Commit Graph

109 Commits

Author SHA1 Message Date
j-berman 438554e1ab
properly terminate interrupted TCP connection. fixes #8685 2023-06-09 21:11:13 +02:00
j-berman a82fba4b7b address PR comments 2022-07-08 15:10:03 -07:00
anon 3be1dbd096 connection: fix implementation 2022-07-05 22:33:34 -07:00
Jeffrey 87ec36cacf Refactor out pragma_comp_defs
Relevant commits on the old cleanup PR:
36933c7f5c
21e43de0f3
3c678bb1ce
2022-04-18 09:55:21 -05:00
Jeffrey 17772ef53e Eliminate dependence on boost::interprocess #8223
In this repo, `boost::interprocess` was being used soley to make `uint32_t` operations atomic. So I replaced each instance of
`boost::interprocess::ipcdetail::atomic(...)32` with `std::atomic` methods. I replaced member declarations as applicable. For example,
when I needed to change a `volatile uint32_t` into a `std::atomic<uint32_t>`. Sometimes, a member was being used a boolean flag, so
I replaced it with `std::atomic<bool>`.

You may notice that I didn't touch `levin_client_async.h`. That is because this file is entirely unused and will be deleted in PR monero-project#8211.

Additional changes from review:
* Make some local variables const
* Change postfix operators to prefix operators where value was not need
2022-03-30 13:18:32 -05:00
mj-xmr dc81e23e60 Split epee/string_tools.h and encapsulate boost::lexical_cast 2021-04-16 20:54:20 +02:00
luigi1111 6e1b3d1e0b
Merge pull request #7274
daf023d epee: don't log raw packet data (moneromooo-monero)
2021-03-20 01:35:51 -04:00
luigi1111 9f6dcbd568
Merge pull request #7308
df2f00f boosted_tcp_server: fix connection lifetime (anon)
3833624 boosted_tcp_server: add segfault demo (anon)
2021-02-15 21:53:43 -05:00
mj-xmr dc48de74e8 Reduce compilation time of epee/portable_storage.h 2021-02-06 08:18:42 +01:00
anon df2f00f44d boosted_tcp_server: fix connection lifetime 2021-01-19 18:15:30 +01:00
moneromooo-monero daf023de6e
epee: don't log raw packet data 2021-01-03 14:41:01 +00:00
anon f7ab8bc6d4 ssl: buffered handshake detection 2020-12-28 14:25:37 +01:00
moneromooo-monero 95575cda6e
epee: fix some issues using connections after shutdown 2020-12-26 14:14:55 +00:00
Lee Clagett 7aeb503547 Fix boost <1.60 compilation and fix boost 1.73+ warnings 2020-05-31 21:18:11 -04:00
moneromooo-monero 352bd13254
abstract_tcp_server2: guard against negative timeouts 2019-12-16 18:24:52 +00:00
moneromooo-monero 3d649d528a
epee: close connection when the peer has done so
This fixes rapid reconnections failing as the peer hasn't yet
worked out the other side is gone, and will reject "duplicate"
connections until a timeout.
2019-11-11 20:05:24 +00:00
luigi1111 42d84ad35e
Merge pull request #6006
9f3be3b epee: use SO_REUSEADDR on non-Windows targets (xiphon)
2019-10-24 12:41:59 -05:00
xiphon 9f3be3baed epee: use SO_REUSEADDR on non-Windows targets 2019-10-22 18:40:01 +00:00
luigi1111 18f62f89d8
Merge pull request #5986
1080136 abstract_tcp_server2: move 'Trying to connect' from error to debug (moneromooo-monero)
2019-10-22 10:23:04 -05:00
luigi1111 8fcdf77d7b
Merge pull request #5947
c9cfbf7 epee: tcp server - set SO_LINGER instead of SO_REUSEADDR option (xiphon)
2019-10-14 20:04:02 -05:00
luigi1111 4118e4b1e9
Merge pull request #5937
4b654f6 abstract_tcp_server2: log pointer, not contents, where appropriate (moneromooo-monero)
2019-10-14 18:08:47 -05:00
moneromooo-monero 10801362f4
abstract_tcp_server2: move "Trying to connect" from error to debug
and fix the message grammar
2019-10-14 14:15:21 +00:00
xiphon c9cfbf7fb3 epee: tcp server - set SO_LINGER instead of SO_REUSEADDR option 2019-10-02 19:08:02 +00:00
luigi1111 15b9b4e047
Merge pull request #5910
1b91beb abstract_tcp_server2: fix lingering connections (moneromooo-monero)
2019-09-30 18:55:58 -05:00
luigi1111 c6430f9dd0
Merge pull request #5893
Coverity fixes [3a81639, 1bd962d, 2825f07, d099658, d46f701, cd57a10] (anonimal)
2019-09-30 18:43:48 -05:00
moneromooo-monero 4b654f65a3
abstract_tcp_server2: log pointer, not contents, where appropriate 2019-09-27 15:15:32 +00:00
moneromooo-monero 1b91bebd2e
abstract_tcp_server2: fix lingering connections
Resetting the timer after shutdown was initiated would keep
a reference to the object inside ASIO, which would keep the
connection alive until the timer timed out
2019-09-12 12:10:50 +00:00
Lee Clagett 73f22c48e1
depends: fix MacOS build with Clang 3.7.1 2019-09-08 22:49:11 +02:00
anonimal cd57a10c90
epee: abstract_tcp_server2: resolve CID 203919 (DC.WEAK_CRYPTO)
The problem actually exists in two parts:

1. When sending chunks over a connection, if the queue size is
greater than N, the seed is predictable across every monero node.

>"If rand() is used before any calls to srand(), rand() behaves as if
it was seeded with srand(1). Each time rand() is seeded with the same seed, it
must produce the same sequence of values."

2. The CID speaks for itself: "'rand' should not be used for security-related
applications, because linear congruential algorithms are too easy to break."

*But* this is an area of contention.

One could argue that a CSPRNG is warranted in order to fully mitigate any
potential timing attacks based on crafting chunk responses. Others could argue
that the existing LCG, or even an MTG, would suffice (if properly seeded). As a
compromise, I've used an MTG with a full bit space. This should give a healthy
balance of security and speed without relying on the existing crypto library
(which I'm told might break on some systems since epee is not (shouldn't be)
dependent upon the existing crypto library).
2019-09-08 01:14:39 +00:00
Lee Clagett 3b24b1d082 Added support for "noise" over I1P/Tor to mask Tx transmission. 2019-07-17 14:22:37 +00:00
Lee Clagett bdfc63ae4d Add ref-counted buffer byte_slice. Currently used for sending TCP data. 2019-07-16 16:30:35 +00:00
Thomas Winget 155475d971
Add IPv6 support
new cli options (RPC ones also apply to wallet):
  --p2p-bind-ipv6-address (default = "::")
  --p2p-bind-port-ipv6    (default same as ipv4 port for given nettype)
  --rpc-bind-ipv6-address (default = "::1")

  --p2p-use-ipv6          (default false)
  --rpc-use-ipv6          (default false)

  --p2p-require-ipv4      (default true, if ipv4 bind fails and this is
                           true, will not continue even if ipv6 bind
                           successful)
  --rpc-require-ipv4      (default true, description as above)

ipv6 addresses are to be specified as "[xx:xx:xx::xx:xx]:port" except
in the cases of the cli args for bind address.  For those the square
braces can be omitted.
2019-07-31 20:04:57 -04:00
luigi1111 38e0e58a95
Merge pull request #5531
9a6006b abstract_tcp_server2: move some things out of a lock (moneromooo-monero)
2019-07-24 14:08:52 -05:00
moneromooo-monero bc09766bf9
abstract_tcp_server2: improve DoS resistance 2019-06-14 08:47:26 +00:00
moneromooo-monero 9a6006bad8
abstract_tcp_server2: move some things out of a lock
The lock is meant for the network throttle object only,
and this should help coverity get unconfused
2019-05-10 14:18:11 +00:00
moneromooo-monero c3cf930f75
abstract_tcp_server2: fix timeout on exit
When closing connections due to exiting, the IO service is
already gone, so the data exchange needed for a gracious SSL
shutdown cannot happen. We just close the socket in that case.
2019-04-12 18:13:31 +00:00
moneromooo-monero 4b3bb829c2
epee: init a new ssl related variable in ctor 2019-04-11 11:10:15 +00:00
Lee Clagett 21eb1b0725 Pass SSL arguments via one class and use shared_ptr instead of reference 2019-04-07 00:44:37 -04:00
Lee Clagett a3b0284837 Change SSL certificate file list to OpenSSL builtin load_verify_location
Specifying SSL certificates for peer verification does an exact match,
making it a not-so-obvious alias for the fingerprints option. This
changes the checks to OpenSSL which loads concatenated certificate(s)
from a single file and does a certificate-authority (chain of trust)
check instead. There is no drop in security - a compromised exact match
fingerprint has the same worse case failure. There is increased security
in allowing separate long-term CA key and short-term SSL server keys.

This also removes loading of the system-default CA files if a custom
CA file or certificate fingerprint is specified.
2019-04-06 23:47:06 -04:00
Lee Clagett 7acfa9f3cc Added socks proxy (tor/i2pd/kovri) support to wallet 2019-03-25 01:35:13 +00:00
Riccardo Spagni f5d7652f73
Merge pull request #5283
16590294 abstract_tcp_server2: fix crashy race on socket shutdown (moneromooo-monero)
2019-03-21 14:53:03 +02:00
moneromooo-monero 17769db946
epee: fix build with boost 1.70.0
get_io_service was deprecated, and got removed
2019-03-21 11:02:02 +00:00
moneromooo-monero 1659029469
abstract_tcp_server2: fix crashy race on socket shutdown 2019-03-19 16:50:00 +00:00
Martijn Otto 057c279cb4
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-03-05 14:16:08 +01:00
Riccardo Spagni c83e80c263
Merge pull request #5162
4d3b61a3 Use io_service::work in epee tcp server (Lee Clagett)
2019-03-04 21:33:48 +02:00
Lee Clagett 4d3b61a31b Use io_service::work in epee tcp server 2019-02-10 13:40:32 -05:00
moneromooo-monero 2456945408
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-02-02 20:05:33 +00:00
Lee Clagett 973403bc9f Adding initial support for broadcasting transactions over Tor
- Support for ".onion" in --add-exclusive-node and --add-peer
  - Add --anonymizing-proxy for outbound Tor connections
  - Add --anonymous-inbounds for inbound Tor connections
  - Support for sharing ".onion" addresses over Tor connections
  - Support for broadcasting transactions received over RPC exclusively
    over Tor (else broadcast over public IP when Tor not enabled).
2019-01-28 23:56:33 +00:00
moneromooo-monero b750fb27b0
Pruning
The blockchain prunes seven eighths of prunable tx data.
This saves about two thirds of the blockchain size, while
keeping the node useful as a sync source for an eighth
of the blockchain.

No other data is currently pruned.

There are three ways to prune a blockchain:

- run monerod with --prune-blockchain
- run "prune_blockchain" in the monerod console
- run the monero-blockchain-prune utility

The first two will prune in place. Due to how LMDB works, this
will not reduce the blockchain size on disk. Instead, it will
mark parts of the file as free, so that future data will use
that free space, causing the file to not grow until free space
grows scarce.

The third way will create a second database, a pruned copy of
the original one. Since this is a new file, this one will be
smaller than the original one.

Once the database is pruned, it will stay pruned as it syncs.
That is, there is no need to use --prune-blockchain again, etc.
2019-01-22 20:30:51 +00:00
Riccardo Spagni c00ac446fd
Merge pull request #4854
bd98e99c Removed a lot of unnecessary includes (Martijn Otto)
2018-12-04 17:08:42 +02:00