Add aggressive restrictions to pre-handshake p2p buffer limit

2025-08-01 22:36:12 -04:00 · 2020-12-29 19:58:53 -05:00 · 2020-12-29 19:58:53 -05:00 · 61b6e4cc67
commit 61b6e4cc67
parent a1eca8ca7e
10 changed files with 40 additions and 11 deletions
--- a/src/cryptonote_basic/connection_context.h
+++ b/src/cryptonote_basic/connection_context.h
@ -55,6 +55,8 @@ namespace cryptonote
      state_normal
    };

+    bool handshake_complete() const noexcept { return m_state != state_before_handshake; }
+
    state m_state;
    std::vector<std::pair<crypto::hash, uint64_t>> m_needed_objects;
    std::unordered_set<crypto::hash> m_requested_objects;
--- a/src/cryptonote_protocol/cryptonote_protocol_handler.inl
+++ b/src/cryptonote_protocol/cryptonote_protocol_handler.inl
@ -2634,6 +2634,7 @@ skip:
    std::vector<std::pair<epee::net_utils::zone, boost::uuids::uuid>> fullConnections, fluffyConnections;
    m_p2p->for_each_connection([this, &exclude_context, &fullConnections, &fluffyConnections](connection_context& context, nodetool::peerid_type peer_id, uint32_t support_flags)
    {
+      // peer_id also filters out connections before handshake
      if (peer_id && exclude_context.m_connection_id != context.m_connection_id && context.m_remote_address.get_zone() == epee::net_utils::zone::public_)
      {
        if(m_core.fluffy_blocks_enabled() && (support_flags & P2P_SUPPORT_FLAG_FLUFFY_BLOCKS))
--- a/src/cryptonote_protocol/levin_notify.cpp
+++ b/src/cryptonote_protocol/levin_notify.cpp
@ -443,7 +443,7 @@ namespace levin
        zone->p2p->foreach_connection([txs, now, &zone, &source, &in_duration, &out_duration, &next_flush] (detail::p2p_context& context)
        {
          // When i2p/tor, only fluff to outbound connections
-          if (source != context.m_connection_id && (zone->nzone == epee::net_utils::zone::public_ || !context.m_is_income))
+          if (context.handshake_complete() && source != context.m_connection_id && (zone->nzone == epee::net_utils::zone::public_ || !context.m_is_income))
          {
            if (context.fluff_txs.empty())
              context.flush_time = now + (context.m_is_income ? in_duration() : out_duration());
--- a/src/p2p/net_node.h
+++ b/src/p2p/net_node.h
@ -118,6 +118,8 @@ namespace nodetool
        m_in_timedsync(false)
    {}

+    static constexpr int handshake_command() noexcept { return 1001; }
+
    std::vector<cryptonote::blobdata> fluff_txs;
    std::chrono::steady_clock::time_point flush_time;
    peerid_type peer_id;
@ -139,6 +141,7 @@ namespace nodetool

    typedef COMMAND_HANDSHAKE_T<typename t_payload_net_handler::payload_type> COMMAND_HANDSHAKE;
    typedef COMMAND_TIMED_SYNC_T<typename t_payload_net_handler::payload_type> COMMAND_TIMED_SYNC;
+    static_assert(p2p_connection_context::handshake_command() == COMMAND_HANDSHAKE::ID, "invalid handshake command id");

    typedef epee::net_utils::boosted_tcp_server<epee::levin::async_protocol_handler<p2p_connection_context>> net_server;