-
Notifications
You must be signed in to change notification settings - Fork 35.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
174af33 util: Add inotify_rm_watch to syscall sandbox (AllowFileSystem) (Hennadii Stepanov) ded10fe build: Fix Boost.Process test for Boost 1.78 (Hennadii Stepanov) 26c2f23 build: Fix Boost.Process detection on macOS arm64 (Hennadii Stepanov) 85f85c7 util: add linkat to syscall sandbox (AllowFileSystem) (fanquake) eaa0419 contrib: fix signet miner (sighash mismatch) (Sebastian Falbesoner) 235b042 rpc: Exclude descriptor when address is excluded (MarcoFalke) b05a59b ci: Temporarily use clang-13 to work around clang-14 TSan bug (MarcoFalke) 65b9667 doc, init: add links to doc/cjdns.md (Jon Atack) 7a553d4 doc: update i2p.md with cjdns, improve local addresses section (Jon Atack) 4148396 doc: update tor.md with cjdns and getnodeaddresses, fix tor grep, (Jon Atack) 4690e8a doc: create initial doc/cjdns.md for cjdns how-to documentation (Jon Atack) 5d24f61 Clarify in -maxtimeadjustment that only outbound peers influence time data (Jon Atack) b1646f1 test: set segwit height back to 0 on regtest (Martin Zumsande) ef6a37b rpc: rename getdeploymentinfo status-next to status_next (Jon Atack) 2a6fcf9 init, doc: improve -onlynet help and tor/i2p documentation (Jon Atack) Pull request description: Backport the following to 23.x: - #24468 - #24528 - #24527 - #24609 - #24555 - #24663 - #24572 - #24636 - #24553 - #24659 - #24521 - #24523 - #24690 - #24710 Possibly also: - #24579 - #24691 ACKs for top commit: laanwj: List-of-commits ACK 174af33, I think we should merge this and move forward with rc3.. hebasto: ACK 174af33 Tree-SHA512: 5a493e1652b780b527767d6ca9e67012abd2fa5573496e85e0d8aa4bed3eb332bfcd72610b8dfb954ff274d42450623233c96c479de2085b9c8344ba5abf1935
- Loading branch information
Showing
17 changed files
with
164 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
# CJDNS support in Bitcoin Core | ||
|
||
It is possible to run Bitcoin Core over CJDNS, an encrypted IPv6 network that | ||
uses public-key cryptography for address allocation and a distributed hash table | ||
for routing. | ||
|
||
## What is CJDNS? | ||
|
||
CJDNS is like a distributed, shared VPN with multiple entry points where every | ||
participant can reach any other participant. All participants use addresses from | ||
the `fc00::/8` network (reserved IPv6 range). Installation and configuration is | ||
done outside of Bitcoin Core, similarly to a VPN (either in the host/OS or on | ||
the network router). | ||
|
||
Compared to IPv4/IPv6, CJDNS provides end-to-end encryption and protects nodes | ||
from traffic analysis and filtering. | ||
|
||
Used with Tor and I2P, CJDNS is a complementary option that can enhance network | ||
redundancy and robustness for both the Bitcoin network and individual nodes. | ||
|
||
Each network has different characteristics. For instance, Tor is widely used but | ||
somewhat centralized. I2P connections have a source address and I2P is slow. | ||
CJDNS is fast but does not hide the sender and the recipient from intermediate | ||
routers. | ||
|
||
## Installing CJDNS and connecting to the network | ||
|
||
To install and set up CJDNS, follow the instructions at | ||
https://github.com/cjdelisle/cjdns#cjdns. | ||
|
||
Don't skip steps | ||
["2. Find a friend"](https://github.com/cjdelisle/cjdns#2-find-a-friend) and | ||
["3. Connect your node to your friend's | ||
node"](https://github.com/cjdelisle/cjdns#3-connect-your-node-to-your-friends-node). | ||
You need to be connected to the CJDNS network before it will work with your | ||
Bitcoin Core node. | ||
|
||
Typically, CJDNS might be launched from its directory with | ||
`sudo ./cjdroute < cjdroute.conf` and it sheds permissions after setting up the | ||
[TUN](https://en.wikipedia.org/wiki/TUN/TAP) interface. You may also [launch it as an | ||
unprivileged user](https://github.com/cjdelisle/cjdns/blob/master/doc/non-root-user.md) | ||
with some additional setup. | ||
|
||
The network connection can be checked by running `./tools/peerStats` from the | ||
CJDNS directory. | ||
|
||
## Run Bitcoin Core with CJDNS | ||
|
||
Once you are connected to the CJDNS network, the following Bitcoin Core | ||
configuration option makes CJDNS peers automatically reachable: | ||
|
||
``` | ||
-cjdnsreachable | ||
``` | ||
|
||
When enabled, this option tells Bitcoin Core that it is running in an | ||
environment where a connection to an `fc00::/8` address will be to the CJDNS | ||
network instead of to an [RFC4193](https://datatracker.ietf.org/doc/html/rfc4193) | ||
IPv6 local network. This helps Bitcoin Core perform better address management: | ||
- Your node can consider incoming `fc00::/8` connections to be from the CJDNS | ||
network rather than from an IPv6 private one. | ||
- If one of your node's local addresses is `fc00::/8`, then it can choose to | ||
gossip that address to peers. | ||
|
||
## Additional configuration options related to CJDNS | ||
|
||
``` | ||
-onlynet=cjdns | ||
``` | ||
|
||
Make automatic outbound connections only to CJDNS addresses. Inbound and manual | ||
connections are not affected by this option. It can be specified multiple times | ||
to allow multiple networks, e.g. onlynet=cjdns, onlynet=i2p, onlynet=onion. | ||
|
||
CJDNS support was added to Bitcoin Core in version 23.0 and there may be fewer | ||
CJDNS peers than Tor or IP ones. You can use `bitcoin-cli -addrinfo` to see the | ||
number of CJDNS addresses known to your node. | ||
|
||
In general, a node can be run with both an onion service and CJDNS (or any/all | ||
of IPv4/IPv6/onion/I2P/CJDNS), which can provide a potential fallback if one of | ||
the networks has issues. There are a number of ways to configure this; see | ||
[doc/tor.md](https://github.com/bitcoin/bitcoin/blob/master/doc/tor.md) for | ||
details. | ||
|
||
## CJDNS-related information in Bitcoin Core | ||
|
||
There are several ways to see your CJDNS address in Bitcoin Core: | ||
- in the "Local addresses" output of CLI `-netinfo` | ||
- in the "localaddresses" output of RPC `getnetworkinfo` | ||
|
||
To see which CJDNS peers your node is connected to, use `bitcoin-cli -netinfo 4` | ||
or the `getpeerinfo` RPC (i.e. `bitcoin-cli getpeerinfo`). | ||
|
||
To see which CJDNS addresses your node knows, use the `getnodeaddresses 0 cjdns` | ||
RPC. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.