Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Never bind INADDR_ANY by default, and warn when doing so explicitly #14532

Merged
merged 3 commits into from Nov 22, 2018

Conversation

@luke-jr
Copy link
Member

@luke-jr luke-jr commented Oct 20, 2018

A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:

  • Only ever bind localhost by default, even if rpcallowip is specified. (A warning is given if rpcallowip is specified without rpcbind, since it doesn't really make sense to do.)
  • Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
  • Include a warning about untrusted networks in the --help documentation for rpcbind.
@laanwj
Copy link
Member

@laanwj laanwj commented Oct 20, 2018

what is the problem with binding to INADDR_ANY if it's rejecting all but specific IPs?

@kristapsk
Copy link
Contributor

@kristapsk kristapsk commented Oct 20, 2018

If we change this default behaviour, it must be mentioned in the release notes.

@ch4ot1c
Copy link
Contributor

@ch4ot1c ch4ot1c commented Oct 20, 2018

Is this is only concerning for nodes running with --enable-wallet (without --disable-wallet)?

@practicalswift
Copy link
Contributor

@practicalswift practicalswift commented Oct 20, 2018

Very nice find @luke-jr

Very strong concept ACK

The expected contract for security or privacy sensitive daemons is to never bind to all interfaces unless the user explicitly asks for that.

@laanwj

Consider a machine with three IP-addresses on different networks: A, B and C.

Let’s say that all Bitcoin related activity such as outgoing connections etc takes place on network A.

First: the privacy leak aspect

We should not assume that the user is willing to share the information that he/she is running bitcoind also to participants on network B or C.

By listening on the RPC port also on the IP-addresses on networks B and C we leak that information to port scanning adversaries on those networks.

The fact that we are not providing any services to unknown clients (thanks to !ClientAllowed(…)) does not stop that privacy leak. The privacy leak happens with the SYN/ACK response.

Second: the attack surface aspect

Even if we are not providing any services to unknown clients (thanks to !ClientAllowed(…)) we’re still providing adversaries on network B and C an unnecessary attack surface by listening on those networks.

@luke-jr
Copy link
Member Author

@luke-jr luke-jr commented Oct 21, 2018

@laanwj I don't think we've done anything to make the RPC server robust to connection attacks?

@luke-jr luke-jr force-pushed the rpcbind_explicit branch from 4ca3e97 to e052013 Oct 21, 2018
@laanwj
Copy link
Member

@laanwj laanwj commented Oct 22, 2018

@laanwj I don't think we've done anything to make the RPC server robust to connection attacks?

Correct! Even though the early stage at which non-allowed connections are dropped makes it unlikely for there to be significant attack surface.

I love how clightning handles this: RPC is a local interface exposed through a UNIX socket only
sure, with some craftiness it's possible to forward it to other machines over ssh, but there's none of that logic in the client

And I think it was a mistake how bitcoind does this, it's one of those historical things, in an ideal world I'd like to get rid of all binding/IP access control logic around RPC. But it seems unrealistic to change any of that, at this stage, that'll result in even more user complaints than this.

So yes this is a step forward.

endpoints.push_back(std::make_pair("::1", defaultPort));
endpoints.push_back(std::make_pair("127.0.0.1", defaultPort));
if (gArgs.IsArgSet("-rpcallowip")) {
LogPrintf("WARNING: option -rpcallowip was specified without -rpcbind; this doesn't usually make sense\n");
Copy link
Contributor

@hsjoberg hsjoberg Oct 22, 2018

Maybe we should be more clear here what the issue is instead of just suggesting that the configuration doesn't make sense.

Copy link
Contributor

@pstratem pstratem Nov 15, 2018

suggest mirroring the warning for rpcbind

LogPrintf("WARNING: option -rpcallowip was ignored because -rpcbind was not specified, refusing to allow everyone to connect\n")

@promag
Copy link
Member

@promag promag commented Oct 22, 2018

Concept ACK.

@laanwj
Copy link
Member

@laanwj laanwj commented Oct 25, 2018

utACK e0520135795563f13feedb28bad5aa3a7e9bc15d

@DrahtBot
Copy link
Contributor

@DrahtBot DrahtBot commented Nov 1, 2018

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #14741 (Indicate -rpcauth option password hashing alg by dongcarl)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@meshcollider
Copy link
Member

@meshcollider meshcollider commented Nov 6, 2018

utACK e052013

Should probably have a release note

Copy link
Member

@kallewoof kallewoof left a comment

utACK e0520135795563f13feedb28bad5aa3a7e9bc15d

@@ -296,9 +296,12 @@ static bool HTTPBindAddresses(struct evhttp* http)
std::vector<std::pair<std::string, uint16_t> > endpoints;

// Determine what addresses to bind to
if (!gArgs.IsArgSet("-rpcallowip")) { // Default to loopback if not allowing external IPs
if (!(gArgs.IsArgSet("-rpcallowip") && gArgs.IsArgSet("-rpcbind"))) { // Default to loopback if not allowing external IPs
Copy link
Member

@kallewoof kallewoof Nov 6, 2018

In commit net: Always default rpcbind to localhost, never "all interfaces":

Nit: I think if !a || !b is easier on the eyes than if !(a && b).

@practicalswift
Copy link
Contributor

@practicalswift practicalswift commented Nov 14, 2018

Needs rebase :-)

@MarcoFalke
Copy link
Member

@MarcoFalke MarcoFalke commented Nov 15, 2018

@luke-jr This has had some review, but need rebase to be eligible for merge.

@luke-jr luke-jr force-pushed the rpcbind_explicit branch from e052013 to 27c44ef Nov 22, 2018
@luke-jr
Copy link
Member Author

@luke-jr luke-jr commented Nov 22, 2018

Rebased

PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue Apr 19, 2020
…doing so explicitly

27c44ef rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)

Pull request description:

  A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:

  * Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
  * Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
  * Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.

Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue Apr 20, 2020
…doing so explicitly

27c44ef rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)

Pull request description:

  A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:

  * Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
  * Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
  * Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.

Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
deadalnix pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this issue Apr 29, 2020
… interfaces"

Summary:
We don't support binding to untrusted networks, so avoid a default where that is typical (luke-jr)

3615003952ffbc814bdb53d9d0e45790f152bd2f net: Always default rpcbind to localhost, never "all interfaces"
d6a1287481428d982dc03be3a6d9aeef8398f468 CNetAddr: Add IsBindAny method to check for INADDR_ANY
27c44ef9c61f64d941ab82ec232a68141a2fde90 rpcbind: Warn about exposing RPC to untrusted networks

f3cf95ffdfda935f28260eb34bf20c1449a200c5 tests: Modify rpc_bind to conform to #14532 behaviour.

---

This is a backport of Core [[bitcoin/bitcoin#14532 | PR14532]] and Core [[bitcoin/bitcoin#14861 | PR14861]]

Test Plan:
  ninja check
  ./test/functional/test_runner/rpc_bind

Reviewers: #bitcoin_abc, deadalnix

Reviewed By: #bitcoin_abc, deadalnix

Subscribers: deadalnix

Differential Revision: https://reviews.bitcoinabc.org/D5880
PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue May 10, 2020
…doing so explicitly

27c44ef rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)

Pull request description:

  A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:

  * Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
  * Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
  * Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.

Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue May 12, 2020
…doing so explicitly

27c44ef rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)

Pull request description:

  A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:

  * Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
  * Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
  * Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.

Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue Jun 9, 2020
…doing so explicitly

27c44ef rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)

Pull request description:

  A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:

  * Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
  * Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
  * Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.

Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue Jun 9, 2020
…doing so explicitly

27c44ef rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)

Pull request description:

  A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:

  * Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
  * Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
  * Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.

Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue Jun 10, 2020
…doing so explicitly

27c44ef rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)

Pull request description:

  A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:

  * Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
  * Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
  * Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.

Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue Jun 11, 2020
…doing so explicitly

27c44ef rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)

Pull request description:

  A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:

  * Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
  * Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
  * Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.

Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
UdjinM6 added a commit to UdjinM6/dash that referenced this issue Jul 9, 2020
… behaviour.

f3cf95f tests: Modify rpc_bind to conform to bitcoin#14532 behaviour. (Carl Dong)

Pull request description:

  Fixes: bitcoin#14792

Tree-SHA512: 5ee63a06c92dae5406515e9e483188309b82e07b760f363d8c8ec46a42fe5f75f88724759b0ac8ef596ee28a135626e0582f575855c5dfec2fbfff2249a109f7
UdjinM6 added a commit to UdjinM6/dash that referenced this issue Jul 9, 2020
… behaviour.

f3cf95f tests: Modify rpc_bind to conform to bitcoin#14532 behaviour. (Carl Dong)

Pull request description:

  Fixes: bitcoin#14792

Tree-SHA512: 5ee63a06c92dae5406515e9e483188309b82e07b760f363d8c8ec46a42fe5f75f88724759b0ac8ef596ee28a135626e0582f575855c5dfec2fbfff2249a109f7
furszy added a commit to furszy/PIVX that referenced this issue Jul 22, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Jul 22, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Jul 23, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Jul 25, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Jul 26, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Jul 27, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Jul 27, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Jul 29, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Jul 29, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Jul 29, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Jul 30, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Jul 31, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Aug 1, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Aug 4, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Aug 5, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Aug 8, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
furszy added a commit to furszy/PIVX that referenced this issue Aug 10, 2021
- Even when rpcallowip is specified, only bind localhost
- Explicitly bind in run_allowip_test
random-zebra added a commit to PIVX-Project/PIVX that referenced this issue Aug 11, 2021
ecde04a [Consensus] Bump Active Protocol version to 70923 for v5.3 (random-zebra)
b63e4f5 Consensus: Add v5.3 enforcement height for testnet. (furszy)
f44be94 Only relay IPv4, IPv6, Tor addresses (Pieter Wuille)
015298c fix: tor: Call event_base_loopbreak from the event's callback (furszy)
34ff7a8 Consensus: Add mnb ADDRv2 guard. (furszy)
b4515dc GUI: Present v3 onion addresses properly in MNs list. (furszy)
337d43d tests: don't export in6addr_loopback (Vasil Dimov)
2cde8e0 GUI: Do not show the tor v3 onion address in the topbar. (furszy)
0b5f406 Doc: update tor.md with latest upstream information. (furszy)
89df7f2 addrman: ensure old versions don't parse peers.dat (Vasil Dimov)
bb90c5c test: add getnetworkinfo network name regression tests (Jon Atack)
d8e01b5 rpc: update GetNetworksInfo() to not return unsupported networks (Jon Atack)
57fc7b0 net: update GetNetworkName() with all enum Network cases (Jon Atack)
647d60b tests: Modify rpc_bind to conform to bitcoin#14532 behaviour. (Carl Dong)
d4d6729 Allow running rpc_bind.py --nonloopback test without IPv6 (Kristaps Kaupe)
4a034d8 test: Add rpc_bind test to default-run tests (Wladimir J. van der Laan)
61a08af [tests] bind functional test nodes to 127.0.0.1  Prevents OSX firewall (Sjors Provoost)
6a4f1e0 test: Add basic addr relay test (furszy)
78aa61c net: Make addr relay mockable (furszy)
ba954ca Send and require SENDADDRV2 before VERACK (Pieter Wuille)
61c2ed4 Bump net protocol version + don't send 'sendaddrv2' to pre-70923 software (furszy)
ccd508a tor: make a TORv3 hidden service instead of TORv2 (Vasil Dimov)
6da9a14 net: advertise support for ADDRv2 via new message (furszy)
e58d5d0 Migrate to test_large_inv() to Misbehaving logging. (furszy)
d496b64 [QA] fix mininode CAddress ser/deser (Jonas Schnelli)
cec9567 net: CAddress & CAddrMan: (un)serialize as ADDRv2 Change the serialization of `CAddrMan` to serialize its addresses in ADDRv2/BIP155 format by default. Introduce a new `CAddrMan` format version (3). (furszy)
b8c1dda streams update: get rid of nType and nVersion. (furszy)
3eaa273 Support bypassing range check in ReadCompactSize (Pieter Wuille)
a237ba4 net: recognize TORv3/I2P/CJDNS networks (Vasil Dimov)
8e50853 util: make EncodeBase32 consume Spans (Sebastian Falbesoner)
1f67e30 net: CNetAddr: add support to (un)serialize as ADDRv2 (Vasil Dimov)
2455420 test: move HasReason so it can be reused (furszy)
d41adb4 util: move HasPrefix() so it can be reused (Vasil Dimov)
f6f86af Unroll Keccak-f implementation (Pieter Wuille)
45222e6 Implement keccak-f[1600] and SHA3-256 (Pieter Wuille)
08ad06d net: change CNetAddr::ip to have flexible size (furszy)
3337219 net: improve encapsulation of CNetAddr. (furszy)
910d5c4 test: Do not instantiate CAddrDB for static call (Hennadii Stepanov)
6b607ef Drop IsLimited in favor of IsReachable (Ben Woosley)
a40711b IsReachable is the inverse of IsLimited (DRY). Includes unit tests (marcaiaf)
8839828 net: don't accept non-left-contiguous netmasks (Vasil Dimov)
5d7f864 rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
2a6abd8 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
4fdfa45 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)
31064a8 net: Minor accumulated cleanups (furszy)
9f9c871 tests: Avoid using C-style NUL-terminated strings as arguments (practicalswift)
f6c52a3 tests: Add tests to make sure lookup methods fail on std::string parameters with embedded NUL characters (practicalswift)
a751b9b net: Avoid using C-style NUL-terminated strings as arguments in the netbase interface (furszy)
f30869d test: add IsRFC2544 tests (Mark Tyneway)
ed5abe1 Net: Proper CService deserialization + GetIn6Addr return false if addr isn't an IPv6 addr (furszy)
86d73fb net: save the network type explicitly in CNetAddr (Vasil Dimov)
ad57dfc net: document `enum Network` (Vasil Dimov)
cb160de netaddress: Update CNetAddr for ORCHIDv2 (Carl Dong)
c3c04e4 net: Better misbehaving logging (furszy)
3660487 net: Use C++11 member initialization in protocol (Marco)
082baa3 refactor: Drop unused CBufferedFile::Seek() (Hennadii Stepanov)
e2d776a util: CBufferedFile fixes (Larry Ruane)
6921f42 streams: backport OverrideStream class (furszy)

Pull request description:

  Conjunction of a large number of back ports, updates and refactorings that made with the final goal of implementing v3 Onion addresses support (BIP155 https://github.com/bitcoin/bips/blob/master/bip-0155.mediawiki) before the tor v2 addresses EOL, scheduled, by the Tor project, for (1) July 15th: v2 addr support removal from the code base, and (2) October 15th: v2 addr network disable, where **every peer in our network running under Tor will loose the connection and drop the network**.

  As BIP155 describes, this is introducing a new P2P message to gossip longer node addresses over the P2P network. This is required to support new-generation Onion addresses, I2P, and potentially other networks that have longer endpoint addresses than fit in the 128 bits of the current addr message.

  In order to achieve the end goal, had to:
  1.  Create Span class and push it up to latest Bitcoin implementation.
  2.  Update the whole serialization framework and every object using it up to latest Bitcoin implementation (3-4 years ahead of what we currently are in master).
  3.  Update the address manager implementing ASN-based bucketing of the network nodes.
  4.  Update and refactor the netAddress and address manager tests to latest Bitcoin implementation (4 years ahead of what we currently are in master).
  5.  Several util string, vector, encodings, parsing, hashing backports and more..

  Important note:
  This PR it is not meant to be merged as a standalone PR, will decouple smaller ones moving on. Adding on each sub-PR its own description isolated from this big monster.

  Second note:
  This is still a **work-in-progress**, not ready for testing yet. I'm probably missing to mention few PRs that have already adapted to our sources. Just making it public so can decouple the changes, we can start merging them and i can continue working a bit more confortable (rebase a +170 commits separate branch is not fun..).

  ### List of back ported and adapted PRs:

  Span and Serialization:
  ----------------
  *  bitcoin#12886.
  *  bitcoin#12916.
  *  bitcoin#13558.
  *  bitcoin#13697. (Only Span's commit 29943a9)
  *  bitcoin#17850.
  *  bitcoin#17896.
  *  bitcoin#12752.
  *  bitcoin#16577.
  *  bitcoin#16670. (without faebf62)
  *  bitcoin#17957.
  *  bitcoin#18021.
  *  bitcoin#18087.
  *  bitcoin#18112 (only from 353f376 that we don't support).
  *  bitcoin#18167.
  *  bitcoin#18317.
  *  bitcoin#18591 (only Span's commit 0fbde48)
  *  bitcoin#18468.
  *  bitcoin#19020.
  *  bitcoin#19032.
  *  bitcoin#19367.
  *  bitcoin#19387.

  Net, NetAddress and AddrMan:
  ----------------

  *  bitcoin#7932.
  *  bitcoin#10756.
  *  bitcoin#10765.
  *  bitcoin#12218.
  *  bitcoin#12855.
  *  bitcoin#13532.
  *  bitcoin#13575.
  *  bitcoin#13815.
  *  bitcoin#14532.
  *  bitcoin#15051.
  *  bitcoin#15138.
  *  bitcoin#15689.
  *  bitcoin#16702.
  *  bitcoin#17243.
  *  bitcoin#17345.
  *  bitcoin#17754.
  *  bitcoin#17758.
  *  bitcoin#17812.
  *  bitcoin#18023.
  *  bitcoin#18454.
  *  bitcoin#18512.
  *  bitcoin#19314.
  *  bitcoin#19687

  Keys and Addresses encoding:
  ----------------
  * bitcoin#11372.
  * bitcoin#17511.
  * bitcoin#17721.

  Util:
  ----------------
  * bitcoin#9140.
  * bitcoin#16577.
  * bitcoin#16889.
  * bitcoin#19593.

  Bench:
  ----------------
  * bitcoin#16299.

  BIP155:
  ----------------
  *  bitcoin#19351.
  *  bitcoin#19360.
  *  bitcoin#19534.
  *  bitcoin#19628.
  *  bitcoin#19841.
  *  bitcoin#19845.
  *  bitcoin#19954.
  *  bitcoin#19991 (pending).
  *  bitcoin#19845.
  *  bitcoin#20000 (pending).
  *  bitcoin#20120.
  *  bitcoin#20284.
  *  bitcoin#20564.
  *  bitcoin#21157 (pending).
  *  bitcoin#21564 (pending).
  *  Fully removed v2 onion addr support.
  *  Add hardcoded seeds.
  *  Add release-notes, changes to files.md and every needed documentation.

  I'm currently working on the PRs marked as "pending", this isn't over, but I'm pretty pretty close :). What a long road..

ACKs for top commit:
  random-zebra:
    utACK ecde04a
  Fuzzbawls:
    ACK ecde04a

Tree-SHA512: 82c95fbda76fce63f96d8a9af7fa9a89cb1e1b302b7891e27118a6103af0be23606bf202c7332fa61908205e6b6351764e2ec23d753f1e2484028f57c2e8b51a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet