- 12 2月, 2018 1 次提交
-
-
由 Felix Lange 提交于
* p2p: add DialRatio for configuration of inbound vs. dialed connections * p2p: add connection flags to PeerInfo * p2p/netutil: add SameNet, DistinctNetSet * p2p/discover: improve revalidation and seeding This changes node revalidation to be periodic instead of on-demand. This should prevent issues where dead nodes get stuck in closer buckets because no other node will ever come along to replace them. Every 5 seconds (on average), the last node in a random bucket is checked and moved to the front of the bucket if it is still responding. If revalidation fails, the last node is replaced by an entry of the 'replacement list' containing recently-seen nodes. Most close buckets are removed because it's very unlikely we'll ever encounter a node that would fall into any of those buckets. Table seeding is also improved: we now require a few minutes of table membership before considering a node as a potential seed node. This should make it less likely to store short-lived nodes as potential seeds. * p2p/discover: fix nits in UDP transport We would skip sending neighbors replies if there were fewer than maxNeighbors results and CheckRelayIP returned an error for the last one. While here, also resolve a TODO about pong reply tokens.
-
- 22 1月, 2018 1 次提交
-
-
由 Felföldi Zsolt 提交于
This commit affects p2p/discv5 "topic discovery" by running it on the same UDP port where the old discovery works. This is realized by giving an "unhandled" packet channel to the old v4 discovery packet handler where all invalid packets are sent. These packets are then processed by v5. v5 packets are always invalid when interpreted by v4 and vice versa. This is ensured by adding one to the first byte of the packet hash in v5 packets. DiscoveryV5Bootnodes is also changed to point to new bootnodes that are implementing the changed packet format with modified hash. Existing and new v5 bootnodes are both running on different ports ATM.
-
- 07 1月, 2017 1 次提交
-
-
由 Péter Szilágyi 提交于
-
- 15 12月, 2016 1 次提交
-
-
由 Péter Szilágyi 提交于
-
- 23 11月, 2016 3 次提交
-
-
由 Felix Lange 提交于
The p2p packages can now be configured to restrict all communication to a certain subset of IP networks. This feature is meant to be used for private networks.
-
由 Felix Lange 提交于
The discovery DHT contains a number of hosts with LAN and loopback IPs. These get relayed because some implementations do not perform any checks on the IP. go-ethereum already prevented relay in most cases because it verifies that the host actually exists before adding it to the local table. But this verification causes other issues. We have received several reports where people's VPSs got shut down by hosting providers because sending packets to random LAN hosts is indistinguishable from a slow port scan. The new check prevents sending random packets to LAN by discarding LAN IPs sent by Internet hosts (and loopback IPs from LAN and Internet hosts). The new check also blacklists almost all currently registered special-purpose networks assigned by IANA to avoid inciting random responses from services in the LAN. As another precaution against abuse of the DHT, ports below 1024 are now considered invalid.
-
由 Felix Lange 提交于
-
- 15 4月, 2016 1 次提交
-
-
由 Felix Lange 提交于
-
- 22 2月, 2016 1 次提交
-
-
As we aren't really using the standarized SHA-3
-
- 19 2月, 2016 1 次提交
-
-
由 Felix Lange 提交于
-
- 23 1月, 2016 1 次提交
-
-
由 Felix Lange 提交于
On Windows, UDPConn.ReadFrom returns an error for packets larger than the receive buffer. The error is not marked temporary, causing our loop to exit when the first oversized packet arrived. The fix is to treat this particular error as temporary. Fixes: #1579, #2087 Updates: #2082
-
- 18 12月, 2015 2 次提交
-
-
由 Felix Lange 提交于
The test expected the timeout to fire after a matcher for the response was added, but the timeout is random and fired sooner sometimes.
-
由 Felix Lange 提交于
-
- 27 11月, 2015 1 次提交
-
-
由 Péter Szilágyi 提交于
-
- 30 9月, 2015 1 次提交
-
-
由 Felix Lange 提交于
The strict matching can get in the way of protocol upgrades.
-
- 11 8月, 2015 2 次提交
-
-
由 Felix Lange 提交于
If the timeout fired (even just nanoseconds) before the deadline of the next pending reply, the timer was not rescheduled. The timer would've been rescheduled anyway once the next packet was sent, but there were cases where no next packet could ever be sent due to the locking issue fixed in the previous commit. As timing-related bugs go, this issue had been present for a long time and I could never reproduce it. The test added in this commit did reproduce the issue on about one out of 15 runs.
-
由 Felix Lange 提交于
Table.mutex was being held while waiting for a reply packet, which effectively made many parts of the whole stack block on that packet, including the net_peerCount RPC call.
-
- 24 7月, 2015 1 次提交
-
-
由 Felix Lange 提交于
I forgot to update one instance of "go-ethereum" in commit 3f047be5.
-
- 23 7月, 2015 1 次提交
-
-
由 Felix Lange 提交于
All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library".
-
- 07 7月, 2015 1 次提交
-
-
由 Felix Lange 提交于
-
- 10 6月, 2015 1 次提交
-
-
由 Felix Lange 提交于
-
- 14 5月, 2015 3 次提交
-
-
由 Felix Lange 提交于
The code assumed that Table.closest always returns at least 13 nodes. This is not true for small tables (e.g. during bootstrap).
-
由 subtly 提交于
-
由 subtly 提交于
-
- 12 5月, 2015 2 次提交
-
-
由 Bas van Kervel 提交于
-
由 Bas van Kervel 提交于
-
- 06 5月, 2015 1 次提交
-
-
由 Felix Lange 提交于
The previous metric was pubkey1^pubkey2, as specified in the Kademlia paper. We missed that EC public keys are not uniformly distributed. Using the hash of the public keys addresses that. It also makes it a bit harder to generate node IDs that are close to a particular node.
-
- 30 4月, 2015 2 次提交
-
-
由 Felix Lange 提交于
-
由 Felix Lange 提交于
This commit changes the discovery protocol to use the new "v4" endpoint format, which allows for separate UDP and TCP ports and makes it possible to discover the UDP address after NAT.
-
- 24 4月, 2015 3 次提交
-
-
由 Péter Szilágyi 提交于
-
由 Péter Szilágyi 提交于
-
由 Péter Szilágyi 提交于
-
- 01 4月, 2015 1 次提交
-
-
由 Felix Lange 提交于
This a fix for an attack vector where the discovery protocol could be used to amplify traffic in a DDOS attack. A malicious actor would send a findnode request with the IP address and UDP port of the target as the source address. The recipient of the findnode packet would then send a neighbors packet (which is 16x the size of findnode) to the victim. Our solution is to require a 'bond' with the sender of findnode. If no bond exists, the findnode packet is not processed. A bond between nodes α and β is created when α replies to a ping from β. This (initial) version of the bonding implementation might still be vulnerable against replay attacks during the expiration time window. We will add stricter source address validation later.
-
- 13 2月, 2015 1 次提交
-
-
由 Felix Lange 提交于
-
- 09 2月, 2015 1 次提交
-
-
由 Felix Lange 提交于
-
- 07 2月, 2015 1 次提交
-
-
由 Felix Lange 提交于
The discovery RPC protocol does not yet distinguish TCP and UDP ports. But it can't hurt to do so in our internal model.
-
- 06 2月, 2015 2 次提交
-
-
由 Felix Lange 提交于
-
由 Felix Lange 提交于
-