Since v2 and v1 blocks will be rejected at exactly the same time,
only check for supermajority once to save 2000 iterations over
blockheaders per block.
Also moves the version check to AcceptBlockHeader() rather than
AcceptBlock() to be able to reject early on.
Backport of #1225 to 1.8.x, sets:
- majority window to 2000 blocks on mainnet, 1000 on testnet
- enforcement triggers to 1500 on mainnet, 501 on testnet
- reject triggers to 1900 on mainnet, 750 on testnet
Because CBlockIndex::IsSuperMajority was disabled since 1.5, we cannot
enforce version 1 block rejection on the live chains with a v2 supermajority.
Instead, we piggyback the version 3 supermajority switch to also enforce the
version 2 softfork and all is good.
This has been disabled since 1.5 for unclear reasons, but we need it
for the bip66 softfork in 1.10 that is backported here. This commit
re-enables the logic.
1.8.3 backport
This change makes a node only accept transactions with low-s
signature encoding for relay and mining, but allows transactions
with high-s signature encoding in mined blocks (no blocks will
be rejected)
Give each address a single fixed location in the new and tried tables,
which become simple fixed-size arrays instead of sets and vectors.
This prevents attackers from having an advantages by inserting an
address multiple times.
This change was suggested as Countermeasure 1 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
It is also more efficient.
Rebased-From: e6b343d880
Github-Pull: #5941
Conflicts:
src/addrman.cpp
src/addrman.h
- the call to CloseSocket() is placed after the WSAGetLastError(), because
a CloseSocket() can trigger an error also, which we don't want for the
logging in this two cases
Simpler alternative to #4348.
The current setup with closesocket() is strange. It poses
as a compatibility wrapper but adds functionality.
Rename it and make it a documented utility function in netbase.
Code movement only, zero effect on the functionality.
This adds a -whitelist option to specify subnet ranges from which peers
that connect are whitelisted. In addition, there is a -whitebind option
which works like -bind, except peers connecting to it are also
whitelisted (allowing a separate listen port for trusted connections).
Being whitelisted has two effects (for now):
* They are immune to DoS disconnection/banning.
* Transactions they broadcast (which are valid) are always relayed,
even if they were already in the mempool. This means that a node
can function as a gateway for a local network, and that rebroadcasts
from the local network will work as expected.
Whitelisting replaces the magic exemption localhost had for DoS
disconnection (local addresses are still never banned, though), which
implied hidden service connects (from a localhost Tor node) were
incorrectly immune to DoS disconnection as well. This old
behaviour is removed for that reason, but can be restored using
-whitelist=127.0.0.1 or -whitelist=::1 can be specified. -whitebind
is safer to use in case non-trusted localhost connections are expected
(like hidden services).
- SO_NOSIGPIPE isn't available on WIN32 so merge the 2 non-WIN32 blocks
- use predefined names from header for IPV6_PROTECTION_LEVEL and
PROTECTION_LEVEL_UNRESTRICTED
... instead of after 30 minutes of no sending, for latency measurement
and keep-alive. Also, disconnect if no reply arrives within 20 minutes,
instead of 90 of inactivity (for peers supporting the 'pong' message).
