diff options
-rw-r--r-- | contrib/epee/include/net/net_helper.h | 5 | ||||
-rw-r--r-- | contrib/epee/include/net/net_ssl.h | 6 | ||||
-rw-r--r-- | contrib/epee/src/CMakeLists.txt | 4 | ||||
-rw-r--r-- | contrib/epee/src/net_ssl.cpp | 27 | ||||
-rw-r--r-- | external/easylogging++/ea_config.h | 2 | ||||
-rw-r--r-- | external/easylogging++/easylogging++.cc | 11 | ||||
-rw-r--r-- | external/easylogging++/easylogging++.h | 1 | ||||
-rw-r--r-- | src/cryptonote_protocol/cryptonote_protocol_handler.inl | 2 | ||||
-rw-r--r-- | src/cryptonote_protocol/levin_notify.cpp | 17 | ||||
-rw-r--r-- | src/cryptonote_protocol/levin_notify.h | 2 | ||||
-rw-r--r-- | src/p2p/net_node.inl | 13 | ||||
-rw-r--r-- | tests/unit_tests/levin.cpp | 97 |
12 files changed, 152 insertions, 35 deletions
diff --git a/contrib/epee/include/net/net_helper.h b/contrib/epee/include/net/net_helper.h index 2b02eafa4..81545e502 100644 --- a/contrib/epee/include/net/net_helper.h +++ b/contrib/epee/include/net/net_helper.h @@ -108,11 +108,12 @@ namespace net_utils m_ssl_options(epee::net_utils::ssl_support_t::e_ssl_support_autodetect), m_initialized(true), m_connected(false), - m_deadline(m_io_service), + m_deadline(m_io_service, std::chrono::steady_clock::time_point::max()), m_shutdowned(0), m_bytes_sent(0), m_bytes_received(0) { + check_deadline(); } /*! The first/second parameters are host/port respectively. The third @@ -177,7 +178,7 @@ namespace net_utils // SSL Options if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_enabled || m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect) { - if (!m_ssl_options.handshake(*m_ssl_socket, boost::asio::ssl::stream_base::client, addr)) + if (!m_ssl_options.handshake(*m_ssl_socket, boost::asio::ssl::stream_base::client, addr, timeout)) { if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect) { diff --git a/contrib/epee/include/net/net_ssl.h b/contrib/epee/include/net/net_ssl.h index 3a97dfdaf..d2c1c1a3a 100644 --- a/contrib/epee/include/net/net_ssl.h +++ b/contrib/epee/include/net/net_ssl.h @@ -128,7 +128,11 @@ namespace net_utils \return True if the SSL handshake completes with peer verification settings. */ - bool handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, boost::asio::ssl::stream_base::handshake_type type, const std::string& host = {}) const; + bool handshake( + boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, + boost::asio::ssl::stream_base::handshake_type type, + const std::string& host = {}, + std::chrono::milliseconds timeout = std::chrono::seconds(15)) const; }; // https://security.stackexchange.com/questions/34780/checking-client-hello-for-https-classification diff --git a/contrib/epee/src/CMakeLists.txt b/contrib/epee/src/CMakeLists.txt index 5c92e32bd..9b9fa5a47 100644 --- a/contrib/epee/src/CMakeLists.txt +++ b/contrib/epee/src/CMakeLists.txt @@ -29,7 +29,7 @@ add_library(epee STATIC byte_slice.cpp hex.cpp http_auth.cpp mlog.cpp net_helper.cpp net_utils_base.cpp string_tools.cpp wipeable_string.cpp levin_base.cpp memwipe.c connection_basic.cpp network_throttle.cpp network_throttle-detail.cpp mlocker.cpp buffer.cpp net_ssl.cpp) -if (USE_READLINE AND (GNU_READLINE_FOUND OR DEPENDS AND NOT MINGW)) +if (USE_READLINE AND (GNU_READLINE_FOUND OR (DEPENDS AND NOT MINGW))) add_library(epee_readline STATIC readline_buffer.cpp) endif() @@ -62,7 +62,7 @@ target_link_libraries(epee ${OPENSSL_LIBRARIES} ${EXTRA_LIBRARIES}) -if (USE_READLINE AND (GNU_READLINE_FOUND OR DEPENDS AND NOT MINGW)) +if (USE_READLINE AND (GNU_READLINE_FOUND OR (DEPENDS AND NOT MINGW))) target_link_libraries(epee_readline PUBLIC easylogging diff --git a/contrib/epee/src/net_ssl.cpp b/contrib/epee/src/net_ssl.cpp index 7d48d2a64..c7dca1914 100644 --- a/contrib/epee/src/net_ssl.cpp +++ b/contrib/epee/src/net_ssl.cpp @@ -28,9 +28,11 @@ #include <string.h> #include <boost/asio/ssl.hpp> +#include <boost/lambda/lambda.hpp> #include <openssl/ssl.h> #include <openssl/pem.h> #include "misc_log_ex.h" +#include "net/net_helper.h" #include "net/net_ssl.h" #undef MONERO_DEFAULT_LOG_CATEGORY @@ -456,7 +458,11 @@ bool ssl_options_t::has_fingerprint(boost::asio::ssl::verify_context &ctx) const return false; } -bool ssl_options_t::handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, boost::asio::ssl::stream_base::handshake_type type, const std::string& host) const +bool ssl_options_t::handshake( + boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, + boost::asio::ssl::stream_base::handshake_type type, + const std::string& host, + std::chrono::milliseconds timeout) const { socket.next_layer().set_option(boost::asio::ip::tcp::no_delay(true)); @@ -502,8 +508,23 @@ bool ssl_options_t::handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::soc }); } - boost::system::error_code ec; - socket.handshake(type, ec); + auto& io_service = GET_IO_SERVICE(socket); + boost::asio::steady_timer deadline(io_service, timeout); + deadline.async_wait([&socket](const boost::system::error_code& error) { + if (error != boost::asio::error::operation_aborted) + { + socket.next_layer().close(); + } + }); + + boost::system::error_code ec = boost::asio::error::would_block; + socket.async_handshake(type, boost::lambda::var(ec) = boost::lambda::_1); + while (ec == boost::asio::error::would_block) + { + io_service.reset(); + io_service.run_one(); + } + if (ec) { MERROR("SSL handshake failed, connection dropped: " << ec.message()); diff --git a/external/easylogging++/ea_config.h b/external/easylogging++/ea_config.h index 4fb48ce3e..5bc603391 100644 --- a/external/easylogging++/ea_config.h +++ b/external/easylogging++/ea_config.h @@ -9,7 +9,7 @@ #define ELPP_UTC_DATETIME #ifdef EASYLOGGING_CC -#if !(!defined __GNUC__ || defined __MINGW32__ || defined __MINGW64__ || defined __ANDROID__) +#if !(!defined __GLIBC__ || !defined __GNUC__ || defined __MINGW32__ || defined __MINGW64__ || defined __ANDROID__) #define ELPP_FEATURE_CRASH_LOG #endif #endif diff --git a/external/easylogging++/easylogging++.cc b/external/easylogging++/easylogging++.cc index b89fd3daf..0f83e1de2 100644 --- a/external/easylogging++/easylogging++.cc +++ b/external/easylogging++/easylogging++.cc @@ -683,6 +683,11 @@ void LogBuilder::convertToColoredOutput(base::type::string_t* logLine, Level lev } } +void LogBuilder::setColor(Color color, bool bright) { + if (m_termSupportsColor) + el::base::utils::setConsoleColor(color, bright); +} + // Logger Logger::Logger(const std::string& id, base::LogStreamsReferenceMap* logStreamsReference) : @@ -2496,11 +2501,11 @@ void DefaultLogDispatchCallback::dispatch(base::type::string_t&& rawLinePrefix, if (m_data->logMessage()->logger()->m_typedConfigurations->toStandardOutput(m_data->logMessage()->level())) { const el::Level level = m_data->logMessage()->level(); const el::Color color = m_data->logMessage()->color(); - el::base::utils::setConsoleColor(el::base::utils::colorFromLevel(level), false); + m_data->logMessage()->logger()->logBuilder()->setColor(el::base::utils::colorFromLevel(level), false); ELPP_COUT << rawLinePrefix; - el::base::utils::setConsoleColor(color == el::Color::Default ? el::base::utils::colorFromLevel(level): color, color != el::Color::Default); + m_data->logMessage()->logger()->logBuilder()->setColor(color == el::Color::Default ? el::base::utils::colorFromLevel(level): color, color != el::Color::Default); ELPP_COUT << rawLinePayload; - el::base::utils::setConsoleColor(el::Color::Default, false); + m_data->logMessage()->logger()->logBuilder()->setColor(el::Color::Default, false); ELPP_COUT << std::flush; } } diff --git a/external/easylogging++/easylogging++.h b/external/easylogging++/easylogging++.h index a10b0c8e6..398afd20a 100644 --- a/external/easylogging++/easylogging++.h +++ b/external/easylogging++/easylogging++.h @@ -2235,6 +2235,7 @@ class LogBuilder : base::NoCopy { } virtual base::type::string_t build(const LogMessage* logMessage, bool appendNewLine) const = 0; void convertToColoredOutput(base::type::string_t* logLine, Level level, Color color); + void setColor(Color color, bool bright); private: bool m_termSupportsColor; friend class el::base::DefaultLogDispatchCallback; diff --git a/src/cryptonote_protocol/cryptonote_protocol_handler.inl b/src/cryptonote_protocol/cryptonote_protocol_handler.inl index 82f9f96a0..4437c6a3a 100644 --- a/src/cryptonote_protocol/cryptonote_protocol_handler.inl +++ b/src/cryptonote_protocol/cryptonote_protocol_handler.inl @@ -2059,7 +2059,7 @@ skip: bool t_cryptonote_protocol_handler<t_core>::on_connection_synchronized() { bool val_expected = false; - if(m_synchronized.compare_exchange_strong(val_expected, true)) + if(!m_core.is_within_compiled_block_hash_area(m_core.get_current_blockchain_height()) && m_synchronized.compare_exchange_strong(val_expected, true)) { MGINFO_YELLOW(ENDL << "**********************************************************************" << ENDL << "You are now synchronized with the network. You may now start monero-wallet-cli." << ENDL diff --git a/src/cryptonote_protocol/levin_notify.cpp b/src/cryptonote_protocol/levin_notify.cpp index 26cd93b5a..4b41b5bfc 100644 --- a/src/cryptonote_protocol/levin_notify.cpp +++ b/src/cryptonote_protocol/levin_notify.cpp @@ -187,14 +187,15 @@ namespace levin { struct zone { - explicit zone(boost::asio::io_service& io_service, std::shared_ptr<connections> p2p, epee::byte_slice noise_in) + explicit zone(boost::asio::io_service& io_service, std::shared_ptr<connections> p2p, epee::byte_slice noise_in, bool is_public) : p2p(std::move(p2p)), noise(std::move(noise_in)), next_epoch(io_service), strand(io_service), map(), channels(), - connection_count(0) + connection_count(0), + is_public(is_public) { for (std::size_t count = 0; !noise.empty() && count < CRYPTONOTE_NOISE_CHANNELS; ++count) channels.emplace_back(io_service); @@ -207,6 +208,7 @@ namespace levin net::dandelionpp::connection_map map;//!< Tracks outgoing uuid's for noise channels or Dandelion++ stems std::deque<noise_channel> channels; //!< Never touch after init; only update elements on `noise_channel.strand` std::atomic<std::size_t> connection_count; //!< Only update in strand, can be read at any time + const bool is_public; //!< Zone is public ipv4/ipv6 connections }; } // detail @@ -276,7 +278,10 @@ namespace levin std::vector<boost::uuids::uuid> connections; connections.reserve(connection_id_reserve_size); zone_->p2p->foreach_connection([this, &connections] (detail::p2p_context& context) { - if (this->source_ != context.m_connection_id) + /* Only send to outgoing connections when "flooding" over i2p/tor. + Otherwise this makes the tx linkable to a hidden service address, + making things linkable across connections. */ + if (this->source_ != context.m_connection_id && (this->zone_->is_public || !context.m_is_income)) connections.emplace_back(context.m_connection_id); return true; }); @@ -476,8 +481,8 @@ namespace levin }; } // anonymous - notify::notify(boost::asio::io_service& service, std::shared_ptr<connections> p2p, epee::byte_slice noise) - : zone_(std::make_shared<detail::zone>(service, std::move(p2p), std::move(noise))) + notify::notify(boost::asio::io_service& service, std::shared_ptr<connections> p2p, epee::byte_slice noise, bool is_public) + : zone_(std::make_shared<detail::zone>(service, std::move(p2p), std::move(noise), is_public)) { if (!zone_->p2p) throw std::logic_error{"cryptonote::levin::notify cannot have nullptr p2p argument"}; @@ -528,7 +533,7 @@ namespace levin channel.next_noise.cancel(); } - bool notify::send_txs(std::vector<cryptonote::blobdata> txs, const boost::uuids::uuid& source, const bool pad_txs) + bool notify::send_txs(std::vector<blobdata> txs, const boost::uuids::uuid& source, const bool pad_txs) { if (!zone_) return false; diff --git a/src/cryptonote_protocol/levin_notify.h b/src/cryptonote_protocol/levin_notify.h index 82d22680a..484243af5 100644 --- a/src/cryptonote_protocol/levin_notify.h +++ b/src/cryptonote_protocol/levin_notify.h @@ -86,7 +86,7 @@ namespace levin {} //! Construct an instance with available notification `zones`. - explicit notify(boost::asio::io_service& service, std::shared_ptr<connections> p2p, epee::byte_slice noise); + explicit notify(boost::asio::io_service& service, std::shared_ptr<connections> p2p, epee::byte_slice noise, bool is_public); notify(const notify&) = delete; notify(notify&&) = default; diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl index 24c87cef8..bb77ea658 100644 --- a/src/p2p/net_node.inl +++ b/src/p2p/net_node.inl @@ -384,7 +384,7 @@ namespace nodetool m_use_ipv6 = command_line::get_arg(vm, arg_p2p_use_ipv6); m_require_ipv4 = command_line::get_arg(vm, arg_p2p_require_ipv4); public_zone.m_notifier = cryptonote::levin::notify{ - public_zone.m_net_server.get_io_service(), public_zone.m_net_server.get_config_shared(), nullptr + public_zone.m_net_server.get_io_service(), public_zone.m_net_server.get_config_shared(), nullptr, true }; if (command_line::has_arg(vm, arg_p2p_add_peer)) @@ -495,7 +495,7 @@ namespace nodetool } zone.m_notifier = cryptonote::levin::notify{ - zone.m_net_server.get_io_service(), zone.m_net_server.get_config_shared(), std::move(this_noise) + zone.m_net_server.get_io_service(), zone.m_net_server.get_config_shared(), std::move(this_noise), false }; } @@ -670,11 +670,18 @@ namespace nodetool std::vector<std::vector<std::string>> dns_results; dns_results.resize(m_seed_nodes_list.size()); + // some libc implementation provide only a very small stack + // for threads, e.g. musl only gives +- 80kb, which is not + // enough to do a resolve with unbound. we request a stack + // of 1 mb, which should be plenty + boost::thread::attributes thread_attributes; + thread_attributes.set_stack_size(1024*1024); + std::list<boost::thread> dns_threads; uint64_t result_index = 0; for (const std::string& addr_str : m_seed_nodes_list) { - boost::thread th = boost::thread([=, &dns_results, &addr_str] + boost::thread th = boost::thread(thread_attributes, [=, &dns_results, &addr_str] { MDEBUG("dns_threads[" << result_index << "] created for: " << addr_str); // TODO: care about dnssec avail/valid diff --git a/tests/unit_tests/levin.cpp b/tests/unit_tests/levin.cpp index 3188167f9..e5ca4e41e 100644 --- a/tests/unit_tests/levin.cpp +++ b/tests/unit_tests/levin.cpp @@ -38,6 +38,7 @@ #include "byte_slice.h" #include "crypto/crypto.h" #include "cryptonote_basic/connection_context.h" +#include "cryptonote_core/cryptonote_core.h" #include "cryptonote_protocol/cryptonote_protocol_defs.h" #include "cryptonote_protocol/levin_notify.h" #include "int-util.h" @@ -119,12 +120,13 @@ namespace epee::levin::async_protocol_handler<cryptonote::levin::detail::p2p_context> handler_; public: - test_connection(boost::asio::io_service& io_service, cryptonote::levin::connections& connections, boost::uuids::random_generator& random_generator) - : context_(), - endpoint_(io_service), + test_connection(boost::asio::io_service& io_service, cryptonote::levin::connections& connections, boost::uuids::random_generator& random_generator, const bool is_incoming) + : endpoint_(io_service), + context_(), handler_(std::addressof(endpoint_), connections, context_) { - const_cast<boost::uuids::uuid&>(context_.m_connection_id) = random_generator(); + using base_type = epee::net_utils::connection_context_base; + static_cast<base_type&>(context_) = base_type{random_generator(), {}, is_incoming, false}; handler_.after_init_connection(); } @@ -262,19 +264,19 @@ namespace EXPECT_EQ(0u, receiver_.notified_size()); } - void add_connection() + void add_connection(const bool is_incoming) { - contexts_.emplace_back(io_service_, *connections_, random_generator_); + contexts_.emplace_back(io_service_, *connections_, random_generator_, is_incoming); EXPECT_TRUE(connection_ids_.emplace(contexts_.back().get_id()).second); EXPECT_EQ(connection_ids_.size(), connections_->get_connections_count()); } - cryptonote::levin::notify make_notifier(const std::size_t noise_size) + cryptonote::levin::notify make_notifier(const std::size_t noise_size, bool is_public) { epee::byte_slice noise = nullptr; if (noise_size) noise = epee::levin::make_noise_notify(noise_size); - return cryptonote::levin::notify{io_service_, connections_, std::move(noise)}; + return cryptonote::levin::notify{io_service_, connections_, std::move(noise), is_public}; } boost::uuids::random_generator random_generator_; @@ -437,10 +439,10 @@ TEST_F(levin_notify, defaulted) TEST_F(levin_notify, flood) { - cryptonote::levin::notify notifier = make_notifier(0); + cryptonote::levin::notify notifier = make_notifier(0, true); for (unsigned count = 0; count < 10; ++count) - add_connection(); + add_connection(count % 2 == 0); { const auto status = notifier.get_status(); @@ -500,16 +502,87 @@ TEST_F(levin_notify, flood) } } +TEST_F(levin_notify, private_flood) +{ + cryptonote::levin::notify notifier = make_notifier(0, false); + + for (unsigned count = 0; count < 10; ++count) + add_connection(count % 2 == 0); + + { + const auto status = notifier.get_status(); + EXPECT_FALSE(status.has_noise); + EXPECT_FALSE(status.connections_filled); + } + notifier.new_out_connection(); + io_service_.poll(); + { + const auto status = notifier.get_status(); + EXPECT_FALSE(status.has_noise); + EXPECT_FALSE(status.connections_filled); // not tracked + } + + std::vector<cryptonote::blobdata> txs(2); + txs[0].resize(100, 'e'); + txs[1].resize(200, 'f'); + + ASSERT_EQ(10u, contexts_.size()); + { + auto context = contexts_.begin(); + EXPECT_TRUE(notifier.send_txs(txs, context->get_id(), false)); + + io_service_.reset(); + ASSERT_LT(0u, io_service_.poll()); + EXPECT_EQ(0u, context->process_send_queue()); + for (++context; context != contexts_.end(); ++context) + { + const bool is_incoming = ((context - contexts_.begin()) % 2 == 0); + EXPECT_EQ(is_incoming ? 0u : 1u, context->process_send_queue()); + } + + ASSERT_EQ(5u, receiver_.notified_size()); + for (unsigned count = 0; count < 5; ++count) + { + auto notification = receiver_.get_notification<cryptonote::NOTIFY_NEW_TRANSACTIONS>().second; + EXPECT_EQ(txs, notification.txs); + EXPECT_TRUE(notification._.empty()); + } + } + + ASSERT_EQ(10u, contexts_.size()); + { + auto context = contexts_.begin(); + EXPECT_TRUE(notifier.send_txs(txs, context->get_id(), true)); + + io_service_.reset(); + ASSERT_LT(0u, io_service_.poll()); + EXPECT_EQ(0u, context->process_send_queue()); + for (++context; context != contexts_.end(); ++context) + { + const bool is_incoming = ((context - contexts_.begin()) % 2 == 0); + EXPECT_EQ(is_incoming ? 0u : 1u, context->process_send_queue()); + } + + ASSERT_EQ(5u, receiver_.notified_size()); + for (unsigned count = 0; count < 5; ++count) + { + auto notification = receiver_.get_notification<cryptonote::NOTIFY_NEW_TRANSACTIONS>().second; + EXPECT_EQ(txs, notification.txs); + EXPECT_FALSE(notification._.empty()); + } + } +} + TEST_F(levin_notify, noise) { for (unsigned count = 0; count < 10; ++count) - add_connection(); + add_connection(count % 2 == 0); std::vector<cryptonote::blobdata> txs(1); txs[0].resize(1900, 'h'); const boost::uuids::uuid incoming_id = random_generator_(); - cryptonote::levin::notify notifier = make_notifier(2048); + cryptonote::levin::notify notifier = make_notifier(2048, false); { const auto status = notifier.get_status(); |