diff --git a/configure.ac b/configure.ac index 7a3052a47..3b7dad1c7 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl require autoconf 2.60 (AS_ECHO/AS_ECHO_N) AC_PREREQ([2.60]) define(_CLIENT_VERSION_MAJOR, 4) define(_CLIENT_VERSION_MINOR, 7) -define(_CLIENT_VERSION_REVISION, 2) +define(_CLIENT_VERSION_REVISION, 3) define(_CLIENT_VERSION_BUILD, 0) define(_CLIENT_VERSION_IS_RELEASE, true) define(_CLIENT_BUILD_IS_TEST_RELEASE, false) diff --git a/doc/Doxyfile b/doc/Doxyfile index ef78f94b5..723bb2a6e 100755 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -34,7 +34,7 @@ PROJECT_NAME = NavCoin # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 4.7.2 +PROJECT_NUMBER = 4.7.3 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer diff --git a/doc/release-notes/release-notes-4.7.3.md b/doc/release-notes/release-notes-4.7.3.md new file mode 100644 index 000000000..2d504f3c2 --- /dev/null +++ b/doc/release-notes/release-notes-4.7.3.md @@ -0,0 +1,34 @@ +# NavCoin v4.7.3 Release Notes + +## Anti Header Spam v2 + +<[Pull Request 656](https://github.com/navcoin/navcoin-core/pull/656)> +<[Commit 5f11875](https://github.com/navcoin/navcoin-core/commit/5f118753a1900241e9cf8ea38281e4fe75cfeae8)> + +Introduces a new anti header spam system which improves the previous implementation and addresses the art-of-bug reports. + +Features: + +- Every time a header or block is received from another peer, its hash is added to a `points` list associated with the peer. +- Peers are discerned by their ip address, this means peers sharing ip address will also share the same `points` list. This can be changed with `-headerspamfilterignoreport` (default: `true`). +- Before proceeding with the block or headers validation, the `points` list will be cleared removing all the hashes of blocks whose scripts have already been correctly validated. +- The peer is banned if the size of the `points` list is greater than `MAX_HEADERS_RESULTS*2` once cleared of already validated blocks. +- The maximum allowed size of the `points` list can be changed using the `-headerspamfiltermaxsize` parameter. +- The log category `headerspam` has been added, which prints to the log the current size of a peers `points` list. +- When `-debug=bench` is specified, execution time for the `updateState` function is logged. + +#### Considerations + +- The maximum size of the `points` list by default is 4,000. With a block time of 30 seconds, NavCoin sees an average of 2,880 blocks per day. A maximum value of 4000 is roughly one and a half times more than the count of blocks a peer needs to be behind the chain tip to be in Initial Block Download mode. When on IBD, the header spam filter is turned off. This ensures that normal synchronisation is not affected by this filter. +- An attacker would be able to exhaust 32 bytes from the hash inserted in the `points` list + 181 bytes from the `CBlockIndex` inserted in `mapBlockIndex` for every invalid header/block before being banned. The `points` list is cleared when the attacker is banned, but those headers are not removed from `mapBlockIndex` or the hard disk in the current implementation. The size of CBlockIndex has been measured with: +```c++ + CBlockIndex* pindex = new CBlockIndex(); + CDataStream ssPeers(SER_DISK, CLIENT_VERSION); + ss << CDiskBlockIndex(pindex); + std::vectorvch(ss.begin(), ss.end()); + std::cout << to_string(vch.size()) << std::endl; +``` +- The default maximum value means that a single malicious peer with a unique IP can exhaust at max `3,999*213=831 kilobytes` without being banned or `4,000*181=707 kilobytes` being banned. + +For additional information about new features, check [https://navcoin.org/en/notices/](https://navcoin.org/en/notices/) + diff --git a/src/clientversion.h b/src/clientversion.h index b319a1e4f..79fd19280 100644 --- a/src/clientversion.h +++ b/src/clientversion.h @@ -16,7 +16,7 @@ //! These need to be macros, as clientversion.cpp's and navcoin*-res.rc's voodoo requires it #define CLIENT_VERSION_MAJOR 4 #define CLIENT_VERSION_MINOR 7 -#define CLIENT_VERSION_REVISION 2 +#define CLIENT_VERSION_REVISION 3 #define CLIENT_VERSION_BUILD 0 //! Set to true for release, false for prerelease or test build