2016-12-02 00:45:50 +01:00
|
|
|
// Copyright (c) 2009-2010 Satoshi Nakamoto
|
2016-12-31 19:01:21 +01:00
|
|
|
// Copyright (c) 2009-2016 The Bitcoin Core developers
|
2016-12-02 00:45:50 +01:00
|
|
|
// Distributed under the MIT software license, see the accompanying
|
|
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
|
|
|
|
#ifndef BITCOIN_NET_PROCESSING_H
|
|
|
|
#define BITCOIN_NET_PROCESSING_H
|
|
|
|
|
|
|
|
#include "net.h"
|
|
|
|
#include "validationinterface.h"
|
2017-10-24 22:56:07 +02:00
|
|
|
#include "consensus/params.h"
|
2016-12-02 00:45:50 +01:00
|
|
|
|
2017-01-09 20:11:15 +01:00
|
|
|
/** Default for -maxorphantx, maximum number of orphan transactions kept in memory */
|
|
|
|
static const unsigned int DEFAULT_MAX_ORPHAN_TRANSACTIONS = 100;
|
|
|
|
/** Expiration time for orphan transactions in seconds */
|
|
|
|
static const int64_t ORPHAN_TX_EXPIRE_TIME = 20 * 60;
|
|
|
|
/** Minimum time between orphan transactions expire time checks in seconds */
|
|
|
|
static const int64_t ORPHAN_TX_EXPIRE_INTERVAL = 5 * 60;
|
2017-01-09 20:38:06 +01:00
|
|
|
/** Default number of orphan+recently-replaced txn to keep around for block reconstruction */
|
|
|
|
static const unsigned int DEFAULT_BLOCK_RECONSTRUCTION_EXTRA_TXN = 100;
|
2017-05-08 21:05:22 +02:00
|
|
|
/** Headers download timeout expressed in microseconds
|
|
|
|
* Timeout = base + per_header * (expected number of headers) */
|
|
|
|
static constexpr int64_t HEADERS_DOWNLOAD_TIMEOUT_BASE = 15 * 60 * 1000000; // 15 minutes
|
|
|
|
static constexpr int64_t HEADERS_DOWNLOAD_TIMEOUT_PER_HEADER = 1000; // 1ms/header
|
Permit disconnection of outbound peers on bad/slow chains
Currently we have no rotation of outbound peers. If an outbound peer
stops serving us blocks, or is on a consensus-incompatible chain with
less work than our tip (but otherwise valid headers), then we will never
disconnect that peer, even though that peer is using one of our 8
outbound connection slots. Because we rely on our outbound peers to
find an honest node in order to reach consensus, allowing an
incompatible peer to occupy one of those slots is undesirable,
particularly if it is possible for all such slots to be occupied by such
peers.
Protect against this by always checking to see if a peer's best known
block has less work than our tip, and if so, set a 20 minute timeout --
if the peer is still not known to have caught up to a chain with as much
work as ours after 20 minutes, then send a single getheaders message,
wait 2 more minutes, and if a better header hasn't been received by then,
disconnect that peer.
Note:
- we do not require that our peer sync to the same tip as ours, just an
equal or greater work tip. (Doing otherwise would risk partitioning the
network in the event of a chain split, and is also unnecessary.)
- we pick 4 of our outbound peers and do not subject them to this logic,
to be more conservative. We don't wish to permit temporary network
issues (or an attacker) to excessively disrupt network topology.
2017-10-12 19:55:43 +02:00
|
|
|
/** Protect at least this many outbound peers from disconnection due to slow/
|
|
|
|
* behind headers chain.
|
|
|
|
*/
|
|
|
|
static constexpr int32_t MAX_OUTBOUND_PEERS_TO_PROTECT_FROM_DISCONNECT = 4;
|
|
|
|
/** Timeout for (unprotected) outbound peers to sync to our chainwork, in seconds */
|
|
|
|
static constexpr int64_t CHAIN_SYNC_TIMEOUT = 20 * 60; // 20 minutes
|
2017-10-24 22:56:07 +02:00
|
|
|
/** How frequently to check for stale tips, in seconds */
|
|
|
|
static constexpr int64_t STALE_CHECK_INTERVAL = 10 * 60; // 10 minutes
|
|
|
|
/** How frequently to check for extra outbound peers and disconnect, in seconds */
|
|
|
|
static constexpr int64_t EXTRA_PEER_CHECK_INTERVAL = 45;
|
|
|
|
/** Minimum time an outbound-peer-eviction candidate must be connected for, in order to evict, in seconds */
|
|
|
|
static constexpr int64_t MINIMUM_CONNECT_TIME = 30;
|
2017-01-09 20:11:15 +01:00
|
|
|
|
2017-07-06 19:40:09 +02:00
|
|
|
class PeerLogicValidation : public CValidationInterface, public NetEventsInterface {
|
2016-12-02 00:45:50 +01:00
|
|
|
private:
|
2017-10-24 22:56:07 +02:00
|
|
|
CConnman* const connman;
|
2016-12-02 00:45:50 +01:00
|
|
|
|
|
|
|
public:
|
2017-10-24 22:56:07 +02:00
|
|
|
explicit PeerLogicValidation(CConnman* connman, CScheduler &scheduler);
|
2016-12-02 00:45:50 +01:00
|
|
|
|
2017-02-08 20:00:14 +01:00
|
|
|
void BlockConnected(const std::shared_ptr<const CBlock>& pblock, const CBlockIndex* pindexConnected, const std::vector<CTransactionRef>& vtxConflicted) override;
|
|
|
|
void UpdatedBlockTip(const CBlockIndex *pindexNew, const CBlockIndex *pindexFork, bool fInitialDownload) override;
|
|
|
|
void BlockChecked(const CBlock& block, const CValidationState& state) override;
|
|
|
|
void NewPoWValidBlock(const CBlockIndex *pindex, const std::shared_ptr<const CBlock>& pblock) override;
|
2017-07-06 19:40:09 +02:00
|
|
|
|
|
|
|
|
2017-07-06 20:08:23 +02:00
|
|
|
void InitializeNode(CNode* pnode) override;
|
2017-07-06 19:40:09 +02:00
|
|
|
void FinalizeNode(NodeId nodeid, bool& fUpdateConnectionTime) override;
|
|
|
|
/** Process protocol messages received from a given node */
|
2017-07-06 20:08:23 +02:00
|
|
|
bool ProcessMessages(CNode* pfrom, std::atomic<bool>& interrupt) override;
|
2017-07-06 19:40:09 +02:00
|
|
|
/**
|
|
|
|
* Send queued protocol messages to be sent to a give node.
|
|
|
|
*
|
|
|
|
* @param[in] pto The node which we are sending messages to.
|
|
|
|
* @param[in] interrupt Interrupt condition for processing threads
|
|
|
|
* @return True if there is more work to be done
|
|
|
|
*/
|
2017-07-06 20:08:23 +02:00
|
|
|
bool SendMessages(CNode* pto, std::atomic<bool>& interrupt) override;
|
Permit disconnection of outbound peers on bad/slow chains
Currently we have no rotation of outbound peers. If an outbound peer
stops serving us blocks, or is on a consensus-incompatible chain with
less work than our tip (but otherwise valid headers), then we will never
disconnect that peer, even though that peer is using one of our 8
outbound connection slots. Because we rely on our outbound peers to
find an honest node in order to reach consensus, allowing an
incompatible peer to occupy one of those slots is undesirable,
particularly if it is possible for all such slots to be occupied by such
peers.
Protect against this by always checking to see if a peer's best known
block has less work than our tip, and if so, set a 20 minute timeout --
if the peer is still not known to have caught up to a chain with as much
work as ours after 20 minutes, then send a single getheaders message,
wait 2 more minutes, and if a better header hasn't been received by then,
disconnect that peer.
Note:
- we do not require that our peer sync to the same tip as ours, just an
equal or greater work tip. (Doing otherwise would risk partitioning the
network in the event of a chain split, and is also unnecessary.)
- we pick 4 of our outbound peers and do not subject them to this logic,
to be more conservative. We don't wish to permit temporary network
issues (or an attacker) to excessively disrupt network topology.
2017-10-12 19:55:43 +02:00
|
|
|
|
|
|
|
void ConsiderEviction(CNode *pto, int64_t time_in_seconds);
|
2017-10-24 22:56:07 +02:00
|
|
|
void CheckForStaleTipAndEvictPeers(const Consensus::Params &consensusParams);
|
|
|
|
void EvictExtraOutboundPeers(int64_t time_in_seconds);
|
|
|
|
|
|
|
|
private:
|
|
|
|
int64_t m_stale_tip_check_time; //! Next time to check for stale tip
|
2016-12-02 00:45:50 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
struct CNodeStateStats {
|
|
|
|
int nMisbehavior;
|
|
|
|
int nSyncHeight;
|
|
|
|
int nCommonHeight;
|
|
|
|
std::vector<int> vHeightInFlight;
|
|
|
|
};
|
|
|
|
|
|
|
|
/** Get statistics from node state */
|
|
|
|
bool GetNodeStateStats(NodeId nodeid, CNodeStateStats &stats);
|
|
|
|
/** Increase a node's misbehavior score. */
|
|
|
|
void Misbehaving(NodeId nodeid, int howmuch);
|
|
|
|
|
|
|
|
#endif // BITCOIN_NET_PROCESSING_H
|