From 309a0064b58deb1cf74d21a6614de8c077a73356 Mon Sep 17 00:00:00 2001 From: Conrado Gouvea Date: Tue, 7 Jun 2022 10:50:02 -0300 Subject: [PATCH] Enforce minimum protocol version (#18) * enforce minimum protocol version * use separate min protocol version for mainnet and testnet; don't connect to flux ports * point to merged btcd package --- go.mod | 2 +- go.sum | 4 ++-- zcash/client.go | 26 +++++++++++++++++++++----- 3 files changed, 24 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 4892654..ac72b1a 100644 --- a/go.mod +++ b/go.mod @@ -12,4 +12,4 @@ require ( ) // Currently pointing to "main-zfnd" branch -replace github.com/btcsuite/btcd => github.com/ZcashFoundation/btcd v0.22.0-beta.0.20211118133831-ca5d3008dd64 +replace github.com/btcsuite/btcd => github.com/ZcashFoundation/btcd v0.22.0-beta.0.20220607000607-40dc9492aa42 diff --git a/go.sum b/go.sum index b5c73d0..253b6d9 100644 --- a/go.sum +++ b/go.sum @@ -41,8 +41,8 @@ github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdko github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/sarama v1.21.0/go.mod h1:yuqtN/pe8cXRWG5zPaO7hCfNJp5MwmkoJEoLjkm5tCQ= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/ZcashFoundation/btcd v0.22.0-beta.0.20211118133831-ca5d3008dd64 h1:G6N+0l3XFLEMFfqWmjsnM0/x8TRgAijitcquCMB2tJU= -github.com/ZcashFoundation/btcd v0.22.0-beta.0.20211118133831-ca5d3008dd64/go.mod h1:9n5ntfhhHQBIhUvlhDvD3Qg6fRUj4jkN0VB8L8svzOA= +github.com/ZcashFoundation/btcd v0.22.0-beta.0.20220607000607-40dc9492aa42 h1:cVw5apH2Ku2nYxViEP6k+MjyyobbcsnKa63YnxTSgBk= +github.com/ZcashFoundation/btcd v0.22.0-beta.0.20220607000607-40dc9492aa42/go.mod h1:9n5ntfhhHQBIhUvlhDvD3Qg6fRUj4jkN0VB8L8svzOA= github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII= github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.0/go.mod h1:zpDJeKyp9ScW4NNrbdr+Eyxvry3ilGPewKoXw3XGN1k= github.com/alangpierce/go-forceexport v0.0.0-20160317203124-8f1d6941cd75/go.mod h1:uAXEEpARkRhCZfEvy/y0Jcc888f9tHCc1W7/UeEtreE= diff --git a/zcash/client.go b/zcash/client.go index a5db624..24cb0f5 100644 --- a/zcash/client.go +++ b/zcash/client.go @@ -36,13 +36,19 @@ var defaultPeerConfig = &peer.Config{ // // If this version is too low, newer peers will disconnect from the DNS seeder, // and it will only be able to talk to outdated peers. - // - // TODO: fork https://github.com/gtank/btcd/blob/master/peer/peer.go - // and set MinAcceptableProtocolVersion based on the most recently activated network upgrade - // see ticket #10 for details ProtocolVersion: 170100, // Zcash NU5 mainnet } +// The minimum acceptable protocol version for each network. +// Current (post-NU5) values are from https://zips.z.cash/zip-0252 +const MinAcceptableProtocolVersionMainnet = 170100 +const MinAcceptableProtocolVersionTestnet = 170050 + +// Denied ports. These are from a Zcash fork which uses the same magic numbers. +// While they use a smaller protocol version will be filtered out, this +// allows us to not connect to those nodes at all. +var DeniedPorts = map[uint16]struct{}{16125: {}, 26125: {}} + var ( // The minimum number of addresses we need to know about to begin serving introductions minimumReadyAddresses = 10 @@ -162,6 +168,15 @@ func newSeederPeerConfig(magic network.Network, template *peer.Config) (*peer.Co } newPeerConfig.ChainParams = params + switch magic { + case network.Mainnet, network.Regtest: + newPeerConfig.MinAcceptableProtocolVersion = MinAcceptableProtocolVersionMainnet + break + case network.Testnet: + newPeerConfig.MinAcceptableProtocolVersion = MinAcceptableProtocolVersionTestnet + break + } + return &newPeerConfig, nil } @@ -358,7 +373,8 @@ func (s *Seeder) RequestAddresses() int { return } - if !addrmgr.IsRoutable(na) && !s.config.AllowSelfConns { + _, denied := DeniedPorts[na.Port] + if denied || (!addrmgr.IsRoutable(na) && !s.config.AllowSelfConns) { s.logger.Printf("Got bad addr %s:%d from peer %s", na.IP, na.Port, "") // TODO blacklist peers who give us crap addresses //s.DisconnectAndBlacklist(peerKeyFromPeer(p))