sikkienl/dash
1
0
Fork 0
mirror of https://github.com/dashpay/dash.git synced 2024-12-29 05:49:11 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
6a25151bbd
dash/src/addrman.cpp

647 lines
20 KiB
C++
Raw Normal View History

CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// Copyright (c) 2012 Pieter Wuille
Merge #7300: [trivial] Add missing copyright headers fabcee1 Remove copyright header from autogenerated chainparamsseeds.h (MarcoFalke) fa60d05 Add missing copyright headers (MarcoFalke) fa7e4c0 Bump copyright headers to 2014 (MarcoFalke)
2016-01-27 12:05:25 +01:00
// Copyright (c) 2012-2015 The Bitcoin Core developers
Update comments in addrman to be doxygen compatible Also correct the file license
2014-10-24 06:04:27 +02:00
// Distributed under the MIT software license, see the accompanying
Update License in File Headers I originally created a pull to replace the "COPYING" in crypter.cpp and crypter.h, but it turned out that COPYING was actually the correct file.
2012-05-18 16:02:28 +02:00
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
Backport 11651 (#3358) * scripted-diff: Replace #include "" with #include <> (ryanofsky) -BEGIN VERIFY SCRIPT- for f in \ src/*.cpp \ src/*.h \ src/bench/*.cpp \ src/bench/*.h \ src/compat/*.cpp \ src/compat/*.h \ src/consensus/*.cpp \ src/consensus/*.h \ src/crypto/*.cpp \ src/crypto/*.h \ src/crypto/ctaes/*.h \ src/policy/*.cpp \ src/policy/*.h \ src/primitives/*.cpp \ src/primitives/*.h \ src/qt/*.cpp \ src/qt/*.h \ src/qt/test/*.cpp \ src/qt/test/*.h \ src/rpc/*.cpp \ src/rpc/*.h \ src/script/*.cpp \ src/script/*.h \ src/support/*.cpp \ src/support/*.h \ src/support/allocators/*.h \ src/test/*.cpp \ src/test/*.h \ src/wallet/*.cpp \ src/wallet/*.h \ src/wallet/test/*.cpp \ src/wallet/test/*.h \ src/zmq/*.cpp \ src/zmq/*.h do base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f done -END VERIFY SCRIPT- Signed-off-by: Pasta <pasta@dashboost.org> * scripted-diff: Replace #include "" with #include <> (Dash Specific) -BEGIN VERIFY SCRIPT- for f in \ src/bls/*.cpp \ src/bls/*.h \ src/evo/*.cpp \ src/evo/*.h \ src/governance/*.cpp \ src/governance/*.h \ src/llmq/*.cpp \ src/llmq/*.h \ src/masternode/*.cpp \ src/masternode/*.h \ src/privatesend/*.cpp \ src/privatesend/*.h do base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f done -END VERIFY SCRIPT- Signed-off-by: Pasta <pasta@dashboost.org> * build: Remove -I for everything but project root Remove -I from build system for everything but the project root, and built-in dependencies. Signed-off-by: Pasta <pasta@dashboost.org> # Conflicts: # src/Makefile.test.include * qt: refactor: Use absolute include paths in .ui files * qt: refactor: Changes to make include paths absolute This makes all include paths in the GUI absolute. Many changes are involved as every single source file in src/qt/ assumes to be able to use relative includes. Signed-off-by: Pasta <pasta@dashboost.org> # Conflicts: # src/qt/dash.cpp # src/qt/optionsmodel.cpp # src/qt/test/rpcnestedtests.cpp * test: refactor: Use absolute include paths for test data files * Recommend #include<> syntax in developer notes * refactor: Include obj/build.h instead of build.h * END BACKPORT #11651 Remove trailing whitespace causing travis failure * fix backport 11651 Signed-off-by: Pasta <pasta@dashboost.org> * More of 11651 * fix blockchain.cpp Signed-off-by: pasta <pasta@dashboost.org> * Add missing "qt/" in includes * Add missing "test/" in includes * Fix trailing whitespaces Co-authored-by: Wladimir J. van der Laan <laanwj@gmail.com> Co-authored-by: Russell Yanofsky <russ@yanofsky.org> Co-authored-by: MeshCollider <dobsonsa68@gmail.com> Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2020-03-19 23:46:56 +01:00
#include <addrman.h>
Cleanup code using forward declarations. Use misc methods of avoiding unnecesary header includes. Replace int typedefs with int##_t from stdint.h. Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h. Normalize QT_VERSION ifs where possible. Resolve some indirect dependencies as direct ones. Remove extern declarations from .cpp files.
2013-04-13 07:13:08 +02:00
Backport 11651 (#3358) * scripted-diff: Replace #include "" with #include <> (ryanofsky) -BEGIN VERIFY SCRIPT- for f in \ src/*.cpp \ src/*.h \ src/bench/*.cpp \ src/bench/*.h \ src/compat/*.cpp \ src/compat/*.h \ src/consensus/*.cpp \ src/consensus/*.h \ src/crypto/*.cpp \ src/crypto/*.h \ src/crypto/ctaes/*.h \ src/policy/*.cpp \ src/policy/*.h \ src/primitives/*.cpp \ src/primitives/*.h \ src/qt/*.cpp \ src/qt/*.h \ src/qt/test/*.cpp \ src/qt/test/*.h \ src/rpc/*.cpp \ src/rpc/*.h \ src/script/*.cpp \ src/script/*.h \ src/support/*.cpp \ src/support/*.h \ src/support/allocators/*.h \ src/test/*.cpp \ src/test/*.h \ src/wallet/*.cpp \ src/wallet/*.h \ src/wallet/test/*.cpp \ src/wallet/test/*.h \ src/zmq/*.cpp \ src/zmq/*.h do base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f done -END VERIFY SCRIPT- Signed-off-by: Pasta <pasta@dashboost.org> * scripted-diff: Replace #include "" with #include <> (Dash Specific) -BEGIN VERIFY SCRIPT- for f in \ src/bls/*.cpp \ src/bls/*.h \ src/evo/*.cpp \ src/evo/*.h \ src/governance/*.cpp \ src/governance/*.h \ src/llmq/*.cpp \ src/llmq/*.h \ src/masternode/*.cpp \ src/masternode/*.h \ src/privatesend/*.cpp \ src/privatesend/*.h do base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f done -END VERIFY SCRIPT- Signed-off-by: Pasta <pasta@dashboost.org> * build: Remove -I for everything but project root Remove -I from build system for everything but the project root, and built-in dependencies. Signed-off-by: Pasta <pasta@dashboost.org> # Conflicts: # src/Makefile.test.include * qt: refactor: Use absolute include paths in .ui files * qt: refactor: Changes to make include paths absolute This makes all include paths in the GUI absolute. Many changes are involved as every single source file in src/qt/ assumes to be able to use relative includes. Signed-off-by: Pasta <pasta@dashboost.org> # Conflicts: # src/qt/dash.cpp # src/qt/optionsmodel.cpp # src/qt/test/rpcnestedtests.cpp * test: refactor: Use absolute include paths for test data files * Recommend #include<> syntax in developer notes * refactor: Include obj/build.h instead of build.h * END BACKPORT #11651 Remove trailing whitespace causing travis failure * fix backport 11651 Signed-off-by: Pasta <pasta@dashboost.org> * More of 11651 * fix blockchain.cpp Signed-off-by: pasta <pasta@dashboost.org> * Add missing "qt/" in includes * Add missing "test/" in includes * Fix trailing whitespaces Co-authored-by: Wladimir J. van der Laan <laanwj@gmail.com> Co-authored-by: Russell Yanofsky <russ@yanofsky.org> Co-authored-by: MeshCollider <dobsonsa68@gmail.com> Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2020-03-19 23:46:56 +01:00
#include <hash.h>
#include <serialize.h>
#include <streams.h>
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
Switch addrman key from vector to uint256
2015-03-08 14:30:05 +01:00
int CAddrInfo::GetTriedBucket(const uint256& nKey) const
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
Simplify hashing code
2015-03-19 16:50:04 +01:00
uint64_t hash1 = (CHashWriter(SER_GETHASH, 0) << nKey << GetKey()).GetHash().GetCheapHash();
uint64_t hash2 = (CHashWriter(SER_GETHASH, 0) << nKey << GetGroup() << (hash1 % ADDRMAN_TRIED_BUCKETS_PER_GROUP)).GetHash().GetCheapHash();
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return hash2 % ADDRMAN_TRIED_BUCKET_COUNT;
}
Switch addrman key from vector to uint256
2015-03-08 14:30:05 +01:00
int CAddrInfo::GetNewBucket(const uint256& nKey, const CNetAddr& src) const
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
std::vector<unsigned char> vchSourceGroupKey = src.GetGroup();
Simplify hashing code
2015-03-19 16:50:04 +01:00
uint64_t hash1 = (CHashWriter(SER_GETHASH, 0) << nKey << GetGroup() << vchSourceGroupKey).GetHash().GetCheapHash();
uint64_t hash2 = (CHashWriter(SER_GETHASH, 0) << nKey << vchSourceGroupKey << (hash1 % ADDRMAN_NEW_BUCKETS_PER_SOURCE_GROUP)).GetHash().GetCheapHash();
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return hash2 % ADDRMAN_NEW_BUCKET_COUNT;
}
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
int CAddrInfo::GetBucketPosition(const uint256 &nKey, bool fNew, int nBucket) const
{
Simplify hashing code
2015-03-19 16:50:04 +01:00
uint64_t hash1 = (CHashWriter(SER_GETHASH, 0) << nKey << (fNew ? 'N' : 'K') << nBucket << GetKey()).GetHash().GetCheapHash();
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
return hash1 % ADDRMAN_BUCKET_SIZE;
}
Cleanup code using forward declarations. Use misc methods of avoiding unnecesary header includes. Replace int typedefs with int##_t from stdint.h. Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h. Normalize QT_VERSION ifs where possible. Resolve some indirect dependencies as direct ones. Remove extern declarations from .cpp files.
2013-04-13 07:13:08 +02:00
bool CAddrInfo::IsTerrible(int64_t nNow) const
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
Update comments in addrman to be doxygen compatible Also correct the file license
2014-10-24 06:04:27 +02:00
if (nLastTry && nLastTry >= nNow - 60) // never remove things tried in the last minute
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return false;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
if (nTime > nNow + 10 * 60) // came in a flying DeLorean
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return true;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
if (nTime == 0 || nNow - nTime > ADDRMAN_HORIZON_DAYS * 24 * 60 * 60) // not seen in recent history
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return true;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
if (nLastSuccess == 0 && nAttempts >= ADDRMAN_RETRIES) // tried N times and never a success
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return true;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
if (nNow - nLastSuccess > ADDRMAN_MIN_FAIL_DAYS * 24 * 60 * 60 && nAttempts >= ADDRMAN_MAX_FAILURES) // N successive failures in the last week
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return true;
return false;
}
Cleanup code using forward declarations. Use misc methods of avoiding unnecesary header includes. Replace int typedefs with int##_t from stdint.h. Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h. Normalize QT_VERSION ifs where possible. Resolve some indirect dependencies as direct ones. Remove extern declarations from .cpp files.
2013-04-13 07:13:08 +02:00
double CAddrInfo::GetChance(int64_t nNow) const
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
double fChance = 1.0;
Merge #9553: Use z = std::max(x - y, 0) instead of z = x - y; if (z < 0) z = 0; a47da4b Use z = std::max(x - y, 0); instead of z = x - y; if (z < 0) z = 0; (practicalswift)
2017-02-15 09:26:12 +01:00
int64_t nSinceLastTry = std::max<int64_t>(nNow - nLastTry, 0);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// deprioritize very recent attempts away
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
if (nSinceLastTry < 60 * 10)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
fChance *= 0.01;
Cap nAttempts penalty at 8 and switch to pow instead of a division loop. On hosts that had spent some time with a failed internet connection their nAttempts penalty was going through the roof (e.g. thousands for all peers) and as a result the connect search was pegging the CPU and failing to get more than a 4 connections after days of running (because it was taking so long per try).
2015-04-19 20:47:56 +02:00
// deprioritize 66% after each failed attempt, but at most 1/28th to avoid the search taking forever or overly penalizing outages.
remove using namespace std from addrman.cpp
2015-06-15 14:45:19 +02:00
fChance *= pow(0.66, std::min(nAttempts, 8));
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return fChance;
}
A few devnet related fixes (#2168) * Remove testnet seeds from devnet * Lift multiple ports restriction on devnet when considering new nodes Allow to connect to multiple nodes behind the same IP * Don't skip addresses with non-default port if it matches -port If the user specified -port, he very likely intends to connect to nodes with the same port. * Don't pass false to CAddrMan constructor as it is already the default * Make if statements easier to read
2018-07-07 23:19:33 +02:00
CAddrInfo* CAddrMan::Find(const CService& addr, int* pnId)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
A few devnet related fixes (#2168) * Remove testnet seeds from devnet * Lift multiple ports restriction on devnet when considering new nodes Allow to connect to multiple nodes behind the same IP * Don't skip addresses with non-default port if it matches -port If the user specified -port, he very likely intends to connect to nodes with the same port. * Don't pass false to CAddrMan constructor as it is already the default * Make if statements easier to read
2018-07-07 23:19:33 +02:00
CService addr2 = addr;
if (!discriminatePorts) {
addr2.SetPort(0);
}
std::map<CService, int>::iterator it = mapAddr.find(addr2);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
if (it == mapAddr.end())
#10483 scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL -BEGIN VERIFY SCRIPT- sed -i 's/\<NULL\>/nullptr/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h src/qt/*/*.cpp src/qt/*/*.h src/wallet/*/*.cpp src/wallet/*/*.h src/support/allocators/*.h sed -i 's/Prefer nullptr, otherwise SAFECOOKIE./Prefer NULL, otherwise SAFECOOKIE./g' src/torcontrol.cpp sed -i 's/tor: Using nullptr authentication/tor: Using NULL authentication/g' src/torcontrol.cpp sed -i 's/METHODS=nullptr/METHODS=NULL/g' src/test/torcontrol_tests.cpp src/torcontrol.cpp sed -i 's/nullptr certificates/NULL certificates/g' src/qt/paymentserver.cpp sed -i 's/"nullptr"/"NULL"/g' src/torcontrol.cpp src/test/torcontrol_tests.cpp -END VERIFY SCRIPT- Signed-off-by: Pasta <pasta@dashboost.org>
2019-08-06 05:08:33 +02:00
return nullptr;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
if (pnId)
*pnId = (*it).second;
std::map<int, CAddrInfo>::iterator it2 = mapInfo.find((*it).second);
if (it2 != mapInfo.end())
return &(*it2).second;
#10483 scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL -BEGIN VERIFY SCRIPT- sed -i 's/\<NULL\>/nullptr/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h src/qt/*/*.cpp src/qt/*/*.h src/wallet/*/*.cpp src/wallet/*/*.h src/support/allocators/*.h sed -i 's/Prefer nullptr, otherwise SAFECOOKIE./Prefer NULL, otherwise SAFECOOKIE./g' src/torcontrol.cpp sed -i 's/tor: Using nullptr authentication/tor: Using NULL authentication/g' src/torcontrol.cpp sed -i 's/METHODS=nullptr/METHODS=NULL/g' src/test/torcontrol_tests.cpp src/torcontrol.cpp sed -i 's/nullptr certificates/NULL certificates/g' src/qt/paymentserver.cpp sed -i 's/"nullptr"/"NULL"/g' src/torcontrol.cpp src/test/torcontrol_tests.cpp -END VERIFY SCRIPT- Signed-off-by: Pasta <pasta@dashboost.org>
2019-08-06 05:08:33 +02:00
return nullptr;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
CAddrInfo* CAddrMan::Create(const CAddress& addr, const CNetAddr& addrSource, int* pnId)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
A few devnet related fixes (#2168) * Remove testnet seeds from devnet * Lift multiple ports restriction on devnet when considering new nodes Allow to connect to multiple nodes behind the same IP * Don't skip addresses with non-default port if it matches -port If the user specified -port, he very likely intends to connect to nodes with the same port. * Don't pass false to CAddrMan constructor as it is already the default * Make if statements easier to read
2018-07-07 23:19:33 +02:00
CService addr2 = addr;
if (!discriminatePorts) {
addr2.SetPort(0);
}
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
int nId = nIdCount++;
mapInfo[nId] = CAddrInfo(addr, addrSource);
A few devnet related fixes (#2168) * Remove testnet seeds from devnet * Lift multiple ports restriction on devnet when considering new nodes Allow to connect to multiple nodes behind the same IP * Don't skip addresses with non-default port if it matches -port If the user specified -port, he very likely intends to connect to nodes with the same port. * Don't pass false to CAddrMan constructor as it is already the default * Make if statements easier to read
2018-07-07 23:19:33 +02:00
mapAddr[addr2] = nId;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
mapInfo[nId].nRandomPos = vRandom.size();
vRandom.push_back(nId);
if (pnId)
*pnId = nId;
return &mapInfo[nId];
}
Clean up warnings * Use -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameters * Remove xCXXFLAGS usage in makefile.unix * Fix several recent and older sign-compare warnings
2012-05-09 03:48:14 +02:00
void CAddrMan::SwapRandom(unsigned int nRndPos1, unsigned int nRndPos2)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
if (nRndPos1 == nRndPos2)
return;
Add extra asserts to addrman
2012-05-05 21:30:38 +02:00
assert(nRndPos1 < vRandom.size() && nRndPos2 < vRandom.size());
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
int nId1 = vRandom[nRndPos1];
int nId2 = vRandom[nRndPos2];
Add extra asserts to addrman
2012-05-05 21:30:38 +02:00
assert(mapInfo.count(nId1) == 1);
assert(mapInfo.count(nId2) == 1);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
mapInfo[nId1].nRandomPos = nRndPos2;
mapInfo[nId2].nRandomPos = nRndPos1;
vRandom[nRndPos1] = nId2;
vRandom[nRndPos2] = nId1;
}
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
void CAddrMan::Delete(int nId)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
assert(mapInfo.count(nId) != 0);
CAddrInfo& info = mapInfo[nId];
assert(!info.fInTried);
assert(info.nRefCount == 0);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
A few devnet related fixes (#2168) * Remove testnet seeds from devnet * Lift multiple ports restriction on devnet when considering new nodes Allow to connect to multiple nodes behind the same IP * Don't skip addresses with non-default port if it matches -port If the user specified -port, he very likely intends to connect to nodes with the same port. * Don't pass false to CAddrMan constructor as it is already the default * Make if statements easier to read
2018-07-07 23:19:33 +02:00
CService addr = info;
if (!discriminatePorts) {
addr.SetPort(0);
}
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
SwapRandom(info.nRandomPos, vRandom.size() - 1);
vRandom.pop_back();
A few devnet related fixes (#2168) * Remove testnet seeds from devnet * Lift multiple ports restriction on devnet when considering new nodes Allow to connect to multiple nodes behind the same IP * Don't skip addresses with non-default port if it matches -port If the user specified -port, he very likely intends to connect to nodes with the same port. * Don't pass false to CAddrMan constructor as it is already the default * Make if statements easier to read
2018-07-07 23:19:33 +02:00
mapAddr.erase(addr);
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
mapInfo.erase(nId);
nNew--;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
void CAddrMan::ClearNew(int nUBucket, int nUBucketPos)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
// if there is an entry in the specified bucket, delete it.
if (vvNew[nUBucket][nUBucketPos] != -1) {
int nIdDelete = vvNew[nUBucket][nUBucketPos];
CAddrInfo& infoDelete = mapInfo[nIdDelete];
assert(infoDelete.nRefCount > 0);
infoDelete.nRefCount--;
vvNew[nUBucket][nUBucketPos] = -1;
if (infoDelete.nRefCount == 0) {
Delete(nIdDelete);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
}
}
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
void CAddrMan::MakeTried(CAddrInfo& info, int nId)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
// remove the entry from all new buckets
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
for (int bucket = 0; bucket < ADDRMAN_NEW_BUCKET_COUNT; bucket++) {
int pos = info.GetBucketPosition(nKey, true, bucket);
if (vvNew[bucket][pos] == nId) {
vvNew[bucket][pos] = -1;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
info.nRefCount--;
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
}
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
nNew--;
Add extra asserts to addrman
2012-05-05 21:30:38 +02:00
assert(info.nRefCount == 0);
Update comments in addrman to be doxygen compatible Also correct the file license
2014-10-24 06:04:27 +02:00
// which tried bucket to move the entry to
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
int nKBucket = info.GetTriedBucket(nKey);
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
int nKBucketPos = info.GetBucketPosition(nKey, false, nKBucket);
// first make space to add it (the existing tried entry there is moved to new, deleting whatever is there).
if (vvTried[nKBucket][nKBucketPos] != -1) {
// find an item to evict
int nIdEvict = vvTried[nKBucket][nKBucketPos];
assert(mapInfo.count(nIdEvict) == 1);
CAddrInfo& infoOld = mapInfo[nIdEvict];
// Remove the to-be-evicted item from the tried set.
infoOld.fInTried = false;
vvTried[nKBucket][nKBucketPos] = -1;
nTried--;
// find which new bucket it belongs to
int nUBucket = infoOld.GetNewBucket(nKey);
int nUBucketPos = infoOld.GetBucketPosition(nKey, true, nUBucket);
ClearNew(nUBucket, nUBucketPos);
assert(vvNew[nUBucket][nUBucketPos] == -1);
// Enter it into the new set again.
infoOld.nRefCount = 1;
vvNew[nUBucket][nUBucketPos] = nIdEvict;
nNew++;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
assert(vvTried[nKBucket][nKBucketPos] == -1);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
vvTried[nKBucket][nKBucketPos] = nId;
nTried++;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
info.fInTried = true;
}
Merge #9037: net: Add test-before-evict discipline to addrman e68172ed9 Add test-before-evict discipline to addrman (Ethan Heilman) Pull request description: This change implement countermeasures 3 (test-before-evict) suggested in our paper: ["Eclipse Attacks on Bitcoin’s Peer-to-Peer Network"](http://cs-people.bu.edu/heilman/eclipse/). # Design: A collision occurs when an address, addr1, is being moved to the tried table from the new table, but maps to a position in the tried table which already contains an address (addr2). The current behavior is that addr1 would evict addr2 from the tried table. This change ensures that during a collision, addr1 is not inserted into tried but instead inserted into a buffer (setTriedCollisions). The to-be-evicted address, addr2, is then tested by [a feeler connection](https://github.com/bitcoin/bitcoin/pull/8282). If addr2 is found to be online, we remove addr1 from the buffer and addr2 is not evicted, on the other hand if addr2 is found be offline it is replaced by addr1. An additional small advantage of this change is that, as no more than ten addresses can be in the test buffer at once, and addresses are only cleared one at a time from the test buffer (at 2 minute intervals), thus an attacker is forced to wait at least two minutes to insert a new address into tried after filling up the test buffer. This rate limits an attacker attempting to launch an eclipse attack. # Risk mitigation: - To prevent this functionality from being used as a DoS vector, we limit the number of addresses which are to be tested to ten. If we have more than ten addresses to test, we drop new addresses being added to tried if they would evict an address. Since the feeler thread only creates one new connection every 2 minutes the additional network overhead is limited. - An address in tried gains immunity from tests for 4 hours after it has been tested or successfully connected to. # Tests: This change includes additional addrman unittests which test this behavior. I ran an instance of this change with a much smaller tried table (2 buckets of 64 addresses) so that collisions were much more likely and observed evictions. ``` 2016-10-27 07:20:26 Swapping 208.12.64.252:8333 for 68.62.95.247:8333 in tried table 2016-10-27 07:20:26 Moving 208.12.64.252:8333 to tried ``` I documented tests we ran against similar earlier versions of this change in #6355. # Security Benefit This is was originally posted in PR #8282 see [this comment for full details](https://github.com/bitcoin/bitcoin/pull/8282#issuecomment-237255215). To determine the security benefit of these larger numbers of IPs in the tried table I modeled the attack presented in [Eclipse Attacks on Bitcoin’s Peer-to-Peer Network](https://eprint.iacr.org/2015/263). ![attackergraph40000-10-1000short-line](https://cloud.githubusercontent.com/assets/274814/17366828/372af458-595b-11e6-81e5-2c9f97282305.png) **Default node:** 595 attacker IPs for ~50% attack success. **Default node + test-before-evict:** 620 attacker IPs for ~50% attack success. **Feeler node:** 5540 attacker IPs for ~50% attack success. **Feeler node + test-before-evict:** 8600 attacker IPs for ~50% attack success. The node running feeler connections has 10 times as many online IP addresses in its tried table making an attack 10 times harder (i.e. requiring the an attacker require 10 times as many IP addresses in different /16s). Adding test-before-evict increases resistance of the node by an additional 3000 attacker IP addresses. Below I graph the attack over even greater attacker resources (i.e. more attacker controled IP addresses). Note that test-before-evict maintains some security far longer even against an attacker with 50,000 IPs. If this node had a larger tried table test-before-evict could greatly boost a nodes resistance to eclipse attacks. ![attacker graph long view](https://cloud.githubusercontent.com/assets/274814/17367108/96f46d64-595c-11e6-91cd-edba160598e7.png) Tree-SHA512: fdad4d26aadeaad9bcdc71929b3eb4e1f855b3ee3541fbfbe25dca8d7d0a1667815402db0cb4319db6bd3fcd32d67b5bbc0e12045c4252d62d6239b7d77c4395
2018-03-06 21:36:48 +01:00
void CAddrMan::Good_(const CService& addr, bool test_before_evict, int64_t nTime)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
int nId;
Merge #8065: Addrman offline attempts 6182d10 Do not increment nAttempts by more than one for every Good connection. (Gregory Maxwell) c769c4a Avoid counting failed connect attempts when probably offline. (Gregory Maxwell)
2016-06-08 12:58:21 +02:00
nLastGood = nTime;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
CAddrInfo* pinfo = Find(addr, &nId);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// if not found, bail out
if (!pinfo)
return;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
CAddrInfo& info = *pinfo;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// check whether we are talking about the exact same CService (including same port)
if (info != addr)
return;
// update info
info.nLastSuccess = nTime;
info.nLastTry = nTime;
info.nAttempts = 0;
Reduce fingerprinting through timestamps in 'addr' messages. Suggested by Jonas Nick.
2015-03-05 13:01:22 +01:00
// nTime is not updated here, to avoid leaking information about
// currently-connected peers.
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// if it is already in the tried set, don't do anything else
if (info.fInTried)
return;
// find a bucket it is in now
Increase test coverage for addrman and addrinfo (#1497) Adds several unittests for CAddrMan and CAddrInfo. Increases the accuracy of addrman tests. Removes non-determinism in tests by overriding the random number generator. Extracts testing code from addrman class to test class.
2017-06-30 20:29:29 +02:00
int nRnd = RandomInt(ADDRMAN_NEW_BUCKET_COUNT);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
int nUBucket = -1;
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
for (unsigned int n = 0; n < ADDRMAN_NEW_BUCKET_COUNT; n++) {
int nB = (n + nRnd) % ADDRMAN_NEW_BUCKET_COUNT;
int nBpos = info.GetBucketPosition(nKey, true, nB);
if (vvNew[nB][nBpos] == nId) {
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
nUBucket = nB;
break;
}
}
// if no bucket is found, something bad happened;
// TODO: maybe re-add the node, but for now, just bail out
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
if (nUBucket == -1)
return;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
Merge #9037: net: Add test-before-evict discipline to addrman e68172ed9 Add test-before-evict discipline to addrman (Ethan Heilman) Pull request description: This change implement countermeasures 3 (test-before-evict) suggested in our paper: ["Eclipse Attacks on Bitcoin’s Peer-to-Peer Network"](http://cs-people.bu.edu/heilman/eclipse/). # Design: A collision occurs when an address, addr1, is being moved to the tried table from the new table, but maps to a position in the tried table which already contains an address (addr2). The current behavior is that addr1 would evict addr2 from the tried table. This change ensures that during a collision, addr1 is not inserted into tried but instead inserted into a buffer (setTriedCollisions). The to-be-evicted address, addr2, is then tested by [a feeler connection](https://github.com/bitcoin/bitcoin/pull/8282). If addr2 is found to be online, we remove addr1 from the buffer and addr2 is not evicted, on the other hand if addr2 is found be offline it is replaced by addr1. An additional small advantage of this change is that, as no more than ten addresses can be in the test buffer at once, and addresses are only cleared one at a time from the test buffer (at 2 minute intervals), thus an attacker is forced to wait at least two minutes to insert a new address into tried after filling up the test buffer. This rate limits an attacker attempting to launch an eclipse attack. # Risk mitigation: - To prevent this functionality from being used as a DoS vector, we limit the number of addresses which are to be tested to ten. If we have more than ten addresses to test, we drop new addresses being added to tried if they would evict an address. Since the feeler thread only creates one new connection every 2 minutes the additional network overhead is limited. - An address in tried gains immunity from tests for 4 hours after it has been tested or successfully connected to. # Tests: This change includes additional addrman unittests which test this behavior. I ran an instance of this change with a much smaller tried table (2 buckets of 64 addresses) so that collisions were much more likely and observed evictions. ``` 2016-10-27 07:20:26 Swapping 208.12.64.252:8333 for 68.62.95.247:8333 in tried table 2016-10-27 07:20:26 Moving 208.12.64.252:8333 to tried ``` I documented tests we ran against similar earlier versions of this change in #6355. # Security Benefit This is was originally posted in PR #8282 see [this comment for full details](https://github.com/bitcoin/bitcoin/pull/8282#issuecomment-237255215). To determine the security benefit of these larger numbers of IPs in the tried table I modeled the attack presented in [Eclipse Attacks on Bitcoin’s Peer-to-Peer Network](https://eprint.iacr.org/2015/263). ![attackergraph40000-10-1000short-line](https://cloud.githubusercontent.com/assets/274814/17366828/372af458-595b-11e6-81e5-2c9f97282305.png) **Default node:** 595 attacker IPs for ~50% attack success. **Default node + test-before-evict:** 620 attacker IPs for ~50% attack success. **Feeler node:** 5540 attacker IPs for ~50% attack success. **Feeler node + test-before-evict:** 8600 attacker IPs for ~50% attack success. The node running feeler connections has 10 times as many online IP addresses in its tried table making an attack 10 times harder (i.e. requiring the an attacker require 10 times as many IP addresses in different /16s). Adding test-before-evict increases resistance of the node by an additional 3000 attacker IP addresses. Below I graph the attack over even greater attacker resources (i.e. more attacker controled IP addresses). Note that test-before-evict maintains some security far longer even against an attacker with 50,000 IPs. If this node had a larger tried table test-before-evict could greatly boost a nodes resistance to eclipse attacks. ![attacker graph long view](https://cloud.githubusercontent.com/assets/274814/17367108/96f46d64-595c-11e6-91cd-edba160598e7.png) Tree-SHA512: fdad4d26aadeaad9bcdc71929b3eb4e1f855b3ee3541fbfbe25dca8d7d0a1667815402db0cb4319db6bd3fcd32d67b5bbc0e12045c4252d62d6239b7d77c4395
2018-03-06 21:36:48 +01:00
// which tried bucket to move the entry to
int tried_bucket = info.GetTriedBucket(nKey);
int tried_bucket_pos = info.GetBucketPosition(nKey, false, tried_bucket);
// Will moving this address into tried evict another entry?
if (test_before_evict && (vvTried[tried_bucket][tried_bucket_pos] != -1)) {
Merge #12622: net: Correct addrman logging b4db76c55 net: Correct addrman logging (Wladimir J. van der Laan) Pull request description: These were introduced in #9037. Found by @theuni (https://github.com/bitcoin/bitcoin/pull/9037#pullrequestreview-101704656). Tree-SHA512: 9b5153da8a8e5d4ddf9513a5c453f9609cffd4df2924fd48c7b36c1b1055748c7077d4fc0e70be62ca36af87df7f621a744bb374a234baba271ce4982a240825
2018-03-06 22:15:43 +01:00
if (fLogIPs) LogPrint(BCLog::ADDRMAN, "Collision inserting element into tried table, moving %s to m_tried_collisions=%d\n", addr.ToString(), m_tried_collisions.size());
Merge #9037: net: Add test-before-evict discipline to addrman e68172ed9 Add test-before-evict discipline to addrman (Ethan Heilman) Pull request description: This change implement countermeasures 3 (test-before-evict) suggested in our paper: ["Eclipse Attacks on Bitcoin’s Peer-to-Peer Network"](http://cs-people.bu.edu/heilman/eclipse/). # Design: A collision occurs when an address, addr1, is being moved to the tried table from the new table, but maps to a position in the tried table which already contains an address (addr2). The current behavior is that addr1 would evict addr2 from the tried table. This change ensures that during a collision, addr1 is not inserted into tried but instead inserted into a buffer (setTriedCollisions). The to-be-evicted address, addr2, is then tested by [a feeler connection](https://github.com/bitcoin/bitcoin/pull/8282). If addr2 is found to be online, we remove addr1 from the buffer and addr2 is not evicted, on the other hand if addr2 is found be offline it is replaced by addr1. An additional small advantage of this change is that, as no more than ten addresses can be in the test buffer at once, and addresses are only cleared one at a time from the test buffer (at 2 minute intervals), thus an attacker is forced to wait at least two minutes to insert a new address into tried after filling up the test buffer. This rate limits an attacker attempting to launch an eclipse attack. # Risk mitigation: - To prevent this functionality from being used as a DoS vector, we limit the number of addresses which are to be tested to ten. If we have more than ten addresses to test, we drop new addresses being added to tried if they would evict an address. Since the feeler thread only creates one new connection every 2 minutes the additional network overhead is limited. - An address in tried gains immunity from tests for 4 hours after it has been tested or successfully connected to. # Tests: This change includes additional addrman unittests which test this behavior. I ran an instance of this change with a much smaller tried table (2 buckets of 64 addresses) so that collisions were much more likely and observed evictions. ``` 2016-10-27 07:20:26 Swapping 208.12.64.252:8333 for 68.62.95.247:8333 in tried table 2016-10-27 07:20:26 Moving 208.12.64.252:8333 to tried ``` I documented tests we ran against similar earlier versions of this change in #6355. # Security Benefit This is was originally posted in PR #8282 see [this comment for full details](https://github.com/bitcoin/bitcoin/pull/8282#issuecomment-237255215). To determine the security benefit of these larger numbers of IPs in the tried table I modeled the attack presented in [Eclipse Attacks on Bitcoin’s Peer-to-Peer Network](https://eprint.iacr.org/2015/263). ![attackergraph40000-10-1000short-line](https://cloud.githubusercontent.com/assets/274814/17366828/372af458-595b-11e6-81e5-2c9f97282305.png) **Default node:** 595 attacker IPs for ~50% attack success. **Default node + test-before-evict:** 620 attacker IPs for ~50% attack success. **Feeler node:** 5540 attacker IPs for ~50% attack success. **Feeler node + test-before-evict:** 8600 attacker IPs for ~50% attack success. The node running feeler connections has 10 times as many online IP addresses in its tried table making an attack 10 times harder (i.e. requiring the an attacker require 10 times as many IP addresses in different /16s). Adding test-before-evict increases resistance of the node by an additional 3000 attacker IP addresses. Below I graph the attack over even greater attacker resources (i.e. more attacker controled IP addresses). Note that test-before-evict maintains some security far longer even against an attacker with 50,000 IPs. If this node had a larger tried table test-before-evict could greatly boost a nodes resistance to eclipse attacks. ![attacker graph long view](https://cloud.githubusercontent.com/assets/274814/17367108/96f46d64-595c-11e6-91cd-edba160598e7.png) Tree-SHA512: fdad4d26aadeaad9bcdc71929b3eb4e1f855b3ee3541fbfbe25dca8d7d0a1667815402db0cb4319db6bd3fcd32d67b5bbc0e12045c4252d62d6239b7d77c4395
2018-03-06 21:36:48 +01:00
if (m_tried_collisions.size() < ADDRMAN_SET_TRIED_COLLISION_SIZE) {
m_tried_collisions.insert(nId);
}
} else {
if (fLogIPs) LogPrint(BCLog::ADDRMAN, "Moving %s to tried\n", addr.ToString());
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
Merge #9037: net: Add test-before-evict discipline to addrman e68172ed9 Add test-before-evict discipline to addrman (Ethan Heilman) Pull request description: This change implement countermeasures 3 (test-before-evict) suggested in our paper: ["Eclipse Attacks on Bitcoin’s Peer-to-Peer Network"](http://cs-people.bu.edu/heilman/eclipse/). # Design: A collision occurs when an address, addr1, is being moved to the tried table from the new table, but maps to a position in the tried table which already contains an address (addr2). The current behavior is that addr1 would evict addr2 from the tried table. This change ensures that during a collision, addr1 is not inserted into tried but instead inserted into a buffer (setTriedCollisions). The to-be-evicted address, addr2, is then tested by [a feeler connection](https://github.com/bitcoin/bitcoin/pull/8282). If addr2 is found to be online, we remove addr1 from the buffer and addr2 is not evicted, on the other hand if addr2 is found be offline it is replaced by addr1. An additional small advantage of this change is that, as no more than ten addresses can be in the test buffer at once, and addresses are only cleared one at a time from the test buffer (at 2 minute intervals), thus an attacker is forced to wait at least two minutes to insert a new address into tried after filling up the test buffer. This rate limits an attacker attempting to launch an eclipse attack. # Risk mitigation: - To prevent this functionality from being used as a DoS vector, we limit the number of addresses which are to be tested to ten. If we have more than ten addresses to test, we drop new addresses being added to tried if they would evict an address. Since the feeler thread only creates one new connection every 2 minutes the additional network overhead is limited. - An address in tried gains immunity from tests for 4 hours after it has been tested or successfully connected to. # Tests: This change includes additional addrman unittests which test this behavior. I ran an instance of this change with a much smaller tried table (2 buckets of 64 addresses) so that collisions were much more likely and observed evictions. ``` 2016-10-27 07:20:26 Swapping 208.12.64.252:8333 for 68.62.95.247:8333 in tried table 2016-10-27 07:20:26 Moving 208.12.64.252:8333 to tried ``` I documented tests we ran against similar earlier versions of this change in #6355. # Security Benefit This is was originally posted in PR #8282 see [this comment for full details](https://github.com/bitcoin/bitcoin/pull/8282#issuecomment-237255215). To determine the security benefit of these larger numbers of IPs in the tried table I modeled the attack presented in [Eclipse Attacks on Bitcoin’s Peer-to-Peer Network](https://eprint.iacr.org/2015/263). ![attackergraph40000-10-1000short-line](https://cloud.githubusercontent.com/assets/274814/17366828/372af458-595b-11e6-81e5-2c9f97282305.png) **Default node:** 595 attacker IPs for ~50% attack success. **Default node + test-before-evict:** 620 attacker IPs for ~50% attack success. **Feeler node:** 5540 attacker IPs for ~50% attack success. **Feeler node + test-before-evict:** 8600 attacker IPs for ~50% attack success. The node running feeler connections has 10 times as many online IP addresses in its tried table making an attack 10 times harder (i.e. requiring the an attacker require 10 times as many IP addresses in different /16s). Adding test-before-evict increases resistance of the node by an additional 3000 attacker IP addresses. Below I graph the attack over even greater attacker resources (i.e. more attacker controled IP addresses). Note that test-before-evict maintains some security far longer even against an attacker with 50,000 IPs. If this node had a larger tried table test-before-evict could greatly boost a nodes resistance to eclipse attacks. ![attacker graph long view](https://cloud.githubusercontent.com/assets/274814/17367108/96f46d64-595c-11e6-91cd-edba160598e7.png) Tree-SHA512: fdad4d26aadeaad9bcdc71929b3eb4e1f855b3ee3541fbfbe25dca8d7d0a1667815402db0cb4319db6bd3fcd32d67b5bbc0e12045c4252d62d6239b7d77c4395
2018-03-06 21:36:48 +01:00
// move nId to the tried tables
MakeTried(info, nId);
}
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
bool CAddrMan::Add_(const CAddress& addr, const CNetAddr& source, int64_t nTimePenalty)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
if (!addr.IsRoutable())
return false;
bool fNew = false;
int nId;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
CAddrInfo* pinfo = Find(addr, &nId);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
Merge #9510: [trivial] Fix typos in comments cc16d99 [trivial] Fix typos in comments (practicalswift)
2017-01-29 16:05:06 +01:00
// Do not set a penalty for a source's self-announcement
Merge #8661: Do not set an addr time penalty when a peer advertises itself. 6d0ced1 Do not set an addr time penalty when a peer advertises itself. (Gregory Maxwell)
2016-09-23 13:55:43 +02:00
if (addr == source) {
nTimePenalty = 0;
}
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
if (pinfo) {
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// periodically update nTime
bool fCurrentlyOnline = (GetAdjustedTime() - addr.nTime < 24 * 60 * 60);
Cleanup code using forward declarations. Use misc methods of avoiding unnecesary header includes. Replace int typedefs with int##_t from stdint.h. Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h. Normalize QT_VERSION ifs where possible. Resolve some indirect dependencies as direct ones. Remove extern declarations from .cpp files.
2013-04-13 07:13:08 +02:00
int64_t nUpdateInterval = (fCurrentlyOnline ? 60 * 60 : 24 * 60 * 60);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
if (addr.nTime && (!pinfo->nTime || pinfo->nTime < addr.nTime - nUpdateInterval - nTimePenalty))
remove using namespace std from addrman.cpp
2015-06-15 14:45:19 +02:00
pinfo->nTime = std::max((int64_t)0, addr.nTime - nTimePenalty);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// add services
Backport Bitcoin PR#7749: Enforce expected outbound services (#1508) * Only store and connect to NODE_NETWORK nodes * Keep addrman's nService bits consistent with outbound observations * Verify that outbound connections have expected services * Don't require services in -addnode * Introduce enum ServiceFlags for service flags * Introduce REQUIRED_SERVICES constant
2017-07-05 05:45:23 +02:00
pinfo->nServices = ServiceFlags(pinfo->nServices | addr.nServices);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// do not update if no new information is present
fix warnings: '&&' within '||' [-Wlogical-op-parentheses]
2012-04-15 13:03:28 +02:00
if (!addr.nTime || (pinfo->nTime && addr.nTime <= pinfo->nTime))
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return false;
// do not update if the entry was already in the "tried" table
if (pinfo->fInTried)
return false;
// do not update if the max reference count is reached
if (pinfo->nRefCount == ADDRMAN_NEW_BUCKETS_PER_ADDRESS)
return false;
// stochastic test: previous nRefCount == N: 2^N times harder to increase it
int nFactor = 1;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
for (int n = 0; n < pinfo->nRefCount; n++)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
nFactor *= 2;
Increase test coverage for addrman and addrinfo (#1497) Adds several unittests for CAddrMan and CAddrInfo. Increases the accuracy of addrman tests. Removes non-determinism in tests by overriding the random number generator. Extracts testing code from addrman class to test class.
2017-06-30 20:29:29 +02:00
if (nFactor > 1 && (RandomInt(nFactor) != 0))
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return false;
} else {
pinfo = Create(addr, source, &nId);
remove using namespace std from addrman.cpp
2015-06-15 14:45:19 +02:00
pinfo->nTime = std::max((int64_t)0, (int64_t)pinfo->nTime - nTimePenalty);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
nNew++;
fNew = true;
}
int nUBucket = pinfo->GetNewBucket(nKey, source);
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
int nUBucketPos = pinfo->GetBucketPosition(nKey, true, nUBucket);
if (vvNew[nUBucket][nUBucketPos] != nId) {
bool fInsert = vvNew[nUBucket][nUBucketPos] == -1;
if (!fInsert) {
CAddrInfo& infoExisting = mapInfo[vvNew[nUBucket][nUBucketPos]];
if (infoExisting.IsTerrible() || (infoExisting.nRefCount > 1 && pinfo->nRefCount == 0)) {
// Overwrite the existing new table entry.
fInsert = true;
}
}
if (fInsert) {
ClearNew(nUBucket, nUBucketPos);
pinfo->nRefCount++;
vvNew[nUBucket][nUBucketPos] = nId;
} else {
if (pinfo->nRefCount == 0) {
Delete(nId);
}
}
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
return fNew;
}
Merge #8065: Addrman offline attempts 6182d10 Do not increment nAttempts by more than one for every Good connection. (Gregory Maxwell) c769c4a Avoid counting failed connect attempts when probably offline. (Gregory Maxwell)
2016-06-08 12:58:21 +02:00
void CAddrMan::Attempt_(const CService& addr, bool fCountFailure, int64_t nTime)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
CAddrInfo* pinfo = Find(addr);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// if not found, bail out
if (!pinfo)
return;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
CAddrInfo& info = *pinfo;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// check whether we are talking about the exact same CService (including same port)
if (info != addr)
return;
// update info
info.nLastTry = nTime;
Merge #8065: Addrman offline attempts 6182d10 Do not increment nAttempts by more than one for every Good connection. (Gregory Maxwell) c769c4a Avoid counting failed connect attempts when probably offline. (Gregory Maxwell)
2016-06-08 12:58:21 +02:00
if (fCountFailure && info.nLastCountAttempt < nLastGood) {
info.nLastCountAttempt = nTime;
info.nAttempts++;
}
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
Creates unittests for addrman, makes addrman testable. Adds several unittests for addrman to verify it works as expected. Makes small modifications to addrman to allow deterministic and targeted tests.
2015-09-22 21:24:16 +02:00
CAddrInfo CAddrMan::Select_(bool newOnly)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
if (size() == 0)
nLastTry is only used for addrman entries No need to define it for every CAddress, as it's memory only anyway.
2015-04-19 20:10:13 +02:00
return CAddrInfo();
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
Creates unittests for addrman, makes addrman testable. Adds several unittests for addrman to verify it works as expected. Makes small modifications to addrman to allow deterministic and targeted tests.
2015-09-22 21:24:16 +02:00
if (newOnly && nNew == 0)
return CAddrInfo();
Always use a 50% chance to choose between tried and new entries This change was suggested as Countermeasure 2 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015.
2015-03-19 17:51:59 +01:00
// Use a 50% chance for choosing between tried and new table entries.
Creates unittests for addrman, makes addrman testable. Adds several unittests for addrman to verify it works as expected. Makes small modifications to addrman to allow deterministic and targeted tests.
2015-09-22 21:24:16 +02:00
if (!newOnly &&
scripted-diff: Merge #13753: Remove trailing whitespaces -BEGIN VERIFY SCRIPT- sed --in-place'' --regexp-extended 's/[[:space:]]+$//g' $(git grep -I --files-with-matches --extended-regexp '[[:space:]]+$' -- src test ':!*.svg' ':!src/crypto/sha256_sse4*' ':!src/leveldb' ':!src/qt/locale' ':!src/secp256k1' ':!src/univalue') -END VERIFY SCRIPT- Signed-off-by: pasta <pasta@dashboost.org>
2020-07-29 03:23:12 +02:00
(nTried > 0 && (nNew == 0 || RandomInt(2) == 0))) {
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// use a tried node
double fChanceFactor = 1.0;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
while (1) {
Increase test coverage for addrman and addrinfo (#1497) Adds several unittests for CAddrMan and CAddrInfo. Increases the accuracy of addrman tests. Removes non-determinism in tests by overriding the random number generator. Extracts testing code from addrman class to test class.
2017-06-30 20:29:29 +02:00
int nKBucket = RandomInt(ADDRMAN_TRIED_BUCKET_COUNT);
int nKBucketPos = RandomInt(ADDRMAN_BUCKET_SIZE);
Improve addrman Select() performance when buckets are nearly empty
2015-08-06 19:49:19 +02:00
while (vvTried[nKBucket][nKBucketPos] == -1) {
Merge #9792: FastRandomContext improvements and switch to ChaCha20 4fd2d2f Add a FastRandomContext::randrange and use it (Pieter Wuille) 1632922 Switch FastRandomContext to ChaCha20 (Pieter Wuille) e04326f Add ChaCha20 (Pieter Wuille) 663fbae FastRandom benchmark (Pieter Wuille) c21cbe6 Introduce FastRandomContext::randbool() (Pieter Wuille) Tree-SHA512: 7fff61e3f6d6dc6ac846ca643d877b377db609646dd401a0e8f50b052c6b9bcd2f5fc34de6bbf28f04afd1724f6279ee163ead5f37d724fb782a00239f35db1d
2017-04-24 14:02:12 +02:00
nKBucket = (nKBucket + insecure_rand.randbits(ADDRMAN_TRIED_BUCKET_COUNT_LOG2)) % ADDRMAN_TRIED_BUCKET_COUNT;
nKBucketPos = (nKBucketPos + insecure_rand.randbits(ADDRMAN_BUCKET_SIZE_LOG2)) % ADDRMAN_BUCKET_SIZE;
Improve addrman Select() performance when buckets are nearly empty
2015-08-06 19:49:19 +02:00
}
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
int nId = vvTried[nKBucket][nKBucketPos];
assert(mapInfo.count(nId) == 1);
CAddrInfo& info = mapInfo[nId];
Increase test coverage for addrman and addrinfo (#1497) Adds several unittests for CAddrMan and CAddrInfo. Increases the accuracy of addrman tests. Removes non-determinism in tests by overriding the random number generator. Extracts testing code from addrman class to test class.
2017-06-30 20:29:29 +02:00
if (RandomInt(1 << 30) < fChanceFactor * info.GetChance() * (1 << 30))
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return info;
fChanceFactor *= 1.2;
}
} else {
fix a comment in addrman.cpp
2012-08-18 16:45:24 +02:00
// use a new node
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
double fChanceFactor = 1.0;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
while (1) {
Increase test coverage for addrman and addrinfo (#1497) Adds several unittests for CAddrMan and CAddrInfo. Increases the accuracy of addrman tests. Removes non-determinism in tests by overriding the random number generator. Extracts testing code from addrman class to test class.
2017-06-30 20:29:29 +02:00
int nUBucket = RandomInt(ADDRMAN_NEW_BUCKET_COUNT);
int nUBucketPos = RandomInt(ADDRMAN_BUCKET_SIZE);
Improve addrman Select() performance when buckets are nearly empty
2015-08-06 19:49:19 +02:00
while (vvNew[nUBucket][nUBucketPos] == -1) {
Merge #9792: FastRandomContext improvements and switch to ChaCha20 4fd2d2f Add a FastRandomContext::randrange and use it (Pieter Wuille) 1632922 Switch FastRandomContext to ChaCha20 (Pieter Wuille) e04326f Add ChaCha20 (Pieter Wuille) 663fbae FastRandom benchmark (Pieter Wuille) c21cbe6 Introduce FastRandomContext::randbool() (Pieter Wuille) Tree-SHA512: 7fff61e3f6d6dc6ac846ca643d877b377db609646dd401a0e8f50b052c6b9bcd2f5fc34de6bbf28f04afd1724f6279ee163ead5f37d724fb782a00239f35db1d
2017-04-24 14:02:12 +02:00
nUBucket = (nUBucket + insecure_rand.randbits(ADDRMAN_NEW_BUCKET_COUNT_LOG2)) % ADDRMAN_NEW_BUCKET_COUNT;
nUBucketPos = (nUBucketPos + insecure_rand.randbits(ADDRMAN_BUCKET_SIZE_LOG2)) % ADDRMAN_BUCKET_SIZE;
Improve addrman Select() performance when buckets are nearly empty
2015-08-06 19:49:19 +02:00
}
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
int nId = vvNew[nUBucket][nUBucketPos];
assert(mapInfo.count(nId) == 1);
CAddrInfo& info = mapInfo[nId];
Increase test coverage for addrman and addrinfo (#1497) Adds several unittests for CAddrMan and CAddrInfo. Increases the accuracy of addrman tests. Removes non-determinism in tests by overriding the random number generator. Extracts testing code from addrman class to test class.
2017-06-30 20:29:29 +02:00
if (RandomInt(1 << 30) < fChanceFactor * info.GetChance() * (1 << 30))
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return info;
fChanceFactor *= 1.2;
}
}
}
#ifdef DEBUG_ADDRMAN
int CAddrMan::Check_()
{
std::set<int> setTried;
std::map<int, int> mapNew;
Merge #11577: Fix warnings (-Wsign-compare) when building with DEBUG_ADDRMAN 6eddd43 Fix warnings when building with DEBUG_ADDRMAN (practicalswift) Pull request description: Fix warnings when building with `DEBUG_ADDRMAN`. Warnings prior to this commit: ``` addrman.cpp:390:24: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (vRandom.size() != nTried + nNew) ~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~ addrman.cpp:411:52: warning: comparison of integers of different signs: 'int' and 'size_type' (aka 'unsigned long') [-Wsign-compare] if (info.nRandomPos < 0 || info.nRandomPos >= vRandom.size() || vRandom[info.nRandomPos] != n) ~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~ addrman.cpp:419:25: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (setTried.size() != nTried) ~~~~~~~~~~~~~~~ ^ ~~~~~~ addrman.cpp:421:23: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (mapNew.size() != nNew) ~~~~~~~~~~~~~ ^ ~~~~ 4 warnings generated. ``` Tree-SHA512: 0316faecfe95066d2c9a0b6b3960086e43824f21a67086a895ea45fbce1327f8d6df5945fe923c2dbe4efce430bc1384d515d317c3930d97d24965e507cf734d
2018-01-29 14:26:20 +01:00
if (vRandom.size() != (size_t)(nTried + nNew))
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
return -7;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
Merge #10493: Use range-based for loops (C++11) when looping over map elements 680bc2cbb Use range-based for loops (C++11) when looping over map elements (practicalswift) Pull request description: Before this commit: ```c++ for (std::map<T1, T2>::iterator x = y.begin(); x != y.end(); ++x) { T1 z = (*x).first; … } ``` After this commit: ```c++ for (auto& x : y) { T1 z = x.first; … } ``` Tree-SHA512: 954b136b7f5e6df09f39248a6b530fd9baa9ab59d7c2c7eb369fd4afbb591b7a52c92ee25f87f1745f47b41d6828b7abfd395b43daf84a55b4e6a3d45015e3a0
2017-11-30 23:09:44 +01:00
for (const auto& entry : mapInfo) {
int n = entry.first;
const CAddrInfo& info = entry.second;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
if (info.fInTried) {
if (!info.nLastSuccess)
return -1;
if (info.nRefCount)
return -2;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
setTried.insert(n);
} else {
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
if (info.nRefCount < 0 || info.nRefCount > ADDRMAN_NEW_BUCKETS_PER_ADDRESS)
return -3;
if (!info.nRefCount)
return -4;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
mapNew[n] = info.nRefCount;
}
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
if (mapAddr[info] != n)
return -5;
Merge #11577: Fix warnings (-Wsign-compare) when building with DEBUG_ADDRMAN 6eddd43 Fix warnings when building with DEBUG_ADDRMAN (practicalswift) Pull request description: Fix warnings when building with `DEBUG_ADDRMAN`. Warnings prior to this commit: ``` addrman.cpp:390:24: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (vRandom.size() != nTried + nNew) ~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~ addrman.cpp:411:52: warning: comparison of integers of different signs: 'int' and 'size_type' (aka 'unsigned long') [-Wsign-compare] if (info.nRandomPos < 0 || info.nRandomPos >= vRandom.size() || vRandom[info.nRandomPos] != n) ~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~ addrman.cpp:419:25: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (setTried.size() != nTried) ~~~~~~~~~~~~~~~ ^ ~~~~~~ addrman.cpp:421:23: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (mapNew.size() != nNew) ~~~~~~~~~~~~~ ^ ~~~~ 4 warnings generated. ``` Tree-SHA512: 0316faecfe95066d2c9a0b6b3960086e43824f21a67086a895ea45fbce1327f8d6df5945fe923c2dbe4efce430bc1384d515d317c3930d97d24965e507cf734d
2018-01-29 14:26:20 +01:00
if (info.nRandomPos < 0 || (size_t)info.nRandomPos >= vRandom.size() || vRandom[info.nRandomPos] != n)
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
return -14;
if (info.nLastTry < 0)
return -6;
if (info.nLastSuccess < 0)
return -8;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
Merge #11577: Fix warnings (-Wsign-compare) when building with DEBUG_ADDRMAN 6eddd43 Fix warnings when building with DEBUG_ADDRMAN (practicalswift) Pull request description: Fix warnings when building with `DEBUG_ADDRMAN`. Warnings prior to this commit: ``` addrman.cpp:390:24: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (vRandom.size() != nTried + nNew) ~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~ addrman.cpp:411:52: warning: comparison of integers of different signs: 'int' and 'size_type' (aka 'unsigned long') [-Wsign-compare] if (info.nRandomPos < 0 || info.nRandomPos >= vRandom.size() || vRandom[info.nRandomPos] != n) ~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~ addrman.cpp:419:25: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (setTried.size() != nTried) ~~~~~~~~~~~~~~~ ^ ~~~~~~ addrman.cpp:421:23: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (mapNew.size() != nNew) ~~~~~~~~~~~~~ ^ ~~~~ 4 warnings generated. ``` Tree-SHA512: 0316faecfe95066d2c9a0b6b3960086e43824f21a67086a895ea45fbce1327f8d6df5945fe923c2dbe4efce430bc1384d515d317c3930d97d24965e507cf734d
2018-01-29 14:26:20 +01:00
if (setTried.size() != (size_t)nTried)
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
return -9;
Merge #11577: Fix warnings (-Wsign-compare) when building with DEBUG_ADDRMAN 6eddd43 Fix warnings when building with DEBUG_ADDRMAN (practicalswift) Pull request description: Fix warnings when building with `DEBUG_ADDRMAN`. Warnings prior to this commit: ``` addrman.cpp:390:24: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (vRandom.size() != nTried + nNew) ~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~ addrman.cpp:411:52: warning: comparison of integers of different signs: 'int' and 'size_type' (aka 'unsigned long') [-Wsign-compare] if (info.nRandomPos < 0 || info.nRandomPos >= vRandom.size() || vRandom[info.nRandomPos] != n) ~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~ addrman.cpp:419:25: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (setTried.size() != nTried) ~~~~~~~~~~~~~~~ ^ ~~~~~~ addrman.cpp:421:23: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare] if (mapNew.size() != nNew) ~~~~~~~~~~~~~ ^ ~~~~ 4 warnings generated. ``` Tree-SHA512: 0316faecfe95066d2c9a0b6b3960086e43824f21a67086a895ea45fbce1327f8d6df5945fe923c2dbe4efce430bc1384d515d317c3930d97d24965e507cf734d
2018-01-29 14:26:20 +01:00
if (mapNew.size() != (size_t)nNew)
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
return -10;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
for (int n = 0; n < ADDRMAN_TRIED_BUCKET_COUNT; n++) {
for (int i = 0; i < ADDRMAN_BUCKET_SIZE; i++) {
if (vvTried[n][i] != -1) {
if (!setTried.count(vvTried[n][i]))
return -11;
if (mapInfo[vvTried[n][i]].GetTriedBucket(nKey) != n)
return -17;
if (mapInfo[vvTried[n][i]].GetBucketPosition(nKey, false, n) != i)
return -18;
setTried.erase(vvTried[n][i]);
}
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
}
Make addrman's bucket placement deterministic. Give each address a single fixed location in the new and tried tables, which become simple fixed-size arrays instead of sets and vectors. This prevents attackers from having an advantages by inserting an address multiple times. This change was suggested as Countermeasure 1 in Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report 2015/263. March 2015. It is also more efficient.
2015-03-18 17:31:49 +01:00
for (int n = 0; n < ADDRMAN_NEW_BUCKET_COUNT; n++) {
for (int i = 0; i < ADDRMAN_BUCKET_SIZE; i++) {
if (vvNew[n][i] != -1) {
if (!mapNew.count(vvNew[n][i]))
return -12;
if (mapInfo[vvNew[n][i]].GetBucketPosition(nKey, true, n) != i)
return -19;
if (--mapNew[vvNew[n][i]] == 0)
mapNew.erase(vvNew[n][i]);
}
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
}
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
if (setTried.size())
return -13;
if (mapNew.size())
return -15;
Switch addrman key from vector to uint256
2015-03-08 14:30:05 +01:00
if (nKey.IsNull())
return -16;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
return 0;
}
#endif
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
void CAddrMan::GetAddr_(std::vector<CAddress>& vAddr)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
addrman: Do not propagate obviously poor addresses onto the network
2014-08-18 22:50:39 +02:00
unsigned int nNodes = ADDRMAN_GETADDR_MAX_PCT * vRandom.size() / 100;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
if (nNodes > ADDRMAN_GETADDR_MAX)
nNodes = ADDRMAN_GETADDR_MAX;
addrman: Do not propagate obviously poor addresses onto the network
2014-08-18 22:50:39 +02:00
// gather a list of random nodes, skipping those of low quality
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
for (unsigned int n = 0; n < vRandom.size(); n++) {
addrman: Do not propagate obviously poor addresses onto the network
2014-08-18 22:50:39 +02:00
if (vAddr.size() >= nNodes)
break;
Increase test coverage for addrman and addrinfo (#1497) Adds several unittests for CAddrMan and CAddrInfo. Increases the accuracy of addrman tests. Removes non-determinism in tests by overriding the random number generator. Extracts testing code from addrman class to test class.
2017-06-30 20:29:29 +02:00
int nRndPos = RandomInt(vRandom.size() - n) + n;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
SwapRandom(n, nRndPos);
Add extra asserts to addrman
2012-05-05 21:30:38 +02:00
assert(mapInfo.count(vRandom[n]) == 1);
addrman: Do not propagate obviously poor addresses onto the network
2014-08-18 22:50:39 +02:00
const CAddrInfo& ai = mapInfo[vRandom[n]];
if (!ai.IsTerrible())
vAddr.push_back(ai);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
}
}
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
void CAddrMan::Connected_(const CService& addr, int64_t nTime)
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
{
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
CAddrInfo* pinfo = Find(addr);
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// if not found, bail out
if (!pinfo)
return;
Apply clang-format on some infrequently-updated files
2014-09-19 19:21:46 +02:00
CAddrInfo& info = *pinfo;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
// check whether we are talking about the exact same CService (including same port)
if (info != addr)
return;
// update info
Cleanup code using forward declarations. Use misc methods of avoiding unnecesary header includes. Replace int typedefs with int##_t from stdint.h. Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h. Normalize QT_VERSION ifs where possible. Resolve some indirect dependencies as direct ones. Remove extern declarations from .cpp files.
2013-04-13 07:13:08 +02:00
int64_t nUpdateInterval = 20 * 60;
CAddrMan: stochastic address manager Design goals: * Only keep a limited number of addresses around, so that addr.dat does not grow without bound. * Keep the address tables in-memory, and occasionally write the table to addr.dat. * Make sure no (localized) attacker can fill the entire table with his nodes/addresses. See comments in addrman.h for more detailed information.
2012-01-04 23:39:45 +01:00
if (nTime - info.nTime > nUpdateInterval)
info.nTime = nTime;
}
Increase test coverage for addrman and addrinfo (#1497) Adds several unittests for CAddrMan and CAddrInfo. Increases the accuracy of addrman tests. Removes non-determinism in tests by overriding the random number generator. Extracts testing code from addrman class to test class.
2017-06-30 20:29:29 +02:00
Backport Bitcoin PR#7749: Enforce expected outbound services (#1508) * Only store and connect to NODE_NETWORK nodes * Keep addrman's nService bits consistent with outbound observations * Verify that outbound connections have expected services * Don't require services in -addnode * Introduce enum ServiceFlags for service flags * Introduce REQUIRED_SERVICES constant
2017-07-05 05:45:23 +02:00
void CAddrMan::SetServices_(const CService& addr, ServiceFlags nServices)
{
CAddrInfo* pinfo = Find(addr);
// if not found, bail out
if (!pinfo)
return;
CAddrInfo& info = *pinfo;
// check whether we are talking about the exact same CService (including same port)
if (info != addr)
return;
// update info
info.nServices = nServices;
}
Back off for 1m when connecting to quorum masternodes (#2975) * Implement GetAddressInfo in CAddrMan * Back off for 1m when connecting to quorum masternodes
2019-06-14 13:04:19 +02:00
CAddrInfo CAddrMan::GetAddressInfo_(const CService& addr)
{
CAddrInfo* pinfo = Find(addr);
// if not found, bail out
if (!pinfo)
return CAddrInfo();
CAddrInfo& info = *pinfo;
// check whether we are talking about the exact same CService (including same port)
if (info != addr)
return CAddrInfo();
return *pinfo;
}
Increase test coverage for addrman and addrinfo (#1497) Adds several unittests for CAddrMan and CAddrInfo. Increases the accuracy of addrman tests. Removes non-determinism in tests by overriding the random number generator. Extracts testing code from addrman class to test class.
2017-06-30 20:29:29 +02:00
int CAddrMan::RandomInt(int nMax){
return GetRandInt(nMax);
Merge #9037: net: Add test-before-evict discipline to addrman e68172ed9 Add test-before-evict discipline to addrman (Ethan Heilman) Pull request description: This change implement countermeasures 3 (test-before-evict) suggested in our paper: ["Eclipse Attacks on Bitcoin’s Peer-to-Peer Network"](http://cs-people.bu.edu/heilman/eclipse/). # Design: A collision occurs when an address, addr1, is being moved to the tried table from the new table, but maps to a position in the tried table which already contains an address (addr2). The current behavior is that addr1 would evict addr2 from the tried table. This change ensures that during a collision, addr1 is not inserted into tried but instead inserted into a buffer (setTriedCollisions). The to-be-evicted address, addr2, is then tested by [a feeler connection](https://github.com/bitcoin/bitcoin/pull/8282). If addr2 is found to be online, we remove addr1 from the buffer and addr2 is not evicted, on the other hand if addr2 is found be offline it is replaced by addr1. An additional small advantage of this change is that, as no more than ten addresses can be in the test buffer at once, and addresses are only cleared one at a time from the test buffer (at 2 minute intervals), thus an attacker is forced to wait at least two minutes to insert a new address into tried after filling up the test buffer. This rate limits an attacker attempting to launch an eclipse attack. # Risk mitigation: - To prevent this functionality from being used as a DoS vector, we limit the number of addresses which are to be tested to ten. If we have more than ten addresses to test, we drop new addresses being added to tried if they would evict an address. Since the feeler thread only creates one new connection every 2 minutes the additional network overhead is limited. - An address in tried gains immunity from tests for 4 hours after it has been tested or successfully connected to. # Tests: This change includes additional addrman unittests which test this behavior. I ran an instance of this change with a much smaller tried table (2 buckets of 64 addresses) so that collisions were much more likely and observed evictions. ``` 2016-10-27 07:20:26 Swapping 208.12.64.252:8333 for 68.62.95.247:8333 in tried table 2016-10-27 07:20:26 Moving 208.12.64.252:8333 to tried ``` I documented tests we ran against similar earlier versions of this change in #6355. # Security Benefit This is was originally posted in PR #8282 see [this comment for full details](https://github.com/bitcoin/bitcoin/pull/8282#issuecomment-237255215). To determine the security benefit of these larger numbers of IPs in the tried table I modeled the attack presented in [Eclipse Attacks on Bitcoin’s Peer-to-Peer Network](https://eprint.iacr.org/2015/263). ![attackergraph40000-10-1000short-line](https://cloud.githubusercontent.com/assets/274814/17366828/372af458-595b-11e6-81e5-2c9f97282305.png) **Default node:** 595 attacker IPs for ~50% attack success. **Default node + test-before-evict:** 620 attacker IPs for ~50% attack success. **Feeler node:** 5540 attacker IPs for ~50% attack success. **Feeler node + test-before-evict:** 8600 attacker IPs for ~50% attack success. The node running feeler connections has 10 times as many online IP addresses in its tried table making an attack 10 times harder (i.e. requiring the an attacker require 10 times as many IP addresses in different /16s). Adding test-before-evict increases resistance of the node by an additional 3000 attacker IP addresses. Below I graph the attack over even greater attacker resources (i.e. more attacker controled IP addresses). Note that test-before-evict maintains some security far longer even against an attacker with 50,000 IPs. If this node had a larger tried table test-before-evict could greatly boost a nodes resistance to eclipse attacks. ![attacker graph long view](https://cloud.githubusercontent.com/assets/274814/17367108/96f46d64-595c-11e6-91cd-edba160598e7.png) Tree-SHA512: fdad4d26aadeaad9bcdc71929b3eb4e1f855b3ee3541fbfbe25dca8d7d0a1667815402db0cb4319db6bd3fcd32d67b5bbc0e12045c4252d62d6239b7d77c4395
2018-03-06 21:36:48 +01:00
}
void CAddrMan::ResolveCollisions_()
{
for (std::set<int>::iterator it = m_tried_collisions.begin(); it != m_tried_collisions.end();) {
int id_new = *it;
bool erase_collision = false;
// If id_new not found in mapInfo remove it from m_tried_collisions
if (mapInfo.count(id_new) != 1) {
erase_collision = true;
} else {
CAddrInfo& info_new = mapInfo[id_new];
// Which tried bucket to move the entry to.
int tried_bucket = info_new.GetTriedBucket(nKey);
int tried_bucket_pos = info_new.GetBucketPosition(nKey, false, tried_bucket);
if (!info_new.IsValid()) { // id_new may no longer map to a valid address
erase_collision = true;
} else if (vvTried[tried_bucket][tried_bucket_pos] != -1) { // The position in the tried bucket is not empty
// Get the to-be-evicted address that is being tested
int id_old = vvTried[tried_bucket][tried_bucket_pos];
CAddrInfo& info_old = mapInfo[id_old];
// Has successfully connected in last X hours
if (GetAdjustedTime() - info_old.nLastSuccess < ADDRMAN_REPLACEMENT_HOURS*(60*60)) {
erase_collision = true;
} else if (GetAdjustedTime() - info_old.nLastTry < ADDRMAN_REPLACEMENT_HOURS*(60*60)) { // attempted to connect and failed in last X hours
// Give address at least 60 seconds to successfully connect
if (GetAdjustedTime() - info_old.nLastTry > 60) {
Merge #12622: net: Correct addrman logging b4db76c55 net: Correct addrman logging (Wladimir J. van der Laan) Pull request description: These were introduced in #9037. Found by @theuni (https://github.com/bitcoin/bitcoin/pull/9037#pullrequestreview-101704656). Tree-SHA512: 9b5153da8a8e5d4ddf9513a5c453f9609cffd4df2924fd48c7b36c1b1055748c7077d4fc0e70be62ca36af87df7f621a744bb374a234baba271ce4982a240825
2018-03-06 22:15:43 +01:00
LogPrint(BCLog::ADDRMAN, "Swapping %s for %s in tried table\n", info_new.ToString(), info_old.ToString());
Merge #9037: net: Add test-before-evict discipline to addrman e68172ed9 Add test-before-evict discipline to addrman (Ethan Heilman) Pull request description: This change implement countermeasures 3 (test-before-evict) suggested in our paper: ["Eclipse Attacks on Bitcoin’s Peer-to-Peer Network"](http://cs-people.bu.edu/heilman/eclipse/). # Design: A collision occurs when an address, addr1, is being moved to the tried table from the new table, but maps to a position in the tried table which already contains an address (addr2). The current behavior is that addr1 would evict addr2 from the tried table. This change ensures that during a collision, addr1 is not inserted into tried but instead inserted into a buffer (setTriedCollisions). The to-be-evicted address, addr2, is then tested by [a feeler connection](https://github.com/bitcoin/bitcoin/pull/8282). If addr2 is found to be online, we remove addr1 from the buffer and addr2 is not evicted, on the other hand if addr2 is found be offline it is replaced by addr1. An additional small advantage of this change is that, as no more than ten addresses can be in the test buffer at once, and addresses are only cleared one at a time from the test buffer (at 2 minute intervals), thus an attacker is forced to wait at least two minutes to insert a new address into tried after filling up the test buffer. This rate limits an attacker attempting to launch an eclipse attack. # Risk mitigation: - To prevent this functionality from being used as a DoS vector, we limit the number of addresses which are to be tested to ten. If we have more than ten addresses to test, we drop new addresses being added to tried if they would evict an address. Since the feeler thread only creates one new connection every 2 minutes the additional network overhead is limited. - An address in tried gains immunity from tests for 4 hours after it has been tested or successfully connected to. # Tests: This change includes additional addrman unittests which test this behavior. I ran an instance of this change with a much smaller tried table (2 buckets of 64 addresses) so that collisions were much more likely and observed evictions. ``` 2016-10-27 07:20:26 Swapping 208.12.64.252:8333 for 68.62.95.247:8333 in tried table 2016-10-27 07:20:26 Moving 208.12.64.252:8333 to tried ``` I documented tests we ran against similar earlier versions of this change in #6355. # Security Benefit This is was originally posted in PR #8282 see [this comment for full details](https://github.com/bitcoin/bitcoin/pull/8282#issuecomment-237255215). To determine the security benefit of these larger numbers of IPs in the tried table I modeled the attack presented in [Eclipse Attacks on Bitcoin’s Peer-to-Peer Network](https://eprint.iacr.org/2015/263). ![attackergraph40000-10-1000short-line](https://cloud.githubusercontent.com/assets/274814/17366828/372af458-595b-11e6-81e5-2c9f97282305.png) **Default node:** 595 attacker IPs for ~50% attack success. **Default node + test-before-evict:** 620 attacker IPs for ~50% attack success. **Feeler node:** 5540 attacker IPs for ~50% attack success. **Feeler node + test-before-evict:** 8600 attacker IPs for ~50% attack success. The node running feeler connections has 10 times as many online IP addresses in its tried table making an attack 10 times harder (i.e. requiring the an attacker require 10 times as many IP addresses in different /16s). Adding test-before-evict increases resistance of the node by an additional 3000 attacker IP addresses. Below I graph the attack over even greater attacker resources (i.e. more attacker controled IP addresses). Note that test-before-evict maintains some security far longer even against an attacker with 50,000 IPs. If this node had a larger tried table test-before-evict could greatly boost a nodes resistance to eclipse attacks. ![attacker graph long view](https://cloud.githubusercontent.com/assets/274814/17367108/96f46d64-595c-11e6-91cd-edba160598e7.png) Tree-SHA512: fdad4d26aadeaad9bcdc71929b3eb4e1f855b3ee3541fbfbe25dca8d7d0a1667815402db0cb4319db6bd3fcd32d67b5bbc0e12045c4252d62d6239b7d77c4395
2018-03-06 21:36:48 +01:00
// Replaces an existing address already in the tried table with the new address
Good_(info_new, false, GetAdjustedTime());
erase_collision = true;
}
}
} else { // Collision is not actually a collision anymore
Good_(info_new, false, GetAdjustedTime());
erase_collision = true;
}
}
if (erase_collision) {
m_tried_collisions.erase(it++);
} else {
it++;
}
}
}
CAddrInfo CAddrMan::SelectTriedCollision_()
{
if (m_tried_collisions.size() == 0) return CAddrInfo();
std::set<int>::iterator it = m_tried_collisions.begin();
// Selects a random element from m_tried_collisions
std::advance(it, GetRandInt(m_tried_collisions.size()));
int id_new = *it;
// If id_new not found in mapInfo remove it from m_tried_collisions
if (mapInfo.count(id_new) != 1) {
m_tried_collisions.erase(it);
return CAddrInfo();
}
CAddrInfo& newInfo = mapInfo[id_new];
// which tried bucket to move the entry to
int tried_bucket = newInfo.GetTriedBucket(nKey);
int tried_bucket_pos = newInfo.GetBucketPosition(nKey, false, tried_bucket);
int id_old = vvTried[tried_bucket][tried_bucket_pos];
return mapInfo[id_old];
}
Reference in New Issue Copy Permalink