Browse Source

Merge pull request #457 from muggenhor/async-ipv6-rpc

IPv6 RPC using asynchronously accepted connections
0.8
Pieter Wuille 13 years ago
parent
commit
4a52c187d3
  1. 2
      bitcoin-qt.pro
  2. 266
      src/bitcoinrpc.cpp
  3. 11
      src/init.cpp
  4. 2
      src/makefile.linux-mingw
  5. 2
      src/makefile.mingw

2
bitcoin-qt.pro

@ -307,7 +307,7 @@ isEmpty(BOOST_INCLUDE_PATH) {
macx:BOOST_INCLUDE_PATH = /opt/local/include macx:BOOST_INCLUDE_PATH = /opt/local/include
} }
windows:LIBS += -lws2_32 -lshlwapi windows:LIBS += -lws2_32 -lshlwapi -lmswsock
windows:DEFINES += WIN32 windows:DEFINES += WIN32
windows:RC_FILE = src/qt/res/bitcoin-qt.rc windows:RC_FILE = src/qt/res/bitcoin-qt.rc

266
src/bitcoinrpc.cpp

@ -15,14 +15,18 @@
#undef printf #undef printf
#include <boost/asio.hpp> #include <boost/asio.hpp>
#include <boost/asio/ip/v6_only.hpp>
#include <boost/bind.hpp>
#include <boost/filesystem.hpp> #include <boost/filesystem.hpp>
#include <boost/foreach.hpp>
#include <boost/iostreams/concepts.hpp> #include <boost/iostreams/concepts.hpp>
#include <boost/iostreams/stream.hpp> #include <boost/iostreams/stream.hpp>
#include <boost/algorithm/string.hpp> #include <boost/algorithm/string.hpp>
#include <boost/lexical_cast.hpp> #include <boost/lexical_cast.hpp>
#include <boost/asio/ssl.hpp> #include <boost/asio/ssl.hpp>
#include <boost/filesystem/fstream.hpp> #include <boost/filesystem/fstream.hpp>
typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> SSLStream; #include <boost/shared_ptr.hpp>
#include <list>
#define printf OutputDebugStringF #define printf OutputDebugStringF
// MinGW 3.4.5 gets "fatal error: had to relocate PCH" if the json headers are // MinGW 3.4.5 gets "fatal error: had to relocate PCH" if the json headers are
@ -2579,10 +2583,22 @@ void ErrorReply(std::ostream& stream, const Object& objError, const Value& id)
stream << HTTPReply(nStatus, strReply, false) << std::flush; stream << HTTPReply(nStatus, strReply, false) << std::flush;
} }
bool ClientAllowed(const string& strAddress) bool ClientAllowed(const boost::asio::ip::address& address)
{ {
if (strAddress == asio::ip::address_v4::loopback().to_string()) // Make sure that IPv4-compatible and IPv4-mapped IPv6 addresses are treated as IPv4 addresses
if (address.is_v6()
&& (address.to_v6().is_v4_compatible()
|| address.to_v6().is_v4_mapped()))
return ClientAllowed(address.to_v6().to_v4());
if (address == asio::ip::address_v4::loopback()
|| address == asio::ip::address_v6::loopback()
|| (address.is_v4()
// Chech whether IPv4 addresses match 127.0.0.0/8 (loopback subnet)
&& (address.to_v4().to_ulong() & 0xff000000) == 0x7f000000))
return true; return true;
const string strAddress = address.to_string();
const vector<string>& vAllow = mapMultiArgs["-rpcallowip"]; const vector<string>& vAllow = mapMultiArgs["-rpcallowip"];
BOOST_FOREACH(string strAllow, vAllow) BOOST_FOREACH(string strAllow, vAllow)
if (WildcardMatch(strAddress, strAllow)) if (WildcardMatch(strAddress, strAllow))
@ -2593,9 +2609,10 @@ bool ClientAllowed(const string& strAddress)
// //
// IOStream device that speaks SSL but can also speak non-SSL // IOStream device that speaks SSL but can also speak non-SSL
// //
template <typename Protocol>
class SSLIOStreamDevice : public iostreams::device<iostreams::bidirectional> { class SSLIOStreamDevice : public iostreams::device<iostreams::bidirectional> {
public: public:
SSLIOStreamDevice(SSLStream &streamIn, bool fUseSSLIn) : stream(streamIn) SSLIOStreamDevice(asio::ssl::stream<typename Protocol::socket> &streamIn, bool fUseSSLIn) : stream(streamIn)
{ {
fUseSSL = fUseSSLIn; fUseSSL = fUseSSLIn;
fNeedHandshake = fUseSSLIn; fNeedHandshake = fUseSSLIn;
@ -2639,21 +2656,54 @@ public:
private: private:
bool fNeedHandshake; bool fNeedHandshake;
bool fUseSSL; bool fUseSSL;
SSLStream& stream; asio::ssl::stream<typename Protocol::socket>& stream;
}; };
class AcceptedConnection class AcceptedConnection
{ {
public: public:
SSLStream sslStream; virtual ~AcceptedConnection() {}
SSLIOStreamDevice d;
iostreams::stream<SSLIOStreamDevice> stream; virtual std::iostream& stream() = 0;
virtual std::string peer_address_to_string() const = 0;
virtual void close() = 0;
};
template <typename Protocol>
class AcceptedConnectionImpl : public AcceptedConnection
{
public:
AcceptedConnectionImpl(
asio::io_service& io_service,
ssl::context &context,
bool fUseSSL) :
sslStream(io_service, context),
_d(sslStream, fUseSSL),
_stream(_d)
{
}
virtual std::iostream& stream()
{
return _stream;
}
virtual std::string peer_address_to_string() const
{
return peer.address().to_string();
}
virtual void close()
{
_stream.close();
}
ip::tcp::endpoint peer; typename Protocol::endpoint peer;
asio::ssl::stream<typename Protocol::socket> sslStream;
AcceptedConnection(asio::io_service &io_service, ssl::context &context, private:
bool fUseSSL) : sslStream(io_service, context), d(sslStream, fUseSSL), SSLIOStreamDevice<Protocol> _d;
stream(d) { ; } iostreams::stream< SSLIOStreamDevice<Protocol> > _stream;
}; };
void ThreadRPCServer(void* parg) void ThreadRPCServer(void* parg)
@ -2675,6 +2725,82 @@ void ThreadRPCServer(void* parg)
printf("ThreadRPCServer exited\n"); printf("ThreadRPCServer exited\n");
} }
// Forward declaration required for RPCListen
template <typename Protocol, typename SocketAcceptorService>
static void RPCAcceptHandler(boost::shared_ptr< basic_socket_acceptor<Protocol, SocketAcceptorService> > acceptor,
ssl::context& context,
bool fUseSSL,
AcceptedConnection* conn,
const boost::system::error_code& error);
/**
* Sets up I/O resources to accept and handle a new connection.
*/
template <typename Protocol, typename SocketAcceptorService>
static void RPCListen(boost::shared_ptr< basic_socket_acceptor<Protocol, SocketAcceptorService> > acceptor,
ssl::context& context,
const bool fUseSSL)
{
// Accept connection
AcceptedConnectionImpl<Protocol>* conn = new AcceptedConnectionImpl<Protocol>(acceptor->get_io_service(), context, fUseSSL);
acceptor->async_accept(
conn->sslStream.lowest_layer(),
conn->peer,
boost::bind(&RPCAcceptHandler<Protocol, SocketAcceptorService>,
acceptor,
boost::ref(context),
fUseSSL,
conn,
boost::asio::placeholders::error));
}
/**
* Accept and handle incoming connection.
*/
template <typename Protocol, typename SocketAcceptorService>
static void RPCAcceptHandler(boost::shared_ptr< basic_socket_acceptor<Protocol, SocketAcceptorService> > acceptor,
ssl::context& context,
const bool fUseSSL,
AcceptedConnection* conn,
const boost::system::error_code& error)
{
vnThreadsRunning[THREAD_RPCLISTENER]++;
// Immediately start accepting new connections, except when we're canceled or our socket is closed.
if (error != error::operation_aborted
&& acceptor->is_open())
RPCListen(acceptor, context, fUseSSL);
AcceptedConnectionImpl<ip::tcp>* tcp_conn = dynamic_cast< AcceptedConnectionImpl<ip::tcp>* >(conn);
// TODO: Actually handle errors
if (error)
{
delete conn;
}
// Restrict callers by IP. It is important to
// do this before starting client thread, to filter out
// certain DoS and misbehaving clients.
else if (tcp_conn
&& !ClientAllowed(tcp_conn->peer.address()))
{
// Only send a 403 if we're not using SSL to prevent a DoS during the SSL handshake.
if (!fUseSSL)
conn->stream() << HTTPReply(403, "", false) << std::flush;
delete conn;
}
// start HTTP client thread
else if (!CreateThread(ThreadRPCServer3, conn)) {
printf("Failed to create RPC server client thread\n");
delete conn;
}
vnThreadsRunning[THREAD_RPCLISTENER]--;
}
void ThreadRPCServer2(void* parg) void ThreadRPCServer2(void* parg)
{ {
printf("ThreadRPCServer started\n"); printf("ThreadRPCServer started\n");
@ -2704,26 +2830,9 @@ void ThreadRPCServer2(void* parg)
return; return;
} }
bool fUseSSL = GetBoolArg("-rpcssl"); const bool fUseSSL = GetBoolArg("-rpcssl");
asio::ip::address bindAddress = mapArgs.count("-rpcallowip") ? asio::ip::address_v4::any() : asio::ip::address_v4::loopback();
asio::io_service io_service; asio::io_service io_service;
ip::tcp::endpoint endpoint(bindAddress, GetArg("-rpcport", 8332));
ip::tcp::acceptor acceptor(io_service);
try
{
acceptor.open(endpoint.protocol());
acceptor.set_option(boost::asio::ip::tcp::acceptor::reuse_address(true));
acceptor.bind(endpoint);
acceptor.listen(socket_base::max_connections);
}
catch(boost::system::system_error &e)
{
uiInterface.ThreadSafeMessageBox(strprintf(_("An error occured while setting up the RPC port %i for listening: %s"), endpoint.port(), e.what()),
_("Error"), CClientUIInterface::OK | CClientUIInterface::MODAL);
StartShutdown();
return;
}
ssl::context context(io_service, ssl::context::sslv23); ssl::context context(io_service, ssl::context::sslv23);
if (fUseSSL) if (fUseSSL)
@ -2744,39 +2853,60 @@ void ThreadRPCServer2(void* parg)
SSL_CTX_set_cipher_list(context.impl(), strCiphers.c_str()); SSL_CTX_set_cipher_list(context.impl(), strCiphers.c_str());
} }
loop // Try a dual IPv6/IPv4 socket, falling back to separate IPv4 and IPv6 sockets
const bool loopback = !mapArgs.count("-rpcallowip");
asio::ip::address bindAddress = loopback ? asio::ip::address_v6::loopback() : asio::ip::address_v6::any();
ip::tcp::endpoint endpoint(bindAddress, GetArg("-rpcport", 8332));
try
{ {
// Accept connection boost::shared_ptr<ip::tcp::acceptor> acceptor(new ip::tcp::acceptor(io_service));
AcceptedConnection *conn = acceptor->open(endpoint.protocol());
new AcceptedConnection(io_service, context, fUseSSL); acceptor->set_option(boost::asio::ip::tcp::acceptor::reuse_address(true));
vnThreadsRunning[THREAD_RPCLISTENER]--; // Try making the socket dual IPv6/IPv4 (if listening on the "any" address)
acceptor.accept(conn->sslStream.lowest_layer(), conn->peer); boost::system::error_code v6_only_error;
vnThreadsRunning[THREAD_RPCLISTENER]++; acceptor->set_option(boost::asio::ip::v6_only(loopback), v6_only_error);
if (fShutdown) acceptor->bind(endpoint);
{ acceptor->listen(socket_base::max_connections);
delete conn;
return;
}
// Restrict callers by IP. It is important to RPCListen(acceptor, context, fUseSSL);
// do this before starting client thread, to filter out // Cancel outstanding listen-requests for this acceptor when shutting down
// certain DoS and misbehaving clients. uiInterface.QueueShutdown.connect(signals2::slot<void ()>(
if (!ClientAllowed(conn->peer.address().to_string())) static_cast<void (ip::tcp::acceptor::*)()>(&ip::tcp::acceptor::close), acceptor.get())
{ .track(acceptor));
// Only send a 403 if we're not using SSL to prevent a DoS during the SSL handshake.
if (!fUseSSL)
conn->stream << HTTPReply(403, "", false) << std::flush;
delete conn;
}
// start HTTP client thread // If dual IPv6/IPv4 failed (or we're opening loopback interfaces only), open IPv4 separately
else if (!CreateThread(ThreadRPCServer3, conn)) { if (loopback || v6_only_error)
printf("Failed to create RPC server client thread\n"); {
delete conn; bindAddress = loopback ? asio::ip::address_v4::loopback() : asio::ip::address_v4::any();
endpoint.address(bindAddress);
acceptor.reset(new ip::tcp::acceptor(io_service));
acceptor->open(endpoint.protocol());
acceptor->set_option(boost::asio::ip::tcp::acceptor::reuse_address(true));
acceptor->bind(endpoint);
acceptor->listen(socket_base::max_connections);
RPCListen(acceptor, context, fUseSSL);
// Cancel outstanding listen-requests for this acceptor when shutting down
uiInterface.QueueShutdown.connect(signals2::slot<void ()>(
static_cast<void (ip::tcp::acceptor::*)()>(&ip::tcp::acceptor::close), acceptor.get())
.track(acceptor));
} }
} }
catch(boost::system::system_error &e)
{
uiInterface.ThreadSafeMessageBox(strprintf(_("An error occured while setting up the RPC port %i for listening: %s"), endpoint.port(), e.what()),
_("Error"), CClientUIInterface::OK | CClientUIInterface::MODAL);
StartShutdown();
return;
}
vnThreadsRunning[THREAD_RPCLISTENER]--;
io_service.run();
vnThreadsRunning[THREAD_RPCLISTENER]++;
} }
void ThreadRPCServer3(void* parg) void ThreadRPCServer3(void* parg)
@ -2789,7 +2919,7 @@ void ThreadRPCServer3(void* parg)
loop { loop {
if (fShutdown || !fRun) if (fShutdown || !fRun)
{ {
conn->stream.close(); conn->close();
delete conn; delete conn;
--vnThreadsRunning[THREAD_RPCHANDLER]; --vnThreadsRunning[THREAD_RPCHANDLER];
return; return;
@ -2797,24 +2927,24 @@ void ThreadRPCServer3(void* parg)
map<string, string> mapHeaders; map<string, string> mapHeaders;
string strRequest; string strRequest;
ReadHTTP(conn->stream, mapHeaders, strRequest); ReadHTTP(conn->stream(), mapHeaders, strRequest);
// Check authorization // Check authorization
if (mapHeaders.count("authorization") == 0) if (mapHeaders.count("authorization") == 0)
{ {
conn->stream << HTTPReply(401, "", false) << std::flush; conn->stream() << HTTPReply(401, "", false) << std::flush;
break; break;
} }
if (!HTTPAuthorized(mapHeaders)) if (!HTTPAuthorized(mapHeaders))
{ {
printf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer.address().to_string().c_str()); printf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer_address_to_string().c_str());
/* Deter brute-forcing short passwords. /* Deter brute-forcing short passwords.
If this results in a DOS the user really If this results in a DOS the user really
shouldn't have their RPC port exposed.*/ shouldn't have their RPC port exposed.*/
if (mapArgs["-rpcpassword"].size() < 20) if (mapArgs["-rpcpassword"].size() < 20)
Sleep(250); Sleep(250);
conn->stream << HTTPReply(401, "", false) << std::flush; conn->stream() << HTTPReply(401, "", false) << std::flush;
break; break;
} }
if (mapHeaders["connection"] == "close") if (mapHeaders["connection"] == "close")
@ -2856,16 +2986,16 @@ void ThreadRPCServer3(void* parg)
// Send reply // Send reply
string strReply = JSONRPCReply(result, Value::null, id); string strReply = JSONRPCReply(result, Value::null, id);
conn->stream << HTTPReply(200, strReply, fRun) << std::flush; conn->stream() << HTTPReply(200, strReply, fRun) << std::flush;
} }
catch (Object& objError) catch (Object& objError)
{ {
ErrorReply(conn->stream, objError, id); ErrorReply(conn->stream(), objError, id);
break; break;
} }
catch (std::exception& e) catch (std::exception& e)
{ {
ErrorReply(conn->stream, JSONRPCError(-32700, e.what()), id); ErrorReply(conn->stream(), JSONRPCError(-32700, e.what()), id);
break; break;
} }
} }
@ -2917,9 +3047,9 @@ Object CallRPC(const string& strMethod, const Array& params)
asio::io_service io_service; asio::io_service io_service;
ssl::context context(io_service, ssl::context::sslv23); ssl::context context(io_service, ssl::context::sslv23);
context.set_options(ssl::context::no_sslv2); context.set_options(ssl::context::no_sslv2);
SSLStream sslStream(io_service, context); asio::ssl::stream<asio::ip::tcp::socket> sslStream(io_service, context);
SSLIOStreamDevice d(sslStream, fUseSSL); SSLIOStreamDevice<asio::ip::tcp> d(sslStream, fUseSSL);
iostreams::stream<SSLIOStreamDevice> stream(d); iostreams::stream< SSLIOStreamDevice<asio::ip::tcp> > stream(d);
if (!d.connect(GetArg("-rpcconnect", "127.0.0.1"), GetArg("-rpcport", "8332"))) if (!d.connect(GetArg("-rpcconnect", "127.0.0.1"), GetArg("-rpcport", "8332")))
throw runtime_error("couldn't connect to server"); throw runtime_error("couldn't connect to server");

11
src/init.cpp

@ -9,6 +9,7 @@
#include "init.h" #include "init.h"
#include "util.h" #include "util.h"
#include "ui_interface.h" #include "ui_interface.h"
#include <boost/bind.hpp>
#include <boost/filesystem.hpp> #include <boost/filesystem.hpp>
#include <boost/filesystem/fstream.hpp> #include <boost/filesystem/fstream.hpp>
#include <boost/filesystem/convenience.hpp> #include <boost/filesystem/convenience.hpp>
@ -40,13 +41,8 @@ void ExitTimeout(void* parg)
void StartShutdown() void StartShutdown()
{ {
#ifdef QT_GUI
// ensure we leave the Qt main loop for a clean GUI exit (Shutdown() is called in bitcoin.cpp afterwards) // ensure we leave the Qt main loop for a clean GUI exit (Shutdown() is called in bitcoin.cpp afterwards)
uiInterface.QueueShutdown(); uiInterface.QueueShutdown();
#else
// Without UI, Shutdown() can simply be started in a new thread
CreateThread(Shutdown, NULL);
#endif
} }
void Shutdown(void* parg) void Shutdown(void* parg)
@ -154,6 +150,11 @@ bool AppInit(int argc, char* argv[])
exit(ret); exit(ret);
} }
// Create the shutdown thread when receiving a shutdown signal
boost::signals2::scoped_connection do_stop(
uiInterface.QueueShutdown.connect(boost::bind(
&CreateThread, &Shutdown, static_cast<void*>(0), false)));
fRet = AppInit2(); fRet = AppInit2();
} }
catch (std::exception& e) { catch (std::exception& e) {

2
src/makefile.linux-mingw

@ -39,7 +39,7 @@ ifdef USE_UPNP
DEFS += -DSTATICLIB -DUSE_UPNP=$(USE_UPNP) DEFS += -DSTATICLIB -DUSE_UPNP=$(USE_UPNP)
endif endif
LIBS += -l mingwthrd -l kernel32 -l user32 -l gdi32 -l comdlg32 -l winspool -l winmm -l shell32 -l comctl32 -l ole32 -l oleaut32 -l uuid -l rpcrt4 -l advapi32 -l ws2_32 -l shlwapi LIBS += -l mingwthrd -l kernel32 -l user32 -l gdi32 -l comdlg32 -l winspool -l winmm -l shell32 -l comctl32 -l ole32 -l oleaut32 -l uuid -l rpcrt4 -l advapi32 -l ws2_32 -l mswsock -l shlwapi
# TODO: make the mingw builds smarter about dependencies, like the linux/osx builds are # TODO: make the mingw builds smarter about dependencies, like the linux/osx builds are
HEADERS = $(wildcard *.h) HEADERS = $(wildcard *.h)

2
src/makefile.mingw

@ -36,7 +36,7 @@ ifdef USE_UPNP
DEFS += -DSTATICLIB -DUSE_UPNP=$(USE_UPNP) DEFS += -DSTATICLIB -DUSE_UPNP=$(USE_UPNP)
endif endif
LIBS += -l kernel32 -l user32 -l gdi32 -l comdlg32 -l winspool -l winmm -l shell32 -l comctl32 -l ole32 -l oleaut32 -l uuid -l rpcrt4 -l advapi32 -l ws2_32 -l shlwapi LIBS += -l kernel32 -l user32 -l gdi32 -l comdlg32 -l winspool -l winmm -l shell32 -l comctl32 -l ole32 -l oleaut32 -l uuid -l rpcrt4 -l advapi32 -l ws2_32 -l mswsock -l shlwapi
# TODO: make the mingw builds smarter about dependencies, like the linux/osx builds are # TODO: make the mingw builds smarter about dependencies, like the linux/osx builds are
HEADERS = $(wildcard *.h) HEADERS = $(wildcard *.h)

Loading…
Cancel
Save