Commit Graph

93 Commits

Author SHA1 Message Date
ff8deebf60
Keep track of network protocol status 2017-01-12 19:18:56 +01:00
bd520a340f
Trustedpeer fix and more refactoring
- fixed trustedPeer (thanks to anonymous bug reporter)
- moved trustedPeer and Peer into state.py
2017-01-12 06:58:35 +01:00
5ceb920bd6
TLS tuning
- allow TLS > 1.0 with python >= 2.7.9
- tune ssl_context with python >= 2.7.9
2017-01-11 20:47:27 +01:00
c738d93056
Assorted fixes
- landscape.io was complaining, this fixes most easily fixable errors
2017-01-11 18:13:00 +01:00
ac348e4e6b
Fixes and refactoring
- fixes errors introduced in the earlier refactoring
- more variables moved to state.py
- path finding functions moved to paths.py
- remembers IPv6 network unreachable (in the future can be used to skip
  IPv6 for a while)
2017-01-11 17:00:00 +01:00
8bcfe80ad0
Refactoring of config parser and shared.py
- got rid of shared config parser and made it into a singleton
- refactored safeConfigGetBoolean as a method of the config singleton
- refactored safeConfigGet as a method of the config singleton
- moved softwareVersion from shared.py into version.py
- moved some global variables from shared.py into state.py
- moved some protocol-specific functions from shared.py into protocol.py
2017-01-11 14:27:19 +01:00
e84b19613e
Inventory refactoring
- minor refactoring, made it into singleton instead of a shared global
  variable. This makes it a little bit cleaner and moves the class into
a separate file
- removed duplicate inventory locking
- renamed singleton.py to singleinstance.py (this is the code that
  ensures only one instance of PyBitmessage runs at the same time)
2017-01-10 21:15:35 +01:00
4f543e14c1
TLS handshake fix
- TLS handshake in python is apparently always asynchronous, so it needs
  proper handling of SSLWantReadError and SSLWantWriteError
- also adds a timeout and a proper shutdown if handshake fails
2017-01-07 23:42:07 +01:00
7ca6576dfc
Connection indicator for hidden service
- the number of connections as well as connection indicator was broken
  when running as a hidden service. This is a workaround
2016-11-16 19:36:50 +01:00
5cea1e04d1
SSL disconnect fix
- sometimes SSL connections unnecessarily disconnected on non-fatal
  errors. This should fix that. This is however a short term solution
  because of migrating to asyncore which has its own error handling
2016-11-16 15:18:09 +01:00
40090a9a12
Notify in UI if time offset wrong
- if your time is off by more than an hour, you won't be able to
  establish a connection to the network. This patch adds a UI
  notification so that the user can understand why he can't connect.
2016-10-23 10:12:49 +02:00
f242d409fd
Tor hidden service fixes
- will send the correct combination of hostname and port
- if proxyhostname is a hostname and an IP address, it will now allow
  multiple parallel connections for hidden service
2016-06-10 10:44:42 +02:00
1a40c29d22
Add Tor hidden service support
- PyBitmessage can now run as a hidden service on Tor
- three new variables in keys.dat: onionhostname, onionport, onionbindip
- you need to manually add a hidden service to tor
2016-06-07 21:59:48 +02:00
33991f4598
Implement node priority
- prioritise connecting to nodes that were online more recently
- hidden service nodes have a higher priority if using tor
2016-06-07 12:23:47 +02:00
mirrorwish
a7ec4c0555 Some preparations for python 3 2016-05-02 15:00:25 +02:00
d625659cc6 User agent parser fix 2016-05-02 15:00:25 +02:00
mirrorwish
554627dd92 Refactor Inventory 2016-05-02 15:00:25 +02:00
143abe3c34 Preliminary Tor hidden service support 2016-05-02 15:00:24 +02:00
b202ac6fab Do not allow port 0
Attackers injected node addresses with port 0 into the network. Port 0
is unusable on many OSes and can't be listened on. PyBitmessage won't
accept nodes that have port 0 anymore.
2016-05-02 15:00:24 +02:00
4c2ce7208c Sleep on invalid getdata
- postpone initial sleep until the first getdata is received
- also sleep when received a getdata request for an object that hasn't
been advertised to the other node yet
2016-05-02 15:00:24 +02:00
8f5d305242 Mitigate active internal intersection attack
There was a report that by quickly asking a large number of nodes if
they have an ACK object (which the attacker knows but it is injected
into the network by the recipient of the message), it can estimate how
an object propagates through the network, and eventually pinpoint an
originating IP address of the injection, i.e. the IP address of the
message recipient.

This patch mitigates against it by stalling when asked for a nonexisting
object (so that the attacker can't spam requests), and also upon
connection before sending its own inventory list (so that reconnecting
won't help the attacker). It estimates how long a short message takes to
propagate through the network based on how many nodes are in a stream
and bases the stalling time on that. Currently that is about 15 seconds.
Initial connection delay takes into account the time that already passed
since the connection was established.

This basically gives the attacker one shot per a combination of his own
nodes and the nodes he can connect to, and thus makes the attack much
more difficult to succeed.
2016-05-02 15:00:24 +02:00
mailchuck
4f26bf1059 private IP range checks
When advertising nodes and when establishing connections, private IP
range checks were not done. This could cause private IPs to be
advertised across the network. Also, some of the checks weren't
IPv6-aware.
Fixes Bitmessage#768
2016-05-02 15:00:23 +02:00
mailchuck
47f1c0c267 Thread names for IPv6
Thread names for IPv6 contained ":". This caused problems in log
parsers.
2016-05-02 15:00:23 +02:00
e4f31d25fc Flood mitigation optimisation
Flood mitigation was done both in the ObjectProcessorQueue as well as
receiveData threads. This patch removes the mitigation in receiveData
threads and cleans up the one in the ObjectProcessorQueue
2016-05-02 15:00:23 +02:00
mailchuck
e4a7e71790 SSL fixes 2016-05-02 15:00:21 +02:00
mailchuck
281630757e SSL fixes 2016-05-02 15:00:21 +02:00
mailchuck
18f7ef06e2 SSL fixes
Handle old Python compatibility better.
2016-05-02 15:00:21 +02:00
mailchuck
b7ad34cf15 Trusted peer flood protection
Is not needed.
Fixed Bitmessage#786
2016-05-02 15:00:21 +02:00
mailchuck
231219a193 Improved logging
Fixes 

- changed almost all "print" into logger
- threads have nicer names
- logger can have configuration in "logger.dat" in the same directory as
"keys.dat", and the logger will pick the one named "default" to replace
the "console" and "file" that are in PyBitmessage otherwise

Example file for logging to syslog:

[loggers]
keys = root,syslog

[logger_root]
level=NOTSET
handlers=syslog

[logger_syslog]
level=DEBUG
handlers=syslog
qualname=default

[handlers]
keys = syslog

[handler_syslog]
class = handlers.SysLogHandler
formatter = syslog
level = DEBUG
args=(('localhost', handlers.SYSLOG_UDP_PORT),
handlers.SysLogHandler.LOG_LOCAL7)

[formatters]
keys = syslog

[formatter_syslog]
format=%(asctime)s %(threadName)s %(filename)s@%(lineno)d %(message)s
datefmt=%b %d %H:%M:%S
2016-05-02 15:00:21 +02:00
mailchuck
2fd85bfa69 SSL workaround
Python < 2.7.9 does not support anonymous SSL server through
ssl.wrap_socket, so we have to disable it. Works fine as client.
Try to prefer secp256k1 curve (again, requires python >= 2.7.9)
2016-05-02 15:00:21 +02:00
mailchuck
c7fb9e6a43 SSL fixes
- uses constants for service flags
- requires SSL to use TLSv1 version (protection against POODLE-style
attacks)
- retry if sock.recv incomplete
2016-05-02 15:00:21 +02:00
mailchuck
53b0d2749b Opportunistic encryption with TLS (1 of 2)
Fixes Bitmessage#264
Fixes Bitmessage#648
2016-05-02 15:00:20 +02:00
mailchuck
ceda22ec94 Private IP range update
Addresses Bitmessage#768
2016-05-02 15:00:20 +02:00
mailchuck
2ec04ede40 Passive version check
Bitmessage will now notify you if it encounters someone with a newer
version. Takes into account that it should not recommend switching from
stable to unstable and vice versa. Also, temporarily treats 0.5 as a
mailchuck fork.

Fixes 
2016-05-02 15:00:19 +02:00
Jonathan Warren
cc712cb8ff finished work on specifyTTL 2015-03-09 02:35:32 -04:00
Jonathan Warren
3527983fa6 Minor refactoring 2015-02-20 17:33:17 -05:00
Jonathan Warren
0c7330f900 fix misbehaving logger.warning line 2015-01-28 14:45:29 -05:00
Jonathan Warren
0865e863ec Added ability to limit network transfer rate 2014-09-10 16:47:51 -04:00
Jonathan Warren
c306062282 Bitmessage Protocol Version Three 2014-08-27 03:14:32 -04:00
Jonathan Warren
ea6f34ade6 removed use of memoryview so that we can support python 2.7.3 2014-08-06 15:54:59 -04:00
Jonathan Warren
9e16e81283 resolve merge conflict and show transfer rate 2014-08-01 17:25:47 -04:00
Jonathan Warren
a2a7edc9be resolve merge conflict 2014-07-14 19:29:47 -04:00
Yuri
f107b0fbd9 Addition of bytes received/sent counts on the network information tab. 2014-07-07 13:30:23 -07:00
bmng-dev
1f9991bcd0 Fix syntax error 2014-06-08 14:03:58 +00:00
bmng-dev
0f9625aac7 Refactor packet header extraction and generation
Demote payloadLength from class instance variable to processData local variable as no other function was using it
Improve processData:
 -Utilise shared.Header
 -Use a memoryview to reduce memory overhead
 -Clean up variables before a recursive call
 -Strip null bytes from command
Refactor sendData
Various functions:
 -Use shared.CreatePacket to generate packets
Fix typo in _checkIPv4Address
2014-05-22 15:57:48 +00:00
antius
53a3d1635a Make addDataPadding method to avoid clutter. 2014-05-02 16:46:36 +02:00
Jonathan Warren
38d7db24ad Merge pull request from bpeel/wip/trusted-peer
Add a 'trustedpeer' option to keys.dat
2014-04-30 17:42:28 -04:00
Jonathan Warren
22934441dc Fix - 'PyBitmessage does not wait for verack' 2014-04-30 15:39:25 -04:00
Jonathan Warren
114ba4e23a slightly modify IPv6 modifications so that IPv4-only hosts properly handle v6 IPs 2014-04-27 18:05:43 -04:00
Neil Roberts
7da6ea958f Add support for IPv6
It will now listen on an IPv6 socket if possible or fall back to IPv4
if that doesn't work. It will no longer filter out all IPv6 addresses
and instead it will only filter out those that point to the local
network.

It looks like the DNS bootstrapping should just automatically work
because getaddrinfo already returns IPv6 addresses from the AAAA
record.

In order to convert from the ASCII representation of IPv6 addresses
and back we need inet_ntop and inet_pton. Python 2 doesn't currently
provide these for Windows so instead this patch provides a hot patch
to the socket module which wraps WSAStringToAddress and
WSAAddressToString using ctypes.
2014-03-12 01:48:48 +00:00