Commit Graph

110 Commits

Author SHA1 Message Date
ddc0ca5ede
Retry for certain non-blocking operations
- sometimes on read, EWOULDBLOCK is returned. It should retry. A timeout
  is handled separately
2017-02-06 19:41:25 +01:00
61770ba89a
Typo 2017-02-06 19:34:38 +01:00
f6bdad18a3
Improved stream handling
- version command sends list of all participating streams
- biginv sends lists of hosts for all streams the peer wants (plus
  immediate children)
- objects will spread to all peers that advertise the associated stream
- please note these are just network subsystem adjustments, streams
  aren't actually usable yet
2017-02-06 17:47:05 +01:00
23fcf2cdec
SSL handshake python version compatibility
- error handling should now work with < 2.7.9
2017-02-03 10:05:35 +01:00
ba130e03e5
Network subsystem freezing fixes
- queues were too short
- some error handling was missing
- remove nonblocking repeats in receive data thread
- singleCleaner shouldn't wait unnecessarily
2017-02-02 15:52:32 +01:00
01a9124b7d
Less verbose SSL handshake reporting
- if SSL handshake fails, we don't need to stack trace because we know
  where it's happening. Only report the error string.
2017-01-19 19:52:54 +01:00
5ae1327edc
Download/upload shutdown fixes
- Missing renamed to PendingDownload
- PendingDownload now only retries 3 times rather than 6 to dowload an
  object
- Added PendingUpload, replacing invQueueSize
- PendingUpload has both the "len" method (number of objects not
  uploaded) as well as "progress" method, which is a float from 0
  (nothing done) to 1 (all uploaded) which considers not only objects
  but also how many nodes they are uploaded to
- PendingUpload tracks when the object is successfully uploaded to the
  remote node instead of just adding an arbitrary time after they have
  been send the corresponding "inv"
- Network status tab's "Objects to be synced" shows the sum of
  PendingUpload and PendingDownload sizes
2017-01-19 19:48:12 +01:00
ca8550a206
Don't send requests for 0 objects 2017-01-16 23:37:25 +01:00
749bb628c0
Typo 2017-01-16 23:37:03 +01:00
d652dc864d
Downloading fixes
- able to request more objects with one command
- fixes to logic and error handling
2017-01-16 19:36:58 +01:00
ca6bc9981c
Better tracking in downloading objects
- remember what was requested from which node
- remember if it was received
- re-request object if we haven't received any new object for more than
  a minute
2017-01-16 15:17:23 +01:00
dbe15d0b99
Objects to be downloaded fixes
- tries to avoid calling senddata it it would block receiveDataThread,
  allowing fore more asynchronous operation
- request objects in chunks of 100 (CPU performance optimisation)
2017-01-15 19:50:28 +01:00
f079ff5b99
Refactor objects to be downloaded
- moved logic into a Missing singleton
- shouldn't try to download duplicates anymore, only requests a hash
  once every 5 minutes and not from the same host
- removed obsoleted variables
- the "Objects to be synced" in the Network tab should now be correct
- removed some checks which aren't necessary anymore in my opinion
- fix missing self in Throttle (thanks landscape.io)
2017-01-15 19:21:24 +01:00
6d2a75bfc9
Transfer speed improvements
- send buffer to send multiple commands in one TCP packet
- recv/send operation size now based on bandwith limit
- send queue limited to 100 entries
- buffer getdata commands to fill send queue, instead of waiting for the
  data packet to arrive first (i.e. allow getdata to work asynchronously)
2017-01-15 15:08:03 +01:00
689d697a40
Refactor bandwidth limit and speed calculator
- also fixes potential deadlocks
2017-01-14 23:21:00 +01:00
02a7c59de8
OpenSSL 1.1.0 compatibility fixes
- part 2, continued from previous commit
2017-01-14 17:50:49 +01:00
fa2f87743e
SSL handshake fix
- SSL handshake would often fail, because verack packet was being sent
  at the same time as the do_handshake was executed in a different
  thread. This makes it so that do_handshake waits until verack is done
  sending.
- also minor modifications in SSLContext initialisation
2017-01-14 13:22:46 +01:00
ff8deebf60
Keep track of network protocol status 2017-01-12 19:18:56 +01:00
bd520a340f
Trustedpeer fix and more refactoring
- fixed trustedPeer (thanks to anonymous bug reporter)
- moved trustedPeer and Peer into state.py
2017-01-12 06:58:35 +01:00
5ceb920bd6
TLS tuning
- allow TLS > 1.0 with python >= 2.7.9
- tune ssl_context with python >= 2.7.9
2017-01-11 20:47:27 +01:00
c738d93056
Assorted fixes
- landscape.io was complaining, this fixes most easily fixable errors
2017-01-11 18:13:00 +01:00
ac348e4e6b
Fixes and refactoring
- fixes errors introduced in the earlier refactoring
- more variables moved to state.py
- path finding functions moved to paths.py
- remembers IPv6 network unreachable (in the future can be used to skip
  IPv6 for a while)
2017-01-11 17:00:00 +01:00
8bcfe80ad0
Refactoring of config parser and shared.py
- got rid of shared config parser and made it into a singleton
- refactored safeConfigGetBoolean as a method of the config singleton
- refactored safeConfigGet as a method of the config singleton
- moved softwareVersion from shared.py into version.py
- moved some global variables from shared.py into state.py
- moved some protocol-specific functions from shared.py into protocol.py
2017-01-11 14:27:19 +01:00
e84b19613e
Inventory refactoring
- minor refactoring, made it into singleton instead of a shared global
  variable. This makes it a little bit cleaner and moves the class into
a separate file
- removed duplicate inventory locking
- renamed singleton.py to singleinstance.py (this is the code that
  ensures only one instance of PyBitmessage runs at the same time)
2017-01-10 21:15:35 +01:00
4f543e14c1
TLS handshake fix
- TLS handshake in python is apparently always asynchronous, so it needs
  proper handling of SSLWantReadError and SSLWantWriteError
- also adds a timeout and a proper shutdown if handshake fails
2017-01-07 23:42:07 +01:00
7ca6576dfc
Connection indicator for hidden service
- the number of connections as well as connection indicator was broken
  when running as a hidden service. This is a workaround
2016-11-16 19:36:50 +01:00
5cea1e04d1
SSL disconnect fix
- sometimes SSL connections unnecessarily disconnected on non-fatal
  errors. This should fix that. This is however a short term solution
  because of migrating to asyncore which has its own error handling
2016-11-16 15:18:09 +01:00
40090a9a12
Notify in UI if time offset wrong
- if your time is off by more than an hour, you won't be able to
  establish a connection to the network. This patch adds a UI
  notification so that the user can understand why he can't connect.
2016-10-23 10:12:49 +02:00
f242d409fd
Tor hidden service fixes
- will send the correct combination of hostname and port
- if proxyhostname is a hostname and an IP address, it will now allow
  multiple parallel connections for hidden service
2016-06-10 10:44:42 +02:00
1a40c29d22
Add Tor hidden service support
- PyBitmessage can now run as a hidden service on Tor
- three new variables in keys.dat: onionhostname, onionport, onionbindip
- you need to manually add a hidden service to tor
2016-06-07 21:59:48 +02:00
33991f4598
Implement node priority
- prioritise connecting to nodes that were online more recently
- hidden service nodes have a higher priority if using tor
2016-06-07 12:23:47 +02:00
mirrorwish
a7ec4c0555 Some preparations for python 3 2016-05-02 15:00:25 +02:00
d625659cc6 User agent parser fix 2016-05-02 15:00:25 +02:00
mirrorwish
554627dd92 Refactor Inventory 2016-05-02 15:00:25 +02:00
143abe3c34 Preliminary Tor hidden service support 2016-05-02 15:00:24 +02:00
b202ac6fab Do not allow port 0
Attackers injected node addresses with port 0 into the network. Port 0
is unusable on many OSes and can't be listened on. PyBitmessage won't
accept nodes that have port 0 anymore.
2016-05-02 15:00:24 +02:00
4c2ce7208c Sleep on invalid getdata
- postpone initial sleep until the first getdata is received
- also sleep when received a getdata request for an object that hasn't
been advertised to the other node yet
2016-05-02 15:00:24 +02:00
8f5d305242 Mitigate active internal intersection attack
There was a report that by quickly asking a large number of nodes if
they have an ACK object (which the attacker knows but it is injected
into the network by the recipient of the message), it can estimate how
an object propagates through the network, and eventually pinpoint an
originating IP address of the injection, i.e. the IP address of the
message recipient.

This patch mitigates against it by stalling when asked for a nonexisting
object (so that the attacker can't spam requests), and also upon
connection before sending its own inventory list (so that reconnecting
won't help the attacker). It estimates how long a short message takes to
propagate through the network based on how many nodes are in a stream
and bases the stalling time on that. Currently that is about 15 seconds.
Initial connection delay takes into account the time that already passed
since the connection was established.

This basically gives the attacker one shot per a combination of his own
nodes and the nodes he can connect to, and thus makes the attack much
more difficult to succeed.
2016-05-02 15:00:24 +02:00
mailchuck
4f26bf1059 private IP range checks
When advertising nodes and when establishing connections, private IP
range checks were not done. This could cause private IPs to be
advertised across the network. Also, some of the checks weren't
IPv6-aware.
Fixes Bitmessage#768
2016-05-02 15:00:23 +02:00
mailchuck
47f1c0c267 Thread names for IPv6
Thread names for IPv6 contained ":". This caused problems in log
parsers.
2016-05-02 15:00:23 +02:00
e4f31d25fc Flood mitigation optimisation
Flood mitigation was done both in the ObjectProcessorQueue as well as
receiveData threads. This patch removes the mitigation in receiveData
threads and cleans up the one in the ObjectProcessorQueue
2016-05-02 15:00:23 +02:00
mailchuck
e4a7e71790 SSL fixes 2016-05-02 15:00:21 +02:00
mailchuck
281630757e SSL fixes 2016-05-02 15:00:21 +02:00
mailchuck
18f7ef06e2 SSL fixes
Handle old Python compatibility better.
2016-05-02 15:00:21 +02:00
mailchuck
b7ad34cf15 Trusted peer flood protection
Is not needed.
Fixed Bitmessage#786
2016-05-02 15:00:21 +02:00
mailchuck
231219a193 Improved logging
Fixes #118

- changed almost all "print" into logger
- threads have nicer names
- logger can have configuration in "logger.dat" in the same directory as
"keys.dat", and the logger will pick the one named "default" to replace
the "console" and "file" that are in PyBitmessage otherwise

Example file for logging to syslog:

[loggers]
keys = root,syslog

[logger_root]
level=NOTSET
handlers=syslog

[logger_syslog]
level=DEBUG
handlers=syslog
qualname=default

[handlers]
keys = syslog

[handler_syslog]
class = handlers.SysLogHandler
formatter = syslog
level = DEBUG
args=(('localhost', handlers.SYSLOG_UDP_PORT),
handlers.SysLogHandler.LOG_LOCAL7)

[formatters]
keys = syslog

[formatter_syslog]
format=%(asctime)s %(threadName)s %(filename)s@%(lineno)d %(message)s
datefmt=%b %d %H:%M:%S
2016-05-02 15:00:21 +02:00
mailchuck
2fd85bfa69 SSL workaround
Python < 2.7.9 does not support anonymous SSL server through
ssl.wrap_socket, so we have to disable it. Works fine as client.
Try to prefer secp256k1 curve (again, requires python >= 2.7.9)
2016-05-02 15:00:21 +02:00
mailchuck
c7fb9e6a43 SSL fixes
- uses constants for service flags
- requires SSL to use TLSv1 version (protection against POODLE-style
attacks)
- retry if sock.recv incomplete
2016-05-02 15:00:21 +02:00
mailchuck
53b0d2749b Opportunistic encryption with TLS (1 of 2)
Fixes Bitmessage#264
Fixes Bitmessage#648
2016-05-02 15:00:20 +02:00
mailchuck
ceda22ec94 Private IP range update
Addresses Bitmessage#768
2016-05-02 15:00:20 +02:00