UPNP is not disabled when tor-only settings are in effect.

[ghost]

With the following enabled, UPNP should not attempt to open a port at the router for 8333, however in the latest stable the port is uselessly opened. At best it's doing nothing productive, at worst it's just advertising the existence of a bitcoin client.

onlynet=tor
tor=127.0.0.1:9050
discover=0
listen=0

Compiling with USE_UPNP=- works as a temporary solution, but is by no means ideal.

[Diapolo]

If using Bitcoin-Qt make sure to unset the UPnP option. For using bitcoind, I'm looking into a little patch currently.

[gmaxwell]

@63 Thanks for the report! A lot of the developers build with UPNP much of the time (or, well, at least I do), unfortunate that this slipped through.

@Diapolo we should not UPNP if listen=0, and separately, we should not UPNP if onlynet=tor.

[sipa]

As far as I can see, -listen=0 should already disable UPnP by default. Only if you enable it explicitly through -upnp (or upnp=1), or the GUI should it be enabled. If that's not the case, it's a bug.

[ghost]

@sipa Reproduced in the latest master.

bitcoin.conf:

active UPNP mappings on the router:

[laanwj]

My reasoning would be that the bind=XXX re-enables listen, and hence upnp is not disabled.

Edit: does it work if you explicitly add upnp=0 to the config?

[sipa]

If you explicitly set listen to false, bind shouldn't re-enable it.

[ghost]

Yes, @laanwj, running with the line

upnp=0 

or compiling without UPNP does work, but logically if we're not listening it shouldn't be enabled to begin with, right?

[laanwj]

Guess this needs to be fixed before 0.9 as well.

[Diapolo]

Would this suffice (change in net.cpp)?

    // only map ports when not using Tor
    if (!IsLimited(NET_TOR))
        // Map ports with UPnP
        MapPort(GetBoolArg("-upnp", fDefaultUpnp));

We already have in init.cpp the check for listen:

    if (!GetBoolArg("-listen", true)) {
        // do not map ports or try to retrieve public IP when not listening (pointless)
        SoftSetBoolArg("-upnp", false);
        SoftSetBoolArg("-discover", false);
    }

[laanwj]

Your change would make it impossible to map ports when using Tor.

The goal is to make the default (if not overridden using -upnp) to not map ports when using Tor, not to make it completely impossible.

[Diapolo]

I'm out... too many cases to consider for my ill brain ^^.

[gmaxwell]

This appears to have been already solved:

if (!GetBoolArg("-listen", true)) {
    // do not map ports or try to retrieve public IP when not listening (pointless)
    if (SoftSetBoolArg("-upnp", false))
...

[laanwj]

@gmaxwell well, the problem seems to be that he has a bind:XXX statement (for a hidden service), which re-enables listen so it never goes into that.

[laanwj]

Foremost, if your goal is to hide completely behind a proxy you should use -proxy, not -tor. -tor is only meant for hyrid Tor/clearnet nodes.

Given that, see #6153 for fix.