| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
update_checkpoints() makes a few DNS requests and can take up to 20-30 seconds to complete (3-6 seconds on average). It is currently called from core::handle_incoming_block() which holds m_incoming_tx_lock, so it blocks all incoming transactions and blocks processing while update_checkpoints() is running. This PR moves it to until after a new block has been processed and relayed, to avoid full monerod locking.
|
|
|
|
Remove unused include statements or unused definitions.
|
|
In this repo, `boost::interprocess` was being used soley to make `uint32_t` operations atomic. So I replaced each instance of
`boost::interprocess::ipcdetail::atomic(...)32` with `std::atomic` methods. I replaced member declarations as applicable. For example,
when I needed to change a `volatile uint32_t` into a `std::atomic<uint32_t>`. Sometimes, a member was being used a boolean flag, so
I replaced it with `std::atomic<bool>`.
You may notice that I didn't touch `levin_client_async.h`. That is because this file is entirely unused and will be deleted in PR monero-project#8211.
Additional changes from review:
* Make some local variables const
* Change postfix operators to prefix operators where value was not need
|
|
|
|
when kicking a peer for inactivity, clear the set of requested blocks,
or next time we requests blocks from it, we'll probably reject the
incoming blocks due to missing the previous requested blocks
|
|
|
|
|
|
|
|
|
|
This reverts commit 63c7ca07fba2f063c760f786a986fb3e02fb040e, reversing
changes made to 2218e23e84a89e9a1e4c0be5d50f891ab836754f.
|
|
|
|
There are quite a few variables in the code that are no longer
(or perhaps never were) in use. These were discovered by enabling
compiler warnings for unused variables and cleaning them up.
In most cases where the unused variables were the result
of a function call the call was left but the variable
assignment removed, unless it was obvious that it was
a simple getter with no side effects.
|
|
|
|
|
|
This reverts commit 4e74385a1ae9eae4ae9e8d155dfd96978eb10e7a.
|
|
|
|
|
|
Both drop_connection and add_host_fail can drop the connection,
which invalidates the context, and thus the address it contains.
Thanks to wfaressuissia[m] for lots of help and prodding when
debugging this
|
|
|
|
|
|
this is not a levin packet, this is just its payload
|
|
this prevents losing time of "idle time" for a peer, which could
otherwise be reset by another timed sync command from the peer
|
|
it'd trigger on reorgs
|
|
|
|
Some joker is spending time actually doing this
|
|
|
|
true if and pretty much only if new blocks are being added
|
|
|
|
|
|
instead of the (incorrect) check for whether we think we might have
a user for it at some point in the near future. We can reconnect.
|
|
|
|
|
|
|
|
We can actually request a chain that's further away from what we
have as we buffer more and more
|
|
|
|
It would otherwise be possible for a peer to send bad blocks,
then disconnect and reconnect again, escaping bans
|
|
|
|
|
|
Old format is still alloewd there, this is a two fork update
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
There are a few Borromean proofs txes in the v8 era, and these
aren't supported by get_pruned_transaction_weight. Moreover, only
only the most recent variant of bulletproofs is currently supported.
|
|
|
|
Because there's a neverending supply of cunts claiming a wrong
version just to say "look at me" I guess
|
|
Reported by xnbya
|
|
Reported by xnbya
|
|
This can now happen if:
- we have a pruned db
- we have not connected to the monero network for a while
- we connect to a node
- that node asks us for history
- we only have a pruned version of the most recent common block
In that case, it's better to not reply but keep the connection alive,
so we can sync off it.
|
|
|
|
Update copyright year to 2020
|
|
We don't have a function to calculate their weight from a pruned
version (yet).
|
|
- New flag in NOTIFY_NEW_TRANSACTION to indicate stem mode
- Stem loops detected in tx_pool.cpp
- Embargo timeout for a blackhole attack during stem phase
|
|
A newly synced Alice sends a (typically quite small) list of
txids in the local tpxool to a random peer Bob, who then uses
the existing tx relay system to send Alice any tx in his txpool
which is not in the list Alice sent
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The added condition "hshd.current_height >= target" guards against
reporting "synchronized" too early in the special situation that the
very first peer sending us data is synced to a lower height than
ourselves.
|
|
Message was "peer claims higher version that we think"
Requested change "peer claims higher version than we think"
|
|
Dividing `dt` here by 1e6 converts it to seconds, but that is clearly
wrong since `REQUEST_NEXT_SCHEDULED_SPAN_THRESHOLD_STANDBY` is measured
in microseconds. As a result, this if statement was effectively never
used.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Daemons intended for public use can be set up to require payment
in the form of hashes in exchange for RPC service. This enables
public daemons to receive payment for their work over a large
number of calls. This system behaves similarly to a pool, so
payment takes the form of valid blocks every so often, yielding
a large one off payment, rather than constant micropayments.
This system can also be used by third parties as a "paywall"
layer, where users of a service can pay for use by mining Monero
to the service provider's address. An example of this for web
site access is Primo, a Monero mining based website "paywall":
https://github.com/selene-kovri/primo
This has some advantages:
- incentive to run a node providing RPC services, thereby promoting the availability of third party nodes for those who can't run their own
- incentive to run your own node instead of using a third party's, thereby promoting decentralization
- decentralized: payment is done between a client and server, with no third party needed
- private: since the system is "pay as you go", you don't need to identify yourself to claim a long lived balance
- no payment occurs on the blockchain, so there is no extra transactional load
- one may mine with a beefy server, and use those credits from a phone, by reusing the client ID (at the cost of some privacy)
- no barrier to entry: anyone may run a RPC node, and your expected revenue depends on how much work you do
- Sybil resistant: if you run 1000 idle RPC nodes, you don't magically get more revenue
- no large credit balance maintained on servers, so they have no incentive to exit scam
- you can use any/many node(s), since there's little cost in switching servers
- market based prices: competition between servers to lower costs
- incentive for a distributed third party node system: if some public nodes are overused/slow, traffic can move to others
- increases network security
- helps counteract mining pools' share of the network hash rate
- zero incentive for a payer to "double spend" since a reorg does not give any money back to the miner
And some disadvantages:
- low power clients will have difficulty mining (but one can optionally mine in advance and/or with a faster machine)
- payment is "random", so a server might go a long time without a block before getting one
- a public node's overall expected payment may be small
Public nodes are expected to compete to find a suitable level for
cost of service.
The daemon can be set up this way to require payment for RPC services:
monerod --rpc-payment-address 4xxxxxx \
--rpc-payment-credits 250 --rpc-payment-difficulty 1000
These values are an example only.
The --rpc-payment-difficulty switch selects how hard each "share" should
be, similar to a mining pool. The higher the difficulty, the fewer
shares a client will find.
The --rpc-payment-credits switch selects how many credits are awarded
for each share a client finds.
Considering both options, clients will be awarded credits/difficulty
credits for every hash they calculate. For example, in the command line
above, 0.25 credits per hash. A client mining at 100 H/s will therefore
get an average of 25 credits per second.
For reference, in the current implementation, a credit is enough to
sync 20 blocks, so a 100 H/s client that's just starting to use Monero
and uses this daemon will be able to sync 500 blocks per second.
The wallet can be set to automatically mine if connected to a daemon
which requires payment for RPC usage. It will try to keep a balance
of 50000 credits, stopping mining when it's at this level, and starting
again as credits are spent. With the example above, a new client will
mine this much credits in about half an hour, and this target is enough
to sync 500000 blocks (currently about a third of the monero blockchain).
There are three new settings in the wallet:
- credits-target: this is the amount of credits a wallet will try to
reach before stopping mining. The default of 0 means 50000 credits.
- auto-mine-for-rpc-payment-threshold: this controls the minimum
credit rate which the wallet considers worth mining for. If the
daemon credits less than this ratio, the wallet will consider mining
to be not worth it. In the example above, the rate is 0.25
- persistent-rpc-client-id: if set, this allows the wallet to reuse
a client id across runs. This means a public node can tell a wallet
that's connecting is the same as one that connected previously, but
allows a wallet to keep their credit balance from one run to the
other. Since the wallet only mines to keep a small credit balance,
this is not normally worth doing. However, someone may want to mine
on a fast server, and use that credit balance on a low power device
such as a phone. If left unset, a new client ID is generated at
each wallet start, for privacy reasons.
To mine and use a credit balance on two different devices, you can
use the --rpc-client-secret-key switch. A wallet's client secret key
can be found using the new rpc_payments command in the wallet.
Note: anyone knowing your RPC client secret key is able to use your
credit balance.
The wallet has a few new commands too:
- start_mining_for_rpc: start mining to acquire more credits,
regardless of the auto mining settings
- stop_mining_for_rpc: stop mining to acquire more credits
- rpc_payments: display information about current credits with
the currently selected daemon
The node has an extra command:
- rpc_payments: display information about clients and their
balances
The node will forget about any balance for clients which have
been inactive for 6 months. Balances carry over on node restart.
|
|
|
|
CID 204479
|
|
If the peer (whether pruned or not itself) supports sending pruned blocks
to syncing nodes, the pruned version will be sent along with the hash
of the pruned data and the block weight. The original tx hashes can be
reconstructed from the pruned txes and theur prunable data hash. Those
hashes and the block weights are hashes and checked against the set of
precompiled hashes, ensuring the data we received is the original data.
It is currently not possible to use this system when not using the set
of precompiled hashes, since block weights can not otherwise be checked
for validity.
This is off by default for now, and is enabled by --sync-pruned-blocks
|
|
PoW is expensive to verify, so be strict
|
|
This avoids most premature triggers
|
|
As a side effect, colouring on Windows should now work
regardless of version
|
|
This reverts commit a96c1a46d4b3854252de75cbe09458ad5d1aecb0.
|
|
This reverts commit adc16d2504d3e76b0115791caf10446684d45433.
|
|
|
|
The check added here (in #5732/#5733) is supposed to disconnect behind
peers when the current node is syncing, but actually disconnects behind
peers always.
We are syncing when `target > our_height`, but the check here triggers
when `target > remote_height`, which is basically always true when the
preceding `m_core.have_block(hshd.top_id)` check is true.
|
|
|
|
|
|
|
|
|
|
Any peer that's behind us while syncing is useless to us (though
not to them). This ensures that we don't get our peer slots filled
with peers that we can't use. Once we've synced, we can connect
to them and they can then sync off us if they want.
|
|
When asking for txes in a fluffy transaction, one might ask
for the same (large) tx many times
|
|
Count transactions as well
|
|
Essentially, one can send such a large amount of IDs that core exhausts
all free memory. This issue can theoretically be exploited using very
large CN blockchains, such as Monero.
This is a partial fix. Thanks and credit given to CryptoNote author
'cryptozoidberg' for collaboration and the fix. Also thanks to
'moneromooo'. Referencing HackerOne report #506595.
|
|
|
|
|
|
|
|
|
|
This saves a duplicate serialization step
|
|
Based on Boolberry work by:
jahrsg <jahr@jahr.me>
cr.zoidberg <crypto.zoidberg@gmail.com>
|
|
|
|
|
|
|
|
|
|
When all our outgoing peer slots are filled, we cycle one peer at
a time looking for syncing peers until we have at least two such
peers. This brings two advantages:
- Peers without incoming connections will find more syncing peers
that before, thereby strengthening network decentralization
- Peers will have more resistance to isolation attacks, as they
are more likely to find a "good" peer than they were before
|
|
|
|
|
|
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
|
|
|
|
- Support for ".onion" in --add-exclusive-node and --add-peer
- Add --anonymizing-proxy for outbound Tor connections
- Add --anonymous-inbounds for inbound Tor connections
- Support for sharing ".onion" addresses over Tor connections
- Support for broadcasting transactions received over RPC exclusively
over Tor (else broadcast over public IP when Tor not enabled).
|
|
|
|
The blockchain prunes seven eighths of prunable tx data.
This saves about two thirds of the blockchain size, while
keeping the node useful as a sync source for an eighth
of the blockchain.
No other data is currently pruned.
There are three ways to prune a blockchain:
- run monerod with --prune-blockchain
- run "prune_blockchain" in the monerod console
- run the monero-blockchain-prune utility
The first two will prune in place. Due to how LMDB works, this
will not reduce the blockchain size on disk. Instead, it will
mark parts of the file as free, so that future data will use
that free space, causing the file to not grow until free space
grows scarce.
The third way will create a second database, a pruned copy of
the original one. Since this is a new file, this one will be
smaller than the original one.
Once the database is pruned, it will stay pruned as it syncs.
That is, there is no need to use --prune-blockchain again, etc.
|
|
avoids pointless allocs and memcpy
|
|
|
|
|
|
|
|
|
|
|
|
To help protect one's privacy from traffic volume analysis
for people using Tor or I2P. This will really fly once we
relay txes on a timer rather than on demand, though.
Off by default for now since it's wasteful and doesn't bring
anything until I2P's in.
|
|
Non fluffy block nodes should now be very rare
|
|
And percent if usefull (% < 99)
|
|
|
|
also use reserve where appropriate
|
|
|
|
|
|
|
|
pass some basic tests
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is 32 bits on 32 bit platforms, but 64 bits on 64 bit platforms.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
also avoid integer underflow on zero height
|
|
These even had the epee namespace.
This fixes some ugly circular dependencies.
|
|
As a followon side effect, this makes a lot of inline code
included only in particular cpp files (and instanciated
when necessary.
|
|
|
|
|
|
Deleted 3 out of 4 calls to method connection_basic::sleep_before_packet
that were erroneous / superfluous, which enabled the elimination of a
"fudge" factor of 2.1 in connection_basic::set_rate_up_limit;
also ended the multiplying of limit values and numbers of bytes
transferred by 1024 before handing them over to the global throttle
objects
|
|
It's sent as JSON, so raw binary is not appropriate
|
|
It's nasty, and actually breaks on Solaris, where if.h fails to
build due to:
struct map *if_memmap;
|
|
|
|
monero/src/cryptonote_protocol/block_queue.cpp:208:44: error:
suggest braces around initialization of subobject [-Werror,-Wmissing-braces]
static const boost::uuids::uuid uuid0 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{ }
monero/src/wallet/wallet_rpc_server.cpp:1895:43: error:
lambda capture 'wal' is not used [-Werror,-Wunused-lambda-capture]
tools::signal_handler::install([&wrpc, &wal](int) {
^
monero/src/cryptonote_protocol/cryptonote_protocol_handler.inl:1616:40: error:
lambda capture 'arg' is not used [-Werror,-Wunused-lambda-capture]
m_p2p->for_each_connection([this, &arg, &fluffy_arg, &exclude_context, &fullConnections...
^
monero/src/cryptonote_protocol/cryptonote_protocol_handler.inl:1616:46: error:
lambda capture 'fluffy_arg' is not used [-Werror,-Wunused-lambda-capture]
m_p2p->for_each_connection([this, &arg, &fluffy_arg, &exclude_context, &fullConnections...
^
monero/src/blockchain_utilities/blockchain_export.cpp:181:3: error:
bool literal returned from 'main' [-Werror,-Wmain]
CHECK_AND_ASSERT_MES(r, false, "Failed to initialize source blockchain storage");
^ ~~~~~
monero/contrib/epee/include/misc_log_ex.h:180:97: note:
expanded from macro 'CHECK_AND_ASSERT_MES'
...fail_ret_val, message) do{if(!(expr)) {LOG_ERROR(message); return fail_ret_val;};}while(0)
^ ~~~~~~~~~~~~
monero/src/blockchain_utilities/blockchain_export.cpp:195:3: error:
bool literal returned from 'main' [-Werror,-Wmain]
CHECK_AND_ASSERT_MES(r, false, "Failed to export blockchain raw data");
^ ~~~~~
monero/contrib/epee/include/misc_log_ex.h:180:97: note:
expanded from macro 'CHECK_AND_ASSERT_MES'
...fail_ret_val, message) do{if(!(expr)) {LOG_ERROR(message); return fail_ret_val;};}while(0)
^ ~~~~~~~~~~~~
|
|
This is safer, as we don't risk break expectations (eg, requesting
block hashes and then receiving a late set of blocks). Dropping a
connection means another will be attempted in a fresh state.
Also bump the kick timeout to 5 minutes, to ensure we only kick
really idle peers.
|
|
|
|
|
|
|
|
This shaves a lot of space off binaries
|
|
The last known hash was calculated incorrectly, causing
further chain hash downloads to restart from the current
chain. When the block queue has close to 10k blocks waiting,
this causes frequent downloads of 10k more hashes, but
with only the last few hashes actually being useful.
|
|
It is unused, as it was apparently a future optimization,
and it leaks some information (though since pools publish
thei blocks they find, that amount seems small).
|
|
Defaults to off, but fluffy blocks are forced enabled on testnet
|
|
|
|
fixes getting those in a loop
|
|
|
|
This allows peers who synced past a fork on the wrong height
to reorg to the right chain after they updated their software
to include the new version.
|
|
|
|
|
|
|
|
|
|
Fix sync wedge corner case:
It could happen if a connection went into standby mode, while
it was the one which had requested the next span, and that span
was still waiting for the data, and that peer is not on the
main chain. Other peers can then start asking for that data
again and again, but never get it as only that forked peer does.
And various other fixes
|
|
If monerod is started with default sync mode, set it to SAFE after
synchronization completes. Set it back to FAST if synchronization
restarts (e.g. because another peer has a longer blockchain).
If monerod is started with an explicit sync mode, none of this
automation takes effect.
|
|
|
|
In case they dropped off downloading for any reason, they'll get
sent to download again.
|
|
|
|
Really unique yet consistent spelling mistake
|
|
Not used yet.
|
|
|
|
This was broken by the reorg fix, since we now have to add blocks
regardless of their starting height. We now check whether we know
the parent for the first block in the next span, or whether it was
requested. If neither, it's an orphan. If it is not known, but was
requested, we wait to get that block.
|
|
|
|
|
|
They're interpreted as characters otherwise
|
|
|
|
Add get_fork_version and add_ideal_fork_version to core so
cryptonote_protocol does not have to need the Blockchain
class directly, as it's not in its dependencies, and add
those to the fake core classes in tests too.
|
|
|
|
When a node is dropped, we stop considering its claimed blockchain
height as a factor in the target height calculation. This prevents
a runaway chain from being still thought to be the target even if
the nodes carrying it are dropped.
|
|
We won't even talk to a peer which claims a wrong version
for its top block. This will avoid syncing to known bad
peers in the first place.
Also add IP fails when failing to verify a block.
|
|
|
|
Connections can be dropped by the net_node layer,
unbeknownst to cryptonote_protocol, which would then
not flush any spans scheduled to that connection,
which would cause it to be only downloaded again
once it becomes the next span (possibly after a small
delay if it had been requested less than 5 seconds
ago).
|
|
|
|
|
|
A block queue is now placed between block download and
block processing. Blocks are now requested only from one
peer (unless starved).
Includes a new sync_info coommand.
|
|
|
|
|
|
|
|
Since I had to add an ID to the derived classes anyway,
this can be used instead. This removes an apparently
pointless warning from CLANG too.
|
