Connect handshake v2 messages to the node.

pwojcikdev · clemahieu · commit cff1dbde7f8b · 2023-03-08T15:44:36.000Z
diff --git a/nano/core_test/telemetry.cpp b/nano/core_test/telemetry.cpp
@@ -509,7 +509,8 @@ TEST (telemetry, ongoing_broadcasts)
 	ASSERT_TIMELY (5s, node2.stats.count (nano::stat::type::telemetry, nano::stat::detail::process) >= 3)
 }
 
-TEST (telemetry, mismatched_genesis)
+// TODO: With handshake V2, nodes with mismatched genesis will refuse to connect while setting up the system
+TEST (telemetry, DISABLED_mismatched_genesis)
 {
 	// Only second node will broadcast telemetry
 	nano::test::system system;
diff --git a/nano/lib/stats_enums.hpp b/nano/lib/stats_enums.hpp
@@ -43,6 +43,7 @@ enum class type : uint8_t
 	unchecked,
 	election_scheduler,
 	optimistic_scheduler,
+	handshake,
 
 	_last // Must be the last enum
 };
@@ -53,6 +54,7 @@ enum class detail : uint8_t
 	all = 0,
 
 	// common
+	ok,
 	loop,
 	total,
 	process,
@@ -273,6 +275,11 @@ enum class detail : uint8_t
 	insert_priority_success,
 	erase_oldest,
 
+	// handshake
+	invalid_node_id,
+	missing_cookie,
+	invalid_genesis,
+
 	_last // Must be the last enum
 };
 
diff --git a/nano/node/network.cpp b/nano/node/network.cpp
@@ -759,6 +759,68 @@ void nano::network::exclude (std::shared_ptr<nano::transport::channel> const & c
 	erase (*channel);
 }
 
+bool nano::network::verify_handshake_response (const nano::node_id_handshake::response_payload & response, const nano::endpoint & remote_endpoint)
+{
+	// Prevent connection with ourselves
+	if (response.node_id == node.node_id.pub)
+	{
+		node.stats.inc (nano::stat::type::handshake, nano::stat::detail::invalid_node_id);
+		return false; // Fail
+	}
+
+	// Prevent mismatched genesis
+	if (response.v2 && response.v2->genesis != node.network_params.ledger.genesis->hash ())
+	{
+		node.stats.inc (nano::stat::type::handshake, nano::stat::detail::invalid_genesis);
+		return false; // Fail
+	}
+
+	auto cookie = syn_cookies.cookie (remote_endpoint);
+	if (!cookie)
+	{
+		node.stats.inc (nano::stat::type::handshake, nano::stat::detail::missing_cookie);
+		return false; // Fail
+	}
+
+	if (!response.validate (*cookie))
+	{
+		node.stats.inc (nano::stat::type::handshake, nano::stat::detail::invalid_signature);
+		return false; // Fail
+	}
+
+	node.stats.inc (nano::stat::type::handshake, nano::stat::detail::ok);
+	return true; // OK
+}
+
+std::optional<nano::node_id_handshake::query_payload> nano::network::prepare_handshake_query (const nano::endpoint & remote_endpoint)
+{
+	if (auto cookie = syn_cookies.assign (remote_endpoint); cookie)
+	{
+		nano::node_id_handshake::query_payload query{ *cookie };
+		return query;
+	}
+	return std::nullopt;
+}
+
+nano::node_id_handshake::response_payload nano::network::prepare_handshake_response (const nano::node_id_handshake::query_payload & query, bool v2) const
+{
+	nano::node_id_handshake::response_payload response{};
+	response.node_id = node.node_id.pub;
+	if (v2)
+	{
+		nano::node_id_handshake::response_payload::v2_payload response_v2{};
+		response_v2.salt = nano::random_pool::generate<uint256_union> ();
+		response_v2.genesis = node.network_params.ledger.genesis->hash ();
+		response.v2 = response_v2;
+	}
+	response.sign (query.cookie, node.node_id);
+	return response;
+}
+
+/*
+ * tcp_message_manager
+ */
+
 nano::tcp_message_manager::tcp_message_manager (unsigned incoming_connections_max_a) :
 	max_entries (incoming_connections_max_a * nano::tcp_message_manager::max_entries_per_connection + 1)
 {
diff --git a/nano/node/network.hpp b/nano/node/network.hpp
@@ -128,6 +128,11 @@ class network final
 	/** Disconnects and adds peer to exclusion list */
 	void exclude (std::shared_ptr<nano::transport::channel> const & channel);
 
+	/** Verifies that handshake response matches our query. @returns true if OK */
+	bool verify_handshake_response (nano::node_id_handshake::response_payload const & response, nano::endpoint const & remote_endpoint);
+	std::optional<nano::node_id_handshake::query_payload> prepare_handshake_query (nano::endpoint const & remote_endpoint);
+	nano::node_id_handshake::response_payload prepare_handshake_response (nano::node_id_handshake::query_payload const & query, bool v2) const;
+
 	static std::string to_string (nano::networks);
 
 private:
diff --git a/nano/node/transport/socket.hpp b/nano/node/transport/socket.hpp
@@ -40,6 +40,7 @@ class socket : public std::enable_shared_from_this<nano::transport::socket>
 {
 	friend class server_socket;
 	friend class tcp_server;
+	friend class tcp_channels;
 
 public:
 	enum class type_t
diff --git a/nano/node/transport/tcp.cpp b/nano/node/transport/tcp.cpp
@@ -1,5 +1,6 @@
 #include <nano/lib/stats.hpp>
 #include <nano/node/node.hpp>
+#include <nano/node/transport/message_deserializer.hpp>
 #include <nano/node/transport/tcp.hpp>
 
 #include <boost/format.hpp>
@@ -544,14 +545,7 @@ void nano::transport::tcp_channels::start_tcp (nano::endpoint const & endpoint_a
 			if (!ec && channel)
 			{
 				// TCP node ID handshake
-
-				std::optional<nano::node_id_handshake::query_payload> query;
-				if (auto cookie = node_l->network.syn_cookies.assign (endpoint_a); cookie)
-				{
-					nano::node_id_handshake::query_payload pld{ *cookie };
-					query = pld;
-				}
-
+				auto query = node_l->network.prepare_handshake_query (endpoint_a);
 				nano::node_id_handshake message{ node_l->network_params.network, query };
 
 				if (node_l->config.logging.network_node_id_handshake_logging ())
@@ -619,7 +613,12 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n
 		}
 	};
 
-	socket_l->async_read (receive_buffer_a, 8 + sizeof (nano::account) + sizeof (nano::account) + sizeof (nano::signature), [node_w, channel_a, endpoint_a, receive_buffer_a, cleanup_node_id_handshake_socket] (boost::system::error_code const & ec, std::size_t size_a) {
+	auto message_deserializer = std::make_shared<nano::transport::message_deserializer> (node.network_params.network, node.network.publish_filter, node.block_uniquer, node.vote_uniquer,
+	[socket_l] (std::shared_ptr<std::vector<uint8_t>> const & data_a, size_t size_a, std::function<void (boost::system::error_code const &, std::size_t)> callback_a) {
+		debug_assert (socket_l != nullptr);
+		socket_l->read_impl (data_a, size_a, callback_a);
+	});
+	message_deserializer->read ([node_w, socket_l, channel_a, endpoint_a, cleanup_node_id_handshake_socket] (boost::system::error_code ec, std::unique_ptr<nano::message> message) {
 		auto node_l = node_w.lock ();
 		if (!node_l)
 		{
@@ -636,10 +635,9 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n
 		}
 		node_l->stats.inc (nano::stat::type::message, nano::stat::detail::node_id_handshake, nano::stat::dir::in);
 		auto error (false);
-		nano::bufferstream stream (receive_buffer_a->data (), size_a);
-		nano::message_header header (error, stream);
+
 		// the header type should in principle be checked after checking the network bytes and the version numbers, I will not change it here since the benefits do not outweight the difficulties
-		if (error || header.type != nano::message_type::node_id_handshake)
+		if (error || message->type () != nano::message_type::node_id_handshake)
 		{
 			if (node_l->config.logging.network_node_id_handshake_logging ())
 			{
@@ -648,10 +646,12 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n
 			cleanup_node_id_handshake_socket (endpoint_a);
 			return;
 		}
-		if (header.network != node_l->network_params.network.current_network || header.version_using < node_l->network_params.network.protocol_version_min)
+		auto & handshake = static_cast<nano::node_id_handshake &> (*message);
+
+		if (message->header.network != node_l->network_params.network.current_network || message->header.version_using < node_l->network_params.network.protocol_version_min)
 		{
 			// error handling, either the networks bytes or the version is wrong
-			if (header.network == node_l->network_params.network.current_network)
+			if (message->header.network == node_l->network_params.network.current_network)
 			{
 				node_l->stats.inc (nano::stat::type::message, nano::stat::detail::invalid_network);
 			}
@@ -668,8 +668,8 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n
 			}
 			return;
 		}
-		nano::node_id_handshake message (error, stream, header);
-		if (error || !message.response || !message.query)
+
+		if (error || !handshake.response || !handshake.query)
 		{
 			if (node_l->config.logging.network_node_id_handshake_logging ())
 			{
@@ -678,15 +678,16 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n
 			cleanup_node_id_handshake_socket (endpoint_a);
 			return;
 		}
-		channel_a->set_network_version (header.version_using);
+		channel_a->set_network_version (handshake.header.version_using);
+
+		debug_assert (handshake.query);
+		debug_assert (handshake.response);
 
-		debug_assert (message.query);
-		debug_assert (message.response);
+		auto const node_id = handshake.response->node_id;
 
-		auto node_id = message.response->node_id;
-		bool process = (!node_l->network.syn_cookies.validate (endpoint_a, node_id, message.response->signature) && node_id != node_l->node_id.pub);
-		if (!process)
+		if (!node_l->network.verify_handshake_response (*handshake.response, endpoint_a))
 		{
+			cleanup_node_id_handshake_socket (endpoint_a);
 			return;
 		}
 
@@ -695,18 +696,20 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n
 		auto existing_channel (node_l->network.tcp_channels.find_node_id (node_id));
 		if (existing_channel && !existing_channel->temporary)
 		{
+			cleanup_node_id_handshake_socket (endpoint_a);
 			return;
 		}
 
 		channel_a->set_node_id (node_id);
 		channel_a->set_last_packet_received (std::chrono::steady_clock::now ());
 
-		nano::node_id_handshake::response_payload response{ node_l->node_id.pub, nano::sign_message (node_l->node_id.prv, node_l->node_id.pub, message.query->cookie) };
+		debug_assert (handshake.query);
+		auto response = node_l->network.prepare_handshake_response (*handshake.query, handshake.is_v2 ());
 		nano::node_id_handshake handshake_response (node_l->network_params.network, std::nullopt, response);
 
 		if (node_l->config.logging.network_node_id_handshake_logging ())
 		{
-			node_l->logger.try_log (boost::str (boost::format ("Node ID handshake response sent with node ID %1% to %2%: query %3%") % node_l->node_id.pub.to_node_id () % endpoint_a % message.query->cookie.to_string ()));
+			node_l->logger.try_log (boost::str (boost::format ("Node ID handshake response sent with node ID %1% to %2%: query %3%") % node_l->node_id.pub.to_node_id () % endpoint_a % handshake.query->cookie.to_string ()));
 		}
 
 		channel_a->send (handshake_response, [node_w, channel_a, endpoint_a, cleanup_node_id_handshake_socket] (boost::system::error_code const & ec, std::size_t size_a) {
diff --git a/nano/node/transport/tcp_server.cpp b/nano/node/transport/tcp_server.cpp
@@ -10,6 +10,10 @@
 
 #include <memory>
 
+/*
+ * tcp_listener
+ */
+
 nano::transport::tcp_listener::tcp_listener (uint16_t port_a, nano::node & node_a) :
 	node (node_a),
 	port (port_a)
@@ -123,6 +127,10 @@ std::unique_ptr<nano::container_info_component> nano::transport::collect_contain
 	return composite;
 }
 
+/*
+ * tcp_server
+ */
+
 nano::transport::tcp_server::tcp_server (std::shared_ptr<nano::transport::socket> socket_a, std::shared_ptr<nano::node> node_a, bool allow_bootstrap_a) :
 	socket{ std::move (socket_a) },
 	node{ std::move (node_a) },
@@ -315,6 +323,7 @@ void nano::transport::tcp_server::handshake_message_visitor::node_id_handshake (
 		{
 			server->node->logger.try_log (boost::str (boost::format ("Disabled realtime TCP for handshake %1%") % server->remote_endpoint));
 		}
+		// Stop invalid handshake
 		server->stop ();
 		return;
 	}
@@ -325,6 +334,7 @@ void nano::transport::tcp_server::handshake_message_visitor::node_id_handshake (
 		{
 			server->node->logger.try_log (boost::str (boost::format ("Detected multiple node_id_handshake query from %1%") % server->remote_endpoint));
 		}
+		// Stop invalid handshake
 		server->stop ();
 		return;
 	}
@@ -338,37 +348,29 @@ void nano::transport::tcp_server::handshake_message_visitor::node_id_handshake (
 
 	if (message.query)
 	{
-		server->send_handshake_response (*message.query);
+		server->send_handshake_response (*message.query, message.is_v2 ());
 	}
 	if (message.response)
 	{
-		nano::account const & node_id = message.response->node_id;
-		if (!server->node->network.syn_cookies.validate (nano::transport::map_tcp_to_endpoint (server->remote_endpoint), node_id, message.response->signature) && node_id != server->node->node_id.pub)
+		if (server->node->network.verify_handshake_response (*message.response, nano::transport::map_tcp_to_endpoint (server->remote_endpoint)))
 		{
-			server->to_realtime_connection (node_id);
+			server->to_realtime_connection (message.response->node_id);
 		}
 		else
 		{
 			// Stop invalid handshake
 			server->stop ();
+			return;
 		}
 	}
 
 	process = true;
 }
 
-void nano::transport::tcp_server::send_handshake_response (nano::node_id_handshake::query_payload const & query)
+void nano::transport::tcp_server::send_handshake_response (nano::node_id_handshake::query_payload const & query, bool v2)
 {
-	nano::node_id_handshake::response_payload response{ node->node_id.pub, nano::sign_message (node->node_id.prv, node->node_id.pub, query.cookie) };
-	debug_assert (!nano::validate_message (response.node_id, query.cookie, response.signature));
-
-	std::optional<nano::node_id_handshake::query_payload> own_query;
-	if (auto own_cookie = node->network.syn_cookies.assign (nano::transport::map_tcp_to_endpoint (remote_endpoint)); own_cookie)
-	{
-		nano::node_id_handshake::query_payload pld{ *own_cookie };
-		own_query = pld;
-	}
-
+	auto response = node->network.prepare_handshake_response (query, v2);
+	auto own_query = node->network.prepare_handshake_query (nano::transport::map_tcp_to_endpoint (remote_endpoint));
 	nano::node_id_handshake handshake_response{ node->network_params.network, own_query, response };
 
 	// TODO: Use channel
diff --git a/nano/node/transport/tcp_server.hpp b/nano/node/transport/tcp_server.hpp
@@ -63,7 +63,7 @@ class tcp_server final : public std::enable_shared_from_this<tcp_server>
 	std::chrono::steady_clock::time_point last_telemetry_req{};
 
 private:
-	void send_handshake_response (nano::node_id_handshake::query_payload const & query);
+	void send_handshake_response (nano::node_id_handshake::query_payload const & query, bool v2);
 
 	void receive_message ();
 	void received_message (std::unique_ptr<nano::message> message);

Original file line number	Diff line number	Diff line change
`@@ -509,7 +509,8 @@ TEST (telemetry, ongoing_broadcasts)`
`509`	`509`	`ASSERT_TIMELY (5s, node2.stats.count (nano::stat::type::telemetry, nano::stat::detail::process) >= 3)`
`510`	`510`	`}`
`511`	`511`
`512`		`-TEST (telemetry, mismatched_genesis)`
	`512`	`+// TODO: With handshake V2, nodes with mismatched genesis will refuse to connect while setting up the system`
	`513`	`+TEST (telemetry, DISABLED_mismatched_genesis)`
`513`	`514`	`{`
`514`	`515`	`// Only second node will broadcast telemetry`
`515`	`516`	`nano::test::system system;`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ class socket : public std::enable_shared_from_this<nano::transport::socket>`
`40`	`40`	`{`
`41`	`41`	`friend class server_socket;`
`42`	`42`	`friend class tcp_server;`
	`43`	`+ friend class tcp_channels;`
`43`	`44`
`44`	`45`	`public:`
`45`	`46`	`enum class type_t`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`#include <nano/lib/stats.hpp>`
`2`	`2`	`#include <nano/node/node.hpp>`
	`3`	`+#include <nano/node/transport/message_deserializer.hpp>`
`3`	`4`	`#include <nano/node/transport/tcp.hpp>`
`4`	`5`
`5`	`6`	`#include <boost/format.hpp>`
`@@ -544,14 +545,7 @@ void nano::transport::tcp_channels::start_tcp (nano::endpoint const & endpoint_a`
`544`	`545`	`if (!ec && channel)`
`545`	`546`	`{`
`546`	`547`	`// TCP node ID handshake`
`547`		`-`
`548`		`- std::optional<nano::node_id_handshake::query_payload> query;`
`549`		`- if (auto cookie = node_l->network.syn_cookies.assign (endpoint_a); cookie)`
`550`		`- {`
`551`		`- nano::node_id_handshake::query_payload pld{ *cookie };`
`552`		`- query = pld;`
`553`		`- }`
`554`		`-`
	`548`	`+ auto query = node_l->network.prepare_handshake_query (endpoint_a);`
`555`	`549`	`nano::node_id_handshake message{ node_l->network_params.network, query };`
`556`	`550`
`557`	`551`	`if (node_l->config.logging.network_node_id_handshake_logging ())`
`@@ -619,7 +613,12 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n`
`619`	`613`	`}`
`620`	`614`	`};`
`621`	`615`
`622`		`- socket_l->async_read (receive_buffer_a, 8 + sizeof (nano::account) + sizeof (nano::account) + sizeof (nano::signature), [node_w, channel_a, endpoint_a, receive_buffer_a, cleanup_node_id_handshake_socket] (boost::system::error_code const & ec, std::size_t size_a) {`
	`616`	`+ auto message_deserializer = std::make_shared<nano::transport::message_deserializer> (node.network_params.network, node.network.publish_filter, node.block_uniquer, node.vote_uniquer,`
	`617`	`+ [socket_l] (std::shared_ptr<std::vector<uint8_t>> const & data_a, size_t size_a, std::function<void (boost::system::error_code const &, std::size_t)> callback_a) {`
	`618`	`+ debug_assert (socket_l != nullptr);`
	`619`	`+ socket_l->read_impl (data_a, size_a, callback_a);`
	`620`	`+ });`
	`621`	`+ message_deserializer->read ([node_w, socket_l, channel_a, endpoint_a, cleanup_node_id_handshake_socket] (boost::system::error_code ec, std::unique_ptr<nano::message> message) {`
`623`	`622`	`auto node_l = node_w.lock ();`
`624`	`623`	`if (!node_l)`
`625`	`624`	`{`
`@@ -636,10 +635,9 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n`
`636`	`635`	`}`
`637`	`636`	`node_l->stats.inc (nano::stat::type::message, nano::stat::detail::node_id_handshake, nano::stat::dir::in);`
`638`	`637`	`auto error (false);`
`639`		`- nano::bufferstream stream (receive_buffer_a->data (), size_a);`
`640`		`- nano::message_header header (error, stream);`
	`638`	`+`
`641`	`639`	`// the header type should in principle be checked after checking the network bytes and the version numbers, I will not change it here since the benefits do not outweight the difficulties`
`642`		`- if (error \|\| header.type != nano::message_type::node_id_handshake)`
	`640`	`+ if (error \|\| message->type () != nano::message_type::node_id_handshake)`
`643`	`641`	`{`
`644`	`642`	`if (node_l->config.logging.network_node_id_handshake_logging ())`
`645`	`643`	`{`
`@@ -648,10 +646,12 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n`
`648`	`646`	`cleanup_node_id_handshake_socket (endpoint_a);`
`649`	`647`	`return;`
`650`	`648`	`}`
`651`		`- if (header.network != node_l->network_params.network.current_network \|\| header.version_using < node_l->network_params.network.protocol_version_min)`
	`649`	`+ auto & handshake = static_cast<nano::node_id_handshake &> (*message);`
	`650`	`+`
	`651`	`+ if (message->header.network != node_l->network_params.network.current_network \|\| message->header.version_using < node_l->network_params.network.protocol_version_min)`
`652`	`652`	`{`
`653`	`653`	`// error handling, either the networks bytes or the version is wrong`
`654`		`- if (header.network == node_l->network_params.network.current_network)`
	`654`	`+ if (message->header.network == node_l->network_params.network.current_network)`
`655`	`655`	`{`
`656`	`656`	`node_l->stats.inc (nano::stat::type::message, nano::stat::detail::invalid_network);`
`657`	`657`	`}`
`@@ -668,8 +668,8 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n`
`668`	`668`	`}`
`669`	`669`	`return;`
`670`	`670`	`}`
`671`		`- nano::node_id_handshake message (error, stream, header);`
`672`		`- if (error \|\| !message.response \|\| !message.query)`
	`671`	`+`
	`672`	`+ if (error \|\| !handshake.response \|\| !handshake.query)`
`673`	`673`	`{`
`674`	`674`	`if (node_l->config.logging.network_node_id_handshake_logging ())`
`675`	`675`	`{`
`@@ -678,15 +678,16 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n`
`678`	`678`	`cleanup_node_id_handshake_socket (endpoint_a);`
`679`	`679`	`return;`
`680`	`680`	`}`
`681`		`- channel_a->set_network_version (header.version_using);`
	`681`	`+ channel_a->set_network_version (handshake.header.version_using);`
	`682`	`+`
	`683`	`+ debug_assert (handshake.query);`
	`684`	`+ debug_assert (handshake.response);`
`682`	`685`
`683`		`- debug_assert (message.query);`
`684`		`- debug_assert (message.response);`
	`686`	`+ auto const node_id = handshake.response->node_id;`
`685`	`687`
`686`		`- auto node_id = message.response->node_id;`
`687`		`- bool process = (!node_l->network.syn_cookies.validate (endpoint_a, node_id, message.response->signature) && node_id != node_l->node_id.pub);`
`688`		`- if (!process)`
	`688`	`+ if (!node_l->network.verify_handshake_response (*handshake.response, endpoint_a))`
`689`	`689`	`{`
	`690`	`+ cleanup_node_id_handshake_socket (endpoint_a);`
`690`	`691`	`return;`
`691`	`692`	`}`
`692`	`693`
`@@ -695,18 +696,20 @@ void nano::transport::tcp_channels::start_tcp_receive_node_id (std::shared_ptr<n`
`695`	`696`	`auto existing_channel (node_l->network.tcp_channels.find_node_id (node_id));`
`696`	`697`	`if (existing_channel && !existing_channel->temporary)`
`697`	`698`	`{`
	`699`	`+ cleanup_node_id_handshake_socket (endpoint_a);`
`698`	`700`	`return;`
`699`	`701`	`}`
`700`	`702`
`701`	`703`	`channel_a->set_node_id (node_id);`
`702`	`704`	`channel_a->set_last_packet_received (std::chrono::steady_clock::now ());`
`703`	`705`
`704`		`- nano::node_id_handshake::response_payload response{ node_l->node_id.pub, nano::sign_message (node_l->node_id.prv, node_l->node_id.pub, message.query->cookie) };`
	`706`	`+ debug_assert (handshake.query);`
	`707`	`+ auto response = node_l->network.prepare_handshake_response (*handshake.query, handshake.is_v2 ());`
`705`	`708`	`nano::node_id_handshake handshake_response (node_l->network_params.network, std::nullopt, response);`
`706`	`709`
`707`	`710`	`if (node_l->config.logging.network_node_id_handshake_logging ())`
`708`	`711`	`{`
`709`		`- node_l->logger.try_log (boost::str (boost::format ("Node ID handshake response sent with node ID %1% to %2%: query %3%") % node_l->node_id.pub.to_node_id () % endpoint_a % message.query->cookie.to_string ()));`
	`712`	`+ node_l->logger.try_log (boost::str (boost::format ("Node ID handshake response sent with node ID %1% to %2%: query %3%") % node_l->node_id.pub.to_node_id () % endpoint_a % handshake.query->cookie.to_string ()));`
`710`	`713`	`}`
`711`	`714`
`712`	`715`	`channel_a->send (handshake_response, [node_w, channel_a, endpoint_a, cleanup_node_id_handshake_socket] (boost::system::error_code const & ec, std::size_t size_a) {`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,10 @@`
`10`	`10`
`11`	`11`	`#include <memory>`
`12`	`12`
	`13`	`+/*`
	`14`	`+ * tcp_listener`
	`15`	`+ */`
	`16`	`+`
`13`	`17`	`nano::transport::tcp_listener::tcp_listener (uint16_t port_a, nano::node & node_a) :`
`14`	`18`	`node (node_a),`
`15`	`19`	`port (port_a)`
`@@ -123,6 +127,10 @@ std::unique_ptr<nano::container_info_component> nano::transport::collect_contain`
`123`	`127`	`return composite;`
`124`	`128`	`}`
`125`	`129`
	`130`	`+/*`
	`131`	`+ * tcp_server`
	`132`	`+ */`
	`133`	`+`
`126`	`134`	`nano::transport::tcp_server::tcp_server (std::shared_ptr<nano::transport::socket> socket_a, std::shared_ptr<nano::node> node_a, bool allow_bootstrap_a) :`
`127`	`135`	`socket{ std::move (socket_a) },`
`128`	`136`	`node{ std::move (node_a) },`
`@@ -315,6 +323,7 @@ void nano::transport::tcp_server::handshake_message_visitor::node_id_handshake (`
`315`	`323`	`{`
`316`	`324`	`server->node->logger.try_log (boost::str (boost::format ("Disabled realtime TCP for handshake %1%") % server->remote_endpoint));`
`317`	`325`	`}`
	`326`	`+ // Stop invalid handshake`
`318`	`327`	`server->stop ();`
`319`	`328`	`return;`
`320`	`329`	`}`
`@@ -325,6 +334,7 @@ void nano::transport::tcp_server::handshake_message_visitor::node_id_handshake (`
`325`	`334`	`{`
`326`	`335`	`server->node->logger.try_log (boost::str (boost::format ("Detected multiple node_id_handshake query from %1%") % server->remote_endpoint));`
`327`	`336`	`}`
	`337`	`+ // Stop invalid handshake`
`328`	`338`	`server->stop ();`
`329`	`339`	`return;`
`330`	`340`	`}`
`@@ -338,37 +348,29 @@ void nano::transport::tcp_server::handshake_message_visitor::node_id_handshake (`
`338`	`348`
`339`	`349`	`if (message.query)`
`340`	`350`	`{`
`341`		`- server->send_handshake_response (*message.query);`
	`351`	`+ server->send_handshake_response (*message.query, message.is_v2 ());`
`342`	`352`	`}`
`343`	`353`	`if (message.response)`
`344`	`354`	`{`
`345`		`- nano::account const & node_id = message.response->node_id;`
`346`		`- if (!server->node->network.syn_cookies.validate (nano::transport::map_tcp_to_endpoint (server->remote_endpoint), node_id, message.response->signature) && node_id != server->node->node_id.pub)`
	`355`	`+ if (server->node->network.verify_handshake_response (*message.response, nano::transport::map_tcp_to_endpoint (server->remote_endpoint)))`
`347`	`356`	`{`
`348`		`- server->to_realtime_connection (node_id);`
	`357`	`+ server->to_realtime_connection (message.response->node_id);`
`349`	`358`	`}`
`350`	`359`	`else`
`351`	`360`	`{`
`352`	`361`	`// Stop invalid handshake`
`353`	`362`	`server->stop ();`
	`363`	`+ return;`
`354`	`364`	`}`
`355`	`365`	`}`
`356`	`366`
`357`	`367`	`process = true;`
`358`	`368`	`}`
`359`	`369`
`360`		`-void nano::transport::tcp_server::send_handshake_response (nano::node_id_handshake::query_payload const & query)`
	`370`	`+void nano::transport::tcp_server::send_handshake_response (nano::node_id_handshake::query_payload const & query, bool v2)`
`361`	`371`	`{`
`362`		`- nano::node_id_handshake::response_payload response{ node->node_id.pub, nano::sign_message (node->node_id.prv, node->node_id.pub, query.cookie) };`
`363`		`- debug_assert (!nano::validate_message (response.node_id, query.cookie, response.signature));`
`364`		`-`
`365`		`- std::optional<nano::node_id_handshake::query_payload> own_query;`
`366`		`- if (auto own_cookie = node->network.syn_cookies.assign (nano::transport::map_tcp_to_endpoint (remote_endpoint)); own_cookie)`
`367`		`- {`
`368`		`- nano::node_id_handshake::query_payload pld{ *own_cookie };`
`369`		`- own_query = pld;`
`370`		`- }`
`371`		`-`
	`372`	`+ auto response = node->network.prepare_handshake_response (query, v2);`
	`373`	`+ auto own_query = node->network.prepare_handshake_query (nano::transport::map_tcp_to_endpoint (remote_endpoint));`
`372`	`374`	`nano::node_id_handshake handshake_response{ node->network_params.network, own_query, response };`
`373`	`375`
`374`	`376`	`// TODO: Use channel`