Commit graph

879 commits

Author SHA1 Message Date
Carl Dong
f0a2fb3c5d scripted-diff: Rename pindexBestHeader, fHavePruned
...to m_best_header and m_have_pruned

-BEGIN VERIFY SCRIPT-
find_regex="\bpindexBestHeader\b" \
    && git grep -l -E "$find_regex" -- src \
        | xargs sed -i -E "s@$find_regex@m_best_header@g"
find_regex="\bfHavePruned\b" \
    && git grep -l -E "$find_regex" -- src \
        | xargs sed -i -E "s@$find_regex@m_have_pruned@g"
-END VERIFY SCRIPT-
2022-04-19 14:36:18 -04:00
Carl Dong
73eedaaacc style-only: Miscellaneous whitespace changes
...of touched lines and surrounding
2022-04-19 14:34:56 -04:00
Carl Dong
0d567daf23 move-mostly: Make pindexBestHeader a ChainMan member
[META] In the next commit, we move the clearing of pindexBestHeader to
       ChainstateManager::Unload()
2022-04-19 14:34:55 -04:00
fanquake
37a16ffd70
refactor: fix clang-tidy named args usage 2022-04-04 09:01:19 +01:00
John Newbery
0bca5f2b46 [net processing] PushNodeVersion() takes a const Peer&
The peer object is not mutated by PushNodeVersion, so pass a const reference
2022-03-29 15:54:16 +01:00
John Newbery
21154ff927 net_processing: move CNode data access out of lock
CNode::m_relays_tx and CNode::m_bloom_filter_loaded access don't require
the Peer::TxRelay::m_bloom_filter_mutex lock, so move them out of the
lock scope.

See https://github.com/bitcoin/bitcoin/pull/21160#discussion_r736785417
and https://github.com/bitcoin/bitcoin/pull/21160#discussion_r736785662.
2022-03-28 08:23:32 +01:00
fanquake
9344697e57
Merge bitcoin/bitcoin#21160: net/net processing: Move tx inventory into net_processing
1066d10f71 scripted-diff: rename TxRelay members (John Newbery)
575bbd0dea [net processing] Move tx relay data to Peer (John Newbery)
785f55f7ee [net processing] Move m_wtxid_relay to Peer (John Newbery)
36346703f8 [net] Add CNode.m_relays_txs and CNode.m_bloom_filter_loaded (John Newbery)

Pull request description:

  This continues the work of moving application layer data into net_processing, by moving all tx data into the new Peer object added in #19607.

  For motivation, see #19398.

ACKs for top commit:
  dergoegge:
    ACK 1066d10f71 - This is a good layer separation improvement with no behavior changes.
  glozow:
    utACK 1066d10f71

Tree-SHA512: 0c9d6b8a0a05e2d816b6d6588b7df133842ec960ae67667813422aa7bd8eb5308599c714f3822a98ddbdf364ffab9050b055079277ba4aff24092557ff99ebcc
2022-03-25 15:16:00 +00:00
MarcoFalke
fae679065e
Add CSerializedNetMsg::Copy() helper
This makes code that uses the helper less verbose.

Moreover, this makes net_processing C++20 compliant. Otherwise, it would
lead to a compile error (see below). C++20 disables aggregate
initialization when any constructor is declared. See
http://open-std.org/JTC1/SC22/WG21/docs/papers/2018/p1008r1.pdf

net_processing.cpp:1627:42: error: no matching constructor for initialization of 'CSerializedNetMsg'
            m_connman.PushMessage(pnode, CSerializedNetMsg{ser_cmpctblock.data, ser_cmpctblock.m_type});
                                         ^                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2022-03-24 11:37:34 +01:00
MarcoFalke
6c72f3192a
Merge bitcoin/bitcoin#23880: p2p: Serialize cmpctblock at most once in NewPoWValidBlock
fa61dd44f9 p2p: Serialize cmpctblock at most once in NewPoWValidBlock (MarcoFalke)

Pull request description:

  Instead of serializing for each peer, serialize at most once and copy the raw data for each peer.

ACKs for top commit:
  shaavan:
    reACK fa61dd44f9
  theStack:
    Code-review ACK fa61dd44f9

Tree-SHA512: ed029aeaea67fdac8ddb865069f8166bc0dd8480418c405628e3e1a43b61161584a09a1814668bcd220602e8732e188be2bfed9242aa81bdbd92c64c702ed138
2022-03-21 10:00:40 +01:00
John Newbery
1066d10f71 scripted-diff: rename TxRelay members
-BEGIN VERIFY SCRIPT-
ren() { sed -i "s:\<$1\>:$2:g" $(git grep -l "\<$1\>" ./src ./test); }

ren cs_filter             m_bloom_filter_mutex
ren fRelayTxes            m_relay_txs
ren pfilter               m_bloom_filter
ren cs_tx_inventory       m_tx_inventory_mutex
ren filterInventoryKnown  m_tx_inventory_known_filter
ren setInventoryTxToSend  m_tx_inventory_to_send
ren fSendMempool          m_send_mempool
ren nNextInvSend          m_next_inv_send_time
ren minFeeFilter          m_fee_filter_received
ren lastSentFeeFilter     m_fee_filter_sent
-END VERIFY SCRIPT-
2022-03-18 11:35:58 +00:00
John Newbery
575bbd0dea [net processing] Move tx relay data to Peer 2022-03-18 11:35:56 +00:00
John Newbery
785f55f7ee [net processing] Move m_wtxid_relay to Peer
Also, remove cs_main guard from m_wtxid_relay_peers and make it atomic.
This should be fine since we don't need m_wtxid_relay_peers to be
synchronized with m_wtxid_relay exactly at all times.

After this change, RelayTransaction no longer requires cs_main.
2022-03-18 11:21:48 +00:00
John Newbery
36346703f8 [net] Add CNode.m_relays_txs and CNode.m_bloom_filter_loaded
We'll move the transaction relay data into Peer in subsequent commits,
but the inbound eviction logic needs to know if the peer is relaying
txs and if the peer has loaded a bloom filter.

This is currently redundant information with m_tx_relay->fRelayTxes,
but when m_tx_relay is moved into net_processing, then we'll need these
separate fields in CNode.
2022-03-18 11:21:48 +00:00
MarcoFalke
384866e870
Merge bitcoin/bitcoin#24427: refactor: Release cs_main before MaybeSendFeefilter
faa329fd46 refactor: Release cs_main before MaybeSendFeefilter (MarcoFalke)

Pull request description:

  There is no need for any lock to be held, because net processing is single threaded. So holding the validation lock cs_main for sending a feefilter is confusing and might even degrade blockchain-related RPC performance minimally.

ACKs for top commit:
  ajtowns:
    ACK faa329fd46 ; code review only
  vasild:
    ACK faa329fd46

Tree-SHA512: 3e7f9faff1631cc64c86fc1a354ada67617ad1e7a046625cc741f4711854eb41ca8aad5a51ef0d94ff65947b68dba8345c9f786b20ee0a8b7a2e8741cfced21f
2022-03-07 08:47:05 +01:00
Vasil Dimov
0cfc0cd322
net: fix GetListenPort() to derive the proper port
`GetListenPort()` uses a simple logic: "if `-port=P` is given, then we
must be listening on `P`, otherwise we must be listening on `8333`".
This is however not true if `-bind=` has been provided with `:port` part
or if `-whitebind=` has been provided. Thus, extend `GetListenPort()` to
return the port from `-bind=` or `-whitebind=`, if any.

Fixes https://github.com/bitcoin/bitcoin/issues/20184 (cases 1. 2. 3. 5.)
2022-03-02 15:42:37 +01:00
MarcoFalke
faa329fd46
refactor: Release cs_main before MaybeSendFeefilter 2022-02-23 10:26:54 +01:00
Vasil Dimov
d0abce9a50
net: include the port when deciding a relay destination
In `PeerManagerImpl::RelayAddress()` we used just the hash of the
address that is being relayed to decide where to relay it to. Include
the port in that hash, so that e.g. `1.1.1.1:5555` and `1.1.1.1:6666`
get relayed to different peers. Those are two different, distinct
services after all.
2022-02-11 15:21:51 +01:00
MarcoFalke
fa61dd44f9
p2p: Serialize cmpctblock at most once in NewPoWValidBlock 2022-01-26 09:10:26 +01:00
Hennadii Stepanov
5d59ae0ba8
Remove/inline ReadRawBlockFromDisk(block_data, pindex, message_start) 2022-01-25 20:43:37 +01:00
MarcoFalke
39d9bbe4ac
Merge bitcoin/bitcoin#23706: rpc: getblockfrompeer followups
923312fbf6 rpc: use peer_id, block_hash for FetchBlock (Sjors Provoost)
34d5399211 rpc: more detailed errors for getblockfrompeer (Sjors Provoost)
60243cac72 rpc: turn already downloaded into error in getblockfrompeer (Sjors Provoost)
809d66bb65 rpc: clarify getblockfrompeer behavior when called multiple times (Sjors Provoost)
0e3d7c5ee1 refactor: drop redundant hash argument from FetchBlock (Sjors Provoost)
8d1a3e6498 rpc: allow empty JSON object result (Sjors Provoost)
bfbf91d0b2 test: fancier Python for getblockfrompeer (Sjors Provoost)

Pull request description:

  Followups from #20295.

ACKs for top commit:
  jonatack:
    ACK 923312fbf6 📦
  fjahr:
    tested ACK 923312fbf6

Tree-SHA512: da9eca76e302e249409c9d7f0d16cca668ed981e2ab6ca2d1743dad0d830b94b1bc5ffb9028a00764b863201945c273cc8f4409a4c9ca3817830007dffa2bc20
2022-01-25 18:48:41 +01:00
MarcoFalke
973c390298
Merge bitcoin/bitcoin#24078: net, refactor: Rename CNetMessage::m_command with CNetMessage::m_type
224d87855e net, refactor: Drop tautological local variables (Hennadii Stepanov)
3073a9917b scripted-diff: Rename CNetMessage::m_command with CNetMessage::m_type (Hennadii Stepanov)

Pull request description:

  https://github.com/bitcoin/bitcoin/pull/18533#issue-594592488:
  > a message is not a command, but simply a message of some type

  Continuation of bitcoin/bitcoin#18533 and bitcoin/bitcoin#18937.

ACKs for top commit:
  theStack:
    Concept and code-review ACK 224d87855e
  shaavan:
    Code Review ACK 224d87855e
  w0xlt:
    crACK 224d878

Tree-SHA512: 898cafb44708dae1413fcc1533d809d75878891354f1b5edaaec1287f4921c31adc9330f4d42d82544a39689886bc17fee71ea587f9199fd5cc849d376f82176
2022-01-24 08:49:17 +01:00
fanquake
6d859cbd79
Merge bitcoin/bitcoin#24021: Rename and move PoissonNextSend functions
9b8dcb25b5 [net processing] Rename PoissonNextSendInbound to NextInvToInbounds (John Newbery)
ea99f5d01e [net processing] Move PoissonNextSendInbound to PeerManager (John Newbery)
bb060746df scripted-diff: replace PoissonNextSend with GetExponentialRand (John Newbery)
03cfa1b603 [refactor] Use uint64_t and std namespace in PoissonNextSend (John Newbery)
9e64d69bf7 [move] Move PoissonNextSend to src/random and update comment (John Newbery)

Pull request description:

  `PoissonNextSend` and `PoissonNextSendInbound` are used in the p2p code to obfuscate various regularly occurring processes, in order to make it harder for others to get timing-based information deterministically.

  The naming of these functions has been confusing to several people (including myself, see also #23347) because the resulting random timestamps don't follow a Poisson distribution but an exponential distribution (related to events in a Poisson process, hence the name). This PR
  - moves `PoissonNextSend()` out of `net` to `random` and renames it to `GetExponentialRand()`
  - moves `PoissonNextSendInbound()` out of `CConnman` to `PeerManager` and renames it to `NextInvToInbounds()`
  - adds documentation for these functions

  This is work by jnewbery - due to him being less active currently, I opened the PR and will address feedback.

ACKs for top commit:
  jnewbery:
    ACK 9b8dcb25b5
  hebasto:
    ACK 9b8dcb25b5, I have reviewed the code and it looks OK, I agree it can be merged.
  theStack:
    ACK 9b8dcb25b5 📊

Tree-SHA512: 85c366c994e7147f9981fe863fb9838502643fa61ffd32d55a43feef96a38b79a5daa2c4d38ce01074897cc95fa40c76779816edad53f5265b81b05c3a1f4f50
2022-01-23 11:44:02 +08:00
Sebastian Falbesoner
0639aba42a scripted-diff: rename cs_SubVer -> m_subver_mutex
-BEGIN VERIFY SCRIPT-
sed -i 's/cs_SubVer/m_subver_mutex/g' ./src/net.h ./src/net.cpp ./src/net_processing.cpp
-END VERIFY SCRIPT-
2022-01-16 16:47:11 +01:00
Hennadii Stepanov
224d87855e
net, refactor: Drop tautological local variables 2022-01-15 21:03:00 +02:00
Hennadii Stepanov
3073a9917b
scripted-diff: Rename CNetMessage::m_command with CNetMessage::m_type
-BEGIN VERIFY SCRIPT-
sed -i 's/std::string m_command;/std::string m_type;/g' ./src/net.h
sed -i 's/* command and size./* type and size./g' ./src/net.h
sed -i 's/msg.m_command/msg.m_type/g' ./src/net.cpp ./src/net_processing.cpp ./src/test/fuzz/p2p_transport_serialization.cpp
-END VERIFY SCRIPT-
2022-01-15 20:59:19 +02:00
John Newbery
9b8dcb25b5 [net processing] Rename PoissonNextSendInbound to NextInvToInbounds 2022-01-13 15:55:01 +01:00
John Newbery
ea99f5d01e [net processing] Move PoissonNextSendInbound to PeerManager 2022-01-13 15:55:01 +01:00
John Newbery
bb060746df scripted-diff: replace PoissonNextSend with GetExponentialRand
This distribution is used for more than just the next inv send, so make
the name more generic.

Also rename to "exponential" to avoid the confusion that this is a
poisson distribution.

-BEGIN VERIFY SCRIPT-
ren() { sed -i "s/\<$1\>/$2/g" $(git grep -l "$1" ./src) ; }

ren  PoissonNextSend   GetExponentialRand
ren  "a poisson timer" "an exponential timer"
-END VERIFY SCRIPT-
2022-01-13 15:55:01 +01:00
Russell Yanofsky
90fc8b089d Add src/node/* code to node:: namespace 2022-01-06 22:14:16 -05:00
MarcoFalke
06209574da
Merge bitcoin/bitcoin#23832: Refactor: Changes time variables from int to chrono
fe86eb50c9 Refactor: Uses c++ init convention for time variables (Shashwat)
6111b0d7fa Refactor: Changes remaining time variable type from int to chrono (Shashwat)

Pull request description:

  This PR is a follow-up to #23801.
  This PR aims to make the following changes to all the time variables in **net_processing.cpp** wherever possible.

  - Convert all time variables to `std::chrono.`
  - Use `chorno::literals` wherever possible.
  - Use `auto` keywords wherever possible.
  - Use `var{val}` convention of initialization.

  This PR also minimizes the number of times, serialization of time `count_seconds(..)` occurs.

ACKs for top commit:
  MarcoFalke:
    re-ACK fe86eb50c9  🏕

Tree-SHA512: c8684c0c60a11140027e36b6e9706a45ecdeae6b5ba0bf267e50655835daee5e5410e34096a8c4eca005f327caae1ac258cc7b8ba663eab58abf131f6d2f4d42
2022-01-06 13:37:26 +01:00
MarcoFalke
fa9f4554ca
refactor: Remove pointless and confusing shift in RelayAddress 2022-01-04 17:07:29 +01:00
Shashwat
fe86eb50c9 Refactor: Uses c++ init convention for time variables
This commit does following changes to time variables in net_processing.h:
- Used {} initialization.
- Uses universal initializer auto.
- Uses chrono::literals

The reason for these changes is to make code simpler, and easier to
understand and rationalize.
2022-01-04 11:17:22 +05:30
Shashwat
6111b0d7fa Refactor: Changes remaining time variable type from int to chrono 2022-01-04 11:17:22 +05:30
Hennadii Stepanov
f47dda2c58
scripted-diff: Bump copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-

Commits of previous years:
* 2020: fa0074e2d8
* 2019: aaaaad6ac9
2021-12-30 19:36:57 +02:00
Sjors Provoost
923312fbf6
rpc: use peer_id, block_hash for FetchBlock 2021-12-24 16:29:04 +01:00
Sjors Provoost
34d5399211
rpc: more detailed errors for getblockfrompeer 2021-12-24 16:29:03 +01:00
Sjors Provoost
809d66bb65
rpc: clarify getblockfrompeer behavior when called multiple times 2021-12-24 16:28:54 +01:00
Sjors Provoost
0e3d7c5ee1
refactor: drop redundant hash argument from FetchBlock 2021-12-24 16:28:53 +01:00
MarcoFalke
3ec8f9f123
Merge bitcoin/bitcoin#23801: Refactor: Change time variable type from int64_t to std::chrono::seconds in net_processing.cpp
92082ea0bb Change time variable type to std::chrono::seconds in src/net_processing.cpp (Shashwat)

Pull request description:

  - This is a follow-up to PR #23758
  - This changes the remaining time variable in `net_processing.cpp` from **int64_t** to **std::chrono::seconds**

ACKs for top commit:
  naumenkogs:
    ACK 92082ea0bb
  hebasto:
    re-ACK 92082ea0bb

Tree-SHA512: 559e351d9046d4ba2b842ae38da13b4befc7feee71f0762f97907812471e2840b0d43c90c92222d15619fe40cc21f11d40900500ca07b470f7ac8b0046cc1d68
2021-12-20 11:48:54 +01:00
Shashwat
92082ea0bb Change time variable type to std::chrono::seconds in src/net_processing.cpp
- This commit is a followup to commit: 60b579
- This changes the remaining time variable in net_processing.cpp from
int64_t to std::chrono
2021-12-20 11:32:37 +05:30
W. J. van der Laan
14ba286556
Merge bitcoin/bitcoin#23695: p2p: Always serialize local timestamp for version msg
fa1dc9b36a p2p: Always serialize local timestamp for version msg (MarcoFalke)

Pull request description:

  Currently we serialize the local time when connecting to outbound connections and the "adjusted network" time when someone connects to us.

  I presume the reason is to avoid a fingerprint in case the local time is misconfigured. However, the fingerprint still exits when:
  * The local time goes out-of-sync after timedata is filled up, in which case the adjusted time is *not* adjusted. See comment in `src/timedata.cpp`. (In practise I expect no adjustment to happen after timedata is filled up by one entry more than half its size).
  * The local time is off by more than 70 minutes. See `DEFAULT_MAX_TIME_ADJUSTMENT`. While there is a warning in this case, the warning might be missed by the node operator.
  * The adjusted time is poisoned by an attacker. This is only a theoretical concern after commit e457513eb1.

  Using the adjusted time does help in a the case where the local time is off by a constant less than 70 minutes and the node quickly connects to 5 outbound peers to retrieve the adjusted time.

  Still, I think using `GetAdjustedTime` here gives a false sense of security. It will be better for node operators to instead set the correct time.

ACKs for top commit:
  naumenkogs:
    ACK fa1dc9b36a
  laanwj:
    Code review ACK fa1dc9b36a
  w0xlt:
    crACK fa1dc9b

Tree-SHA512: 70a0f4ab3500e6ddcde291620e35273018cefd1d9e94b91ad333e360139ed18862718bb1a9854af2bf79990bf74b05d95492f77d0747c7b9bdd276c020116dcb
2021-12-17 21:44:59 +01:00
MarcoFalke
fa3d62cf7b
Move FindForkInGlobalIndex from BlockManager to CChainState
The helper was moved in commit b026e318c3,
which also mentioned that it could be moved to CChainState. So do that,
as the functionality is not block-storage related.

This also allows to drop one function argument.
2021-12-15 17:45:48 +01:00
MarcoFalke
60b5795133
Merge bitcoin/bitcoin#23758: net: Use type-safe mockable time for peer connection time
fad943821e scripted-diff: Rename touched member variables (MarcoFalke)
fa663a4c0d Use mockable time for peer connection time (MarcoFalke)
fad7ead146 refactor: Use type-safe std::chrono in net (MarcoFalke)

Pull request description:

  Benefits:
  * Type-safe
  * Mockable
  * Allows to revert a temporary test workaround

ACKs for top commit:
  naumenkogs:
    ACK fad943821e
  shaavan:
    ACK fad943821e

Tree-SHA512: af9bdfc695ab727b100c6810a7289d29b02b0ea9fa4fee9cc1f3eeefb52c8c465ea2734bae0c1c63b3b0d6264ba2c493268bc970ef6916570eb166de77829d82
2021-12-15 13:07:34 +01:00
MarcoFalke
fa1dc9b36a
p2p: Always serialize local timestamp for version msg 2021-12-14 18:04:48 +01:00
MarcoFalke
9635760ce8
Merge bitcoin/bitcoin#22777: net processing: don't request tx relay on feeler connections
eaf6be0114 [net processing] Do not request transaction relay from feeler connections (John Newbery)
0220b834b1 [test] Add testing for outbound feeler connections (John Newbery)

Pull request description:

  Feelers are short-lived connections used to test the viability of peers. The bitcoind node will periodically open feeler connections to addresses in its addrman, wait for a `version` message from the peer, and then close the connection.

  Currently, we set `fRelay` to `1` in the `version` message for feeler connections, indicating that we want the peer to relay transactions to us. However, we close the connection immediately on receipt of the `version` message, and so never process any incoming transaction announcements. This PR changes that behaviour to instead set `fRelay` to `0` indicating that we do not wish to receive transaction announcements from the peer.

  This PR also extends the `addconnection` RPC to allow creating outbound feeler connections from the node to the test framework, and a test to verify that the node sets `fRelay` to `0` in the `version` message to feeler connections.

ACKs for top commit:
  naumenkogs:
    ACK eaf6be0114
  MarcoFalke:
    review ACK eaf6be0114 🏃

Tree-SHA512: 1c56837dbd0a396fe404a5e39f7459864d15f666664d6b35ad109628b13158e077e417e586bf48946a23bd5cbe63716cb4bf22cdf8781b74dfce6047b87b465a
2021-12-14 17:57:10 +01:00
MarcoFalke
fad943821e
scripted-diff: Rename touched member variables
-BEGIN VERIFY SCRIPT-

 ren() { sed -i "s/\<$1\>/$2/g" $( git grep -l "$1" ./src/ ) ; }

 ren nLastBlockTime m_last_block_time
 ren nLastTXTime    m_last_tx_time
 ren nTimeConnected m_connected

-END VERIFY SCRIPT-
2021-12-13 13:32:08 +01:00
MarcoFalke
fad7ead146
refactor: Use type-safe std::chrono in net 2021-12-13 12:32:09 +01:00
MarcoFalke
9f7661c0c4
Merge bitcoin/bitcoin#19499: p2p: Make timeout mockable and type safe, speed up test
fadc0c80ae p2p: Make timeout mockable and type safe, speed up test (MarcoFalke)
fa6d5a238d scripted-diff: Rename m_last_send and m_last_recv (MarcoFalke)

Pull request description:

  Use type-safe time for better code readability/maintainability and mockable time for better testability. This speeds up the p2p_timeout test.

  This is also a bugfix for intermittent test issues like: https://cirrus-ci.com/task/4769904156999680?command=ci#L2836

  Fixes #20654

ACKs for top commit:
  laanwj:
    Code review ACK fadc0c80ae
  naumenkogs:
    ACK fadc0c80ae

Tree-SHA512: 28c6544c97f188c8a0fbc80411c74ab74ffd055885322c325aa3d1c404b29c3fd70a737e86083eecae58ef394db1cb56bc122d06cff63742aa89a8e868730c64
2021-12-10 10:02:12 +01:00
MarcoFalke
f6013265b7
Merge bitcoin/bitcoin#20295: rpc: getblockfrompeer
dce8c4c381 rpc: getblockfrompeer (Sjors Provoost)
b884ababc2 rpc: move Ensure* helpers to server_util.h (Sjors Provoost)

Pull request description:

  This adds an RPC method to fetch a block directly from a peer. This can used to fetch stale blocks with lower proof of work that are normally ignored by the node (`headers-only` in `getchaintips`).

  Usage:
  ```
  bitcoin-cli getblockfrompeer HASH peer_n
  ```

  Closes #20155

  Limitations:
  * you have to specify which peer to fetch the block from
  * the node must already have the header

ACKs for top commit:
  jnewbery:
    ACK dce8c4c381
  fjahr:
     re-ACK dce8c4c381

Tree-SHA512: 843ba2b7a308f640770d624d0aa3265fdc5c6ea48e8db32269b96a082b7420f7953d1d8d1ef2e6529392c7172dded9d15639fbc9c24e7bfa5cfb79e13a5498c8
2021-12-08 10:39:37 +01:00
fanquake
e457513eb1
Merge bitcoin/bitcoin#23631: p2p: Don't use timestamps from inbound peers for Adjusted Time
0c85dc30e6 p2p: Don't use timestamps from inbound peers (Martin Zumsande)

Pull request description:

  `GetAdjustedTime()` (used e.g. in validation and addrman) returns a time with an offset that is influenced by timestamps that our peers have sent us in their version message.

  Currently, timestamps from all peers are used for this.
  However, I think that it would make sense to ignore the timedata samples from inbound peers, making it much harder for others to influence the Adjusted Time in a targeted way.
  With the extra feeler connections (every 2 minutes on average) and extra block-relay-only connections (every 5 minutes on average) there are also now plenty of opportunities to gather a meaningful number of timedata samples from outbound peers.

  There are some measures in place to prevent abuse: the `-maxtimeadjustment` parameter with a default of 70 minutes, warnings in cases of large deviations, only using the first 200 samples ([explanation](383d350bd5/src/timedata.cpp (L57-L72))), but I think that only using samples from outbound connections in the first place would be an additional safety measure that would make sense.

  See also issue #4521 for further context and links: There have been several discussions in the past about replacing or abolishing the existing timedata system.

ACKs for top commit:
  jnewbery:
    Concept and code review ACK 0c85dc30e6
  naumenkogs:
    ACK 0c85dc30e6
  vasild:
    ACK 0c85dc30e6

Tree-SHA512: 2d6375305bcae034d68b58b7a07777b40ac430dfed554c88e681a048c527536691e1b7d08c0ef995247d356f8e81aa0a4b983bf2674faf6a416264e5f1af0a96
2021-12-07 17:36:53 +08:00