monero/contrib/epee/include/net/net_utils_base.h

478 lines
19 KiB
C
Raw Normal View History

// Copyright (c) 2006-2013, Andrey N. Sabelnikov, www.sabelnikov.net
2014-03-03 15:07:58 -07:00
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above copyright
// notice, this list of conditions and the following disclaimer in the
// documentation and/or other materials provided with the distribution.
// * Neither the name of the Andrey N. Sabelnikov nor the
// names of its contributors may be used to endorse or promote products
// derived from this software without specific prior written permission.
2014-07-23 07:03:52 -06:00
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER BE LIABLE FOR ANY
// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2014-07-23 07:03:52 -06:00
//
2014-03-03 15:07:58 -07:00
#ifndef _NET_UTILS_BASE_H_
#define _NET_UTILS_BASE_H_
#include <boost/uuid/uuid.hpp>
#include <boost/asio/io_service.hpp>
#include <boost/asio/ip/address_v6.hpp>
#include <typeinfo>
#include <type_traits>
#include "enums.h"
#include "serialization/keyvalue_serialization.h"
Change logging to easylogging++ This replaces the epee and data_loggers logging systems with a single one, and also adds filename:line and explicit severity levels. Categories may be defined, and logging severity set by category (or set of categories). epee style 0-4 log level maps to a sensible severity configuration. Log files now also rotate when reaching 100 MB. To select which logs to output, use the MONERO_LOGS environment variable, with a comma separated list of categories (globs are supported), with their requested severity level after a colon. If a log matches more than one such setting, the last one in the configuration string applies. A few examples: This one is (mostly) silent, only outputting fatal errors: MONERO_LOGS=*:FATAL This one is very verbose: MONERO_LOGS=*:TRACE This one is totally silent (logwise): MONERO_LOGS="" This one outputs all errors and warnings, except for the "verify" category, which prints just fatal errors (the verify category is used for logs about incoming transactions and blocks, and it is expected that some/many will fail to verify, hence we don't want the spam): MONERO_LOGS=*:WARNING,verify:FATAL Log levels are, in decreasing order of priority: FATAL, ERROR, WARNING, INFO, DEBUG, TRACE Subcategories may be added using prefixes and globs. This example will output net.p2p logs at the TRACE level, but all other net* logs only at INFO: MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE Logs which are intended for the user (which Monero was using a lot through epee, but really isn't a nice way to go things) should use the "global" category. There are a few helper macros for using this category, eg: MGINFO("this shows up by default") or MGINFO_RED("this is red"), to try to keep a similar look and feel for now. Existing epee log macros still exist, and map to the new log levels, but since they're used as a "user facing" UI element as much as a logging system, they often don't map well to log severities (ie, a log level 0 log may be an error, or may be something we want the user to see, such as an important info). In those cases, I tried to use the new macros. In other cases, I left the existing macros in. When modifying logs, it is probably best to switch to the new macros with explicit levels. The --log-level options and set_log commands now also accept category settings, in addition to the epee style log levels.
2017-01-01 09:34:23 -07:00
#include "misc_log_ex.h"
#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "net"
2014-03-03 15:07:58 -07:00
#ifndef MAKE_IP
2019-03-29 04:47:53 -06:00
#define MAKE_IP( a1, a2, a3, a4 ) (a1|(a2<<8)|(a3<<16)|(((uint32_t)a4)<<24))
2014-03-03 15:07:58 -07:00
#endif
#if BOOST_VERSION >= 107000
#define GET_IO_SERVICE(s) ((boost::asio::io_context&)(s).get_executor().context())
#else
#define GET_IO_SERVICE(s) ((s).get_io_service())
#endif
namespace net
{
class tor_address;
2019-01-21 09:50:03 -07:00
class i2p_address;
}
2014-03-03 15:07:58 -07:00
namespace epee
{
namespace net_utils
{
class ipv4_network_address
{
uint32_t m_ip;
uint16_t m_port;
public:
constexpr ipv4_network_address() noexcept
: ipv4_network_address(0, 0)
{}
constexpr ipv4_network_address(uint32_t ip, uint16_t port) noexcept
: m_ip(ip), m_port(port) {}
bool equal(const ipv4_network_address& other) const noexcept;
bool less(const ipv4_network_address& other) const noexcept;
constexpr bool is_same_host(const ipv4_network_address& other) const noexcept
{ return ip() == other.ip(); }
constexpr uint32_t ip() const noexcept { return m_ip; }
constexpr uint16_t port() const noexcept { return m_port; }
std::string str() const;
std::string host_str() const;
bool is_loopback() const;
bool is_local() const;
static constexpr address_type get_type_id() noexcept { return address_type::ipv4; }
static constexpr zone get_zone() noexcept { return zone::public_; }
static constexpr bool is_blockable() noexcept { return true; }
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(m_ip)
KV_SERIALIZE(m_port)
END_KV_SERIALIZE_MAP()
};
inline bool operator==(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
{ return lhs.equal(rhs); }
inline bool operator!=(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
{ return !lhs.equal(rhs); }
inline bool operator<(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
{ return lhs.less(rhs); }
inline bool operator<=(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
{ return !rhs.less(lhs); }
inline bool operator>(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
{ return rhs.less(lhs); }
inline bool operator>=(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
{ return !lhs.less(rhs); }
2019-03-29 04:47:53 -06:00
class ipv4_network_subnet
{
uint32_t m_ip;
uint8_t m_mask;
public:
constexpr ipv4_network_subnet() noexcept
: ipv4_network_subnet(0, 0)
{}
constexpr ipv4_network_subnet(uint32_t ip, uint8_t mask) noexcept
: m_ip(ip), m_mask(mask) {}
bool equal(const ipv4_network_subnet& other) const noexcept;
bool less(const ipv4_network_subnet& other) const noexcept;
constexpr bool is_same_host(const ipv4_network_subnet& other) const noexcept
{ return subnet() == other.subnet(); }
bool matches(const ipv4_network_address &address) const;
constexpr uint32_t subnet() const noexcept { return m_ip & ~(0xffffffffull << m_mask); }
std::string str() const;
std::string host_str() const;
bool is_loopback() const;
bool is_local() const;
static constexpr address_type get_type_id() noexcept { return address_type::invalid; }
static constexpr zone get_zone() noexcept { return zone::public_; }
static constexpr bool is_blockable() noexcept { return true; }
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(m_ip)
KV_SERIALIZE(m_mask)
END_KV_SERIALIZE_MAP()
};
inline bool operator==(const ipv4_network_subnet& lhs, const ipv4_network_subnet& rhs) noexcept
{ return lhs.equal(rhs); }
inline bool operator!=(const ipv4_network_subnet& lhs, const ipv4_network_subnet& rhs) noexcept
{ return !lhs.equal(rhs); }
inline bool operator<(const ipv4_network_subnet& lhs, const ipv4_network_subnet& rhs) noexcept
{ return lhs.less(rhs); }
inline bool operator<=(const ipv4_network_subnet& lhs, const ipv4_network_subnet& rhs) noexcept
{ return !rhs.less(lhs); }
inline bool operator>(const ipv4_network_subnet& lhs, const ipv4_network_subnet& rhs) noexcept
{ return rhs.less(lhs); }
inline bool operator>=(const ipv4_network_subnet& lhs, const ipv4_network_subnet& rhs) noexcept
{ return !lhs.less(rhs); }
class ipv6_network_address
{
protected:
boost::asio::ip::address_v6 m_address;
uint16_t m_port;
public:
ipv6_network_address()
: ipv6_network_address(boost::asio::ip::address_v6::loopback(), 0)
{}
ipv6_network_address(const boost::asio::ip::address_v6& ip, uint16_t port)
: m_address(ip), m_port(port)
{
}
bool equal(const ipv6_network_address& other) const noexcept;
bool less(const ipv6_network_address& other) const noexcept;
bool is_same_host(const ipv6_network_address& other) const noexcept
{ return m_address == other.m_address; }
boost::asio::ip::address_v6 ip() const noexcept { return m_address; }
uint16_t port() const noexcept { return m_port; }
std::string str() const;
std::string host_str() const;
bool is_loopback() const;
bool is_local() const;
static constexpr address_type get_type_id() noexcept { return address_type::ipv6; }
static constexpr zone get_zone() noexcept { return zone::public_; }
static constexpr bool is_blockable() noexcept { return true; }
static const uint8_t ID = 2;
BEGIN_KV_SERIALIZE_MAP()
boost::asio::ip::address_v6::bytes_type bytes = this_ref.m_address.to_bytes();
epee::serialization::selector<is_store>::serialize_t_val_as_blob(bytes, stg, hparent_section, "addr");
const_cast<boost::asio::ip::address_v6&>(this_ref.m_address) = boost::asio::ip::address_v6(bytes);
KV_SERIALIZE(m_port)
END_KV_SERIALIZE_MAP()
};
inline bool operator==(const ipv6_network_address& lhs, const ipv6_network_address& rhs) noexcept
{ return lhs.equal(rhs); }
inline bool operator!=(const ipv6_network_address& lhs, const ipv6_network_address& rhs) noexcept
{ return !lhs.equal(rhs); }
inline bool operator<(const ipv6_network_address& lhs, const ipv6_network_address& rhs) noexcept
{ return lhs.less(rhs); }
inline bool operator<=(const ipv6_network_address& lhs, const ipv6_network_address& rhs) noexcept
{ return !rhs.less(lhs); }
inline bool operator>(const ipv6_network_address& lhs, const ipv6_network_address& rhs) noexcept
{ return rhs.less(lhs); }
inline bool operator>=(const ipv6_network_address& lhs, const ipv6_network_address& rhs) noexcept
{ return !lhs.less(rhs); }
class network_address
{
struct interface
{
virtual ~interface() {};
virtual bool equal(const interface&) const = 0;
virtual bool less(const interface&) const = 0;
virtual bool is_same_host(const interface&) const = 0;
virtual std::string str() const = 0;
virtual std::string host_str() const = 0;
virtual bool is_loopback() const = 0;
virtual bool is_local() const = 0;
virtual address_type get_type_id() const = 0;
virtual zone get_zone() const = 0;
virtual bool is_blockable() const = 0;
};
template<typename T>
struct implementation final : interface
{
T value;
implementation(const T& src) : value(src) {}
~implementation() = default;
// Type-checks for cast are done in cpp
static const T& cast(const interface& src) noexcept
{ return static_cast<const implementation<T>&>(src).value; }
virtual bool equal(const interface& other) const override
{ return value.equal(cast(other)); }
virtual bool less(const interface& other) const override
{ return value.less(cast(other)); }
virtual bool is_same_host(const interface& other) const override
{ return value.is_same_host(cast(other)); }
virtual std::string str() const override { return value.str(); }
virtual std::string host_str() const override { return value.host_str(); }
virtual bool is_loopback() const override { return value.is_loopback(); }
virtual bool is_local() const override { return value.is_local(); }
virtual address_type get_type_id() const override { return value.get_type_id(); }
virtual zone get_zone() const override { return value.get_zone(); }
virtual bool is_blockable() const override { return value.is_blockable(); }
};
std::shared_ptr<interface> self;
template<typename Type>
Type& as_mutable() const
{
// types `implmentation<Type>` and `implementation<const Type>` are unique
using Type_ = typename std::remove_const<Type>::type;
network_address::interface* const self_ = self.get(); // avoid clang warning in typeid
if (!self_ || typeid(implementation<Type_>) != typeid(*self_))
throw std::bad_cast{};
return static_cast<implementation<Type_>*>(self_)->value;
}
template<typename T, typename t_storage>
bool serialize_addr(std::false_type, t_storage& stg, typename t_storage::hsection hparent)
{
T addr{};
if (!epee::serialization::selector<false>::serialize(addr, stg, hparent, "addr"))
return false;
*this = std::move(addr);
return true;
}
template<typename T, typename t_storage>
bool serialize_addr(std::true_type, t_storage& stg, typename t_storage::hsection hparent) const
{
return epee::serialization::selector<true>::serialize(as<T>(), stg, hparent, "addr");
}
public:
network_address() : self(nullptr) {}
template<typename T>
network_address(const T& src)
: self(std::make_shared<implementation<T>>(src)) {}
bool equal(const network_address &other) const;
bool less(const network_address &other) const;
bool is_same_host(const network_address &other) const;
std::string str() const { return self ? self->str() : "<none>"; }
std::string host_str() const { return self ? self->host_str() : "<none>"; }
bool is_loopback() const { return self ? self->is_loopback() : false; }
bool is_local() const { return self ? self->is_local() : false; }
address_type get_type_id() const { return self ? self->get_type_id() : address_type::invalid; }
zone get_zone() const { return self ? self->get_zone() : zone::invalid; }
bool is_blockable() const { return self ? self->is_blockable() : false; }
template<typename Type> const Type &as() const { return as_mutable<const Type>(); }
BEGIN_KV_SERIALIZE_MAP()
2019-01-21 09:50:03 -07:00
// need to `#include "net/[i2p|tor]_address.h"` when serializing `network_address`
static constexpr std::integral_constant<bool, is_store> is_store_{};
std::uint8_t type = std::uint8_t(is_store ? this_ref.get_type_id() : address_type::invalid);
if (!epee::serialization::selector<is_store>::serialize(type, stg, hparent_section, "type"))
return false;
switch (address_type(type))
{
case address_type::ipv4:
return this_ref.template serialize_addr<ipv4_network_address>(is_store_, stg, hparent_section);
case address_type::ipv6:
return this_ref.template serialize_addr<ipv6_network_address>(is_store_, stg, hparent_section);
case address_type::tor:
return this_ref.template serialize_addr<net::tor_address>(is_store_, stg, hparent_section);
2019-01-21 09:50:03 -07:00
case address_type::i2p:
return this_ref.template serialize_addr<net::i2p_address>(is_store_, stg, hparent_section);
case address_type::invalid:
default:
break;
}
MERROR("Unsupported network address type: " << (unsigned)type);
return false;
END_KV_SERIALIZE_MAP()
};
inline bool operator==(const network_address& lhs, const network_address& rhs)
{ return lhs.equal(rhs); }
inline bool operator!=(const network_address& lhs, const network_address& rhs)
{ return !lhs.equal(rhs); }
inline bool operator<(const network_address& lhs, const network_address& rhs)
{ return lhs.less(rhs); }
inline bool operator<=(const network_address& lhs, const network_address& rhs)
{ return !rhs.less(lhs); }
inline bool operator>(const network_address& lhs, const network_address& rhs)
{ return rhs.less(lhs); }
inline bool operator>=(const network_address& lhs, const network_address& rhs)
{ return !lhs.less(rhs); }
2014-03-03 15:07:58 -07:00
/************************************************************************/
/* */
/************************************************************************/
struct connection_context_base
{
const boost::uuids::uuid m_connection_id;
const network_address m_remote_address;
2014-03-20 05:46:11 -06:00
const bool m_is_income;
const time_t m_started;
const bool m_ssl;
2014-03-20 05:46:11 -06:00
time_t m_last_recv;
time_t m_last_send;
uint64_t m_recv_cnt;
uint64_t m_send_cnt;
double m_current_speed_down;
double m_current_speed_up;
double m_max_speed_down;
double m_max_speed_up;
2014-03-03 15:07:58 -07:00
2014-05-25 11:06:40 -06:00
connection_context_base(boost::uuids::uuid connection_id,
epee: add SSL support RPC connections now have optional tranparent SSL. An optional private key and certificate file can be passed, using the --{rpc,daemon}-ssl-private-key and --{rpc,daemon}-ssl-certificate options. Those have as argument a path to a PEM format private private key and certificate, respectively. If not given, a temporary self signed certificate will be used. SSL can be enabled or disabled using --{rpc}-ssl, which accepts autodetect (default), disabled or enabled. Access can be restricted to particular certificates using the --rpc-ssl-allowed-certificates, which takes a list of paths to PEM encoded certificates. This can allow a wallet to connect to only the daemon they think they're connected to, by forcing SSL and listing the paths to the known good certificates. To generate long term certificates: openssl genrsa -out /tmp/KEY 4096 openssl req -new -key /tmp/KEY -out /tmp/REQ openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT /tmp/KEY is the private key, and /tmp/CERT is the certificate, both in PEM format. /tmp/REQ can be removed. Adjust the last command to set expiration date, etc, as needed. It doesn't make a whole lot of sense for monero anyway, since most servers will run with one time temporary self signed certificates anyway. SSL support is transparent, so all communication is done on the existing ports, with SSL autodetection. This means you can start using an SSL daemon now, but you should not enforce SSL yet or nothing will talk to you.
2018-06-14 16:44:48 -06:00
const network_address &remote_address, bool is_income, bool ssl,
2014-05-25 11:06:40 -06:00
time_t last_recv = 0, time_t last_send = 0,
uint64_t recv_cnt = 0, uint64_t send_cnt = 0):
2014-03-03 15:07:58 -07:00
m_connection_id(connection_id),
m_remote_address(remote_address),
2014-03-20 05:46:11 -06:00
m_is_income(is_income),
2014-05-25 11:06:40 -06:00
m_started(time(NULL)),
epee: add SSL support RPC connections now have optional tranparent SSL. An optional private key and certificate file can be passed, using the --{rpc,daemon}-ssl-private-key and --{rpc,daemon}-ssl-certificate options. Those have as argument a path to a PEM format private private key and certificate, respectively. If not given, a temporary self signed certificate will be used. SSL can be enabled or disabled using --{rpc}-ssl, which accepts autodetect (default), disabled or enabled. Access can be restricted to particular certificates using the --rpc-ssl-allowed-certificates, which takes a list of paths to PEM encoded certificates. This can allow a wallet to connect to only the daemon they think they're connected to, by forcing SSL and listing the paths to the known good certificates. To generate long term certificates: openssl genrsa -out /tmp/KEY 4096 openssl req -new -key /tmp/KEY -out /tmp/REQ openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT /tmp/KEY is the private key, and /tmp/CERT is the certificate, both in PEM format. /tmp/REQ can be removed. Adjust the last command to set expiration date, etc, as needed. It doesn't make a whole lot of sense for monero anyway, since most servers will run with one time temporary self signed certificates anyway. SSL support is transparent, so all communication is done on the existing ports, with SSL autodetection. This means you can start using an SSL daemon now, but you should not enforce SSL yet or nothing will talk to you.
2018-06-14 16:44:48 -06:00
m_ssl(ssl),
2014-03-20 05:46:11 -06:00
m_last_recv(last_recv),
m_last_send(last_send),
m_recv_cnt(recv_cnt),
m_send_cnt(send_cnt),
m_current_speed_down(0),
m_current_speed_up(0),
m_max_speed_down(0),
m_max_speed_up(0)
2014-03-03 15:07:58 -07:00
{}
connection_context_base(): m_connection_id(),
m_remote_address(),
2014-03-20 05:46:11 -06:00
m_is_income(false),
2014-05-25 11:06:40 -06:00
m_started(time(NULL)),
epee: add SSL support RPC connections now have optional tranparent SSL. An optional private key and certificate file can be passed, using the --{rpc,daemon}-ssl-private-key and --{rpc,daemon}-ssl-certificate options. Those have as argument a path to a PEM format private private key and certificate, respectively. If not given, a temporary self signed certificate will be used. SSL can be enabled or disabled using --{rpc}-ssl, which accepts autodetect (default), disabled or enabled. Access can be restricted to particular certificates using the --rpc-ssl-allowed-certificates, which takes a list of paths to PEM encoded certificates. This can allow a wallet to connect to only the daemon they think they're connected to, by forcing SSL and listing the paths to the known good certificates. To generate long term certificates: openssl genrsa -out /tmp/KEY 4096 openssl req -new -key /tmp/KEY -out /tmp/REQ openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT /tmp/KEY is the private key, and /tmp/CERT is the certificate, both in PEM format. /tmp/REQ can be removed. Adjust the last command to set expiration date, etc, as needed. It doesn't make a whole lot of sense for monero anyway, since most servers will run with one time temporary self signed certificates anyway. SSL support is transparent, so all communication is done on the existing ports, with SSL autodetection. This means you can start using an SSL daemon now, but you should not enforce SSL yet or nothing will talk to you.
2018-06-14 16:44:48 -06:00
m_ssl(false),
2014-03-20 05:46:11 -06:00
m_last_recv(0),
m_last_send(0),
m_recv_cnt(0),
m_send_cnt(0),
m_current_speed_down(0),
m_current_speed_up(0),
m_max_speed_down(0),
m_max_speed_up(0)
2014-03-03 15:07:58 -07:00
{}
connection_context_base(const connection_context_base& a): connection_context_base()
{
set_details(a.m_connection_id, a.m_remote_address, a.m_is_income, a.m_ssl);
}
2014-03-03 15:07:58 -07:00
connection_context_base& operator=(const connection_context_base& a)
{
epee: add SSL support RPC connections now have optional tranparent SSL. An optional private key and certificate file can be passed, using the --{rpc,daemon}-ssl-private-key and --{rpc,daemon}-ssl-certificate options. Those have as argument a path to a PEM format private private key and certificate, respectively. If not given, a temporary self signed certificate will be used. SSL can be enabled or disabled using --{rpc}-ssl, which accepts autodetect (default), disabled or enabled. Access can be restricted to particular certificates using the --rpc-ssl-allowed-certificates, which takes a list of paths to PEM encoded certificates. This can allow a wallet to connect to only the daemon they think they're connected to, by forcing SSL and listing the paths to the known good certificates. To generate long term certificates: openssl genrsa -out /tmp/KEY 4096 openssl req -new -key /tmp/KEY -out /tmp/REQ openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT /tmp/KEY is the private key, and /tmp/CERT is the certificate, both in PEM format. /tmp/REQ can be removed. Adjust the last command to set expiration date, etc, as needed. It doesn't make a whole lot of sense for monero anyway, since most servers will run with one time temporary self signed certificates anyway. SSL support is transparent, so all communication is done on the existing ports, with SSL autodetection. This means you can start using an SSL daemon now, but you should not enforce SSL yet or nothing will talk to you.
2018-06-14 16:44:48 -06:00
set_details(a.m_connection_id, a.m_remote_address, a.m_is_income, a.m_ssl);
2014-03-03 15:07:58 -07:00
return *this;
}
private:
template<class t_protocol_handler>
friend class connection;
epee: add SSL support RPC connections now have optional tranparent SSL. An optional private key and certificate file can be passed, using the --{rpc,daemon}-ssl-private-key and --{rpc,daemon}-ssl-certificate options. Those have as argument a path to a PEM format private private key and certificate, respectively. If not given, a temporary self signed certificate will be used. SSL can be enabled or disabled using --{rpc}-ssl, which accepts autodetect (default), disabled or enabled. Access can be restricted to particular certificates using the --rpc-ssl-allowed-certificates, which takes a list of paths to PEM encoded certificates. This can allow a wallet to connect to only the daemon they think they're connected to, by forcing SSL and listing the paths to the known good certificates. To generate long term certificates: openssl genrsa -out /tmp/KEY 4096 openssl req -new -key /tmp/KEY -out /tmp/REQ openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT /tmp/KEY is the private key, and /tmp/CERT is the certificate, both in PEM format. /tmp/REQ can be removed. Adjust the last command to set expiration date, etc, as needed. It doesn't make a whole lot of sense for monero anyway, since most servers will run with one time temporary self signed certificates anyway. SSL support is transparent, so all communication is done on the existing ports, with SSL autodetection. This means you can start using an SSL daemon now, but you should not enforce SSL yet or nothing will talk to you.
2018-06-14 16:44:48 -06:00
void set_details(boost::uuids::uuid connection_id, const network_address &remote_address, bool is_income, bool ssl)
2014-03-03 15:07:58 -07:00
{
this->~connection_context_base();
epee: add SSL support RPC connections now have optional tranparent SSL. An optional private key and certificate file can be passed, using the --{rpc,daemon}-ssl-private-key and --{rpc,daemon}-ssl-certificate options. Those have as argument a path to a PEM format private private key and certificate, respectively. If not given, a temporary self signed certificate will be used. SSL can be enabled or disabled using --{rpc}-ssl, which accepts autodetect (default), disabled or enabled. Access can be restricted to particular certificates using the --rpc-ssl-allowed-certificates, which takes a list of paths to PEM encoded certificates. This can allow a wallet to connect to only the daemon they think they're connected to, by forcing SSL and listing the paths to the known good certificates. To generate long term certificates: openssl genrsa -out /tmp/KEY 4096 openssl req -new -key /tmp/KEY -out /tmp/REQ openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT /tmp/KEY is the private key, and /tmp/CERT is the certificate, both in PEM format. /tmp/REQ can be removed. Adjust the last command to set expiration date, etc, as needed. It doesn't make a whole lot of sense for monero anyway, since most servers will run with one time temporary self signed certificates anyway. SSL support is transparent, so all communication is done on the existing ports, with SSL autodetection. This means you can start using an SSL daemon now, but you should not enforce SSL yet or nothing will talk to you.
2018-06-14 16:44:48 -06:00
new(this) connection_context_base(connection_id, remote_address, is_income, ssl);
2014-03-03 15:07:58 -07:00
}
};
/************************************************************************/
/* */
/************************************************************************/
struct i_service_endpoint
{
virtual bool do_send(const void* ptr, size_t cb)=0;
virtual bool close()=0;
virtual bool send_done()=0;
2014-03-03 15:07:58 -07:00
virtual bool call_run_once_service_io()=0;
virtual bool request_callback()=0;
virtual boost::asio::io_service& get_io_service()=0;
//protect from deletion connection object(with protocol instance) during external call "invoke"
virtual bool add_ref()=0;
virtual bool release()=0;
protected:
virtual ~i_service_endpoint() noexcept(false) {}
2014-03-03 15:07:58 -07:00
};
//some helpers
std::string print_connection_context(const connection_context_base& ctx);
std::string print_connection_context_short(const connection_context_base& ctx);
2014-03-03 15:07:58 -07:00
Change logging to easylogging++ This replaces the epee and data_loggers logging systems with a single one, and also adds filename:line and explicit severity levels. Categories may be defined, and logging severity set by category (or set of categories). epee style 0-4 log level maps to a sensible severity configuration. Log files now also rotate when reaching 100 MB. To select which logs to output, use the MONERO_LOGS environment variable, with a comma separated list of categories (globs are supported), with their requested severity level after a colon. If a log matches more than one such setting, the last one in the configuration string applies. A few examples: This one is (mostly) silent, only outputting fatal errors: MONERO_LOGS=*:FATAL This one is very verbose: MONERO_LOGS=*:TRACE This one is totally silent (logwise): MONERO_LOGS="" This one outputs all errors and warnings, except for the "verify" category, which prints just fatal errors (the verify category is used for logs about incoming transactions and blocks, and it is expected that some/many will fail to verify, hence we don't want the spam): MONERO_LOGS=*:WARNING,verify:FATAL Log levels are, in decreasing order of priority: FATAL, ERROR, WARNING, INFO, DEBUG, TRACE Subcategories may be added using prefixes and globs. This example will output net.p2p logs at the TRACE level, but all other net* logs only at INFO: MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE Logs which are intended for the user (which Monero was using a lot through epee, but really isn't a nice way to go things) should use the "global" category. There are a few helper macros for using this category, eg: MGINFO("this shows up by default") or MGINFO_RED("this is red"), to try to keep a similar look and feel for now. Existing epee log macros still exist, and map to the new log levels, but since they're used as a "user facing" UI element as much as a logging system, they often don't map well to log severities (ie, a log level 0 log may be an error, or may be something we want the user to see, such as an important info). In those cases, I tried to use the new macros. In other cases, I left the existing macros in. When modifying logs, it is probably best to switch to the new macros with explicit levels. The --log-level options and set_log commands now also accept category settings, in addition to the epee style log levels.
2017-01-01 09:34:23 -07:00
inline MAKE_LOGGABLE(connection_context_base, ct, os)
{
os << "[" << epee::net_utils::print_connection_context_short(ct) << "] ";
return os;
}
#define LOG_ERROR_CC(ct, message) MERROR(ct << message)
#define LOG_WARNING_CC(ct, message) MWARNING(ct << message)
#define LOG_INFO_CC(ct, message) MINFO(ct << message)
#define LOG_DEBUG_CC(ct, message) MDEBUG(ct << message)
#define LOG_TRACE_CC(ct, message) MTRACE(ct << message)
#define LOG_CC(level, ct, message) MLOG(level, ct << message)
#define LOG_PRINT_CC_L0(ct, message) LOG_PRINT_L0(ct << message)
#define LOG_PRINT_CC_L1(ct, message) LOG_PRINT_L1(ct << message)
#define LOG_PRINT_CC_L2(ct, message) LOG_PRINT_L2(ct << message)
#define LOG_PRINT_CC_L3(ct, message) LOG_PRINT_L3(ct << message)
#define LOG_PRINT_CC_L4(ct, message) LOG_PRINT_L4(ct << message)
2014-03-03 15:07:58 -07:00
#define LOG_PRINT_CCONTEXT_L0(message) LOG_PRINT_CC_L0(context, message)
#define LOG_PRINT_CCONTEXT_L1(message) LOG_PRINT_CC_L1(context, message)
#define LOG_PRINT_CCONTEXT_L2(message) LOG_PRINT_CC_L2(context, message)
#define LOG_PRINT_CCONTEXT_L3(message) LOG_PRINT_CC_L3(context, message)
#define LOG_ERROR_CCONTEXT(message) LOG_ERROR_CC(context, message)
#define CHECK_AND_ASSERT_MES_CC(condition, return_val, err_message) CHECK_AND_ASSERT_MES(condition, return_val, "[" << epee::net_utils::print_connection_context_short(context) << "]" << err_message)
}
}
#endif //_NET_UTILS_BASE_H_