Commit graph

33 commits

Author SHA1 Message Date
Olaoluwa Osuntokun
0029905d43 Integrate a valid ECDSA signature cache into btcd
Introduce an ECDSA signature verification into btcd in order to
mitigate a certain DoS attack and as a performance optimization.

The benefits of SigCache are two fold. Firstly, usage of SigCache
mitigates a DoS attack wherein an attacker causes a victim's client to
hang due to worst-case behavior triggered while processing attacker
crafted invalid transactions. A detailed description of the mitigated
DoS attack can be found here: https://bitslog.wordpress.com/2013/01/23/fixed-bitcoin-vulnerability-explanation-why-the-signature-cache-is-a-dos-protection/
Secondly, usage of the SigCache introduces a signature verification
optimization which speeds up the validation of transactions within a
block, if they've already been seen and verified within the mempool.

The server itself manages the sigCache instance. The blockManager and
txMempool respectively now receive pointers to the created sigCache
instance. All read (sig triplet existence) operations on the sigCache
will not block unless a separate goroutine is adding an entry (writing)
to the sigCache. GetBlockTemplate generation now also utilizes the
sigCache in order to avoid unnecessarily double checking signatures
when generating a template after previously accepting a txn to the
mempool. Consequently, the CPU miner now also employs the same
optimization.

The maximum number of entries for the sigCache has been introduced as a
config parameter in order to allow users to configure the amount of
memory consumed by this new additional caching.
2015-10-08 17:31:42 -07:00
David Hill
c9ee3d9c5e wire: Implement SFNodeBloom (BIP0111).
SFNodeBloom is a new service flag that a node is required to use to
indicate that it supports bloom filtering.  This includes a protocol
version bump to 70011 and a wire version bump to 0.3.0.

btcd:
The SFNodeBloom flag is set by default.  A new configuration option
--nopeerbloomfilters has been added to to disable bloom filtering.

Any node advertising a version greater than or equal to 70011 that
attempts to use bloom filtering will be disconnected if bloom
filtering is disabled.

This mimics Bitcoin Core commit afb0ccaf9c9e4e8fac7db3564c4e19c9218c6b03
2015-09-28 16:25:44 -04:00
David Hill
e13b4febec Document limitfreerelay and norelaypriority options. 2015-07-13 12:52:17 -04:00
David Hill
007bee5ec8 Add new option --torisolation
Tor stream isolation randomizes proxy user credentials resulting in
Tor creating a new circuit for each connection.  This makes it more
difficult to correlate connections.

Idea from Wladimir J. van der Laan via Bitcoin Core.
2015-05-13 18:30:48 -04:00
David Hill
5f8dbab47a Add new option -maxorphantx
The option -maxorphantx allows the user to specify the number of
orphan transactions to keep in memory.

Also, lower the default max orphan count from 10000 to 1000.
2015-05-12 17:22:13 -04:00
Alex Akselrod
4a1445a032 Create limited RPC user.
The limited user is specified with the --rpclimituser and
--rpclimitpass options (or the equivalent in the config file).
The config struct and loadConfig() are updated to take the
new options into account. The limited user can have neither
the same username nor the same password as the admin user.

The package-level rpcLimit map in rpcserver.go specifies
the RPC commands accessible by limited users. This map
includes both HTTP/S and websocket commands.

The checkAuth function gets a new return parameter to
signify whether the user is authorized to change server
state. The result is passed to the jsonRPCRead function and
to the WebsocketHandler function in rpcwebsocket.go.

The wsClient struct is updated with an "isAdmin" field
signifying that the client is authorized to change server
state, written by WebsocketHandler and handleMessage.
The handleMessage function also checks the field to
allow or disallow an RPC call.

The following documentation files are updated:
- doc.go
- sample-btcd.conf
- docs/README.md
- docs/json_rpc_api.md
- docs/configure_rpc_server_listen_interfaces.md
2015-04-13 14:14:52 -04:00
Olaoluwa Osuntokun
ecdffda748 Add support for an optional address-based transaction index.
* Address index is built up concurrently with the `--addrindex` flag.
* Entire index can be deleted with `--dropaddrindex`.
* New RPC call: `searchrawtransaction`
  * Returns all transacitons related to a particular address
  * Includes mempool transactions
  * Requires `--addrindex` to be activated and fully caught up.
* New `blockLogger` struct has been added to factor our common logging
  code
* Wiki and docs updated with new features.
2015-02-05 14:48:19 -08:00
Dave Collins
22c85516e7 Correct sample-btcd.conf RPC listen comment.
The comment for the RPC listen section in the sample-btcd.conf incorrectly
claimed that the default for the RPC server listener is to listen on all
interfaces by default.  In reality, it only listens on localhost for IPv4
and IPv6 by default.

Closes #208.
2015-01-11 17:03:21 -06:00
Dave Collins
04d47de262 Allow disabling RPC server TLS for localhost only.
This commit introduces a new flag, --notls, which can be used to disable
TLS for the RPC server.  However, the flag can only be used when the RPC
server is bound to localhost interfaces.  This is intended to prevent the
situation where someone decides they want to expose the RPC server to the
web for remote management/access, but forgot they have TLS disabled.
2015-01-02 11:17:23 -06:00
Dave Collins
7452e51976 Update sample config file.
This commit adds a couple of options which were not details in the sample
config file.  It also fixes a couple of typos and makes the example default
maxpeers setting in the config file match the actual default used in btcd.
2014-09-18 15:28:39 -05:00
Dave Collins
e25b644d3b Implement a built-in concurrent CPU miner.
This commit implements a built-in concurrent CPU miner that can be enabled
with the combination of the --generate and --miningaddr options.  The
--blockminsize, --blockmaxsize, and --blockprioritysize configuration
options wich already existed prior to this commit control the block
template generation and hence affect blocks mined via the new CPU miner.

The following is a quick overview of the changes and design:

- Starting btcd with --generate and no addresses specified via
  --miningaddr will give an error and exit immediately
- Makes use of multiple worker goroutines which independently create block
  templates, solve them, and submit the solved blocks
- The default number of worker threads are based on the number of
  processor cores in the system and can be dynamically changed at
  run-time
- There is a separate speed monitor goroutine used to collate periodic
  updates from the workers to calculate overall hashing speed
- The current mining state, number of workers, and hashes per second can
  be queried
- Updated sample-btcd.conf file has been updated to include the coin
  generation (mining) settings
- Updated doc.go for the new command line options

In addition the old --getworkkey option is now deprecated in favor of the
new --miningaddr option.  This was changed for a few reasons:

- There is no reason to have a separate list of keys for getwork and CPU
  mining
- getwork is deprecated and will be going away in the future so that means
  the --getworkkey flag will also be going away
- Having the work 'key' in the option can be confused with wanting a
  private key while --miningaddr make it a little more clear it is an
  address that is required

Closes #137.

Reviewed by @jrick.
2014-06-12 12:05:32 -05:00
Brian Deery
ddc773535a Remove comments interpreted as settings
in go-flags/ini_private.go in function readIni there is no mechanism for
adding inline comments.  Only comments that have a semicolon as the first
non-whitespace character are ignored.

According to Wikipedia http://en.wikipedia.org/wiki/INI_file#Comments
inline comments are not universally supported.

This change adds some white space for readability, but
name := strings.TrimSpace(line[1 : len(line)-1]) removes accidental whitespace
left in later.

Closes #135.
2014-06-09 14:36:07 -05:00
Dave Collins
178e60a66e Update sample conf regarding debuglevel subsystems.
The debuglevel parameter has accepted subsystems in additional to an
overall level for quite some time, but the sample config file was not
updated to reflect that.

This commit updates the sample config file accordingly.
2014-02-28 09:54:34 -06:00
Dave Collins
7d35bc9460 Add --rpcmaxwebsockets option with default of 25.
This commit adds a new configuration option, --rpcmaxwebsockets, to limit the
number of max RPC websocket clients that are served concurrently.
2014-02-19 00:53:14 -06:00
Dave Collins
a293212581 Add --rpcmaxclients option with default of 10.
This commit adds a new configuration option, --rpcmaxclients, to limit the
number of max standard RPC clients that are served concurrently.  Note
that this value does not apply to websocket connections.  A future commit
will add support for limiting those separately.

Closes #68.
2014-02-18 20:46:41 -06:00
Dave Collins
d33e9b4165 Unexport and comment btcDial and btcLookup func.
These functions are at the package level and only apply within btcd, so
unexport them to be consistent.
2014-01-10 01:31:20 -06:00
Owain G. Ainsworth
dd7c910e86 Enable use of a different proxy for .onion addresses.
This implements --onion (and --onionuser/--onionpass) that enable a
different proxy to be used to connect to .onion addresses. If no main
proxy is supplied then no proxy will be used for non-onion addresses.

Additionally we add --noonion that blocks connection attempts to .onion
addresses entirely (and avoids using tor for proxy dns lookups).

the --tor option has been supersceded and thus removed.

Closes #47
2014-01-07 19:18:09 +00:00
Dave Collins
e433439308 Make RPC section of sample-btcd.conf consistent. 2013-11-19 11:01:23 -06:00
Owain G. Ainsworth
5da5dfe1c4 Add --rpclisten that behaves frighteningly similar to --listen.
Except it works for the rpcserver instead of the main server.

Closes #34
2013-11-19 14:48:58 +00:00
Dave Collins
5bf879dcfc Minor cleanup of some documentation and comments. 2013-11-18 10:38:24 -06:00
Dave Collins
50484c5841 Update sample config file with recent changes.
This commit updates the sample config file to add the new listen option
and update the semantics regarding the combination of --proxy and --tor
flags.
2013-11-13 20:20:32 -06:00
Dave Collins
72c186f9a9 Migrate to new app data directories.
This commit makes use of the new btcutil.AppDataDir function which chooses
appropriate data directories for each supported operating system.  It also
adds code to the upgrade path to properly migrate existing data from the
old to new locations.

This is part of work toward issue #30.
2013-11-11 10:58:38 -06:00
Dave Collins
ae5810bc50 Change default RPC port to 8334 (18334 testnet).
This change paves the way for running btcwallet on the same system without
having to change any settings.  The well-known ports used by the
reference implementation (8332 mainnet, 18332 testnet) will be exposed by
the separate wallet process, which will in turn forward unknown requests
to btcd via websockets (on 8334/18334).  This allows the wallet process to
ultimately provide a unified interface that exposes the same RPC-JSON API
as the reference implementation will maintaining wallet and chain
separation.
2013-10-16 15:01:43 -05:00
Dave Collins
6ff9d152ca Update the sample config file.
This commit adds a few more available options to the sample config file
and clarifies a few things.
2013-10-04 01:38:41 -05:00
Dave Collins
9c8cd4dee1 Update sample config for recent go-flags fix.
The configuration file can now contain multiple entries for the
configuration options which allow more than one to be specified (addpeer,
connect).
2013-09-19 09:17:15 -05:00
Dave Collins
465327c62d Expand environment variables in datadir.
This commit adds environment variable expansion and path cleaning to the
data directory.  This allows the user to specify data paths in the config
file such as datadir=~/.btcd/data and datadir=$SOMEVAR/btcd.  It also
adds usage instructions and an example to the sample btcd.conf file.
2013-09-18 00:16:57 -05:00
Dave Collins
f2190d21dd Add profile option to sample configuration file. 2013-09-17 17:28:07 -05:00
Dave Collins
f80bc8c8f9 Misc comment and doco cleanup. 2013-08-08 12:47:15 -05:00
David Hill
52416ec28f new option --tor (requires --proxy)
Although not required if the proxy set is indeed Tor, setting this option
does the following:
   - Sends DNS queries over the Tor network (during dns seed lookup).  This
     stops your IP from being leaked via DNS.
   - Does not disable the listening port.  This allows the hidden services
     feature of Tor to be used.
2013-08-08 12:11:39 -04:00
Dave Collins
5ca605dadc Remove duplicate proxy setting from config. 2013-08-08 00:22:10 -05:00
Dave Collins
f0a0b06f29 Move sample proxy config near top of net settings. 2013-08-08 00:17:13 -05:00
David Hill
3f782928fd initial proxy code 2013-08-08 00:13:47 -05:00
Dave Collins
8574846e87 Move btcd to root directory.
This allows easier go get paths.
2013-08-07 12:47:51 -05:00
Renamed from btcd/sample-btcd.conf (Browse further)