Commits to master since this release
This release focuses on P2P network security: spam/DoS resistance and stronger protection against fake alternative chains. Updating is recommended for all nodes.
Changes in v4.17
Security and hardening:
- P2PServer: new multi-tier, per-address throttle that filters block broadcast spam
- P2PServer: fixed peer ID leaks and made peer ID handling more robust for Tor/I2P connections
- P2PServer: cap the number of incoming localhost connections (10 by default)
- P2PServer: limit the peer list size and harden the per-IP connection limiter (IPv6
/64prefixes and domain names) - P2PServer: don't broadcast oversized or malformed Monero blocks
- SideChain: stricter checks in
is_longer_chain, including detection of alternative chains mined with fake timestamps - Crypto cache: added a maximum size cap to bound memory usage
- JSON RPC: limit the maximum response size
- Throttle "invalid system clock" warnings to reduce log spam
New features:
- Added
--in-peers-localhostcommand line option andinpeers_localhostconsole command to set the maximum number of incoming localhost connections - Added a new "compact unpruned" block broadcast format to further reduce P2P bandwidth usage
Bugfixes:
- Stratum: fixed the INVALID_POW detection logic so valid shares are no longer wrongly rejected by an unstable hardware
- Stratum API: fixed an occasional invalid
current_effortdisplay - Updated BoringSSL to v0.20260616.0 and miniupnp to the latest master, and reduced BoringSSL build bloat
- A lot of other small bugfixes and spelling/grammar cleanups
Before you start mining, create a new wallet and don't use it for anything else but mining for privacy reasons - all wallet addresses are public on P2Pool!
It is strongly recommended to synchronize your system clock before you start mining!
Recommended monerod command line parameters:
./monerod --zmq-pub tcp://127.0.0.1:18083 --out-peers 32 --in-peers 64 --add-priority-node=p2pmd.xmrvsbeast.com:18080 --add-priority-node=nodes.hashvault.pro:18080 --enable-dns-blocklist --enforce-dns-checkpointing
--out-peers 32 --in-peers 64 is needed to (1) have many connections to other nodes and (2) limit incoming connection count because it can grow uncontrollably and cause problems when it goes above 1000 (open files limit in Linux). If your network connection's upload bandwidth is less than 10 Mbit, use --out-peers 8 --in-peers 16 instead.
--add-priority-node=p2pmd.xmrvsbeast.com:18080 --add-priority-node=nodes.hashvault.pro:18080 is needed to have guaranteed good working nodes in your connected peers.
--enable-dns-blocklist is needed to ban known bad nodes
--enforce-dns-checkpointing is needed to combat the selfish mining attempts by malicious actors
Usage:
- Run Monero daemon v0.18.5.0 or newer:
./monerod --zmq-pub tcp://127.0.0.1:18083 --out-peers 32 --in-peers 64 --add-priority-node=p2pmd.xmrvsbeast.com:18080 --add-priority-node=nodes.hashvault.pro:18080 --enforce-dns-checkpointing --enable-dns-blocklist - Run p2pool:
./p2pool --host 127.0.0.1 --wallet YOUR_WALLET_ADDRESS - Start mining to port 3333 on your machine:
./xmrig -o 127.0.0.1:3333 - You can set custom difficulty for your miner to get more accurate stats on P2Pool side:
./xmrig -o 127.0.0.1:3333 -u x+50000(it doesn't affect mining rewards in any way) - To connect another mining rig to your P2Pool node, run
./xmrig -o YOUR_P2POOL_NODE_IP:3333on that mining rig
Antivirus
Some antiviruses and firewalls may flag any Monero-related executables and archives, including P2Pool, as malware. This is because it contains RandomX mining code and therefore is considered as "mining software". To be sure that you downloaded the original binaries, always check SHA256 sums of what you downloaded - a GPG signed list of SHA256 sums is in sha256sums.txt.asc. You can read the instructions on how to do it here: https://www.getmonero.org/resources/user-guides/verification-windows-beginner.html - but to check P2Pool binaries, replace binaryFate's key with the GPG key provided here: