In case a reorganisation fails, the internal state could become
inconsistent (memory only). Previously, a cache per block connect
or disconnect action was used, so blocks could not be applied in
a partial way. Extend this to a cache for the entire reorganisation,
making it atomic entirely. This also simplifies the code a bit.
- this allows to setup the trayicon before we have and want a trayicon menu
- should be of great use, when we remove that splash screen
- fixes a small bug with the toggleHideAction icon, which is not only used with
trayicon but also with the Mac dock
- fix ThreadSafeMessageBox always displays error icon
- allow to specify MSG_ERROR / MSG_WARNING or MSG_INFORMATION without a
custom caption / title
- allow to specify CClientUIInterface::ICON_ERROR / ICON_WARNING and
ICON_INFORMATION (which is default) as message box icon
- remove CClientUIInterface::OK from ThreadSafeMessageBox-calls, as
the OK button will be set as default, if none is specified
- prepend "Bitcoin - " to used captions
- rename BitcoinGUI::error() -> BitcoinGUI::message() and add function
documentation
- change all style parameters and enum flags to unsigned
- update code to use that new API
- update Client- and WalletModel to use new BitcoinGUI::message() and
rename the classes error() method into message()
- include the possibility to supply the wanted icon for messages from
Client- and WalletModel via "style" parameter
When a transaction A is in the memory pool, while a transaction B
(which shares an input with A) gets accepted into a block, A was
kept forever in the memory pool.
This commit adds a CTxMemPool::removeConflicts method, which
removes transactions that conflict with a given transaction, and
all their children.
This results in less transactions in the memory pool, and faster
construction of new blocks.
- can be triggerd by just adding -proxy=crashme with 0.7.1
- crash occured, when AppInit2() was left with return false; after the
first call to bitdb.open() (Step 6 in init)
- this is caused by GetDataDir() or .string() in CDBEnv::EnvShutdown()
called via the bitdb global destructor
- init fDbEnvInit and fMockDb to false in CDBEnv::CDBEnv()
These flags select features to be enabled/disabled during script
evaluation/checking, instead of several booleans passed along.
Currently these flags are defined:
* SCRIPT_VERIFY_P2SH: enable BIP16-style subscript evaluation
* SCRIPT_VERIFY_STRICTENC: enforce strict adherence to pubkey/sig encoding standards.
o Remove unused Leave and GetLock functions
o Make Enter and TryEnter private.
o Simplify Enter and TryEnter.
boost::unique_lock doesn't really know whether the
mutex it wraps is locked or not when the defer_lock
option is used.
The boost::recursive_mutex does not expose this
information, so unique_lock only infers this
knowledge. When taking the lock is defered, it
(randomly) assumes that the lock is not taken.
boost::unique_lock has the following definition:
unique_lock(Mutex& m_,defer_lock_t):
m(&m_),is_locked(false)
{}
bool owns_lock() const
{
return is_locked;
}
Thus it is a mistake to check owns_lock() in Enter
and TryEnter - they will always return false.
- remove an unwanted ";" at the end of the ~CCoinsView() destructor
- in FindBlockPos() and FindUndoPos() only call fclose(), is file is open
- fix an error string in the CBlockUndo class
feature in clang. These macros should primarily be used to
document which locks protect a given piece of data. Secondary it
can be used to document the set of held and excluded locks when
entering a function.
- remove pathEnv from CDBEnv, as this attribute is not needed
- change path parameter in ::Open() to a reference
- make nDbCache variable an unsigned integer
- remove a missplaced ";" behin ::IsMock()
- this allows the client to listen on via -bind specified addresses
(e.g. 127.0.0.1), even when a network (IPv4 in that case) was blocked
via e.g -onlynet="Tor"
- introduce enum BindFlags to avoid passing multiple bools to Bind()
- make -bind help text clear we ALWAYS listen on the specified address
- remove an unused variable
- remove 2 unneeded IsLimited() checks before calling Bind(), which does
these checks anyway
- usage case: specify -bind=127.0.0.1 -onlynet="Tor" to allow incoming
connections to a Tor hidden service, but still don't allow other IPv4
nodes to connect / get connected
As memset() can be optimized out by a compiler it should not be used in
privacy/security relevant code parts. OpenSSL provides the safe
OPENSSL_cleanse() function in crypto.h, which perfectly does the job of
clean and overwrite data.
For details see: http://www.viva64.com/en/b/0178/
- change memset() to OPENSSL_cleanse() where appropriate
- change a hard-coded number from netbase.cpp into a sizeof()
Flushes the blktree/ and coins/ databases, and reindexes the
block chain files, as if their contents was loaded via -loadblock.
Based on earlier work by Jeff Garzik.
- ensure header inclusion guard is named after the header file
- add missing comments at the end of some inclusion guards
- add a small Qt5 compatibility fix in macdockiconhandler.h
rather than reusing ReadHTTPStatus() from the client mode.
The following additional HTTP request validations are added, both in line with
existing HTTP client practice:
1) HTTP method must be GET or POST. Most clients use POST, some
use GET. Either way, this continues to work.
2) HTTP URI must start with "/" character.
Normal URI is "/" (a 1-char string), so this is fine.
ReadHTTPStatus() is currently overloaded: In client mode, it properly parses
and receives an HTTP status line. In server mode, it incorrectly parses the
HTTP request line as an HTTP status line.
This server mode bug has never mattered, because the RPC server never
cared about the URI (path) provided in the HTTP request. That will change in
the future, so go ahead and begin fixing the problem.
This patch is cosmetic, and should result in NO behavior changes.
Further renames:
ReadHTTPHeader -> ReadHTTPHeaders
ReadHTTP -> ReadHTTPMessage
The original test (checking whether the transaction occurs in the
txindex) is not usable anymore, as it will miss anything already
fully spent. However, as merkle transactions (and by extension,
wallet transactions) track which block they were last seen being
included in, we can use that to determine the need for
rebroadcasting.
- add setStatusTip() in addition to setTooltip() where it makes sense
- add only setStatusTip() if GUI element is only used in main- or tray menu
- add an event filter on our BitcoinGUI object to prevent garbelled text
on the status bar, which happens when we use it for e.g. displaying
block-sync state and then a QEvent::StatusTip wants to write own text to it
- remove a double translation of "Bitcoin client"
This is to support the signrawtransaction API call; given the public
keys involved in a multisig transaction, this gives back the redeemScript
needed to sign it.
signrawtransaction was unable to sign pay-to-script-hash inputs
when given the list of private keys to use. With this commit
you can provide the p2sh redemption script in the list of
inputs.
As the coinset data refers to the best block, stored in the block
tree. Flushing the coin set first can cause inconsistencies if
the process gets killed in between.
- "ThreadIRCSeed started" was not displayed, even if the thread ran
(although only for a short time as the "do we want this thread?"-checks
happen IN ThreadIRCSeed2())
- the patch ensures we always get that message
- add a "ThreadIRCSeed trying to connect..." message
- add missing "ThreadDumpAddress started" message
- instead of "return false;" use "return QDialog::eventFilter(object,
event);" to harmonize this event filter with our default behaviour
- remove orphan spaces found while editting the files
Implements #1948
- Add macro `CLIENT_VERSION_IS_RELEASE` to clientversion.h
- When running a prerelease (the above macro is `false`):
- In UI, show an orange warning bar at the top. This will be used for other
warnings (and alerts) as well, instead of the status bar.
- For `bitcoind`, show the warning in the "errors" field in `getinfo`
response.
CreateNewBlock was reading pindexBest at the start before taking the lock
so it was possible to have the the block content not match the prevheader
and this can also trigger a newly added assert in ConnectBlock.
I noticed this during a code review after twobitcoins reported that ab91bf39
(BIP30 for all blocks) could cause a null dereference on a modified node
that mined during the IBD, or on testnet when it reached heights 91842 and
91880 due to CreateNewBlock calling ConnectBlock with pindex->phashBlock NULL.
- remove uiInterface.InitMessage() calls from ThreadImport(), as Qt
doesn't like them getting called out of it's main thread and because the
thread will continue to run after the GUI was loaded
With a change of libs, and specifying NATIVE_WINDOWS as TARGET_OS it should compile libleveldb.a and libmemenv.a just fine, it did for me and Diapolo when testing.
Split off CBlockTreeDB and CCoinsViewDB into txdb-*.{cpp,h} files,
implemented by either LevelDB or BDB.
Based on code from earlier commits by Mike Hearn in his leveldb
branch.
Given that the block tree database (chain.dat) and the active chain
database (coins.dat) are entirely separate now, it becomes legal to
swap one with another instance without affecting the other.
This commit introduces a check in the startup code that detects the
presence of a better chain in chain.dat that has not been activated
yet, and does so efficiently (in batch, while reusing the blk???.dat
files).
To prevent excessive copying of CCoins in and out of the CCoinsView
implementations, introduce a GetCoins() function in CCoinsViewCache
with returns a direct reference. The block validation and connection
logic is updated to require caching CCoinsViews, and exploits the
GetCoins() function heavily.
Use CBlock's vMerkleTree to cache transaction hashes, and pass them
along as argument in more function calls. During initial block download,
this results in every transaction's hash to be only computed once.
During the initial block download (or -loadblock), delay connection
of new blocks a bit, and perform them in a single action. This reduces
the load on the database engine, as subsequent blocks often update an
earlier block's transaction already.
This switches bitcoin's transaction/block verification logic to use a
"coin database", which contains all unredeemed transaction output scripts,
amounts and heights.
The name ultraprune comes from the fact that instead of a full transaction
index, we only (need to) keep an index with unspent outputs. For now, the
blocks themselves are kept as usual, although they are only necessary for
serving, rescanning and reorganizing.
The basic datastructures are CCoins (representing the coins of a single
transaction), and CCoinsView (representing a state of the coins database).
There are several implementations for CCoinsView. A dummy, one backed by
the coins database (coins.dat), one backed by the memory pool, and one
that adds a cache on top of it. FetchInputs, ConnectInputs, ConnectBlock,
DisconnectBlock, ... now operate on a generic CCoinsView.
The block switching logic now builds a single cached CCoinsView with
changes to be committed to the database before any changes are made.
This means no uncommitted changes are ever read from the database, and
should ease the transition to another database layer which does not
support transactions (but does support atomic writes), like LevelDB.
For the getrawtransaction() RPC call, access to a txid-to-disk index
would be preferable. As this index is not necessary or even useful
for any other part of the implementation, it is not provided. Instead,
getrawtransaction() uses the coin database to find the block height,
and then scans that block to find the requested transaction. This is
slow, but should suffice for debug purposes.
Introduce a AllocateFileRange() function in util, which wipes or
at least allocates a given range of a file. It can be overriden
by more efficient OS-dependent versions if necessary.
Block and undo files are now allocated in chunks of 16 and 1 MiB,
respectively.
Change the block storage layer again, this time with multiple files
per block, but tracked by txindex.dat database entries. The file
format is exactly the same as the earlier blk00001.dat, but with
smaller files (128 MiB for now).
The database entries track how many bytes each block file already
uses, how many blocks are in it, which range of heights is present
and which range of dates.
The CTxUndo class encapsulates data necessary to undo the effects of
a transaction on the txout set, namely the previous outputs consumed
by it (script + amount), and potentially transaction meta-data when
it is spent entirely.
The CCoins class represents a pruned set of transaction outputs from
a given transaction. It only retains information about its height in
the block chain, whether it was a coinbase transaction, and its
unspent outputs (script + amount).
It has a custom serializer that has very low redundancy.
Special serializer/deserializer for amount values. It is optimized for
values which have few non-zero digits in decimal representation. Most
amounts currently in the txout set take only 1 or 2 bytes to
represent.
Special serializers for script which detect common cases and encode
them much more efficiently. 3 special cases are defined:
* Pay to pubkey hash (encoded as 21 bytes)
* Pay to script hash (encoded as 21 bytes)
* Pay to pubkey starting with 0x02, 0x03 or 0x04 (encoded as 33 bytes)
Other scripts up to 121 bytes require 1 byte + script length. Above
that, scripts up to 16505 bytes require 2 bytes + script length.
Variable-length integers: bytes are a MSB base-128 encoding of the number.
The high bit in each byte signifies whether another digit follows. To make
the encoding is one-to-one, one is subtracted from all but the last digit.
Thus, the byte sequence a[] with length len, where all but the last byte
has bit 128 set, encodes the number:
(a[len-1] & 0x7F) + sum(i=1..len-1, 128^i*((a[len-i-1] & 0x7F)+1))
Properties:
* Very small (0-127: 1 byte, 128-16511: 2 bytes, 16512-2113663: 3 bytes)
* Every integer has exactly one encoding
* Encoding does not depend on size of original integer type
This reverts commit 199d88cf90, reversing
changes made to 65bc1573e7.
License is worse instead of better. Will only accept public domain and
MIT-licensed icons from now on.
Corrupt wallets used to cause a DB_RUNRECOVERY uncaught exception and a
crash. This commit does three things:
1) Runs a BDB verify early in the startup process, and if there is a
low-level problem with the database:
+ Moves the bad wallet.dat to wallet.timestamp.bak
+ Runs a 'salvage' operation to get key/value pairs, and
writes them to a new wallet.dat
+ Continues with startup.
2) Much more tolerant of serialization errors. All errors in deserialization
are reported by tolerated EXCEPT for errors related to reading keypairs
or master key records-- those are reported and then shut down, so the user
can get help (or recover from a backup).
3) Adds a new -salvagewallet option, which:
+ Moves the wallet.dat to wallet.timestamp.bak
+ extracts ONLY keypairs and master keys into a new wallet.dat
+ soft-sets -rescan, to recreate transaction history
This was tested by randomly corrupting testnet wallets using a little
python script I wrote (https://gist.github.com/3812689)
Before, opening a -datadir that was created with a new
version of Berkeley DB would result in an un-caught DB_RUNRECOVERY
exception.
After these changes, the error is caught and the user is told
that there is a problem and is told how to try to recover from
it.
Before, opening a -datadir that was created with a new
version of Berkeley DB would result in an un-caught DB_RUNRECOVERY
exception.
After these changes, the error is caught and the user is told
that there is a problem and is told how to try to recover from
it.
- don't rely on the QSettings for cases ProxyUse and ProxySocksVersion and
query the real values via the GetProxy() call
- add a missing "succesful =" for case ProxyUse in ::setData()
I2P apparently needs 256 bits to store a fully routable address. Garlicat
requires a centralized lookup service to map the 80-bit addresses to fully
routable ones (as far as I understood), so that's not really usable in our
situation.
To support I2P routing and peer exchange for it, another solution is needed.
This will most likely imply a network protocol change, and extension of the
'addr' message.
- fix#1560 by properly locking proxy related data-structures
- update GetProxy() and introduce GetNameProxy() to be able to use a
thread-safe local copy from proxyInfo and nameproxyInfo
- update usage of GetProxy() all over the source to match the new
behaviour, as it now fills a full proxyType object
- rename GetNameProxy() into HaveNameProxy() to be more clear
This allows fun stuff such as `bitcoin --help | less`, and more
easy piping to files.
Looking at other tools such as bash, gcc, they all send their help
text to stdout.
These command are a leftover from send-to-IP transactions, which have been
removed a long time ago.
Also removes CNode::mapRequests and CNode::PushRequests, as these were
only used for the mentioned commands.
As the code was before, toHTML added empty elements to mapValue to check for their existance. Now first it check for their existance and then for their non-emptiness.
Removed a duplicated identical if
There are two equal ifs, one inside another. If the first one is true, then the second one is true.
Due to a bug in the implementation of MakeSameSize(), using OP_AND, OP_OR, or OP_XOR with signed values of unequal size will result in the sign-value becoming part of the smaller integer, with nonsensical results. This patch documents the unexpected behavior and provides the basis of a solution should decision be made to fix the bug in the future.
-detachdb option. Useful for upgrading, for example. Lets you use fast stops usually, but force a detach when needed. Also, allows
you to do a fast stop in a system normally configured for fast stops.
- I checked every occurance of strprintf() in the code and used %u, where
unsigned vars are used
- the change to GetByte() was made, as ip is an unsigned char
Matt pointed out some time ago that there existed a minor DOS
attack where a node in its initial block download could be wedged
by an overwrite attack in a fork created between checkpoints before
a time where BIP30 was enforced. Now that the BIP30 timestamp
is irreversibly past the check can be more aggressive and apply to
all blocks except the two historic violations.
- Paging using PageUp / PageDown now works when entry widget has focus
- Typing or pasting while the messages widget has focus auto-selects entry widget
We're in a wholly different world now, C++-compiler-wise.
Current std::stringstream implementations don't have the stated problem anymore,
and are just as fast as CDataStream.
The #ifdef'd block does not even compile anymore; CDataStream constructor changed,
and missing some std::. Also timing in whole seconds is also way too granular
to say anything sensible in such microbenchmarks. Just remove it,
it can always be found again in git history.
Bugfix: Correct doubled-up & in translations
Bugfix: Remove extra spaces after ampersand in translations (this fixes hotkeys)
Restore copyright translations, now split up
Restore old translations lost due to changes to English structure
Skipped: ca_ES et eu_ES fr_CA (under 10% coverage)
- add version information to bitcoin-qt.rc, which is displayed on Windows, when looking in the executable properties and selecting "Details"
- introduce a new clientversion.h (used in bitcoin-qt.rc to generate
version information), which takes only the version defines from
version.h and is included in it (to allow usage with the windres rc-file
compiler)
- move #define STRINGIFY(s) #s into clientversion.h as that is used in
bitcoin-qt.rc and rename to DO_STRINGIZE(X)
- add #define STRINGIZE(X) DO_STRINGIZE(X), which is needed to convert the
version defines into a version string in the rc-file
- this ensures we only need to update 1 file and have bitcoin-qt.exe
version information
- for RC-file documentation see:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa381058%28v=vs.85%29.aspx
OrderedTxItems returns a multimap of pointers, but needs a place to store the actual CAccountingEntries it points to.
It had been using a stack item, which was clobbered as soon as it returned, resulting in undefined behaviour.
This fixes at least bug #1768.
Try to display a nicer message instead of dumping raw JSON object when possible. If the error
somehow doesn't have the required 'code' and 'message' fields, fall back to printing raw JSON object.
- re-order Qt Actions and connect() calls to match the real GUI layout,
which makes things easier to read and understand
- remove signMessageAction and verifyMessageAction from tabGroup as we
didn't use them anyway (as tooltips are not displayed in the menu remove
these too)
- update 2 comments
- be clear we don't "Show/Hide Bitcoins", but just the client window
- remove the tooltip for toggleHideAction as this is not shown anyway
- update a comment to be more general
If our IRC nick is in use (because some other node thinks it has
the same address we think we have) don't fruitlessly try to reconnect
using that name forever. After three tries, give up and use a random
nick. Either we'll learn a new local address from IRC and switch
to that, or it was right and the other guy is advertising for us.
This avoids a pessimal case where a second testnet node behind
a nat is unable to get any peers because he can't get on IRC.
Previously Bitcoin would refuse to use IRC if it was either not
accepting inbound connections or not making outbound. Instead this
changes it to not use IRC only if it's not doing either or if
IPv4 is off completely. If Bitcoin is not listening this will use
the default random nicks rather than the IP based ones.
Hard-code a special nId=max int alert, to be broadcast if the
alert key is ever compromised. It applies to all versions, never
expires, cancels all previous alerts, and has a fixed message:
URGENT: Alert key compromised, upgrade required
Variations are not allowed (ignored), so an attacker with
the private key cannot broadcast empty-message nId=max alerts.
This fixes two alert system vulnerabilities found by
Sergio Lerner; you could send peers unlimited numbers
of invalid alert message to try to either fill up their
debug.log with messages and/or keep their CPU busy
checking signatures.
Fixed by disconnecting/banning peers if they send 10 or more
bad (invalid/expired/cancelled) alerts.
Windows & WindowsXP style have a problem with displaying the block progress.
Add a custom stylesheet as workaround, but only when one of those renderers is active,
otherwise leave the theme alone (issue #1071).
- add a new label, which can be updated independently from the whole
license information stuff
- the benefit is, we don't need to re-translate that whole wall of text
every year the copyright info changes
- update to the same copyright string we use in the source and in the
bitcoin-qt.exe meta-data information
- removes an obsolete entry from the ui-file
- Show address receiving the generation, and include it in the correct "account"
- Multiple entries in listtransactions output if the coinbase has multiple outputs to us
This applies on top of the coincontrol listaddressgroupings patch
and makes finding eligible outputs from the groups returned
by listaddressgroupings possible.
Logic:
- If sending a transaction, assign its timestamp to the current time.
- If receiving a transaction outside a block, assign its timestamp to the current time.
- If receiving a block with a future timestamp, assign all its (not already known) transactions' timestamps to the current time.
- If receiving a block with a past timestamp, before the most recent known transaction (that we care about), assign all its (not already known) transactions' timestamps to the same timestamp as that most-recent-known transaction.
- If receiving a block with a past timestamp, but after the most recent known transaction, assign all its (not already known) transactions' timestamps to the block time.
For backward compatibility, new accounting data is stored after a \0 in the comment string.
This way, old versions and third-party software should load and store them, but all actual use (listtransactions, for example) ignores it.
Replace direct calls to mlock.
Also, change the class to lock the memory areas in the constructor and unlock them again in the destructor. This makes sure that locked pages won't leak.
Memory locks do not stack, that is, pages which have been locked several times by calls to mlock()
will be unlocked by a single call to munlock(). This can result in keying material ending up in swap when
those functions are used naively. In this commit a class "LockedPageManager" is added
that simulates stacking memory locks by keeping a counter per page.
Allows the user to pass null as the second or third parameter
to signrawtransaction, in case you need to (for example) fetch
private keys from the wallet but want to specify the hash type.
This does two things:
1) Now does not output to debug.log if -printtodebugger flag is passed
2) Unit tests set -printtodebugger so only test results are output to stdout
Note that -printtodebugger only actually prints to the debugger on Windows.
If 950 of the last 1,000 blocks are nVersion=2, reject nVersion=1
(or zero, but no bitcoin release has created block.nVersion=0) blocks
-- 75 of last 100 on testnet3.
This rule is being put in place now so that we don't have to go
through another "express support" process to get what we really
want, which is for every single new block to include the block height
in the coinbase.
"Version 2" blocks are blocks that have nVersion=2 and
have the block height as the first item in their coinbase.
Block-height-in-the-coinbase is strictly enforced when
version=2 blocks are a supermajority in the block chain
(750 of the last 1,000 blocks on main net, 51 of 100 for
testnet). This does not affect old clients/miners at all,
which will continue producing nVersion=1 blocks, and
which will continue to be valid.
- extend bitcoin-qt.rc to include meta information, which is displayed on
Windows, when looking in the executable properties and selecting
"Details"
- does currently NOT include version information, this is scheduled
for later releases
- for RC-file documentation see:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa381058%28v=vs.85%29.aspx
This is the last time for 0.7.0. We should avoid message changes
until the release. Translators can use the remaining time to update their languages on
Transifex.
The other languages need to be merged from Transifex just before release.
Signrawtransaction rpc was crashing when some inputs were unknown,
and even with that fixed was failing to handle all the known inputs
if there were unknown inputs in front of them. This commit instead
attempts to fetch inputs one at a time.
- this enables DEP on all Windows version which support the
SetProcessDEPPolicy() call in Kernel32.dll
- use a dynamic approach via GetProcAddress() to not rely on headers or
compiler libs
- this is the same way the Tor-project does it
- add enableApplyButton() and disableApplyButton() to optionsdialog.{h/cpp}
- they are used to ensure the Ok button does not get disabled, when Apply needs to be disabled (standard UX should allow Ok always to dismiss the dialog and only disable it, when we have a faulty proxy IP)
- disable Apply after initially loading the settings, as nothing new needs to be saved
- remove orphan settings from optionsdialog.ui that are default anyway
- If the height is in the first half, start at the genesis block and go up, rather than at the top
- Cache the last lookup and use it as a reference point if it's close to the next request, to make linear lookups always fast
- ensure warnings always start with "Warning:" and that the first
character after ":" is written uppercase
- ensure the first sentence in warnings ends with an "!"
- remove unneeded spaces from Warning-strings
- add missing Warning-string translation
- remove a "\n" and replace with untranslatable "<br><br>"
- place "-?" option at first
- re-work description and "\n" usage for Gavins new block creation options
to better match current description syntax
- ensure no "\n" is in translated strings, which is better for Transifex
The new bytes are based on "11" to appeal to Gavin's 11 fetish.
This breaks existing testnet3 nodes as the blockchain files
are also versioned. To upgrade a node delete everything
except wallet.dat from your .bitcoin/testnet3 folder.
Modify CreateNewBlock so that instead of processing all transactions
in priority order, process the first 27K of transactions in
priority order and then process the rest in fee-per-kilobyte
order.
This is the first, minimal step towards better a better fee-handling
system for both miners and end-users; this patch should be easy
to backport to the old versions of Bitcoin, and accomplishes the
most important goal-- allow users to "buy their way in" to blocks
using transaction fees.
- remove duplicate includes, that are already present in ui_optionsdialog.h
- change QIntValidator to not allow 0 as port-number
- re-order some function calls to match the Ui element order, for better readbility and to prepare for the addition of further IPv6 and Tor proxy options
- restat warning for the language selection is only shown, when the language was changed (not on simply activating the Ui element)
- split check for object == ui->proxyIp into seperate if-clause
- micro-optimize the code in the above mentioned if-clause
- unify used format for comments in the code
- introduce handleProxyIpValid() function, which handles UI elements and the
save button states for valid/invalid proxy IPs
- add IMPLEMENT_RANDOMIZE_STACK for ipcThread()
- log / print boost interprocess exceptions
- use MAX_URI_LENGTH in guiconstants.h (also used in qrcodedialog.cpp)
- remove unneeded includes and ipcShutdown() from qtipcserver.cpp
- fix a small mem-leak by deleting mq before re-using it
- make ipcThread() and ipcThread2() static functions
- add some more comments
NOTE: This is currently disabled, until a developer with FreeBSD/OpenBSD
can confirm that this works (without causing undefined behaviour
preferrably).
Signed-off-by: Giel van Schijndel <me@mortis.eu>
* Fix wrong thread name for wallet *relocking* thread
- Was named the unlocking thread
* Use consistent naming
Signed-off-by: Giel van Schijndel <me@mortis.eu>
NOTE: These thread names are visible in gdb when using 'info threads'.
Additionally both 'top' and 'ps' show these names *unless* told to
display the command-line instead of task name.
Signed-off-by: Giel van Schijndel <me@mortis.eu>
- this helps user to not think our Client is called "Bitcoin Wallet"
- change "About Bitcoin-Qt" to "About Bitcoin"
- change "Bitcoin debug window" to "Bitcoin - Debug window"
- change "Client" in debug Window to "Bitcoin Core"
- cleanup optionsmodel before adding new proxy options
- place SOCKS version stuff below proxy port (IP, Port, SOCKS version)
- simplyfy some parts of the code (e.g. don't check IP and port, as this
is done in optionsdialog anyway, remove unneeded {} in switch/case)
- small cosmetic changes in the header for better readability
Because new nodes pull from the first connected node the load
balancing of the first connection is more important than it should
be. This change puts Pieter's seed first, because its probably
the best maintained right now.
Fixes#1452. Until we can make the logic water-tight *and* are notified in every
case the balance might have changed, remove the premature optimization and
simply recompute the balance every half a second when the number of blocks changed.
Compiling boost::interprocess::message_queue against
boost 1.50 macports with -arch i386 (how releases are built,
for minimum download size and maximum compatibility) is failing:
src/qt/qtipcserver.cpp:37: error: no matching function for call to ‘boost::interprocess::message_queue_t<boost::interprocess::offset_ptr<void, int, long unsigned int, 0u> >::timed_receive(char (*)[257], long unsigned int, size_t&, unsigned int&, boost::posix_time::ptime&)’
This is probably a boost or macports bug, but since interprocess::message_queue
is only used for URI support, which isn't implemented on OSX anyway, I fixed
the build by #ifdef'ing out that code.
- add signals signMessage() and verifyMessage() in addressbookpage.cpp
- connect to them in bitcoingui.cpp to switch to the corresponding tab in the Sign/Verify Message dialog
- make gotoSignMessageTab() and gotoVerifyMessageTab() private slots
- remove unused #include <QDebug> and lblBTC label
- update Bitcoin input field to a BitcoinAmountField to allow Bitcoin unit selection
- use BitcoinUnits::format for the resulting amount parameter in the generated URI (always use BTC as per BIP21)
- move MAX_URI_LENGTH and EXPORT_IMAGE_SIZE to guiconstants.h
- add OptionsModel in AddressBookPage and use it in on_showQRCode_clicked() to pass it to QRCodeDialog
- add OptionsModel in QRCodeDialog to enable display unit updates
- add updateDisplayUnit() slot to be able to imediately update currently set bitcoin unit
- make all labels in the UI-file plain text
- resize dialog to match for an updated layout (fields are now stacked and new field)
- remove unused parameters from private slots
- only enable save button, when QR Code was generated
- show message when entered amound is invalid
- add read-only QPlainTextEdit field to output generated URI
Adds CBlock::CURRENT_VERSION and CTransaction::CURRENT_VERSION
constants, and makes non-CURRENT_VERSION transactions nonstandard.
This will help make future upgrades smoother.
- add UI-feedback via QValidatedLineEdit
- copy button for generated signature was moved to the signature output field
- add an addressbook button to verify message tab
- input fields are now evenly ordered for sign and verify tabs
- update FIRST_CLASS_MESSAGING support to ensure a good UX
- add a button and context menu entry in addressbook for verify message (to be consistent with sign message)
- focus is now only set/changed, when clearing input fields or adding an address via addressbook
- re-work / update some strings
- ensure model gets initialized in the SignVerifyMessageDialog constructor
- add checks for a valid model to both addressbook buttons
- remove unneeded includes for Qt GUI elements that are listed in ui_signverifymessagedialog.h anyway
Implement listunspent / getrawtransaction / createrawtransaction /
signrawtransaction, to support creation and
signing-on-multiple-device multisignature transactions.
This PULL reworks new (post-0.6.*) features of the
gettransaction/getblock RPC calls as follows:
It removes the 'decompositions' object argument from getblock,
replacing it just a list of transaction hashes; equivalent
(I believe) of passing the {"tx":"hash"} decomposition.
It replaces the 'decompositions' object argument of
gettransaction with a boolean flag; if true, returns
the same stuff that the {"script":"obj"} decomposition
would return (txins/txouts as hex, disassembled, and bitcoin
addresses).
It adds a "rawtx" field to the output of gettransaction,
that is the entire transaction serialized and hex-encoded.
It removes the "size" field from gettransaction, since the size
is trivial to compute from the "rawtx" field (either take the
length after hex-decoding, or just compute it as hex-length/2).
If the top-level object is an array, it is assumed to be an array of
JSON-RPC requests. An array is returned, containing one response (error or
not) per request, in the order submitted.
In a slight change in semantics, batched requests -always- return
an HTTP 200 OK status, even ones full of invalid or incorrect requests.
- remove "#include <QString>" as this is included in the header
- add some missing plural forms that can be translated
- change "yours" into "own address", which is easier to understand and translate in that context
- cleanup translatable strings to not include HTML or unneeded chars (e.g. ":")
- resize TransactionDescDialog a little (remove unwanted line-breaks with non english translations)
Bitcoin will not make an outbound connection to a network group
(/16 for IPv4) that it is already connected to. This means that
if an attacker wants good odds of capturing all a nodes outbound
connections he must have hosts on a a large number of distinct
groups.
Previously both inbound and outbound connections were used to
feed this exclusion. The use of inbound connections, which can be
controlled by the attacker, actually has the potential of making
sibyl attacks _easier_: An attacker can start up hosts in groups
which house many honest nodes and make outbound connections to
the victim to exclude big swaths of honest nodes. Because the
attacker chooses to make the outbound connection he can always
beat out honest nodes for the consumption of inbound slots.
At _best_ the old behavior increases attacker costs by a single
group (e.g. one distinct group to use to fill up all your inbound
slots), but at worst it allows the attacker to select whole
networks you won't connect to.
This commit makes the nodes use only outbound links to exclude
network groups for outbound connections. Fancier things could
be done, like weaker exclusion for inbound groups... but
simplicity is good and I don't believe more complexity is
currently needed.
Useful for developers who need to refer to futher back in debug.log history, but who don't want to
enable the -debug option and all the verbosity that comes with that.
- display as "language - country (locale name)", when locale name consists of 2 parts
- display as "language (locale name)", when locale name consists of 1 part
Use Boost's signal2 slot tracking mechanism to cancel any (still open)
listening sockets when receiving a shutdown signal.
Signed-off-by: Giel van Schijndel <me@mortis.eu>
This commit adds support for .onion addresses (mapped into the IPv6
by using OnionCat's range and encoding), and the ability to connect
to them via a SOCKS5 proxy.
Prior to this change, each TX typically generated 3+ debug messages,
askfor tx 8644cc97480ba1537214 0
sending getdata: tx 8644cc97480ba1537214
askfor tx 8644cc97480ba1537214 1339640761000000
askfor tx 8644cc97480ba1537214 1339640881000000
CTxMemPool::accept() : accepted 8644cc9748 (poolsz 6857)
After this change, there is only one message for each valid TX received
CTxMemPool::accept() : accepted 22a73c5d8c (poolsz 42)
and two messages for each orphan tx received
ERROR: FetchInputs() : 673dc195aa mempool Tx prev not found 1e439346fc
stored orphan tx 673dc195aa (mapsz 19)
The -debugnet option, or its superset -debug, will restore the full debug
output.
Since the minimum signed integer cannot be represented as positive so long as its type is signed, and it's not well-defined what happens if you make it unsigned before negating it, we instead increment the negative integer by 1, convert it, then increment the (now positive) unsigned integer by 1 to compensate
Implement the following rules:
* Interpret [X]:Y as host=X port=Y, if Y is an integer
* Interpret X:Y as host=X port=Y, if Y is an integer and X contains no colon
* Interpret X:Y as host=X:Y port=default otherwise
On Linux/Mac the command-line options were printed to stderr when the button
was pressed in the debug window, resulting in confusion. This is fixed
in this commit by adding a separate method.
The current order of menu options in the tray menu doesn't really match expected usage patterns, this commit changes it to more logical order.
- Toggle show/hide first (unchanged)
- Then, send/receive coins actions, which are the critical functionality of bitcoin
- Then, sign/verify message
- Then finally the options, and closing with the debug window
This is necessary as any strings have changed since last time.
Also the python script used to extract bitcoinstrings.cpp, extract_strings_qt.py
now sorts the strings before generating the output file. This results in more
deterministic output and thus smaller diffs.
- extend network options with a SOCKS version selection
- changing "Unit to show amounts in:" now also updates the unit used in the transaction fee box
- string updates
- link Apply button and OK button when enabling or disabling them
- use LookupNumeric() from netbase to verify proxy address (via an EventFilter)
- change proxy address field to QValidatedLineEdit and add visual feedback
- add a status label used for displaying a message for invalid proxy addresses
- allow usage of IPv6 address as proxy address
- added warning message when enabling / disabling SOCKS proxy
The option to open the debug logfile from the debug window was implemented only for
windows. By using `QDesktopServices::openUrl` it now works on any platform.
AvailableCoins() makes a vector of available outputs which is then passed to SelectCoinsMinConf(). This allows unit tests to test the coin selection algorithm without having the whole blockchain available.
Newlines in JSON strings are against the JSON spec,
so remove them from the script*.json unit tests to
make python's jsonrpc happy (json::spirit didn't care).
This adds a field labelled 'Immature' in the overview section under the 'unconfirmed' field, which shows mined
income that has not yet matured (which is currently not displayed anywhere, even though the transactions
exist in the transaction list). To do that I added a 'GetImmatureBalance' method to the wallet, and connected
that through to the GUI as per the 'GetBalance' and 'GetUnconfirmedBalance' methods. I did a small 'no-op'
change to make the code in adjacent functions a little more readable (imo); it was a change I had made in my
repo earlier...but I thought it wouldn't hurt so left it in. Immature balance comes from mined income that is
at least two blocks deep in the chain (same logic as displayed transactions).
My reasoning is:
- as a miner, it's a critical stat I want to see
- as a miner, and taking into account the label 'immature', the uncertainty is pretty clearly implied
- those numbers are already displayed in the transaction list
- this makes the overview numbers add up to what's in the transaction list
- it's not displayed if the immature balance is 0, so won't bother non-miners
I also 'cleaned' the overview UI a little, moving code to the XML and removing HTML.
Using this modification it should be relatively easy to, at a later
time, listen on multiple addresses (even Unix domain sockets should be
possible).
Signed-off-by: Giel van Schijndel <me@mortis.eu>
The RPC server now listens for, and handles, incoming connections on
both IPv4 as well as IPv6.
If available (and usable) it uses a dual IPv4/IPv6 socket on systems
that support it (e.g. Linux and BSDs) and falls back to separate
IPv4/IPv6 sockets on systems that don't (e.g. Windows).
Signed-off-by: Giel van Schijndel <me@mortis.eu>
This allows more flexibility in the RPC code, e.g. making it easier to
handle multiple simultaneous connections later on.
Currently asynchronous I/O is only used to listen for and accept
incoming connections. Asynchronous reading/writing is more involved.
Signed-off-by: Giel van Schijndel <me@mortis.eu>
This introduces internal types:
* CKeyID: reference (hash160) of a key
* CScriptID: reference (hash160) of a script
* CTxDestination: a boost::variant of the former two
CBitcoinAddress is retrofitted to be a Base58 encoding of a
CTxDestination. This allows all internal code to only use the
internal types, and only have RPC and GUI depend on the base58 code.
Furthermore, the header dependencies are a lot saner now. base58.h is
at the top (right below rpc and gui) instead of at the bottom. For the
rest: wallet -> script -> keystore -> key. Only keystore still requires
a forward declaration of CScript. Solving that would require splitting
script into two layers.
test/DoS_tests.cpp: In member function ‘void DoS_tests::DoS_mapOrphans::test_method()’:
test/DoS_tests.cpp:200:41: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
test/DoS_tests.cpp:208:41: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
test/DoS_tests.cpp: In member function ‘void DoS_tests::DoS_checkSig::test_method()’:
test/DoS_tests.cpp:260:37: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
test/DoS_tests.cpp:267:37: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
test/DoS_tests.cpp:280:41: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
test/DoS_tests.cpp:307:37: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
Any problems seen during deserialization will throw an uncaught
exception, crashing the entire bitcoin process. Properly return an
error instead, so that we may at least log the error and gracefully
shutdown other portions of the app.
More than doubles the speed of verifying already-cached signatures
that use compressed pubkeys:
Before: ~200 microseconds
After: ~80 microseconds
(no caching at all: ~3,300 microseconds per signature)
Also encapsulates the signature cache code in a class
and fixes a signed/unsigned comparison warning.
Satoshi's commits fdbf76d and c8ad9b8 (SVN import) removed the
DB_PRIVATE flag from the environment. In part, this enables processes
other than bitcoind to examine the active database environment.
However, this incurs a slight performance penalty versus working
entirely within application memory (DB_PRIVATE). Because bitcointools
and other direct-BDB-accessing tools are not used by the vast
majority of users, prefer to default with DB_PRIVATE with the option
of disabling it if needed via -privdb=0.
- Signals now go directly from the core to WalletModel/ClientModel.
- WalletModel subscribes to signals on CWallet: Prepares for multi-wallet support, by no longer assuming an implicit global wallet.
- Gets rid of noui.cpp, the few lines that were left are merged into init.cpp
- Rename wxXXX message flags to MF_XXX, to make them UI indifferent.
- ThreadSafeMessageBox no longer returns the value `4` which was never used, converted to void.
Gets rid of `MainFrameRepaint` in favor of specific update functions that tell the UI exactly what changed.
This improves the efficiency of various handlers. Also fixes problems with mined transactions not showing up until restart.
The following notifications were added:
- `NotifyBlocksChanged`: Block chain changed
- `NotifyKeyStoreStatusChanged`: Wallet status (encrypted, locked) changed.
- `NotifyAddressBookChanged`: Address book entry changed.
- `NotifyTransactionChanged`: Wallet transaction added, removed or updated.
- `NotifyNumConnectionsChanged`: Number of connections changed.
- `NotifyAlertChanged`: New, updated or cancelled alert. As this finally makes it possible for the UI to know when a new alert arrived, it can be shown as OS notification.
These notifications could also be useful for RPC clients. However, currently, they are ignored in bitcoind (in noui.cpp).
Also brings back polling with timer for numBlocks in ClientModel. This value updates so frequently during initial download that the number of signals clogs the UI thread and causes heavy CPU usage. And after initial block download, the value changes so rarely that a delay of half a second until the UI updates is unnoticable.
Cleans up and organizes several scattered functions and variables related to
the BDB env. Class CDBInit() existed to provide a
guaranteed-via-C++-destructor cleanup of the db environment.
A formal CDBEnv class provides all of this inside a single wrapper.
If Reorganize() fails, then its caller, CBlock::SetBestChain(),
will call TxnAbort().
Redundant TxnAbort() calls are harmless. The second will return an
error return value, with no other side effects. TxnAbort() return
values are generally never checked. The impact is nil.
* This is safer than DB_TXN_NOSYNC, and does not appear to impact
performance.
* Applying this to the dbenv is necessary to avoid many fdatasync(2)
calls on db 5.x
* We carefully and thoroughly flush databases upon shutdown and
other important events already.
The best log rotation method formerly available was to configure
logrotate with the copytruncate option. As described in the logrotate
documentation, "there is a very small time slice between copying the
file and truncating it, so some logging data might be lost".
By sending SIGHUP to the server process, one can now reopen the debug
log file without losing any data.
Acquire an exclusive, advisory lock before sending output to debug.log
and release it when we're done. This should avoid output from multiple
threads being interspersed in the log file.
We can't use CRITICAL_SECTION machinery for this because the debug log
is written during startup and shutdown when that machinery is not
available.
(Thanks to Gavin for pointing out the CRITICAL_SECTION problems based
on his earlier work in this area)
Create a maximum-10MB signature verification result cache.
This should almost double the number of transactions that
can be processed on a given CPU, because before this change
ECDSA signatures were verified when transactions were added
to the memory pool and then again when they appeared in
a block.
Loop over all inputs doing inexpensive validity checks first,
and then loop over them a second time doing expensive signature
checks. This helps prevent possible CPU exhaustion attacks
where an attacker tries to make a victim waste time checking
signatures for invalid transactions.
Remove orphan transactions from memory once
all of their parent transactions are received
and they're still not valid.
Thanks to Sergio Demian Lerner for suggesting this fix.
Old log message:
storing orphan tx df2244f6bc
New log message:
storing orphan tx df2244f6bc (mapsz 51)
Also, trim a few trailing whitespace in main.cpp.
Immediately issue a "getblocks", instead of a "getdata" (which will
trigger the relevant "inv" to be sent anyway), and only do so when
the previous set of invs led us into a known and attached part of
the block tree.
As noticed by sipa (Pieter Wuille), this can happen when CBigNum::setint64() is
called with an integer value of INT64_MIN (-2^63).
When compiled with -ftrapv, the program would crash. Otherwise, it would
execute an undefined operation (although in practice, usually the correct one).
One of the test cases currently aborts when using gcc's flag -ftrapv, due to
negating an INT64_MIN int64 variable, which is an undefined operation.
This will be fixed in a subsequent commit.
CBigNum::setint64() does 'n <<= 8', where n is of type "long long".
This leads to shifting onto and past the sign bit, which is undefined
behavior in C++11 and can cause problems in the future.
This prevents an undefined operation in main.cpp, when shifting the hash value
left by 32 bits.
Shifting a signed int left into the sign bit is undefined in C++11.
- Solves #1278, attempts to address #1049
- Removes \t's from help message that are removed afterwards anyway
- Moves UI-specific command-line options help to UI code
- Moves "-detachdb" out of #ifdef USE_UPNP