aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--contrib/epee/include/net/levin_protocol_handler_async.h17
-rw-r--r--src/cryptonote_basic/connection_context.h23
-rw-r--r--src/cryptonote_protocol/cryptonote_protocol_handler.h1
-rw-r--r--src/cryptonote_protocol/cryptonote_protocol_handler.inl19
-rw-r--r--src/p2p/net_node.inl1
-rw-r--r--tests/fuzz/levin.cpp1
-rw-r--r--tests/net_load_tests/net_load_tests.h1
-rw-r--r--tests/unit_tests/epee_levin_protocol_handler_async.cpp1
8 files changed, 60 insertions, 4 deletions
diff --git a/contrib/epee/include/net/levin_protocol_handler_async.h b/contrib/epee/include/net/levin_protocol_handler_async.h
index f77f5d0a1..790b64aa5 100644
--- a/contrib/epee/include/net/levin_protocol_handler_async.h
+++ b/contrib/epee/include/net/levin_protocol_handler_async.h
@@ -434,7 +434,7 @@ public:
//async call scenario
boost::shared_ptr<invoke_response_handler_base> response_handler = m_invoke_response_handlers.front();
response_handler->reset_timer();
- MDEBUG(m_connection_context << "LEVIN_PACKET partial msg received. len=" << cb);
+ MDEBUG(m_connection_context << "LEVIN_PACKET partial msg received. len=" << cb << ", current total " << m_cache_in_buffer.size() << "/" << m_current_head.m_cb << " (" << (100.0f * m_cache_in_buffer.size() / (m_current_head.m_cb ? m_current_head.m_cb : 1)) << "%)");
}
}
break;
@@ -469,6 +469,14 @@ public:
temp = std::move(m_fragment_buffer);
m_fragment_buffer.clear();
std::memcpy(std::addressof(m_current_head), std::addressof(temp[0]), sizeof(bucket_head2));
+ const size_t max_bytes = m_connection_context.get_max_bytes(m_current_head.m_command);
+ if(m_current_head.m_cb > std::min<size_t>(max_packet_size, max_bytes))
+ {
+ MERROR(m_connection_context << "Maximum packet size exceed!, m_max_packet_size = " << std::min<size_t>(max_packet_size, max_bytes)
+ << ", packet header received " << m_current_head.m_cb << ", command " << m_current_head.m_command
+ << ", connection will be closed.");
+ return false;
+ }
buff_to_invoke = {reinterpret_cast<const uint8_t*>(temp.data()) + sizeof(bucket_head2), temp.size() - sizeof(bucket_head2)};
}
@@ -585,10 +593,11 @@ public:
m_cache_in_buffer.erase(sizeof(bucket_head2));
m_state = stream_state_body;
m_oponent_protocol_ver = m_current_head.m_protocol_version;
- if(m_current_head.m_cb > max_packet_size)
+ const size_t max_bytes = m_connection_context.get_max_bytes(m_current_head.m_command);
+ if(m_current_head.m_cb > std::min<size_t>(max_packet_size, max_bytes))
{
- LOG_ERROR_CC(m_connection_context, "Maximum packet size exceed!, m_max_packet_size = " << max_packet_size
- << ", packet header received " << m_current_head.m_cb
+ LOG_ERROR_CC(m_connection_context, "Maximum packet size exceed!, m_max_packet_size = " << std::min<size_t>(max_packet_size, max_bytes)
+ << ", packet header received " << m_current_head.m_cb << ", command " << m_current_head.m_command
<< ", connection will be closed.");
return false;
}
diff --git a/src/cryptonote_basic/connection_context.h b/src/cryptonote_basic/connection_context.h
index e5c00d4f3..8cd896a36 100644
--- a/src/cryptonote_basic/connection_context.h
+++ b/src/cryptonote_basic/connection_context.h
@@ -31,6 +31,7 @@
#pragma once
#include <unordered_set>
#include <atomic>
+#include <algorithm>
#include <boost/date_time/posix_time/posix_time.hpp>
#include "net/net_utils_base.h"
#include "copyable_atomic.h"
@@ -57,6 +58,27 @@ namespace cryptonote
bool handshake_complete() const noexcept { return m_state != state_before_handshake; }
+ void set_max_bytes(int command, size_t bytes) {
+ const auto i = std::lower_bound(m_max_bytes.begin(), m_max_bytes.end(), std::make_pair(command, bytes), [](const std::pair<int, size_t> &e0, const std::pair<int, size_t> &e1){
+ return e0.first < e1.first;
+ });
+ if (i == m_max_bytes.end())
+ m_max_bytes.push_back(std::make_pair(command, bytes));
+ else if (i->first == command)
+ i->second = bytes;
+ else
+ m_max_bytes.insert(i, std::make_pair(command, bytes));
+ }
+ size_t get_max_bytes(int command) const {
+ const auto i = std::lower_bound(m_max_bytes.begin(), m_max_bytes.end(), std::make_pair(command, 0), [](const std::pair<int, size_t> &e0, const std::pair<int, size_t> &e1){
+ return e0.first < e1.first;
+ });
+ if (i == m_max_bytes.end() || i->first != command)
+ return std::numeric_limits<size_t>::max();
+ else
+ return i->second;
+ }
+
state m_state;
std::vector<std::pair<crypto::hash, uint64_t>> m_needed_objects;
std::unordered_set<crypto::hash> m_requested_objects;
@@ -73,6 +95,7 @@ namespace cryptonote
int m_expect_response;
uint64_t m_expect_height;
size_t m_num_requested;
+ std::vector<std::pair<int, size_t>> m_max_bytes;
};
inline std::string get_protocol_state_string(cryptonote_connection_context::state s)
diff --git a/src/cryptonote_protocol/cryptonote_protocol_handler.h b/src/cryptonote_protocol/cryptonote_protocol_handler.h
index f06614056..5585d5ef8 100644
--- a/src/cryptonote_protocol/cryptonote_protocol_handler.h
+++ b/src/cryptonote_protocol/cryptonote_protocol_handler.h
@@ -109,6 +109,7 @@ namespace cryptonote
std::list<connection_info> get_connections();
const block_queue &get_block_queue() const { return m_block_queue; }
void stop();
+ void on_connection_new(cryptonote_connection_context &context);
void on_connection_close(cryptonote_connection_context &context);
void set_max_out_peers(unsigned int max) { m_max_out_peers = max; }
bool no_sync() const { return m_no_sync; }
diff --git a/src/cryptonote_protocol/cryptonote_protocol_handler.inl b/src/cryptonote_protocol/cryptonote_protocol_handler.inl
index 5dbd02da8..590b8440b 100644
--- a/src/cryptonote_protocol/cryptonote_protocol_handler.inl
+++ b/src/cryptonote_protocol/cryptonote_protocol_handler.inl
@@ -2873,6 +2873,25 @@ skip:
}
//------------------------------------------------------------------------------------------------------------------------
template<class t_core>
+ void t_cryptonote_protocol_handler<t_core>::on_connection_new(cryptonote_connection_context &context)
+ {
+ context.set_max_bytes(nodetool::COMMAND_HANDSHAKE_T<cryptonote::CORE_SYNC_DATA>::ID, 65536);
+ context.set_max_bytes(nodetool::COMMAND_TIMED_SYNC_T<cryptonote::CORE_SYNC_DATA>::ID, 65536);
+ context.set_max_bytes(nodetool::COMMAND_PING::ID, 4096);
+ context.set_max_bytes(nodetool::COMMAND_REQUEST_SUPPORT_FLAGS::ID, 4096);
+
+ context.set_max_bytes(cryptonote::NOTIFY_NEW_BLOCK::ID, 1024 * 1024 * 128); // 128 MB (max packet is a bit less than 100 MB though)
+ context.set_max_bytes(cryptonote::NOTIFY_NEW_TRANSACTIONS::ID, 1024 * 1024 * 128); // 128 MB (max packet is a bit less than 100 MB though)
+ context.set_max_bytes(cryptonote::NOTIFY_REQUEST_GET_OBJECTS::ID, 1024 * 1024 * 2); // 2 MB
+ context.set_max_bytes(cryptonote::NOTIFY_RESPONSE_GET_OBJECTS::ID, 1024 * 1024 * 128); // 128 MB (max packet is a bit less than 100 MB though)
+ context.set_max_bytes(cryptonote::NOTIFY_REQUEST_CHAIN::ID, 512 * 1024); // 512 kB
+ context.set_max_bytes(cryptonote::NOTIFY_RESPONSE_CHAIN_ENTRY::ID, 1024 * 1024 * 4); // 4 MB
+ context.set_max_bytes(cryptonote::NOTIFY_NEW_FLUFFY_BLOCK::ID, 1024 * 1024 * 4); // 4 MB, but it does not includes transaction data
+ context.set_max_bytes(cryptonote::NOTIFY_REQUEST_FLUFFY_MISSING_TX::ID, 1024 * 1024); // 1 MB
+ context.set_max_bytes(cryptonote::NOTIFY_GET_TXPOOL_COMPLEMENT::ID, 1024 * 1024 * 4); // 4 MB
+ }
+ //------------------------------------------------------------------------------------------------------------------------
+ template<class t_core>
void t_cryptonote_protocol_handler<t_core>::on_connection_close(cryptonote_connection_context &context)
{
uint64_t target = 0;
diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl
index 2387e3bff..20f3e19bf 100644
--- a/src/p2p/net_node.inl
+++ b/src/p2p/net_node.inl
@@ -2639,6 +2639,7 @@ namespace nodetool
void node_server<t_payload_net_handler>::on_connection_new(p2p_connection_context& context)
{
MINFO("["<< epee::net_utils::print_connection_context(context) << "] NEW CONNECTION");
+ m_payload_handler.on_connection_new(context);
}
//-----------------------------------------------------------------------------------
template<class t_payload_net_handler>
diff --git a/tests/fuzz/levin.cpp b/tests/fuzz/levin.cpp
index 0ba0ff7f3..86b370202 100644
--- a/tests/fuzz/levin.cpp
+++ b/tests/fuzz/levin.cpp
@@ -54,6 +54,7 @@ namespace
{
static constexpr int handshake_command() noexcept { return 1001; }
static constexpr bool handshake_complete() noexcept { return true; }
+ size_t get_max_bytes(int command) const { return LEVIN_DEFAULT_MAX_PACKET_SIZE; }
};
typedef epee::levin::async_protocol_handler_config<test_levin_connection_context> test_levin_protocol_handler_config;
diff --git a/tests/net_load_tests/net_load_tests.h b/tests/net_load_tests/net_load_tests.h
index 1cc68746a..bc69e662f 100644
--- a/tests/net_load_tests/net_load_tests.h
+++ b/tests/net_load_tests/net_load_tests.h
@@ -50,6 +50,7 @@ namespace net_load_tests
test_connection_context(): epee::net_utils::connection_context_base(boost::uuids::nil_uuid(), {}, false, false), m_closed(false) {}
static constexpr int handshake_command() noexcept { return 1001; }
static constexpr bool handshake_complete() noexcept { return true; }
+ size_t get_max_bytes(int command) const { return LEVIN_DEFAULT_MAX_PACKET_SIZE; }
volatile bool m_closed;
};
diff --git a/tests/unit_tests/epee_levin_protocol_handler_async.cpp b/tests/unit_tests/epee_levin_protocol_handler_async.cpp
index 55092fd90..f1969ca18 100644
--- a/tests/unit_tests/epee_levin_protocol_handler_async.cpp
+++ b/tests/unit_tests/epee_levin_protocol_handler_async.cpp
@@ -45,6 +45,7 @@ namespace
{
static constexpr int handshake_command() noexcept { return 1001; }
static constexpr bool handshake_complete() noexcept { return true; }
+ size_t get_max_bytes(int command) const { return LEVIN_DEFAULT_MAX_PACKET_SIZE; }
};
typedef epee::levin::async_protocol_handler_config<test_levin_connection_context> test_levin_protocol_handler_config;