If enabled, pulls IPs to block on blocklist.moneropulse.*, and
blocks then for 8 days (so IPs dropping from the list will
eventually get unblocked, and DNS failures don't result in
instant clearing of the blocklist).
Enable with --enable-dns-blocklist
ff7fdf6 protocol: drop peers that don't reply to queries (moneromooo-monero)
89e984d keep only the last seen node on a given host in the white list (moneromooo-monero)
c74d8ff protocol: drop peers that decrease claimed height (moneromooo-monero)
61f5001 protocol: add scoring system to drop peers that don't behave (moneromooo-monero)
c64b94bd1 p2p: fix endianness when checking IPv6 addresses mapping to IPv4 (moneromooo-monero)
67f2bec2d p2p: make this work with boost <= 1.65 (pffff) (moneromooo-monero)
ffdf1fb1d p2p: rewrite boost's make_address_v4 to cater for < 1.66 (moneromooo)
IPv6 addresses include a range that can map IPv4 addresses,
which allowed those mapped addresses to bypass filtering.
This filter should be replaced by AS filtering at some point.
This reduces the attack surface for data that can come from
malicious sources (exported output and key images, multisig
transactions...) since the monero serialization is already
exposed to the outside, and the boost lib we were using had
a few known crashers.
For interoperability, a new load-deprecated-formats wallet
setting is added (off by default). This allows loading boost
format data if there is no alternative. It will likely go
at some point, along with the ability to load those.
Notably, the peer lists file still uses the boost serialization
code, as the data it stores is define in epee, while the new
serialization code is in monero, and migrating it was fairly
hairy. Since this file is local and not obtained from anyone
else, the marginal risk is minimal, but it could be migrated
later if needed.
Some tests and tools also do, this will stay as is for now.
When a handshake fails, it can fail due to timeout or destroyed
connection, in which case the connection will be, or already is,
closed, and we don't want to do it twice.
Additionally, when closing a connection directly from the top
level code, ensure the connection is gone from the m_connects
list so it won't be used again.
AFAICT this is now clean in netstat, /proc/PID/fd and print_cn.
This fixes a noisy (but harmless) exception.
- New flag in NOTIFY_NEW_TRANSACTION to indicate stem mode
- Stem loops detected in tx_pool.cpp
- Embargo timeout for a blackhole attack during stem phase
