Retain only the most recent time samples

Remembering all time samples makes nTimeOffset slow to respond to
system clock corrections.  For instance, I start my node with a system
clock that's 30 minutes slow and run it for a few days.  During that
time, I accumulate 10,000 offset samples with a median of 1800
seconds.  Now I correct my system clock.  Without this change, my node
must collect another 10,000 samples before nTimeOffset is correct
again.  With this change, I must only accumulate 100 samples to
correct the offset.

Storing unlimited time samples also allows an attacker with many IP
addresses (ex, a large botnet) to perform a memory exhaustion attack
against Bitcoin nodes.  The attacker sends a version message from each
IP to his target, consuming more of the target's memory each time.
Time samples are small, so this attack might be impractical under the
old code, but it's impossible with the new code.

diff --git a/src/util.cpp b/src/util.cpp
index badf43c..2b4169a 100644 (file)
--- a/src/util.cpp
+++ b/src/util.cpp
@@ -30,7 +30,7 @@ string strMiscWarning;
 bool fTestNet = false;
 bool fNoListen = false;
 bool fLogTimestamps = false;
-
+CMedianFilter<int64> vTimeOffsets(200,0);
 
 
 
@@ -940,15 +940,12 @@ void AddTimeData(unsigned int ip, int64 nTime)
         return;
 
     // Add data
-    static vector<int64> vTimeOffsets;
-    if (vTimeOffsets.empty())
-        vTimeOffsets.push_back(0);
-    vTimeOffsets.push_back(nOffsetSample);
-    printf("Added time data, samples %d, offset %+"PRI64d" (%+"PRI64d" minutes)\n", vTimeOffsets.size(), vTimeOffsets.back(), vTimeOffsets.back()/60);
+    vTimeOffsets.input(nOffsetSample);
+    printf("Added time data, samples %d, offset %+"PRI64d" (%+"PRI64d" minutes)\n", vTimeOffsets.size(), nOffsetSample, nOffsetSample/60);
     if (vTimeOffsets.size() >= 5 && vTimeOffsets.size() % 2 == 1)
     {
-        sort(vTimeOffsets.begin(), vTimeOffsets.end());
-        int64 nMedian = vTimeOffsets[vTimeOffsets.size()/2];
+        int64 nMedian = vTimeOffsets.median();
+        std::vector<int64> vSorted = vTimeOffsets.sorted();
         // Only let other nodes change our time by so much
         if (abs64(nMedian) < 70 * 60)
         {
@@ -963,7 +960,7 @@ void AddTimeData(unsigned int ip, int64 nTime)
             {
                 // If nobody has a time different than ours but within 5 minutes of ours, give a warning
                 bool fMatch = false;
-                BOOST_FOREACH(int64 nOffset, vTimeOffsets)
+                BOOST_FOREACH(int64 nOffset, vSorted)
                     if (nOffset != 0 && abs64(nOffset) < 5 * 60)
                         fMatch = true;
 
@@ -978,7 +975,7 @@ void AddTimeData(unsigned int ip, int64 nTime)
             }
         }
         if (fDebug) {
-            BOOST_FOREACH(int64 n, vTimeOffsets)
+            BOOST_FOREACH(int64 n, vSorted)
                 printf("%+"PRI64d"  ", n);
             printf("|  ");
         }

diff --git a/src/util.h b/src/util.h
index 1ef0e6f..0dcd011 100644 (file)
--- a/src/util.h
+++ b/src/util.h
@@ -623,6 +623,16 @@ public:
             return (vSorted[size/2-1] + vSorted[size/2]) / 2;
         }
     }
+
+    int size() const
+    {
+        return vValues.size();
+    }
+
+    std::vector<T> sorted () const
+    {
+        return vSorted;
+    }
 };