From 79bb549748fb55556922ddde6064dda270912324 Mon Sep 17 00:00:00 2001 From: UdjinM6 Date: Fri, 27 Mar 2026 15:50:41 +0300 Subject: [PATCH 1/3] fix: Guard mnauth by local masternode service Co-authored-by: OpenAI Codex --- src/evo/mnauth.cpp | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/evo/mnauth.cpp b/src/evo/mnauth.cpp index d724e30e5807..4f54135ca1f3 100644 --- a/src/evo/mnauth.cpp +++ b/src/evo/mnauth.cpp @@ -19,9 +19,21 @@ void CMNAuth::PushMNAUTH(CNode& peer, CConnman& connman, const CActiveMasternodeManager& mn_activeman) { CMNAuth mnauth; - if (mn_activeman.GetProTxHash().IsNull()) { + const uint256 pro_tx_hash{mn_activeman.GetProTxHash()}; + if (pro_tx_hash.IsNull()) { return; } + if (peer.IsInboundConn()) { + const CService expected_service{mn_activeman.GetService()}; + const CService connected_service{static_cast(peer.addrBind)}; + if (expected_service != connected_service) { + LogPrint(BCLog::NET_NETCONN, /* Continued */ + "CMNAuth::%s -- Not sending MNAUTH on unexpected local service, expected=%s, connected=%s, " + "peer=%d\n", + __func__, expected_service.ToStringAddrPort(), connected_service.ToStringAddrPort(), peer.GetId()); + return; + } + } const auto receivedMNAuthChallenge = peer.GetReceivedMNAuthChallenge(); if (receivedMNAuthChallenge.IsNull()) { @@ -39,7 +51,7 @@ void CMNAuth::PushMNAUTH(CNode& peer, CConnman& connman, const CActiveMasternode } const uint256 signHash{::SerializeHash(std::make_tuple(mn_activeman.GetPubKey(), receivedMNAuthChallenge, peer.IsInboundConn(), nOurNodeVersion))}; - mnauth.proRegTxHash = mn_activeman.GetProTxHash(); + mnauth.proRegTxHash = pro_tx_hash; // all clients uses basic BLS mnauth.sig = mn_activeman.Sign(signHash, false); From 20c61390b45956ac7880d39c65a6a58a9a6f7e44 Mon Sep 17 00:00:00 2001 From: UdjinM6 Date: Fri, 27 Mar 2026 15:57:27 +0300 Subject: [PATCH 2/3] test: Add functional test for mnauth service guard Co-authored-by: OpenAI Codex --- test/functional/p2p_mnauth.py | 56 ++++++++++++++++++++++++++++++++++ test/functional/test_runner.py | 2 ++ 2 files changed, 58 insertions(+) create mode 100755 test/functional/p2p_mnauth.py diff --git a/test/functional/p2p_mnauth.py b/test/functional/p2p_mnauth.py new file mode 100755 index 000000000000..61f2816445a0 --- /dev/null +++ b/test/functional/p2p_mnauth.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python3 +# Copyright (c) 2026 The Dash Core developers +# Distributed under the MIT software license, see the accompanying +# file COPYING or http://www.opensource.org/licenses/mit-license.php. + +""" +Test MNAUTH emission on the registered masternode service only. +""" + +from test_framework.test_framework import ( + DashTestFramework, + MasternodeInfo, +) +from test_framework.util import ( + assert_equal, + p2p_port, +) + + +class P2PMNAUTHTest(DashTestFramework): + def add_options(self, parser): + self.add_wallet_options(parser) + + def set_test_params(self): + self.alt_port = p2p_port(10) + self.mn_port = p2p_port(2) + self.set_dash_test_params(3, 1, extra_args=[ + [], + [], + [f"-bind=127.0.0.1:{self.alt_port}", f"-externalip=127.0.0.1:{self.mn_port}"], + ]) + + def run_test(self): + masternode: MasternodeInfo = self.mninfo[0] + masternode_node = masternode.get_node(self) + connector = self.nodes[1] + use_v2transport = self.options.v2transport + + expected_addr = f"127.0.0.1:{masternode.nodePort}" + alternate_addr = f"127.0.0.1:{self.alt_port}" + + self.wait_until(lambda: masternode_node.masternode("status")["state"] == "READY") + assert_equal(masternode_node.masternode("status")["service"], expected_addr) + + self.log.info(f"Connect to the registered masternode service over {'v2' if use_v2transport else 'v1'} and expect MNAUTH") + with connector.assert_debug_log([f"Masternode probe successful for {masternode.proTxHash}"]): + assert_equal(connector.masternode("connect", expected_addr, use_v2transport), "successfully connected") + + self.log.info(f"Connect to the alternate bind over {'v2' if use_v2transport else 'v1'} and expect no MNAUTH") + with masternode_node.assert_debug_log(["Not sending MNAUTH on unexpected local service"]): + with connector.assert_debug_log(["connection is a masternode probe but first received message is not MNAUTH"]): + assert_equal(connector.masternode("connect", alternate_addr, use_v2transport), "successfully connected") + + +if __name__ == '__main__': + P2PMNAUTHTest().main() diff --git a/test/functional/test_runner.py b/test/functional/test_runner.py index 3b5375eb83cd..203711b51a72 100755 --- a/test/functional/test_runner.py +++ b/test/functional/test_runner.py @@ -353,6 +353,8 @@ 'p2p_ibd_txrelay.py', 'rpc_coinjoin.py', 'rpc_masternode.py', + 'p2p_mnauth.py --v1transport', + 'p2p_mnauth.py --v2transport', 'rpc_mnauth.py', 'rpc_verifychainlock.py', 'wallet_create_tx.py --legacy-wallet', From dcf382e834cbd147eb651198ca6c3b2ccd53d7bc Mon Sep 17 00:00:00 2001 From: UdjinM6 Date: Sat, 9 May 2026 18:22:34 +0300 Subject: [PATCH 3/3] fix: refine mnauth guard for NAT inbound while preserving onion privacy The strict `expected_service != connected_service` equality check broke MNAUTH on legitimate inbound for NAT/port-forwarded masternodes, where the advertised service (from `-externalip` / `GetLocal()`) is the public IP but `peer.addrBind` (from `getsockname()`) is the LAN/NIC interface IP. A pure port-only relaxation would in turn leak the masternode's identity over Tor: a hidden service forwarding to a local port matching the registered port would receive an MNAUTH naming the IPv4-registered ProRegTx, linking the .onion to the IPv4 endpoint. Replace the equality check with two conditions that must both hold: the local listening port must match the registered service port (so NAT setups work), and the inbound's `ConnectedThroughNetwork()` must match the registered service's network class (so an IPv4-registered masternode never emits MNAUTH on a Tor-tagged inbound, and vice versa). Tests: - `p2p_mnauth.py`: pass all binds explicitly via `-bind=` so the test no longer depends on the framework's implicit `bind=127.0.0.1` conf entry; on Linux, add a NAT-style sub-test that connects to `127.0.0.2:mn_port` (different loopback address, same port as the advertised service) and expects MNAUTH. - `p2p_mnauth_onion.py` (new): tag the masternode's listener at the registered port with `=onion` so port match is guaranteed and only the network class differs, isolating the network check; verify MNAUTH is suppressed. Co-Authored-By: Claude Opus 4.7 --- src/evo/mnauth.cpp | 3 +- test/functional/p2p_mnauth.py | 29 +++++++++++--- test/functional/p2p_mnauth_onion.py | 61 +++++++++++++++++++++++++++++ test/functional/test_runner.py | 2 + 4 files changed, 89 insertions(+), 6 deletions(-) create mode 100755 test/functional/p2p_mnauth_onion.py diff --git a/src/evo/mnauth.cpp b/src/evo/mnauth.cpp index 4f54135ca1f3..eb0bb572f069 100644 --- a/src/evo/mnauth.cpp +++ b/src/evo/mnauth.cpp @@ -26,7 +26,8 @@ void CMNAuth::PushMNAUTH(CNode& peer, CConnman& connman, const CActiveMasternode if (peer.IsInboundConn()) { const CService expected_service{mn_activeman.GetService()}; const CService connected_service{static_cast(peer.addrBind)}; - if (expected_service != connected_service) { + if (expected_service.GetPort() != connected_service.GetPort() || + expected_service.GetNetwork() != peer.ConnectedThroughNetwork()) { LogPrint(BCLog::NET_NETCONN, /* Continued */ "CMNAuth::%s -- Not sending MNAUTH on unexpected local service, expected=%s, connected=%s, " "peer=%d\n", diff --git a/test/functional/p2p_mnauth.py b/test/functional/p2p_mnauth.py index 61f2816445a0..b09d112e216c 100755 --- a/test/functional/p2p_mnauth.py +++ b/test/functional/p2p_mnauth.py @@ -7,6 +7,8 @@ Test MNAUTH emission on the registered masternode service only. """ +import platform + from test_framework.test_framework import ( DashTestFramework, MasternodeInfo, @@ -22,13 +24,24 @@ def add_options(self, parser): self.add_wallet_options(parser) def set_test_params(self): + # Disable the framework's implicit `bind=127.0.0.1` so all binds for the + # masternode are visible in this file rather than coming from the conf. + self.bind_to_localhost_only = False self.alt_port = p2p_port(10) self.mn_port = p2p_port(2) - self.set_dash_test_params(3, 1, extra_args=[ - [], - [], - [f"-bind=127.0.0.1:{self.alt_port}", f"-externalip=127.0.0.1:{self.mn_port}"], - ]) + # NAT-style variant requires a non-127.0.0.1 loopback bind; only Linux + # routes 127.0.0.0/8 to lo by default. + self.nat_capable = platform.system() == "Linux" + + mn_args = [ + f"-bind=127.0.0.1:{self.mn_port}", + f"-bind=127.0.0.1:{self.alt_port}", + f"-externalip=127.0.0.1:{self.mn_port}", + ] + if self.nat_capable: + mn_args.append(f"-bind=127.0.0.2:{self.mn_port}") + + self.set_dash_test_params(3, 1, extra_args=[[], [], mn_args]) def run_test(self): masternode: MasternodeInfo = self.mninfo[0] @@ -51,6 +64,12 @@ def run_test(self): with connector.assert_debug_log(["connection is a masternode probe but first received message is not MNAUTH"]): assert_equal(connector.masternode("connect", alternate_addr, use_v2transport), "successfully connected") + if self.nat_capable: + nat_addr = f"127.0.0.2:{self.mn_port}" + self.log.info(f"Connect to a different loopback IP on the registered port over {'v2' if use_v2transport else 'v1'} (NAT-style: addrBind address differs from advertised externalip, ports match) and expect MNAUTH") + with connector.assert_debug_log([f"Masternode probe successful for {masternode.proTxHash}"]): + assert_equal(connector.masternode("connect", nat_addr, use_v2transport), "successfully connected") + if __name__ == '__main__': P2PMNAUTHTest().main() diff --git a/test/functional/p2p_mnauth_onion.py b/test/functional/p2p_mnauth_onion.py new file mode 100755 index 000000000000..933c9457e86a --- /dev/null +++ b/test/functional/p2p_mnauth_onion.py @@ -0,0 +1,61 @@ +#!/usr/bin/env python3 +# Copyright (c) 2026 The Dash Core developers +# Distributed under the MIT software license, see the accompanying +# file COPYING or http://www.opensource.org/licenses/mit-license.php. + +""" +Test that MNAUTH is suppressed when an inbound arrives over a different network class +than the masternode's registered service. Specifically: an IPv4-registered masternode +must not emit MNAUTH on a Tor-tagged inbound, even when the local port matches — that +would deanonymize the masternode by linking its onion endpoint to its IPv4 identity. + +Set up: bind the masternode's listener at its registered port with `=onion`, so that any +inbound arriving there is treated by dashd as a Tor connection (m_inbound_onion=true). +Port match is then guaranteed and only the network differs, isolating the network check. +""" + +from test_framework.test_framework import ( + DashTestFramework, + MasternodeInfo, +) +from test_framework.util import ( + assert_equal, + p2p_port, +) + + +class P2PMNAUTHOnionTest(DashTestFramework): + def add_options(self, parser): + self.add_wallet_options(parser) + + def set_test_params(self): + self.bind_to_localhost_only = False + self.mn_port = p2p_port(2) + self.set_dash_test_params(3, 1, extra_args=[ + [], + [], + [ + f"-bind=127.0.0.1:{self.mn_port}=onion", + f"-externalip=127.0.0.1:{self.mn_port}", + ], + ]) + + def run_test(self): + masternode: MasternodeInfo = self.mninfo[0] + masternode_node = masternode.get_node(self) + connector = self.nodes[1] + use_v2transport = self.options.v2transport + + expected_addr = f"127.0.0.1:{masternode.nodePort}" + + self.wait_until(lambda: masternode_node.masternode("status")["state"] == "READY") + assert_equal(masternode_node.masternode("status")["service"], expected_addr) + + self.log.info(f"Probe the MN over {'v2' if use_v2transport else 'v1'} via its onion-tagged listener; ports match, network differs, expect no MNAUTH") + with masternode_node.assert_debug_log(["Not sending MNAUTH on unexpected local service"]): + with connector.assert_debug_log(["connection is a masternode probe but first received message is not MNAUTH"]): + assert_equal(connector.masternode("connect", expected_addr, use_v2transport), "successfully connected") + + +if __name__ == '__main__': + P2PMNAUTHOnionTest().main() diff --git a/test/functional/test_runner.py b/test/functional/test_runner.py index 203711b51a72..5d3ecfd8d942 100755 --- a/test/functional/test_runner.py +++ b/test/functional/test_runner.py @@ -355,6 +355,8 @@ 'rpc_masternode.py', 'p2p_mnauth.py --v1transport', 'p2p_mnauth.py --v2transport', + 'p2p_mnauth_onion.py --v1transport', + 'p2p_mnauth_onion.py --v2transport', 'rpc_mnauth.py', 'rpc_verifychainlock.py', 'wallet_create_tx.py --legacy-wallet',