From 3c03d271c2814400d4ccd857f9155cebc657d1d0 Mon Sep 17 00:00:00 2001 From: Duke Leto Date: Mon, 22 Feb 2021 04:20:49 -0500 Subject: [PATCH 1/3] Allowlisted peers are allowed to getheaders during IBD --- src/main.cpp | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/main.cpp b/src/main.cpp index 286ef28b0..0d581b828 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -7344,10 +7344,15 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv, LOCK(cs_main); - if (chainActive.LastTip() != 0 && chainActive.LastTip()->GetHeight() > 100000 && IsInitialBlockDownload()) - { - //fprintf(stderr,"dont process getheaders during initial download\n"); - return true; + + if (chainActive.LastTip() != 0 && chainActive.LastTip()->GetHeight() > 100000 && IsInitialBlockDownload()) { + if(pfrom->fAllowlisted) { + LogPrint("net", "Allowing getheaders from allowlisted peer=%d during initial block download\n", pfrom->id); + } else { + LogPrint("net", "Ignoring getheaders from peer=%d because node is in initial block download\n", pfrom->id); + //fprintf(stderr,"dont process getheaders during initial download\n"); + return true; + } } CBlockIndex* pindex = NULL; if (locator.IsNull()) From fd0d0e6c750cf8e9ddb82ff8e1c9d7e0a283d220 Mon Sep 17 00:00:00 2001 From: Duke Leto Date: Mon, 22 Feb 2021 04:44:57 -0500 Subject: [PATCH 2/3] Remove unused partition check code This code is unused and was disabled in BTC core and then deleted, since it didn't work correctly: https://github.com/bitcoin/bitcoin/pull/8275 --- src/main.cpp | 73 +++------------------------------------------------- src/main.h | 3 +-- 2 files changed, 5 insertions(+), 71 deletions(-) diff --git a/src/main.cpp b/src/main.cpp index 0d581b828..a3322b03b 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -3043,77 +3043,12 @@ void ThreadScriptCheck() { scriptcheckqueue.Thread(); } -// -// Called periodically asynchronously; alerts if it smells like -// we're being fed a bad chain (blocks being generated much -// too slowly or too quickly). -// -void PartitionCheck(bool (*initialDownloadCheck)(), CCriticalSection& cs, const CBlockIndex *const &bestHeader, - int64_t nPowTargetSpacing) -{ - if (bestHeader == NULL || initialDownloadCheck()) return; - - static int64_t lastAlertTime = 0; - int64_t now = GetTime(); - if (lastAlertTime > now-60*60*24) return; // Alert at most once per day - - const int SPAN_HOURS=4; - const int SPAN_SECONDS=SPAN_HOURS*60*60; - int BLOCKS_EXPECTED = SPAN_SECONDS / nPowTargetSpacing; - - boost::math::poisson_distribution poisson(BLOCKS_EXPECTED); - - std::string strWarning; - int64_t startTime = GetTime()-SPAN_SECONDS; - - LOCK(cs); - const CBlockIndex* i = bestHeader; - int nBlocks = 0; - while (i->GetBlockTime() >= startTime) { - ++nBlocks; - i = i->pprev; - if (i == NULL) return; // Ran out of chain, we must not be fully synced - } - - // How likely is it to find that many by chance? - double p = boost::math::pdf(poisson, nBlocks); - - LogPrint("partitioncheck", "%s : Found %d blocks in the last %d hours\n", __func__, nBlocks, SPAN_HOURS); - LogPrint("partitioncheck", "%s : likelihood: %g\n", __func__, p); - - // Aim for one false-positive about every fifty years of normal running: - const int FIFTY_YEARS = 50*365*24*60*60; - double alertThreshold = 1.0 / (FIFTY_YEARS / SPAN_SECONDS); - - if (bestHeader->GetHeight() > BLOCKS_EXPECTED) - { - if (p <= alertThreshold && nBlocks < BLOCKS_EXPECTED) - { - // Many fewer blocks than expected: alert! - strWarning = strprintf(_("WARNING: check your network connection, %d blocks received in the last %d hours (%d expected)"), - nBlocks, SPAN_HOURS, BLOCKS_EXPECTED); - } - else if (p <= alertThreshold && nBlocks > BLOCKS_EXPECTED) - { - // Many more blocks than expected: alert! - strWarning = strprintf(_("WARNING: abnormally high number of blocks generated, %d blocks received in the last %d hours (%d expected)"), - nBlocks, SPAN_HOURS, BLOCKS_EXPECTED); - } - } - if (!strWarning.empty()) - { - strMiscWarning = strWarning; - CAlert::Notify(strWarning, true); - lastAlertTime = now; - } -} - -static int64_t nTimeVerify = 0; -static int64_t nTimeConnect = 0; -static int64_t nTimeIndex = 0; +static int64_t nTimeVerify = 0; +static int64_t nTimeConnect = 0; +static int64_t nTimeIndex = 0; static int64_t nTimeCallbacks = 0; -static int64_t nTimeTotal = 0; +static int64_t nTimeTotal = 0; bool FindBlockPos(int32_t tmpflag,CValidationState &state, CDiskBlockPos &pos, unsigned int nAddSize, unsigned int nHeight, uint64_t nTime, bool fKnown = false); bool ReceivedBlockTransactions(const CBlock &block, CValidationState& state, CBlockIndex *pindexNew, const CDiskBlockPos& pos); diff --git a/src/main.h b/src/main.h index 62070998d..a624fbd18 100644 --- a/src/main.h +++ b/src/main.h @@ -239,8 +239,7 @@ bool ProcessMessages(CNode* pfrom); bool SendMessages(CNode* pto, bool fSendTrickle); /** Run an instance of the script checking thread */ void ThreadScriptCheck(); -/** Try to detect Partition (network isolation) attacks against us */ -void PartitionCheck(bool (*initialDownloadCheck)(), CCriticalSection& cs, const CBlockIndex *const &bestHeader, int64_t nPowTargetSpacing); + /** Check whether we are doing an initial block download (synchronizing from disk or network) */ bool IsInitialBlockDownload(); /** Check if the daemon is in sync, if not, it returns 1 or if due to best header only, the difference in best From 18f6fc4c341861c39d0ade7e551520c0b276a788 Mon Sep 17 00:00:00 2001 From: zanzibar Date: Wed, 7 Apr 2021 07:50:57 +0000 Subject: [PATCH 3/3] Update 'doc/tor.md' --- doc/tor.md | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/doc/tor.md b/doc/tor.md index 146768bec..c00db2fbd 100644 --- a/doc/tor.md +++ b/doc/tor.md @@ -1,6 +1,8 @@ -*** Warning: Do not assume Tor support does the correct thing in Hush; better Tor support is a future feature goal. *** +# Warning -# TOR SUPPORT IN HUSH + Do not assume Tor support works perfectly in Hush; better Tor support is currently being worked on. + +# Hush + Tor It is possible to run Hush as a Tor hidden service, and connect to such services. @@ -34,6 +36,11 @@ In a typical situation, this suffices to run behind a Tor proxy: ./hushd -proxy=127.0.0.1:9050 +If using the Tor Browser Bundle: + + ./hushd -proxy=127.0.0.1:9150 + + 2. Run a Hush hidden server ---------------------------- @@ -43,11 +50,10 @@ reachable from the Tor network. Add these lines to your /etc/tor/torrc (or equiv config file): HiddenServiceDir /var/lib/tor/hush-service/ - HiddenServicePort 7771 127.0.0.1:7771 - HiddenServicePort 17771 127.0.0.1:17771 + HiddenServicePort 18030 127.0.0.1:18030 The directory can be different of course, but (both) port numbers should be equal to -your hushd's P2P listen port (7771 by default). +your hushd's P2P listen port (18030 by default). -externalip=X You can tell Hush about its publicly reachable address using this option, and this can be a .onion address. Given the above @@ -69,10 +75,10 @@ your hushd's P2P listen port (7771 by default). In a typical situation, where you're only reachable via Tor, this should suffice: - ./hushd -proxy=127.0.0.1:9050 -externalip=zctestseie6wxgio.onion -listen + ./hushd -proxy=127.0.0.1:9050 -externalip=hushc0de123.onion -listen -(obviously, replace the Onion address with your own). It should be noted that you still -listen on all devices and another node could establish a clearnet connection, when knowing +(obviously, replace the Onion address with your own). Currently only v2 HS's are supported. +It should be noted that you still listen on all devices and another node could establish a clearnet connection, when knowing your address. To mitigate this, additionally bind the address of your Tor proxy: ./hushd ... -bind=127.0.0.1 @@ -82,12 +88,12 @@ as well, use `discover` instead: ./hushd ... -discover -and open port 7771 on your firewall (or use -upnp). +and open port 18030 on your firewall. If you only want to use Tor to reach onion addresses, but not use it as a proxy for normal IPv4/IPv6 communication, use: - ./hushd -onion=127.0.0.1:9050 -externalip=zctestseie6wxgio.onion -discover + ./hushd -onion=127.0.0.1:9050 -externalip=hushc0de123.onion -discover 3. Automatically listen on Tor @@ -135,9 +141,9 @@ Now use hush-cli to verify there is only a single peer connection. [ { "id" : 1, - "addr" : "zctestseie6wxgio.onion:17770", + "addr" : "zcashhoneypot.onion:18030", ... - "version" : 170010, + "version" : 1987420, "subver" : "/GoldenSandtrout:3.6.0/", ... } @@ -145,4 +151,4 @@ Now use hush-cli to verify there is only a single peer connection. To connect to multiple Tor nodes, use: - ./hushd -onion=127.0.0.1:9050 -addnode=fuckzookoeie6wxgio.onion -dnsseed=0 -onlynet=onion + ./hushd -onion=127.0.0.1:9050 -addnode=hushbeef123.onion -dnsseed=0 -onlynet=onion