Give each address a single fixed location in the new and tried tables,
which become simple fixed-size arrays instead of sets and vectors.
This prevents attackers from having an advantages by inserting an
address multiple times.
This change was suggested as Countermeasure 1 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
It is also more efficient.
Rebased-From: e6b343d880f50d52390c5af8623afa15fcbc65a2
Github-Pull: #5941
Conflicts:
src/addrman.cpp
src/addrman.h
This introduces a fixed limit for the size of p2p messages, and enforces it
before download.
Rebased-From: ba04c4a7801e7d68a5e84035b919e5c3626eb7a7
Github-Pull: #5843
- the call to CloseSocket() is placed after the WSAGetLastError(), because
a CloseSocket() can trigger an error also, which we don't want for the
logging in this two cases
Simpler alternative to #4348.
The current setup with closesocket() is strange. It poses
as a compatibility wrapper but adds functionality.
Rename it and make it a documented utility function in netbase.
Code movement only, zero effect on the functionality.
This adds a -whitelist option to specify subnet ranges from which peers
that connect are whitelisted. In addition, there is a -whitebind option
which works like -bind, except peers connecting to it are also
whitelisted (allowing a separate listen port for trusted connections).
Being whitelisted has two effects (for now):
* They are immune to DoS disconnection/banning.
* Transactions they broadcast (which are valid) are always relayed,
even if they were already in the mempool. This means that a node
can function as a gateway for a local network, and that rebroadcasts
from the local network will work as expected.
Whitelisting replaces the magic exemption localhost had for DoS
disconnection (local addresses are still never banned, though), which
implied hidden service connects (from a localhost Tor node) were
incorrectly immune to DoS disconnection as well. This old
behaviour is removed for that reason, but can be restored using
-whitelist=127.0.0.1 or -whitelist=::1 can be specified. -whitebind
is safer to use in case non-trusted localhost connections are expected
(like hidden services).
- SO_NOSIGPIPE isn't available on WIN32 so merge the 2 non-WIN32 blocks
- use predefined names from header for IPV6_PROTECTION_LEVEL and
PROTECTION_LEVEL_UNRESTRICTED
... instead of after 30 minutes of no sending, for latency measurement
and keep-alive. Also, disconnect if no reply arrives within 20 minutes,
instead of 90 of inactivity (for peers supporting the 'pong' message).
New versions of OpenSSL will reject non-canonical DER signatures. However,
it'll happily decode them. Decode then re-encode before verification in order
to ensure that it is properly consumed.
Github-Pull: #5634
Rebased-From: 488ed32f2ada1d1dd108fc245d025c4d5f252783
The removed case (pcHead == script.end()) can never be reached, since
we explicitly error out above if that is the case. It is legacy from
Namecoin's merge-mining, which does not forbid this case earlier.
1. Fix some mistakes(typo, omission, spacing).
2. Re-adjust sentences to proper form.
3. Replace translation of certain words to better one.
4, Update legacy translations of upstream.
-----------------------------------------------------------------------------
I commit this first, and will commit another updates after 'translation resources' updates.
thanks.
Regenerate addresses at the end of the loop so that the shown wallet is the first to print.
Elaborating on the message after paper wallets are printed about ensuring print quality.
Prevent denial-of-service attacks by banning
peers that send us invalid orphan transactions
and only storing orphan transactions given to
us by a peer while the peer is connected.
Rebased-From: c74332c67806ed92e6e18de174671a7c30608780
Conflicts:
src/main.cpp
There is no reason to store thousands of orphan transactions;
normally an orphan's parents will either be broadcast or
mined reasonably quickly.
This pull drops the maximum number of orphans from 10,000 down
to 100, and adds a command-line option (-maxorphantx) that is
just like -maxorphanblocks to override the default.
Conflicts:
src/main.h
Used the new update-translations.py script to clean up all
locale files. Unlike bitcoin/bitcoin, we're keeping the
unfinished translation tags in place as long as we have
manual translations (whereas bitcoin uses transifex)
Some translations had non-matching formats, the update-translations
script would normally remove those and set it to "unfinished".
However, since those are fairly trivial to fix, those have been
manually corrected before doing a cleanup run with the update script.
Fix wrong capitalization in wallet encryption warning message:
"If you encrypt your wallet and lose your passphrase, you will
LOSE ALL OF YOUR DOGECOINS"
