DragonX/dragonx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Merge branch 'duke' into danger

Browse Source
This commit is contained in:
Duke Leto
2021-04-07 17:51:35 -04:00
parent 8056c2916a ec53bba953
commit a95c8965d2
3 changed files with 33 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
doc/tor.md
View File

@@ -1,6 +1,8 @@
*** Warning: Do not assume Tor support does the correct thing in Hush; better Tor support is a future feature goal. ***
# Warning
# TOR SUPPORT IN HUSH
Do not assume Tor support works perfectly in Hush; better Tor support is currently being worked on.
# Hush + Tor
It is possible to run Hush as a Tor hidden service, and connect to such services.
@@ -34,6 +36,11 @@ In a typical situation, this suffices to run behind a Tor proxy:
./hushd -proxy=127.0.0.1:9050
If using the Tor Browser Bundle:
./hushd -proxy=127.0.0.1:9150
2. Run a Hush hidden server
----------------------------
@@ -43,11 +50,10 @@ reachable from the Tor network. Add these lines to your /etc/tor/torrc (or equiv
config file):
HiddenServiceDir /var/lib/tor/hush-service/
HiddenServicePort 7771 127.0.0.1:7771
HiddenServicePort 17771 127.0.0.1:17771
HiddenServicePort 18030 127.0.0.1:18030
The directory can be different of course, but (both) port numbers should be equal to
your hushd's P2P listen port (7771 by default).
your hushd's P2P listen port (18030 by default).
-externalip=X You can tell Hush about its publicly reachable address using
this option, and this can be a .onion address. Given the above
@@ -69,10 +75,10 @@ your hushd's P2P listen port (7771 by default).
In a typical situation, where you're only reachable via Tor, this should suffice:
./hushd -proxy=127.0.0.1:9050 -externalip=zctestseie6wxgio.onion -listen
./hushd -proxy=127.0.0.1:9050 -externalip=hushc0de123.onion -listen
(obviously, replace the Onion address with your own). It should be noted that you still
listen on all devices and another node could establish a clearnet connection, when knowing
(obviously, replace the Onion address with your own). Currently only v2 HS's are supported.
It should be noted that you still listen on all devices and another node could establish a clearnet connection, when knowing
your address. To mitigate this, additionally bind the address of your Tor proxy:
./hushd ... -bind=127.0.0.1
@@ -82,12 +88,12 @@ as well, use `discover` instead:
./hushd ... -discover
and open port 7771 on your firewall (or use -upnp).
and open port 18030 on your firewall.
If you only want to use Tor to reach onion addresses, but not use it as a proxy
for normal IPv4/IPv6 communication, use:
./hushd -onion=127.0.0.1:9050 -externalip=zctestseie6wxgio.onion -discover
./hushd -onion=127.0.0.1:9050 -externalip=hushc0de123.onion -discover
3. Automatically listen on Tor
@@ -135,9 +141,9 @@ Now use hush-cli to verify there is only a single peer connection.
[
{
"id" : 1,
"addr" : "zctestseie6wxgio.onion:17770",
"addr" : "zcashhoneypot.onion:18030",
...
"version" : 170010,
"version" : 1987420,
"subver" : "/GoldenSandtrout:3.6.0/",
...
}
@@ -145,4 +151,4 @@ Now use hush-cli to verify there is only a single peer connection.
To connect to multiple Tor nodes, use:
./hushd -onion=127.0.0.1:9050 -addnode=fuckzookoeie6wxgio.onion -dnsseed=0 -onlynet=onion
./hushd -onion=127.0.0.1:9050 -addnode=hushbeef123.onion -dnsseed=0 -onlynet=onion

86
src/main.cpp
View File

@@ -3043,77 +3043,12 @@ void ThreadScriptCheck() {
scriptcheckqueue.Thread();
}
//
// Called periodically asynchronously; alerts if it smells like
// we're being fed a bad chain (blocks being generated much
// too slowly or too quickly).
//
void PartitionCheck(bool (*initialDownloadCheck)(), CCriticalSection& cs, const CBlockIndex *const &bestHeader,
int64_t nPowTargetSpacing)
{
if (bestHeader == NULL || initialDownloadCheck()) return;
static int64_t lastAlertTime = 0;
int64_t now = GetTime();
if (lastAlertTime > now-60*60*24) return; // Alert at most once per day
const int SPAN_HOURS=4;
const int SPAN_SECONDS=SPAN_HOURS*60*60;
int BLOCKS_EXPECTED = SPAN_SECONDS / nPowTargetSpacing;
boost::math::poisson_distribution<double> poisson(BLOCKS_EXPECTED);
std::string strWarning;
int64_t startTime = GetTime()-SPAN_SECONDS;
LOCK(cs);
const CBlockIndex* i = bestHeader;
int nBlocks = 0;
while (i->GetBlockTime() >= startTime) {
++nBlocks;
i = i->pprev;
if (i == NULL) return; // Ran out of chain, we must not be fully synced
}
// How likely is it to find that many by chance?
double p = boost::math::pdf(poisson, nBlocks);
LogPrint("partitioncheck", "%s : Found %d blocks in the last %d hours\n", __func__, nBlocks, SPAN_HOURS);
LogPrint("partitioncheck", "%s : likelihood: %g\n", __func__, p);
// Aim for one false-positive about every fifty years of normal running:
const int FIFTY_YEARS = 50*365*24*60*60;
double alertThreshold = 1.0 / (FIFTY_YEARS / SPAN_SECONDS);
if (bestHeader->GetHeight() > BLOCKS_EXPECTED)
{
if (p <= alertThreshold && nBlocks < BLOCKS_EXPECTED)
{
// Many fewer blocks than expected: alert!
strWarning = strprintf(_("WARNING: check your network connection, %d blocks received in the last %d hours (%d expected)"),
nBlocks, SPAN_HOURS, BLOCKS_EXPECTED);
}
else if (p <= alertThreshold && nBlocks > BLOCKS_EXPECTED)
{
// Many more blocks than expected: alert!
strWarning = strprintf(_("WARNING: abnormally high number of blocks generated, %d blocks received in the last %d hours (%d expected)"),
nBlocks, SPAN_HOURS, BLOCKS_EXPECTED);
}
}
if (!strWarning.empty())
{
strMiscWarning = strWarning;
CAlert::Notify(strWarning, true);
lastAlertTime = now;
}
}
static int64_t nTimeVerify = 0;
static int64_t nTimeConnect = 0;
static int64_t nTimeIndex = 0;
static int64_t nTimeVerify = 0;
static int64_t nTimeConnect = 0;
static int64_t nTimeIndex = 0;
static int64_t nTimeCallbacks = 0;
static int64_t nTimeTotal = 0;
static int64_t nTimeTotal = 0;
bool FindBlockPos(int32_t tmpflag,CValidationState &state, CDiskBlockPos &pos, unsigned int nAddSize, unsigned int nHeight, uint64_t nTime, bool fKnown = false);
bool ReceivedBlockTransactions(const CBlock &block, CValidationState& state, CBlockIndex *pindexNew, const CDiskBlockPos& pos);
@@ -7324,10 +7259,15 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
LOCK(cs_main);
if (chainActive.LastTip() != 0 && chainActive.LastTip()->GetHeight() > 100000 && IsInitialBlockDownload())
{
//fprintf(stderr,"dont process getheaders during initial download\n");
return true;
if (chainActive.LastTip() != 0 && chainActive.LastTip()->GetHeight() > 100000 && IsInitialBlockDownload()) {
if(pfrom->fAllowlisted) {
LogPrint("net", "Allowing getheaders from allowlisted peer=%d during initial block download\n", pfrom->id);
} else {
LogPrint("net", "Ignoring getheaders from peer=%d because node is in initial block download\n", pfrom->id);
//fprintf(stderr,"dont process getheaders during initial download\n");
return true;
}
}
CBlockIndex* pindex = NULL;
if (locator.IsNull())

3
src/main.h
View File

@@ -239,8 +239,7 @@ bool ProcessMessages(CNode* pfrom);
bool SendMessages(CNode* pto, bool fSendTrickle);
/** Run an instance of the script checking thread */
void ThreadScriptCheck();
/** Try to detect Partition (network isolation) attacks against us */
void PartitionCheck(bool (*initialDownloadCheck)(), CCriticalSection& cs, const CBlockIndex *const &bestHeader, int64_t nPowTargetSpacing);
/** Check whether we are doing an initial block download (synchronizing from disk or network) */
bool IsInitialBlockDownload();
/** Check if the daemon is in sync, if not, it returns 1 or if due to best header only, the difference in best