From 60da1eaa1113e7318e273144e7ef9c8895d7ed54 Mon Sep 17 00:00:00 2001 From: Vasil Dimov Date: Mon, 18 Jan 2021 14:27:00 +0100 Subject: [PATCH 1/6] timedata: make it possible to reset the state Add a new function `TestOnlyResetTimeData()` which would reset the internal state used by `GetTimeOffset()`, `GetAdjustedTime()` and `AddTimeData()`. This is needed so that unit tests that call `AddTimeData()` can restore the state in order not to confuse other tests that rely on it. Currently `timedata_tests/addtimedata` is the only test that modifies the state (via `AddTimeData()`) and also the only test that relies on that state. --- src/test/timedata_tests.cpp | 3 ++- src/timedata.cpp | 16 +++++++++++++--- src/timedata.h | 5 +++++ 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/src/test/timedata_tests.cpp b/src/test/timedata_tests.cpp index 1dcee23bbbc..478d61d5e2d 100644 --- a/src/test/timedata_tests.cpp +++ b/src/test/timedata_tests.cpp @@ -96,9 +96,10 @@ BOOST_AUTO_TEST_CASE(addtimedata) // not to fix this because it prevents possible attacks. See the comment in AddTimeData() or issue #4521 // for a more detailed explanation. MultiAddTimeData(2, 100); // filter median is 100 now, but nTimeOffset will not change + // We want this test to end with nTimeOffset==0, otherwise subsequent tests of the suite will fail. BOOST_CHECK_EQUAL(GetTimeOffset(), 0); - // We want this test to end with nTimeOffset==0, otherwise subsequent tests of the suite will fail. + TestOnlyResetTimeData(); } BOOST_AUTO_TEST_SUITE_END() diff --git a/src/timedata.cpp b/src/timedata.cpp index 541580b3ff0..ed651e3e9e9 100644 --- a/src/timedata.cpp +++ b/src/timedata.cpp @@ -39,18 +39,20 @@ int64_t GetAdjustedTime() #define BITCOIN_TIMEDATA_MAX_SAMPLES 200 +static std::set setKnown; +static CMedianFilter vTimeOffsets(BITCOIN_TIMEDATA_MAX_SAMPLES, 0); +static bool fDone; + void AddTimeData(const CNetAddr& ip, int64_t nOffsetSample) { LOCK(g_timeoffset_mutex); // Ignore duplicates - static std::set setKnown; if (setKnown.size() == BITCOIN_TIMEDATA_MAX_SAMPLES) return; if (!setKnown.insert(ip).second) return; // Add data - static CMedianFilter vTimeOffsets(BITCOIN_TIMEDATA_MAX_SAMPLES, 0); vTimeOffsets.input(nOffsetSample); LogPrint(BCLog::NET, "added time data, samples %d, offset %+d (%+d minutes)\n", vTimeOffsets.size(), nOffsetSample, nOffsetSample / 60); @@ -81,7 +83,6 @@ void AddTimeData(const CNetAddr& ip, int64_t nOffsetSample) } else { nTimeOffset = 0; - static bool fDone; if (!fDone) { // If nobody has a time different than ours but within 5 minutes of ours, give a warning bool fMatch = false; @@ -108,3 +109,12 @@ void AddTimeData(const CNetAddr& ip, int64_t nOffsetSample) } } } + +void TestOnlyResetTimeData() +{ + LOCK(g_timeoffset_mutex); + nTimeOffset = 0; + setKnown.clear(); + vTimeOffsets = CMedianFilter(BITCOIN_TIMEDATA_MAX_SAMPLES, 0); + fDone = false; +} diff --git a/src/timedata.h b/src/timedata.h index b165ecde267..2f039d5465c 100644 --- a/src/timedata.h +++ b/src/timedata.h @@ -75,4 +75,9 @@ int64_t GetTimeOffset(); int64_t GetAdjustedTime(); void AddTimeData(const CNetAddr& ip, int64_t nTime); +/** + * Reset the internal state of GetTimeOffset(), GetAdjustedTime() and AddTimeData(). + */ +void TestOnlyResetTimeData(); + #endif // BITCOIN_TIMEDATA_H From 43868ba416727effd515a471e2a337c3b8cacc37 Mon Sep 17 00:00:00 2001 From: Vasil Dimov Date: Mon, 18 Jan 2021 14:34:03 +0100 Subject: [PATCH 2/6] timedata: rename variables to match the coding style Rename the local variables in `src/timedata.cpp`: `setKnown` -> `g_sources` `vTimeOffsets` -> `g_time_offsets` `fDone` -> `g_warning_emitted` --- src/timedata.cpp | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/timedata.cpp b/src/timedata.cpp index ed651e3e9e9..06659871e5e 100644 --- a/src/timedata.cpp +++ b/src/timedata.cpp @@ -39,31 +39,31 @@ int64_t GetAdjustedTime() #define BITCOIN_TIMEDATA_MAX_SAMPLES 200 -static std::set setKnown; -static CMedianFilter vTimeOffsets(BITCOIN_TIMEDATA_MAX_SAMPLES, 0); -static bool fDone; +static std::set g_sources; +static CMedianFilter g_time_offsets{BITCOIN_TIMEDATA_MAX_SAMPLES, 0}; +static bool g_warning_emitted; void AddTimeData(const CNetAddr& ip, int64_t nOffsetSample) { LOCK(g_timeoffset_mutex); // Ignore duplicates - if (setKnown.size() == BITCOIN_TIMEDATA_MAX_SAMPLES) + if (g_sources.size() == BITCOIN_TIMEDATA_MAX_SAMPLES) return; - if (!setKnown.insert(ip).second) + if (!g_sources.insert(ip).second) return; // Add data - vTimeOffsets.input(nOffsetSample); - LogPrint(BCLog::NET, "added time data, samples %d, offset %+d (%+d minutes)\n", vTimeOffsets.size(), nOffsetSample, nOffsetSample / 60); + g_time_offsets.input(nOffsetSample); + LogPrint(BCLog::NET, "added time data, samples %d, offset %+d (%+d minutes)\n", g_time_offsets.size(), nOffsetSample, nOffsetSample / 60); // There is a known issue here (see issue #4521): // - // - The structure vTimeOffsets contains up to 200 elements, after which + // - The structure g_time_offsets contains up to 200 elements, after which // any new element added to it will not increase its size, replacing the // oldest element. // // - The condition to update nTimeOffset includes checking whether the - // number of elements in vTimeOffsets is odd, which will never happen after + // number of elements in g_time_offsets is odd, which will never happen after // there are 200 elements. // // But in this case the 'bug' is protective against some attacks, and may @@ -73,9 +73,9 @@ void AddTimeData(const CNetAddr& ip, int64_t nOffsetSample) // So we should hold off on fixing this and clean it up as part of // a timing cleanup that strengthens it in a number of other ways. // - if (vTimeOffsets.size() >= 5 && vTimeOffsets.size() % 2 == 1) { - int64_t nMedian = vTimeOffsets.median(); - std::vector vSorted = vTimeOffsets.sorted(); + if (g_time_offsets.size() >= 5 && g_time_offsets.size() % 2 == 1) { + int64_t nMedian = g_time_offsets.median(); + std::vector vSorted = g_time_offsets.sorted(); // Only let other nodes change our time by so much int64_t max_adjustment = std::max(0, gArgs.GetIntArg("-maxtimeadjustment", DEFAULT_MAX_TIME_ADJUSTMENT)); if (nMedian >= -max_adjustment && nMedian <= max_adjustment) { @@ -83,7 +83,7 @@ void AddTimeData(const CNetAddr& ip, int64_t nOffsetSample) } else { nTimeOffset = 0; - if (!fDone) { + if (!g_warning_emitted) { // If nobody has a time different than ours but within 5 minutes of ours, give a warning bool fMatch = false; for (const int64_t nOffset : vSorted) { @@ -91,7 +91,7 @@ void AddTimeData(const CNetAddr& ip, int64_t nOffsetSample) } if (!fMatch) { - fDone = true; + g_warning_emitted = true; bilingual_str strMessage = strprintf(_("Please check that your computer's date and time are correct! If your clock is wrong, %s will not work properly."), PACKAGE_NAME); SetMiscWarning(strMessage); uiInterface.ThreadSafeMessageBox(strMessage, "", CClientUIInterface::MSG_WARNING); @@ -114,7 +114,7 @@ void TestOnlyResetTimeData() { LOCK(g_timeoffset_mutex); nTimeOffset = 0; - setKnown.clear(); - vTimeOffsets = CMedianFilter(BITCOIN_TIMEDATA_MAX_SAMPLES, 0); - fDone = false; + g_sources.clear(); + g_time_offsets = CMedianFilter{BITCOIN_TIMEDATA_MAX_SAMPLES, 0}; + g_warning_emitted = false; } From 3cb9d9c861710c0cff018bee90b1969193d3ed68 Mon Sep 17 00:00:00 2001 From: Vasil Dimov Date: Thu, 22 Jul 2021 18:23:21 +0200 Subject: [PATCH 3/6] net: make CaptureMessage() mockable Rename `CaptureMessage()` to `CaptureMessageToFile()` and introduce a `std::function` variable called `CaptureMessage` whose value can be changed by unit tests, should they need to inspect message contents. --- src/net.cpp | 11 ++++++++++- src/net.h | 13 ++++++++++++- test/functional/p2p_message_capture.py | 2 +- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/src/net.cpp b/src/net.cpp index 9bb264a38a9..b31b618eea1 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -3085,7 +3085,10 @@ uint64_t CConnman::CalculateKeyedNetGroup(const CAddress& ad) const return GetDeterministicRandomizer(RANDOMIZER_ID_NETGROUP).Write(vchNetGroup.data(), vchNetGroup.size()).Finalize(); } -void CaptureMessage(const CAddress& addr, const std::string& msg_type, const Span& data, bool is_incoming) +void CaptureMessageToFile(const CAddress& addr, + const std::string& msg_type, + const Span& data, + bool is_incoming) { // Note: This function captures the message at the time of processing, // not at socket receive/send time. @@ -3112,3 +3115,9 @@ void CaptureMessage(const CAddress& addr, const std::string& msg_type, const Spa ser_writedata32(f, size); f.write(AsBytes(data)); } + +std::function& data, + bool is_incoming)> + CaptureMessage = CaptureMessageToFile; diff --git a/src/net.h b/src/net.h index bbc253e7ff3..23254e64458 100644 --- a/src/net.h +++ b/src/net.h @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -1272,7 +1273,17 @@ class CConnman }; /** Dump binary message to file, with timestamp */ -void CaptureMessage(const CAddress& addr, const std::string& msg_type, const Span& data, bool is_incoming); +void CaptureMessageToFile(const CAddress& addr, + const std::string& msg_type, + const Span& data, + bool is_incoming); + +/** Defaults to `CaptureMessageToFile()`, but can be overridden by unit tests. */ +extern std::function& data, + bool is_incoming)> + CaptureMessage; struct NodeEvictionCandidate { diff --git a/test/functional/p2p_message_capture.py b/test/functional/p2p_message_capture.py index edde9a6ecf5..0a7ae44de4f 100755 --- a/test/functional/p2p_message_capture.py +++ b/test/functional/p2p_message_capture.py @@ -20,7 +20,7 @@ MSGTYPE_SIZE = 12 def mini_parser(dat_file): - """Parse a data file created by CaptureMessage. + """Parse a data file created by CaptureMessageToFile. From the data file we'll only check the structure. From f98cdcb3574ee661223e1a09e1762b2cc85fab2f Mon Sep 17 00:00:00 2001 From: Vasil Dimov Date: Thu, 29 Jul 2021 17:47:15 +0200 Subject: [PATCH 4/6] net: pass Span by value to CaptureMessage() Span is lightweight and need not be passed by const reference. --- src/net.cpp | 4 ++-- src/net.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/net.cpp b/src/net.cpp index b31b618eea1..d35120794b9 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -3087,7 +3087,7 @@ uint64_t CConnman::CalculateKeyedNetGroup(const CAddress& ad) const void CaptureMessageToFile(const CAddress& addr, const std::string& msg_type, - const Span& data, + Span data, bool is_incoming) { // Note: This function captures the message at the time of processing, @@ -3118,6 +3118,6 @@ void CaptureMessageToFile(const CAddress& addr, std::function& data, + Span data, bool is_incoming)> CaptureMessage = CaptureMessageToFile; diff --git a/src/net.h b/src/net.h index 23254e64458..ddc1d3dd7c1 100644 --- a/src/net.h +++ b/src/net.h @@ -1275,13 +1275,13 @@ class CConnman /** Dump binary message to file, with timestamp */ void CaptureMessageToFile(const CAddress& addr, const std::string& msg_type, - const Span& data, + Span data, bool is_incoming); /** Defaults to `CaptureMessageToFile()`, but can be overridden by unit tests. */ extern std::function& data, + Span data, bool is_incoming)> CaptureMessage; From 0cfc0cd32239d3c08d2121e028b297022450b320 Mon Sep 17 00:00:00 2001 From: Vasil Dimov Date: Sun, 18 Oct 2020 14:45:35 +0200 Subject: [PATCH 5/6] net: fix GetListenPort() to derive the proper port `GetListenPort()` uses a simple logic: "if `-port=P` is given, then we must be listening on `P`, otherwise we must be listening on `8333`". This is however not true if `-bind=` has been provided with `:port` part or if `-whitebind=` has been provided. Thus, extend `GetListenPort()` to return the port from `-bind=` or `-whitebind=`, if any. Fixes https://github.com/bitcoin/bitcoin/issues/20184 (cases 1. 2. 3. 5.) --- src/init.cpp | 6 +- src/net.cpp | 37 +++- src/net_processing.cpp | 4 + src/test/net_tests.cpp | 191 +++++++++++++++++- .../feature_bind_port_externalip.py | 75 +++++++ test/functional/test_runner.py | 1 + 6 files changed, 307 insertions(+), 7 deletions(-) create mode 100755 test/functional/feature_bind_port_externalip.py diff --git a/src/init.cpp b/src/init.cpp index 9813a165632..05a8437043e 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -1689,6 +1689,10 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info) connOptions.nMaxOutboundLimit = *opt_max_upload; connOptions.m_peer_connect_timeout = peer_connect_timeout; + // Port to bind to if `-bind=addr` is provided without a `:port` suffix. + const uint16_t default_bind_port = + static_cast(args.GetIntArg("-port", Params().GetDefaultPort())); + const auto BadPortWarning = [](const char* prefix, uint16_t port) { return strprintf(_("%s request to listen on port %u. This port is considered \"bad\" and " "thus it is unlikely that any Bitcoin Core peers connect to it. See " @@ -1701,7 +1705,7 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info) CService bind_addr; const size_t index = bind_arg.rfind('='); if (index == std::string::npos) { - if (Lookup(bind_arg, bind_addr, GetListenPort(), false)) { + if (Lookup(bind_arg, bind_addr, default_bind_port, /*fAllowLookup=*/false)) { connOptions.vBinds.push_back(bind_addr); if (IsBadPort(bind_addr.GetPort())) { InitWarning(BadPortWarning("-bind", bind_addr.GetPort())); diff --git a/src/net.cpp b/src/net.cpp index d35120794b9..955eec46e38 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -126,6 +126,31 @@ void CConnman::AddAddrFetch(const std::string& strDest) uint16_t GetListenPort() { + // If -bind= is provided with ":port" part, use that (first one if multiple are provided). + for (const std::string& bind_arg : gArgs.GetArgs("-bind")) { + CService bind_addr; + constexpr uint16_t dummy_port = 0; + + if (Lookup(bind_arg, bind_addr, dummy_port, /*fAllowLookup=*/false)) { + if (bind_addr.GetPort() != dummy_port) { + return bind_addr.GetPort(); + } + } + } + + // Otherwise, if -whitebind= without NetPermissionFlags::NoBan is provided, use that + // (-whitebind= is required to have ":port"). + for (const std::string& whitebind_arg : gArgs.GetArgs("-whitebind")) { + NetWhitebindPermissions whitebind; + bilingual_str error; + if (NetWhitebindPermissions::TryParse(whitebind_arg, whitebind, error)) { + if (!NetPermissions::HasFlag(whitebind.m_flags, NetPermissionFlags::NoBan)) { + return whitebind.m_service.GetPort(); + } + } + } + + // Otherwise, if -port= is provided, use that. Otherwise use the default port. return static_cast(gArgs.GetIntArg("-port", Params().GetDefaultPort())); } @@ -221,7 +246,17 @@ std::optional GetLocalAddrForPeer(CNode *pnode) if (IsPeerAddrLocalGood(pnode) && (!addrLocal.IsRoutable() || rng.randbits((GetnScore(addrLocal) > LOCAL_MANUAL) ? 3 : 1) == 0)) { - addrLocal.SetIP(pnode->GetAddrLocal()); + if (pnode->IsInboundConn()) { + // For inbound connections, assume both the address and the port + // as seen from the peer. + addrLocal = CAddress{pnode->GetAddrLocal(), addrLocal.nServices}; + } else { + // For outbound connections, assume just the address as seen from + // the peer and leave the port in `addrLocal` as returned by + // `GetLocalAddress()` above. The peer has no way to observe our + // listening port when we have initiated the connection. + addrLocal.SetIP(pnode->GetAddrLocal()); + } } if (addrLocal.IsRoutable() || gArgs.GetBoolArg("-addrmantest", false)) { diff --git a/src/net_processing.cpp b/src/net_processing.cpp index f05b4fd8e2c..aee1e4c30c8 100644 --- a/src/net_processing.cpp +++ b/src/net_processing.cpp @@ -2711,6 +2711,10 @@ void PeerManagerImpl::ProcessMessage(CNode& pfrom, const std::string& msg_type, LogPrint(BCLog::NET, "ProcessMessages: advertising address %s\n", addr.ToString()); PushAddress(*peer, addr, insecure_rand); } else if (IsPeerAddrLocalGood(&pfrom)) { + // Override just the address with whatever the peer sees us as. + // Leave the port in addr as it was returned by GetLocalAddress() + // above, as this is an outbound connection and the peer cannot + // observe our listening port. addr.SetIP(addrMe); LogPrint(BCLog::NET, "ProcessMessages: advertising address %s\n", addr.ToString()); PushAddress(*peer, addr, insecure_rand); diff --git a/src/test/net_tests.cpp b/src/test/net_tests.cpp index 908b030eeac..fcb1a80765c 100644 --- a/src/test/net_tests.cpp +++ b/src/test/net_tests.cpp @@ -4,17 +4,23 @@ #include #include +#include #include #include +#include #include #include +#include #include #include #include #include +#include +#include #include #include #include +#include #include #include @@ -27,7 +33,7 @@ using namespace std::literals; -BOOST_FIXTURE_TEST_SUITE(net_tests, BasicTestingSetup) +BOOST_FIXTURE_TEST_SUITE(net_tests, RegTestingSetup) BOOST_AUTO_TEST_CASE(cnode_listen_port) { @@ -607,15 +613,15 @@ BOOST_AUTO_TEST_CASE(ipv4_peer_with_ipv6_addrMe_test) // set up local addresses; all that's necessary to reproduce the bug is // that a normal IPv4 address is among the entries, but if this address is // !IsRoutable the undefined behavior is easier to trigger deterministically + in_addr raw_addr; + raw_addr.s_addr = htonl(0x7f000001); + const CNetAddr mapLocalHost_entry = CNetAddr(raw_addr); { LOCK(g_maplocalhost_mutex); - in_addr ipv4AddrLocal; - ipv4AddrLocal.s_addr = 0x0100007f; - CNetAddr addr = CNetAddr(ipv4AddrLocal); LocalServiceInfo lsi; lsi.nScore = 23; lsi.nPort = 42; - mapLocalHost[addr] = lsi; + mapLocalHost[mapLocalHost_entry] = lsi; } // create a peer with an IPv4 address @@ -646,8 +652,79 @@ BOOST_AUTO_TEST_CASE(ipv4_peer_with_ipv6_addrMe_test) // suppress no-checks-run warning; if this test fails, it's by triggering a sanitizer BOOST_CHECK(1); + + // Cleanup, so that we don't confuse other tests. + { + LOCK(g_maplocalhost_mutex); + mapLocalHost.erase(mapLocalHost_entry); + } } +BOOST_AUTO_TEST_CASE(get_local_addr_for_peer_port) +{ + // Test that GetLocalAddrForPeer() properly selects the address to self-advertise: + // + // 1. GetLocalAddrForPeer() calls GetLocalAddress() which returns an address that is + // not routable. + // 2. GetLocalAddrForPeer() overrides the address with whatever the peer has told us + // he sees us as. + // 2.1. For inbound connections we must override both the address and the port. + // 2.2. For outbound connections we must override only the address. + + // Pretend that we bound to this port. + const uint16_t bind_port = 20001; + m_node.args->ForceSetArg("-bind", strprintf("3.4.5.6:%u", bind_port)); + + // Our address:port as seen from the peer, completely different from the above. + in_addr peer_us_addr; + peer_us_addr.s_addr = htonl(0x02030405); + const CAddress peer_us{CService{peer_us_addr, 20002}, NODE_NETWORK}; + + // Create a peer with a routable IPv4 address (outbound). + in_addr peer_out_in_addr; + peer_out_in_addr.s_addr = htonl(0x01020304); + CNode peer_out{/*id=*/0, + /*nLocalServicesIn=*/NODE_NETWORK, + /*sock=*/nullptr, + /*addrIn=*/CAddress{CService{peer_out_in_addr, 8333}, NODE_NETWORK}, + /*nKeyedNetGroupIn=*/0, + /*nLocalHostNonceIn=*/0, + /*addrBindIn=*/CAddress{}, + /*addrNameIn=*/std::string{}, + /*conn_type_in=*/ConnectionType::OUTBOUND_FULL_RELAY, + /*inbound_onion=*/false}; + peer_out.fSuccessfullyConnected = true; + peer_out.SetAddrLocal(peer_us); + + // Without the fix peer_us:8333 is chosen instead of the proper peer_us:bind_port. + auto chosen_local_addr = GetLocalAddrForPeer(&peer_out); + BOOST_REQUIRE(chosen_local_addr); + const CService expected{peer_us_addr, bind_port}; + BOOST_CHECK(*chosen_local_addr == expected); + + // Create a peer with a routable IPv4 address (inbound). + in_addr peer_in_in_addr; + peer_in_in_addr.s_addr = htonl(0x05060708); + CNode peer_in{/*id=*/0, + /*nLocalServicesIn=*/NODE_NETWORK, + /*sock=*/nullptr, + /*addrIn=*/CAddress{CService{peer_in_in_addr, 8333}, NODE_NETWORK}, + /*nKeyedNetGroupIn=*/0, + /*nLocalHostNonceIn=*/0, + /*addrBindIn=*/CAddress{}, + /*addrNameIn=*/std::string{}, + /*conn_type_in=*/ConnectionType::INBOUND, + /*inbound_onion=*/false}; + peer_in.fSuccessfullyConnected = true; + peer_in.SetAddrLocal(peer_us); + + // Without the fix peer_us:8333 is chosen instead of the proper peer_us:peer_us.GetPort(). + chosen_local_addr = GetLocalAddrForPeer(&peer_in); + BOOST_REQUIRE(chosen_local_addr); + BOOST_CHECK(*chosen_local_addr == peer_us); + + m_node.args->ForceSetArg("-bind", ""); +} BOOST_AUTO_TEST_CASE(LimitedAndReachable_Network) { @@ -728,4 +805,108 @@ BOOST_AUTO_TEST_CASE(LocalAddress_BasicLifecycle) BOOST_CHECK(!IsLocal(addr)); } +BOOST_AUTO_TEST_CASE(initial_advertise_from_version_message) +{ + // Tests the following scenario: + // * -bind=3.4.5.6:20001 is specified + // * we make an outbound connection to a peer + // * the peer reports he sees us as 2.3.4.5:20002 in the version message + // (20002 is a random port assigned by our OS for the outgoing TCP connection, + // we cannot accept connections to it) + // * we should self-advertise to that peer as 2.3.4.5:20001 + + // Pretend that we bound to this port. + const uint16_t bind_port = 20001; + m_node.args->ForceSetArg("-bind", strprintf("3.4.5.6:%u", bind_port)); + m_node.args->ForceSetArg("-capturemessages", "1"); + + // Our address:port as seen from the peer - 2.3.4.5:20002 (different from the above). + in_addr peer_us_addr; + peer_us_addr.s_addr = htonl(0x02030405); + const CService peer_us{peer_us_addr, 20002}; + + // Create a peer with a routable IPv4 address. + in_addr peer_in_addr; + peer_in_addr.s_addr = htonl(0x01020304); + CNode peer{/*id=*/0, + /*nLocalServicesIn=*/NODE_NETWORK, + /*sock=*/nullptr, + /*addrIn=*/CAddress{CService{peer_in_addr, 8333}, NODE_NETWORK}, + /*nKeyedNetGroupIn=*/0, + /*nLocalHostNonceIn=*/0, + /*addrBindIn=*/CAddress{}, + /*addrNameIn=*/std::string{}, + /*conn_type_in=*/ConnectionType::OUTBOUND_FULL_RELAY, + /*inbound_onion=*/false}; + + const uint64_t services{NODE_NETWORK | NODE_WITNESS}; + const int64_t time{0}; + const CNetMsgMaker msg_maker{PROTOCOL_VERSION}; + + // Force CChainState::IsInitialBlockDownload() to return false. + // Otherwise PushAddress() isn't called by PeerManager::ProcessMessage(). + TestChainState& chainstate = + *static_cast(&m_node.chainman->ActiveChainstate()); + chainstate.JumpOutOfIbd(); + + m_node.peerman->InitializeNode(&peer); + + std::atomic interrupt_dummy{false}; + std::chrono::microseconds time_received_dummy{0}; + + const auto msg_version = + msg_maker.Make(NetMsgType::VERSION, PROTOCOL_VERSION, services, time, services, peer_us); + CDataStream msg_version_stream{msg_version.data, SER_NETWORK, PROTOCOL_VERSION}; + + m_node.peerman->ProcessMessage( + peer, NetMsgType::VERSION, msg_version_stream, time_received_dummy, interrupt_dummy); + + const auto msg_verack = msg_maker.Make(NetMsgType::VERACK); + CDataStream msg_verack_stream{msg_verack.data, SER_NETWORK, PROTOCOL_VERSION}; + + // Will set peer.fSuccessfullyConnected to true (necessary in SendMessages()). + m_node.peerman->ProcessMessage( + peer, NetMsgType::VERACK, msg_verack_stream, time_received_dummy, interrupt_dummy); + + // Ensure that peer_us_addr:bind_port is sent to the peer. + const CService expected{peer_us_addr, bind_port}; + bool sent{false}; + + const auto CaptureMessageOrig = CaptureMessage; + CaptureMessage = [&sent, &expected](const CAddress& addr, + const std::string& msg_type, + Span data, + bool is_incoming) -> void { + if (!is_incoming && msg_type == "addr") { + CDataStream s(data, SER_NETWORK, PROTOCOL_VERSION); + std::vector addresses; + + s >> addresses; + + for (const auto& addr : addresses) { + if (addr == expected) { + sent = true; + return; + } + } + } + }; + + { + LOCK(peer.cs_sendProcessing); + m_node.peerman->SendMessages(&peer); + } + + BOOST_CHECK(sent); + + CaptureMessage = CaptureMessageOrig; + chainstate.ResetIbd(); + m_node.args->ForceSetArg("-capturemessages", "0"); + m_node.args->ForceSetArg("-bind", ""); + // PeerManager::ProcessMessage() calls AddTimeData() which changes the internal state + // in timedata.cpp and later confuses the test "timedata_tests/addtimedata". Thus reset + // that state as it was before our test was run. + TestOnlyResetTimeData(); +} + BOOST_AUTO_TEST_SUITE_END() diff --git a/test/functional/feature_bind_port_externalip.py b/test/functional/feature_bind_port_externalip.py new file mode 100755 index 00000000000..6a74ce5738a --- /dev/null +++ b/test/functional/feature_bind_port_externalip.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python3 +# Copyright (c) 2020-2021 The Bitcoin Core developers +# Distributed under the MIT software license, see the accompanying +# file COPYING or http://www.opensource.org/licenses/mit-license.php. +""" +Test that the proper port is used for -externalip= +""" + +from test_framework.test_framework import BitcoinTestFramework, SkipTest +from test_framework.util import assert_equal, p2p_port + +# We need to bind to a routable address for this test to exercise the relevant code. +# To set a routable address on the machine use: +# Linux: +# ifconfig lo:0 1.1.1.1/32 up # to set up +# ifconfig lo:0 down # to remove it, after the test +# FreeBSD: +# ifconfig lo0 1.1.1.1/32 alias # to set up +# ifconfig lo0 1.1.1.1 -alias # to remove it, after the test +ADDR = '1.1.1.1' + +# array of tuples [arguments, expected port in localaddresses] +EXPECTED = [ + [['-externalip=2.2.2.2', '-port=30001'], 30001], + [['-externalip=2.2.2.2', '-port=30002', f'-bind={ADDR}'], 30002], + [['-externalip=2.2.2.2', f'-bind={ADDR}'], 'default_p2p_port'], + [['-externalip=2.2.2.2', '-port=30003', f'-bind={ADDR}:30004'], 30004], + [['-externalip=2.2.2.2', f'-bind={ADDR}:30005'], 30005], + [['-externalip=2.2.2.2:30006', '-port=30007'], 30006], + [['-externalip=2.2.2.2:30008', '-port=30009', f'-bind={ADDR}'], 30008], + [['-externalip=2.2.2.2:30010', f'-bind={ADDR}'], 30010], + [['-externalip=2.2.2.2:30011', '-port=30012', f'-bind={ADDR}:30013'], 30011], + [['-externalip=2.2.2.2:30014', f'-bind={ADDR}:30015'], 30014], + [['-externalip=2.2.2.2', '-port=30016', f'-bind={ADDR}:30017', + f'-whitebind={ADDR}:30018'], 30017], + [['-externalip=2.2.2.2', '-port=30019', + f'-whitebind={ADDR}:30020'], 30020], +] + +class BindPortExternalIPTest(BitcoinTestFramework): + def set_test_params(self): + # Avoid any -bind= on the command line. Force the framework to avoid adding -bind=127.0.0.1. + self.setup_clean_chain = True + self.bind_to_localhost_only = False + self.num_nodes = len(EXPECTED) + self.extra_args = list(map(lambda e: e[0], EXPECTED)) + + def add_options(self, parser): + parser.add_argument( + "--ihave1111", action='store_true', dest="ihave1111", + help=f"Run the test, assuming {ADDR} is configured on the machine", + default=False) + + def skip_test_if_missing_module(self): + if not self.options.ihave1111: + raise SkipTest( + f"To run this test make sure that {ADDR} (a routable address) is assigned " + "to one of the interfaces on this machine and rerun with --ihave1111") + + def run_test(self): + self.log.info("Test the proper port is used for -externalip=") + for i in range(len(EXPECTED)): + expected_port = EXPECTED[i][1] + if expected_port == 'default_p2p_port': + expected_port = p2p_port(i) + found = False + for local in self.nodes[i].getnetworkinfo()['localaddresses']: + if local['address'] == '2.2.2.2': + assert_equal(local['port'], expected_port) + found = True + break + assert found + +if __name__ == '__main__': + BindPortExternalIPTest().main() diff --git a/test/functional/test_runner.py b/test/functional/test_runner.py index d15edcedd21..33afbfef6fb 100755 --- a/test/functional/test_runner.py +++ b/test/functional/test_runner.py @@ -276,6 +276,7 @@ 'feature_minchainwork.py', 'rpc_estimatefee.py', 'rpc_getblockstats.py', + 'feature_bind_port_externalip.py', 'wallet_create_tx.py --legacy-wallet', 'wallet_send.py --legacy-wallet', 'wallet_send.py --descriptors', From 7d64ea4a01920bb55bc6de0de6766712ec792a11 Mon Sep 17 00:00:00 2001 From: Vasil Dimov Date: Mon, 19 Oct 2020 15:32:54 +0200 Subject: [PATCH 6/6] net: only assume all local addresses if listening on any If `-bind=` is provided then we would bind only to a particular address and should not add all the other addresses of the machine to the list of local addresses. Fixes https://github.com/bitcoin/bitcoin/issues/20184 (case 4.) --- src/init.cpp | 8 +- src/net.h | 8 ++ test/functional/feature_bind_port_discover.py | 78 +++++++++++++++++++ test/functional/test_runner.py | 1 + 4 files changed, 93 insertions(+), 2 deletions(-) create mode 100755 test/functional/feature_bind_port_discover.py diff --git a/src/init.cpp b/src/init.cpp index 05a8437043e..a3d53c3fae9 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -1668,8 +1668,6 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info) LogPrintf("nBestHeight = %d\n", chain_active_height); if (node.peerman) node.peerman->SetBestHeight(chain_active_height); - Discover(); - // Map ports with UPnP or NAT-PMP. StartMapPort(args.GetBoolArg("-upnp", DEFAULT_UPNP), gArgs.GetBoolArg("-natpmp", DEFAULT_NATPMP)); @@ -1762,6 +1760,12 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info) StartTorControl(onion_service_target); } + if (connOptions.bind_on_any) { + // Only add all IP addresses of the machine if we would be listening on + // any address - 0.0.0.0 (IPv4) and :: (IPv6). + Discover(); + } + for (const auto& net : args.GetArgs("-whitelist")) { NetWhitelistPermissions subnet; bilingual_str error; diff --git a/src/net.h b/src/net.h index ddc1d3dd7c1..a38310938b3 100644 --- a/src/net.h +++ b/src/net.h @@ -183,7 +183,15 @@ enum class ConnectionType { /** Convert ConnectionType enum to a string value */ std::string ConnectionTypeAsString(ConnectionType conn_type); + +/** + * Look up IP addresses from all interfaces on the machine and add them to the + * list of local addresses to self-advertise. + * The loopback interface is skipped and only the first address from each + * interface is used. + */ void Discover(); + uint16_t GetListenPort(); enum diff --git a/test/functional/feature_bind_port_discover.py b/test/functional/feature_bind_port_discover.py new file mode 100755 index 00000000000..6e07f2f16c8 --- /dev/null +++ b/test/functional/feature_bind_port_discover.py @@ -0,0 +1,78 @@ +#!/usr/bin/env python3 +# Copyright (c) 2020-2021 The Bitcoin Core developers +# Distributed under the MIT software license, see the accompanying +# file COPYING or http://www.opensource.org/licenses/mit-license.php. +""" +Test that -discover does not add all interfaces' addresses if we listen on only some of them +""" + +from test_framework.test_framework import BitcoinTestFramework, SkipTest +from test_framework.util import assert_equal + +# We need to bind to a routable address for this test to exercise the relevant code +# and also must have another routable address on another interface which must not +# be named "lo" or "lo0". +# To set these routable addresses on the machine, use: +# Linux: +# ifconfig lo:0 1.1.1.1/32 up && ifconfig lo:1 2.2.2.2/32 up # to set up +# ifconfig lo:0 down && ifconfig lo:1 down # to remove it, after the test +# FreeBSD: +# ifconfig em0 1.1.1.1/32 alias && ifconfig wlan0 2.2.2.2/32 alias # to set up +# ifconfig em0 1.1.1.1 -alias && ifconfig wlan0 2.2.2.2 -alias # to remove it, after the test +ADDR1 = '1.1.1.1' +ADDR2 = '2.2.2.2' + +BIND_PORT = 31001 + +class BindPortDiscoverTest(BitcoinTestFramework): + def set_test_params(self): + # Avoid any -bind= on the command line. Force the framework to avoid adding -bind=127.0.0.1. + self.setup_clean_chain = True + self.bind_to_localhost_only = False + self.extra_args = [ + ['-discover', f'-port={BIND_PORT}'], # bind on any + ['-discover', f'-bind={ADDR1}:{BIND_PORT}'], + ] + self.num_nodes = len(self.extra_args) + + def add_options(self, parser): + parser.add_argument( + "--ihave1111and2222", action='store_true', dest="ihave1111and2222", + help=f"Run the test, assuming {ADDR1} and {ADDR2} are configured on the machine", + default=False) + + def skip_test_if_missing_module(self): + if not self.options.ihave1111and2222: + raise SkipTest( + f"To run this test make sure that {ADDR1} and {ADDR2} (routable addresses) are " + "assigned to the interfaces on this machine and rerun with --ihave1111and2222") + + def run_test(self): + self.log.info( + "Test that if -bind= is not passed then all addresses are " + "added to localaddresses") + found_addr1 = False + found_addr2 = False + for local in self.nodes[0].getnetworkinfo()['localaddresses']: + if local['address'] == ADDR1: + found_addr1 = True + assert_equal(local['port'], BIND_PORT) + if local['address'] == ADDR2: + found_addr2 = True + assert_equal(local['port'], BIND_PORT) + assert found_addr1 + assert found_addr2 + + self.log.info( + "Test that if -bind= is passed then only that address is " + "added to localaddresses") + found_addr1 = False + for local in self.nodes[1].getnetworkinfo()['localaddresses']: + if local['address'] == ADDR1: + found_addr1 = True + assert_equal(local['port'], BIND_PORT) + assert local['address'] != ADDR2 + assert found_addr1 + +if __name__ == '__main__': + BindPortDiscoverTest().main() diff --git a/test/functional/test_runner.py b/test/functional/test_runner.py index 33afbfef6fb..b0f24e3b971 100755 --- a/test/functional/test_runner.py +++ b/test/functional/test_runner.py @@ -292,6 +292,7 @@ 'feature_loadblock.py', 'p2p_dos_header_tree.py', 'p2p_add_connections.py', + 'feature_bind_port_discover.py', 'p2p_unrequested_blocks.py', 'p2p_blockfilters.py', 'p2p_message_capture.py',