Commit graph

22 commits

Author SHA1 Message Date
Olaoluwa Osuntokun
0029905d43 Integrate a valid ECDSA signature cache into btcd
Introduce an ECDSA signature verification into btcd in order to
mitigate a certain DoS attack and as a performance optimization.

The benefits of SigCache are two fold. Firstly, usage of SigCache
mitigates a DoS attack wherein an attacker causes a victim's client to
hang due to worst-case behavior triggered while processing attacker
crafted invalid transactions. A detailed description of the mitigated
DoS attack can be found here: https://bitslog.wordpress.com/2013/01/23/fixed-bitcoin-vulnerability-explanation-why-the-signature-cache-is-a-dos-protection/
Secondly, usage of the SigCache introduces a signature verification
optimization which speeds up the validation of transactions within a
block, if they've already been seen and verified within the mempool.

The server itself manages the sigCache instance. The blockManager and
txMempool respectively now receive pointers to the created sigCache
instance. All read (sig triplet existence) operations on the sigCache
will not block unless a separate goroutine is adding an entry (writing)
to the sigCache. GetBlockTemplate generation now also utilizes the
sigCache in order to avoid unnecessarily double checking signatures
when generating a template after previously accepting a txn to the
mempool. Consequently, the CPU miner now also employs the same
optimization.

The maximum number of entries for the sigCache has been introduced as a
config parameter in order to allow users to configure the amount of
memory consumed by this new additional caching.
2015-10-08 17:31:42 -07:00
David Hill
c9ee3d9c5e wire: Implement SFNodeBloom (BIP0111).
SFNodeBloom is a new service flag that a node is required to use to
indicate that it supports bloom filtering.  This includes a protocol
version bump to 70011 and a wire version bump to 0.3.0.

btcd:
The SFNodeBloom flag is set by default.  A new configuration option
--nopeerbloomfilters has been added to to disable bloom filtering.

Any node advertising a version greater than or equal to 70011 that
attempts to use bloom filtering will be disconnected if bloom
filtering is disabled.

This mimics Bitcoin Core commit afb0ccaf9c9e4e8fac7db3564c4e19c9218c6b03
2015-09-28 16:25:44 -04:00
David Hill
e13b4febec Document limitfreerelay and norelaypriority options. 2015-07-13 12:52:17 -04:00
David Hill
007bee5ec8 Add new option --torisolation
Tor stream isolation randomizes proxy user credentials resulting in
Tor creating a new circuit for each connection.  This makes it more
difficult to correlate connections.

Idea from Wladimir J. van der Laan via Bitcoin Core.
2015-05-13 18:30:48 -04:00
David Hill
5f8dbab47a Add new option -maxorphantx
The option -maxorphantx allows the user to specify the number of
orphan transactions to keep in memory.

Also, lower the default max orphan count from 10000 to 1000.
2015-05-12 17:22:13 -04:00
Dave Collins
6e402deb35 Relicense to the btcsuite developers.
This commit relicenses all code in this repository to the btcsuite
developers.
2015-05-01 12:00:56 -05:00
Alex Akselrod
4a1445a032 Create limited RPC user.
The limited user is specified with the --rpclimituser and
--rpclimitpass options (or the equivalent in the config file).
The config struct and loadConfig() are updated to take the
new options into account. The limited user can have neither
the same username nor the same password as the admin user.

The package-level rpcLimit map in rpcserver.go specifies
the RPC commands accessible by limited users. This map
includes both HTTP/S and websocket commands.

The checkAuth function gets a new return parameter to
signify whether the user is authorized to change server
state. The result is passed to the jsonRPCRead function and
to the WebsocketHandler function in rpcwebsocket.go.

The wsClient struct is updated with an "isAdmin" field
signifying that the client is authorized to change server
state, written by WebsocketHandler and handleMessage.
The handleMessage function also checks the field to
allow or disallow an RPC call.

The following documentation files are updated:
- doc.go
- sample-btcd.conf
- docs/README.md
- docs/json_rpc_api.md
- docs/configure_rpc_server_listen_interfaces.md
2015-04-13 14:14:52 -04:00
Olaoluwa Osuntokun
ecdffda748 Add support for an optional address-based transaction index.
* Address index is built up concurrently with the `--addrindex` flag.
* Entire index can be deleted with `--dropaddrindex`.
* New RPC call: `searchrawtransaction`
  * Returns all transacitons related to a particular address
  * Includes mempool transactions
  * Requires `--addrindex` to be activated and fully caught up.
* New `blockLogger` struct has been added to factor our common logging
  code
* Wiki and docs updated with new features.
2015-02-05 14:48:19 -08:00
Dave Collins
04d47de262 Allow disabling RPC server TLS for localhost only.
This commit introduces a new flag, --notls, which can be used to disable
TLS for the RPC server.  However, the flag can only be used when the RPC
server is bound to localhost interfaces.  This is intended to prevent the
situation where someone decides they want to expose the RPC server to the
web for remote management/access, but forgot they have TLS disabled.
2015-01-02 11:17:23 -06:00
Dave Collins
e25b644d3b Implement a built-in concurrent CPU miner.
This commit implements a built-in concurrent CPU miner that can be enabled
with the combination of the --generate and --miningaddr options.  The
--blockminsize, --blockmaxsize, and --blockprioritysize configuration
options wich already existed prior to this commit control the block
template generation and hence affect blocks mined via the new CPU miner.

The following is a quick overview of the changes and design:

- Starting btcd with --generate and no addresses specified via
  --miningaddr will give an error and exit immediately
- Makes use of multiple worker goroutines which independently create block
  templates, solve them, and submit the solved blocks
- The default number of worker threads are based on the number of
  processor cores in the system and can be dynamically changed at
  run-time
- There is a separate speed monitor goroutine used to collate periodic
  updates from the workers to calculate overall hashing speed
- The current mining state, number of workers, and hashes per second can
  be queried
- Updated sample-btcd.conf file has been updated to include the coin
  generation (mining) settings
- Updated doc.go for the new command line options

In addition the old --getworkkey option is now deprecated in favor of the
new --miningaddr option.  This was changed for a few reasons:

- There is no reason to have a separate list of keys for getwork and CPU
  mining
- getwork is deprecated and will be going away in the future so that means
  the --getworkkey flag will also be going away
- Having the work 'key' in the option can be confused with wanting a
  private key while --miningaddr make it a little more clear it is an
  address that is required

Closes #137.

Reviewed by @jrick.
2014-06-12 12:05:32 -05:00
Dave Collins
92ca0e92c0 Implement getwork RPC.
This commit adds full support for the getwork RPC which can be used to
support external mining through applications such as cgminer.

Closes #125.
2014-05-01 10:52:28 -05:00
Owain G. Ainsworth
cb1f3cf48c Rate limit free-to-relay transactions.
Closes #40

ok @davecgh
2014-02-19 22:39:02 +00:00
Dave Collins
7d35bc9460 Add --rpcmaxwebsockets option with default of 25.
This commit adds a new configuration option, --rpcmaxwebsockets, to limit the
number of max RPC websocket clients that are served concurrently.
2014-02-19 00:53:14 -06:00
Dave Collins
9a15453806 Make room for longer options in doc.go.
Also, fix a few missing equals signs while here.
2014-02-18 21:00:06 -06:00
Dave Collins
a293212581 Add --rpcmaxclients option with default of 10.
This commit adds a new configuration option, --rpcmaxclients, to limit the
number of max standard RPC clients that are served concurrently.  Note
that this value does not apply to websocket connections.  A future commit
will add support for limiting those separately.

Closes #68.
2014-02-18 20:46:41 -06:00
Owain G. Ainsworth
dd7c910e86 Enable use of a different proxy for .onion addresses.
This implements --onion (and --onionuser/--onionpass) that enable a
different proxy to be used to connect to .onion addresses. If no main
proxy is supplied then no proxy will be used for non-onion addresses.

Additionally we add --noonion that blocks connection attempts to .onion
addresses entirely (and avoids using tor for proxy dns lookups).

the --tor option has been supersceded and thus removed.

Closes #47
2014-01-07 19:18:09 +00:00
Dave Collins
aeec39c1ff Add 2014 to copyright dates. 2014-01-01 10:16:15 -06:00
Dave Collins
07c656c8b5 Update doc.go with new debug level usage. 2013-11-21 20:01:11 -06:00
Dave Collins
9c26f6c4c5 Update doc.go with recent Winows path change. 2013-11-19 18:40:56 -06:00
Dave Collins
0cc756337e Update command line options in doc.go. 2013-11-19 18:16:29 -06:00
Dave Collins
ccfcbebbdc Add config file information to command doc. 2013-10-16 10:16:11 -05:00
Dave Collins
dd6b71300f Add basic btcd command documentation.
This will be expanded upon in future commits.
2013-10-16 10:04:12 -05:00