Utilize anti-DoS headers download strategy
ClosedPublic
Actions

Authored by PiRK on Jan 10 2024, 14:19.

Details

Reviewers

Fabien

Group Reviewers

Restricted Project

Commits

rABCc271ee7fe1bf: Utilize anti-DoS headers download strategy

Summary

Avoid permanently storing headers from a peer, unless the headers are part of a
chain with sufficiently high work. This prevents memory attacks using low-work
headers.

Designed and co-authored with Pieter Wuille.

This is a partial backport of core#25717
https://github.com/bitcoin/bitcoin/pull/25717/commits/551a8d957c4c44afbd0d608fcdf7c6a4352babce
https://github.com/bitcoin/bitcoin/pull/25960/commits/132ed7eaaa4a47ab94db72ebfab0ef0e03caa488 (use NET logging category)
https://github.com/bitcoin/bitcoin/pull/26172/commits/bdcafb913398f0cdaff9c880618f9ebfc85c7693 (bugfix)

Depends on D15125
Notes:

I added SaltedBlockHashHasher because it didn't seem right to use SaltedTxidHasher. In practice, they all do the same as the generic SaltedUInt256Hasher.
I made two of the "Initial headers sync aborted..." log messages unconditional instead of logging into the NET category. They should not be printed very often, and it is valuable information for debugging from logs shared by users. Without this, we would have to guess the problematic block height from the headersync percentage (logged only once every 2000 blocks).

Test Plan

ninja all check-all

Start a node on mainnet with a fresh download dir. Check that it catches up with theader sync and starts downloading blocks.
Repeat with tesnet.

Diff Detail

Repository

rABC Bitcoin ABC

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

PiRK created this revision.Jan 10 2024, 14:19

Herald added a reviewer: Restricted Project. · View Herald TranscriptJan 10 2024, 14:19

PiRK requested review of this revision.Jan 10 2024, 14:19

teamcity edited the summary of this revision. (Show Details)Jan 10 2024, 14:19

@bot build-ibd

teamcity awarded a token.Jan 10 2024, 14:20

PiRK added a child revision: D15130: Require callers of AcceptBlockHeader() to perform anti-dos checks.Jan 10 2024, 14:31

Harbormaster completed remote builds in B26241: Diff 44026.Jan 10 2024, 15:12

Fabien requested changes to this revision.Jan 11 2024, 09:55

Fabien added a subscriber: Fabien.

Fabien added inline comments.

src/headerssync.h
200 ↗	(On Diff #44026)	layout
src/net_processing.cpp
602 ↗	(On Diff #44026)	layout
3480 ↗	(On Diff #44026)	no need for the else
3504 ↗	(On Diff #44026)	just make it a single return statement, or at least remove the else clauses that are not necessary