-
Notifications
You must be signed in to change notification settings - Fork 35.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
p2p: Implement anti-DoS headers sync #25717
p2p: Implement anti-DoS headers sync #25717
Commits on Aug 23, 2022
-
Add function to validate difficulty changes
The rule against difficulty adjustments changing by more than a factor of 4 can be helpful for anti-DoS measures in contexts where we lack a full headers chain, so expose this functionality separately and in the narrow case where we only know the height, new value, and old value. Includes fuzz test by Martin Zumsande.
Configuration menu - View commit details
-
Copy full SHA for 1d4cfa4 - Browse repository at this point
Copy the full SHA 1d4cfa4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 84852bb - Browse repository at this point
Copy the full SHA 84852bbView commit details -
Add functions to construct locators without CChain
This introduces an insignificant performance penalty, as it means locator construction needs to use the skiplist-based CBlockIndex::GetAncestor() function instead of the lookup-based CChain, but avoids the need for callers to have access to a relevant CChain object.
Configuration menu - View commit details
-
Copy full SHA for ed47094 - Browse repository at this point
Copy the full SHA ed47094View commit details
Commits on Aug 29, 2022
-
Utilize anti-DoS headers download strategy
Avoid permanently storing headers from a peer, unless the headers are part of a chain with sufficiently high work. This prevents memory attacks using low-work headers. Designed and co-authored with Pieter Wuille.
Configuration menu - View commit details
-
Copy full SHA for 551a8d9 - Browse repository at this point
Copy the full SHA 551a8d9View commit details -
Require callers of AcceptBlockHeader() to perform anti-dos checks
In order to prevent memory DoS, we must ensure that we don't accept a new header into memory until we've performed anti-DoS checks, such as verifying that the header is part of a sufficiently high work chain. This commit adds a new argument to AcceptBlockHeader() so that we can ensure that all call-sites which might cause a new header to be accepted into memory have to grapple with the question of whether the header is safe to accept, or needs further validation. This patch also fixes two places where low-difficulty-headers could have been processed without such validation (processing an unrequested block from the network, and processing a compact block). Credit to Niklas Gögge for noticing this issue, and thanks to Sjors Provoost for test code.
Configuration menu - View commit details
-
Copy full SHA for ed6cddd - Browse repository at this point
Copy the full SHA ed6cdddView commit details -
Reduce spurious messages during headers sync
Delay sending SENDHEADERS (BIP 130) message until we know our peer's best header's chain has more than nMinimumChainWork. This reduces inadvertent headers messages received during initial headers sync due to block announcements, which throw off our sync algorithm.
Configuration menu - View commit details
-
Copy full SHA for 83c6a0c - Browse repository at this point
Copy the full SHA 83c6a0cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0b6aa82 - Browse repository at this point
Copy the full SHA 0b6aa82View commit details -
Configuration menu - View commit details
-
Copy full SHA for 150a548 - Browse repository at this point
Copy the full SHA 150a548View commit details -
Configuration menu - View commit details
-
Copy full SHA for 03712dd - Browse repository at this point
Copy the full SHA 03712ddView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3555473 - Browse repository at this point
Copy the full SHA 3555473View commit details -
Configuration menu - View commit details
-
Copy full SHA for 93eae27 - Browse repository at this point
Copy the full SHA 93eae27View commit details -
Make validation interface capable of signalling header presync
This makes a number of changes: - Get rid of the verification_progress argument in the node interface NotifyHeaderTip (it was always 0.0). - Instead of passing a CBlockIndex* in the UI interface's NotifyHeaderTip, send separate height, timestamp fields. This is becuase in headers presync, no actual CBlockIndex object is available. - Add a bool presync argument to both of the above, to identify signals pertaining to the first headers sync phase.
Configuration menu - View commit details
-
Copy full SHA for 376086f - Browse repository at this point
Copy the full SHA 376086fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 738421c - Browse repository at this point
Copy the full SHA 738421cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3add234 - Browse repository at this point
Copy the full SHA 3add234View commit details