-
Notifications
You must be signed in to change notification settings - Fork 35.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Binding to multiple anonymous networks (esp. I2P) #2091
Comments
What exactly is missing that you're asking for here? |
editing in your query answer to ticket body. |
There is already distinctive Tor and proxy settings for the socks outbound connections to IP vs Tor networks. externalip is used to set what you announce, and its used as documented. Because of limited address space Bitcoin can not usefully directly address I2P today (so it can realistically only be inbound only for it, which just works) so there is nothing more to do at this time for I2P. I'm not aware of what phantom uses for addressing. Does anyone use it? Can its addresses be conflict free packed into public IPv6 addresses like we can with onion addresses? |
Phantom is in devel/test. It will work with any IPv6 enabled app. So when devs start advertising it it should just work. |
I2P's requires a resolution service, it's not something which we can use to make native connections. (We don't use onioncat itself with tor for all the important performance and privacy reasons, but we do use its addressing). In any case, I think we already do what you're asking for here— except we only have the ability to IP4/6 and Tor/Onion addressed peers right now. We can happily multinet on those. |
Then full support of I2P could be a future bitcoin internal width enhancement since I2P is popular. I think Phantom (and Tor/I2P+OnionCat) will be ok via additional -externalip=6addr arguments for inbound. These are the default /48's used by these nets: I would also doc how to multiple -externalip for now (for .onion, 6addr, 4addr). Users may wish to use OnionCat for whatever purposes, so yes, apps (like bitcoin) |
There is a bitcoin fork that works on I2P, I am not sure what the status of it is, and he has never tried to get the changes upstream: https://bitcointalk.org/index.php?topic=151181.0 |
So, "support" for an external relay network requires:
For Tor, we cheated, by reusing some address space within IPv6 (the onioncat range) as onion IP addresses. This allowed fixing both issues at once, as we already internally and on the P2P network use IPv6 everywhere. I2P and cjdns cannot use this method, as their addresses are too large to fit in IPv6. Garlicat exists for mapping i2p into IPv6, but it requires an external lookup service to convert garlicat addresses to ful I2P addresses. I don't know phantom. If we want to support more types of networks, the first step is probably adding something like a CExtNetAddr, which represents either a CNetAddr or some address in another network. The connection/proxy logic could easily support that. For relaying, such a CExtNetAddr would need to become part of the P2P protocol. Maybe we wish to push for that at some point, but probably together with other improvements like host keys and authenticated connections. |
Note that in addition to being necessary for I2P support, this change will be necessary to migrate to Tor's next-gen onion services (which will have addresses that are the same length as I2P's B32s). |
Nit: Not true (anymore?) - cjdns uses a subset of IPv6 addresses, and bitcoind works fine over it. |
I'm planning to work on a BIP for this. Now that Tor v3 hidden services are becoming more common, I think it's about time to extend the P2P protocol with a new kind of There was some discussion of this in the IRC meeting today: Some additional ideas that came up:
While looking around I found that there was some discussion in the zcash repository about this, but no concrete proposals yet: |
I've made a start with the addrv2 BIP spec here: https://gist.github.com/laanwj/4fe8470881d7b9499eedc48dc9ef1ad1 @str4d it would be awesome if you could have a look some time if the I2P parts make sense. |
Is it possible to also add tor V3 authentication so that attacking tor nodes over p2p becomes infeasible. Currently with V2 there seems to be a lot of attack vectors, adding the native V3 auth would go a long way to preventing any future attack vectors. |
Suggesting that bitcoind be able to bind to multiple anonymous (and regular) networks at once.
Inbound queries would reply out the same bind they were received on.
Outbound initiates/broadcasts might be sent from all binds, or if impossible or out of context, to a specified one.
Goal: Allow one daemon to service all networks [1] at once.
[1] IPv4, IPv6, Tor, I2P, Phantom
Note it should always be made possible option to not bind to '*' (all addresses),
but only to ones supplied.
I'm not certain if -externalip can do this. -discover in doc/Tor.txt says:
'If you want to run a dual stack, reachable from both Tor and IPv4 (or IPv6), you'll need to either pass your other addresses using -externalip'
which implies maybe it can, but offers no syntax. Maybe it is a doc bug.
-externalip=foo.onion (or Tor's OnionCat IPv6 /48)
-externalip=bar.i2p (or I2P's GarliCat IPv6 /48)
-externalip=6addr (.phantom / interpreted from its IPv6 /48 prefix)
-externalip=6addr
-externalip=4addr
Also, since socks context via -proxy breaks down with more than one such anonymous net, there would also need to be:
-tor=host:port (in Tor, in bitcoin)
-i2p=host:port (in I2P, not in bitcoin)
-phantom=host:port (not in Phantom, not in bitcoin)
and maybe
-proxyipv4=host:port
-proxyipv6=host:port
The text was updated successfully, but these errors were encountered: