If enabled, pulls IPs to block on blocklist.moneropulse.*, and
blocks then for 8 days (so IPs dropping from the list will
eventually get unblocked, and DNS failures don't result in
instant clearing of the blocklist).
Enable with --enable-dns-blocklist
- rolling_median: tried to free uninitialized pointer in a constructor
- net_node.inl: erase-remove idiom was used incorrectly. remove_if doesn't actually remove elements, see http://cpp.sh/6fcjv
- bulletproofs.cc: call to sizeof() instead of vector.size(), luckily it only impacts performance and not code logic there
ff7fdf6 protocol: drop peers that don't reply to queries (moneromooo-monero)
89e984d keep only the last seen node on a given host in the white list (moneromooo-monero)
c74d8ff protocol: drop peers that decrease claimed height (moneromooo-monero)
61f5001 protocol: add scoring system to drop peers that don't behave (moneromooo-monero)
c64b94bd1 p2p: fix endianness when checking IPv6 addresses mapping to IPv4 (moneromooo-monero)
67f2bec2d p2p: make this work with boost <= 1.65 (pffff) (moneromooo-monero)
ffdf1fb1d p2p: rewrite boost's make_address_v4 to cater for < 1.66 (moneromooo)
IPv6 addresses include a range that can map IPv4 addresses,
which allowed those mapped addresses to bypass filtering.
This filter should be replaced by AS filtering at some point.
This reduces the attack surface for data that can come from
malicious sources (exported output and key images, multisig
transactions...) since the monero serialization is already
exposed to the outside, and the boost lib we were using had
a few known crashers.
For interoperability, a new load-deprecated-formats wallet
setting is added (off by default). This allows loading boost
format data if there is no alternative. It will likely go
at some point, along with the ability to load those.
Notably, the peer lists file still uses the boost serialization
code, as the data it stores is define in epee, while the new
serialization code is in monero, and migrating it was fairly
hairy. Since this file is local and not obtained from anyone
else, the marginal risk is minimal, but it could be migrated
later if needed.
Some tests and tools also do, this will stay as is for now.
