Bitcoin will not make an outbound connection to a network group
(/16 for IPv4) that it is already connected to. This means that
if an attacker wants good odds of capturing all a nodes outbound
connections he must have hosts on a a large number of distinct
groups.
Previously both inbound and outbound connections were used to
feed this exclusion. The use of inbound connections, which can be
controlled by the attacker, actually has the potential of making
sibyl attacks _easier_: An attacker can start up hosts in groups
which house many honest nodes and make outbound connections to
the victim to exclude big swaths of honest nodes. Because the
attacker chooses to make the outbound connection he can always
beat out honest nodes for the consumption of inbound slots.
At _best_ the old behavior increases attacker costs by a single
group (e.g. one distinct group to use to fill up all your inbound
slots), but at worst it allows the attacker to select whole
networks you won't connect to.
This commit makes the nodes use only outbound links to exclude
network groups for outbound connections. Fancier things could
be done, like weaker exclusion for inbound groups... but
simplicity is good and I don't believe more complexity is
currently needed.
- display as "language - country (locale name)", when locale name consists of 2 parts
- display as "language (locale name)", when locale name consists of 1 part
Use Boost's signal2 slot tracking mechanism to cancel any (still open)
listening sockets when receiving a shutdown signal.
Signed-off-by: Giel van Schijndel <me@mortis.eu>
This commit adds support for .onion addresses (mapped into the IPv6
by using OnionCat's range and encoding), and the ability to connect
to them via a SOCKS5 proxy.
Prior to this change, each TX typically generated 3+ debug messages,
askfor tx 8644cc97480ba1537214 0
sending getdata: tx 8644cc97480ba1537214
askfor tx 8644cc97480ba1537214 1339640761000000
askfor tx 8644cc97480ba1537214 1339640881000000
CTxMemPool::accept() : accepted 8644cc9748 (poolsz 6857)
After this change, there is only one message for each valid TX received
CTxMemPool::accept() : accepted 22a73c5d8c (poolsz 42)
and two messages for each orphan tx received
ERROR: FetchInputs() : 673dc195aa mempool Tx prev not found 1e439346fc
stored orphan tx 673dc195aa (mapsz 19)
The -debugnet option, or its superset -debug, will restore the full debug
output.
Since the minimum signed integer cannot be represented as positive so long as its type is signed, and it's not well-defined what happens if you make it unsigned before negating it, we instead increment the negative integer by 1, convert it, then increment the (now positive) unsigned integer by 1 to compensate
Implement the following rules:
* Interpret [X]:Y as host=X port=Y, if Y is an integer
* Interpret X:Y as host=X port=Y, if Y is an integer and X contains no colon
* Interpret X:Y as host=X:Y port=default otherwise
On Linux/Mac the command-line options were printed to stderr when the button
was pressed in the debug window, resulting in confusion. This is fixed
in this commit by adding a separate method.
The current order of menu options in the tray menu doesn't really match expected usage patterns, this commit changes it to more logical order.
- Toggle show/hide first (unchanged)
- Then, send/receive coins actions, which are the critical functionality of bitcoin
- Then, sign/verify message
- Then finally the options, and closing with the debug window
This is necessary as any strings have changed since last time.
Also the python script used to extract bitcoinstrings.cpp, extract_strings_qt.py
now sorts the strings before generating the output file. This results in more
deterministic output and thus smaller diffs.
- extend network options with a SOCKS version selection
- changing "Unit to show amounts in:" now also updates the unit used in the transaction fee box
- string updates
- link Apply button and OK button when enabling or disabling them
- use LookupNumeric() from netbase to verify proxy address (via an EventFilter)
- change proxy address field to QValidatedLineEdit and add visual feedback
- add a status label used for displaying a message for invalid proxy addresses
- allow usage of IPv6 address as proxy address
- added warning message when enabling / disabling SOCKS proxy
The option to open the debug logfile from the debug window was implemented only for
windows. By using `QDesktopServices::openUrl` it now works on any platform.
AvailableCoins() makes a vector of available outputs which is then passed to SelectCoinsMinConf(). This allows unit tests to test the coin selection algorithm without having the whole blockchain available.
Newlines in JSON strings are against the JSON spec,
so remove them from the script*.json unit tests to
make python's jsonrpc happy (json::spirit didn't care).
This adds a field labelled 'Immature' in the overview section under the 'unconfirmed' field, which shows mined
income that has not yet matured (which is currently not displayed anywhere, even though the transactions
exist in the transaction list). To do that I added a 'GetImmatureBalance' method to the wallet, and connected
that through to the GUI as per the 'GetBalance' and 'GetUnconfirmedBalance' methods. I did a small 'no-op'
change to make the code in adjacent functions a little more readable (imo); it was a change I had made in my
repo earlier...but I thought it wouldn't hurt so left it in. Immature balance comes from mined income that is
at least two blocks deep in the chain (same logic as displayed transactions).
My reasoning is:
- as a miner, it's a critical stat I want to see
- as a miner, and taking into account the label 'immature', the uncertainty is pretty clearly implied
- those numbers are already displayed in the transaction list
- this makes the overview numbers add up to what's in the transaction list
- it's not displayed if the immature balance is 0, so won't bother non-miners
I also 'cleaned' the overview UI a little, moving code to the XML and removing HTML.
Using this modification it should be relatively easy to, at a later
time, listen on multiple addresses (even Unix domain sockets should be
possible).
Signed-off-by: Giel van Schijndel <me@mortis.eu>
The RPC server now listens for, and handles, incoming connections on
both IPv4 as well as IPv6.
If available (and usable) it uses a dual IPv4/IPv6 socket on systems
that support it (e.g. Linux and BSDs) and falls back to separate
IPv4/IPv6 sockets on systems that don't (e.g. Windows).
Signed-off-by: Giel van Schijndel <me@mortis.eu>
This allows more flexibility in the RPC code, e.g. making it easier to
handle multiple simultaneous connections later on.
Currently asynchronous I/O is only used to listen for and accept
incoming connections. Asynchronous reading/writing is more involved.
Signed-off-by: Giel van Schijndel <me@mortis.eu>
This introduces internal types:
* CKeyID: reference (hash160) of a key
* CScriptID: reference (hash160) of a script
* CTxDestination: a boost::variant of the former two
CBitcoinAddress is retrofitted to be a Base58 encoding of a
CTxDestination. This allows all internal code to only use the
internal types, and only have RPC and GUI depend on the base58 code.
Furthermore, the header dependencies are a lot saner now. base58.h is
at the top (right below rpc and gui) instead of at the bottom. For the
rest: wallet -> script -> keystore -> key. Only keystore still requires
a forward declaration of CScript. Solving that would require splitting
script into two layers.
test/DoS_tests.cpp: In member function ‘void DoS_tests::DoS_mapOrphans::test_method()’:
test/DoS_tests.cpp:200:41: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
test/DoS_tests.cpp:208:41: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
test/DoS_tests.cpp: In member function ‘void DoS_tests::DoS_checkSig::test_method()’:
test/DoS_tests.cpp:260:37: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
test/DoS_tests.cpp:267:37: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
test/DoS_tests.cpp:280:41: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
test/DoS_tests.cpp:307:37: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]