2014-07-25 10:29:08 -06:00
|
|
|
// Copyright (c) 2006-2013, Andrey N. Sabelnikov, www.sabelnikov.net
|
2014-03-03 15:07:58 -07:00
|
|
|
// All rights reserved.
|
|
|
|
//
|
2014-07-25 10:29:08 -06:00
|
|
|
// Redistribution and use in source and binary forms, with or without
|
|
|
|
// modification, are permitted provided that the following conditions are met:
|
|
|
|
// * Redistributions of source code must retain the above copyright
|
|
|
|
// notice, this list of conditions and the following disclaimer.
|
|
|
|
// * Redistributions in binary form must reproduce the above copyright
|
|
|
|
// notice, this list of conditions and the following disclaimer in the
|
|
|
|
// documentation and/or other materials provided with the distribution.
|
|
|
|
// * Neither the name of the Andrey N. Sabelnikov nor the
|
|
|
|
// names of its contributors may be used to endorse or promote products
|
|
|
|
// derived from this software without specific prior written permission.
|
2014-07-23 07:03:52 -06:00
|
|
|
//
|
2014-07-25 10:29:08 -06:00
|
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
|
|
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
|
|
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER BE LIABLE FOR ANY
|
|
|
|
// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
|
|
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
|
|
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
|
|
// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2014-07-23 07:03:52 -06:00
|
|
|
//
|
2014-07-25 10:29:08 -06:00
|
|
|
|
|
|
|
|
2014-03-03 15:07:58 -07:00
|
|
|
|
|
|
|
#ifndef _NET_UTILS_BASE_H_
|
|
|
|
#define _NET_UTILS_BASE_H_
|
|
|
|
|
|
|
|
#include <boost/uuid/uuid.hpp>
|
2017-11-25 15:25:05 -07:00
|
|
|
#include <boost/asio/io_service.hpp>
|
2017-08-25 09:14:46 -06:00
|
|
|
#include <typeinfo>
|
|
|
|
#include <type_traits>
|
2018-12-16 10:57:44 -07:00
|
|
|
#include "enums.h"
|
2017-05-27 04:35:54 -06:00
|
|
|
#include "serialization/keyvalue_serialization.h"
|
Change logging to easylogging++
This replaces the epee and data_loggers logging systems with
a single one, and also adds filename:line and explicit severity
levels. Categories may be defined, and logging severity set
by category (or set of categories). epee style 0-4 log level
maps to a sensible severity configuration. Log files now also
rotate when reaching 100 MB.
To select which logs to output, use the MONERO_LOGS environment
variable, with a comma separated list of categories (globs are
supported), with their requested severity level after a colon.
If a log matches more than one such setting, the last one in
the configuration string applies. A few examples:
This one is (mostly) silent, only outputting fatal errors:
MONERO_LOGS=*:FATAL
This one is very verbose:
MONERO_LOGS=*:TRACE
This one is totally silent (logwise):
MONERO_LOGS=""
This one outputs all errors and warnings, except for the
"verify" category, which prints just fatal errors (the verify
category is used for logs about incoming transactions and
blocks, and it is expected that some/many will fail to verify,
hence we don't want the spam):
MONERO_LOGS=*:WARNING,verify:FATAL
Log levels are, in decreasing order of priority:
FATAL, ERROR, WARNING, INFO, DEBUG, TRACE
Subcategories may be added using prefixes and globs. This
example will output net.p2p logs at the TRACE level, but all
other net* logs only at INFO:
MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE
Logs which are intended for the user (which Monero was using
a lot through epee, but really isn't a nice way to go things)
should use the "global" category. There are a few helper macros
for using this category, eg: MGINFO("this shows up by default")
or MGINFO_RED("this is red"), to try to keep a similar look
and feel for now.
Existing epee log macros still exist, and map to the new log
levels, but since they're used as a "user facing" UI element
as much as a logging system, they often don't map well to log
severities (ie, a log level 0 log may be an error, or may be
something we want the user to see, such as an important info).
In those cases, I tried to use the new macros. In other cases,
I left the existing macros in. When modifying logs, it is
probably best to switch to the new macros with explicit levels.
The --log-level options and set_log commands now also accept
category settings, in addition to the epee style log levels.
2017-01-01 09:34:23 -07:00
|
|
|
#include "misc_log_ex.h"
|
|
|
|
|
|
|
|
#undef MONERO_DEFAULT_LOG_CATEGORY
|
|
|
|
#define MONERO_DEFAULT_LOG_CATEGORY "net"
|
2014-03-03 15:07:58 -07:00
|
|
|
|
|
|
|
#ifndef MAKE_IP
|
|
|
|
#define MAKE_IP( a1, a2, a3, a4 ) (a1|(a2<<8)|(a3<<16)|(a4<<24))
|
|
|
|
#endif
|
|
|
|
|
2019-01-23 14:37:43 -07:00
|
|
|
#if BOOST_VERSION >= 107000
|
|
|
|
#define GET_IO_SERVICE(s) ((boost::asio::io_context&)(s).get_executor().context())
|
|
|
|
#else
|
|
|
|
#define GET_IO_SERVICE(s) ((s).get_io_service())
|
|
|
|
#endif
|
|
|
|
|
2018-12-16 10:57:44 -07:00
|
|
|
namespace net
|
|
|
|
{
|
|
|
|
class tor_address;
|
2019-01-21 09:50:03 -07:00
|
|
|
class i2p_address;
|
2018-12-16 10:57:44 -07:00
|
|
|
}
|
|
|
|
|
2014-03-03 15:07:58 -07:00
|
|
|
namespace epee
|
|
|
|
{
|
|
|
|
namespace net_utils
|
|
|
|
{
|
2017-08-25 09:14:46 -06:00
|
|
|
class ipv4_network_address
|
2017-05-27 04:35:54 -06:00
|
|
|
{
|
2017-08-25 09:14:46 -06:00
|
|
|
uint32_t m_ip;
|
|
|
|
uint16_t m_port;
|
2017-09-18 05:30:48 -06:00
|
|
|
|
2017-05-27 04:35:54 -06:00
|
|
|
public:
|
2018-12-16 10:57:44 -07:00
|
|
|
constexpr ipv4_network_address() noexcept
|
|
|
|
: ipv4_network_address(0, 0)
|
|
|
|
{}
|
|
|
|
|
2017-08-25 09:14:46 -06:00
|
|
|
constexpr ipv4_network_address(uint32_t ip, uint16_t port) noexcept
|
|
|
|
: m_ip(ip), m_port(port) {}
|
|
|
|
|
|
|
|
bool equal(const ipv4_network_address& other) const noexcept;
|
|
|
|
bool less(const ipv4_network_address& other) const noexcept;
|
|
|
|
constexpr bool is_same_host(const ipv4_network_address& other) const noexcept
|
|
|
|
{ return ip() == other.ip(); }
|
|
|
|
|
|
|
|
constexpr uint32_t ip() const noexcept { return m_ip; }
|
|
|
|
constexpr uint16_t port() const noexcept { return m_port; }
|
|
|
|
std::string str() const;
|
|
|
|
std::string host_str() const;
|
|
|
|
bool is_loopback() const;
|
|
|
|
bool is_local() const;
|
2018-12-16 10:57:44 -07:00
|
|
|
static constexpr address_type get_type_id() noexcept { return address_type::ipv4; }
|
|
|
|
static constexpr zone get_zone() noexcept { return zone::public_; }
|
|
|
|
static constexpr bool is_blockable() noexcept { return true; }
|
2017-08-25 09:14:46 -06:00
|
|
|
|
2017-05-27 04:35:54 -06:00
|
|
|
BEGIN_KV_SERIALIZE_MAP()
|
|
|
|
KV_SERIALIZE(m_ip)
|
|
|
|
KV_SERIALIZE(m_port)
|
|
|
|
END_KV_SERIALIZE_MAP()
|
|
|
|
};
|
2017-08-25 09:14:46 -06:00
|
|
|
|
|
|
|
inline bool operator==(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
|
|
|
|
{ return lhs.equal(rhs); }
|
|
|
|
inline bool operator!=(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
|
|
|
|
{ return !lhs.equal(rhs); }
|
|
|
|
inline bool operator<(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
|
|
|
|
{ return lhs.less(rhs); }
|
|
|
|
inline bool operator<=(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
|
|
|
|
{ return !rhs.less(lhs); }
|
|
|
|
inline bool operator>(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
|
|
|
|
{ return rhs.less(lhs); }
|
|
|
|
inline bool operator>=(const ipv4_network_address& lhs, const ipv4_network_address& rhs) noexcept
|
|
|
|
{ return !lhs.less(rhs); }
|
|
|
|
|
|
|
|
class network_address
|
2017-05-27 04:35:54 -06:00
|
|
|
{
|
2017-08-25 09:14:46 -06:00
|
|
|
struct interface
|
|
|
|
{
|
|
|
|
virtual ~interface() {};
|
|
|
|
|
|
|
|
virtual bool equal(const interface&) const = 0;
|
|
|
|
virtual bool less(const interface&) const = 0;
|
|
|
|
virtual bool is_same_host(const interface&) const = 0;
|
|
|
|
|
|
|
|
virtual std::string str() const = 0;
|
|
|
|
virtual std::string host_str() const = 0;
|
|
|
|
virtual bool is_loopback() const = 0;
|
|
|
|
virtual bool is_local() const = 0;
|
2018-12-16 10:57:44 -07:00
|
|
|
virtual address_type get_type_id() const = 0;
|
|
|
|
virtual zone get_zone() const = 0;
|
|
|
|
virtual bool is_blockable() const = 0;
|
2017-08-25 09:14:46 -06:00
|
|
|
};
|
|
|
|
|
|
|
|
template<typename T>
|
|
|
|
struct implementation final : interface
|
|
|
|
{
|
|
|
|
T value;
|
|
|
|
|
|
|
|
implementation(const T& src) : value(src) {}
|
|
|
|
~implementation() = default;
|
|
|
|
|
|
|
|
// Type-checks for cast are done in cpp
|
|
|
|
static const T& cast(const interface& src) noexcept
|
|
|
|
{ return static_cast<const implementation<T>&>(src).value; }
|
|
|
|
|
|
|
|
virtual bool equal(const interface& other) const override
|
|
|
|
{ return value.equal(cast(other)); }
|
|
|
|
|
|
|
|
virtual bool less(const interface& other) const override
|
|
|
|
{ return value.less(cast(other)); }
|
|
|
|
|
|
|
|
virtual bool is_same_host(const interface& other) const override
|
|
|
|
{ return value.is_same_host(cast(other)); }
|
|
|
|
|
|
|
|
virtual std::string str() const override { return value.str(); }
|
|
|
|
virtual std::string host_str() const override { return value.host_str(); }
|
|
|
|
virtual bool is_loopback() const override { return value.is_loopback(); }
|
|
|
|
virtual bool is_local() const override { return value.is_local(); }
|
2018-12-16 10:57:44 -07:00
|
|
|
virtual address_type get_type_id() const override { return value.get_type_id(); }
|
|
|
|
virtual zone get_zone() const override { return value.get_zone(); }
|
|
|
|
virtual bool is_blockable() const override { return value.is_blockable(); }
|
2017-08-25 09:14:46 -06:00
|
|
|
};
|
|
|
|
|
|
|
|
std::shared_ptr<interface> self;
|
|
|
|
|
|
|
|
template<typename Type>
|
|
|
|
Type& as_mutable() const
|
|
|
|
{
|
|
|
|
// types `implmentation<Type>` and `implementation<const Type>` are unique
|
|
|
|
using Type_ = typename std::remove_const<Type>::type;
|
|
|
|
network_address::interface* const self_ = self.get(); // avoid clang warning in typeid
|
|
|
|
if (!self_ || typeid(implementation<Type_>) != typeid(*self_))
|
|
|
|
throw std::bad_cast{};
|
|
|
|
return static_cast<implementation<Type_>*>(self_)->value;
|
|
|
|
}
|
2018-12-16 10:57:44 -07:00
|
|
|
|
|
|
|
template<typename T, typename t_storage>
|
|
|
|
bool serialize_addr(std::false_type, t_storage& stg, typename t_storage::hsection hparent)
|
|
|
|
{
|
|
|
|
T addr{};
|
|
|
|
if (!epee::serialization::selector<false>::serialize(addr, stg, hparent, "addr"))
|
|
|
|
return false;
|
|
|
|
*this = std::move(addr);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
template<typename T, typename t_storage>
|
|
|
|
bool serialize_addr(std::true_type, t_storage& stg, typename t_storage::hsection hparent) const
|
|
|
|
{
|
|
|
|
return epee::serialization::selector<true>::serialize(as<T>(), stg, hparent, "addr");
|
|
|
|
}
|
|
|
|
|
2017-05-27 04:35:54 -06:00
|
|
|
public:
|
2017-08-25 09:14:46 -06:00
|
|
|
network_address() : self(nullptr) {}
|
|
|
|
template<typename T>
|
|
|
|
network_address(const T& src)
|
|
|
|
: self(std::make_shared<implementation<T>>(src)) {}
|
|
|
|
bool equal(const network_address &other) const;
|
|
|
|
bool less(const network_address &other) const;
|
|
|
|
bool is_same_host(const network_address &other) const;
|
|
|
|
std::string str() const { return self ? self->str() : "<none>"; }
|
|
|
|
std::string host_str() const { return self ? self->host_str() : "<none>"; }
|
|
|
|
bool is_loopback() const { return self ? self->is_loopback() : false; }
|
|
|
|
bool is_local() const { return self ? self->is_local() : false; }
|
2018-12-16 10:57:44 -07:00
|
|
|
address_type get_type_id() const { return self ? self->get_type_id() : address_type::invalid; }
|
|
|
|
zone get_zone() const { return self ? self->get_zone() : zone::invalid; }
|
|
|
|
bool is_blockable() const { return self ? self->is_blockable() : false; }
|
2017-08-25 09:14:46 -06:00
|
|
|
template<typename Type> const Type &as() const { return as_mutable<const Type>(); }
|
2017-05-27 04:35:54 -06:00
|
|
|
|
|
|
|
BEGIN_KV_SERIALIZE_MAP()
|
2019-01-21 09:50:03 -07:00
|
|
|
// need to `#include "net/[i2p|tor]_address.h"` when serializing `network_address`
|
2018-12-16 10:57:44 -07:00
|
|
|
static constexpr std::integral_constant<bool, is_store> is_store_{};
|
|
|
|
|
|
|
|
std::uint8_t type = std::uint8_t(is_store ? this_ref.get_type_id() : address_type::invalid);
|
2017-12-08 11:26:36 -07:00
|
|
|
if (!epee::serialization::selector<is_store>::serialize(type, stg, hparent_section, "type"))
|
|
|
|
return false;
|
2018-12-16 10:57:44 -07:00
|
|
|
|
|
|
|
switch (address_type(type))
|
2017-05-27 04:35:54 -06:00
|
|
|
{
|
2018-12-16 10:57:44 -07:00
|
|
|
case address_type::ipv4:
|
|
|
|
return this_ref.template serialize_addr<ipv4_network_address>(is_store_, stg, hparent_section);
|
|
|
|
case address_type::tor:
|
|
|
|
return this_ref.template serialize_addr<net::tor_address>(is_store_, stg, hparent_section);
|
2019-01-21 09:50:03 -07:00
|
|
|
case address_type::i2p:
|
|
|
|
return this_ref.template serialize_addr<net::i2p_address>(is_store_, stg, hparent_section);
|
2018-12-16 10:57:44 -07:00
|
|
|
case address_type::invalid:
|
|
|
|
default:
|
2017-05-27 04:35:54 -06:00
|
|
|
break;
|
|
|
|
}
|
2018-12-16 10:57:44 -07:00
|
|
|
|
|
|
|
MERROR("Unsupported network address type: " << (unsigned)type);
|
|
|
|
return false;
|
2017-05-27 04:35:54 -06:00
|
|
|
END_KV_SERIALIZE_MAP()
|
|
|
|
};
|
2017-08-25 09:14:46 -06:00
|
|
|
|
|
|
|
inline bool operator==(const network_address& lhs, const network_address& rhs)
|
|
|
|
{ return lhs.equal(rhs); }
|
|
|
|
inline bool operator!=(const network_address& lhs, const network_address& rhs)
|
|
|
|
{ return !lhs.equal(rhs); }
|
|
|
|
inline bool operator<(const network_address& lhs, const network_address& rhs)
|
|
|
|
{ return lhs.less(rhs); }
|
|
|
|
inline bool operator<=(const network_address& lhs, const network_address& rhs)
|
|
|
|
{ return !rhs.less(lhs); }
|
|
|
|
inline bool operator>(const network_address& lhs, const network_address& rhs)
|
|
|
|
{ return rhs.less(lhs); }
|
|
|
|
inline bool operator>=(const network_address& lhs, const network_address& rhs)
|
|
|
|
{ return !lhs.less(rhs); }
|
|
|
|
|
2014-03-03 15:07:58 -07:00
|
|
|
/************************************************************************/
|
|
|
|
/* */
|
|
|
|
/************************************************************************/
|
|
|
|
struct connection_context_base
|
|
|
|
{
|
|
|
|
const boost::uuids::uuid m_connection_id;
|
2017-05-27 04:35:54 -06:00
|
|
|
const network_address m_remote_address;
|
2014-03-20 05:46:11 -06:00
|
|
|
const bool m_is_income;
|
|
|
|
const time_t m_started;
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 16:44:48 -06:00
|
|
|
const time_t m_ssl;
|
2014-03-20 05:46:11 -06:00
|
|
|
time_t m_last_recv;
|
|
|
|
time_t m_last_send;
|
|
|
|
uint64_t m_recv_cnt;
|
|
|
|
uint64_t m_send_cnt;
|
2015-02-12 12:59:39 -07:00
|
|
|
double m_current_speed_down;
|
|
|
|
double m_current_speed_up;
|
Pruning
The blockchain prunes seven eighths of prunable tx data.
This saves about two thirds of the blockchain size, while
keeping the node useful as a sync source for an eighth
of the blockchain.
No other data is currently pruned.
There are three ways to prune a blockchain:
- run monerod with --prune-blockchain
- run "prune_blockchain" in the monerod console
- run the monero-blockchain-prune utility
The first two will prune in place. Due to how LMDB works, this
will not reduce the blockchain size on disk. Instead, it will
mark parts of the file as free, so that future data will use
that free space, causing the file to not grow until free space
grows scarce.
The third way will create a second database, a pruned copy of
the original one. Since this is a new file, this one will be
smaller than the original one.
Once the database is pruned, it will stay pruned as it syncs.
That is, there is no need to use --prune-blockchain again, etc.
2018-04-29 16:30:51 -06:00
|
|
|
double m_max_speed_down;
|
|
|
|
double m_max_speed_up;
|
2014-03-03 15:07:58 -07:00
|
|
|
|
2014-05-25 11:06:40 -06:00
|
|
|
connection_context_base(boost::uuids::uuid connection_id,
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 16:44:48 -06:00
|
|
|
const network_address &remote_address, bool is_income, bool ssl,
|
2014-05-25 11:06:40 -06:00
|
|
|
time_t last_recv = 0, time_t last_send = 0,
|
|
|
|
uint64_t recv_cnt = 0, uint64_t send_cnt = 0):
|
2014-03-03 15:07:58 -07:00
|
|
|
m_connection_id(connection_id),
|
2017-05-27 04:35:54 -06:00
|
|
|
m_remote_address(remote_address),
|
2014-03-20 05:46:11 -06:00
|
|
|
m_is_income(is_income),
|
2014-05-25 11:06:40 -06:00
|
|
|
m_started(time(NULL)),
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 16:44:48 -06:00
|
|
|
m_ssl(ssl),
|
2014-03-20 05:46:11 -06:00
|
|
|
m_last_recv(last_recv),
|
|
|
|
m_last_send(last_send),
|
|
|
|
m_recv_cnt(recv_cnt),
|
2015-02-12 12:59:39 -07:00
|
|
|
m_send_cnt(send_cnt),
|
|
|
|
m_current_speed_down(0),
|
Pruning
The blockchain prunes seven eighths of prunable tx data.
This saves about two thirds of the blockchain size, while
keeping the node useful as a sync source for an eighth
of the blockchain.
No other data is currently pruned.
There are three ways to prune a blockchain:
- run monerod with --prune-blockchain
- run "prune_blockchain" in the monerod console
- run the monero-blockchain-prune utility
The first two will prune in place. Due to how LMDB works, this
will not reduce the blockchain size on disk. Instead, it will
mark parts of the file as free, so that future data will use
that free space, causing the file to not grow until free space
grows scarce.
The third way will create a second database, a pruned copy of
the original one. Since this is a new file, this one will be
smaller than the original one.
Once the database is pruned, it will stay pruned as it syncs.
That is, there is no need to use --prune-blockchain again, etc.
2018-04-29 16:30:51 -06:00
|
|
|
m_current_speed_up(0),
|
|
|
|
m_max_speed_down(0),
|
|
|
|
m_max_speed_up(0)
|
2014-03-03 15:07:58 -07:00
|
|
|
{}
|
|
|
|
|
|
|
|
connection_context_base(): m_connection_id(),
|
2018-12-16 10:57:44 -07:00
|
|
|
m_remote_address(),
|
2014-03-20 05:46:11 -06:00
|
|
|
m_is_income(false),
|
2014-05-25 11:06:40 -06:00
|
|
|
m_started(time(NULL)),
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 16:44:48 -06:00
|
|
|
m_ssl(false),
|
2014-03-20 05:46:11 -06:00
|
|
|
m_last_recv(0),
|
|
|
|
m_last_send(0),
|
|
|
|
m_recv_cnt(0),
|
2015-02-12 12:59:39 -07:00
|
|
|
m_send_cnt(0),
|
|
|
|
m_current_speed_down(0),
|
Pruning
The blockchain prunes seven eighths of prunable tx data.
This saves about two thirds of the blockchain size, while
keeping the node useful as a sync source for an eighth
of the blockchain.
No other data is currently pruned.
There are three ways to prune a blockchain:
- run monerod with --prune-blockchain
- run "prune_blockchain" in the monerod console
- run the monero-blockchain-prune utility
The first two will prune in place. Due to how LMDB works, this
will not reduce the blockchain size on disk. Instead, it will
mark parts of the file as free, so that future data will use
that free space, causing the file to not grow until free space
grows scarce.
The third way will create a second database, a pruned copy of
the original one. Since this is a new file, this one will be
smaller than the original one.
Once the database is pruned, it will stay pruned as it syncs.
That is, there is no need to use --prune-blockchain again, etc.
2018-04-29 16:30:51 -06:00
|
|
|
m_current_speed_up(0),
|
|
|
|
m_max_speed_down(0),
|
|
|
|
m_max_speed_up(0)
|
2014-03-03 15:07:58 -07:00
|
|
|
{}
|
|
|
|
|
|
|
|
connection_context_base& operator=(const connection_context_base& a)
|
|
|
|
{
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 16:44:48 -06:00
|
|
|
set_details(a.m_connection_id, a.m_remote_address, a.m_is_income, a.m_ssl);
|
2014-03-03 15:07:58 -07:00
|
|
|
return *this;
|
|
|
|
}
|
|
|
|
|
|
|
|
private:
|
|
|
|
template<class t_protocol_handler>
|
|
|
|
friend class connection;
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 16:44:48 -06:00
|
|
|
void set_details(boost::uuids::uuid connection_id, const network_address &remote_address, bool is_income, bool ssl)
|
2014-03-03 15:07:58 -07:00
|
|
|
{
|
|
|
|
this->~connection_context_base();
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 16:44:48 -06:00
|
|
|
new(this) connection_context_base(connection_id, remote_address, is_income, ssl);
|
2014-03-03 15:07:58 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
/************************************************************************/
|
|
|
|
/* */
|
|
|
|
/************************************************************************/
|
|
|
|
struct i_service_endpoint
|
|
|
|
{
|
|
|
|
virtual bool do_send(const void* ptr, size_t cb)=0;
|
|
|
|
virtual bool close()=0;
|
2018-06-07 05:43:10 -06:00
|
|
|
virtual bool send_done()=0;
|
2014-03-03 15:07:58 -07:00
|
|
|
virtual bool call_run_once_service_io()=0;
|
|
|
|
virtual bool request_callback()=0;
|
|
|
|
virtual boost::asio::io_service& get_io_service()=0;
|
|
|
|
//protect from deletion connection object(with protocol instance) during external call "invoke"
|
|
|
|
virtual bool add_ref()=0;
|
|
|
|
virtual bool release()=0;
|
|
|
|
protected:
|
2016-05-17 22:59:07 -06:00
|
|
|
virtual ~i_service_endpoint() noexcept(false) {}
|
2014-03-03 15:07:58 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
//some helpers
|
|
|
|
|
|
|
|
|
2017-11-25 15:25:05 -07:00
|
|
|
std::string print_connection_context(const connection_context_base& ctx);
|
|
|
|
std::string print_connection_context_short(const connection_context_base& ctx);
|
2014-03-03 15:07:58 -07:00
|
|
|
|
Change logging to easylogging++
This replaces the epee and data_loggers logging systems with
a single one, and also adds filename:line and explicit severity
levels. Categories may be defined, and logging severity set
by category (or set of categories). epee style 0-4 log level
maps to a sensible severity configuration. Log files now also
rotate when reaching 100 MB.
To select which logs to output, use the MONERO_LOGS environment
variable, with a comma separated list of categories (globs are
supported), with their requested severity level after a colon.
If a log matches more than one such setting, the last one in
the configuration string applies. A few examples:
This one is (mostly) silent, only outputting fatal errors:
MONERO_LOGS=*:FATAL
This one is very verbose:
MONERO_LOGS=*:TRACE
This one is totally silent (logwise):
MONERO_LOGS=""
This one outputs all errors and warnings, except for the
"verify" category, which prints just fatal errors (the verify
category is used for logs about incoming transactions and
blocks, and it is expected that some/many will fail to verify,
hence we don't want the spam):
MONERO_LOGS=*:WARNING,verify:FATAL
Log levels are, in decreasing order of priority:
FATAL, ERROR, WARNING, INFO, DEBUG, TRACE
Subcategories may be added using prefixes and globs. This
example will output net.p2p logs at the TRACE level, but all
other net* logs only at INFO:
MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE
Logs which are intended for the user (which Monero was using
a lot through epee, but really isn't a nice way to go things)
should use the "global" category. There are a few helper macros
for using this category, eg: MGINFO("this shows up by default")
or MGINFO_RED("this is red"), to try to keep a similar look
and feel for now.
Existing epee log macros still exist, and map to the new log
levels, but since they're used as a "user facing" UI element
as much as a logging system, they often don't map well to log
severities (ie, a log level 0 log may be an error, or may be
something we want the user to see, such as an important info).
In those cases, I tried to use the new macros. In other cases,
I left the existing macros in. When modifying logs, it is
probably best to switch to the new macros with explicit levels.
The --log-level options and set_log commands now also accept
category settings, in addition to the epee style log levels.
2017-01-01 09:34:23 -07:00
|
|
|
inline MAKE_LOGGABLE(connection_context_base, ct, os)
|
|
|
|
{
|
|
|
|
os << "[" << epee::net_utils::print_connection_context_short(ct) << "] ";
|
|
|
|
return os;
|
|
|
|
}
|
|
|
|
|
|
|
|
#define LOG_ERROR_CC(ct, message) MERROR(ct << message)
|
|
|
|
#define LOG_WARNING_CC(ct, message) MWARNING(ct << message)
|
|
|
|
#define LOG_INFO_CC(ct, message) MINFO(ct << message)
|
|
|
|
#define LOG_DEBUG_CC(ct, message) MDEBUG(ct << message)
|
|
|
|
#define LOG_TRACE_CC(ct, message) MTRACE(ct << message)
|
|
|
|
#define LOG_CC(level, ct, message) MLOG(level, ct << message)
|
|
|
|
|
2017-02-12 10:16:11 -07:00
|
|
|
#define LOG_PRINT_CC_L0(ct, message) LOG_PRINT_L0(ct << message)
|
|
|
|
#define LOG_PRINT_CC_L1(ct, message) LOG_PRINT_L1(ct << message)
|
|
|
|
#define LOG_PRINT_CC_L2(ct, message) LOG_PRINT_L2(ct << message)
|
|
|
|
#define LOG_PRINT_CC_L3(ct, message) LOG_PRINT_L3(ct << message)
|
|
|
|
#define LOG_PRINT_CC_L4(ct, message) LOG_PRINT_L4(ct << message)
|
2014-03-03 15:07:58 -07:00
|
|
|
|
|
|
|
#define LOG_PRINT_CCONTEXT_L0(message) LOG_PRINT_CC_L0(context, message)
|
|
|
|
#define LOG_PRINT_CCONTEXT_L1(message) LOG_PRINT_CC_L1(context, message)
|
|
|
|
#define LOG_PRINT_CCONTEXT_L2(message) LOG_PRINT_CC_L2(context, message)
|
|
|
|
#define LOG_PRINT_CCONTEXT_L3(message) LOG_PRINT_CC_L3(context, message)
|
|
|
|
#define LOG_ERROR_CCONTEXT(message) LOG_ERROR_CC(context, message)
|
|
|
|
|
|
|
|
#define CHECK_AND_ASSERT_MES_CC(condition, return_val, err_message) CHECK_AND_ASSERT_MES(condition, return_val, "[" << epee::net_utils::print_connection_context_short(context) << "]" << err_message)
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif //_NET_UTILS_BASE_H_
|