Ignore getaddr messages on Outbound connections.

The only time when a client sends a "getaddr" message is when he esatblishes an Outbound connection (see ProcessMessage() in src/main.cpp). Another bitcoin client is expected to receive a "getaddr" message only on Inbound connection. Ignoring "gettaddr" requests on Outbound connections can resolve potential privacy issues (and as was said such request normally do not happen anyway). Rebased-From: dca799e Github-Pull: #5442
viacoin · Mar 9, 2015 · 200f293 · 200f293
1 parent d5d8998
commit 200f293
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/main.cpp b/src/main.cpp
@@ -3976,7 +3976,12 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
     }
 
 
-    else if (strCommand == "getaddr")
+    // This asymmetric behavior for inbound and outbound connections was introduced
+    // to prevent a fingerprinting attack: an attacker can send specific fake addresses
+    // to users' AddrMan and later request them by sending getaddr messages. 
+    // Making users (which are behind NAT and can only make outgoing connections) ignore 
+    // getaddr message mitigates the attack.
+    else if ((strCommand == "getaddr") && (pfrom->fInbound))
     {
         pfrom->vAddrToSend.clear();
         vector<CAddress> vAddr = addrman.GetAddr();