Currently we have no rotation of outbound peers. If an outbound peer
stops serving us blocks, or is on a consensus-incompatible chain with
less work than our tip (but otherwise valid headers), then we will never
disconnect that peer, even though that peer is using one of our 8
outbound connection slots. Because we rely on our outbound peers to
find an honest node in order to reach consensus, allowing an
incompatible peer to occupy one of those slots is undesirable,
particularly if it is possible for all such slots to be occupied by such
peers.
Protect against this by always checking to see if a peer's best known
block has less work than our tip, and if so, set a 20 minute timeout --
if the peer is still not known to have caught up to a chain with as much
work as ours after 20 minutes, then send a single getheaders message,
wait 2 more minutes, and if a better header hasn't been received by then,
disconnect that peer.
Note:
- we do not require that our peer sync to the same tip as ours, just an
equal or greater work tip. (Doing otherwise would risk partitioning the
network in the event of a chain split, and is also unnecessary.)
- we pick 4 of our outbound peers and do not subject them to this logic,
to be more conservative. We don't wish to permit temporary network
issues (or an attacker) to excessively disrupt network topology.
Github-Pull: #11490
Rebased-From: 5a6d00c6defc587e22c93e63029fdd538ce8858d
When in IBD, we'd like to use all our outbound peers to help us
sync the chain. Disconnect any outbound peers whose headers have
insufficient work.
Github-Pull: #11490
Rebased-From: c60fd71a65e841efe187992f46c583a704cc37f5
This should avoid either attempting to use an invalid reference/pointer to the
other.
Github-Pull: #10756
Rebased-From: 2525b972af6645ca239ac1078cffb132b402bfbb
Drop boost signals in favor of a stateful class. This will allow the message
processing loop to actually move to net_processing in a future step.
Github-Pull: #10756
Rebased-From: 8ad663c1fa88d68843e45580deced56112343183
There are a few too many edge-cases here to make this a scripted diff.
The following commits will move a few functions into PeerLogicValidation, where
the local connman instance can be used. This change prepares for that usage.
Github-Pull: #10756
Rebased-From: 28f11e9406b185dc87144f1f29af0d93eb115b4e
A peer could try to waste our resources by sending us unrequested blocks with
low work, eg to fill up our disk. Since
e2652002b6011f793185d473f87f1730c625593b we no longer request blocks until we
know we're on a chain with more than nMinimumChainWork (our anti-DoS
threshold), but we would still process unrequested blocks that had more work
than our tip. This commit fixes that behavior.
Github-Pull: #11458
Rebased-From: ce8cd7a7da9174ab151172fc0ce97b5164637cf3
Make sure wallet databases have unique fileids. If they don't, throw an error.
BDB caches do not work properly when more than one open database has the same
fileid, because values written to one database may show up in reads to other
databases.
Bitcoin will never create different databases with the same fileid, but users
can create them by manually copying database files.
BDB caching bug was reported by Chris Moore <dooglus@gmail.com>
https://github.com/bitcoin/bitcoin/issues/11429Fixes#11429
Github-Pull: #11476
Rebased-From: 478a89c1ef79a75275d1b508122c06eee9386b2d
Now using a std::unique_ptr, the Db instance is correctly released
when CDB initialization fails.
The internal CDB state and mapFileUseCount are only mutated when
the CDB initialization succeeds.
Github-Pull: #11492
Rebased-From: 7104de8b1f3a31d3a60009b5dc376adbedac6a9c
Change suggested by Cory Fields <cory-nospam-@coryfields.com> who noticed
listsinceblock would ignore invalid block hashes causing it to return a
completely unfiltered list of transactions.
Github-Pull: #11565
Rebased-From: 659b2061c4329472a45e913c5d45e6ab180600a3
Tree-SHA512: 2091a830b730421b49c806cb83a16c7da2ec0a7adac2bac0585324aad12a32bb99a840264c3d346937ea84786fac56e44befb6641511a417977803875efe5a21
20cdc2b Fix importmulti bug when importing an already imported key (Pedro Branco)
405e069 Update importprivkey named args documentation (Dusty Williams)
c94527a [Docs] Update Windows build instructions for using WSL and Ubuntu 17.04 (fanquake)
27e861a net: Improve and document SOCKS code (Wladimir J. van der Laan)
dea3b87 Add new step to clean $PATH var by removing /mnt specific Window's %PATH% paths that cause issues with the make system (Donal OConnor)
a43be5b rpc: Prevent `dumpwallet` from overwriting files (Wladimir J. van der Laan)
b6c0209 Fix validationinterface build on super old boost/clang (Matt Corallo)
6a62c74 qt: Backup former GUI settings on `-resetguisettings` (Wladimir J. van der Laan)
0fe2a9a when clearing addrman clear mapInfo and mapAddr (Gregory Sanders)
6b4d9f2 wallet: update stored witness in AddToWallet (Suhas Daftuar)
62d18cd doc: Prepare release notes for 0.15.1 (MarcoFalke)
8b61aee Put back inadvertently removed copyright notices (Paul Berg)
75997c3 Disallow uncompressed pubkeys in bitcoin-tx [multisig] output adds (Matt Corallo)
8d13b42 Replace save|restoreWindowGeometry with Qt functions (MeshCollider)
6642558 [Qt] Add delay before filtering transactions Fixes 3141 (Lucas Betschart)
19d63e8 Remove custom fee radio group (Andrew Chow)
b1a6c94 rpc: make estimatesmartfee argument naming consistent with documentation (Wladimir J. van der Laan)
921542e rpc: update cli for estimatefee argument rename (Wladimir J. van der Laan)
2e31b1d Fix division by zero in time remaining (MeshCollider)
47c02a8 qt: Use IsMine to validate custom change address (Chris Moore)
7310f1f [Qt] Fix display of package name on 'open config file' tooltip (Daniel Edgecumbe)
2cb720a Acquire cs_main lock before cs_wallet during wallet initialization (Russell Yanofsky)
b278a43 rpc: Write authcookie atomically (Wladimir J. van der Laan)
50bd3f6 Avoid returning a BIP9Stats object with uninitialized values (practicalswift)
9e8aae3 [wallet] Close DB on error. (Karl-Johan Alm)
Pull request description:
This mostly backports various commits that fix(ed) bugs and issues.
However, it also includes two patches for qt that only fix minor issues,
as well as some doc patches.
Tree-SHA512: 5165e309faf6b4395fdf2f6662ccc0d58306971f3769e675504f17b2055efe29b2919f22d0dbf78c4c2dc7fd5c9d08a2c53345615e4a1df73914526687c9d571
Fixes#11462. Updated documentation for importprivkey function to use the correct name for the first argument.
Also updates a call to importprivkey to use named args in functional test.
Github-Pull: #11465
Rebased-From: aa57590d7c5eab1df5443e8ac9ed53ad0db46c02
Prevent arbitrary files from being overwritten. There have been reports
that users have overwritten wallet files this way. It may also avoid
other security issues.
Fixes#9934. Adds mention to release notes and adds a test.
Github-Pull: #9937
Rebased-From: 0cd9273fd959c6742574259d026039f7da0309a2
This should fix all the non-dependancy issues for termux builds.
See Github issue #11388.
Github-Pull: #11440
Rebased-From: 96c2ce9d343147608c197bc2333138b82141340f
Writes the GUI settings to `guisettings.bak` in the data directory
before wiping them. This can be used to retroactively troubleshoot
issues (e.g. #11262) where `-resetguisettings` solves the problem.
Github-Pull: #11338
Rebased-From: 723aa1b8752c1d6c6c0a76059c532ebe2f406fc1
Replace witness-stripped wallet transactions with full transactions;
this can happen when upgrading from a pre-segwit wallet to a segwit-
aware wallet.
Github-Pull: #11225
Rebased-From: d01a9682b126a5f83c7311e652e6e62f2c2e1d20
The LevelDB docs seem to indicate that an iterator will not take
snapshots (even providing instructions on how to do so yourself).
In several of the places we use them, we assume snapshots to have
been taken.
In order to make sure LevelDB doesn't change out from under us
(and to prevent the next person who reads the docs from having the
same fright I did), verify that snapshots are taken in our tests.
Github-Pull: #11422
Rebased-From: bb8376bbc3d96af727444f90e5f60d47105609dc
Removes the extraneous custom fee radio group and its single radio
button. The radio button is replaced with a label that has the
radio button's text.
Github-Pull: #11334
Rebased-From: e53fa4a1ca58ef46416c4a96542722601fb75c5a
The first argument of estimatesmartfee was renamed from nblocks to
conf_target in 06bcdb8da64502a64df03f3c89fbc6ccb72cd349. Update the
client-side table as well.
Github-Pull: #11267
Rebased-From: 24697c40ee6739b812259140042d426c81179977
CWallet::MarkConflicted may acquire the cs_main lock after
CWalletDB::LoadWallet acquires the cs_wallet lock during wallet initialization.
(CWalletDB::LoadWallet calls ReadKeyValue which calls CWallet::LoadToWallet
which calls CWallet::MarkConflicted). This is the opposite order that cs_main
and cs_wallet locks are acquired in the rest of the code, and so leads to
POTENTIAL DEADLOCK DETECTED errors if bitcoin is built with -DDEBUG_LOCKORDER.
This commit changes CWallet::LoadWallet (which calls CWalletDB::LoadWallet) to
acquire both locks in the standard order. It also fixes some tests that were
acquiring wallet and main locks out of order and failed with the new locking in
CWallet::LoadWallet.
Error was reported by Luke Dashjr <luke-jr@utopios.org> in
https://botbot.me/freenode/bitcoin-core-dev/msg/90244330/
Github-Pull: #11126
Rebased-From: de9a1db2ed14e0c75ffd82dc031f7ad30c56d195
Use POSIX rename atomicity at the `bitcoind` side to create a working
cookie atomically:
- Write `.cookie.tmp`, close file
- Rename `.cookie.tmp` to `.cookie`
This avoids clients reading invalid/partial cookies as in #11129.
Github-Pull: #11131
Rebased-From: 82dd7195e1fb943f9cd45a48188f9678219c0206
A button was removed, so now button(1) is nullptr
Github-Pull: #11332
Rebased-From: cdaf3a1f9e93be273ebf3e470dc709828c55476c
Tree-SHA512: 0a49bf4e9ab08e5869170c8a212da60c9a6b90c36427d788de384aa4be6d87bb5e00a21edf78eed34f81bbc554b6f15565bb9b493dafcbfe9d6f4664d7424d9d
