Commit Graph

122 Commits

Author SHA1 Message Date
e9899743ef
Typos, formatting, obsolete imports 2017-02-22 15:09:36 +01:00
6062277d60
Rename configparser.py to bmconfigparser.py
- it was causing problems with py2app because the source of python's own
  CongigParser is also configparser.py
2017-02-22 09:34:54 +01:00
ea9f10a8bb
Simplify and fix list of addresses to send
- it didn't always send the maximum possible amount
- it probably was slow
2017-02-20 22:32:49 +01:00
6c907e2046
Windows socket typo 2017-02-17 21:14:39 +01:00
f94b2d2d4b
Windows compatibility fixes
- there is no errno.WSAEAGAIN, only errno.WSAEWOULDBLOCK
2017-02-14 01:38:58 +01:00
b0539f5cb4
SSL handshake fewer errors
- don't unnecessarily raise exceptions if SSL handshake fails
2017-02-08 20:49:14 +01:00
59f3a2fbe7
Reduce cyclic dependencies
- rearranged code to reduce cyclic dependencies
- doCleanShutdown is separated in shutdown.py
- shared queues are separated in queues.py
- some default values were moved to defaults.py
- knownnodes partially moved to knownnodes.py
2017-02-08 13:41:56 +01:00
2c72b337c1
Typos and formatting 2017-02-07 20:09:11 +01:00
07722fb606
Node negotiation error handling
- complete the version and SSL handshake first, and only then feed
  errors into the stream and close connection
- this allows more accurate error handling on both sides
- also the timeOffset error trigger is now more accurate, but requires
  more nodes to upgrade
2017-02-07 19:38:52 +01:00
8515f9a9fc
Set SSL socket to blocking
- otherwise the error handling gets too complicated
2017-02-07 16:42:02 +01:00
413419c858
Timeout handling and ping
- timeouts after the connection is established will trigger a ping
- previously they were handled as unrecoverable errors
2017-02-07 16:06:24 +01:00
15c620dcc2
SSL socket blocking error handling 2017-02-07 13:00:24 +01:00
ddc0ca5ede
Retry for certain non-blocking operations
- sometimes on read, EWOULDBLOCK is returned. It should retry. A timeout
  is handled separately
2017-02-06 19:41:25 +01:00
61770ba89a
Typo 2017-02-06 19:34:38 +01:00
f6bdad18a3
Improved stream handling
- version command sends list of all participating streams
- biginv sends lists of hosts for all streams the peer wants (plus
  immediate children)
- objects will spread to all peers that advertise the associated stream
- please note these are just network subsystem adjustments, streams
  aren't actually usable yet
2017-02-06 17:47:05 +01:00
23fcf2cdec
SSL handshake python version compatibility
- error handling should now work with < 2.7.9
2017-02-03 10:05:35 +01:00
ba130e03e5
Network subsystem freezing fixes
- queues were too short
- some error handling was missing
- remove nonblocking repeats in receive data thread
- singleCleaner shouldn't wait unnecessarily
2017-02-02 15:52:32 +01:00
01a9124b7d
Less verbose SSL handshake reporting
- if SSL handshake fails, we don't need to stack trace because we know
  where it's happening. Only report the error string.
2017-01-19 19:52:54 +01:00
5ae1327edc
Download/upload shutdown fixes
- Missing renamed to PendingDownload
- PendingDownload now only retries 3 times rather than 6 to dowload an
  object
- Added PendingUpload, replacing invQueueSize
- PendingUpload has both the "len" method (number of objects not
  uploaded) as well as "progress" method, which is a float from 0
  (nothing done) to 1 (all uploaded) which considers not only objects
  but also how many nodes they are uploaded to
- PendingUpload tracks when the object is successfully uploaded to the
  remote node instead of just adding an arbitrary time after they have
  been send the corresponding "inv"
- Network status tab's "Objects to be synced" shows the sum of
  PendingUpload and PendingDownload sizes
2017-01-19 19:48:12 +01:00
ca8550a206
Don't send requests for 0 objects 2017-01-16 23:37:25 +01:00
749bb628c0
Typo 2017-01-16 23:37:03 +01:00
d652dc864d
Downloading fixes
- able to request more objects with one command
- fixes to logic and error handling
2017-01-16 19:36:58 +01:00
ca6bc9981c
Better tracking in downloading objects
- remember what was requested from which node
- remember if it was received
- re-request object if we haven't received any new object for more than
  a minute
2017-01-16 15:17:23 +01:00
dbe15d0b99
Objects to be downloaded fixes
- tries to avoid calling senddata it it would block receiveDataThread,
  allowing fore more asynchronous operation
- request objects in chunks of 100 (CPU performance optimisation)
2017-01-15 19:50:28 +01:00
f079ff5b99
Refactor objects to be downloaded
- moved logic into a Missing singleton
- shouldn't try to download duplicates anymore, only requests a hash
  once every 5 minutes and not from the same host
- removed obsoleted variables
- the "Objects to be synced" in the Network tab should now be correct
- removed some checks which aren't necessary anymore in my opinion
- fix missing self in Throttle (thanks landscape.io)
2017-01-15 19:21:24 +01:00
6d2a75bfc9
Transfer speed improvements
- send buffer to send multiple commands in one TCP packet
- recv/send operation size now based on bandwith limit
- send queue limited to 100 entries
- buffer getdata commands to fill send queue, instead of waiting for the
  data packet to arrive first (i.e. allow getdata to work asynchronously)
2017-01-15 15:08:03 +01:00
689d697a40
Refactor bandwidth limit and speed calculator
- also fixes potential deadlocks
2017-01-14 23:21:00 +01:00
02a7c59de8
OpenSSL 1.1.0 compatibility fixes
- part 2, continued from previous commit
2017-01-14 17:50:49 +01:00
fa2f87743e
SSL handshake fix
- SSL handshake would often fail, because verack packet was being sent
  at the same time as the do_handshake was executed in a different
  thread. This makes it so that do_handshake waits until verack is done
  sending.
- also minor modifications in SSLContext initialisation
2017-01-14 13:22:46 +01:00
ff8deebf60
Keep track of network protocol status 2017-01-12 19:18:56 +01:00
bd520a340f
Trustedpeer fix and more refactoring
- fixed trustedPeer (thanks to anonymous bug reporter)
- moved trustedPeer and Peer into state.py
2017-01-12 06:58:35 +01:00
5ceb920bd6
TLS tuning
- allow TLS > 1.0 with python >= 2.7.9
- tune ssl_context with python >= 2.7.9
2017-01-11 20:47:27 +01:00
c738d93056
Assorted fixes
- landscape.io was complaining, this fixes most easily fixable errors
2017-01-11 18:13:00 +01:00
ac348e4e6b
Fixes and refactoring
- fixes errors introduced in the earlier refactoring
- more variables moved to state.py
- path finding functions moved to paths.py
- remembers IPv6 network unreachable (in the future can be used to skip
  IPv6 for a while)
2017-01-11 17:00:00 +01:00
8bcfe80ad0
Refactoring of config parser and shared.py
- got rid of shared config parser and made it into a singleton
- refactored safeConfigGetBoolean as a method of the config singleton
- refactored safeConfigGet as a method of the config singleton
- moved softwareVersion from shared.py into version.py
- moved some global variables from shared.py into state.py
- moved some protocol-specific functions from shared.py into protocol.py
2017-01-11 14:27:19 +01:00
e84b19613e
Inventory refactoring
- minor refactoring, made it into singleton instead of a shared global
  variable. This makes it a little bit cleaner and moves the class into
a separate file
- removed duplicate inventory locking
- renamed singleton.py to singleinstance.py (this is the code that
  ensures only one instance of PyBitmessage runs at the same time)
2017-01-10 21:15:35 +01:00
4f543e14c1
TLS handshake fix
- TLS handshake in python is apparently always asynchronous, so it needs
  proper handling of SSLWantReadError and SSLWantWriteError
- also adds a timeout and a proper shutdown if handshake fails
2017-01-07 23:42:07 +01:00
7ca6576dfc
Connection indicator for hidden service
- the number of connections as well as connection indicator was broken
  when running as a hidden service. This is a workaround
2016-11-16 19:36:50 +01:00
5cea1e04d1
SSL disconnect fix
- sometimes SSL connections unnecessarily disconnected on non-fatal
  errors. This should fix that. This is however a short term solution
  because of migrating to asyncore which has its own error handling
2016-11-16 15:18:09 +01:00
40090a9a12
Notify in UI if time offset wrong
- if your time is off by more than an hour, you won't be able to
  establish a connection to the network. This patch adds a UI
  notification so that the user can understand why he can't connect.
2016-10-23 10:12:49 +02:00
f242d409fd
Tor hidden service fixes
- will send the correct combination of hostname and port
- if proxyhostname is a hostname and an IP address, it will now allow
  multiple parallel connections for hidden service
2016-06-10 10:44:42 +02:00
1a40c29d22
Add Tor hidden service support
- PyBitmessage can now run as a hidden service on Tor
- three new variables in keys.dat: onionhostname, onionport, onionbindip
- you need to manually add a hidden service to tor
2016-06-07 21:59:48 +02:00
33991f4598
Implement node priority
- prioritise connecting to nodes that were online more recently
- hidden service nodes have a higher priority if using tor
2016-06-07 12:23:47 +02:00
mirrorwish
a7ec4c0555 Some preparations for python 3 2016-05-02 15:00:25 +02:00
d625659cc6 User agent parser fix 2016-05-02 15:00:25 +02:00
mirrorwish
554627dd92 Refactor Inventory 2016-05-02 15:00:25 +02:00
143abe3c34 Preliminary Tor hidden service support 2016-05-02 15:00:24 +02:00
b202ac6fab Do not allow port 0
Attackers injected node addresses with port 0 into the network. Port 0
is unusable on many OSes and can't be listened on. PyBitmessage won't
accept nodes that have port 0 anymore.
2016-05-02 15:00:24 +02:00
4c2ce7208c Sleep on invalid getdata
- postpone initial sleep until the first getdata is received
- also sleep when received a getdata request for an object that hasn't
been advertised to the other node yet
2016-05-02 15:00:24 +02:00
8f5d305242 Mitigate active internal intersection attack
There was a report that by quickly asking a large number of nodes if
they have an ACK object (which the attacker knows but it is injected
into the network by the recipient of the message), it can estimate how
an object propagates through the network, and eventually pinpoint an
originating IP address of the injection, i.e. the IP address of the
message recipient.

This patch mitigates against it by stalling when asked for a nonexisting
object (so that the attacker can't spam requests), and also upon
connection before sending its own inventory list (so that reconnecting
won't help the attacker). It estimates how long a short message takes to
propagate through the network based on how many nodes are in a stream
and bases the stalling time on that. Currently that is about 15 seconds.
Initial connection delay takes into account the time that already passed
since the connection was established.

This basically gives the attacker one shot per a combination of his own
nodes and the nodes he can connect to, and thus makes the attack much
more difficult to succeed.
2016-05-02 15:00:24 +02:00