Commit graph

1201 commits

Author SHA1 Message Date
W. J. van der Laan
64059b78f5
Merge bitcoin/bitcoin#21943: Dedup and RAII-fy the creation of a copy of CConnman::vNodes
f52b6b2d9f net: split CConnman::SocketHandler() (Vasil Dimov)
c7eb19ec83 style: remove unnecessary braces (Vasil Dimov)
664ac22c53 net: keep reference to each node during socket wait (Vasil Dimov)
75e8bf55f5 net: dedup and RAII-fy the creation of a copy of CConnman::vNodes (Vasil Dimov)

Pull request description:

  _This is a piece of https://github.com/bitcoin/bitcoin/pull/21878, chopped off to ease review._

  The following pattern was duplicated in CConnman:

  ```cpp
  lock
  create a copy of vNodes, add a reference to each one
  unlock
  ... use the copy ...
  lock
  release each node from the copy
  unlock
  ```

  Put that code in a RAII helper that reduces it to:

  ```cpp
  create snapshot "snap"
  ... use the copy ...
  // release happens when "snap" goes out of scope

ACKs for top commit:
  jonatack:
    ACK  f52b6b2d9f changes since last review are reordered commits, removing an unneeded local variable, and code formatting and documentation improvements
  LarryRuane:
    code review ACK f52b6b2d9f
  promag:
    Code review ACK f52b6b2d9f, only format changes and comment tweaks since last review.

Tree-SHA512: 5ead7b4c641ebe5b215e7baeb7bc0cdab2a588b2871d9a343a1d518535c55c0353d4e46de663f41513cdcc79262938ccea3232f6d5166570fc2230286c985f68
2021-11-24 17:44:07 +01:00
Vasil Dimov
0eea83a85e
scripted-diff: rename proxyType to Proxy
-BEGIN VERIFY SCRIPT-
sed -i 's/\<proxyType\>/Proxy/g' $(git grep -l proxyType)
-END VERIFY SCRIPT-
2021-11-24 12:44:07 +01:00
Vasil Dimov
f52b6b2d9f
net: split CConnman::SocketHandler()
`CConnman::SocketHandler()` does 3 things:
1. Check sockets for readiness
2. Process ready listening sockets
3. Process ready connected sockets

Split the processing (2. and 3.) into separate methods to make the code
easier to grasp.

Also, move the processing of listening sockets after the processing of
connected sockets to make it obvious that there is no dependency and
also explicitly release the snapshot before dealing with listening
sockets - it is only necessary for the connected sockets part.
2021-11-18 13:39:10 +01:00
Vasil Dimov
c7eb19ec83
style: remove unnecessary braces
They were needed to define the scope of `LOCK(cs_vNodes)` which was
removed in the previous commit. Re-indent in a separate commit to ease
review (use `--ignore-space-change`).
2021-11-18 13:39:09 +01:00
Vasil Dimov
664ac22c53
net: keep reference to each node during socket wait
Create the snapshot of `CConnman::vNodes` to operate on earlier in
`CConnman::SocketHandler()`, before calling `CConnman::SocketEvents()`
and pass the `vNodes` copy from the snapshot to `SocketEvents()`.

This will keep the refcount of each node incremented during
`SocketEvents()` so that the `CNode` object is not destroyed before
`SocketEvents()` has finished.

Currently in `SocketEvents()` we only remember file descriptor numbers
(when not holding `CConnman::cs_vNodes`) which is safe, but we will
change this to remember pointers to `CNode::m_sock`.
2021-11-18 13:38:42 +01:00
Vasil Dimov
75e8bf55f5
net: dedup and RAII-fy the creation of a copy of CConnman::vNodes
The following pattern was duplicated in CConnman:

```cpp
lock
create a copy of vNodes, add a reference to each one
unlock
... use the copy ...
lock
release each node from the copy
unlock
```

Put that code in a RAII helper that reduces it to:

```cpp
create snapshot "snap"
... use the copy ...
// release happens when "snap" goes out of scope
```
2021-11-18 13:29:23 +01:00
MarcoFalke
fac49470ca
doc: Fix incorrect C++ named args 2021-11-17 09:25:14 +01:00
MarcoFalke
fa6d5a238d
scripted-diff: Rename m_last_send and m_last_recv
-BEGIN VERIFY SCRIPT-

ren() { sed -i "s/\<$1\>/$2/g" $(git grep -l "$1" ./src) ; }

ren nLastSend m_last_send
ren nLastRecv m_last_recv

-END VERIFY SCRIPT-
2021-11-17 08:45:17 +01:00
Vasil Dimov
6387f397b3
net: recognize CJDNS addresses as such
In some cases addresses come from an external source as a string or as a
`struct sockaddr_in6`, without a tag to tell whether it is a private
IPv6 or a CJDNS address. In those cases interpret the address as a CJDNS
address instead of an IPv6 address if `-cjdnsreachable` is set and the
seemingly-IPv6-address belongs to `fc00::/8`. Those external sources are:

* `-externalip=`
* `-bind=`
* UPnP
* `getifaddrs(3)` (called through `-discover`)
* `addnode`
* `connect`
* incoming connections (returned by `accept(2)`)
2021-11-03 14:58:50 +01:00
MarcoFalke
9e3f7dcaa2
Merge bitcoin/bitcoin#22735: [net] Don't return an optional from TransportDeserializer::GetMessage()
f3e451bebf [net] Replace GetID() with id in TransportDeserializer constructor (Troy Giorshev)
8c96008ab1 [net] Don't return an optional from TransportDeserializer::GetMessage() (Troy Giorshev)

Pull request description:

  Also, access mapRecvBytesPerMsgCmd with `at()` not `find()`. This
  throws an error if COMMAND_OTHER doesn't exist, which should never
  happen. `find()` instead just accessed the last element, which could make
  debugging more difficult.

  Resolves review comments from PR19107:

  - https://github.com/bitcoin/bitcoin/pull/19107#discussion_r478718436
  - https://github.com/bitcoin/bitcoin/pull/19107#discussion_r478714497

ACKs for top commit:
  theStack:
    Code-review ACK f3e451bebf
  ryanofsky:
    Code review ACK f3e451bebf. Changes since last review in https://github.com/bitcoin/bitcoin/pull/20364#pullrequestreview-534369904 were simplifying by dropping the third commit, rebasing, and cleaning up some style & comments in the first commit.

Tree-SHA512: 37de4b25646116e45eba50206e82ed215b0d9942d4847a172c104da4ed76ea4cee29a6fb119f3c34106a9b384263c576cb8671d452965a468f358d4a3fa3c003
2021-11-02 13:40:09 +01:00
MarcoFalke
fadf1186c8
p2p: Use mocktime for ping timeout 2021-10-07 13:22:02 +02:00
MarcoFalke
c4fc899442
Merge bitcoin/bitcoin#22950: [p2p] Pimpl AddrMan to abstract implementation details
021f86953e [style] Run changed files through clang formatter. (Amiti Uttarwar)
375750387e scripted-diff: Rename CAddrInfo to AddrInfo (Amiti Uttarwar)
dd8f7f2500 scripted-diff: Rename CAddrMan to AddrMan (Amiti Uttarwar)
3c263d3f63 [includes] Fix up included files (Amiti Uttarwar)
29727c2aa1 [doc] Update comments (Amiti Uttarwar)
14f9e000d0 [refactor] Update GetAddr_() function signature (Amiti Uttarwar)
40acd6fc9a [move-only] Move constants to test-only header (Amiti Uttarwar)
7cf41bbb38 [addrman] Change CAddrInfo access (Amiti Uttarwar)
e3f1ea659c [move-only] Move CAddrInfo to test-only header file (Amiti Uttarwar)
7cba9d5618 [net, addrman] Remove external dependencies on CAddrInfo objects (Amiti Uttarwar)
8af5b54f97 [addrman] Introduce CAddrMan::Impl to encapsulate addrman implementation. (Amiti Uttarwar)
f2e5f38f09 [move-only] Match ordering of CAddrMan declarations and definitions (Amiti Uttarwar)
5faa7dd6d8 [move-only] Move CAddrMan function definitions to cpp (Amiti Uttarwar)

Pull request description:

  Introduce the pimpl pattern for AddrMan to separate the implementation details from the externally used object representation. This reduces compile-time dependencies and conceptually clarifies AddrMan's interface from the implementation specifics.

  Since the unit & fuzz tests currently rely on accessing AddrMan internals, this PR introduces addrman_impl.h, which is exclusively imported by addrman.cpp and test files.

ACKs for top commit:
  jnewbery:
    ACK 021f86953e
  GeneFerneau:
    utACK [021f869](021f86953e)
  mzumsande:
    ACK 021f86953e
  rajarshimaitra:
    Concept + Code Review ACK 021f86953e
  theuni:
    ACK 021f86953e

Tree-SHA512: aa70cb77927a35c85230163c0cf6d3872382d79048b0fb79341493caa46f8e91498cb787d8b06aba4da17b2f921f2230e73f3d66385519794fff86a831b3a71d
2021-10-05 16:48:33 +02:00
W. J. van der Laan
9e530c6352
Merge bitcoin/bitcoin#20487: Add syscall sandboxing using seccomp-bpf (Linux secure computing mode)
4747da3a5b Add syscall sandboxing (seccomp-bpf) (practicalswift)

Pull request description:

  Add experimental syscall sandboxing using seccomp-bpf (Linux secure computing mode).

  Enable filtering of system calls using seccomp-bpf: allow only explicitly allowlisted (expected) syscalls to be called.

  The syscall sandboxing implemented in this PR is an experimental feature currently available only under Linux x86-64.

  To enable the experimental syscall sandbox the `-sandbox=<mode>` option must be passed to `bitcoind`:

  ```
    -sandbox=<mode>
         Use the experimental syscall sandbox in the specified mode
         (-sandbox=log-and-abort or -sandbox=abort). Allow only expected
         syscalls to be used by bitcoind. Note that this is an
         experimental new feature that may cause bitcoind to exit or crash
         unexpectedly: use with caution. In the "log-and-abort" mode the
         invocation of an unexpected syscall results in a debug handler
         being invoked which will log the incident and terminate the
         program (without executing the unexpected syscall). In the
         "abort" mode the invocation of an unexpected syscall results in
         the entire process being killed immediately by the kernel without
         executing the unexpected syscall.
  ```

  The allowed syscalls are defined on a per thread basis.

  I've used this feature since summer 2020 and I find it to be a helpful testing/debugging addition which makes it much easier to reason about the actual capabilities required of each type of thread in Bitcoin Core.

  ---

  Quick start guide:

  ```
  $ ./configure
  $ src/bitcoind -regtest -debug=util -sandbox=log-and-abort
  …
  2021-06-09T12:34:56Z Experimental syscall sandbox enabled (-sandbox=log-and-abort): bitcoind will terminate if an unexpected (not allowlisted) syscall is invoked.
  …
  2021-06-09T12:34:56Z Syscall filter installed for thread "addcon"
  2021-06-09T12:34:56Z Syscall filter installed for thread "dnsseed"
  2021-06-09T12:34:56Z Syscall filter installed for thread "net"
  2021-06-09T12:34:56Z Syscall filter installed for thread "msghand"
  2021-06-09T12:34:56Z Syscall filter installed for thread "opencon"
  2021-06-09T12:34:56Z Syscall filter installed for thread "init"
  …
  # A simulated execve call to show the sandbox in action:
  2021-06-09T12:34:56Z ERROR: The syscall "execve" (syscall number 59) is not allowed by the syscall sandbox in thread "msghand". Please report.
  …
  Aborted (core dumped)
  $
  ```

  ---

  [About seccomp and seccomp-bpf](https://en.wikipedia.org/wiki/Seccomp):

  > In computer security, seccomp (short for secure computing mode) is a facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), and read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
  >
  > […]
  >
  > seccomp-bpf is an extension to seccomp that allows filtering of system calls using a configurable policy implemented using Berkeley Packet Filter rules. It is used by OpenSSH and vsftpd as well as the Google Chrome/Chromium web browsers on Chrome OS and Linux. (In this regard seccomp-bpf achieves similar functionality, but with more flexibility and higher performance, to the older systrace—which seems to be no longer supported for Linux.)

ACKs for top commit:
  laanwj:
    Code review and lightly tested ACK 4747da3a5b

Tree-SHA512: e1c28e323eb4409a46157b7cc0fc29a057ba58d1ee2de268962e2ade28ebd4421b5c2536c64a3af6e9bd3f54016600fec88d016adb49864b63edea51ad838e17
2021-10-04 22:45:43 +02:00
practicalswift
4747da3a5b Add syscall sandboxing (seccomp-bpf) 2021-10-01 13:51:10 +00:00
Amiti Uttarwar
dd8f7f2500 scripted-diff: Rename CAddrMan to AddrMan
-BEGIN VERIFY SCRIPT-
git grep -l CAddrMan src/ test/ | xargs sed -i 's/CAddrMan/AddrMan/g'
-END VERIFY SCRIPT-
2021-09-28 22:21:10 -04:00
Amiti Uttarwar
7cba9d5618 [net, addrman] Remove external dependencies on CAddrInfo objects
CAddrInfo objects are an implementation detail of how AddrMan manages and adds
metadata to different records. Encapsulate this logic by updating Select &
SelectTriedCollision to return the additional info that the callers need.
2021-09-28 19:02:34 -04:00
John Newbery
0220b834b1 [test] Add testing for outbound feeler connections
Extend the addconnection RPC method to allow creating outbound
feeler connections. Extend the test framework to accept those
feeler connections.
2021-09-22 16:12:14 +01:00
merge-script
e69cbac628
Merge bitcoin/bitcoin#22896: refactor: net: avoid duplicate map lookups to mapLocalHost
330d3aa1a2 refactor: net: avoid duplicate map lookups to `mapLocalHost` (Sebastian Falbesoner)

Pull request description:

  This simple refactoring PR aims to avoid duplicate lookups to `mapLocalHost`: instead of calling `count()` (to first find out whether a key is in the map) and then `operator[]` (to get the value to the passed key, or default-construct one if not found), use either
  * `find()` and dereference the returned iterator (for simple lookups), see https://www.cplusplus.com/reference/map/map/find/
  * `emplace()` and use the returned <iterator, inserted> pair (for lookups where a new element should be inserted if the key isn't found), see https://www.cplusplus.com/reference/map/map/emplace/

ACKs for top commit:
  naumenkogs:
    ACK 330d3aa1a2
  jonatack:
    Code review ACK 330d3aa1a2 plus rebase to master + debug build

Tree-SHA512: d13da6a927ff561eee8ac6b093bf3586dfe31d6c94173a5a6d8f3698e0ee224fb394d3635155d5141c165da59d2c2c37260122eb4f2e8bcda3e8a29b901d213e
2021-09-17 14:25:10 +02:00
Sebastian Falbesoner
330d3aa1a2 refactor: net: avoid duplicate map lookups to mapLocalHost 2021-09-14 18:24:58 +02:00
fanquake
5446070418
Merge bitcoin/bitcoin#22911: [net] Minor cleanups to asmap
853c4edb70 [net] Remove asmap argument from CNode::CopyStats() (John Newbery)
9fd5618610 [asmap] Make DecodeAsmap() a utility function (John Newbery)
bfdf4ef334 [asmap] Remove SanityCheckASMap() from netaddress (John Newbery)
07a9eccb60 [net] Remove CConnman::Options.m_asmap (John Newbery)

Pull request description:

  These small cleanups to the asmap code are the first 4 commits from #22910. They're minor improvements that are independently useful whether or not 22910 is merged.

ACKs for top commit:
  naumenkogs:
    ACK 853c4edb70
  theStack:
    Concept and code-review ACK 853c4edb70 🗺️
  fanquake:
    ACK 853c4edb70

Tree-SHA512: 64783743182592ac165df6ff8d18870b63861e9204ed722c207fca6938687aac43232a5ac4d8228cf8b92130ab0349de1b410a2467bb5a9d60dd9a7221b3b85b
2021-09-10 14:04:16 +08:00
John Newbery
853c4edb70 [net] Remove asmap argument from CNode::CopyStats()
This saves passing around a reference to the asmap std::vector<bool>.
2021-09-07 15:24:14 +01:00
MarcoFalke
fade9a1a4d
Remove confusing CAddrDB
The class only stores the file path, reading it from a global. Globals
are confusing and make testing harder.

The method reading from a stream does not even use any class members, so
putting it in a class is also confusing.
2021-09-07 11:05:16 +02:00
MarcoFalke
fa7f77b7d1
Fix addrdb includes 2021-09-07 10:44:48 +02:00
MarcoFalke
fa3f5d0dae
Move addrman includes from .h to .cpp
This is a follow-up to the code move in commit a820e79512
2021-09-07 10:44:43 +02:00
MarcoFalke
a8fdfea77b
Merge bitcoin/bitcoin#22791: init: Fix asmap/addrman initialization order bug
724c497562 [fuzz] Add ConsumeAsmap() function (John Newbery)
5840476714 [addrman] Make m_asmap private (John Newbery)
f9002cb5db [net] Rename the copyStats arg from m_asmap to asmap (John Newbery)
f572f2b204 [addrman] Set m_asmap in CAddrMan initializer list (John Newbery)
593247872d [net] Remove CConnMan::SetAsmap() (John Newbery)
50fd77045e [init] Read/decode asmap before constructing addrman (John Newbery)

Pull request description:

  Commit 181a1207 introduced an initialization order bug: CAddrMan's m_asmap must be set before deserializing peers.dat.

  The first commit restores the correct initialization order. The remaining commits make `CAddrMan::m_asmap` usage safer:

  - don't reach into `CAddrMan`'s internal data from `CConnMan`
  - set `m_asmap` in the initializer list and make it const
  - make `m_asmap` private, and access it (as a reference to const) from a getter.

  This ensures that peers.dat deserialization must happen after setting m_asmap, since m_asmap is set during CAddrMan construction.

ACKs for top commit:
  mzumsande:
    Tested ACK 724c497562
  amitiuttarwar:
    code review but utACK 724c497562
  naumenkogs:
    utACK 724c497562
  vasild:
    ACK 724c497562
  MarcoFalke:
    review ACK 724c497562 👫

Tree-SHA512: 684a4cf9e3d4496c9997fb2bc4ec874809987055c157ec3fad1d2143b8223df52b5a0af787d028930b27388c8efeba0aeb2446cb35c337a5552ae76112ade726
2021-09-06 12:41:36 +02:00
Russell Yanofsky
93b9800fec scripted-diff: Rename overloaded int GetArg to GetIntArg
Improve readability of code, simplify future scripted diff cleanup PRs, and be
more consistent with naming for GetBoolArg.

This will also be useful for replacing runtime settings type checking
with compile time checking.

-BEGIN VERIFY SCRIPT-
git grep -l GetArg | xargs sed -i 's/GetArg(\([^)]*\( [0-9]\+\|-1\|port\|BaseParams().RPCPort()\|Params().GetDefaultPort()\|_TIMEOUT\|Height\|_WORKQUEUE\|_THREADS\|_CONNECTIONS\|LIMIT\|SigOp\|Bytes\|_VERSION\|_AGE\|_CHECKS\|Checks() ? 1 : 0\|_BANTIME\|Cache\|BLOCKS\|LEVEL\|Weight\|Version\|BUFFER\|TARGET\|WEIGHT\|TXN\|TRANSACTIONS\|ADJUSTMENT\|i64\|Size\|nDefault\|_EXPIRY\|HEIGHT\|SIZE\|SNDHWM\|_TIME_MS\)\))/GetIntArg(\1)/g'
-END VERIFY SCRIPT-

Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
2021-09-27 06:57:20 -04:00
John Newbery
5840476714 [addrman] Make m_asmap private
Add a GetAsmap() getter function that returns a reference to const.
2021-08-27 11:01:43 +01:00
John Newbery
f9002cb5db [net] Rename the copyStats arg from m_asmap to asmap
The m_ prefix indicates that a variable is a data member. Using it as
a parameter name is misleading.

Also update the name of the function from copyStats to CopyStats to
comply with our style guide.
2021-08-27 10:55:44 +01:00
MarcoFalke
fa9eade142
Remove GetAddrName
https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines.html#c131-avoid-trivial-getters-and-setters
2021-08-26 10:44:26 +02:00
MarcoFalke
fa786570a5
Remove unused RecursiveMutex cs_addrName 2021-08-26 10:27:52 +02:00
MarcoFalke
fa82f4ea96
Remove unused MaybeSetAddrName
This logic is a no-op since it was introduced in commit
f9f5cfc506.

m_addr_name is never initialized to the empty string, because
ToStringIPPort never returns an empty string.
2021-08-24 19:19:19 +02:00
Troy Giorshev
f3e451bebf [net] Replace GetID() with id in TransportDeserializer constructor 2021-08-19 18:20:14 +01:00
Troy Giorshev
8c96008ab1 [net] Don't return an optional from TransportDeserializer::GetMessage()
Also, access mapRecvBytesPerMsgCmd with `at()` not `find()`. This
throws an error if COMMAND_OTHER doesn't exist, which should never
happen. `find()` instead just accessed the last element, which could make
debugging more difficult.

Resolves review comments from PR19107:

- https://github.com/bitcoin/bitcoin/pull/19107#discussion_r478718436
- https://github.com/bitcoin/bitcoin/pull/19107#discussion_r478714497
2021-08-19 18:20:12 +01:00
John Newbery
181a1207ba [addrman] Move peers.dat parsing to init.cpp 2021-08-18 14:00:52 +01:00
fanquake
d8ba6327b2
scripted-diff: replace clientInterface with m_client_interface in net
-BEGIN VERIFY SCRIPT-

sed -i -e "s/clientInterface/m_client_interface/g" src/net.cpp src/net.h

-END VERIFY SCRIPT-
2021-08-18 13:54:43 +08:00
fanquake
f68c6cebe6
net: use clientInterface rather than uiInterface 2021-08-18 13:54:09 +08:00
0xb10c
4224dec22b
tracing: Tracepoints for in- and outbound P2P msgs
Can be used to monitor in- and outbound node traffic.

Based on ealier work by jb55.

Co-authored-by: William Casarin <jb55@jb55.com>
2021-07-27 17:12:16 +02:00
fanquake
e4487fd5bb
Merge bitcoin/bitcoin#22096: p2p: AddrFetch - don't disconnect on self-announcements
5730a43703 test: Add functional test for AddrFetch connections (Martin Zumsande)
c34ad3309f net, rpc: Enable AddrFetch connections for functional testing (Martin Zumsande)
533500d907 p2p: Add timeout for AddrFetch peers (Martin Zumsande)
b6c5d1e450 p2p: AddrFetch - don't disconnect on self-announcements (Martin Zumsande)

Pull request description:

  AddrFetch connections (old name: oneshots) are intended to be short-lived connections on which we ask a peer for addresses via `getaddr` and disconnect after receiving them.

  This is done by disconnecting after receiving the first `addr`. However, it is no longer working as intended, because nowadays, the first `addr` a typical bitcoin core node sends is its self-announcement.
  So we'll disconnect before the peer gets a chance to answer our `getaddr`.

  I checked that this affects both `-seednode` peers specified manually, and DNS seeds when AddrFetch is used as a fallback if DNS doesn't work for us.

  The current behavior of getting peers via AddrFetch when starting with an empty addrman would be to connect to the peer, receive its self-announcement and add it to addrman, disconnect, reconnect to the same peer again as a full outbound (no other addresses in addrman) and then receive more `addr`. This is silly and not in line with AddrFetch peer being intended to be short-lived peers. 

  Fix this by only disconnecting after receiving an `addr` message of size > 1.

  [Edit] As per review discussion, this PR now also adds a timeout after which we disconnect if we haven't received any suitable `addr`, and a functional test.

ACKs for top commit:
  amitiuttarwar:
    reACK 5730a43703
  naumenkogs:
    ACK 5730a43703
  jnewbery:
    ACK 5730a43703

Tree-SHA512: 8a81234f37e827705138eb254223f7f3b3bf44a06cb02126fc7990b0d231b9bd8f07d38d185cc30d55bf35548a6fdc286b69602498d875b937e7c58332158bf9
2021-07-20 20:27:21 +08:00
W. J. van der Laan
21998bc028
Merge bitcoin/bitcoin#22284: p2p, refactor: performance improvements to ProtectEvictionCandidatesByRatio()
b1d905c225 p2p: earlier continuation when no remaining eviction candidates (Vasil Dimov)
c9e8d8f9b1 p2p: process more candidates per protection iteration (Jon Atack)
02e411ec45 p2p: iterate eviction protection only on networks having candidates (Jon Atack)
5adb064574 bench: add peer eviction protection benchmarks (Jon Atack)
566357f8f7 refactor: move GetRandomNodeEvictionCandidates() to test utilities (Jon Atack)

Pull request description:

  This follow-up to #21261 improves `ProtectEvictionCandidatesByRatio()` for better performance.

  Benchmarks are added; the performance improvement is between 2x and 5x for the benchmarked cases (CPU 2.50GHz, Turbo off, performance mode, Debian Clang 11 non-debug build).

  ```
  $ ./src/bench/bench_bitcoin -filter="EvictionProtection*.*"
  ```

  The refactored code is well-covered by existing unit tests and also a fuzzer.

  - `$ ./src/test/test_bitcoin -t net_peer_eviction_tests`
  - `$ FUZZ=node_eviction ./src/test/fuzz/fuzz ../qa-assets/fuzz_seed_corpus/node_eviction`

ACKs for top commit:
  klementtan:
    Tested and code review ACK b1d905c2.
  vasild:
    ACK b1d905c225
  jarolrod:
    ACK b1d905c225

Tree-SHA512: a3a6607b9ea2fec138da9780c03f63e177b6712091c5a3ddc3804b896a7585216446310280791f5e20cc023d02d2f03a4139237e12b5c1d7f2a1fa1011610e96
2021-07-15 14:49:45 +02:00
W. J. van der Laan
d8f1e1327f
Merge bitcoin/bitcoin#22112: Force port 0 in I2P
4101ec9d2e doc: mention that we enforce port=0 in I2P (Vasil Dimov)
e0a2b390c1 addrman: reset I2P ports to 0 when loading from disk (Vasil Dimov)
41cda9d075 test: ensure I2P ports are handled as expected (Vasil Dimov)
4f432bd738 net: do not connect to I2P hosts on port!=0 (Vasil Dimov)
1f096f091e net: distinguish default port per network (Vasil Dimov)
aeac3bce3e net: change I2P seeds' ports to 0 (Vasil Dimov)
38f900290c net: change assumed I2P port to 0 (Vasil Dimov)

Pull request description:

  _This is an alternative to https://github.com/bitcoin/bitcoin/pull/21514, inspired by https://github.com/bitcoin/bitcoin/pull/21514#issuecomment-815049933. They are mutually exclusive. Just one of them should be merged._

  Change assumed ports for I2P to 0 (instead of the default 8333) as this is closer to what actually happens underneath with SAM 3.1 (https://github.com/bitcoin/bitcoin/pull/21514#issuecomment-812632520, https://github.com/bitcoin/bitcoin/pull/21514#issuecomment-816564719).

  Don't connect to I2P peers with advertised port != 0 (we don't specify a port to our SAM 3.1 proxy and it always connects to port = 0).

  Note, this change:
  * Keeps I2P addresses with port != 0 in addrman and relays them to others via P2P gossip. There may be non-bitcoin-core-22.0 peers using SAM 3.2 and for them such addresses may be useful.
  * Silently refuses to connect to I2P hosts with port != 0. This is ok for automatically chosen peers from addrman. Not so ok for peers provided via `-addnode` or `-connect` - a user who specifies `foo.b32.i2p:1234` (non zero port) may wonder why "nothing is happening".

  Fixes #21389

ACKs for top commit:
  laanwj:
    Code review ACK 4101ec9d2e
  jonatack:
    re-ACK 4101ec9d2e per `git range-diff efff9c3 0b0ee03 4101ec9`, built with DDEBUG_ADDRMAN, did fairly extensive testing on mainnet both with and without a peers.dat / -dnsseeds=0 to test boostrapping.

Tree-SHA512: 0e3c019e1dc05e54f559275859d3450e0c735596d179e30b66811aad9d5b5fabe3dcc44571e8f7b99f9fe16453eee393d6e153454dd873b9ff14907d4e6354fe
2021-07-13 14:52:41 +02:00
W. J. van der Laan
842e2a9c54
Merge bitcoin/bitcoin#20234: net: don't bind on 0.0.0.0 if binds are restricted to Tor
2feec3ce31 net: don't bind on 0.0.0.0 if binds are restricted to Tor (Vasil Dimov)

Pull request description:

  The semantic of `-bind` is to restrict the binding only to some address.
  If not specified, then the user does not care and we bind to `0.0.0.0`.
  If specified then we should honor the restriction and bind only to the
  specified address.

  Before this change, if no `-bind` is given then we would bind to
  `0.0.0.0:8333` and to `127.0.0.1:8334` (incoming Tor) which is ok -
  the user does not care to restrict the binding.

  However, if only `-bind=addr:port=onion` is given (without ordinary
  `-bind=`) then we would bind to `addr:port` _and_ to `0.0.0.0:8333` in
  addition.

  Change the above to not do the additional bind: if only
  `-bind=addr:port=onion` is given (without ordinary `-bind=`) then bind
  to `addr:port` (only) and consider incoming connections to that as Tor
  and do not advertise it. I.e. a Tor-only node.

ACKs for top commit:
  laanwj:
    Code review ACK 2feec3ce31
  jonatack:
    utACK 2feec3ce31 per `git diff a004833 2feec3c`
  hebasto:
    ACK 2feec3ce31, tested on Linux Mint 20.1 (x86_64):

Tree-SHA512: a04483af601706da928958b92dc560f9cfcc78ab0bb9d74414636eed1c6f29ed538ce1fb5a17d41ed82c9c9a45ca94899d0966e7ef93da809c9bcdcdb1d1f040
2021-07-12 10:08:22 +02:00
Martin Zumsande
c34ad3309f net, rpc: Enable AddrFetch connections for functional testing
Co-authored-by: Amiti Uttarwar <amiti@uttarwar.org>
2021-07-12 02:16:45 +02:00
Vasil Dimov
1f096f091e
net: distinguish default port per network
Change `CChainParams::GetDefaultPort()` to return 0 if the network is
I2P.
2021-07-09 11:19:36 +02:00
Vasil Dimov
b1d905c225
p2p: earlier continuation when no remaining eviction candidates
in ProtectEvictionCandidatesByRatio().

With this change, `if (n.count == 0) continue;` will be true
if a network had candidates protected in the first iterations
and has no candidates remaining to be protected in later iterations.

Co-authored-by: Jon Atack <jon@atack.com>
2021-07-08 12:28:40 +02:00
Jon Atack
c9e8d8f9b1
p2p: process more candidates per protection iteration
for the usual case when some of the protected networks
don't have eviction candidates, to reduce the number
of iterations in ProtectEvictionCandidatesByRatio().

Picks up an idea in ef411cd2 that I had dropped.
2021-07-08 12:28:38 +02:00
Jon Atack
02e411ec45
p2p: iterate eviction protection only on networks having candidates
in ProtectEvictionCandidatesByRatio().

Thank you to Vasil Dimov, whose suggestions during a post-merge
discussion about PR 21261 reminded me that I had done this in
earlier versions of the PR, e.g. commits like ef411cd2.

Co-authored-by: Vasil Dimov <vd@FreeBSD.org>
2021-07-08 12:28:35 +02:00
Vasil Dimov
2feec3ce31
net: don't bind on 0.0.0.0 if binds are restricted to Tor
The semantic of `-bind` is to restrict the binding only to some address.
If not specified, then the user does not care and we bind to `0.0.0.0`.
If specified then we should honor the restriction and bind only to the
specified address.

Before this change, if no `-bind` is given then we would bind to
`0.0.0.0:8333` and to `127.0.0.1:8334` (incoming Tor) which is ok -
the user does not care to restrict the binding.

However, if only `-bind=addr:port=onion` is given (without ordinary
`-bind=`) then we would bind to `addr:port` _and_ to `0.0.0.0:8333` in
addition.

Change the above to not do the additional bind: if only
`-bind=addr:port=onion` is given (without ordinary `-bind=`) then bind
to `addr:port` (only) and consider incoming connections to that as Tor
and do not advertise it. I.e. a Tor-only node.
2021-07-07 15:46:38 +02:00
fanquake
6bc1eca01b
Merge bitcoin/bitcoin#22144: Randomize message processing peer order
79c02c88b3 Randomize message processing peer order (Pieter Wuille)

Pull request description:

  Right now, the message handling loop iterates the list of nodes always in the same order: the order they were connected in (see the `vNodes` vector). For some parts of the net processing logic, this order matters. Transaction requests are assigned explicitly to peers since #19988, but many other parts of processing work on a "first-served-by-loop-first" basis, such as block downloading. If peers can predict this ordering, it may be exploited to cause delays.

  As there isn't anything particularly optimal about the current ordering, just make it unpredictable by randomizing.

  Reported by Crypt-iQ.

ACKs for top commit:
  jnewbery:
    ACK 79c02c88b3
  Crypt-iQ:
    ACK 79c02c88b3
  sdaftuar:
    utACK 79c02c88b3
  achow101:
    Code Review ACK 79c02c88b3
  jamesob:
    crACK 79c02c88b3
  jonatack:
    ACK 79c02c88b3
  vasild:
    ACK 79c02c88b3
  theStack:
    ACK 79c02c88b3

Tree-SHA512: 9a87c4dcad47c2d61b76c4f37f59674876b78f33f45943089bf159902a23e12de7a5feae1a73b17cbc3f2e37c980ecf0f7fd86af9e6fa3a68099537a3c82c106
2021-06-16 11:27:16 +08:00
Jon Atack
ce02dd1ef1
p2p: extend inbound eviction protection by network to I2P peers
This commit extends our inbound eviction protection to I2P peers to
favorise the diversity of peer connections, as peers connected
through the I2P network are otherwise disadvantaged by our eviction
criteria for their higher latency (higher min ping times) relative
to IPv4 and IPv6 peers, as well as relative to Tor onion peers.

The `networks` array is order-dependent in the case of a tie in
candidate counts between networks (earlier array members receive
priority in the case of a tie).

Therefore, we place I2P candidates before localhost and onion ones
in terms of opportunity to recover unused remaining protected slots
from the previous iteration, guesstimating that most nodes allowing
both onion and I2P inbounds will have more onion peers, followed by
localhost, then I2P, as I2P support is only being added in the
upcoming v22.0 release.
2021-06-14 14:01:35 +02:00
Jon Atack
045cb40192
p2p: remove unused m_is_onion member from NodeEvictionCandidate struct 2021-06-14 13:58:05 +02:00
Jon Atack
310fab4928
p2p: remove unused CompareLocalHostTimeConnected() 2021-06-14 13:58:03 +02:00
Jon Atack
9e889e8a5c
p2p: remove unused CompareOnionTimeConnected() 2021-06-14 13:58:01 +02:00
Jon Atack
1e15acf478
p2p: make ProtectEvictionCandidatesByRatio() fully ratio-based
with a more abstract framework to allow easily extending inbound
eviction protection to peers connected through new higher-latency
networks that are disadvantaged by our inbound eviction criteria,
such as I2P and perhaps other BIP155 networks in the future like
CJDNS.  This is a change in behavior.

The algorithm is a basically a multi-pass knapsack:

- Count the number of eviction candidates in each of the disadvantaged
  privacy networks.

- Sort the networks from lower to higher candidate counts, so that
  a network with fewer candidates will have the first opportunity
  for any unused slots remaining from the previous iteration.  In
  the case of a tie in candidate counts, priority is given by array
  member order from first to last, guesstimated to favor more unusual
  networks.

- Iterate through the networks in this order.  On each iteration,
  allocate each network an equal number of protected slots targeting
  a total number of candidates to protect, provided any slots remain
  in the knapsack.

- Protect the candidates in that network having the longest uptime,
  if any in that network are present.

- Continue iterating as long as we have non-allocated slots
  remaining and candidates available to protect.

Localhost peers are treated as a network like Tor or I2P by aliasing
them to an unused Network enumerator: Network::NET_MAX.

The goal is to favorise diversity of our inbound connections.

Credit to Vasil Dimov for improving the algorithm from single-pass
to multi-pass to better allocate unused protection slots.

Co-authored-by: Vasil Dimov <vd@FreeBSD.org>
2021-06-14 13:57:49 +02:00
Jon Atack
38a81a8e20
p2p: add CompareNodeNetworkTime() comparator struct
to compare and sort peer eviction candidates by the
passed-in is_local (localhost status) and network
arguments, and by longest uptime.
2021-06-13 20:15:49 +02:00
Jon Atack
4ee7aec47e
p2p: add m_network to NodeEvictionCandidate struct 2021-06-13 20:15:47 +02:00
Jon Atack
7321e6f2fe
p2p, refactor: rename vEvictionCandidates to eviction_candidates
in ProtectEvictionCandidatesByRatio()
per current style guide in doc/developer-notes.md
2021-06-13 20:15:45 +02:00
Jon Atack
ec590f1d91
p2p, refactor: improve constness in ProtectEvictionCandidatesByRatio() 2021-06-13 20:15:43 +02:00
Jon Atack
1cde800523
p2p, refactor: rm redundant erase_size calculation in SelectNodeToEvict()
as EraseLastKElements() called in the next line performs the same operation.
Thanks to Martin Zumsande (lightlike) for seeing this while reviewing.

Co-authored-by: Martin Zumsande <mzumsande@gmail.com>
2021-06-11 12:26:59 +02:00
Pieter Wuille
79c02c88b3 Randomize message processing peer order 2021-06-02 13:55:14 -07:00
MarcoFalke
5cf92c32d1
Merge bitcoin/bitcoin#21969: refactor: Switch serialize to uint8_t (Bundle 1/2)
ffff0d0442 refactor: Switch serialize to uint8_t (1/n) (MarcoFalke)

Pull request description:

  Replace `char` -> `uint8_t` in serialization where a sign doesn't make sense (char might be signed/unsigned).

ACKs for top commit:
  practicalswift:
    cr ACK ffff0d0442: patch looks correct and commit hash is ffffresh (was bbbbadass)
  kristapsk:
    ACK ffff0d0442

Tree-SHA512: cda682280c21d37cc3a6abd62569732079b31d18df3f157aa28bed80bd6f9f29a7db5c133b1f57b3a8f8d5ba181a76e473763c6e26a2df6d9244813f56f893ee
2021-06-01 09:01:29 +02:00
MarcoFalke
ffff0d0442
refactor: Switch serialize to uint8_t (1/n) 2021-05-31 14:56:17 +02:00
fanquake
feb72e5432
scripted-diff: rename GetSystemTimeInSeconds to GetTimeSeconds
-BEGIN VERIFY SCRIPT-
sed -i -e 's/GetSystemTimeInSeconds/GetTimeSeconds/g' $(git grep -l GetSystemTimeInSeconds src)
-END VERIFY SCRIPT-
2021-05-31 15:11:18 +08:00
fanquake
2968417948
Merge bitcoin/bitcoin#22013: net: ignore block-relay-only peers when skipping DNS seed
fe3d17df04 net: ignore block-relay-only peers when skipping DNS seed (Anthony Towns)

Pull request description:

  Since #17428 bitcoind will attempt to reconnect to two block-relay-only anchors before doing any other outbound connections. When determining whether to use DNS seeds, it will currently see these two peers and decide "we're connected to the p2p network, so no need to lookup DNS" -- but block-relay-only peers don't do address relay, so if your address book is full of invalid addresses (apart from your anchors) this behaviour will prevent you from recovering from that situation.

  This patch changes it so that it only skips use of DNS seeds when there are two full-outbound peers, not just block-relay-only peers.

ACKs for top commit:
  Sjors:
    utACK fe3d17d
  amitiuttarwar:
    ACK fe3d17df04, this impacts the very common case where we stop/start a node, persisting anchors & have a non-empty addrman (although, to be clear, wouldn't be particularly problematic in the common cases where the addrman has valid addresses)
  mzumsande:
    ACK fe3d17df04
  jonatack:
    ACK fe3d17df04
  prayank23:
    tACK fe3d17df04

Tree-SHA512: 9814b0d84321d7f45b5013eb40c420a0dd93bf9430f5ef12dce50d1912a18d5de2070d890a8c6fe737a3329b31059b823bc660b432d5ba21f02881dc1d951e94
2021-05-24 20:42:08 +08:00
fanquake
d3fa42c795
Merge bitcoin/bitcoin#21186: net/net processing: Move addr data into net_processing
0829516d1f [refactor] Remove unused ForEachNodeThen() template (John Newbery)
09cc66c00e scripted-diff: rename address relay fields (John Newbery)
76568a3351 [net processing] Move addr relay data and logic into net processing (John Newbery)
caba7ae8a5 [net processing] Make RelayAddress() a member function of PeerManagerImpl (John Newbery)
86acc96469 [net processing] Take NodeId instead of CNode* as originator for RelayAddress() (John Newbery)

Pull request description:

  This continues the work of moving application layer data into net_processing, by moving all addr data into the new Peer object added in #19607.

  For motivation, see #19398.

ACKs for top commit:
  laanwj:
    Code review ACK 0829516d1f
  mzumsande:
    ACK 0829516d1f, reviewed the code and ran tests.
  sipa:
    utACK 0829516d1f
  hebasto:
    re-ACK 0829516d1f

Tree-SHA512: efe0410fac288637f203eb37d1999910791e345872d37e1bd5cde50e25bb3cb1c369ab86b3a166ffd5e06ee72e4508aa2c46d658be6a54e20b4f220d2f57d0a6
2021-05-24 20:28:31 +08:00
Kiminuo
4c3a5dcbfc scripted-diff: Replace GetDataDir() calls with gArgs.GetDataDirNet() calls
-BEGIN VERIFY SCRIPT-
git ls-files -- 'src' ':(exclude)src/util/system.h' ':(exclude)src/util/system.cpp' | xargs sed -i 's/GetDataDir()/gArgs.GetDataDirNet()/g';
-END VERIFY SCRIPT-
2021-05-24 10:29:58 +02:00
Anthony Towns
fe3d17df04 net: ignore block-relay-only peers when skipping DNS seed 2021-05-21 13:03:00 +10:00
Jon Atack
80ba294854
p2p: allow CConnman::GetAddresses() by network, add doxygen 2021-05-19 13:05:54 +02:00
Jon Atack
a49f3ddbba
p2p: allow CAddrMan::GetAddr() by network, add doxygen 2021-05-19 13:04:11 +02:00
W. J. van der Laan
4da26fb85d
Merge bitcoin/bitcoin#21506: p2p, refactor: make NetPermissionFlags an enum class
7075f604e8 scripted-diff: update noban documentation in net_processing.cpp (Jon Atack)
a95540cf43 scripted-diff: rename NetPermissionFlags enumerators (Jon Atack)
810d0929c1 p2p, refactor: make NetPermissionFlags a uint32 enum class (Jon Atack)
7b55a94497 p2p: NetPermissions::HasFlag() pass flags param by value (Jon Atack)
91f6e6e6d1 scripted-diff: add NetPermissionFlags scopes where not already present (Jon Atack)

Pull request description:

  While reviewing #20196, I noticed the `NetPermissionFlags` enums are frequently called as if they were scoped, yet are still global. This patch upgrades `NetPermissionFlags` to a scoped class enum and updates the enumerator naming, similarly to #19771. See https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#enum-enumerations for more info.

  This change would eliminate the class of bugs like https://github.com/bitcoin/bitcoin/pull/20196#discussion_r610770148 and #21644, as only defined operations on the flags would compile.

ACKs for top commit:
  laanwj:
    Code review ACK 7075f604e8
  vasild:
    ACK 7075f604e8

Tree-SHA512: 7fcea66ee499f059efc78c934b5f729b3c8573fe304dee2c27c837c2f662b89324790568246d75b2a574cf9f059b42d3551d928996862f4358055eb43521e6f4
2021-05-19 11:57:24 +02:00
W. J. van der Laan
4741aec1dd
Merge bitcoin/bitcoin#21914: net: use stronger AddLocal() for our I2P address
105941b726 net: use stronger AddLocal() for our I2P address (Vasil Dimov)

Pull request description:

  There are two issues:

  ### 1. Our I2P address not added to local addresses.

  * `externalip=` is used with an IPv4 address (this sets automatically `discover=0`)
  * No `discover=1` is used
  * `i2psam=` is used
  * No `externalip=` is used for our I2P address
  * `listenonion=1 torcontrol=` are used

  In this case `AddLocal(LOCAL_MANUAL)` [is used](94f83534e4/src/torcontrol.cpp (L354)) for our `.onion` address and `AddLocal(LOCAL_BIND)` [for our](94f83534e4/src/net.cpp (L2247)) `.b32.i2p` address, the latter being [ignored](94f83534e4/src/net.cpp (L232-L233)) due to `discover=0`.

  ### 2. Our I2P address removed from local addresses even if specified with `externalip=` on I2P proxy restart.

  * `externalip=` is used with our I2P address (this sets automatically `discover=0`)
  * No `discover=1` is used
  * `i2psam=` is used

  In this case, initially `externalip=` causes our I2P address to be [added](94f83534e4/src/init.cpp (L1266)) with `AddLocal(LOCAL_MANUAL)` which overrides `discover=0` and works as expected. However, if later the I2P proxy is shut down [we do](94f83534e4/src/net.cpp (L2234)) `RemoveLocal()` in order to stop advertising our I2P address (since we have lost I2P connectivity). When the I2P proxy is started and we reconnect to it, restoring the I2P connectivity, [we do](94f83534e4/src/net.cpp (L2247)) `AddLocal(LOCAL_BIND)` which does nothing due to `discover=0`.

  To resolve those two issues, use `AddLocal(LOCAL_MANUAL)` for I2P which is also what we do with Tor.

ACKs for top commit:
  laanwj:
    Code review ACK 105941b726

Tree-SHA512: 0c9daf6116b8d9c34ad7e6e9bbff6e8106e94e4394a815d7ae19287aea22a8c7c4e093c8dd8c58a4a1b1412b2575a9b42b8a93672c8d17f11c24508c534506c7
2021-05-13 15:36:44 +02:00
Jon Atack
a95540cf43
scripted-diff: rename NetPermissionFlags enumerators
- drop redundant PF_ permission flags prefixes
- drop ALL_CAPS naming per https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#Renum-caps
- rename IsImplicit to Implicit

-BEGIN VERIFY SCRIPT-
s() { git grep -l "$1" src | xargs sed -i "s/$1/$2/g"; }

s 'PF_NONE'        'None'
s 'PF_BLOOMFILTER' 'BloomFilter'
s 'PF_RELAY'       'Relay'
s 'PF_FORCERELAY'  'ForceRelay'
s 'PF_DOWNLOAD'    'Download'
s 'PF_NOBAN'       'NoBan'
s 'PF_MEMPOOL'     'Mempool'
s 'PF_ADDR'        'Addr'
s 'PF_ISIMPLICIT'  'Implicit'
s 'PF_ALL'         'All'
-END VERIFY SCRIPT-
2021-05-12 16:13:30 +02:00
Jon Atack
91f6e6e6d1
scripted-diff: add NetPermissionFlags scopes where not already present
-BEGIN VERIFY SCRIPT-
s() { git grep -l "$1" -- 'src' ':!src/net_permissions.h' | xargs sed -i -E "s/([^:])$1/\1NetPermissionFlags::$1/"; }

s 'PF_NONE'
s 'PF_BLOOMFILTER'
s 'PF_RELAY'
s 'PF_FORCERELAY'
s 'PF_DOWNLOAD'
s 'PF_NOBAN'
s 'PF_MEMPOOL'
s 'PF_ADDR'
s 'PF_ISIMPLICIT'
s 'PF_ALL'
-END VERIFY SCRIPT-

Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
2021-05-12 10:50:58 +02:00
MarcoFalke
2e30e328a7
Merge bitcoin/bitcoin#19064: refactor: Cleanup thread ctor calls
792be53d3e refactor: Replace std::bind with lambdas (Hennadii Stepanov)
a508f718f3 refactor: Use appropriate thread constructor (Hennadii Stepanov)
30e4448215 refactor: Make TraceThread a non-template free function (Hennadii Stepanov)

Pull request description:

  This PR does not change behavior.
  Its goal is to improve readability and maintainability of the code.

ACKs for top commit:
  jnewbery:
    utACK 792be53d3e
  jonatack:
    tACK 792be53d3e
  MarcoFalke:
    cr ACK 792be53d3e

Tree-SHA512: a03142f04f370f6bc02bd3ddfa870819b51740fcd028772241d68c84087f95a2d78207cbd5edb3f7c636fcf2d76192d9c59873f8f0af451d3b05c0cf9cf234df
2021-05-12 08:51:32 +02:00
W. J. van der Laan
e175a20769
Merge bitcoin/bitcoin#21644: p2p, bugfix: use NetPermissions::HasFlag() in CConnman::Bind()
36fb036d25 p2p: allow NetPermissions::ClearFlag() only with PF_ISIMPLICIT (Jon Atack)
4e0d5788ba test: add net permissions noban/download unit test coverage (Jon Atack)
dde69f20a0 p2p, bugfix: use NetPermissions::HasFlag() in CConnman::Bind() (Jon Atack)

Pull request description:

  This is a bugfix follow-up to #16248 and #19191 that was noticed in #21506. Both v0.21 and master are affected.

  Since #19191, noban is a multi-flag that implies download, so the conditional in `CConnman::Bind()` using a bitwise AND on noban will return the same result for both the noban status and the download status. This means that download peers are incorrectly not being added to local addresses because they are mistakenly seen as noban peers.

  The second commit adds unit test coverage to illustrate and test the noban/download relationship and the `NetPermissions` operations involving them.

  The final commit adds documentation and disallows calling `NetPermissions::ClearFlag()` with any second param other than `NetPermissionFlags` "implicit" -- per current usage in the codebase -- because `ClearFlag()` should not be called with any second param that is a subflag of a multiflag, e.g. "relay" or "download," as that would leave the result in an invalid state corresponding to none of the existing NetPermissionFlags. Thanks to Vasil Dimov for noticing this.

ACKs for top commit:
  theStack:
    re-ACK 36fb036d25 
  vasild:
    ACK 36fb036d25
  hebasto:
    ACK 36fb036d25, I have reviewed the code and it looks OK, I agree it can be merged.
  kallewoof:
    Code review ACK 36fb036d25

Tree-SHA512: 5fbc7ddbf31d06b35bf238f4d77ef311e6b6ef2e1bb9893f32f889c1a0f65774a3710dcb21d94317fe6166df9334a9f2d42630809e7fe8cbd797dd6f6fc49491
2021-05-11 13:08:45 +02:00
Vasil Dimov
105941b726
net: use stronger AddLocal() for our I2P address
There are two issues:

1. Our I2P address not added to local addresses.

* `externalip=` is used with an IPv4 address (this sets automatically
  `discover=0`)
* No `discover=1` is used
* `i2psam=` is used
* No `externalip=` is used for our I2P address
* `listenonion=1 torcontrol=` are used

In this case `AddLocal(LOCAL_MANUAL)` is used for our `.onion` address
and `AddLocal(LOCAL_BIND)` for our `.b32.i2p` address, the latter being
ignored due to `discover=0`.

2. Our I2P address removed from local addresses even if specified
with `externalip=` on I2P proxy restart.

* `externalip=` is used with our I2P address (this sets automatically
  `discover=0`)
* No `discover=1` is used
* `i2psam=` is used

In this case, initially `externalip=` causes our I2P address to be added
with `AddLocal(LOCAL_MANUAL)` which overrides `discover=0` and works as
expected. However, if later the I2P proxy is shut down we do
`RemoveLocal()` in order to stop advertising our I2P address (since we
have lost I2P connectivity). When the I2P proxy is started and we
reconnect to it, restoring the I2P connectivity, we do
`AddLocal(LOCAL_BIND)` which does nothing due to `discover=0`.

To resolve those two issues, use `AddLocal(LOCAL_MANUAL)` for I2P which
is also what we do with Tor.
2021-05-11 12:46:45 +02:00
W. J. van der Laan
f8176b768a
Merge bitcoin/bitcoin#21836: scripted-diff: Replace three dots with ellipsis in the UI strings
d66f283ac0 scripted-diff: Replace three dots with ellipsis in the UI strings (Hennadii Stepanov)

Pull request description:

  This PR is split from #21463.
  The change was suggested on [Transifex.com](https://www.transifex.com/bitcoin/bitcoin/), and it does not touch `LogPrint` and `LogPrintf` calls.

  The only comment on #21463 [was](9030e4b5a6 (r597220100)):
  > Mind that these messages also end up in the log. In principle the log is already UTF-8 (as are all strings and text in bitcoind). But, just noting, that it might make browsing the log a less pleasant experience on systems with misconfigured locale like some BSDs by default.

ACKs for top commit:
  laanwj:
    ACK d66f283ac0

Tree-SHA512: 5ab1cb3160f3f996f1ad7d7486662da3eb7f06a857f4a1874963ce10caed5b86b0ad6151b1b9ebeb2b8aa5f0c85efad3b768ea9cafe5db86f78f88912b756d1e
2021-05-10 14:02:46 +02:00
W. J. van der Laan
09205b33aa net: Clarify message header validation errors
Make the errors less shouty and more descriptive.
2021-05-07 11:28:21 +02:00
W. J. van der Laan
955eee7680 net: Sanitize message type for logging
- Use `SanitizeString` when logging message errors to make sure that the
message type is sanitized.

- For the `MESSAGESTART` error don't inspect and log header details at
all: receiving invalid start bytes makes it likely that the packet isn't
even formatted as valid P2P message. Logging the four unexpected start
bytes should be enough.

- Update `p2p_invalid_messages.py` test to check this.

Issue reported by gmaxwell.
2021-05-06 17:30:52 +02:00
MarcoFalke
320e518b90
Merge bitcoin/bitcoin#21750: net: remove unnecessary check of CNode::cs_vSend
9096b13a47 net: remove unnecessary check of CNode::cs_vSend (Vasil Dimov)

Pull request description:

  It is not possible to have a node in `CConnman::vNodesDisconnected` and
  its reference count to be incremented - all `CNode::AddRef()` are done
  either before the node is added to `CConnman::vNodes` or while holding
  `CConnman::cs_vNodes` and the object being in `CConnman::vNodes`.

  So, the object being in `CConnman::vNodesDisconnected` and its reference
  count being zero means that it is not and will not start to be used by
  other threads.

  So, the lock of `CNode::cs_vSend` in `CConnman::DisconnectNodes()` will
  always succeed and is not necessary.

  Indeed all locks of `CNode::cs_vSend` are done either when the reference
  count is >0 or under the protection of `CConnman::cs_vNodes` and the
  node being in `CConnman::vNodes`.

ACKs for top commit:
  MarcoFalke:
    review ACK 9096b13a47 🏧
  jnewbery:
    utACK 9096b13a47

Tree-SHA512: 910899cdcdc8934642eb0c40fcece8c3b01b7e20a0b023966b9d6972db6a885cb3a9a04e9562bae14d5833967e45e2ecb3687b94d495060c3da4b1f2afb0ac8f
2021-05-03 08:13:53 +02:00
Hennadii Stepanov
d66f283ac0
scripted-diff: Replace three dots with ellipsis in the UI strings
-BEGIN VERIFY SCRIPT-
sed -i -E -e 's/\.\.\."\)(\.|,|\)| )/…"\)\1/' -- $(git ls-files -- 'src' ':(exclude)src/qt/bitcoinstrings.cpp')
sed -i -e 's/\.\.\.\\"/…\\"/' src/qt/sendcoinsdialog.cpp
sed -i -e 's|\.\.\.</string>|…</string>|' src/qt/forms/*.ui
sed -i -e 's|\.\.\.)</string>|…)</string>|' src/qt/forms/sendcoinsdialog.ui
-END VERIFY SCRIPT-
2021-05-02 22:17:16 +03:00
John Newbery
76568a3351 [net processing] Move addr relay data and logic into net processing 2021-04-30 11:29:14 +01:00
Hennadii Stepanov
792be53d3e
refactor: Replace std::bind with lambdas
Lambdas are shorter and more readable.
Changes are limited to std::thread ctor calls only.
2021-04-29 18:39:31 +03:00
Hennadii Stepanov
30e4448215
refactor: Make TraceThread a non-template free function
Also it is moved into its own module.
2021-04-25 12:28:44 +03:00
MarcoFalke
8f80092d78
Merge bitcoin/bitcoin#21563: net: Restrict period when cs_vNodes mutex is locked
8c8237a4a1 net, refactor: Fix style in CConnman::StopNodes (Hennadii Stepanov)
229ac1892d net: Combine two loops into one, and update comments (Hennadii Stepanov)
a3d090d110 net: Restrict period when cs_vNodes mutex is locked (Hennadii Stepanov)

Pull request description:

  This PR restricts the period when the `cs_vNodes` mutex is locked, prevents the only case when `cs_vNodes` could be locked before the `::cs_main`.

  This change makes the explicit locking of recursive mutexes in the explicit order redundant.

ACKs for top commit:
  jnewbery:
    utACK 8c8237a4a1
  vasild:
    ACK 8c8237a4a1
  ajtowns:
    utACK 8c8237a4a1 - logic seems sound
  MarcoFalke:
    review ACK 8c8237a4a1 👢

Tree-SHA512: a8277924339622b188b12d260a100adf5d82781634cf974320cf6007341f946a7ff40351137c2f5369aed0d318f38aac2d32965c9b619432440d722a4e78bb73
2021-04-25 10:08:57 +02:00
Hennadii Stepanov
8c8237a4a1
net, refactor: Fix style in CConnman::StopNodes 2021-04-22 17:31:06 +03:00
Hennadii Stepanov
229ac1892d
net: Combine two loops into one, and update comments 2021-04-22 17:28:39 +03:00
Hennadii Stepanov
a3d090d110
net: Restrict period when cs_vNodes mutex is locked 2021-04-22 17:28:39 +03:00
Vasil Dimov
9096b13a47
net: remove unnecessary check of CNode::cs_vSend
It is not possible to have a node in `CConnman::vNodesDisconnected` and
its reference count to be incremented - all `CNode::AddRef()` are done
either before the node is added to `CConnman::vNodes` or while holding
`CConnman::cs_vNodes` and the object being in `CConnman::vNodes`.

So, the object being in `CConnman::vNodesDisconnected` and its reference
count being zero means that it is not and will not start to be used by
other threads.

So, the lock of `CNode::cs_vSend` in `CConnman::DisconnectNodes()` will
always succeed and is not necessary.

Indeed all locks of `CNode::cs_vSend` are done either when the reference
count is >0 or under the protection of `CConnman::cs_vNodes` and the
node being in `CConnman::vNodes`.
2021-04-22 11:06:13 +02:00
MarcoFalke
faabeb854a
refactor: Mark member functions const 2021-04-17 20:13:34 +02:00
Jon Atack
dde69f20a0
p2p, bugfix: use NetPermissions::HasFlag() in CConnman::Bind()
PF_NOBAN is a multi-flag that includes PF_DOWNLOAD, so the conditional
in CConnman::Bind() using a bitwise AND will return the same result
for both the "noban" status and the "download" status.

Example:

`PF_DOWNLOAD` is `0b1000000`
`PF_NOBAN`    is `0b1010000`

This makes a check like `flags & PF_NOBAN` return `true` even if `flags`
is equal to `PF_DOWNLOAD`.

If `-whitebind=download@1.1.1.1:8765` is specified, then `1.1.1.1:8765`
should be added to the list of local addresses. We only want to avoid
adding to local addresses (that are advertised) a whitebind that has a
`noban@` flag.

As a result of a mis-check in `CConnman::Bind()` we would not have added
`1.1.1.1:8765` to the local addresses in the example above.

Co-authored-by: Vasil Dimov <vd@FreeBSD.org>
2021-04-14 18:06:30 +02:00
W. J. van der Laan
9be7fe4849
Merge #21560: net: Add Tor v3 hardcoded seeds
b2ee8b207d net: Deserialize hardcoded seeds from BIP155 blob (W. J. van der Laan)
9b29d5df7f contrib: Add explicit port numbers for testnet seeds (W. J. van der Laan)
2a257de113 contrib: Add a few TorV3 seed nodes (W. J. van der Laan)
06030f7a42 contrib: generate-seeds.py generates output in BIP155 format (W. J. van der Laan)

Pull request description:

  Closes #20239 and mitigates my node's problem in #21351.

  - Add a few hardcoded seeds for TorV3
    - As the [bitcoin-seeder](https://github.com/sipa/bitcoin-seeder) doesn't collect TorV3 addresses yet, I have extracted these from my own node using [a script](https://gist.github.com/laanwj/b3d7b01ef61ce07c2eff0a72a6b90183) and added them manually. This is intended to be a temporary stop gap until 22.0's seeds update.

  - Change hardcoded seeds to variable length BIP155 binary format.
    - It is stored as a single serialized blob in a byte array, instead of pseudo-IPv6 address slots. This is more flexible and, assuming most of the list is IPv4, more compact.
    - Only the (networkID, addr, port) subset (CService). Services and time are construed on the fly as before.

  - Change input format for `nodes_*.txt`.
    - Drop legacy `0xAABBCCDD` format for IPv4. It is never generated by `makeseeds.py`.
    - Stop interpreting lack of port as default port, interpret it as 'no port', to accomodate I2P and other port-less protocols (not handled in this PR). An explicit port is always generated by `makeseeds.py` so in practice this makes no difference right now.

  A follow-up to this PR could do the same for I2P.

ACKs for top commit:
  jonatack:
    ACK b2ee8b207d

Tree-SHA512: 11a6b54f9fb0192560f2bd7b218f798f86c1abe01d1bf37f734cb88b91848124beb2de801ca4e6f856e9946aea5dc3ee16b0dbb9863799e42eec1b239d40d59d
2021-04-06 10:47:51 +02:00
W. J. van der Laan
b2ee8b207d net: Deserialize hardcoded seeds from BIP155 blob
Switch from IPv6 slot-based format to more compact and flexible BIP155
format.
2021-04-05 14:00:48 +02:00
John Newbery
5ed535a02f [net] Changes to RunInactivityChecks
- rename to ShouldRunInactivityChecks (https://github.com/bitcoin/bitcoin/pull/20721#discussion_r576394790)
- take optional time now (https://github.com/bitcoin/bitcoin/pull/20721#discussion_r575895661)
- call from within InactivityChecks (https://github.com/bitcoin/bitcoin/pull/20721#discussion_r575894665)
- update comment (https://github.com/bitcoin/bitcoin/pull/20721#discussion_r575894343)
- change ordering of inequality (https://github.com/bitcoin/bitcoin/pull/20721#discussion_r574925129)
2021-04-01 11:35:27 +01:00
fanquake
b14462083f
Merge #21486: build: link against -lsocket if required for *ifaddrs
4783115fd4 net: add ifaddrs.h include (fanquake)
879215e665 build: check if -lsocket is required with *ifaddrs (fanquake)
87deac66aa rand: only try and use freeifaddrs if available (fanquake)

Pull request description:

  Fixes #21485 by linking against `-lsocket` when it's required for using `*ifaddrs` functions.

ACKs for top commit:
  laanwj:
    Code review ACK 4783115fd4
  hebasto:
    ACK 4783115fd4, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: 4542e036e9b029de970eff8a9230fe45d9204bb22313d075f474295d49bdaf1f1cbb36c0c6e2fa8dbbcdba518d8d3a68a6116ce304b82414315f333baf9af0e4
2021-03-31 14:38:06 +08:00
Wladimir J. van der Laan
f9e86d8966
Merge #21387: p2p: Refactor sock to add I2P fuzz and unit tests
40316a37cb test: add I2P test for a runaway SAM proxy (Vasil Dimov)
2d8ac77970 fuzz: add tests for the I2P Session public interface (Vasil Dimov)
9947e44de0 i2p: use pointers to Sock to accommodate mocking (Vasil Dimov)
82d360b5a8 net: change ConnectSocketDirectly() to take a Sock argument (Vasil Dimov)
b5861100f8 net: add connect() and getsockopt() wrappers to Sock (Vasil Dimov)
5a887d49b2 fuzz: avoid FuzzedSock::Recv() repeated errors with EAGAIN (Vasil Dimov)
3088f83d01 fuzz: extend FuzzedSock::Recv() to support MSG_PEEK (Vasil Dimov)
9b05c49ade fuzz: implement unimplemented FuzzedSock methods (Vasil Dimov)

Pull request description:

  Change the networking code and the I2P code to be fully mockable and use `FuzzedSocket` to fuzz the I2P methods `Listen()`, `Accept()` and `Connect()`.

  Add a mocked `Sock` implementation that returns a predefined data on reads and use it for a regression unit test for the bug fixed in https://github.com/bitcoin/bitcoin/pull/21407.

ACKs for top commit:
  practicalswift:
    Tested ACK 40316a37cb
  MarcoFalke:
    Concept ACK 40316a37cb
  jonatack:
    re-ACK 40316a37cb reviewed `git range-diff 01bb3afb 23c861d 40316a3` and the new unit test commit, debug built, ran unit tests, ran bitcoind with an I2P service and network operation with seven I2P peers (2 in, 5 out) is looking nominal
  laanwj:
    Code review ACK 40316a37cb

Tree-SHA512: 7fc4f129849e16e0c7e16662d9f4d35dfcc369bb31450ee369a2b97bdca95285533bee7787983e881e5a3d248f912afb42b4a2299d5860ace7129b0b19623cc8
2021-03-30 17:41:13 +02:00
Wladimir J. van der Laan
dede9eb924
Merge #20197: p2p: protect onions in AttemptToEvictConnection(), add eviction protection test coverage
0cca08a8ee Add unit test coverage for our onion peer eviction protection (Jon Atack)
caa21f586f Protect onion+localhost peers in ProtectEvictionCandidatesByRatio() (Jon Atack)
8f1a53eb02 Use EraseLastKElements() throughout SelectNodeToEvict() (Jon Atack)
8b1e156143 Add m_inbound_onion to AttemptToEvictConnection() (Jon Atack)
72e30e8e03 Add unit tests for ProtectEvictionCandidatesByRatio() (Jon Atack)
ca63b53ecd Use std::unordered_set instead of std::vector in IsEvicted() (Jon Atack)
41f84d5ecc Move peer eviction tests to a separate test file (Jon Atack)
f126cbd6de Extract ProtectEvictionCandidatesByRatio from SelectNodeToEvict (Jon Atack)

Pull request description:

  Now that #19991 and #20210 have been merged, we can determine inbound onion peers using `CNode::m_inbound_onion` and add it to the localhost peers protection in `AttemptToEvictConnection`, which was added in #19670 to address issue #19500.

  Update 28 February 2021: I've updated this to follow gmaxwell's suggestion in https://github.com/bitcoin/bitcoin/pull/20197#issuecomment-713865992.

  This branch now protects up to 1/4 onion peers (connected via our tor control service), if any, sorted by longest uptime. If any (or all) onion slots remain after that operation, they are then allocated to protect localhost peers, or a minimum of 2 localhost peers in the case that no onion slots remain and 2 or more onion peers were protected, sorted as before by longest uptime.

  This patch also adds test coverage for the longest uptime, localhost, and onion peer eviction protection logic to build on the welcome initial unit testing of #20477.

  Suggest reviewing the commits that move code with `colorMoved = dimmed-zebra` and `colorMovedWs = allow-indentation-change`.

  Closes #11537.

ACKs for top commit:
  laanwj:
    Code review ACK 0cca08a8ee
  vasild:
    ACK 0cca08a8ee

Tree-SHA512: 2f5a63f942acaae7882920fc61f0185dcd51da85e5b736df9d1fc72343726dd17da740e02f30fa5dc5eb3b2d8345707aed96031bec143d48a2497a610aa19abd
2021-03-30 16:20:47 +02:00
fanquake
4783115fd4
net: add ifaddrs.h include 2021-03-29 11:09:44 +08:00
John Newbery
3fc06d3d7b [net] remove fUpdateConnectionTime from FinalizeNode
PeerManager can just call directly into CAddrMan::Connected() now.
2021-03-22 10:25:39 +00:00
John Newbery
7c4cc67c0c [net] remove CConnman::AddNewAddresses
It just forwards calls to CAddrMan::Add.
2021-03-20 10:24:40 +00:00
John Newbery
bcd7f30b79 [net] remove CConnman::MarkAddressGood
It just forwards calls to CAddrMan::Good.
2021-03-20 10:24:40 +00:00