From 7d67a2dde0d2547e19650f5c6fa33d54b3f8b14d Mon Sep 17 00:00:00 2001 From: Lee Clagett Date: Tue, 29 Dec 2020 19:58:53 -0500 Subject: Add aggressive restrictions to pre-handshake p2p buffer limit --- src/cryptonote_basic/connection_context.h | 2 ++ src/cryptonote_protocol/cryptonote_protocol_handler.inl | 1 + src/cryptonote_protocol/levin_notify.cpp | 2 +- src/p2p/net_node.h | 3 +++ 4 files changed, 7 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptonote_basic/connection_context.h b/src/cryptonote_basic/connection_context.h index 9e012f8f5..e5c00d4f3 100644 --- a/src/cryptonote_basic/connection_context.h +++ b/src/cryptonote_basic/connection_context.h @@ -55,6 +55,8 @@ namespace cryptonote state_normal }; + bool handshake_complete() const noexcept { return m_state != state_before_handshake; } + state m_state; std::vector> m_needed_objects; std::unordered_set m_requested_objects; diff --git a/src/cryptonote_protocol/cryptonote_protocol_handler.inl b/src/cryptonote_protocol/cryptonote_protocol_handler.inl index c76e5628d..1a4c6d033 100644 --- a/src/cryptonote_protocol/cryptonote_protocol_handler.inl +++ b/src/cryptonote_protocol/cryptonote_protocol_handler.inl @@ -2634,6 +2634,7 @@ skip: std::vector> fullConnections, fluffyConnections; m_p2p->for_each_connection([this, &exclude_context, &fullConnections, &fluffyConnections](connection_context& context, nodetool::peerid_type peer_id, uint32_t support_flags) { + // peer_id also filters out connections before handshake if (peer_id && exclude_context.m_connection_id != context.m_connection_id && context.m_remote_address.get_zone() == epee::net_utils::zone::public_) { if(m_core.fluffy_blocks_enabled() && (support_flags & P2P_SUPPORT_FLAG_FLUFFY_BLOCKS)) diff --git a/src/cryptonote_protocol/levin_notify.cpp b/src/cryptonote_protocol/levin_notify.cpp index 69df22a92..ab4eeeb82 100644 --- a/src/cryptonote_protocol/levin_notify.cpp +++ b/src/cryptonote_protocol/levin_notify.cpp @@ -442,7 +442,7 @@ namespace levin zone->p2p->foreach_connection([txs, now, &zone, &source, &in_duration, &out_duration, &next_flush] (detail::p2p_context& context) { // When i2p/tor, only fluff to outbound connections - if (source != context.m_connection_id && (zone->nzone == epee::net_utils::zone::public_ || !context.m_is_income)) + if (context.handshake_complete() && source != context.m_connection_id && (zone->nzone == epee::net_utils::zone::public_ || !context.m_is_income)) { if (context.fluff_txs.empty()) context.flush_time = now + (context.m_is_income ? in_duration() : out_duration()); diff --git a/src/p2p/net_node.h b/src/p2p/net_node.h index 9fba5d636..1f9fa46a4 100644 --- a/src/p2p/net_node.h +++ b/src/p2p/net_node.h @@ -118,6 +118,8 @@ namespace nodetool m_in_timedsync(false) {} + static constexpr int handshake_command() noexcept { return 1001; } + std::vector fluff_txs; std::chrono::steady_clock::time_point flush_time; peerid_type peer_id; @@ -139,6 +141,7 @@ namespace nodetool typedef COMMAND_HANDSHAKE_T COMMAND_HANDSHAKE; typedef COMMAND_TIMED_SYNC_T COMMAND_TIMED_SYNC; + static_assert(p2p_connection_context::handshake_command() == COMMAND_HANDSHAKE::ID, "invalid handshake command id"); typedef epee::net_utils::boosted_tcp_server> net_server; -- cgit v1.2.3