| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |\
| |
| |
| |
| | |
90fd29b Remove unused int64_t nSinceLastSeen (practicalswift)
ac4a095 Remove unused Python variables (practicalswift)
|
| | | |
|
| |/ |
|
| |
|
|
|
|
| |
Edited via:
$ contrib/devtools/copyright_header.py update .
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are only a few uses of `insecure_random` outside the tests.
This PR replaces uses of insecure_random (and its accompanying global
state) in the core code with an FastRandomContext that is automatically
seeded on creation.
This is meant to be used for inner loops. The FastRandomContext
can be in the outer scope, or the class itself, then rand32() is used
inside the loop. Useful e.g. for pushing addresses in CNode or the fee
rounding, or randomization for coin selection.
As a context is created per purpose, thus it gets rid of
cross-thread unprotected shared usage of a single set of globals, this
should also get rid of the potential race conditions.
- I'd say TxMempool::check is not called enough to warrant using a special
fast random context, this is switched to GetRand() (open for
discussion...)
- The use of `insecure_rand` in ConnectThroughProxy has been replaced by
an atomic integer counter. The only goal here is to have a different
credentials pair for each connection to go on a different Tor circuit,
it does not need to be random nor unpredictable.
- To avoid having a FastRandomContext on every CNode, the context is
passed into PushAddress as appropriate.
There remains an insecure_random for test usage in `test_random.h`.
|
| |
|
|
| |
Claims a peer makes about itself are inherently more credible.
|
| | |
|
| | |
|
| |
|
|
|
| |
This slows the increase of the nAttempts in addrman while partitioned,
even if the node hasn't yet noticed the partitioning.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a node is offline failed outbound connection attempts will crank up
the addrman counter and effectively blow away our state.
This change reduces the problem by only counting attempts made while
the node believes it has outbound connections to at least two
netgroups.
Connect and addnode connections are also not counted, as there is no
reason to unequally penalize them for their more frequent
connections -- though there should be no real effect from this
unless their addnode configureation is later removed.
Wasteful repeated connection attempts while only a few connections are
up are avoided via nLastTry.
This is still somewhat incomplete protection because our outbound
peers could be down but not timed out or might all be on 'local'
networks (although the requirement for multiple netgroups helps).
|
| |\
| |
| |
| |
| |
| | |
non-determinism.
40c87b6 Increase test coverage for addrman and addrinfo (Ethan Heilman)
|
| | |
| |
| |
| |
| |
| |
| | |
Adds several unittests for CAddrMan and CAddrInfo.
Increases the accuracy of addrman tests.
Removes non-determinism in tests by overriding the random number generator.
Extracts testing code from addrman class to test class.
|
| |/ |
|
| |
|
|
|
| |
Adds several unittests for addrman to verify it works as expected.
Makes small modifications to addrman to allow deterministic and targeted tests.
|
| | |
|
| | |
|
| |\
| |
| |
| | |
1d5b47a nLastTry is only used for addrman entries (Pieter Wuille)
|
| | |
| |
| |
| | |
No need to define it for every CAddress, as it's memory only anyway.
|
| |/
|
|
|
|
|
|
| |
On hosts that had spent some time with a failed internet connection their
nAttempts penalty was going through the roof (e.g. thousands for all peers)
and as a result the connect search was pegging the CPU and failing to get
more than a 4 connections after days of running (because it was taking so
long per try).
|
| |
|
|
|
|
|
| |
This change was suggested as Countermeasure 2 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
|
| |
|
|
|
|
|
| |
This change was suggested as Countermeasure 2 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Give each address a single fixed location in the new and tried tables,
which become simple fixed-size arrays instead of sets and vectors.
This prevents attackers from having an advantages by inserting an
address multiple times.
This change was suggested as Countermeasure 1 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
It is also more efficient.
|
| | |
|
| |
|
|
| |
Suggested by Jonas Nick.
|
| | |
|
| |\
| |
| |
| | |
fa73619 boost: split stream classes out of serialize.h (Cory Fields)
|
| | |
| |
| |
| | |
serialization now has no dependencies.
|
| |/
|
|
| |
Also correct the file license
|
| | |
|
| |
|
|
|
|
|
| |
- Replaced 86400 with 24*60*60
- Remove references to specific timespans in comments
Github-Pull: #4724
|
| | |
|
| |
|
|
|
|
|
| |
After the tinyformat switch sprintf() family functions support passing
actual std::string objects.
Remove unnecessary c_str calls (236 of them) in logging and formatting.
|
| |
|
|
|
|
|
| |
The function Get64(.) has a bug in case the width is not divisible by 64.
Since it is only ever used as Get64(0) this simply changes it to this
special case. Additionally, an assert is added, and a cast to prevent
a compiler error.
|
| |
|
|
|
|
|
|
|
| |
Use misc methods of avoiding unnecesary header includes.
Replace int typedefs with int##_t from stdint.h.
Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h.
Normalize QT_VERSION ifs where possible.
Resolve some indirect dependencies as direct ones.
Remove extern declarations from .cpp files.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
I originally created a pull to replace the "COPYING" in crypter.cpp and
crypter.h, but it turned out that COPYING was actually the correct
file.
|
| |
|
|
|
|
| |
* Use -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameters
* Remove xCXXFLAGS usage in makefile.unix
* Fix several recent and older sign-compare warnings
|
| |
|
|
|
|
|
|
|
| |
A function returned the element to remove from a bucket, instead of its
position in that bucket. This function was only called when a tried
bucket overflowed, which only happens after many outgoing connections
have been made.
Closes: #1065, #1156
|
| | |
|
| |
|
|
|
|
|
| |
This commit removes the dependency of serialize.h on PROTOCOL_VERSION,
and makes this parameter required instead of implicit. This is much saner,
as it makes the places where changing a version number can have an
influence obvious.
|
| |
|
|
|
| |
foo.size() typically returns an unsigned integral type; make loop variables
match those types' signedness.
|
| | |
|
|
|
Design goals:
* Only keep a limited number of addresses around, so that addr.dat does not grow without bound.
* Keep the address tables in-memory, and occasionally write the table to addr.dat.
* Make sure no (localized) attacker can fill the entire table with his nodes/addresses.
See comments in addrman.h for more detailed information.
|