more verbose during -loadblock if we already have blocks 2014-10-29 17:02:48 -07:00