b9c67258ba
* Dont deserialize nVersion into CNode, should fix #9212 * net: deserialize the entire version message locally This avoids having some vars set if the version negotiation fails. Also copy it all into CNode at the same site. nVersion and fSuccessfullyConnected are set last, as they are the gates for the other vars. Make them atomic for that reason. * net: don't run callbacks on nodes that haven't completed the version handshake Since ForEach* are can be used to send messages to all nodes, the caller may end up sending a message before the version handshake is complete. To limit this, filter out these nodes. While we're at it, may as well filter out disconnected nodes as well. Delete unused methods rather than updating them. * net: Disallow sending messages until the version handshake is complete This is a change in behavior, though it's much more sane now than before. * net: log an error rather than asserting if send version is misused Also cleaned up the comments and moved from the header to the .cpp so that logging headers aren't needed from net.h * Implement conditions for ForEachNode() and ForNode() methods of CConnman. A change making ForEachNode() and ForNode() methods ignore nodes that have not completed initial handshake have been backported from Bitcoin. Unfortunately, some Dash-specific code needs to iterate over all nodes. This change introduces additional condition argument to these methods. This argument is a functional object that should return true for nodes that should be taken into account, not ignored. Two functional objects are provided in CConnman namespace: * FullyConnectedOnly returns true for nodes that have handshake completed, * AllNodes returns true for all nodes. Overloads for ForEachNode() and ForNode() methods without condition argument are left for compatibility with non-Dash-specific code. They use FullyConnectedOnly functional object for condition. Signed-off-by: Oleg Girko <ol@infoserver.lv> * Iterate over all nodes in Dash-specific code using AllNodes condition. Use AllNodes functional object as newly introduced condition argument for ForEachNode() and ForNode() methods of CConnman to iterate over all nodes where needed in Dash-specific code. Signed-off-by: Oleg Girko <ol@infoserver.lv>
219 lines
7.0 KiB
C++
219 lines
7.0 KiB
C++
// Copyright (c) 2011-2015 The Bitcoin Core developers
|
|
// Distributed under the MIT software license, see the accompanying
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
// Unit tests for denial-of-service detection/prevention code
|
|
|
|
#include "chainparams.h"
|
|
#include "keystore.h"
|
|
#include "net.h"
|
|
#include "net_processing.h"
|
|
#include "pow.h"
|
|
#include "script/sign.h"
|
|
#include "serialize.h"
|
|
#include "util.h"
|
|
|
|
#include "test/test_dash.h"
|
|
|
|
#include <stdint.h>
|
|
|
|
#include <boost/assign/list_of.hpp> // for 'map_list_of()'
|
|
#include <boost/date_time/posix_time/posix_time_types.hpp>
|
|
#include <boost/foreach.hpp>
|
|
#include <boost/test/unit_test.hpp>
|
|
|
|
// Tests this internal-to-main.cpp method:
|
|
extern bool AddOrphanTx(const CTransaction& tx, NodeId peer);
|
|
extern void EraseOrphansFor(NodeId peer);
|
|
extern unsigned int LimitOrphanTxSize(unsigned int nMaxOrphans);
|
|
struct COrphanTx {
|
|
CTransaction tx;
|
|
NodeId fromPeer;
|
|
};
|
|
extern std::map<uint256, COrphanTx> mapOrphanTransactions;
|
|
extern std::map<uint256, std::set<uint256> > mapOrphanTransactionsByPrev;
|
|
|
|
CService ip(uint32_t i)
|
|
{
|
|
struct in_addr s;
|
|
s.s_addr = i;
|
|
return CService(CNetAddr(s), Params().GetDefaultPort());
|
|
}
|
|
|
|
static NodeId id = 0;
|
|
|
|
BOOST_FIXTURE_TEST_SUITE(DoS_tests, TestingSetup)
|
|
|
|
BOOST_AUTO_TEST_CASE(DoS_banning)
|
|
{
|
|
std::atomic<bool> interruptDummy(false);
|
|
|
|
connman->ClearBanned();
|
|
CAddress addr1(ip(0xa0b0c001), NODE_NONE);
|
|
CNode dummyNode1(id++, NODE_NETWORK, 0, INVALID_SOCKET, addr1, "", true);
|
|
dummyNode1.SetSendVersion(PROTOCOL_VERSION);
|
|
GetNodeSignals().InitializeNode(&dummyNode1, *connman);
|
|
dummyNode1.nVersion = 1;
|
|
dummyNode1.fSuccessfullyConnected = true;
|
|
Misbehaving(dummyNode1.GetId(), 100); // Should get banned
|
|
SendMessages(&dummyNode1, *connman, interruptDummy);
|
|
BOOST_CHECK(connman->IsBanned(addr1));
|
|
BOOST_CHECK(!connman->IsBanned(ip(0xa0b0c001|0x0000ff00))); // Different IP, not banned
|
|
|
|
CAddress addr2(ip(0xa0b0c002), NODE_NONE);
|
|
CNode dummyNode2(id++, NODE_NETWORK, 0, INVALID_SOCKET, addr2, "", true);
|
|
dummyNode2.SetSendVersion(PROTOCOL_VERSION);
|
|
GetNodeSignals().InitializeNode(&dummyNode2, *connman);
|
|
dummyNode2.nVersion = 1;
|
|
dummyNode2.fSuccessfullyConnected = true;
|
|
Misbehaving(dummyNode2.GetId(), 50);
|
|
SendMessages(&dummyNode2, *connman, interruptDummy);
|
|
BOOST_CHECK(!connman->IsBanned(addr2)); // 2 not banned yet...
|
|
BOOST_CHECK(connman->IsBanned(addr1)); // ... but 1 still should be
|
|
Misbehaving(dummyNode2.GetId(), 50);
|
|
SendMessages(&dummyNode2, *connman, interruptDummy);
|
|
BOOST_CHECK(connman->IsBanned(addr2));
|
|
}
|
|
|
|
BOOST_AUTO_TEST_CASE(DoS_banscore)
|
|
{
|
|
std::atomic<bool> interruptDummy(false);
|
|
|
|
connman->ClearBanned();
|
|
mapArgs["-banscore"] = "111"; // because 11 is my favorite number
|
|
CAddress addr1(ip(0xa0b0c001), NODE_NONE);
|
|
CNode dummyNode1(id++, NODE_NETWORK, 0, INVALID_SOCKET, addr1, "", true);
|
|
dummyNode1.SetSendVersion(PROTOCOL_VERSION);
|
|
GetNodeSignals().InitializeNode(&dummyNode1, *connman);
|
|
dummyNode1.nVersion = 1;
|
|
dummyNode1.fSuccessfullyConnected = true;
|
|
Misbehaving(dummyNode1.GetId(), 100);
|
|
SendMessages(&dummyNode1, *connman, interruptDummy);
|
|
BOOST_CHECK(!connman->IsBanned(addr1));
|
|
Misbehaving(dummyNode1.GetId(), 10);
|
|
SendMessages(&dummyNode1, *connman, interruptDummy);
|
|
BOOST_CHECK(!connman->IsBanned(addr1));
|
|
Misbehaving(dummyNode1.GetId(), 1);
|
|
SendMessages(&dummyNode1, *connman, interruptDummy);
|
|
BOOST_CHECK(connman->IsBanned(addr1));
|
|
mapArgs.erase("-banscore");
|
|
}
|
|
|
|
BOOST_AUTO_TEST_CASE(DoS_bantime)
|
|
{
|
|
std::atomic<bool> interruptDummy(false);
|
|
|
|
connman->ClearBanned();
|
|
int64_t nStartTime = GetTime();
|
|
SetMockTime(nStartTime); // Overrides future calls to GetTime()
|
|
|
|
CAddress addr(ip(0xa0b0c001), NODE_NONE);
|
|
CNode dummyNode(id++, NODE_NETWORK, 0, INVALID_SOCKET, addr, "", true);
|
|
dummyNode.SetSendVersion(PROTOCOL_VERSION);
|
|
GetNodeSignals().InitializeNode(&dummyNode, *connman);
|
|
dummyNode.nVersion = 1;
|
|
dummyNode.fSuccessfullyConnected = true;
|
|
|
|
Misbehaving(dummyNode.GetId(), 100);
|
|
SendMessages(&dummyNode, *connman, interruptDummy);
|
|
BOOST_CHECK(connman->IsBanned(addr));
|
|
|
|
SetMockTime(nStartTime+60*60);
|
|
BOOST_CHECK(connman->IsBanned(addr));
|
|
|
|
SetMockTime(nStartTime+60*60*24+1);
|
|
BOOST_CHECK(!connman->IsBanned(addr));
|
|
}
|
|
|
|
CTransaction RandomOrphan()
|
|
{
|
|
std::map<uint256, COrphanTx>::iterator it;
|
|
it = mapOrphanTransactions.lower_bound(GetRandHash());
|
|
if (it == mapOrphanTransactions.end())
|
|
it = mapOrphanTransactions.begin();
|
|
return it->second.tx;
|
|
}
|
|
|
|
BOOST_AUTO_TEST_CASE(DoS_mapOrphans)
|
|
{
|
|
CKey key;
|
|
key.MakeNewKey(true);
|
|
CBasicKeyStore keystore;
|
|
keystore.AddKey(key);
|
|
|
|
// 50 orphan transactions:
|
|
for (int i = 0; i < 50; i++)
|
|
{
|
|
CMutableTransaction tx;
|
|
tx.vin.resize(1);
|
|
tx.vin[0].prevout.n = 0;
|
|
tx.vin[0].prevout.hash = GetRandHash();
|
|
tx.vin[0].scriptSig << OP_1;
|
|
tx.vout.resize(1);
|
|
tx.vout[0].nValue = 1*CENT;
|
|
tx.vout[0].scriptPubKey = GetScriptForDestination(key.GetPubKey().GetID());
|
|
|
|
AddOrphanTx(tx, i);
|
|
}
|
|
|
|
// ... and 50 that depend on other orphans:
|
|
for (int i = 0; i < 50; i++)
|
|
{
|
|
CTransaction txPrev = RandomOrphan();
|
|
|
|
CMutableTransaction tx;
|
|
tx.vin.resize(1);
|
|
tx.vin[0].prevout.n = 0;
|
|
tx.vin[0].prevout.hash = txPrev.GetHash();
|
|
tx.vout.resize(1);
|
|
tx.vout[0].nValue = 1*CENT;
|
|
tx.vout[0].scriptPubKey = GetScriptForDestination(key.GetPubKey().GetID());
|
|
SignSignature(keystore, txPrev, tx, 0);
|
|
|
|
AddOrphanTx(tx, i);
|
|
}
|
|
|
|
// This really-big orphan should be ignored:
|
|
for (int i = 0; i < 10; i++)
|
|
{
|
|
CTransaction txPrev = RandomOrphan();
|
|
|
|
CMutableTransaction tx;
|
|
tx.vout.resize(1);
|
|
tx.vout[0].nValue = 1*CENT;
|
|
tx.vout[0].scriptPubKey = GetScriptForDestination(key.GetPubKey().GetID());
|
|
tx.vin.resize(500);
|
|
for (unsigned int j = 0; j < tx.vin.size(); j++)
|
|
{
|
|
tx.vin[j].prevout.n = j;
|
|
tx.vin[j].prevout.hash = txPrev.GetHash();
|
|
}
|
|
SignSignature(keystore, txPrev, tx, 0);
|
|
// Re-use same signature for other inputs
|
|
// (they don't have to be valid for this test)
|
|
for (unsigned int j = 1; j < tx.vin.size(); j++)
|
|
tx.vin[j].scriptSig = tx.vin[0].scriptSig;
|
|
|
|
BOOST_CHECK(!AddOrphanTx(tx, i));
|
|
}
|
|
|
|
// Test EraseOrphansFor:
|
|
for (NodeId i = 0; i < 3; i++)
|
|
{
|
|
size_t sizeBefore = mapOrphanTransactions.size();
|
|
EraseOrphansFor(i);
|
|
BOOST_CHECK(mapOrphanTransactions.size() < sizeBefore);
|
|
}
|
|
|
|
// Test LimitOrphanTxSize() function:
|
|
LimitOrphanTxSize(40);
|
|
BOOST_CHECK(mapOrphanTransactions.size() <= 40);
|
|
LimitOrphanTxSize(10);
|
|
BOOST_CHECK(mapOrphanTransactions.size() <= 10);
|
|
LimitOrphanTxSize(0);
|
|
BOOST_CHECK(mapOrphanTransactions.empty());
|
|
BOOST_CHECK(mapOrphanTransactionsByPrev.empty());
|
|
}
|
|
|
|
BOOST_AUTO_TEST_SUITE_END()
|