ff7fdf6 protocol: drop peers that don't reply to queries (moneromooo-monero)
89e984d keep only the last seen node on a given host in the white list (moneromooo-monero)
c74d8ff protocol: drop peers that decrease claimed height (moneromooo-monero)
61f5001 protocol: add scoring system to drop peers that don't behave (moneromooo-monero)
c64b94bd1 p2p: fix endianness when checking IPv6 addresses mapping to IPv4 (moneromooo-monero)
67f2bec2d p2p: make this work with boost <= 1.65 (pffff) (moneromooo-monero)
ffdf1fb1d p2p: rewrite boost's make_address_v4 to cater for < 1.66 (moneromooo)
IPv6 addresses include a range that can map IPv4 addresses,
which allowed those mapped addresses to bypass filtering.
This filter should be replaced by AS filtering at some point.
This reduces the attack surface for data that can come from
malicious sources (exported output and key images, multisig
transactions...) since the monero serialization is already
exposed to the outside, and the boost lib we were using had
a few known crashers.
For interoperability, a new load-deprecated-formats wallet
setting is added (off by default). This allows loading boost
format data if there is no alternative. It will likely go
at some point, along with the ability to load those.
Notably, the peer lists file still uses the boost serialization
code, as the data it stores is define in epee, while the new
serialization code is in monero, and migrating it was fairly
hairy. Since this file is local and not obtained from anyone
else, the marginal risk is minimal, but it could be migrated
later if needed.
Some tests and tools also do, this will stay as is for now.
When a handshake fails, it can fail due to timeout or destroyed
connection, in which case the connection will be, or already is,
closed, and we don't want to do it twice.
Additionally, when closing a connection directly from the top
level code, ensure the connection is gone from the m_connects
list so it won't be used again.
AFAICT this is now clean in netstat, /proc/PID/fd and print_cn.
This fixes a noisy (but harmless) exception.
- New flag in NOTIFY_NEW_TRANSACTION to indicate stem mode
- Stem loops detected in tx_pool.cpp
- Embargo timeout for a blackhole attack during stem phase
4771a7ae p2p: remove obsolete local time in handshake (moneromooo-monero)
2fbbc4a2 p2p: avoid sending the same peer list over and over (moneromooo-monero)
3004835b epee: remove backward compatible endian specific address serialization (moneromooo-monero)
39a343d7 p2p: remove backward compatible peer list (moneromooo-monero)
60631802 p2p: simplify last_seen serialization now we have optional stores (moneromooo-monero)
9467b2e4 cryptonote_protocol: omit top 64 bits of difficulty when 0 (moneromooo-monero)
b595583f serialization: do not write optional fields with default value (moneromooo-monero)
5f98b46d p2p: remove obsolete local time from TIMED_SYNC (moneromooo-monero)
During the handshake for an incoming connection, the peer id is checked against the local node's peer id only for the specific zone of the incoming peer, in order to avoid linking public addresses to tor addresses:
5d7ae2d279/src/p2p/net_node.inl (L2343)
However, on handshakes for outgoing connections, all zones are checked:
5d7ae2d279/src/p2p/net_node.inl (L1064)
If an attacker wanted to link a specific tor node to a public node, they could potentially connect to as many public nodes as possible, get themselves added to the peer whitelist, maybe stuff some more attacker-owned addresses into the greylist, then disconnect, and for any future incoming connections, respond with the tor node's id in an attempt to link the public/tor addresses.
