Line data Source code
1 : // Copyright (c) 2021 The Bitcoin Core developers
2 : // Distributed under the MIT software license, see the accompanying
3 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 :
5 : #ifndef BITCOIN_NETGROUP_H
6 : #define BITCOIN_NETGROUP_H
7 :
8 : #include <netaddress.h>
9 : #include <uint256.h>
10 :
11 : #include <vector>
12 :
13 : /**
14 : * Netgroup manager
15 : */
16 1141 : class NetGroupManager {
17 : public:
18 1141 : explicit NetGroupManager(std::vector<bool> asmap)
19 1141 : : m_asmap{std::move(asmap)}
20 : {}
21 :
22 : /** Get a checksum identifying the asmap being used. */
23 : uint256 GetAsmapChecksum() const;
24 :
25 : /**
26 : * Get the canonical identifier of the network group for address.
27 : *
28 : * The groups are assigned in a way where it should be costly for an attacker to
29 : * obtain addresses with many different group identifiers, even if it is cheap
30 : * to obtain addresses with the same identifier.
31 : *
32 : * @note No two connections will be attempted to addresses with the same network
33 : * group.
34 : */
35 : std::vector<unsigned char> GetGroup(const CNetAddr& address) const;
36 :
37 : /**
38 : * Get the autonomous system on the BGP path to address.
39 : *
40 : * The ip->AS mapping depends on how asmap is constructed.
41 : */
42 : uint32_t GetMappedAS(const CNetAddr& address) const;
43 :
44 : /**
45 : * Analyze and log current health of ASMap based buckets.
46 : */
47 : void ASMapHealthCheck(const std::vector<CNetAddr>& clearnet_addrs) const;
48 :
49 : /**
50 : * Indicates whether ASMap is being used for clearnet bucketing.
51 : */
52 : bool UsingASMap() const;
53 :
54 : private:
55 : /** Compressed IP->ASN mapping, loaded from a file when a node starts.
56 : *
57 : * This mapping is then used for bucketing nodes in Addrman and for
58 : * ensuring we connect to a diverse set of peers in Connman. The map is
59 : * empty if no file was provided.
60 : *
61 : * If asmap is provided, nodes will be bucketed by AS they belong to, in
62 : * order to make impossible for a node to connect to several nodes hosted
63 : * in a single AS. This is done in response to Erebus attack, but also to
64 : * generally diversify the connections every node creates, especially
65 : * useful when a large fraction of nodes operate under a couple of cloud
66 : * providers.
67 : *
68 : * If a new asmap is provided, the existing addrman records are
69 : * re-bucketed.
70 : *
71 : * This is initialized in the constructor, const, and therefore is
72 : * thread-safe. */
73 : const std::vector<bool> m_asmap;
74 : };
75 :
76 : #endif // BITCOIN_NETGROUP_H
|
