From c8a25189bcb1381eddf46b9a9743ba48e929439e Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Thu, 23 Oct 2014 13:24:58 +0200 Subject: [PATCH] doc: release notes update for `rpcallowip` syntax change --- doc/release-notes.md | 46 +++++++++++++++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 11 deletions(-) diff --git a/doc/release-notes.md b/doc/release-notes.md index de13daf3e..169ad71a0 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -34,29 +34,53 @@ confirmation times. Prior releases used hard-coded fees (and priorities), and would sometimes create transactions that took a very long time to confirm. +Statistics used to estimate fees and priorities are saved in the +data directory in the `fee_estimates.dat` file just before +program shutdown, and are read in at startup. New Command Line Options -======================== +--------------------------- --txconfirmtarget=n : create transactions that have enough fees (or priority) +- `-txconfirmtarget=n` : create transactions that have enough fees (or priority) so they are likely to confirm within n blocks (default: 1). This setting is over-ridden by the -paytxfee option. New RPC methods -=============== +---------------- -Fee/Priority estimation ------------------------ - -estimatefee nblocks : Returns approximate fee-per-1,000-bytes needed for +- `estimatefee nblocks` : Returns approximate fee-per-1,000-bytes needed for a transaction to be confirmed within nblocks. Returns -1 if not enough transactions have been observed to compute a good estimate. -estimatepriority nblocks : Returns approximate priority needed for +- `estimatepriority nblocks` : Returns approximate priority needed for a zero-fee transaction to confirm within nblocks. Returns -1 if not enough free transactions have been observed to compute a good estimate. -Statistics used to estimate fees and priorities are saved in the -data directory in the 'fee_estimates.dat' file just before -program shutdown, and are read in at startup. +RPC access control changes +========================================== + +Subnet matching for the purpose of access control is now done +by matching the binary network address, instead of with string wildcard matching. +For the user this means that `-rpcallowip` takes a subnet specification, which can be + +- a single IP address (e.g. `1.2.3.4` or `fe80::0012:3456:789a:bcde`) +- a network/CIDR (e.g. `1.2.3.0/24` or `fe80::0000/64`) +- a network/netmask (e.g. `1.2.3.4/255.255.255.0` or `fe80::0012:3456:789a:bcde/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff`) + +An arbitrary number of `-rpcallow` arguments can be given. An incoming connection will be accepted if its origin address +matches one of them. + +For example: + +| 0.9.x and before | 0.10.x | +|--------------------------------------------|---------------------------------------| +| `-rpcallowip=192.168.1.1` | `-rpcallowip=192.168.1.1` (unchanged) | +| `-rpcallowip=192.168.1.*` | `-rpcallowip=192.168.1.0/24` | +| `-rpcallowip=192.168.*` | `-rpcallowip=192.168.0.0/16` | +| `-rpcallowip=*` (dangerous!) | `-rpcallowip=::/0` | + +Using wildcards will result in the rule being rejected with the following error in debug.log: + + Error: Invalid -rpcallowip subnet specification: *. Valid are a single IP (e.g. 1.2.3.4), a network/netmask (e.g. 1.2.3.4/255.255.255.0) or a network/CIDR (e.g. 1.2.3.4/24). +