diff options
| author | Riccardo Spagni <ric@spagni.net> | 2019-06-14 16:19:45 +0200 |
|---|---|---|
| committer | Riccardo Spagni <ric@spagni.net> | 2019-06-14 16:19:45 +0200 |
| commit | 1d5e8f461de0a04891e5e18b0f50e9cf2cf534e1 (patch) | |
| tree | 196a29f8b13f0a26167d5ec085669002d468323a /contrib/epee/include/net | |
| parent | Merge pull request #5632 (diff) | |
| parent | rpc: restrict the recent cutoff size in restricted RPC mode (diff) | |
| download | monero-1d5e8f461de0a04891e5e18b0f50e9cf2cf534e1.tar.xz | |
Merge pull request #5639
2eef90d6 rpc: restrict the recent cutoff size in restricted RPC mode (moneromooo-monero)
0564da5f ensure no NULL is passed to memcpy (moneromooo-monero)
bc09766b abstract_tcp_server2: improve DoS resistance (moneromooo-monero)
1387549e serialization: check stream good flag at the end (moneromooo-monero)
a00cabd4 tree-hash: allocate variable memory on heap, not stack (moneromooo-monero)
f2152192 cryptonote: throw on tx hash calculation error (moneromooo-monero)
db2b9fba serialization: fail on read_varint error (moneromooo-monero)
68ad5481 cryptonote_protocol: fix another potential P2P DoS (moneromooo-monero)
1cc61018 cryptonote_protocol: expand basic DoS protection (moneromooo-monero)
8f66b705 cryptonote_protocol_handler: prevent potential DoS (anonimal)
39169ace epee: basic sanity check on allocation size from untrusted source (moneromooo-monero)
Diffstat (limited to 'contrib/epee/include/net')
| -rw-r--r-- | contrib/epee/include/net/abstract_tcp_server2.inl | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/contrib/epee/include/net/abstract_tcp_server2.inl b/contrib/epee/include/net/abstract_tcp_server2.inl index 821594355..fa5858b9f 100644 --- a/contrib/epee/include/net/abstract_tcp_server2.inl +++ b/contrib/epee/include/net/abstract_tcp_server2.inl @@ -54,6 +54,9 @@ #undef MONERO_DEFAULT_LOG_CATEGORY #define MONERO_DEFAULT_LOG_CATEGORY "net" +#define AGGRESSIVE_TIMEOUT_THRESHOLD 120 // sockets +#define NEW_CONNECTION_TIMEOUT_LOCAL 1200000 // 2 minutes +#define NEW_CONNECTION_TIMEOUT_REMOTE 10000 // 10 seconds #define DEFAULT_TIMEOUT_MS_LOCAL 1800000 // 30 minutes #define DEFAULT_TIMEOUT_MS_REMOTE 300000 // 5 minutes #define TIMEOUT_EXTRA_MS_PER_BYTE 0.2 @@ -189,7 +192,7 @@ PRAGMA_WARNING_DISABLE_VS(4355) m_protocol_handler.after_init_connection(); - reset_timer(get_default_timeout(), false); + reset_timer(boost::posix_time::milliseconds(m_local ? NEW_CONNECTION_TIMEOUT_LOCAL : NEW_CONNECTION_TIMEOUT_REMOTE), false); // first read on the raw socket to detect SSL for the server buffer_ssl_init_fill = 0; @@ -691,7 +694,7 @@ PRAGMA_WARNING_DISABLE_VS(4355) { unsigned count; try { count = host_count(m_host); } catch (...) { count = 0; } - const unsigned shift = std::min(std::max(count, 1u) - 1, 8u); + const unsigned shift = get_state().sock_count > AGGRESSIVE_TIMEOUT_THRESHOLD ? std::min(std::max(count, 1u) - 1, 8u) : 0; boost::posix_time::milliseconds timeout(0); if (m_local) timeout = boost::posix_time::milliseconds(DEFAULT_TIMEOUT_MS_LOCAL >> shift); @@ -730,8 +733,6 @@ PRAGMA_WARNING_DISABLE_VS(4355) template<class t_protocol_handler> void connection<t_protocol_handler>::reset_timer(boost::posix_time::milliseconds ms, bool add) { - if (m_connection_type != e_connection_type_RPC) - return; MTRACE("Setting " << ms << " expiry"); auto self = safe_shared_from_this(); if(!self) |