p2p: add more bad ports #32826

pull jlopp wants to merge 1 commits into bitcoin:master from jlopp:addBadPorts changing 3 files +15 −8
  1. jlopp commented at 5:16 PM on June 29, 2025: contributor

    Add a few more ports used by extremely well adopted services that require authentication and really ought not be used by bitcoin nodes for p2p traffic.

  2. DrahtBot commented at 5:16 PM on June 29, 2025: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32826.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK Sjors, l0rinc, glozow
    Stale ACK kevkevinpal

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  3. jlopp renamed this:
    add more bad p2p ports
    p2p: add more bad ports
    on Jun 29, 2025
  4. DrahtBot added the label P2P on Jun 29, 2025
  5. in src/test/netbase_tests.cpp:607 in 23a7807ec6 outdated 
     602 | @@ -603,14 +603,14 @@ BOOST_AUTO_TEST_CASE(isbadport)
 603 |      BOOST_CHECK(!IsBadPort(443));
 604 |      BOOST_CHECK(!IsBadPort(8333));
 605 |  
 606 | -    // Check all ports, there must be 80 bad ports in total.
 607 | +    // Check all ports, there must be 85 bad ports in total.
    l0rinc commented at 6:39 PM on June 29, 2025:

    instead of updating the comment to match the code (which is the ultimate source of truth anyway), seems like a good opportunity to remove the duplication of the code below - which is already trivial, no need for a dead comment that doesn't add any new info.

  6. in src/netbase.cpp:924 in 23a7807ec6 outdated 
     920 | @@ -921,10 +921,14 @@ bool IsBadPort(uint16_t port)
 921 |      case 1720:  // h323hostcall
 922 |      case 1723:  // pptp
 923 |      case 2049:  // nfs
 924 | +    case 3306:  // MySQL
  7. in src/netbase.cpp:925 in 23a7807ec6 outdated 
     920 | @@ -921,10 +921,14 @@ bool IsBadPort(uint16_t port)
 921 |      case 1720:  // h323hostcall
 922 |      case 1723:  // pptp
 923 |      case 2049:  // nfs
 924 | +    case 3306:  // MySQL
 925 | +    case 3389:  // RDP / Windows Remote Desktop
  8. in src/netbase.cpp:930 in 23a7807ec6 outdated 
     925 | +    case 3389:  // RDP / Windows Remote Desktop
 926 |      case 3659:  // apple-sasl / PasswordServer
 927 |      case 4045:  // lockd
 928 |      case 5060:  // sip
 929 |      case 5061:  // sips
 930 | +    case 5432:  // PostgreSQL
    l0rinc commented at 6:43 PM on June 29, 2025:

    👍 https://www.postgresql.org/docs/current/app-postgres.html

  9. in src/netbase.cpp:931 in 23a7807ec6 outdated 
     926 |      case 3659:  // apple-sasl / PasswordServer
 927 |      case 4045:  // lockd
 928 |      case 5060:  // sip
 929 |      case 5061:  // sips
 930 | +    case 5432:  // PostgreSQL
 931 | +    case 5900:  // VNC
  10. in src/netbase.cpp:941 in 23a7807ec6 outdated 
     937 | @@ -934,6 +938,7 @@ bool IsBadPort(uint16_t port)
 938 |      case 6669:  // Alternate IRC
 939 |      case 6697:  // IRC + TLS
 940 |      case 10080: // Amanda
 941 | +    case 27017: // MongoDB
  11. in src/test/netbase_tests.cpp:613 in 23a7807ec6 outdated 
     610 |          if (IsBadPort(port)) {
 611 |              ++total_bad_ports;
 612 |          }
 613 |      }
 614 | -    BOOST_CHECK_EQUAL(total_bad_ports, 80);
 615 | +    BOOST_CHECK_EQUAL(total_bad_ports, 85);
    l0rinc commented at 6:59 PM on June 29, 2025:

    I was wondering if we could do a more functional approach here, since we already have a few count_if instances - not sure it's better or not, will let you decide, please resolve if you don't think it's a good alternative (assuming integer promotion for max + 1 here):

        using namespace std::ranges;
    auto ports{views::iota(1, std::numeric_limits<uint16_t>::max() + 1)};
    BOOST_CHECK_EQUAL(count_if(ports, IsBadPort), 85);
    jlopp commented at 7:32 PM on June 29, 2025:

    implemented

  12. l0rinc approved
  13. l0rinc commented at 7:05 PM on June 29, 2025: contributor

    ACK 23a7807ec6d35d3ef5b65e4abc3b3841e84b702e

    Verified that these are indeed the default ports and that the docs match the code. Have a miner test suggestion, LGTM otherwise.

  14. in src/test/netbase_tests.cpp:611 in 8716fd2f4a outdated 
     614 | -    BOOST_CHECK_EQUAL(total_bad_ports, 80);
 615 | +    // Check all ports, there must be 85 bad ports in total.
 616 | +    using namespace std::ranges;
 617 | +    std::list<int> ports(std::numeric_limits<uint16_t>::max());
 618 | +    std::iota(ports.begin(), ports.end(), 1);
 619 | +    BOOST_CHECK_EQUAL(count_if(ports, IsBadPort), 85);
    l0rinc commented at 7:35 PM on June 29, 2025:

    might as well inline it now that it's only used once

        BOOST_CHECK_EQUAL(std::ranges::count_if(ports, IsBadPort), 85);
    jlopp commented at 8:05 PM on June 29, 2025:

    done

  15. in src/test/netbase_tests.cpp:608 in 8716fd2f4a outdated 
     612 | -        }
 613 | -    }
 614 | -    BOOST_CHECK_EQUAL(total_bad_ports, 80);
 615 | +    // Check all ports, there must be 85 bad ports in total.
 616 | +    using namespace std::ranges;
 617 | +    std::list<int> ports(std::numeric_limits<uint16_t>::max());
    l0rinc commented at 7:41 PM on June 29, 2025:

    👍, looks like this contains the end as well, no +1 needed. Checked with BOOST_CHECK_EQUAL(std::ranges::count_if(ports, [&](const int i) { return i == std::numeric_limits<uint16_t>::max(); }), 1); to make sure.

    Note though that this is a substantial memory allocation, the previous suggestion was lazy. For the record here's the complete lazy solution I suggested (with fixed imports):

    diff --git a/src/test/netbase_tests.cpp b/src/test/netbase_tests.cpp
index e3bf482873..0404a45c79 100644
--- a/src/test/netbase_tests.cpp
+++ b/src/test/netbase_tests.cpp
@@ -2,6 +2,12 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
+#include <algorithm>
+#include <limits>
+#include <numeric>
+#include <ranges>
+#include <string>
+
 #include <net_permissions.h>
 #include <netaddress.h>
 #include <netbase.h>
@@ -13,12 +19,10 @@
 #include <util/strencodings.h>
 #include <util/translation.h>
 
-#include <string>
-#include <numeric>
-
 #include <boost/test/unit_test.hpp>
 
 using namespace std::literals;
+using namespace std::ranges;
 
 BOOST_FIXTURE_TEST_SUITE(netbase_tests, BasicTestingSetup)
 
@@ -604,10 +608,7 @@ BOOST_AUTO_TEST_CASE(isbadport)
     BOOST_CHECK(!IsBadPort(443));
     BOOST_CHECK(!IsBadPort(8333));
 
-    // Check all ports, there must be 85 bad ports in total.
-    using namespace std::ranges;
-    std::list<int> ports(std::numeric_limits<uint16_t>::max());
-    std::iota(ports.begin(), ports.end(), 1);
+    constexpr auto ports{views::iota(1, std::numeric_limits<uint16_t>::max() + 1)};
     BOOST_CHECK_EQUAL(count_if(ports, IsBadPort), 85);
 }
    hodlinator commented at 10:21 PM on August 9, 2025:

    Got nerd-sniped by this commit using list for no reason and was about to suggest vector<uint16_t> as a better default. But a view is nicer conceptually and slightly nicer on the cache (memory usage difference seems negligible).

    ₿ poop "./build/bin/test_bitcoin_list -t netbase_tests/isbadport" "./build/bin/test_bitcoin_vector16 -t netbase_tests/isbadport"
Benchmark 1 (43 runs): ./build/bin/test_bitcoin_list -t netbase_tests/isbadport
  measurement          mean ± σ            min … max           outliers         delta
  wall_time           117ms ± 1.45ms     117ms …  125ms          2 ( 5%)        0%
  peak_rss           22.6MB ±  154KB    22.3MB … 22.9MB          0 ( 0%)        0%
  cpu_cycles          521M  ± 3.63M      510M  …  527M           1 ( 2%)        0%
  instructions       1.81G  ± 14.3M     1.77G  … 1.83G           0 ( 0%)        0%
  cache_references    957K  ± 28.7K      911K  … 1.01M           0 ( 0%)        0%
  cache_misses        184K  ± 8.55K      172K  …  214K           1 ( 2%)        0%
  branch_misses       164K  ±  702       163K  …  166K           1 ( 2%)        0%
Benchmark 2 (44 runs): ./build/bin/test_bitcoin_vector16 -t netbase_tests/isbadport
  measurement          mean ± σ            min … max           outliers         delta
  wall_time           115ms ±  181us     114ms …  115ms          0 ( 0%)        ⚡-  2.3% ±  0.4%
  peak_rss           22.5MB ±  171KB    22.3MB … 23.1MB          1 ( 2%)          -  0.2% ±  0.3%
  cpu_cycles          513M  ± 2.87M      505M  …  517M           2 ( 5%)        ⚡-  1.6% ±  0.3%
  instructions       1.80G  ± 15.7M     1.74G  … 1.82G           3 ( 7%)          -  0.6% ±  0.4%
  cache_references    684K  ± 35.5K      631K  …  771K           0 ( 0%)        ⚡- 28.5% ±  1.4%
  cache_misses        178K  ± 3.97K      172K  …  190K           1 ( 2%)        ⚡-  3.1% ±  1.5%
  branch_misses       165K  ±  523       163K  …  166K           1 ( 2%)          +  0.4% ±  0.2%

~/bitcoin
₿ poop "./build/bin/test_bitcoin_vector16 -t netbase_tests/isbadport" "./build/bin/test_bitcoin_view -t netbase_tests/isbadport"
Benchmark 1 (44 runs): ./build/bin/test_bitcoin_vector16 -t netbase_tests/isbadport
  measurement          mean ± σ            min … max           outliers         delta
  wall_time           115ms ± 2.52ms     114ms …  131ms          3 ( 7%)        0%
  peak_rss           22.5MB ±  209KB    22.2MB … 23.1MB          4 ( 9%)        0%
  cpu_cycles          512M  ± 3.19M      503M  …  518M           1 ( 2%)        0%
  instructions       1.80G  ± 13.7M     1.74G  … 1.81G           2 ( 5%)        0%
  cache_references    687K  ± 31.7K      633K  …  805K           1 ( 2%)        0%
  cache_misses        179K  ± 3.83K      174K  …  191K           2 ( 5%)        0%
  branch_misses       165K  ±  585       164K  …  166K           1 ( 2%)        0%
Benchmark 2 (44 runs): ./build/bin/test_bitcoin_view -t netbase_tests/isbadport
  measurement          mean ± σ            min … max           outliers         delta
  wall_time           115ms ± 1.19ms     114ms …  122ms          4 ( 9%)          -  0.2% ±  0.7%
  peak_rss           22.5MB ±  241KB    22.1MB … 23.0MB          0 ( 0%)          -  0.1% ±  0.4%
  cpu_cycles          512M  ± 4.47M      492M  …  518M           5 (11%)          +  0.0% ±  0.3%
  instructions       1.78G  ± 47.8M     1.49G  … 1.80G           6 (14%)          -  1.0% ±  0.8%
  cache_references    668K  ± 26.4K      632K  …  726K           0 ( 0%)        ⚡-  2.8% ±  1.8%
  cache_misses        177K  ± 4.16K      167K  …  187K           3 ( 7%)          -  1.0% ±  0.9%
  branch_misses       165K  ±  901       164K  …  168K           4 ( 9%)          +  0.1% ±  0.2%

    I'll see myself out. 🚪🏃

  16. l0rinc commented at 7:55 PM on June 29, 2025: contributor

    ACK 8716fd2f4a00b07426e54a1491af421d6345f708

  17. kevkevinpal commented at 7:58 PM on June 29, 2025: contributor

    ACK 8716fd2

    It makes sense to me to add these ports since they're popular and used. I double-checked the links @l0rinc provided and also did a quick search myself to make sure they were correct

  18. maflcko commented at 6:25 AM on June 30, 2025: member

    Please squash your commits according to https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#squashing-commits

  19. in doc/p2p-bad-ports.md:91 in 8f36e7e5cf outdated 
      86 | @@ -87,10 +87,14 @@ incoming connections.
  87 |      1720:  h323hostcall
  88 |      1723:  pptp
  89 |      2049:  nfs
  90 | +    3306:  MySQL
  91 | +    3389:  RDP / Windows Remote Desktop
    Sjors commented at 8:43 AM on June 30, 2025:

    Trying to connect to (or open( that port sounds like a great way to be flagged as malware / attacker.

  20. jlopp force-pushed on Jun 30, 2025
  21. add more bad p2p ports 6967e8e8ab
  22. jlopp force-pushed on Jun 30, 2025
  23. Sjors commented at 10:41 AM on June 30, 2025: member

    utACK 6967e8e8abbc35ac98e8e3745a8bbed56e77526f

    I checked that the ports make sense.

  24. DrahtBot requested review from l0rinc on Jun 30, 2025
  25. l0rinc approved
  26. l0rinc commented at 11:09 AM on June 30, 2025: contributor

    ACK 6967e8e8abbc35ac98e8e3745a8bbed56e77526f

    Changes since my last review are comment updates and namespace inlines.

    My only remaining concern is the unnecessary heavy memory usage of the test - but it's not a blocker.

  27. bitcoin deleted a comment on Jun 30, 2025
  28. glozow commented at 5:21 PM on June 30, 2025: member

    ACK 6967e8e8abbc35ac98e8e3745a8bbed56e77526f

  29. glozow merged this on Jun 30, 2025
  30. glozow closed this on Jun 30, 2025
  31. jlopp deleted the branch on Jun 30, 2025
  32. fanquake commented at 3:39 PM on July 4, 2025: member

    Backported to 29.x in #32863.

  33. fanquake referenced this in commit 58b1a65ab0 on Jul 4, 2025
  34. luke-jr referenced this in commit 2b9b8b8684 on Jul 17, 2025
  35. glozow referenced this in commit ef380a454c on Jul 18, 2025
  36. stringintech referenced this in commit f19e7819e9 on Jul 19, 2025
  37. alexanderwiederin referenced this in commit 9997c3d993 on Jul 25, 2025
  38. alexanderwiederin referenced this in commit 8d6ebb9c4e on Jul 28, 2025
  39. alexanderwiederin referenced this in commit 533a4585b5 on Jul 28, 2025
Contributors
jloppDrahtBotl0rinchodlinatorkevkevinpalmaflckoSjorsglozowfanquake
Labels
P2P
Linked (view graph)
#32863 [29.x] Backports
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-01 21:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me