Mercurial > hg > bitcoin
changeset 3107:1de81d5809ec draft
Merge pull request #457 from muggenhor/async-ipv6-rpc
IPv6 RPC using asynchronously accepted connections
| author | Pieter Wuille <pieter.wuille@gmail.com> |
|---|---|
| date | Wed, 27 Jun 2012 07:48:38 -0700 |
| parents | 54d18c79e5dc (current diff) 5646e3ef1d76 (diff) |
| children | eb9d777d0752 |
| files | bitcoin-qt.pro src/init.cpp |
| diffstat | 5 files changed, 212 insertions(+), 81 deletions(-) [+] |
line wrap: on
line diff
--- a/bitcoin-qt.pro +++ b/bitcoin-qt.pro @@ -307,7 +307,7 @@ macx:BOOST_INCLUDE_PATH = /opt/local/include } -windows:LIBS += -lws2_32 -lshlwapi +windows:LIBS += -lws2_32 -lshlwapi -lmswsock windows:DEFINES += WIN32 windows:RC_FILE = src/qt/res/bitcoin-qt.rc
--- a/src/bitcoinrpc.cpp +++ b/src/bitcoinrpc.cpp @@ -15,14 +15,18 @@ #undef printf #include <boost/asio.hpp> +#include <boost/asio/ip/v6_only.hpp> +#include <boost/bind.hpp> #include <boost/filesystem.hpp> +#include <boost/foreach.hpp> #include <boost/iostreams/concepts.hpp> #include <boost/iostreams/stream.hpp> #include <boost/algorithm/string.hpp> #include <boost/lexical_cast.hpp> #include <boost/asio/ssl.hpp> #include <boost/filesystem/fstream.hpp> -typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> SSLStream; +#include <boost/shared_ptr.hpp> +#include <list> #define printf OutputDebugStringF // MinGW 3.4.5 gets "fatal error: had to relocate PCH" if the json headers are @@ -2579,10 +2583,22 @@ stream << HTTPReply(nStatus, strReply, false) << std::flush; } -bool ClientAllowed(const string& strAddress) +bool ClientAllowed(const boost::asio::ip::address& address) { - if (strAddress == asio::ip::address_v4::loopback().to_string()) + // Make sure that IPv4-compatible and IPv4-mapped IPv6 addresses are treated as IPv4 addresses + if (address.is_v6() + && (address.to_v6().is_v4_compatible() + || address.to_v6().is_v4_mapped())) + return ClientAllowed(address.to_v6().to_v4()); + + if (address == asio::ip::address_v4::loopback() + || address == asio::ip::address_v6::loopback() + || (address.is_v4() + // Chech whether IPv4 addresses match 127.0.0.0/8 (loopback subnet) + && (address.to_v4().to_ulong() & 0xff000000) == 0x7f000000)) return true; + + const string strAddress = address.to_string(); const vector<string>& vAllow = mapMultiArgs["-rpcallowip"]; BOOST_FOREACH(string strAllow, vAllow) if (WildcardMatch(strAddress, strAllow)) @@ -2593,9 +2609,10 @@ // // IOStream device that speaks SSL but can also speak non-SSL // +template <typename Protocol> class SSLIOStreamDevice : public iostreams::device<iostreams::bidirectional> { public: - SSLIOStreamDevice(SSLStream &streamIn, bool fUseSSLIn) : stream(streamIn) + SSLIOStreamDevice(asio::ssl::stream<typename Protocol::socket> &streamIn, bool fUseSSLIn) : stream(streamIn) { fUseSSL = fUseSSLIn; fNeedHandshake = fUseSSLIn; @@ -2639,21 +2656,54 @@ private: bool fNeedHandshake; bool fUseSSL; - SSLStream& stream; + asio::ssl::stream<typename Protocol::socket>& stream; }; class AcceptedConnection { - public: - SSLStream sslStream; - SSLIOStreamDevice d; - iostreams::stream<SSLIOStreamDevice> stream; - - ip::tcp::endpoint peer; - - AcceptedConnection(asio::io_service &io_service, ssl::context &context, - bool fUseSSL) : sslStream(io_service, context), d(sslStream, fUseSSL), - stream(d) { ; } +public: + virtual ~AcceptedConnection() {} + + virtual std::iostream& stream() = 0; + virtual std::string peer_address_to_string() const = 0; + virtual void close() = 0; +}; + +template <typename Protocol> +class AcceptedConnectionImpl : public AcceptedConnection +{ +public: + AcceptedConnectionImpl( + asio::io_service& io_service, + ssl::context &context, + bool fUseSSL) : + sslStream(io_service, context), + _d(sslStream, fUseSSL), + _stream(_d) + { + } + + virtual std::iostream& stream() + { + return _stream; + } + + virtual std::string peer_address_to_string() const + { + return peer.address().to_string(); + } + + virtual void close() + { + _stream.close(); + } + + typename Protocol::endpoint peer; + asio::ssl::stream<typename Protocol::socket> sslStream; + +private: + SSLIOStreamDevice<Protocol> _d; + iostreams::stream< SSLIOStreamDevice<Protocol> > _stream; }; void ThreadRPCServer(void* parg) @@ -2675,6 +2725,82 @@ printf("ThreadRPCServer exited\n"); } +// Forward declaration required for RPCListen +template <typename Protocol, typename SocketAcceptorService> +static void RPCAcceptHandler(boost::shared_ptr< basic_socket_acceptor<Protocol, SocketAcceptorService> > acceptor, + ssl::context& context, + bool fUseSSL, + AcceptedConnection* conn, + const boost::system::error_code& error); + +/** + * Sets up I/O resources to accept and handle a new connection. + */ +template <typename Protocol, typename SocketAcceptorService> +static void RPCListen(boost::shared_ptr< basic_socket_acceptor<Protocol, SocketAcceptorService> > acceptor, + ssl::context& context, + const bool fUseSSL) +{ + // Accept connection + AcceptedConnectionImpl<Protocol>* conn = new AcceptedConnectionImpl<Protocol>(acceptor->get_io_service(), context, fUseSSL); + + acceptor->async_accept( + conn->sslStream.lowest_layer(), + conn->peer, + boost::bind(&RPCAcceptHandler<Protocol, SocketAcceptorService>, + acceptor, + boost::ref(context), + fUseSSL, + conn, + boost::asio::placeholders::error)); +} + +/** + * Accept and handle incoming connection. + */ +template <typename Protocol, typename SocketAcceptorService> +static void RPCAcceptHandler(boost::shared_ptr< basic_socket_acceptor<Protocol, SocketAcceptorService> > acceptor, + ssl::context& context, + const bool fUseSSL, + AcceptedConnection* conn, + const boost::system::error_code& error) +{ + vnThreadsRunning[THREAD_RPCLISTENER]++; + + // Immediately start accepting new connections, except when we're canceled or our socket is closed. + if (error != error::operation_aborted + && acceptor->is_open()) + RPCListen(acceptor, context, fUseSSL); + + AcceptedConnectionImpl<ip::tcp>* tcp_conn = dynamic_cast< AcceptedConnectionImpl<ip::tcp>* >(conn); + + // TODO: Actually handle errors + if (error) + { + delete conn; + } + + // Restrict callers by IP. It is important to + // do this before starting client thread, to filter out + // certain DoS and misbehaving clients. + else if (tcp_conn + && !ClientAllowed(tcp_conn->peer.address())) + { + // Only send a 403 if we're not using SSL to prevent a DoS during the SSL handshake. + if (!fUseSSL) + conn->stream() << HTTPReply(403, "", false) << std::flush; + delete conn; + } + + // start HTTP client thread + else if (!CreateThread(ThreadRPCServer3, conn)) { + printf("Failed to create RPC server client thread\n"); + delete conn; + } + + vnThreadsRunning[THREAD_RPCLISTENER]--; +} + void ThreadRPCServer2(void* parg) { printf("ThreadRPCServer started\n"); @@ -2704,26 +2830,9 @@ return; } - bool fUseSSL = GetBoolArg("-rpcssl"); - asio::ip::address bindAddress = mapArgs.count("-rpcallowip") ? asio::ip::address_v4::any() : asio::ip::address_v4::loopback(); + const bool fUseSSL = GetBoolArg("-rpcssl"); asio::io_service io_service; - ip::tcp::endpoint endpoint(bindAddress, GetArg("-rpcport", 8332)); - ip::tcp::acceptor acceptor(io_service); - try - { - acceptor.open(endpoint.protocol()); - acceptor.set_option(boost::asio::ip::tcp::acceptor::reuse_address(true)); - acceptor.bind(endpoint); - acceptor.listen(socket_base::max_connections); - } - catch(boost::system::system_error &e) - { - uiInterface.ThreadSafeMessageBox(strprintf(_("An error occured while setting up the RPC port %i for listening: %s"), endpoint.port(), e.what()), - _("Error"), CClientUIInterface::OK | CClientUIInterface::MODAL); - StartShutdown(); - return; - } ssl::context context(io_service, ssl::context::sslv23); if (fUseSSL) @@ -2744,39 +2853,60 @@ SSL_CTX_set_cipher_list(context.impl(), strCiphers.c_str()); } - loop + // Try a dual IPv6/IPv4 socket, falling back to separate IPv4 and IPv6 sockets + const bool loopback = !mapArgs.count("-rpcallowip"); + asio::ip::address bindAddress = loopback ? asio::ip::address_v6::loopback() : asio::ip::address_v6::any(); + ip::tcp::endpoint endpoint(bindAddress, GetArg("-rpcport", 8332)); + + try { - // Accept connection - AcceptedConnection *conn = - new AcceptedConnection(io_service, context, fUseSSL); - - vnThreadsRunning[THREAD_RPCLISTENER]--; - acceptor.accept(conn->sslStream.lowest_layer(), conn->peer); - vnThreadsRunning[THREAD_RPCLISTENER]++; - - if (fShutdown) + boost::shared_ptr<ip::tcp::acceptor> acceptor(new ip::tcp::acceptor(io_service)); + acceptor->open(endpoint.protocol()); + acceptor->set_option(boost::asio::ip::tcp::acceptor::reuse_address(true)); + + // Try making the socket dual IPv6/IPv4 (if listening on the "any" address) + boost::system::error_code v6_only_error; + acceptor->set_option(boost::asio::ip::v6_only(loopback), v6_only_error); + + acceptor->bind(endpoint); + acceptor->listen(socket_base::max_connections); + + RPCListen(acceptor, context, fUseSSL); + // Cancel outstanding listen-requests for this acceptor when shutting down + uiInterface.QueueShutdown.connect(signals2::slot<void ()>( + static_cast<void (ip::tcp::acceptor::*)()>(&ip::tcp::acceptor::close), acceptor.get()) + .track(acceptor)); + + // If dual IPv6/IPv4 failed (or we're opening loopback interfaces only), open IPv4 separately + if (loopback || v6_only_error) { - delete conn; - return; - } - - // Restrict callers by IP. It is important to - // do this before starting client thread, to filter out - // certain DoS and misbehaving clients. - if (!ClientAllowed(conn->peer.address().to_string())) - { - // Only send a 403 if we're not using SSL to prevent a DoS during the SSL handshake. - if (!fUseSSL) - conn->stream << HTTPReply(403, "", false) << std::flush; - delete conn; - } - - // start HTTP client thread - else if (!CreateThread(ThreadRPCServer3, conn)) { - printf("Failed to create RPC server client thread\n"); - delete conn; + bindAddress = loopback ? asio::ip::address_v4::loopback() : asio::ip::address_v4::any(); + endpoint.address(bindAddress); + + acceptor.reset(new ip::tcp::acceptor(io_service)); + acceptor->open(endpoint.protocol()); + acceptor->set_option(boost::asio::ip::tcp::acceptor::reuse_address(true)); + acceptor->bind(endpoint); + acceptor->listen(socket_base::max_connections); + + RPCListen(acceptor, context, fUseSSL); + // Cancel outstanding listen-requests for this acceptor when shutting down + uiInterface.QueueShutdown.connect(signals2::slot<void ()>( + static_cast<void (ip::tcp::acceptor::*)()>(&ip::tcp::acceptor::close), acceptor.get()) + .track(acceptor)); } } + catch(boost::system::system_error &e) + { + uiInterface.ThreadSafeMessageBox(strprintf(_("An error occured while setting up the RPC port %i for listening: %s"), endpoint.port(), e.what()), + _("Error"), CClientUIInterface::OK | CClientUIInterface::MODAL); + StartShutdown(); + return; + } + + vnThreadsRunning[THREAD_RPCLISTENER]--; + io_service.run(); + vnThreadsRunning[THREAD_RPCLISTENER]++; } void ThreadRPCServer3(void* parg) @@ -2789,7 +2919,7 @@ loop { if (fShutdown || !fRun) { - conn->stream.close(); + conn->close(); delete conn; --vnThreadsRunning[THREAD_RPCHANDLER]; return; @@ -2797,24 +2927,24 @@ map<string, string> mapHeaders; string strRequest; - ReadHTTP(conn->stream, mapHeaders, strRequest); + ReadHTTP(conn->stream(), mapHeaders, strRequest); // Check authorization if (mapHeaders.count("authorization") == 0) { - conn->stream << HTTPReply(401, "", false) << std::flush; + conn->stream() << HTTPReply(401, "", false) << std::flush; break; } if (!HTTPAuthorized(mapHeaders)) { - printf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer.address().to_string().c_str()); + printf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer_address_to_string().c_str()); /* Deter brute-forcing short passwords. If this results in a DOS the user really shouldn't have their RPC port exposed.*/ if (mapArgs["-rpcpassword"].size() < 20) Sleep(250); - conn->stream << HTTPReply(401, "", false) << std::flush; + conn->stream() << HTTPReply(401, "", false) << std::flush; break; } if (mapHeaders["connection"] == "close") @@ -2856,16 +2986,16 @@ // Send reply string strReply = JSONRPCReply(result, Value::null, id); - conn->stream << HTTPReply(200, strReply, fRun) << std::flush; + conn->stream() << HTTPReply(200, strReply, fRun) << std::flush; } catch (Object& objError) { - ErrorReply(conn->stream, objError, id); + ErrorReply(conn->stream(), objError, id); break; } catch (std::exception& e) { - ErrorReply(conn->stream, JSONRPCError(-32700, e.what()), id); + ErrorReply(conn->stream(), JSONRPCError(-32700, e.what()), id); break; } } @@ -2917,9 +3047,9 @@ asio::io_service io_service; ssl::context context(io_service, ssl::context::sslv23); context.set_options(ssl::context::no_sslv2); - SSLStream sslStream(io_service, context); - SSLIOStreamDevice d(sslStream, fUseSSL); - iostreams::stream<SSLIOStreamDevice> stream(d); + asio::ssl::stream<asio::ip::tcp::socket> sslStream(io_service, context); + SSLIOStreamDevice<asio::ip::tcp> d(sslStream, fUseSSL); + iostreams::stream< SSLIOStreamDevice<asio::ip::tcp> > stream(d); if (!d.connect(GetArg("-rpcconnect", "127.0.0.1"), GetArg("-rpcport", "8332"))) throw runtime_error("couldn't connect to server");
--- a/src/init.cpp +++ b/src/init.cpp @@ -9,6 +9,7 @@ #include "init.h" #include "util.h" #include "ui_interface.h" +#include <boost/bind.hpp> #include <boost/filesystem.hpp> #include <boost/filesystem/fstream.hpp> #include <boost/filesystem/convenience.hpp> @@ -40,13 +41,8 @@ void StartShutdown() { -#ifdef QT_GUI // ensure we leave the Qt main loop for a clean GUI exit (Shutdown() is called in bitcoin.cpp afterwards) uiInterface.QueueShutdown(); -#else - // Without UI, Shutdown() can simply be started in a new thread - CreateThread(Shutdown, NULL); -#endif } void Shutdown(void* parg) @@ -154,6 +150,11 @@ exit(ret); } + // Create the shutdown thread when receiving a shutdown signal + boost::signals2::scoped_connection do_stop( + uiInterface.QueueShutdown.connect(boost::bind( + &CreateThread, &Shutdown, static_cast<void*>(0), false))); + fRet = AppInit2(); } catch (std::exception& e) {
--- a/src/makefile.linux-mingw +++ b/src/makefile.linux-mingw @@ -39,7 +39,7 @@ DEFS += -DSTATICLIB -DUSE_UPNP=$(USE_UPNP) endif -LIBS += -l mingwthrd -l kernel32 -l user32 -l gdi32 -l comdlg32 -l winspool -l winmm -l shell32 -l comctl32 -l ole32 -l oleaut32 -l uuid -l rpcrt4 -l advapi32 -l ws2_32 -l shlwapi +LIBS += -l mingwthrd -l kernel32 -l user32 -l gdi32 -l comdlg32 -l winspool -l winmm -l shell32 -l comctl32 -l ole32 -l oleaut32 -l uuid -l rpcrt4 -l advapi32 -l ws2_32 -l mswsock -l shlwapi # TODO: make the mingw builds smarter about dependencies, like the linux/osx builds are HEADERS = $(wildcard *.h)
--- a/src/makefile.mingw +++ b/src/makefile.mingw @@ -36,7 +36,7 @@ DEFS += -DSTATICLIB -DUSE_UPNP=$(USE_UPNP) endif -LIBS += -l kernel32 -l user32 -l gdi32 -l comdlg32 -l winspool -l winmm -l shell32 -l comctl32 -l ole32 -l oleaut32 -l uuid -l rpcrt4 -l advapi32 -l ws2_32 -l shlwapi +LIBS += -l kernel32 -l user32 -l gdi32 -l comdlg32 -l winspool -l winmm -l shell32 -l comctl32 -l ole32 -l oleaut32 -l uuid -l rpcrt4 -l advapi32 -l ws2_32 -l mswsock -l shlwapi # TODO: make the mingw builds smarter about dependencies, like the linux/osx builds are HEADERS = $(wildcard *.h)