From: Pieter Wuille <pieter.wuille@gmail.com>
To: bitcoin-development@lists.sourceforge.net
Subject: [Bitcoin-development] CAddrMan: Stochastic IP address manager
Date: Mon, 30 Jan 2012 03:31:02 +0100 [thread overview]
Message-ID: <CAPg+sBjNTS3n8Q3XzZi5GpBL6k_-4AxRKr0BkWa=-AAVgqS=2Q@mail.gmail.com> (raw)
Hello all,
wanting to move to IPv6 support in the Satoshi bitcoin client
somewhere in the future, the way IP addresses were managed is not
really possible anymore. Right now, basically all addresses ever seen
are kept - both on-disk and in-memory, and sorted on last-seen time
with some randomization. For some people this lead to multi-megabyte
addr.dat files that took ages (well, seconds) to load.
After some discussion with Gregory Maxwell and others on IRC, I
decided to write a specialized address manager based on an entirely
different principle: only keep a limited number of addresses, keep and
index them in-memory, and only occasionally (and asynchronously) dump
them to disk. This of course leads to a weakness: attackers may try to
poison your entire address cache with addresses they control, in order
to perform a Sybil attack. This is especially dangerous in the context
of IPv6, where much more possible addresses exist.
To protect against this, we came up with this design: keep two tables:
one that keeps addresses we've had actual connections with, and one
that maintains untried/new addresses. Both are separated into several
limited-size buckets. Each tables provides a level of protection
against sybil attacks:
* Addresses in the first table are placed in one of only a few
buckets chosen based on the address range (/16 for IPv4). This way, an
attacker cannot have tons of active nodes in the same /16 range, and
use those to fill the table.
* Addresses in the second table are placed in one of a few buckets
chosen based on address range the information came from, instead of
the address itself. This way, an attacker spamming you with tons of
"addr" messages can only still have a limited effect.
* All crucial decisions (selection of addresses, picking a place in a
bucket, which entry to evict if necessary, ...) are randomized with
biases to improve efficiency. Selection of buckets is based on a
cryptographic hash using a secret key to deterministically randomize
behaviour.
The implementation is available in pull request 787
(https://github.com/bitcoin/bitcoin/pull/787), but there is certainly
need for testing, and room for improvements. Test reports, comments,
constructive criticism, suggestions and improvements are very welcome.
--
Pieter
next reply other threads:[~2012-01-30 2:31 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-30 2:31 Pieter Wuille [this message]
2012-01-30 2:37 ` [Bitcoin-development] CAddrMan: Stochastic IP address manager Luke-Jr
2012-01-30 16:53 ` Michael Hendricks
2012-01-31 2:05 ` Gavin Andresen
2012-01-31 2:07 ` Luke-Jr
2012-01-31 2:57 ` Gregory Maxwell
2012-01-31 8:19 ` grarpamp
2012-01-31 13:50 ` solar
2012-01-31 4:33 ` Michael Hendricks
2012-01-31 7:17 ` Gregory Maxwell
2012-01-31 15:06 ` Michael Hendricks
2012-01-31 15:07 ` Michael Hendricks
2012-01-31 9:21 ` Phantomcircuit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPg+sBjNTS3n8Q3XzZi5GpBL6k_-4AxRKr0BkWa=-AAVgqS=2Q@mail.gmail.com' \
--to=pieter.wuille@gmail.com \
--cc=bitcoin-development@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox