Changeset View
Changeset View
Standalone View
Standalone View
src/net.h
Show First 20 Lines • Show All 533 Lines • ▼ Show 20 Lines | private: | ||||
/** | /** | ||||
* Cache responses to addr requests to minimize privacy leak. | * Cache responses to addr requests to minimize privacy leak. | ||||
* Attack example: scraping addrs in real-time may allow an attacker | * Attack example: scraping addrs in real-time may allow an attacker | ||||
* to infer new connections of the victim by detecting new records | * to infer new connections of the victim by detecting new records | ||||
* with fresh timestamps (per self-announcement). | * with fresh timestamps (per self-announcement). | ||||
*/ | */ | ||||
struct CachedAddrResponse { | struct CachedAddrResponse { | ||||
std::vector<CAddress> m_addrs_response_cache; | std::vector<CAddress> m_addrs_response_cache; | ||||
std::chrono::microseconds m_update_addr_response{0}; | std::chrono::microseconds m_cache_entry_expiration{0}; | ||||
}; | }; | ||||
/** | /** | ||||
* Addr responses stored in different caches | * Addr responses stored in different caches | ||||
* per (network, local socket) prevent cross-network node identification. | * per (network, local socket) prevent cross-network node identification. | ||||
* If a node for example is multi-homed under Tor and IPv6, | * If a node for example is multi-homed under Tor and IPv6, | ||||
* a single cache (or no cache at all) would let an attacker | * a single cache (or no cache at all) would let an attacker | ||||
* to easily detect that it is the same node by comparing responses. | * to easily detect that it is the same node by comparing responses. | ||||
* Indexing by local socket prevents leakage when a node has multiple | * Indexing by local socket prevents leakage when a node has multiple | ||||
* listening addresses on the same network. | * listening addresses on the same network. | ||||
* | * | ||||
* The used memory equals to 1000 CAddress records (or around 32 bytes) per | * The used memory equals to 1000 CAddress records (or around 40 bytes) per | ||||
* distinct Network (up to 5) we have/had an inbound peer from, | * distinct Network (up to 5) we have/had an inbound peer from, | ||||
* resulting in at most ~160 KB. Every separate local socket may | * resulting in at most ~196 KB. Every separate local socket may | ||||
* add up to ~160 KB extra. | * add up to ~196 KB extra. | ||||
*/ | */ | ||||
std::map<uint64_t, CachedAddrResponse> m_addr_response_caches; | std::map<uint64_t, CachedAddrResponse> m_addr_response_caches; | ||||
/** | /** | ||||
* Services this instance offers. | * Services this instance offers. | ||||
* | * | ||||
* This data is replicated in each CNode instance we create during peer | * This data is replicated in each CNode instance we create during peer | ||||
* connection (in ConnectNode()) under a member also called | * connection (in ConnectNode()) under a member also called | ||||
▲ Show 20 Lines • Show All 802 Lines • Show Last 20 Lines |