mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-11-11 14:38:29 +01:00
Merge #16702: p2p: supplying and using asmap to improve IP bucketing in addrman
3c1bc40205Add extra logging of asmap use and bucketing (Gleb Naumenko)e4658aa8eaReturn mapped AS in RPC call getpeerinfo (Gleb Naumenko)ec45646de9Integrate ASN bucketing in Addrman and add tests (Gleb Naumenko)8feb4e4b66Add asmap utility which queries a mapping (Gleb Naumenko) Pull request description: This PR attempts to solve the problem explained in #16599. A particular attack which encouraged us to work on this issue is explained here [[Erebus Attack against Bitcoin Peer-to-Peer Network](https://erebus-attack.comp.nus.edu.sg/)] (by @muoitranduc) Instead of relying on /16 prefix to diversify the connections every node creates, we would instead rely on the (ip -> ASN) mapping, if this mapping is provided. A .map file can be created by every user independently based on a router dump, or provided along with the Bitcoin release. Currently we use the python scripts written by @sipa to create a .map file, which is no larger than 2MB (awesome!). Here I suggest adding a field to peers.dat which would represent a hash of asmap file used while serializing addrman (or 0 for /16 prefix legacy approach). In this case, every time the file is updated (or grouping method changed), all buckets will be re-computed. I believe that alternative selective re-bucketing for only updated ranges would require substantial changes. TODO: - ~~more unit tests~~ - ~~find a way to test the code without including >1 MB mapping file in the repo.~~ - find a way to check that mapping file is not corrupted (checksum?) - comments and separate tests for asmap.cpp - make python code for .map generation public - figure out asmap distribution (?) ~Interesting corner case: I’m using std::hash to compute a fingerprint of asmap, and std::hash returns size_t. I guess if a user updates the OS to 64-bit, then the hash of asap will change? Does it even matter?~ ACKs for top commit: laanwj: re-ACK3c1bc40205jamesob: ACK3c1bc40205([`jamesob/ackr/16702.3.naumenkogs.p2p_supplying_and_using`](https://github.com/jamesob/bitcoin/tree/ackr/16702.3.naumenkogs.p2p_supplying_and_using)) jonatack: ACK3c1bc40205Tree-SHA512: e2dc6171188d5cdc2ab2c022fa49ed73a14a0acb8ae4c5ffa970172a0365942a249ad3d57e5fb134bc156a3492662c983f74bd21e78d316629dcadf71576800c
This commit is contained in:
Wladimir J. van der Laan
@@ -6,6 +6,7 @@
|
||||
#include <netaddress.h>
|
||||
#include <hash.h>
|
||||
#include <util/strencodings.h>
|
||||
#include <util/asmap.h>
|
||||
#include <tinyformat.h>
|
||||
|
||||
static const unsigned char pchIPv4[12] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff };
|
||||
@@ -400,6 +401,39 @@ bool CNetAddr::GetIn6Addr(struct in6_addr* pipv6Addr) const
|
||||
return true;
|
||||
}
|
||||
|
||||
uint32_t CNetAddr::GetNetClass() const {
|
||||
uint32_t net_class = NET_IPV6;
|
||||
if (IsLocal()) {
|
||||
net_class = 255;
|
||||
}
|
||||
if (IsInternal()) {
|
||||
net_class = NET_INTERNAL;
|
||||
} else if (!IsRoutable()) {
|
||||
net_class = NET_UNROUTABLE;
|
||||
} else if (IsIPv4() || IsRFC6145() || IsRFC6052() || IsRFC3964() || IsRFC4380()) {
|
||||
net_class = NET_IPV4;
|
||||
} else if (IsTor()) {
|
||||
net_class = NET_ONION;
|
||||
}
|
||||
return net_class;
|
||||
}
|
||||
|
||||
uint32_t CNetAddr::GetMappedAS(const std::vector<bool> &asmap) const {
|
||||
uint32_t net_class = GetNetClass();
|
||||
if (asmap.size() == 0 || (net_class != NET_IPV4 && net_class != NET_IPV6)) {
|
||||
return 0; // Indicates not found, safe because AS0 is reserved per RFC7607.
|
||||
}
|
||||
std::vector<bool> ip_bits(128);
|
||||
for (int8_t byte_i = 0; byte_i < 16; ++byte_i) {
|
||||
uint8_t cur_byte = GetByte(15 - byte_i);
|
||||
for (uint8_t bit_i = 0; bit_i < 8; ++bit_i) {
|
||||
ip_bits[byte_i * 8 + bit_i] = (cur_byte >> (7 - bit_i)) & 1;
|
||||
}
|
||||
}
|
||||
uint32_t mapped_as = Interpret(asmap, ip_bits);
|
||||
return mapped_as;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the canonical identifier of our network group
|
||||
*
|
||||
@@ -410,56 +444,61 @@ bool CNetAddr::GetIn6Addr(struct in6_addr* pipv6Addr) const
|
||||
* @note No two connections will be attempted to addresses with the same network
|
||||
* group.
|
||||
*/
|
||||
std::vector<unsigned char> CNetAddr::GetGroup() const
|
||||
std::vector<unsigned char> CNetAddr::GetGroup(const std::vector<bool> &asmap) const
|
||||
{
|
||||
std::vector<unsigned char> vchRet;
|
||||
int nClass = NET_IPV6;
|
||||
uint32_t net_class = GetNetClass();
|
||||
// If non-empty asmap is supplied and the address is IPv4/IPv6,
|
||||
// return ASN to be used for bucketing.
|
||||
uint32_t asn = GetMappedAS(asmap);
|
||||
if (asn != 0) { // Either asmap was empty, or address has non-asmappable net class (e.g. TOR).
|
||||
vchRet.push_back(NET_IPV6); // IPv4 and IPv6 with same ASN should be in the same bucket
|
||||
for (int i = 0; i < 4; i++) {
|
||||
vchRet.push_back((asn >> (8 * i)) & 0xFF);
|
||||
}
|
||||
return vchRet;
|
||||
}
|
||||
|
||||
vchRet.push_back(net_class);
|
||||
int nStartByte = 0;
|
||||
int nBits = 16;
|
||||
|
||||
// all local addresses belong to the same group
|
||||
if (IsLocal())
|
||||
{
|
||||
nClass = 255;
|
||||
nBits = 0;
|
||||
}
|
||||
// all internal-usage addresses get their own group
|
||||
if (IsInternal())
|
||||
{
|
||||
nClass = NET_INTERNAL;
|
||||
nStartByte = sizeof(g_internal_prefix);
|
||||
nBits = (sizeof(ip) - sizeof(g_internal_prefix)) * 8;
|
||||
}
|
||||
// all other unroutable addresses belong to the same group
|
||||
else if (!IsRoutable())
|
||||
{
|
||||
nClass = NET_UNROUTABLE;
|
||||
nBits = 0;
|
||||
}
|
||||
// for IPv4 addresses, '1' + the 16 higher-order bits of the IP
|
||||
// includes mapped IPv4, SIIT translated IPv4, and the well-known prefix
|
||||
else if (IsIPv4() || IsRFC6145() || IsRFC6052())
|
||||
{
|
||||
nClass = NET_IPV4;
|
||||
nStartByte = 12;
|
||||
}
|
||||
// for 6to4 tunnelled addresses, use the encapsulated IPv4 address
|
||||
else if (IsRFC3964())
|
||||
{
|
||||
nClass = NET_IPV4;
|
||||
nStartByte = 2;
|
||||
}
|
||||
// for Teredo-tunnelled IPv6 addresses, use the encapsulated IPv4 address
|
||||
else if (IsRFC4380())
|
||||
{
|
||||
vchRet.push_back(NET_IPV4);
|
||||
vchRet.push_back(GetByte(3) ^ 0xFF);
|
||||
vchRet.push_back(GetByte(2) ^ 0xFF);
|
||||
return vchRet;
|
||||
}
|
||||
else if (IsTor())
|
||||
{
|
||||
nClass = NET_ONION;
|
||||
nStartByte = 6;
|
||||
nBits = 4;
|
||||
}
|
||||
@@ -470,8 +509,6 @@ std::vector<unsigned char> CNetAddr::GetGroup() const
|
||||
else
|
||||
nBits = 32;
|
||||
|
||||
vchRet.push_back(nClass);
|
||||
|
||||
// push our ip onto vchRet byte by byte...
|
||||
while (nBits >= 8)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user