2015-01-05 14:30:17 -05:00
|
|
|
/**
|
|
|
|
@file
|
|
|
|
@author from CrypoNote (see copyright below; Andrey N. Sabelnikov)
|
|
|
|
@monero rfree
|
|
|
|
@brief the connection templated-class for one peer connection
|
|
|
|
*/
|
2014-07-25 12:29:08 -04:00
|
|
|
// Copyright (c) 2006-2013, Andrey N. Sabelnikov, www.sabelnikov.net
|
2014-03-03 17:07:58 -05:00
|
|
|
// All rights reserved.
|
|
|
|
//
|
2014-07-25 12:29:08 -04:00
|
|
|
// Redistribution and use in source and binary forms, with or without
|
|
|
|
// modification, are permitted provided that the following conditions are met:
|
|
|
|
// * Redistributions of source code must retain the above copyright
|
|
|
|
// notice, this list of conditions and the following disclaimer.
|
|
|
|
// * Redistributions in binary form must reproduce the above copyright
|
|
|
|
// notice, this list of conditions and the following disclaimer in the
|
|
|
|
// documentation and/or other materials provided with the distribution.
|
|
|
|
// * Neither the name of the Andrey N. Sabelnikov nor the
|
|
|
|
// names of its contributors may be used to endorse or promote products
|
|
|
|
// derived from this software without specific prior written permission.
|
2014-07-23 09:03:52 -04:00
|
|
|
//
|
2014-07-25 12:29:08 -04:00
|
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
|
|
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
|
|
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER BE LIABLE FOR ANY
|
|
|
|
// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
|
|
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
|
|
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
|
|
// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2014-07-23 09:03:52 -04:00
|
|
|
//
|
2014-07-25 12:29:08 -04:00
|
|
|
|
|
|
|
|
2014-03-03 17:07:58 -05:00
|
|
|
|
2015-01-05 14:30:17 -05:00
|
|
|
#ifndef _ABSTRACT_TCP_SERVER2_H_
|
2014-03-03 17:07:58 -05:00
|
|
|
#define _ABSTRACT_TCP_SERVER2_H_
|
|
|
|
|
|
|
|
|
|
|
|
#include <string>
|
|
|
|
#include <vector>
|
|
|
|
#include <boost/noncopyable.hpp>
|
|
|
|
#include <boost/shared_ptr.hpp>
|
|
|
|
#include <atomic>
|
2018-12-16 12:57:44 -05:00
|
|
|
#include <cassert>
|
2015-01-05 14:30:17 -05:00
|
|
|
#include <map>
|
|
|
|
#include <memory>
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
#include <boost/asio.hpp>
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 18:44:48 -04:00
|
|
|
#include <boost/asio/ssl.hpp>
|
2014-03-03 17:07:58 -05:00
|
|
|
#include <boost/array.hpp>
|
|
|
|
#include <boost/noncopyable.hpp>
|
|
|
|
#include <boost/shared_ptr.hpp>
|
|
|
|
#include <boost/enable_shared_from_this.hpp>
|
|
|
|
#include <boost/interprocess/detail/atomic.hpp>
|
|
|
|
#include <boost/thread/thread.hpp>
|
|
|
|
#include "net_utils_base.h"
|
|
|
|
#include "syncobj.h"
|
2017-11-29 14:30:06 -05:00
|
|
|
#include "connection_basic.hpp"
|
|
|
|
#include "network_throttle-detail.hpp"
|
2014-03-03 17:07:58 -05:00
|
|
|
|
Change logging to easylogging++
This replaces the epee and data_loggers logging systems with
a single one, and also adds filename:line and explicit severity
levels. Categories may be defined, and logging severity set
by category (or set of categories). epee style 0-4 log level
maps to a sensible severity configuration. Log files now also
rotate when reaching 100 MB.
To select which logs to output, use the MONERO_LOGS environment
variable, with a comma separated list of categories (globs are
supported), with their requested severity level after a colon.
If a log matches more than one such setting, the last one in
the configuration string applies. A few examples:
This one is (mostly) silent, only outputting fatal errors:
MONERO_LOGS=*:FATAL
This one is very verbose:
MONERO_LOGS=*:TRACE
This one is totally silent (logwise):
MONERO_LOGS=""
This one outputs all errors and warnings, except for the
"verify" category, which prints just fatal errors (the verify
category is used for logs about incoming transactions and
blocks, and it is expected that some/many will fail to verify,
hence we don't want the spam):
MONERO_LOGS=*:WARNING,verify:FATAL
Log levels are, in decreasing order of priority:
FATAL, ERROR, WARNING, INFO, DEBUG, TRACE
Subcategories may be added using prefixes and globs. This
example will output net.p2p logs at the TRACE level, but all
other net* logs only at INFO:
MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE
Logs which are intended for the user (which Monero was using
a lot through epee, but really isn't a nice way to go things)
should use the "global" category. There are a few helper macros
for using this category, eg: MGINFO("this shows up by default")
or MGINFO_RED("this is red"), to try to keep a similar look
and feel for now.
Existing epee log macros still exist, and map to the new log
levels, but since they're used as a "user facing" UI element
as much as a logging system, they often don't map well to log
severities (ie, a log level 0 log may be an error, or may be
something we want the user to see, such as an important info).
In those cases, I tried to use the new macros. In other cases,
I left the existing macros in. When modifying logs, it is
probably best to switch to the new macros with explicit levels.
The --log-level options and set_log commands now also accept
category settings, in addition to the epee style log levels.
2017-01-01 11:34:23 -05:00
|
|
|
#undef MONERO_DEFAULT_LOG_CATEGORY
|
|
|
|
#define MONERO_DEFAULT_LOG_CATEGORY "net"
|
|
|
|
|
2014-09-15 06:46:04 -04:00
|
|
|
#define ABSTRACT_SERVER_SEND_QUE_MAX_COUNT 1000
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
namespace epee
|
|
|
|
{
|
|
|
|
namespace net_utils
|
|
|
|
{
|
|
|
|
|
|
|
|
struct i_connection_filter
|
|
|
|
{
|
2017-05-27 06:35:54 -04:00
|
|
|
virtual bool is_remote_host_allowed(const epee::net_utils::network_address &address)=0;
|
2014-03-03 17:07:58 -05:00
|
|
|
protected:
|
|
|
|
virtual ~i_connection_filter(){}
|
|
|
|
};
|
2015-01-05 14:30:17 -05:00
|
|
|
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
/************************************************************************/
|
|
|
|
/* */
|
|
|
|
/************************************************************************/
|
|
|
|
/// Represents a single connection from a client.
|
|
|
|
template<class t_protocol_handler>
|
|
|
|
class connection
|
|
|
|
: public boost::enable_shared_from_this<connection<t_protocol_handler> >,
|
|
|
|
private boost::noncopyable,
|
2015-01-05 14:30:17 -05:00
|
|
|
public i_service_endpoint,
|
|
|
|
public connection_basic
|
2014-03-03 17:07:58 -05:00
|
|
|
{
|
|
|
|
public:
|
|
|
|
typedef typename t_protocol_handler::connection_context t_connection_context;
|
2018-12-16 12:57:44 -05:00
|
|
|
|
|
|
|
struct shared_state : socket_stats
|
|
|
|
{
|
|
|
|
shared_state()
|
|
|
|
: socket_stats(), pfilter(nullptr), config()
|
|
|
|
{}
|
|
|
|
|
|
|
|
i_connection_filter* pfilter;
|
|
|
|
typename t_protocol_handler::config_type config;
|
|
|
|
};
|
|
|
|
|
2014-03-03 17:07:58 -05:00
|
|
|
/// Construct a connection with the given io_service.
|
2015-01-05 14:30:17 -05:00
|
|
|
explicit connection( boost::asio::io_service& io_service,
|
2018-12-16 12:57:44 -05:00
|
|
|
boost::shared_ptr<shared_state> state,
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 18:44:48 -04:00
|
|
|
t_connection_type connection_type,
|
|
|
|
epee::net_utils::ssl_support_t ssl_support,
|
|
|
|
ssl_context_t &ssl_context);
|
2018-12-16 12:57:44 -05:00
|
|
|
|
|
|
|
explicit connection( boost::asio::ip::tcp::socket&& sock,
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 18:44:48 -04:00
|
|
|
boost::shared_ptr<shared_state> state,
|
|
|
|
t_connection_type connection_type,
|
|
|
|
epee::net_utils::ssl_support_t ssl_support,
|
|
|
|
ssl_context_t &ssl_context);
|
|
|
|
|
|
|
|
|
2014-03-03 17:07:58 -05:00
|
|
|
|
2016-06-21 19:36:26 -04:00
|
|
|
virtual ~connection() noexcept(false);
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
/// Start the first asynchronous operation for the connection.
|
|
|
|
bool start(bool is_income, bool is_multithreaded);
|
|
|
|
|
2018-12-16 12:57:44 -05:00
|
|
|
// `real_remote` is the actual endpoint (if connection is to proxy, etc.)
|
|
|
|
bool start(bool is_income, bool is_multithreaded, network_address real_remote);
|
|
|
|
|
2014-03-03 17:07:58 -05:00
|
|
|
void get_context(t_connection_context& context_){context_ = context;}
|
|
|
|
|
|
|
|
void call_back_starter();
|
2015-04-08 13:54:07 -04:00
|
|
|
|
|
|
|
void save_dbg_log();
|
|
|
|
|
|
|
|
|
|
|
|
bool speed_limit_is_enabled() const; ///< tells us should we be sleeping here (e.g. do not sleep on RPC connections)
|
2015-12-22 07:31:22 -05:00
|
|
|
|
|
|
|
bool cancel();
|
2015-04-08 13:54:07 -04:00
|
|
|
|
2014-03-03 17:07:58 -05:00
|
|
|
private:
|
|
|
|
//----------------- i_service_endpoint ---------------------
|
2015-01-05 14:30:17 -05:00
|
|
|
virtual bool do_send(const void* ptr, size_t cb); ///< (see do_send from i_service_endpoint)
|
|
|
|
virtual bool do_send_chunk(const void* ptr, size_t cb); ///< will send (or queue) a part of data
|
2018-06-07 07:43:10 -04:00
|
|
|
virtual bool send_done();
|
2014-03-03 17:07:58 -05:00
|
|
|
virtual bool close();
|
|
|
|
virtual bool call_run_once_service_io();
|
|
|
|
virtual bool request_callback();
|
|
|
|
virtual boost::asio::io_service& get_io_service();
|
|
|
|
virtual bool add_ref();
|
|
|
|
virtual bool release();
|
|
|
|
//------------------------------------------------------
|
|
|
|
boost::shared_ptr<connection<t_protocol_handler> > safe_shared_from_this();
|
|
|
|
bool shutdown();
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 18:44:48 -04:00
|
|
|
/// Handle completion of a receive operation.
|
|
|
|
void handle_receive(const boost::system::error_code& e,
|
|
|
|
std::size_t bytes_transferred);
|
|
|
|
|
2014-03-03 17:07:58 -05:00
|
|
|
/// Handle completion of a read operation.
|
|
|
|
void handle_read(const boost::system::error_code& e,
|
|
|
|
std::size_t bytes_transferred);
|
|
|
|
|
|
|
|
/// Handle completion of a write operation.
|
|
|
|
void handle_write(const boost::system::error_code& e, size_t cb);
|
|
|
|
|
2018-05-26 14:34:13 -04:00
|
|
|
/// reset connection timeout timer and callback
|
|
|
|
void reset_timer(boost::posix_time::milliseconds ms, bool add);
|
2018-06-07 07:43:10 -04:00
|
|
|
boost::posix_time::milliseconds get_default_timeout();
|
|
|
|
boost::posix_time::milliseconds get_timeout_from_bytes_read(size_t bytes);
|
|
|
|
|
|
|
|
/// host connection count tracking
|
|
|
|
unsigned int host_count(const std::string &host, int delta = 0);
|
2018-05-26 14:34:13 -04:00
|
|
|
|
2014-03-03 17:07:58 -05:00
|
|
|
/// Buffer for incoming data.
|
|
|
|
boost::array<char, 8192> buffer_;
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 18:44:48 -04:00
|
|
|
size_t buffer_ssl_init_fill;
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
t_connection_context context;
|
|
|
|
|
2015-01-05 14:30:17 -05:00
|
|
|
// TODO what do they mean about wait on destructor?? --rfree :
|
2014-03-03 17:07:58 -05:00
|
|
|
//this should be the last one, because it could be wait on destructor, while other activities possible on other threads
|
|
|
|
t_protocol_handler m_protocol_handler;
|
|
|
|
//typename t_protocol_handler::config_type m_dummy_config;
|
2018-11-07 03:24:50 -05:00
|
|
|
size_t m_reference_count = 0; // reference count managed through add_ref/release support
|
|
|
|
boost::shared_ptr<connection<t_protocol_handler> > m_self_ref; // the reference to hold
|
2014-03-03 17:07:58 -05:00
|
|
|
critical_section m_self_refs_lock;
|
2015-01-05 14:30:17 -05:00
|
|
|
critical_section m_chunking_lock; // held while we add small chunks of the big do_send() to small do_send_chunk()
|
2018-07-11 17:02:28 -04:00
|
|
|
critical_section m_shutdown_lock; // held while shutting down
|
2015-01-05 14:30:17 -05:00
|
|
|
|
2015-04-08 13:54:07 -04:00
|
|
|
t_connection_type m_connection_type;
|
2015-02-12 14:59:39 -05:00
|
|
|
|
|
|
|
// for calculate speed (last 60 sec)
|
|
|
|
network_throttle m_throttle_speed_in;
|
|
|
|
network_throttle m_throttle_speed_out;
|
2016-03-11 07:25:28 -05:00
|
|
|
boost::mutex m_throttle_speed_in_mutex;
|
|
|
|
boost::mutex m_throttle_speed_out_mutex;
|
2015-01-05 14:30:17 -05:00
|
|
|
|
2018-05-26 14:34:13 -04:00
|
|
|
boost::asio::deadline_timer m_timer;
|
|
|
|
bool m_local;
|
2018-06-07 07:43:10 -04:00
|
|
|
bool m_ready_to_close;
|
|
|
|
std::string m_host;
|
2018-05-26 14:34:13 -04:00
|
|
|
|
2015-01-05 14:30:17 -05:00
|
|
|
public:
|
2015-04-08 13:54:07 -04:00
|
|
|
void setRpcStation();
|
2014-03-03 17:07:58 -05:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/************************************************************************/
|
|
|
|
/* */
|
|
|
|
/************************************************************************/
|
|
|
|
template<class t_protocol_handler>
|
|
|
|
class boosted_tcp_server
|
|
|
|
: private boost::noncopyable
|
|
|
|
{
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 18:44:48 -04:00
|
|
|
enum try_connect_result_t
|
|
|
|
{
|
|
|
|
CONNECT_SUCCESS,
|
|
|
|
CONNECT_FAILURE,
|
|
|
|
CONNECT_NO_SSL,
|
|
|
|
};
|
|
|
|
|
2014-03-03 17:07:58 -05:00
|
|
|
public:
|
|
|
|
typedef boost::shared_ptr<connection<t_protocol_handler> > connection_ptr;
|
|
|
|
typedef typename t_protocol_handler::connection_context t_connection_context;
|
|
|
|
/// Construct the server to listen on the specified TCP address and port, and
|
|
|
|
/// serve up files from the given directory.
|
2015-04-08 13:54:07 -04:00
|
|
|
|
2015-04-10 10:13:57 -04:00
|
|
|
boosted_tcp_server(t_connection_type connection_type);
|
|
|
|
explicit boosted_tcp_server(boost::asio::io_service& external_io_service, t_connection_type connection_type);
|
2014-03-03 17:07:58 -05:00
|
|
|
~boosted_tcp_server();
|
2015-01-05 14:30:17 -05:00
|
|
|
|
2015-04-08 13:54:07 -04:00
|
|
|
std::map<std::string, t_connection_type> server_type_map;
|
|
|
|
void create_server_type_map();
|
|
|
|
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 18:44:48 -04:00
|
|
|
bool init_server(uint32_t port, const std::string address = "0.0.0.0", epee::net_utils::ssl_support_t ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_autodetect, const std::pair<std::string, std::string> &private_key_and_certificate_path = std::make_pair(std::string(), std::string()), const std::list<std::string> &allowed_certificates = {}, const std::vector<std::vector<uint8_t>> &allowed_fingerprints = {}, bool allow_any_cert = false);
|
|
|
|
bool init_server(const std::string port, const std::string& address = "0.0.0.0", epee::net_utils::ssl_support_t ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_autodetect, const std::pair<std::string, std::string> &private_key_and_certificate_path = std::make_pair(std::string(), std::string()), const std::list<std::string> &allowed_certificates = {}, const std::vector<std::vector<uint8_t>> &allowed_fingerprints = {}, bool allow_any_cert = false);
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
/// Run the server's io_service loop.
|
2014-04-30 16:50:06 -04:00
|
|
|
bool run_server(size_t threads_count, bool wait = true, const boost::thread::attributes& attrs = boost::thread::attributes());
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
/// wait for service workers stop
|
2014-03-20 07:46:11 -04:00
|
|
|
bool timed_wait_server_stop(uint64_t wait_mseconds);
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
/// Stop the server.
|
|
|
|
void send_stop_signal();
|
|
|
|
|
2018-12-16 12:57:44 -05:00
|
|
|
bool is_stop_signal_sent() const noexcept { return m_stop_signal_sent; };
|
|
|
|
|
|
|
|
const std::atomic<bool>& get_stop_signal() const noexcept { return m_stop_signal_sent; }
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
void set_threads_prefix(const std::string& prefix_name);
|
|
|
|
|
|
|
|
bool deinit_server(){return true;}
|
|
|
|
|
|
|
|
size_t get_threads_count(){return m_threads_count;}
|
|
|
|
|
|
|
|
void set_connection_filter(i_connection_filter* pfilter);
|
|
|
|
|
2018-12-16 12:57:44 -05:00
|
|
|
void set_default_remote(epee::net_utils::network_address remote)
|
|
|
|
{
|
|
|
|
default_remote = std::move(remote);
|
|
|
|
}
|
|
|
|
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 18:44:48 -04:00
|
|
|
bool add_connection(t_connection_context& out, boost::asio::ip::tcp::socket&& sock, network_address real_remote, epee::net_utils::ssl_support_t ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_autodetect);
|
|
|
|
try_connect_result_t try_connect(connection_ptr new_connection_l, const std::string& adr, const std::string& port, boost::asio::ip::tcp::socket &sock_, const boost::asio::ip::tcp::endpoint &remote_endpoint, const std::string &bind_ip, uint32_t conn_timeout, epee::net_utils::ssl_support_t ssl_support);
|
|
|
|
bool connect(const std::string& adr, const std::string& port, uint32_t conn_timeot, t_connection_context& cn, const std::string& bind_ip = "0.0.0.0", epee::net_utils::ssl_support_t ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_autodetect);
|
2014-03-03 17:07:58 -05:00
|
|
|
template<class t_callback>
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 18:44:48 -04:00
|
|
|
bool connect_async(const std::string& adr, const std::string& port, uint32_t conn_timeot, const t_callback &cb, const std::string& bind_ip = "0.0.0.0", epee::net_utils::ssl_support_t ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_autodetect);
|
2014-03-03 17:07:58 -05:00
|
|
|
|
2018-12-16 12:57:44 -05:00
|
|
|
typename t_protocol_handler::config_type& get_config_object()
|
|
|
|
{
|
|
|
|
assert(m_state != nullptr); // always set in constructor
|
|
|
|
return m_state->config;
|
|
|
|
}
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
int get_binded_port(){return m_port;}
|
|
|
|
|
2017-11-03 08:24:36 -04:00
|
|
|
long get_connections_count() const
|
|
|
|
{
|
2018-12-16 12:57:44 -05:00
|
|
|
assert(m_state != nullptr); // always set in constructor
|
|
|
|
auto connections_count = m_state->sock_count > 0 ? (m_state->sock_count - 1) : 0; // Socket count minus listening socket
|
2017-11-03 08:24:36 -04:00
|
|
|
return connections_count;
|
|
|
|
}
|
|
|
|
|
2014-03-03 17:07:58 -05:00
|
|
|
boost::asio::io_service& get_io_service(){return io_service_;}
|
|
|
|
|
|
|
|
struct idle_callback_conext_base
|
|
|
|
{
|
|
|
|
virtual ~idle_callback_conext_base(){}
|
|
|
|
|
|
|
|
virtual bool call_handler(){return true;}
|
|
|
|
|
|
|
|
idle_callback_conext_base(boost::asio::io_service& io_serice):
|
|
|
|
m_timer(io_serice)
|
|
|
|
{}
|
|
|
|
boost::asio::deadline_timer m_timer;
|
|
|
|
};
|
|
|
|
|
|
|
|
template <class t_handler>
|
|
|
|
struct idle_callback_conext: public idle_callback_conext_base
|
|
|
|
{
|
2014-03-20 07:46:11 -04:00
|
|
|
idle_callback_conext(boost::asio::io_service& io_serice, t_handler& h, uint64_t period):
|
2014-03-03 17:07:58 -05:00
|
|
|
idle_callback_conext_base(io_serice),
|
|
|
|
m_handler(h)
|
|
|
|
{this->m_period = period;}
|
|
|
|
|
|
|
|
t_handler m_handler;
|
|
|
|
virtual bool call_handler()
|
|
|
|
{
|
|
|
|
return m_handler();
|
|
|
|
}
|
2018-10-02 08:13:57 -04:00
|
|
|
uint64_t m_period;
|
2014-03-03 17:07:58 -05:00
|
|
|
};
|
|
|
|
|
|
|
|
template<class t_handler>
|
2014-03-20 07:46:11 -04:00
|
|
|
bool add_idle_handler(t_handler t_callback, uint64_t timeout_ms)
|
2014-03-03 17:07:58 -05:00
|
|
|
{
|
2018-10-02 08:13:57 -04:00
|
|
|
boost::shared_ptr<idle_callback_conext<t_handler>> ptr(new idle_callback_conext<t_handler>(io_service_, t_callback, timeout_ms));
|
2014-03-03 17:07:58 -05:00
|
|
|
//needed call handler here ?...
|
|
|
|
ptr->m_timer.expires_from_now(boost::posix_time::milliseconds(ptr->m_period));
|
2018-10-02 08:13:57 -04:00
|
|
|
ptr->m_timer.async_wait(boost::bind(&boosted_tcp_server<t_protocol_handler>::global_timer_handler<t_handler>, this, ptr));
|
2014-03-03 17:07:58 -05:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2018-10-02 08:13:57 -04:00
|
|
|
template<class t_handler>
|
|
|
|
bool global_timer_handler(/*const boost::system::error_code& err, */boost::shared_ptr<idle_callback_conext<t_handler>> ptr)
|
2014-03-03 17:07:58 -05:00
|
|
|
{
|
|
|
|
//if handler return false - he don't want to be called anymore
|
|
|
|
if(!ptr->call_handler())
|
|
|
|
return true;
|
|
|
|
ptr->m_timer.expires_from_now(boost::posix_time::milliseconds(ptr->m_period));
|
2018-10-02 08:13:57 -04:00
|
|
|
ptr->m_timer.async_wait(boost::bind(&boosted_tcp_server<t_protocol_handler>::global_timer_handler<t_handler>, this, ptr));
|
2014-03-03 17:07:58 -05:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
template<class t_handler>
|
|
|
|
bool async_call(t_handler t_callback)
|
|
|
|
{
|
|
|
|
io_service_.post(t_callback);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
private:
|
|
|
|
/// Run the server's io_service loop.
|
|
|
|
bool worker_thread();
|
|
|
|
/// Handle completion of an asynchronous accept operation.
|
|
|
|
void handle_accept(const boost::system::error_code& e);
|
|
|
|
|
|
|
|
bool is_thread_worker();
|
|
|
|
|
2018-12-16 12:57:44 -05:00
|
|
|
const boost::shared_ptr<typename connection<t_protocol_handler>::shared_state> m_state;
|
|
|
|
|
2014-03-03 17:07:58 -05:00
|
|
|
/// The io_service used to perform asynchronous operations.
|
2019-02-10 13:40:32 -05:00
|
|
|
struct worker
|
|
|
|
{
|
|
|
|
worker()
|
|
|
|
: io_service(), work(io_service)
|
|
|
|
{}
|
|
|
|
|
|
|
|
boost::asio::io_service io_service;
|
|
|
|
boost::asio::io_service::work work;
|
|
|
|
};
|
|
|
|
std::unique_ptr<worker> m_io_service_local_instance;
|
2014-03-03 17:07:58 -05:00
|
|
|
boost::asio::io_service& io_service_;
|
|
|
|
|
|
|
|
/// Acceptor used to listen for incoming connections.
|
|
|
|
boost::asio::ip::tcp::acceptor acceptor_;
|
2018-12-16 12:57:44 -05:00
|
|
|
epee::net_utils::network_address default_remote;
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
std::atomic<bool> m_stop_signal_sent;
|
|
|
|
uint32_t m_port;
|
|
|
|
std::string m_address;
|
2015-01-05 14:30:17 -05:00
|
|
|
std::string m_thread_name_prefix; //TODO: change to enum server_type, now used
|
2014-03-03 17:07:58 -05:00
|
|
|
size_t m_threads_count;
|
|
|
|
std::vector<boost::shared_ptr<boost::thread> > m_threads;
|
|
|
|
boost::thread::id m_main_thread_id;
|
|
|
|
critical_section m_threads_lock;
|
2015-01-05 14:30:17 -05:00
|
|
|
volatile uint32_t m_thread_index; // TODO change to std::atomic
|
|
|
|
|
2015-04-08 13:54:07 -04:00
|
|
|
t_connection_type m_connection_type;
|
|
|
|
|
2015-01-05 14:30:17 -05:00
|
|
|
/// The next connection to be accepted
|
|
|
|
connection_ptr new_connection_;
|
2015-04-08 13:54:07 -04:00
|
|
|
|
2016-03-11 07:25:28 -05:00
|
|
|
boost::mutex connections_mutex;
|
2017-08-16 10:41:34 -04:00
|
|
|
std::set<connection_ptr> connections_;
|
2015-12-22 07:31:22 -05:00
|
|
|
|
epee: add SSL support
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2018-06-14 18:44:48 -04:00
|
|
|
ssl_context_t m_ssl_context;
|
|
|
|
std::list<std::string> m_allowed_certificates;
|
|
|
|
|
2015-01-05 14:30:17 -05:00
|
|
|
}; // class <>boosted_tcp_server
|
2015-04-08 13:54:07 -04:00
|
|
|
|
|
|
|
|
2015-01-05 14:30:17 -05:00
|
|
|
} // namespace
|
|
|
|
} // namespace
|
2014-03-03 17:07:58 -05:00
|
|
|
|
|
|
|
#include "abstract_tcp_server2.inl"
|
|
|
|
|
2014-04-30 16:50:06 -04:00
|
|
|
#endif
|