* net: move CBanDB and CAddrDB out of net.h/cpp
This will eventually solve a circular dependency
* net: Create CConnman to encapsulate p2p connections
* net: Move socket binding into CConnman
* net: move OpenNetworkConnection into CConnman
* net: move ban and addrman functions into CConnman
* net: Add oneshot functions to CConnman
* net: move added node functions to CConnman
* net: Add most functions needed for vNodes to CConnman
* net: handle nodesignals in CConnman
* net: Pass CConnection to wallet rather than using the global
* net: Add rpc error for missing/disabled p2p functionality
* net: Pass CConnman around as needed
* gui: add NodeID to the peer table
* net: create generic functor accessors and move vNodes to CConnman
* net: move whitelist functions into CConnman
* net: move nLastNodeId to CConnman
* net: move nLocalHostNonce to CConnman
This behavior seems to have been quite racy and broken.
Move nLocalHostNonce into CNode, and check received nonces against all
non-fully-connected nodes. If there's a match, assume we've connected
to ourself.
* net: move messageHandlerCondition to CConnman
* net: move send/recv statistics to CConnman
* net: move SendBufferSize/ReceiveFloodSize to CConnman
* net: move nLocalServices/nRelevantServices to CConnman
These are in-turn passed to CNode at connection time. This allows us to offer
different services to different peers (or test the effects of doing so).
* net: move semOutbound and semMasternodeOutbound to CConnman
* net: SocketSendData returns written size
* net: move max/max-outbound to CConnman
* net: Pass best block known height into CConnman
CConnman then passes the current best height into CNode at creation time.
This way CConnman/CNode have no dependency on main for height, and the signals
only move in one direction.
This also helps to prevent identity leakage a tiny bit. Before this change, an
attacker could theoretically make 2 connections on different interfaces. They
would connect fully on one, and only establish the initial connection on the
other. Once they receive a new block, they would relay it to your first
connection, and immediately commence the version handshake on the second. Since
the new block height is reflected immediately, they could attempt to learn
whether the two connections were correlated.
This is, of course, incredibly unlikely to work due to the small timings
involved and receipt from other senders. But it doesn't hurt to lock-in
nBestHeight at the time of connection, rather than letting the remote choose
the time.
* net: pass CClientUIInterface into CConnman
* net: Drop StartNode/StopNode and use CConnman directly
* net: Introduce CConnection::Options to avoid passing so many params
* net: add nSendBufferMaxSize/nReceiveFloodSize to CConnection::Options
* net: move vNodesDisconnected into CConnman
* Made the ForEachNode* functions in src/net.cpp more pragmatic and self documenting
* Convert ForEachNode* functions to take a templated function argument rather than a std::function to eliminate std::function overhead
* net: move MAX_FEELER_CONNECTIONS into connman
As per meeting 2016-03-31
https://bitcoincore.org/en/meetings/2016/03/31/#bad-chain-alerts
The partition checker was producing huge number of false-positives
and was disabled in 0.12.1 on the understanding it would either be
fixed in 0.13 or removed entirely from master if not.
*** Dash specific note: ***
This check was disabled in Dash already.
* Make ProcessNewBlock dbp const and update comment
* Switch reindexing to AcceptBlock in-loop and ActivateBestChain afterwards
* Optimize ActivateBestChain for long chains
* Add -reindex-chainstate that does not rebuild block index
* Report reindexing progress in GUI
* Only store and connect to NODE_NETWORK nodes
* Keep addrman's nService bits consistent with outbound observations
* Verify that outbound connections have expected services
* Don't require services in -addnode
* Introduce enum ServiceFlags for service flags
* Introduce REQUIRED_SERVICES constant
* HD wallet
Minimal set of changes (no refactoring) backported from Bitcoin upstream to make HD wallets work in Dash 0.12.1.x+
* minimal bip44 (hardcoded account and change)
* minimal bip39
Additional cmd-line options for new wallet:
-mnemonic
-mnemonicpassphrase
* Do not recreate HD wallet on encryption
Adjusted keypool.py test
* Do not store any private keys for hd wallet besides the master one
Derive all keys on the fly.
Original idea/implementation - btc PR9298, backported and improved
* actually use bip39
* pbkdf2 test
* backport wallet-hd.py test
* Allow specifying hd seed, add dumphdseed rpc, fix bugs
- -hdseed cmd-line param to specify HD seed on wallet creation
- dumphdseed rpc to dump HD seed
- allow seed of any size
- fix dumpwallet rpc bug (wasn't decrypting HD seed)
- print HD seed and extended public masterkey on dumpwallet
* top up keypool on HD wallet encryption
* split HD chain: external/internal
* add missing cs_wallet lock in init.cpp
* fix `const char *` issues (use strings)
* default mnemonic passphrase is an empty string in all cases
* store mnemonic/mnemonicpassphrase
replace dumphdseed with dumphdinfo
* Add fCrypted flag to CHDChain
* prepare internal structures for multiple HD accounts
(plus some code cleanup)
* use secure allocator for storing sensitive HD data
* use secure strings for mnemonic(passphrase)
* small fix in GenerateNewHDChain
* use 24 words for mnemonic by default
* make sure mnemonic passphrase provided by user does not exceed 256 symbols
* more usage of secure allocators and memory_cleanse
* code cleanup
* rename: CSecureVector -> SecureVector
* add missing include
* fix warning in rpcdump.cpp
* refactor mnemonic_check (also fix a bug)
* move bip39 functions to CMnemonic
* Few fixes for CMnemonic:
- use `SecureVector` for data, bits, seed
- `Check` should return bool
* init vectors with desired size where possible
- some were not used, some were included twice, some were in the wrong place, some were missing (but it compiled because some were in the wrong place)
- organized a bit better, grouped dash specific includes in original bitcoin files, should save some time solving conflicts when/if merging patches later
* Make local address discovery more robust in CActiveMasternode
* parameter interaction: -masternode=1 -> setting -listen=1
* slightly postpone first run to give net thread a chance to connect to some peers
* make sure local address detected in CActiveMasternode::ManageStateInitial is valid
* Simplified address detection logic
* locks in PS
* lock in governance
* locks in IS
* lock in ProcessGetData
* locks in CMasternodeSync
* centralize mnodeman.Check call
* locks order in mnpayments
* use current block chainTip when possible (less locks)
* add missing lock in CountInputsWithAmount
* fix deadlock RequestLowDataPaymentBlocks/IsTransactionValid
* LOCK2 in CheckMnbAndUpdateMasternodeList, CheckAndUpdate, SendVerifyRequest
* LOCK(cs) is not needed here
* Decouple governance init actions from serialization
Should fix this:
```
Assertion failed: lock governance.cs not held in governance-classes.cpp:117; locks held:
cs_Shutdown init.cpp:200 (TRY)
cs ./governance.h:195
cs governance.cpp:835
Abort trap: 6
```
* Fix CGovernanceManager initialization problem
* Added logging messages for cases where CGovernanceManager receives a message while not synced
* Prevent potential NULL pointer dereference
- add "spork" debug category
- move "seen" and "unknown" to new "spork" debug category to reduce log spam
- new/updated/seen messages should not overlap
f0ed400 darkSendSigner.SignMessage() should not return error message
154f1b6 darkSendSigner.VerifyMessage() should return non-localized message, its callers should populate error to debug.log
b130c32 darkSendSigner.GetKeysFromSecret() should not return error message, its callers should handle it
068c178 Added DBG macro in util.h to facilitate debugging
- This macro allows debugging statements (typically printf's or cout's) to
be activated or deactivated with a single comment. Uncomment the line:
//#define ENABLE_DASH_DEBUG
in util.h to enable debugging statements.
- When commented any code wrapped with the DBG() macro will simply be removed
by the preprocessor. When not commented all such wrapped statements will
be present.
- For maximum effectiveness it is best that util.h be the first effective include
in all source files. It is also possible to enable the macro for a single file
by temporarily adding #define ENABLE_DASH_DEBUG to the top of the file.
- Code committed to non-development branches should always have the define
commented.
d125d9b V0.12.1.x -- merging trigger/generic object/superblock changes for testnet phase II
- This commit contains the core governance system changes for 0.12.1. Any unrelated
changes have either been removed or moved to separate commits.
120724c File mode fixes
- Changed mode 0755->0644 on several source files.
c7f9e11 Updated todo reminders
- Added reminder to revert temporary reduction of number of votes
required to trigger superblock to 1 for testing
92adc98 Made CSuperblockManager::IsValidSuperblockHeight an inline function
- This is for efficiency since this function is called often and is
only 1 line of code.
c050ed7 Added comment explaining rationale for no LOCK(cs) in CSuperblock::IsValid
dc933fe Removed unused CSuperblockManager::IsBlockValid function
decec88 Moved calls to SuperblockManager::IsValidSuperblockHeight into IsSuperblockTriggered.
- Since calls to the later function are always protected by the former there's
no reason to keep these separate and this simplifies the code in
masternode-payments.cpp.
8672885 Reestablished expected value check for non-superblocks in IsBlockValueValid
b01cbe0 Changes to IsBlockValueValid to fix rpc test failure
a937c76 Changed include order to allow per file activation of the DBG macro
d116aa5 Fixed IsValidSuperblockHeight logic
- Note this has an effect on testing because we can now only create
1 superblock per day. Devs may need to temporarily change testnet params
for easier testing.
2d0c2de Convert superblock payments to CAmount
- We assume that payment values in JSON are in units of DASH
for consistency with other RPC functions, such as
createrawtransaction.
376b833 Revert temporary testing value for nAbsVoteReq
- Also ensure that number of votes required is never smaller than 1
8c89f4b Cleaned up CSuperblock error handling
- Exceptions are now thrown consistently rather than using a mix of
exceptions and return code checking. Exceptions are now caught only
in AddNewTrigger when the CSuperblock constructor is called. Unnecessary object
status members have been removed.
d7c8a6b Removed utilstrencodings header
- This appears to help with travis tests, for unknown reasons.
c4dfc7a Fixed some minor code review issues
63c3580 Reverted locking change in miner.
- This should have been done in the original PR but was overlooked.
4ab72de Fixed variable name to match common practice and bracket formatting
886a678 Improvements to vote conversion code
- Replaced redundantly defined function with inclusion of governance-vote.h
- Replaced magic numbers with their corresponding constant symbols
0a37966 Reordered governance message handling
86d8505 Refactor CActiveMasternode
+ move strMasterNodeAddr to CActiveMasternode
a005c79 Refactor InstantSend
+ new lock cs_instantsend to protect maps on CleanTransactionLocksList()
+ new DEFAULT_INSTANTSEND_DEPTH constant
+ rename MIN_INSTANTX_PROTO_VERSION to MIN_INSTANTSEND_PROTO_VERSION and bump it
d24182c Refactor Privatesend
+ decouple from util.h and version.h
+ more functions for CDarksendBroadcastTx: constructors, signing, serialization
+ move from rand() to insecure_rand() in general but to GetRand() for session id
+ fix defaults
15a6a16 Implement transaction lock zmq notifications
3bc86a6 always push zmqpubhashtxlock even if tx is not from/to our wallet
568315b fix typo
b6d41d2 fix data size for notification name
339be11 implement zmqpubrawtxlock
70f44f9 update zmq_sub.py with hashtxlock and rawtxlock
3249a63 Fix logging - CTransaction::ToString() always has `\n` at the end of a string, avoid adding empty line
ec03753 make mnw errors and ThreadCheckDarkSendPool less spammy
5b678af fix errorMessage - it should not have `\n`, let output code handle line endings instead
a81cdf7 rename `dash-darksend` thread to `dash-privatesend`
5e4f468 fix/remove outdated code
f1c9678 Break tooltip about third party urls in 2 lines
1c860ce Autobackup refactoring and improvements:
- make nWalletBackups globally accessable
- move autobackup code from init.cpp to walletdb.cpp, see AutoBackupWallet function
- refactor autobackup code to warn user if autobackup failed instead of silently ignoring this fact
- refactor autobackup code to be able to backup fresh new wallet right after it was created, add this functionality to init sequence
- add new cmd-line option "-walletbackupsdir" to specify full path to directory for automatic wallet backups, see GetBackupsDir function
0ba1548 autobackup in PS:
- add nKeysLeftSinceAutoBackup to have some idea how many keys in keypool are more or less safe, show it in advanced PS UI mode and in rpc output for privatesend and getwalletinfo commands
- add autobackups support in PrivateSend mixing both in daemon and QT mode, warn user if number of keys left since last autobackup is very low or even stop mixing completely if it's too low
f3a2494 Warn about a special case - less than 60 seconds between restarts i.e. backup file name is the same as previos one. Continue and do not disable automatic backups in this case
.
e7b56bd Refactor to address locked wallets issue, replenish keypool and re-initialize autobackup on unlock (only if was disabled due to keypool issue)
Adjust few message strings.
- use "" account address instead
- remove `collateralPubKey` and `SetCollateralAddress()` from darksend and create `dummyScriptPubkey` and `InitDummyScriptPubkey()` in masternodeman instead
- initialize `dummyScriptPubkey` before loading cache otherwise MNs could be removed because of the invalid tx
- make logthreadnames work correctly without logtimestamps (and with emty strings again)
- fix crash in debug (it3)
- log debug info about locks in one line
- show actual DS rounds instead of n/a in coin control while in debug mode
- fix initial string in debug.log: "Bitcoin version" -> "Dash version"
- Syncing process is now event based, rather than timeout based. This means the system can tell when it's done with each step and moves on between phases much faster. In initial testing it seems to be about 10-15x faster and has synced everytime successfully.
- Please remove print debugging when the syncing system is proven to be debugged.
- Add whitelistforcerelay to control forced relaying.
Also renames whitelistalwaysrelay.
Nodes relay all transactions from whitelisted peers, this
gets in the way of some useful reasons for whitelisting
peers-- for example, bypassing bandwidth limitations.
The purpose of this forced relaying is for specialized gateway
applications where a node is being used as a P2P connection
filter and multiplexer, but where you don't want it getting
in the way of (re-)broadcast.
This change makes it configurable with whitelistforcerelay.
- Blacklist -whitelistalwaysrelay; replaced by -whitelistrelay.
Github-Pull: #7439
Rebased-From: 325c725fb689d113e02a
"permit" is currently used to configure transaction filtering, whereas replacement is more to do with the memory pool state than the transaction itself.
Add a configuration option `-permitrbf` to set transaction replacement policy
for the mempool.
Enabling it will enable (opt-in) RBF, disabling it will refuse all
conflicting transactions.
Conflicts:
src/init.cpp
src/main.cpp
src/main.h
Github-Pull: #7386
Rebased-From: b768108d9c
- Always respect GetRequiredFee for wallet txs
- Add sane fallback for fee estimation
- SQUASHME: Fix rpc tests that assumed fallback to minRelayTxFee
Add new commandline option "-fallbackfee" to use when fee estimation does not have sufficient data.
Github-Pull: #7296
Rebased-From: 995b9f3e420a1bbebe58b
9af5f9c Move uiInterface.NotifyBlockTip signal above the core/wallet signal - This will keep getbestblockhash more in sync with blocknotify callbacks (Jonas Schnelli)
4082e46 [Qt] call GuessVerificationProgress synchronous during core signal, pass double over UI signal (Jonas Schnelli)
947d20b [Qt] reduce cs_main in getVerificationProgress() (Jonas Schnelli)
e6d50fc [Qt] update block tip (height and date) without locking cs_main, update always (each block) (Jonas Schnelli)
012fc91 NotifyBlockTip signal: switch from hash (uint256) to CBlockIndex* - also adds a boolean for indication if the tip update was happening during initial sync - emit notification also during initial sync (Jonas Schnelli)
a46f87f Initialize logging before we do parameter interaction (Jonas Schnelli)
df66147 Move -blocksonly parameter interaction to the new ParameterInteraction() function (Jonas Schnelli)
68354e7 [QT] Call inits parameter interaction before we create the options model (Jonas Schnelli)
411b05a Refactor parameter interaction, call it before AppInit2() (Jonas Schnelli)
1) Chainparams: Explicit CChainParams arg for main:
-AcceptBlock
-AcceptBlockHeader
-ActivateBestChain
-ConnectTip
-InitBlockIndex
-LoadExternalBlockFile
-VerifyDB parametric constructor
2) Also pickup more Params()\. in main.cpp
3) Pass nPruneAfterHeight explicitly to new FindFilesToPrune() in main.cpp
- use defaults in cmd line args/help
- make liquidity provider param interaction more verbose
- allow to override UI restrictions (rounds/amount) from cmd line
This continues/fixes #6719.
`event_base_loopbreak` was not doing what I expected it to, at least in
libevent 2.0.21.
What I expected was that it sets a timeout, given that no other pending
events it would exit in N seconds. However, what it does was delay the
event loop exit with 10 seconds, even if nothing is pending.
Solve it in a different way: give the event loop thread time to exit
out of itself, and if it doesn't, send loopbreak.
This speeds up the RPC tests a lot, each exit incurred a 10 second
overhead, with this change there should be no shutdown overhead in the
common case and up to two seconds if the event loop is blocking.
As a bonus this breaks dependency on boost::thread_group, as the HTTP
server minds its own offspring.
58ef0ff doc: update docs for Tor listening (Wladimir J. van der Laan)
68ccdc4 doc: Mention Tor listening in release notes (Wladimir J. van der Laan)
09c1ae1 torcontrol improvements and fixes (Wladimir J. van der Laan)
2f796e5 Better error message if Tor version too old (Peter Todd)
8f4e67f net: Automatically create hidden service, listen on Tor (Wladimir J. van der Laan)
- Force AUTHCOOKIE size to be 32 bytes: This provides protection against
an attack where a process pretends to be Tor and uses the cookie
authentication method to nab arbitrary files such as the
wallet
- torcontrol logging
- fix cookie auth
- add HASHEDPASSWORD auth, fix fd leak when fwrite() fails
- better error reporting when cookie file is not ok
- better init/shutdown flow
- stop advertizing service when disconnected from tor control port
- COOKIE->SAFECOOKIE auth
69d373f Don't wipe the sigcache in TestBlockValidity (Pieter Wuille)
0b9e9dc Evict sigcache entries that are seen in a block (Pieter Wuille)
830e3f3 Make sigcache faster and more efficient (Pieter Wuille)
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket
API, to create and destroy 'ephemeral' hidden services programmatically.
https://stem.torproject.org/api/control.html#stem.control.Controller.create_ephemeral_hidden_service
This means that if Tor is running (and proper authorization is available),
bitcoin automatically creates a hidden service to listen on, without user
manual configuration. This will positively affect the number of available
.onion nodes.
- When the node is started, connect to Tor through control socket
- Send `ADD_ONION` command
- First time:
- Make it create a hidden service key
- Save the key in the data directory for later usage
- Make it redirect port 8333 to the local port 8333 (or whatever port we're listening on).
- Keep control socket connection open for as long node is running. The hidden service will
(by default) automatically go away when the connection is closed.
6342a48 Init: Use DEFAULT_TRANSACTION_MINFEE in help message (MarcoFalke)
a9c73a1 [wallet] Add comments for doxygen (MarcoFalke)
6b0e622 [wallet] Refactor to use new MIN_CHANGE (MarcoFalke)
a6efc01 Bugfix: Omit wallet-related options from -help when wallet is disabled (Luke Dashjr)
5f9260f Bugfix: If genproclimit is omitted to RPC setgenerate, don't change it; also show correct default in getmininginfo (Luke Dashjr)
420a82f Bugfix: Describe dblogsize option correctly (it refers to the wallet database, not memory pool) (Luke Dashjr)
caa3d42 Bugfix: RPC: blockchain: Display correct defaults in help for verifychain method (Luke Dashjr)
Moves the call Initialize() from init.cpp to CreateWithArguments() and handles the
return value. Moves the call Shutdown() from init.cpp to destructor.
Changes Initialize() and Shutdown() to protected members.
* -maxuploadtarget can be set in MiB
* if <limit> - ( time-left-in-24h-cycle / 600 * MAX_BLOCK_SIZE ) has reach, stop serve blocks older than one week and filtered blocks
* no action if limit has reached, no guarantee that the target will not be surpassed
* add outbound limit informations to rpc getnettotals
After each transaction which is added to mempool, we first call
Expire() to remove old transactions, then throwing away the
lowest-feerate transactions.
After throwing away transactions by feerate, we set the minimum
relay fee to the maximum fee transaction-and-dependant-set we
removed, plus the default minimum relay fee.
After the next block is received, the minimum relay fee is allowed
to decrease exponentially. Its halflife defaults to 12 hours, but
is decreased to 6 hours if the mempool is smaller than half its
maximum size, and 3 hours if the mempool is smaller than a quarter
its maximum size.
The minimum -maxmempool size is 40*-limitdescendantsize, as it is
easy for an attacker to play games with the cheapest
-limitdescendantsize transactions. -maxmempool defaults to 300MB.
This disables high-priority transaction relay when the min relay
fee adjustment is >0 (ie when the mempool is full). When the relay
fee adjustment drops below the default minimum relay fee / 2 it is
set to 0 (re-enabling priority-based free relay).
(note the 9x multiplier on (void*)'s for CTxMemPool::DynamicMemoryUsage
was accidentally introduced in 5add7a7 but should have waited for this
commit which adds the extra index)
ddf98d1 Make RPC tests cope with server-side timeout between requests (Wladimir J. van der Laan)
2190ea6 rpc: Split option -rpctimeout into -rpcservertimeout and -rpcclienttimeout (Wladimir J. van der Laan)
8b2d6ed http: Disable libevent debug logging, if not explicitly enabled (Wladimir J. van der Laan)
5ce43da init: Ignore SIGPIPE (Wladimir J. van der Laan)
The two timeouts for the server and client, are essentially different:
- In the case of the server it should be a lower value to avoid clients
clogging up connection slots
- In the case of the client it should be a high value to accomedate slow
responses from the server, for example for slow queries or when the
lock is contended
Split the options into `-rpcservertimeout` and `-rpcclienttimeout` with
respective defaults of 30 and 900.
Associate with each CTxMemPoolEntry all the size/fees of descendant
mempool transactions. Sort mempool by max(feerate of entry, feerate
of descendants). Update statistics on-the-fly as transactions enter
or leave the mempool.
Also add ancestor and descendant limiting, so that transactions can
be rejected if the number or size of unconfirmed ancestors exceeds
a target, or if adding a transaction would cause some other mempool
entry to have too many (or too large) a set of unconfirmed in-
mempool descendants.
Ignore SIGPIPE on all non-win32 OSes, otherwise an unexpectedly disconnecting
RPC client will terminate the application. This problem was introduced
with the libhttp-based RPC server.
Fixes#6660.
Continues Johnathan Corgan's work.
Publishing multipart messages
Bugfix: Add missing zmq header includes
Bugfix: Adjust build system to link ZeroMQ code for Qt binaries
