Complete the BIP155 implementation and upgrade to TORv3 #19954
Conversation
|
This builds on top of #19031, adding one more commit to complete the TORv3 puzzle. The dependency to #19031 is because if we create a TORv3 hidden service before #19031 is merged we will not be able to advertise it by gossiping. So, this PR is draft until all of #19031 is merged. Available for early review and testing. |
|
Can we also add the option to delete Or is it something out of scope for this PR and will need a new issue or PR to discuss? |
|
@prayank23 It can take a (very) long time for a node's rumoured address to be picked up, especially Tor ones. Getting a new one every time you restart your node is probably a good way to never get any incoming connections at all. It may be useful as an optional feature, but seems out of scope here. |
|
@prayank23
tyi; #19635 we probably will need that in some form for v3 anyway. |
|
@prayank23
Yes, but out of scope here. There's an issue for this already: #17491. |
|
utACK 9c9ff0a. Light code review, code looks great, apart from several uses of |
|
Concept ACK, I share Wladimir's preference for "creating a new file for v3 instead of moving the old one". Plus it'll make this change even smaller.
Given that v2 is deprecated I don't think v3 needs to be opt-in, at least not for new users. Existing users might rely on a static v2 address, e.g. because they have another node connected to it, or they paired it with some remote control software. Afaik this only applies to bitcoind users, not QT (unless @luke-jr implemented pairing in Knots?). So this change needs some emphasis in the release notes. We could add an (instantly deprecated) option |
vasild
force-pushed
the
torv3
branch
2 times, most recently
from
994c976
to
1550aa8
Compare
|
Rebased on latest #19031 and addressed suggestions. Indeed creating a new file for the new TORv3 private key seems like a better idea. It also opens up a possibility for the users to continue using the old TORv2 service if needed by copying the contents of the old file to the new file. I think Bitcoin Core automatically creating just one Tor service is enough (that will be v3). If more complicated setup is needed, then the users can create static services in the Tor daemon - e.g. it is possible to create 5 TORv2 services and 7 TORv3 services all pointing to the same Bitcoin Core. |
|
Practical testing of this PR with various Tor configuration options by and between @vasild and I today. Will review this weekend. |
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
The only worry here would be that old nodes will run out of Tor nodes to connect to. But I don't know. I'm okay with this, it seems there's enough hurry to transition here that backwards compatibility concerns like that are mostly moot. Edit: a related concern is that we should start hardcoding TorV3 peers. No need to do so in this PR though. Made a note about this in #17020. |
There was a problem hiding this comment.
Tested ACK 1550aa8 (what an appropriate commit hash for BIP155). Reviewed the changes, and over the past 10 days have done multiple debug builds, test runs, and have been running and re-running bitcoind on and off with this branch as a Tor v3 service connected to several peers that are also test-deploying this PR live on mainnet.
Thanks for adding the unit tests. A few non-blocking comments follow.
Maybe it would be good for the release notes to describe the situation with the planned full removal of v2 by the Tor Project and warn users running older nodes with an onion service that they will have to upgrade within less than a year after the release to v0.21+. It might not need to be in this PR though. |
| 0x83766279U /* Tue Nov 22 11:22:33 UTC 2039 */ | ||
| ), | ||
| CAddress( | ||
| CService(CNetAddr(in6addr_loopback), 0xf1f2 /* port */), |
There was a problem hiding this comment.
+ make -C src --jobs=1 check-security V=1
make: Entering directory '/bitcoin/distsrc-x86_64-linux-gnu/src'
Checking binary security...
READELF=/gnu/store/pzq9s5ldl90h72p26jkdakyccdg9ib3k-profile/bin/x86_64-linux-gnu-readelf OBJDUMP=x86_64-linux-gnu-objdump OTOOL= /gnu/store/pzq9s5ldl90h72p26jkdakyccdg9ib3k-profile/bin/python3.7 ../contrib/devtools/security-check.py bitcoind bitcoin-cli bitcoin-tx bitcoin-wallet test/test_bitcoin bench/bench_bitcoin qt/bitcoin-qt
make: Leaving directory '/bitcoin/distsrc-x86_64-linux-gnu/src'
+ case "$HOST" in
+ make -C src --jobs=1 check-symbols V=1
make: Entering directory '/bitcoin/distsrc-x86_64-linux-gnu/src'
Checking glibc back compat...
READELF=/gnu/store/pzq9s5ldl90h72p26jkdakyccdg9ib3k-profile/bin/x86_64-linux-gnu-readelf CPPFILT=/gnu/store/pzq9s5ldl90h72p26jkdakyccdg9ib3k-profile/bin/x86_64-linux-gnu-c++filt /gnu/store/pzq9s5ldl90h72p26jkdakyccdg9ib3k-profile/bin/python3.7 ../contrib/devtools/symbol-check.py bitcoind bitcoin-cli bitcoin-tx bitcoin-wallet test/test_bitcoin bench/bench_bitcoin qt/bitcoin-qt
test/test_bitcoin: export of symbol in6addr_loopback not allowed
test/test_bitcoin: failed EXPORTED_SYMBOLS
make: *** [Makefile:20952: check-symbols] Error 1
make: Leaving directory '/bitcoin/distsrc-x86_64-linux-gnu/src'
There was a problem hiding this comment.
This breaks the guix/gitian build. cc @fanquake
There was a problem hiding this comment.
The patch below may fix it, but I can't confirm because on my machine contrib/devtools/symbol-check.py is happy with src/test/test_bitcoin which contains:
nm src/test/test_bitcoin |grep in6addr_loopback
U in6addr_loopbackpossible workaround symbol-check.py in6addr_loopback
diff --git i/src/test/netbase_tests.cpp w/src/test/netbase_tests.cpp
index eb0d95a37..f473c092a 100644
--- i/src/test/netbase_tests.cpp
+++ w/src/test/netbase_tests.cpp
@@ -447,25 +447,27 @@ BOOST_AUTO_TEST_CASE(netbase_dont_resolve_strings_with_embedded_nul_characters)
BOOST_CHECK(!LookupSubNet(std::string("5wyqrzbvrdsumnok.onion\0example.com\0", 35), ret));
}
// Since CNetAddr (un)ser is tested separately in net_tests.cpp here we only
// try a few edge cases for port, service flags and time.
+static const struct in6_addr in6addr_loopback_ = IN6ADDR_LOOPBACK_INIT;
+
static const std::vector<CAddress> fixture_addresses({
CAddress(
- CService(CNetAddr(in6addr_loopback), 0 /* port */),
+ CService(CNetAddr(in6addr_loopback_), 0 /* port */),
NODE_NONE,
0x4966bc61U /* Fri Jan 9 02:54:25 UTC 2009 */
),
CAddress(
- CService(CNetAddr(in6addr_loopback), 0x00f1 /* port */),
+ CService(CNetAddr(in6addr_loopback_), 0x00f1 /* port */),
NODE_NETWORK,
0x83766279U /* Tue Nov 22 11:22:33 UTC 2039 */
),
CAddress(
- CService(CNetAddr(in6addr_loopback), 0xf1f2 /* port */),
+ CService(CNetAddr(in6addr_loopback_), 0xf1f2 /* port */),
static_cast<ServiceFlags>(NODE_WITNESS | NODE_COMPACT_FILTERS | NODE_NETWORK_LIMITED),
0xffffffffU /* Sun Feb 7 06:28:15 UTC 2106 */
)
});
// fixture_addresses should equal to this when serialized in V1 format.
|
Congratulations to everybody involved 🎉 Notice - I did not write the BIP, did not write the code initially, did not do the reviews nor did I test it much or nag people to prioritize it. Yet, this got a clean specification, solid code, thorough reviews and testing and was merged in time for 0.21. A true team effort! Just Epic! |
| accommodate the storage of Tor v3 and other BIP155 addresses. This means that if | ||
| the file is modified by 0.21.0 or newer then older versions will not be able to | ||
| read it. Those old versions, in the event of a downgrade, will log an error | ||
| message that deserialization has failed and will continue normal operation | ||
| as if the file was missing, creating a new empty one. (#19954) |
There was a problem hiding this comment.
"if the file is modified by 0.21.0 or newer then older versions will not be able to read it. Those old versions, in the event of a downgrade, will log an error message that deserialization has failed and will continue normal operation"
I don't see where this is enforced in 0.20 or earlier versions. If I'm understanding the v0.20 code correctly, then it'll try to unserialize the file, read garbage for the CAddress objects because the format has changed, but then not necessarily fail.
There was a problem hiding this comment.
You are right!
A dirty hack like the following would trick <=0.20.1 to always fail deserialization of files in format >=Format::V3_BIP155 with Incorrect keysize in addrman deserialization
diff --git i/src/addrman.h w/src/addrman.h
index b4089dc89..9f6614cd1 100644
--- i/src/addrman.h
+++ w/src/addrman.h
@@ -326,19 +326,19 @@ public:
void Serialize(Stream& s_) const
{
LOCK(cs);
// Always serialize in the latest version (currently Format::V3_BIP155).
OverrideStream<Stream> s(&s_, s_.GetType(), s_.GetVersion() | ADDRV2_FORMAT);
s << static_cast<uint8_t>(Format::V3_BIP155);
- s << ((unsigned char)32);
+ s << ((unsigned char)33);
s << nKey;
s << nNew;
s << nTried;
int nUBuckets = ADDRMAN_NEW_BUCKET_COUNT ^ (1 << 30);
s << nUBuckets;
std::map<int, int> mapUnkIds;
int nIds = 0;
for (const auto& entry : mapInfo) {
@@ -406,18 +406,21 @@ public:
// Add ADDRV2_FORMAT to the version so that the CNetAddr and CAddress
// unserialize methods know that an address in addrv2 format is coming.
stream_version |= ADDRV2_FORMAT;
}
OverrideStream<Stream> s(&s_, s_.GetType(), stream_version);
unsigned char nKeySize;
s >> nKeySize;
+ if (format >= Format::V3_BIP155) {
+ --nKeySize;
+ }
if (nKeySize != 32) throw std::ios_base::failure("Incorrect keysize in addrman deserialization");
s >> nKey;
s >> nNew;
s >> nTried;
int nUBuckets = 0;
s >> nUBuckets;
if (format >= Format::V1_DETERMINISTIC) {
nUBuckets ^= (1 << 30);
}There was a problem hiding this comment.
Yes, that would work. It's essentially repurposing the keysize field in the peers.dat file as a "non forward-compatible version number" (i.e. if a newer version of the software writes a higher number here, then an older version of the software wouldn't be able to read that file).
I believe that's what you wanted to achieve with the code here: https://github.com/bitcoin/bitcoin/pull/19954/files#diff-164bd9e2e30f54d0a79eb7cc372309e2f2155edc6c3f051290ab078f03f6a771R396, but of course that only applies for v0.21 onwards, for file versions higher than Format::V3_BIP155. That code means that we now have no way to make a downgrade-safe change to the peers.dat file version. Any bump to the format number means that older software versions can't read the file. Note that we have made downgrade-safe version changes before (I think both v0-v1 and v1-v2 were both downgrade-safe), and it would be nice to keep this as a possibility.
Repurposing the keysize field and reverting the change to the format field seems ok and would almost be turning them into major (non-forward-compatible) and minor (forward-compatible) version numbers. It should go without saying that we always want to have backward-compatibility, so peers.dat files written by old versions are readable by new versions.
Obviously we should get any changes made before the 0.21 release.
There was a problem hiding this comment.
See if this will make sense to you: #20284
Summary: ``` This is needed when we want to encode an arbitrary number as CompactSize like node service flags, which is a bitmask and could be bigger than the usual size of an object. ``` Partial backport (1/4) of core [[bitcoin/bitcoin#19954 | PR19954]]: bitcoin/bitcoin@1d3ec2a Test Plan: ninja all check Reviewers: #bitcoin_abc, PiRK Reviewed By: #bitcoin_abc, PiRK Differential Revision: https://reviews.bitcoinabc.org/D9198
Summary: ``` Change the serialization of `CAddrMan` to serialize its addresses in ADDRv2/BIP155 format by default. Introduce a new `CAddrMan` format version (3). Add support for ADDRv2 format in `CAddress` (un)serialization. ``` Partial backport (2/4) of core [[bitcoin/bitcoin#19954 | PR19954]]: bitcoin/bitcoin@201a459 Includes a fix for the symbol check that would cause the gitian build to fail: Backport of core [[bitcoin/bitcoin#20129 | PR20129]]. and a fix for a mismatch initialization order in the `CAddress` class (reversal of `nTime` and `nServices` to match core). Depends on D9190 and D9198. Test Plan: ninja all check-all Run the Linux Gitian build. Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D9199
Summary: ``` Introduce a new message `sendaddrv2` to signal support for ADDRv2. Send the new message immediately after sending the `VERACK` message. Add support for receiving and parsing ADDRv2 messages. Send ADDRv2 messages (instead of ADDR) to a peer if he has advertised support for it. ``` Partial backport (3/4) of core [[bitcoin/bitcoin#19954 | PR19954]]: bitcoin/bitcoin@353a3fd Depends on D9199. Some functional tests required a debug log message update since we where using a slightly different form from core. The new code is in sync with core's message to make later backports easier. Test Plan: ninja all check-all Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Subscribers: majcosta Differential Revision: https://reviews.bitcoinabc.org/D9200
Summary: ``` TORv2 is deprecated [1], thus whenever we create the hidden service ourselves create a TORv3 one instead. [1] https://blog.torproject.org/v2-deprecation-timeline ``` Completes backport (4/4) of core [[bitcoin/bitcoin#19954 | PR19954]]: bitcoin/bitcoin@dcf0cb4 Depends on D9200. Test Plan: ninja all check-all ./src/bitcoind -listenonion Check it connects and the `onion_v3_private_key` is created in the data dir. Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D9201
ecde04a [Consensus] Bump Active Protocol version to 70923 for v5.3 (random-zebra) b63e4f5 Consensus: Add v5.3 enforcement height for testnet. (furszy) f44be94 Only relay IPv4, IPv6, Tor addresses (Pieter Wuille) 015298c fix: tor: Call event_base_loopbreak from the event's callback (furszy) 34ff7a8 Consensus: Add mnb ADDRv2 guard. (furszy) b4515dc GUI: Present v3 onion addresses properly in MNs list. (furszy) 337d43d tests: don't export in6addr_loopback (Vasil Dimov) 2cde8e0 GUI: Do not show the tor v3 onion address in the topbar. (furszy) 0b5f406 Doc: update tor.md with latest upstream information. (furszy) 89df7f2 addrman: ensure old versions don't parse peers.dat (Vasil Dimov) bb90c5c test: add getnetworkinfo network name regression tests (Jon Atack) d8e01b5 rpc: update GetNetworksInfo() to not return unsupported networks (Jon Atack) 57fc7b0 net: update GetNetworkName() with all enum Network cases (Jon Atack) 647d60b tests: Modify rpc_bind to conform to bitcoin#14532 behaviour. (Carl Dong) d4d6729 Allow running rpc_bind.py --nonloopback test without IPv6 (Kristaps Kaupe) 4a034d8 test: Add rpc_bind test to default-run tests (Wladimir J. van der Laan) 61a08af [tests] bind functional test nodes to 127.0.0.1 Prevents OSX firewall (Sjors Provoost) 6a4f1e0 test: Add basic addr relay test (furszy) 78aa61c net: Make addr relay mockable (furszy) ba954ca Send and require SENDADDRV2 before VERACK (Pieter Wuille) 61c2ed4 Bump net protocol version + don't send 'sendaddrv2' to pre-70923 software (furszy) ccd508a tor: make a TORv3 hidden service instead of TORv2 (Vasil Dimov) 6da9a14 net: advertise support for ADDRv2 via new message (furszy) e58d5d0 Migrate to test_large_inv() to Misbehaving logging. (furszy) d496b64 [QA] fix mininode CAddress ser/deser (Jonas Schnelli) cec9567 net: CAddress & CAddrMan: (un)serialize as ADDRv2 Change the serialization of `CAddrMan` to serialize its addresses in ADDRv2/BIP155 format by default. Introduce a new `CAddrMan` format version (3). (furszy) b8c1dda streams update: get rid of nType and nVersion. (furszy) 3eaa273 Support bypassing range check in ReadCompactSize (Pieter Wuille) a237ba4 net: recognize TORv3/I2P/CJDNS networks (Vasil Dimov) 8e50853 util: make EncodeBase32 consume Spans (Sebastian Falbesoner) 1f67e30 net: CNetAddr: add support to (un)serialize as ADDRv2 (Vasil Dimov) 2455420 test: move HasReason so it can be reused (furszy) d41adb4 util: move HasPrefix() so it can be reused (Vasil Dimov) f6f86af Unroll Keccak-f implementation (Pieter Wuille) 45222e6 Implement keccak-f[1600] and SHA3-256 (Pieter Wuille) 08ad06d net: change CNetAddr::ip to have flexible size (furszy) 3337219 net: improve encapsulation of CNetAddr. (furszy) 910d5c4 test: Do not instantiate CAddrDB for static call (Hennadii Stepanov) 6b607ef Drop IsLimited in favor of IsReachable (Ben Woosley) a40711b IsReachable is the inverse of IsLimited (DRY). Includes unit tests (marcaiaf) 8839828 net: don't accept non-left-contiguous netmasks (Vasil Dimov) 5d7f864 rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr) 2a6abd8 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr) 4fdfa45 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr) 31064a8 net: Minor accumulated cleanups (furszy) 9f9c871 tests: Avoid using C-style NUL-terminated strings as arguments (practicalswift) f6c52a3 tests: Add tests to make sure lookup methods fail on std::string parameters with embedded NUL characters (practicalswift) a751b9b net: Avoid using C-style NUL-terminated strings as arguments in the netbase interface (furszy) f30869d test: add IsRFC2544 tests (Mark Tyneway) ed5abe1 Net: Proper CService deserialization + GetIn6Addr return false if addr isn't an IPv6 addr (furszy) 86d73fb net: save the network type explicitly in CNetAddr (Vasil Dimov) ad57dfc net: document `enum Network` (Vasil Dimov) cb160de netaddress: Update CNetAddr for ORCHIDv2 (Carl Dong) c3c04e4 net: Better misbehaving logging (furszy) 3660487 net: Use C++11 member initialization in protocol (Marco) 082baa3 refactor: Drop unused CBufferedFile::Seek() (Hennadii Stepanov) e2d776a util: CBufferedFile fixes (Larry Ruane) 6921f42 streams: backport OverrideStream class (furszy) Pull request description: Conjunction of a large number of back ports, updates and refactorings that made with the final goal of implementing v3 Onion addresses support (BIP155 https://github.com/bitcoin/bips/blob/master/bip-0155.mediawiki) before the tor v2 addresses EOL, scheduled, by the Tor project, for (1) July 15th: v2 addr support removal from the code base, and (2) October 15th: v2 addr network disable, where **every peer in our network running under Tor will loose the connection and drop the network**. As BIP155 describes, this is introducing a new P2P message to gossip longer node addresses over the P2P network. This is required to support new-generation Onion addresses, I2P, and potentially other networks that have longer endpoint addresses than fit in the 128 bits of the current addr message. In order to achieve the end goal, had to: 1. Create Span class and push it up to latest Bitcoin implementation. 2. Update the whole serialization framework and every object using it up to latest Bitcoin implementation (3-4 years ahead of what we currently are in master). 3. Update the address manager implementing ASN-based bucketing of the network nodes. 4. Update and refactor the netAddress and address manager tests to latest Bitcoin implementation (4 years ahead of what we currently are in master). 5. Several util string, vector, encodings, parsing, hashing backports and more.. Important note: This PR it is not meant to be merged as a standalone PR, will decouple smaller ones moving on. Adding on each sub-PR its own description isolated from this big monster. Second note: This is still a **work-in-progress**, not ready for testing yet. I'm probably missing to mention few PRs that have already adapted to our sources. Just making it public so can decouple the changes, we can start merging them and i can continue working a bit more confortable (rebase a +170 commits separate branch is not fun..). ### List of back ported and adapted PRs: Span and Serialization: ---------------- * bitcoin#12886. * bitcoin#12916. * bitcoin#13558. * bitcoin#13697. (Only Span's commit 29943a9) * bitcoin#17850. * bitcoin#17896. * bitcoin#12752. * bitcoin#16577. * bitcoin#16670. (without faebf62) * bitcoin#17957. * bitcoin#18021. * bitcoin#18087. * bitcoin#18112 (only from 353f376 that we don't support). * bitcoin#18167. * bitcoin#18317. * bitcoin#18591 (only Span's commit 0fbde48) * bitcoin#18468. * bitcoin#19020. * bitcoin#19032. * bitcoin#19367. * bitcoin#19387. Net, NetAddress and AddrMan: ---------------- * bitcoin#7932. * bitcoin#10756. * bitcoin#10765. * bitcoin#12218. * bitcoin#12855. * bitcoin#13532. * bitcoin#13575. * bitcoin#13815. * bitcoin#14532. * bitcoin#15051. * bitcoin#15138. * bitcoin#15689. * bitcoin#16702. * bitcoin#17243. * bitcoin#17345. * bitcoin#17754. * bitcoin#17758. * bitcoin#17812. * bitcoin#18023. * bitcoin#18454. * bitcoin#18512. * bitcoin#19314. * bitcoin#19687 Keys and Addresses encoding: ---------------- * bitcoin#11372. * bitcoin#17511. * bitcoin#17721. Util: ---------------- * bitcoin#9140. * bitcoin#16577. * bitcoin#16889. * bitcoin#19593. Bench: ---------------- * bitcoin#16299. BIP155: ---------------- * bitcoin#19351. * bitcoin#19360. * bitcoin#19534. * bitcoin#19628. * bitcoin#19841. * bitcoin#19845. * bitcoin#19954. * bitcoin#19991 (pending). * bitcoin#19845. * bitcoin#20000 (pending). * bitcoin#20120. * bitcoin#20284. * bitcoin#20564. * bitcoin#21157 (pending). * bitcoin#21564 (pending). * Fully removed v2 onion addr support. * Add hardcoded seeds. * Add release-notes, changes to files.md and every needed documentation. I'm currently working on the PRs marked as "pending", this isn't over, but I'm pretty pretty close :). What a long road.. ACKs for top commit: random-zebra: utACK ecde04a Fuzzbawls: ACK ecde04a Tree-SHA512: 82c95fbda76fce63f96d8a9af7fa9a89cb1e1b302b7891e27118a6103af0be23606bf202c7332fa61908205e6b6351764e2ec23d753f1e2484028f57c2e8b51a
This PR contains the two remaining commits from #19031 to complete the BIP155 implementation:
net: CAddress & CAddrMan: (un)serialize as ADDRv2net: advertise support for ADDRv2 via new messageplus one more commit:
tor: make a TORv3 hidden service instead of TORv2