search

romanz / electrs

An efficient re-implementation of Electrum Server in Rust
MIT License
1.02k stars 372 forks source link

Detect p2p not being whitelisted #400

Open romanz opened 3 years ago

romanz commented 3 years ago

It'd be great if electrs at least detected this. Ideally fall back to RPC or some other technique. IDK if whitelist affects this setting but we should probably recommend whitelisting 127.0.0.1 just like NBXplorer does (it even detects lack of whitelisting and logs a message).

Originally posted by @Kixunil in https://github.com/romanz/electrs/issues/399#issuecomment-843901638

Relevant flags:

  -whitebind=<[permissions@]addr>
       Bind to the given address and add permission flags to the peers
       connecting to it. Use [host]:port notation for IPv6. Allowed
       permissions: bloomfilter (allow requesting BIP37 filtered blocks
       and transactions), noban (do not ban for misbehavior; implies
       download), forcerelay (relay transactions that are already in the
       mempool; implies relay), relay (relay even in -blocksonly mode,
       and unlimited transaction announcements), mempool (allow
       requesting BIP35 mempool contents), download (allow getheaders
       during IBD, no disconnect after maxuploadtarget limit), addr
       (responses to GETADDR avoid hitting the cache and contain random
       records with the most up-to-date info). Specify multiple
       permissions separated by commas (default:
       download,noban,mempool,relay). Can be specified multiple times.

  -whitelist=<[permissions@]IP address or network>
       Add permission flags to the peers connecting from the given IP address
       (e.g. 1.2.3.4) or CIDR-notated network (e.g. 1.2.3.0/24). Uses
       the same permissions as -whitebind. Can be specified multiple
       times.

Relevant RPC:

$ bitcoin-cli getpeerinfo
<snip>
  {
    "id": 5,
    "addr": "127.0.0.1:45344",
    "addrbind": "127.0.0.1:8333",
    "network": "not_publicly_routable",
    "services": "0000000000000009",
    "servicesnames": [
      "NETWORK",
      "WITNESS"
    ],
    "relaytxes": false,
    "lastsend": 1623911232,
    "lastrecv": 1623911232,
    "last_transaction": 0,
    "last_block": 0,
    "bytessent": 2464077,
    "bytesrecv": 27980,
    "conntime": 1623911007,
    "timeoffset": 0,
    "pingtime": 7.813688,
    "minping": 7.2e-05,
    "version": 70001,
    "subver": "electrs",
    "inbound": true,
    "bip152_hb_to": false,
    "bip152_hb_from": false,
    "startingheight": 0,
    "synced_headers": -1,
    "synced_blocks": -1,
    "inflight": [
    ],
    "permissions": [
      "noban",
      "relay",
      "mempool",
      "download"
    ],
    "minfeefilter": 0.00000000,
    "bytessent_per_msg": {
      "addr": 110,
      "alert": 192,
      "block": 2461589,
      "getheaders": 1053,
      "headers": 918,
      "ping": 64,
      "verack": 24,
      "version": 127
    },
    "bytesrecv_per_msg": {
      "getdata": 183,
      "getheaders": 27567,
      "headers": 25,
      "pong": 64,
      "verack": 24,
      "version": 117
    },
    "connection_type": "inbound"
  },
<snip>
romanz commented 3 years ago

Note that getheaders messages are ignored during IBD - unless the peer has download permission:

if (m_chainman.ActiveChainstate().IsInitialBlockDownload() && !pfrom.HasPermission(NetPermissionFlags::Download)) {
    LogPrint(BCLog::NET, "Ignoring getheaders from peer=%d because node is in initial block download\n", pfrom.GetId());
    return;
}

https://github.com/bitcoin/bitcoin/blob/d50302625e115da2bd4bcaf14c90c8b0e4872bc7/src/net_processing.cpp#L3028-L3031